CycloneDX/cdxgen v9.2.0

on GitHub

What's Changed

Features

• Closes #367
• Automatic 1.4 mode for dependency track users
• Performs automatic deep SBoM validation for 1.4 and 1.5 specs by default. Validates the various purls and refs.
  

Bug Fixes

• Fixes #388
• Fixes #389

BREAKING CHANGES

• @types packages are no longer excluded for npm. This legacy feature had existed to reduce false positives with SCA tools.

Known issues

• #394

Special thanks

@ajmalab @heubeck @cerrussell @anthonyharrison and more

Full Changelog: v9.1.1...v9.2.0