github CycloneDX/cdxgen v9.5.0
Release v9.5.0 - Where's the evidence?
on GitHub

latest releases: v10.10.1, v10.10.0, v10.9.11...
13 months ago

SBoM with evidence

This release introduces evinse, a new command to generate component evidence for Java projects. Three kinds of evidence are supported.

Occurrences

Shows all the places in the application source code where a given package is used.

Selection_015

Shows a dataflow call stack where a component gets invoked

Selection_019

Services and HTTP entry points created by the application.

Selection_020

What's Changed

  • Fixes #464: Updated the regex to support 'relocation' of a complete component by @malice00 in #467
  • Evinse tool preview - part 1 by @prabhu in #465
  • Adds cdx-verify a simple command to verify signature by @prabhu in #468
  • Evinse support for java with gradle project - part 2 by @prabhu in #472
  • Handle Gradle sub-projects correctly by @malice00 in #470
  • Try multiple encoding to parse nuspec data. Fixes #469 by @prabhu in #475

Full Changelog: v9.4.0...v9.5.0

Check out latest releases or
releases around CycloneDX/cdxgen v9.5.0

Don't miss a new cdxgen release

NewReleases is sending notifications on new releases.

Get notifications