Introduction
In this release, we focused on improving support for c/c++, license detection, and OCI images.
Reachable components for c/c++ (Beating even commercial products!)
Automatic services detection for several HTTP frameworks, including embedded frameworks
C/C++ now has an evinse mode. While it works, the lack of a symbols database (component database) to resolve the package name from the symbols limits the precision and recall. Neither our team, AppThreat, nor OWASP has the required level of funding (and resources) to work on a component database for all c/c++ codebases, so this is probably the best we can do :(
If people really want to see great c/c++ support, they need to open up their chequebook and specifically donate to cdxgen.
All Pull Requests
- doc: remove sudo from npm install documentation by @marco-ippolito in #738
- Improved fetch license for nuget by @Nikemare in #739
- Check for existence of oaData.info (and title/version) by @gbennett-squarespace in #747
- feat: enhance oci purl spec compliance by @setchy in #749
- feat: support bitbucket-pipelines.yml as container img.image by @setchy in #751
- C/C++ improvements by @prabhu in #750
New Contributors
- @marco-ippolito made their first contribution in #738
Full Changelog: v9.9.5...v9.9.6