Changelog

v0.15.1 (2021-04-22)

Implemented enhancements:

Account for known mappings of package name to CPE products #393
Implement binary package identification #372
Report package DB verification metadata #371
Implement selective "retrieve files" cataloger #369
Add hyphen replacement in CPE generator #361
Cataloger for Rust crates from Cargo.lock #338
Add file metadata cataloger #335
Introduce an additional command line switch so that syft command understands I am passing a directory #277
Add for known bad CPE field combinations for jenkins package #405 (wagoodman)
Add additional cases for categorizing jenkins package type by group id #404 (wagoodman)
Enhance CPE generation for java GroupId and filtering #402 (wagoodman)
Add hyphen replacement logic for CPE generation #397 (wagoodman)
Add ability to pull images directly from a registry #378 (wagoodman)
Add secrets cataloger #362

Fixed bugs:

Using pom groupId leading to bad CPEs for plugins, leading to false positives #395
Registry credentials should require username and password #385
Malformed Python package metadata can cause parse failure #365
Java cataloger missing packages when parsing partially fails #349
Syft BOM ordering is not always consistent #331
Update parent pom persistence with regard to shaded jars #403 (wagoodman)
Refactor pom properties handling relative to parent package #392 (wagoodman)
Safely join paths derived from archive headers #386 (wagoodman)
Add manifest + repo digests on registry source #382 (wagoodman)
Ensure credentials are not HTML encoded #368 (wagoodman)
Ensure pkg.Catalog path index deduplicates real vs virtual paths #356 (wagoodman)

* This Changelog was automatically generated by github_changelog_generator