Changelog
v0.15.1 (2021-04-22)
Implemented enhancements:
- Account for known mappings of package name to CPE products #393
- Implement binary package identification #372
- Report package DB verification metadata #371
- Implement selective "retrieve files" cataloger #369
- Add hyphen replacement in CPE generator #361
- Cataloger for Rust crates from Cargo.lock #338
- Add file metadata cataloger #335
- Introduce an additional command line switch so that syft command understands I am passing a directory #277
- Add for known bad CPE field combinations for jenkins package #405 (wagoodman)
- Add additional cases for categorizing jenkins package type by group id #404 (wagoodman)
- Enhance CPE generation for java GroupId and filtering #402 (wagoodman)
- Add hyphen replacement logic for CPE generation #397 (wagoodman)
- Add ability to pull images directly from a registry #378 (wagoodman)
- Add secrets cataloger #362
Fixed bugs:
- Using pom groupId leading to bad CPEs for plugins, leading to false positives #395
- Registry credentials should require username and password #385
- Malformed Python package metadata can cause parse failure #365
- Java cataloger missing packages when parsing partially fails #349
- Syft BOM ordering is not always consistent #331
- Update parent pom persistence with regard to shaded jars #403 (wagoodman)
- Refactor pom properties handling relative to parent package #392 (wagoodman)
- Safely join paths derived from archive headers #386 (wagoodman)
- Add manifest + repo digests on registry source #382 (wagoodman)
- Ensure credentials are not HTML encoded #368 (wagoodman)
- Ensure pkg.Catalog path index deduplicates real vs virtual paths #356 (wagoodman)
* This Changelog was automatically generated by github_changelog_generator
Docker images
docker pull anchore/syft:latest
docker pull anchore/syft:v0.15.1
docker pull anchore/syft:v0
docker pull anchore/syft:v0.15