github anchore/syft v0.61.0
on GitHub

latest releases: v1.12.2, v1.12.1, v1.12.0...
22 months ago

Changelog

v0.61.0 (2022-11-18)

Full Changelog

Added Features

  • Add support for map fields in CycloneDX (XML and JSON) [Issue #1032]
  • Dependency's MIT license not picked up when scanning package-lock.json [Issue #1113]
  • Support SPDX 2.3 [Issue #1292]

Bug Fixes

  • Normalize alpm md5 refs [PR #1333] [wagoodman]
  • APK Metadata decoding should be backwards compatible [PR #1341] [wagoodman]
  • Add spdx relationship encoding for dependencies [PR #1342] [wagoodman]
  • v0.3.0 SPDX SBOM Does Not Have Unique SPDXID Package IDs [Issue #923]
  • Missing licenses and "skipping encoding of unsupported property: syft:metadata:goBuildSetting" [Issue #1007]
  • System independent build not possible [Issue #1084]
  • Dependency's MIT license not picked up when scanning package-lock.json [Issue #1113]
  • No packages discovered in SIF when image source not specified [Issue #1189]
  • syft packages panics on OCI archive creation [Issue #1318]
  • Missing metadata in syft-json artifacts crashes grype [Issue #1334]
  • CPE for amazoncorretto:19.0.1-al2 is incorrect [Issue #1337]
Check out latest releases or
releases around anchore/syft v0.61.0

Don't miss a new syft release

NewReleases is sending notifications on new releases.

Get notifications