Changelog

(v0.74.0) (2023-03-02)

Full Changelog

Added Features

• rust toolchain binary cataloger [PR #1601] [westonsteimel]
• Add support for SUPPORT_END in distro [PR #1612] [noqcks]
• Catalog haproxy binary [Issue #1512] [PR #1591] [noqcks]
• Handle cataloger panics [Issue #1624] [PR #1636] [kzantow]
• set cosign attest predicate type based on Syft output type [PR #1598] [Nirusu]
• retain go package info when no module declared [PR #1632] [westonsteimel]

Bug Fixes

• improve CPE generation for curl APK [PR #1608] [westonsteimel]
• determine upstream for apk version streams [PR #1610] [westonsteimel]
• decoding null apk metadata pullDependencies [PR #1614] [kzantow]
• correct apk purls for other distros [PR #1620] [westonsteimel]
• further improvements to CPE generation for apk packages [PR #1623] [westonsteimel]
• improved CPE-generation for several more APK packages [PR #1631] [westonsteimel]
• apk product/vendor generation for old metadata [PR #1635] [westonsteimel]
• Encountering "cycle during symlink resolution" with syft version 0.71.0 onwards [Issue #1586] [PR #1604] [wagoodman]
• syft erlang cataloger can segfault when analyzing an erlang project containing rebar.lock with nested deps [Issue #1621] [PR #1628] [kzantow]
• Go tests detecting race cataloging packages [Issue #1633] [PR #1639] [kzantow]