Added Features
- Use case-insensitive matching for Go license files [#2286 @miquella]
- Add conaninfo.txt parser to detect conan packages in docker images [#2234 @Pro]
- Perform case insensitive matching on Java License files [#2235 @coheigea]
- Read a license from a parent pom stored in Maven Central [#2228 @coheigea]
- Add PURLs when scanning Gradle lock files [#2278 @robbiev]
Bug Fixes
- Fix CPE index workflow [#2252 @wagoodman]
- Fix cpe generation task [#2270 @willmurphyscode]
- Introduce cataloger naming conventions [#1578 #2277 @wagoodman]
- .NET / nuget - invalid SBOM generated after parsing [#2255 #2273 @spiffcs]
- Wrong parsing after v0.85.0 syft for some components [#2241 #2273 @spiffcs]
- SPDX-2.3 is misidentified as SPDX-2.2 [#2112 #2186 @wagoodman]
- Jar parser chokes on empty lines [#2179 #2254 @spiffcs]
- Add a new Java configuration option to recursively search parent poms… [#2274 @coheigea]
- Fix directory resolver to always return virtual path [#2259 @wagoodman]
- Syft can now handle the case of parsing a jar with multiple poms [#2231 @coheigea]
- Add ruby.NewGemSpecCataloger to DirectoryCatalogers [#1971 @evanchaoli]
Breaking Changes
- Introduce cataloger naming conventions [#1578 #2277 @wagoodman]
- Remove MetadataType from the core package struct [#1735 #1983 @wagoodman]
- Add convention for JSON metadata type names and port existing values to the new convention [#1844 #1983 @wagoodman]
- Remove deprecated syft.Format functions [#1344 #2186 @wagoodman]
Additional Changes
- Upgrade tool management [#2188 @wagoodman]
- Fix homebrew post-release workflow [#2242 @wagoodman]