Added Features
Bug Fixes
- Remove CPE product candidates for phf, prometheus, hyper and Rust crates [#3967 @jayvdb]
- Remove CPE product candidates for opentelemetry and redis Rust crates [#3962 @jayvdb]
- Harden Container Runtime with Non-Root User [#3941 @MikeTheCyberGuy]
- terraform provider lock entries should not require constraints [#3934 @ghouscht]
- sbom cataloger returning upstream package [#3662 #3981 @kzantow]
- Syft missing md5 sums and list data for dpkg packages under
status.d/[#3912] - Failure to detect dependency relationships between Python packages [#3958 #3965 @christoph-blessing]
- Heavy memory consumption when directory scanning deb source [#3928 #3953 @kzantow]
- In versions 1.25.0 and later, graalvm-native-image-cataloger adds 3-6 hours to Syft [#3942 #3944 @kzantow]
- Syft incorrectly reports multiple APKs as parents of symlinked files [#3847 #3923 @luhring]