Major Features:
- Feature #168 Support for scanning debian package status file, usually located in
/var/lib/dpkg/status. Thanks @cmaritan - Feature #94 Specify what parser should be used in
--lockfile. - Feature #158 Specify output format to use with the
--formatflag. - Feature #165 Respect
.gitignorefiles by default when scanning. - Feature #156 Support markdown table output format. Thanks @deftdawg
- Feature #59 Support
conan.locklockfiles and ecosystem Thanks @SSE4 - Updated documentation! Check it out here: https://google.github.io/osv-scanner/
Minor Updates:
- Feature #178 Support SPDX 2.3.
- Feature #221 Support dependencyManagement section in Maven poms.
- Feature #167 Make osvscanner API library public.
- Feature #141 Retry OSV API calls to mitigate transient network issues. Thanks @davift
- Feature #220 Vulnerability output is ordered deterministically.
- Feature #179 Log number of packages scanned from SBOM.
- General dependency updates
Fixes
- Bug #161 Exit with non zero exit code when there is a general error.
- Bug #185 Properly omit Source from JSON output.
New Contributors
- @inferno-chromium made their first contribution in #139
- @davift made their first contribution in #141
- @SSE4 made their first contribution in #59
- @deftdawg made their first contribution in #156
- @hayleycd made their first contribution in #171
- @michaelkedar made their first contribution in #191
- @dependabot made their first contribution in #222
Full Changes: v1.1.0...v1.2.0