Changelog
Features:
- Feature #1730 Add support for extracting dependencies from .NET
packages.configandpackages.lock.jsonfiles. - Feature #1770 Add support for extracting dependencies from rust binaries compiled with cargo-auditable.
- Feature #1761 Improve output when scanning for OS packages, we now show binary packages associated with a source package in the table output.
Fixes:
- Bug #1752 Fix paging depth issue when querying the osv.dev API.
- Bug #1747 Ensure osv-reporter prints warnings instead of errors for certain messages to return correct exit code (related to osv-scanner-action#65).
- Bug #1717 Fix issue where nested CycloneDX components were not being parsed.
- Bug #1744 Fix issue where empty CycloneDX SBOMs was causing a panic.
- Bug #1726 De-duplicate references in CycloneDX report output for improved validity.
- Bug #1727 Remove automatic opening of HTML reports in the browser (fixes #1721).
- Bug #1735 Require a tag when scanning container images to prevent potential errors.
API Changes:
- API Change #1763 Made the SourceType enum public.
New Contributors
- @AlexLaroche made their first contribution in #1730
- @kuscar made their first contribution in #1726
Full Changelog: v2.0.0...v2.0.1