github intel/cve-bin-tool v3.4rc0
CVE Binary Tool 3.4rc0
on GitHub

latest releases: v3.4.1rc0, v3.4, v3.4rc3...
pre-release12 months ago

Pre-release for v3.4

What's Changed

  • chore: update SBOM for Python 3.8 by @github-actions in #4028
  • chore: update SBOM for Python 3.12 by @github-actions in #4027
  • chore: update SBOM for Python 3.9 by @github-actions in #4026
  • chore: update SBOM for Python 3.11 by @github-actions in #4025
  • chore: update SBOM for Python 3.10 by @github-actions in #4024
  • feat: add fix to allow detection of python3.11 on DLL file by @jananir640 in #4023
  • chore(deps): bump codecov/codecov-action from 4.1.0 to 4.3.0 by @dependabot in #4017
  • chore(deps): bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in #4010
  • chore(deps): bump actions/dependency-review-action from 4.1.3 to 4.2.5 by @dependabot in #3999
  • chore(deps): bump actions/setup-python from 5.0.0 to 5.1.0 by @dependabot in #3985
  • chore(deps): bump github/codeql-action from 3.24.10 to 3.25.0 by @dependabot in #4034
  • feat: added PURL generation to PhpParser by @joydeep049 in #4016
  • feat: added PURL generation for r parser by @inosmeet in #4035
  • chore(deps-dev): bump black from 24.3.0 to 24.4.0 by @dependabot in #4030
  • chore(deps): bump peter-evans/create-pull-request from 6.0.2 to 6.0.3 by @dependabot in #4029
  • feat: added PURL generation to DartParser by @mastersans in #4004
  • chore(deps): bump sphinx from 7.2.6 to 7.3.5 in /doc by @dependabot in #4039
  • chore: set dev version number by @terriko in #4036
  • feat(checker): add ttyd checker by @ffontaine in #4031
  • chore: update checkers table by @github-actions in #4043
  • chore(deps): bump sphinx from 7.3.5 to 7.3.6 in /doc by @dependabot in #4050
  • chore(deps): bump peter-evans/create-pull-request from 6.0.3 to 6.0.4 by @dependabot in #4048
  • chore(deps): bump github/codeql-action from 3.25.0 to 3.25.1 by @dependabot in #4047
  • feat: Adding locations in CycloneDX reports by @Mayankrai449 in #3989
  • fix: update openssl checker by @ffontaine in #4051
  • fix: fix symlink handling by @ffontaine in #4054
  • chore(deps): bump sphinx from 7.3.6 to 7.3.7 in /doc by @dependabot in #4056
  • chore: update SBOM for Python 3.8 by @github-actions in #4068
  • chore: update SBOM for Python 3.9 by @github-actions in #4067
  • chore: update SBOM for Python 3.10 by @github-actions in #4066
  • chore: update SBOM for Python 3.12 by @github-actions in #4065
  • chore: update SBOM for Python 3.11 by @github-actions in #4064
  • chore(deps): bump github/codeql-action from 3.25.1 to 3.25.2 by @dependabot in #4071
  • chore(deps): bump myst-parser from 2.0.0 to 3.0.0 in /doc by @dependabot in #4074
  • chore: removed Old cyclonedx and spdx parser from sbom manager by @ranjanmangla1 in #4076
  • fix: update binutils pattern by @ffontaine in #4077
  • chore: use unique tempdir prefixes in fuzzing temp dirs (fixes: #3960) by @ranjanmangla1 in #4022
  • fix: TypeError in RenvLockBuilder by @joydeep049 in #4061
  • fix: improve cryptsetup checker by @ffontaine in #4086
  • fix: parse CPE names correctly #4041 by @fthdrmzzz in #4063
  • fix: improved cpe parsing in sbom code by @ranjanmangla1 in #4082
  • ci: reduce dependabot scan frequency by @terriko in #4080
  • chore(deps): bump myst-parser from 3.0.0 to 3.0.1 by @dependabot in #4098
  • chore(deps): bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 by @dependabot in #4091
  • chore(deps): bump github/codeql-action from 3.25.2 to 3.25.3 by @dependabot in #4090
  • chore(deps): bump conda-incubator/setup-miniconda from 3.0.3 to 3.0.4 by @dependabot in #4089
  • fix: add additional ppp CPE ID by @ffontaine in #4092
  • chore: update SBOM for Python 3.8 by @github-actions in #4097
  • chore: update SBOM for Python 3.10 by @github-actions in #4096
  • chore: update SBOM for Python 3.9 by @github-actions in #4095
  • chore: update SBOM for Python 3.12 by @github-actions in #4094
  • chore: update SBOM for Python 3.11 by @github-actions in #4093
  • chore: update pre-commit config by @github-actions in #4099
  • chore(deps): bump actions/dependency-review-action from 4.2.5 to 4.3.2 by @dependabot in #4109
  • chore(deps): bump codecov/codecov-action from 4.3.0 to 4.3.1 by @dependabot in #4108
  • chore(deps): bump step-security/harden-runner from 2.7.0 to 2.7.1 by @dependabot in #4107
  • chore: update SBOM for Python 3.8 by @github-actions in #4106
  • chore: update SBOM for Python 3.10 by @github-actions in #4105
  • chore: update SBOM for Python 3.12 by @github-actions in #4104
  • chore: update SBOM for Python 3.9 by @github-actions in #4103
  • chore: update SBOM for Python 3.11 by @github-actions in #4102
  • feat: upload slsa to github on testing ci build job by @pdxjohnny in #4113
  • ci: update Testing workflow with harden-runner recommendations by @michaelwknott in #4114
  • chore(deps-dev): bump pre-commit from 3.7.0 to 3.7.1 by @dependabot in #4121
  • chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 by @dependabot in #4124
  • chore: update SBOM for Python 3.8 by @github-actions in #4120
  • chore: update SBOM for Python 3.9 by @github-actions in #4119
  • chore: update SBOM for Python 3.10 by @github-actions in #4118
  • chore: update SBOM for Python 3.12 by @github-actions in #4117
  • chore: update SBOM for Python 3.11 by @github-actions in #4116
  • chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4 by @dependabot in #4123
  • chore(deps): bump actions/attest-build-provenance from 1.0.0 to 1.1.1 by @dependabot in #4122
  • ci: build wheel only on origin, make sbom test more robust by @terriko in #4126
  • chore(deps): bump codecov/codecov-action from 4.3.1 to 4.4.0 by @dependabot in #4134
  • chore(deps): bump github/codeql-action from 3.25.4 to 3.25.5 by @dependabot in #4133
  • chore: update SBOM for Python 3.8 by @github-actions in #4132
  • chore: update SBOM for Python 3.9 by @github-actions in #4131
  • chore: update SBOM for Python 3.10 by @github-actions in #4130
  • chore: update SBOM for Python 3.12 by @github-actions in #4129
  • chore: update SBOM for Python 3.11 by @github-actions in #4128
  • chore(deps): requests>=2.32.0 due to session bug by @terriko in #4136
  • chore(deps): bump codecov/codecov-action from 4.4.0 to 4.4.1 by @dependabot in #4147
  • chore(deps): bump step-security/harden-runner from 2.7.1 to 2.8.0 by @dependabot in #4146
  • chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 by @dependabot in #4145
  • test: added test for generate_sbom function by @inosmeet in #4060
  • chore: update SBOM for Python 3.8 by @github-actions in #4144
  • chore: update SBOM for Python 3.9 by @github-actions in #4143
  • chore: update SBOM for Python 3.10 by @github-actions in #4142
  • chore: update SBOM for Python 3.12 by @github-actions in #4141
  • chore: update SBOM for Python 3.11 by @github-actions in #4140
  • ci: openSSF scorecard fixes, fix build-wheel by @terriko in #4149
  • chore: update SBOM for Python 3.8 by @github-actions in #4155
  • chore: update SBOM for Python 3.9 by @github-actions in #4154
  • chore: update SBOM for Python 3.10 by @github-actions in #4153
  • chore: update SBOM for Python 3.11 by @github-actions in #4152
  • chore: update SBOM for Python 3.12 by @github-actions in #4151
  • chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #4156
  • feat: removed version info from purls in language parsers by @inosmeet in #4159
  • docs: minor docstring fix by @mastersans in #4157
  • Add missing source entry for REDHAT by @r-vdp in #4161
  • ci: add jobs line in build-wheel.yml by @terriko in #4162
  • ci: put write permission in job by @terriko in #4163
  • fix: update dnsmasq checker by @ffontaine in #4165
  • fix: let epss work behind proxy by @terriko in #4166
  • chore: update SBOM for Python 3.8 by @github-actions in #4172
  • chore: update SBOM for Python 3.10 by @github-actions in #4171
  • chore: update SBOM for Python 3.9 by @github-actions in #4170
  • chore: update SBOM for Python 3.11 by @github-actions in #4169
  • chore: update SBOM for Python 3.12 by @github-actions in #4168
  • chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 by @dependabot in #4176
  • chore(deps): bump actions/attest-build-provenance from 1.1.1 to 1.2.0 by @dependabot in #4173
  • chore(deps): bump actions/dependency-review-action from 4.3.2 to 4.3.3 by @dependabot in #4175
  • chore(deps): bump step-security/harden-runner from 2.7.1 to 2.8.1 by @dependabot in #4174
  • fix: disable nvd_api_key, test disabled sources by @terriko in #4167
  • feat: Separated data source integration from previous PR by @inosmeet in #4179
  • feat: added a function to utilize purl integration by @inosmeet in #4164
  • feat: purl in productinfo by @mastersans in #4185
  • feat: cyclonedx vex generation by @mastersans in #4150
  • fix: remove alias mechanism from osv by @ffontaine in #4187
  • chore: update SBOM for Python 3.8 by @github-actions in #4193
  • chore: update SBOM for Python 3.9 by @github-actions in #4192
  • chore: update SBOM for Python 3.10 by @github-actions in #4191
  • chore: update SBOM for Python 3.12 by @github-actions in #4190
  • chore: update SBOM for Python 3.11 by @github-actions in #4189
  • Added 'YAFFS' as valid binary format by @gvozzolo in #4202
  • refactor: changed language parsers and query by @inosmeet in #4188
  • fix: use real filenames in language parsers by @terriko in #4204
  • chore(deps): bump actions/attest-build-provenance from 1.2.0 to 1.3.1 by @dependabot in #4196
  • chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 by @dependabot in #4197
  • chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 by @dependabot in #4198
  • feat: Documentation and plugin system for parsers by @pdxjohnny in #4200
  • feat: vex parser class in addition to purl support to generation by @mastersans in #4177
  • fix: handle disabled_sources in get_vendor_product_pairs by @ffontaine in #4208
  • feat: added deduplication database table by @inosmeet in #4206
  • chore(deps): bump actions/attest-build-provenance from 1.3.1 to 1.3.2 by @dependabot in #4215
  • chore(deps): bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 by @dependabot in #4214
  • chore: update SBOM for Python 3.8 by @github-actions in #4213
  • chore: update SBOM for Python 3.12 by @github-actions in #4212
  • chore: update SBOM for Python 3.10 by @github-actions in #4211
  • chore: update SBOM for Python 3.11 by @github-actions in #4210
  • feat: no entrypoint registration required in tree by @pdxjohnny in #4207
  • chore: update SBOM for Python 3.9 by @github-actions in #4209
  • feat: added purl2cpe into our database by @inosmeet in #4218
  • feat: improved purl for productinfo by @inosmeet in #4222
  • fix: make EPSS behave like other data sources by @terriko in #4125
  • fix: [Snyk] min vers for indirect depdencies with vulns by @terriko in #4224
  • docs: adding a new data source by @terriko in #4217
  • refactor: renamed deduplication database to mismatch by @inosmeet in #4225
  • chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 by @dependabot in #4234
  • chore: update SBOM for Python 3.12 by @github-actions in #4233
  • feat: added script to populate deduplication database by @inosmeet in #4223
  • chore: update SBOM for Python 3.8 by @github-actions in #4232
  • chore: update SBOM for Python 3.9 by @github-actions in #4231
  • chore: update SBOM for Python 3.11 by @github-actions in #4230
  • chore: update SBOM for Python 3.10 by @github-actions in #4229
  • refactor: sbom_manager by @mastersans in #4237
  • docs: documentation regarding vex commands by @mastersans in #4227
  • docs: mismatch_loader by @inosmeet in #4245
  • feat: disabled failing tests by @inosmeet in #4247
  • feat(checker): add libopenmpt checker by @ffontaine in #4249
  • feat: added flags for mismatch_loader by @inosmeet in #4246
  • test: openvex parse and generation test by @mastersans in #4244
  • feat: command line arguements for vex by @mastersans in #4226
  • chore(deps): bump actions/dependency-review-action from 4.3.3 to 4.3.4 by @dependabot in #4252
  • chore(deps): bump actions/attest-build-provenance from 1.3.2 to 1.3.3 by @dependabot in #4253
  • chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 by @dependabot in #4251
  • chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in #4250
  • chore: remove plotly from triage.json by @mastersans in #4267
  • feat: added yaml checks for mismatch_relations file by @inosmeet in #4264
  • chore: update SBOM for Python 3.8 by @terriko in #4263
  • chore: update SBOM for Python 3.9 by @terriko in #4262
  • chore: update SBOM for Python 3.11 by @terriko in #4261
  • chore: update SBOM for Python 3.10 by @terriko in #4260
  • test: mismatch_loader by @inosmeet in #4248
  • chore(deps): bump sphinx from 7.3.7 to 7.4.0 by @dependabot in #4254
  • feat: added ci script that updates mismatch database by @inosmeet in #4236
  • feat: added mismatch information for python's zstandard by @inosmeet in #4239
  • fix: improve handling of triage data by @r-vdp in #4160
  • chore: update SBOM for Python 3.8 by @github-actions in #4273
  • chore: update SBOM for Python 3.9 by @github-actions in #4272
  • chore: update SBOM for Python 3.10 by @github-actions in #4271
  • chore: update SBOM for Python 3.11 by @github-actions in #4270
  • chore: update pre-commit config by @github-actions in #4228
  • refactor: decode_cpe23 by @inosmeet in #4268
  • chore(deps): bump sphinx from 7.4.0 to 7.4.7 by @dependabot in #4274
  • refactor: table init + add bonus purl2cpe init by @terriko in #4241
  • feat: enabled mismatch feature for remaining parsers by @inosmeet in #4269
  • fix: failing vex test by @mastersans in #4287
  • chore: update SBOM for Python 3.12 by @terriko in #4259
  • refactor: moved repetitive code from parsers to a generic function by @inosmeet in #4292
  • chore(deps): bump step-security/harden-runner from 2.8.1 to 2.9.0 by @dependabot in #4277
  • chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 by @dependabot in #4278
  • test: purl2cpe database by @inosmeet in #4280
  • build(deps): Move setuptools to requirements.txt (from dev reqs) by @cpswan in #4291
  • feat: new issue template for mismatch information by @inosmeet in #4283
  • chore(deps-dev): bump pre-commit from 3.7.1 to 3.8.0 by @dependabot in #4286
  • chore(deps): bump github/codeql-action from 3.25.12 to 3.25.15 by @dependabot in #4285
  • chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 by @dependabot in #4284
  • ci: use intel-provided github runners by @terriko in #4293
  • chore: update pre-commit config by @github-actions in #4297
  • docs: documentation regarding vex and triage by @mastersans in #4299
  • chore: update SBOM for Python 3.8 by @github-actions in #4304
  • chore: update SBOM for Python 3.9 by @github-actions in #4305
  • chore: update SBOM for Python 3.11 by @github-actions in #4303
  • chore: update SBOM for Python 3.12 by @github-actions in #4302
  • chore: update SBOM for Python 3.10 by @github-actions in #4301
  • ci: Removed the terms mentioned in Issue #4314 by @muddi900 in #4316
  • fix: TypeError in fuzz_python_requirement_parser in fuzzing reports #… by @hassaanshafqatt in #4312
  • feat: convert mismatch utility into a standalone entity by @inosmeet in #4300
  • feat: add support for yarn (fixes #4266) by @vpavankalyan in #4290
  • feat: improved triage process by @mastersans in #4279
  • test: Reduce tests run in short tests jobs by @terriko in #4319
  • feat: new json format for output by @mastersans in #3980
  • fix: improve schema validation for bandit by @terriko in #4320
  • chore(deps): bump min versions per snyk by @terriko in #4318
  • feat: checker-experiment by @joydeep049 in #3873
  • fix: list of available language parsers (fixes #4334) by @anthonyharrison in #4336
  • test: PURL generation for language parsers by @inosmeet in #4332
  • fix: 0 cve pdf report was not generating by @terriko in #4329
  • chore: update SBOM for Python 3.8 by @github-actions in #4341
  • chore: update SBOM for Python 3.9 by @github-actions in #4340
  • chore: update SBOM for Python 3.12 by @github-actions in #4339
  • chore: update SBOM for Python 3.10 by @github-actions in #4338
  • chore: update SBOM for Python 3.11 by @github-actions in #4337
  • fix: vulnerabilities being missed in SBOMs (fixes #4178) by @anthonyharrison in #4335
  • test: mismatch cli utility by @inosmeet in #4346
  • chore(deps): bump step-security/harden-runner from 2.9.0 to 2.9.1 by @dependabot in #4344
  • chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #4342
  • ci: disable csv cve scan temporarily by @terriko in #4347
  • docs: mismatch cli utility by @inosmeet in #4348
  • fix: triage with directory scanning and documentation for TRIAGE.json by @mastersans in #4349
  • ci: re-enable windows tests that previously failed by @terriko in #4351
  • fix: Help users learn about the mirrors by @terriko in #4352
  • test: skip test_language_package in long tests by @muddi900 in #4327
  • refactor: renamed data directory to mismatch_data by @inosmeet in #4356
  • feat: diagram of triage workflow by @mastersans in #4366
  • ci: mismatch yml checker needs new directory name by @terriko in #4358
  • chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 by @dependabot in #4365
  • chore: update SBOM for Python 3.9 by @github-actions in #4364
  • chore: update SBOM for Python 3.8 by @github-actions in #4363
  • chore: update SBOM for Python 3.12 by @github-actions in #4362
  • chore: update SBOM for Python 3.10 by @github-actions in #4361
  • chore: update SBOM for Python 3.11 by @github-actions in #4360
  • fix: set packaging minimum version by @ffontaine in #4367
  • fix: improve hostapd checker by @ffontaine in #4368
  • fix: halt if pdf selected but unavailable by @terriko in #4354
  • chore: bump version to 3.4rc0 for pre-release by @terriko in #4357

New Contributors

Full Changelog: v3.3...v3.4rc0

Check out latest releases or
releases around intel/cve-bin-tool v3.4rc0

Don't miss a new cve-bin-tool release

NewReleases is sending notifications on new releases.

Get notifications