lmco/hoppr/hoppr v1.8.0

on GitLab

1.8.0 (2023-04-11)

Features

• --no-strict CLI flag (05cf05c)
  
• --no-strict CLI flag (12bc0d3)
  
• add composite collector (47037b8)
  
• add delta_sbom capability (c73e081)
  
• add delta_sbom capability (a7d265c)
  
• add delta_sbom capability (5bb5a59)
  
• add delta_sbom capability (9a39d88)
  
• add nexus search collector (7ccb05e)
  
• allow docker collector to use docker.io when --no-strict option is set (1163405)
  
• creation of in-toto attestations (b58a973)
  
• Report Generation Plugin (126a0e5)
  
• skip collecting components with a scope of excluded (e2fd680)
  

Bug Fixes

• Add additional configuration capability (dc14c57)
  
• Add additional fixes per MR feedback (598b9f1)
  
• Add Bot label to renovate MRs (f43cd65)
  
• Add build arg to dockerfile (ae46f93)
  
• add collection metadata to sbom for apt components (b8284f5)
  
• add collections params for docker (228d327)
  
• add command line option to override previous collection location in delta_sbom plugin (b3eb0bd)
  
• add command line option to override previous collection location in delta_sbom plugin (3485048)
  
• add command line option to override previous collection location in delta_sbom plugin (d818730)
  
• add command line option to override previous collection location in delta_sbom plugin (2331668)
  
• Add curl for oras test (804f8b0)
  
• add delivered_sbom to context, work from that variable (07b6ba9)
  
• Add entrypoint to hoppr (073fdeb)
  
• add expected-tar-toc for remaining integration tests (7bbcac9)
  
• add expected-tar-toc for remaining integration tests (a071522)
  
• add expected-tar-toc to delta integration test (40fdb97)
  
• add expected-tar-toc to delta integration test (33ed419)
  
• Add hopctl docker image (1363cec)
  
• Add hopctl docker image (c4d00fc)
  
• Add hopctl docker image (5ad0556)
  
• add initial checks for BOM access (d89fed2)
  
• add integration test for deltas (e0c7e47)
  
• add integration test for deltas (2ca6ed0)
  
• add integration test for deltas (6789f9c)
  
• add integration test for deltas (c56d066)
  
• add missing import (603f219)
  
• add missing strict_repos typer argument (ad9bb37)
  
• add mock for os.path.exist (5463b80)
  
• Add oci artifacts for reference (f6661be)
  
• Add oras integration test (cbd9376)
  
• add purl-type/repo-type mappings to nexus_search collector (1b3d06a)
  
• add pytest-cov package (a6666a8)
  
• add repo to purl type list (01fa2f2)
  
• add repository/directory properties to bom for all collectors (bad3136)
  
• add shared logfile lock (e350189)
  
• add shared logfile lock (3c3c238)
  
• Add test verification for oras bundle (77f04b7)
  
• add version to bom plutin property (166538c)
  
• Added user_env support to find_credentials (ee58f2d)
  
• address issue where in-toto was looking maven files (98fc06a)
  
• all source distros from manifest repos (52c8c80)
  
• allow more full repository specification for collect_nexus_search (e2cdf02)
  
• allow more full repository specification for collect_nexus_search (6ebcceb)
  
• allow no scheme for repo URLs as last resort (866382f)
  
• allow no scheme for repo URLs as last resort (fd1feec)
  
• allow spaces in stage name (d7af57f)
  
• allow spaces in stage name (923c043)
  
• append dev instead of current branch name (d6abddc)
  
• Apply correction to git repository collector (dc522b5)
  
• apply in-toto suggestions (3e92177)
  
• apply in-toto suggestions (401757e)
  
• applying MR suggestion (c3adeee)
  
• applying MR suggestion (4e5ca7f)
  
• applying MR suggestion (4e61f84)
  
• applying MR suggestion (b034b72)
  
• apt collector _get_download_url_path (aa988d6)
  
• apt collector _get_download_url_path (1d36fd4)
  
• bom helm chart version (009bdf0)
  
• Branch isolation testing (fcde124)
  
• bug with with attestations created from GitLab CI Runners (f8ca8e7)
  
• casing for "kind" field (26b0927)
  
• casing for "kind" field (533f6a7)
  
• catch exception from _get_required_coverage, check for empty/missing boms (d905e35)
  
• check for exception not thrown in pypi success (0ba41f6)
  
• check tar toc on integration tests (aafc6bb)
  
• check tar toc on integration tests (105c87a)
  
• Clean up artifact name (a59aaac)
  
• Clean up other variables in ci (d289184)
  
• clean up repository_url handling (c867a3b)
  
• clean up repository_url handling (6fb544b)
  
• clean up repository_url handling (95a0288)
  
• clean up repository_url handling (011e53b)
  
• Clean up rules and workflow (69e9b73)
  
• Cleaned up maven command (2b4af6e)
  
• Cleanup notes in config (2632bfa)
  
• Cleanup rules (ea79632)
  
• Cleanup rules (76d65e5)
  
• clear loaded manifests (39e7341)
  
• code review comments (c9fa7e2)
  
• Code review comments (a204676)
  
• complete unit test coverage for collect_nexus_search (24827e4)
  
• component search sequence (ff89f56)
  
• component search sequence (397d3bf)
  
• Correct build artifacts (40ca47f)
  
• Correct deployment teir (d4282c8)
  
• Correct deployment teir (983932d)
  
• Correct dockerfile (30f438a)
  
• Correct git bom, had incorrect purl, name, and version (e6a1265)
  
• Correct integration tests (b065953)
  
• Correct media types for registry (d3ea0df)
  
• Correct release yaml file (a29c26c)
  
• Correct releaserc file (8868fab)
  
• Correct releaserc.yml (4b55f7f)
  
• Correct requirements (7598beb)
  
• Correct simlinks in ci docker (deb0728)
  
• Correct syntax in ci docker (f96c938)
  
• Correct tests so they pass (eeebaef)
  
• Correct the oras binary arch type (71bc21e)
  
• Correct the wheel name (4847b4a)
  
• Correct trivy timeout (5a9246a)
  
• Corrected Maven-Dependency-Plugin arguments so that maven artifacts would be bundled (9fe9eaa)
  
• credential.find method no longer needs exact match. added lines to _rundata metadata file. (202b0ae)
  
• Cut release from next branch (17d0d03)
  
• Cut release from next branch (e1c56d2)
  
• deps: update dependency hoppr-cyclonedx-models to v0.2.10 (ee37064)
  
• deps: update dependency typer to ^0.7.0 (a35bd85)
  
• dev branch test; update README (f8ed5ee)
  
• DNF download directly from found URL (bf84cec)
  
• DNF download directly from found URL (11d5e5e)
  
• do not re-generate consolidated/delivered sboms (ee1928b)
  
• do not re-generate consolidated/delivered sboms (ce59dcc)
  
• Don't run pipelines on merge event (a0b8c53)
  
• Ensure python is on the path (a1c03eb)
  
• enum base type (4e3577c)
  
• exclude nulls from output sboms (e41bd52)
  
• expected apt SBOM (c6b01e9)
  
• expected apt SBOM (8e7d3da)
  
• expected metadata source location (53f74d7)
  
• expected metadata source location (f918d63)
  
• expected-tar-toc sort order changed (b89f853)
  
• fail on no change, improved status messages (801dea2)
  
• fail on no change, improved status messages (1a4c87c)
  
• fail on no change, improved status messages (fa610d0)
  
• fail on no change, improved status messages (69d15b1)
  
• fast forward branch (1428ecb)
  
• Fixed Docker repo:tag information being lost in collection (5111f7f)
  
• Fixed Docker repo:tag information being lost in collection (3319a36)
  
• fixed issue with bundle options for functionary_key (d798606)
  
• Fixed the releaseing issue (ce8b2f5)
  
• Fixed type-check findings (7bb21df)
  
• Fixed unit tests (4e80266)
  
• Fixes #150 and corrected when consolidated and deliveried SBOMs are written. It also address additional unit testing (5adf219)
  
• Fixing Merge Conflicts (d24cff2)
  
• generate dev version if not on main/dev (3aa6ec5)
  
• Get better results (688e176)
  
• gitattributes (5d3bde3)
  
• Grab versioning properly (cc052cf)
  
• have nexus collector respect user-specified purl types (9116a03)
  
• helm collector append purl name (5574739)
  
• hoppr group (c21bc29)
  
• image tag reset after rebase (45a850a)
  
• import source type error (464211c)
  
• Improve config error logic in git collector (cb3681a)
  
• Improve matching pattern and logging (12a68eb)
  
• include resources folder in poetry build (5ae0ffb)
  
• included manifest repo merge, add tests (359364c)
  
• included manifest repo merge, add tests (1c22c6e)
  
• increase minimum unit test coverage to 100% (9c697e3)
  
• lint error (990ef3f)
  
• lint error (f9f2cc0)
  
• linting union for type hints (bbaf8f0)
  
• main module exits using sys instead of typer (356112e)
  
• main process logfile lock (4519f53)
  
• Make a quicklink script for linking python in dockerfile (ae3dace)
  
• Make semantic release pass all jobs (ddc3c49)
  
• manifest helm repo URL (438fae5)
  
• manual version revs because lock file conflicts spam (e8a473f)
  
• merge components, add verification tests (f0ecf1e)
  
• merge components, add verification tests (ce6e4d1)
  
• Merge dev into next (765d25a)
  
• Merge main into branch (e2fd972)
  
• Minor: Image build cleanup (ba4e6c3)
  
• missing rev command in skopeo image (cb38a3e)
  
• missing collector plugin CLI tools (b1284ba)
  
• move insertion of required stages to Transfer object creation (fa0d31b)
  
• move insertion of required stages to Transfer object creation (a7da1d5)
  
• move insertion of required stages to Transfer object creation (57604d5)
  
• move insertion of required stages to Transfer object creation (53243ab)
  
• moved test_main.py under test/unit/ directory (90df7ad)
  
• mypy errors (b08426c)
  
• mypy errors (d94d090)
  
• mypy errors (d612474)
  
• New branch old issue (a906ca3)
  
• Only attempt PyPI source collect if whl not collected (31de8ae)
  
• only load purl-type-specific plugins when components of that type are being processed (Issue #77) (1789f21)
  
• Only publish if there's a new release from semver dryrun (da88e9b)
  
• only rename maven file on successful collection (3455e74)
  
• Only run semantic release publish on develop and main (0ecc904)
  
• parameter name typo (9d7c3b1)
  
• pip arguments (0cc47f1)
  
• platform check (de541db)
  
• plugin: add type hint to auth (0bc2e29)
  
• plugin: properly authenticate nexus requests (be82ed4)
  
• prepend stage if needed for deltas (a0dbfcb)
  
• prepend stage if needed for deltas (7bbb2b5)
  
• prepend stage if needed for deltas (e93d3a0)
  
• prepend stage if needed for deltas (2467c6b)
  
• prevent loading plugins that aren't needed (17722f3)
  
• prevent loading plugins that aren't needed (b00db2b)
  
• processor relative file handling (59636aa)
  
• processor relative file handling (5c3cdb1)
  
• proper attestations for nexus-search- and composite- collectors (a1a9651)
  
• proper attestations for nexus-search- and composite- collectors (7ae7d7a)
  
• Protect keys (9001a21)
  
• provide better error message on empty config file content (e87fff8)
  
• pylint error (6982109)
  
• pylint error (e36b242)
  
• pylint issues fix (7c7810c)
  
• raw collector stripping purl namespace (1aca256)
  
• raw collector stripping purl namespace (ee20ebe)
  
• raw collector stripping purl namespace (bba65cb)
  
• raw collector stripping purl namespace (2c9309d)
  
• README feedback; broken link fixes; try PyPI banner fix (932121d)
  
• Rebase dev (9399451)
  
• redeclare Component attrs with hashable types (a2034fa)
  
• redeclare Component attrs with hashable types (26bbfc0)
  
• Reference main so that develop can become default branch (76f707b)
  
• Release dev channel (42ee862)
  
• Release dev channel (15b4ae7)
  
• Remove blank lines (196218c)
  
• remove construct method call (2cf4963)
  
• Remove gitlab semantic release comment on MRs (4af82e6)
  
• Remove licensing scanning and replace with policy (e852316)
  
• remove need for boolean from fail-open logic (23bfa03)
  
• Remove node engine reference from package.json (3c26b4e)
  
• Remove pack, and idx from check (6e24462)
  
• Remove package.json (e13de8d)
  
• remove prerelease (1e038d0)
  
• remove prerelease (6818939)
  
• remove problematic git files from tar toc comparison (b883b23)
  
• remove problematic git files from tar toc comparison (89f1621)
  
• Remove quotations around build (3848f46)
  
• Remove quotations from parallel matrix (28ee2b7)
  
• Remove quotes (7323a8b)
  
• remove redundant integration tests, reduce integration test sizes, run integration tests on every pipeline (0ac8adc)
  
• remove redundant integration tests, reduce integration test sizes, run integration tests on every pipeline (87ae120)
  
• remove references to deleted job (6d9890e)
  
• remove references to deleted job (7d1ef14)
  
• Remove skip ci and attempt to let workflow rules handle pipelines (0e325a5)
  
• restore Dockerfile FROM directive (e7e0622)
  
• Result constructor param typo (09290d2)
  
• Revert Changes (f6797ea)
  
• revert to older version of npm-check-updates (9fb3ebf)
  
• Roll back chore rules (e40fbfb)
  
• Roll base image back from 9.0 to 8.6 (31f8166)
  
• Run if commit message doesn't start with chore (daa5d11)
  
• Run pre-commit (7b740ec)
  
• Run the entire dockerfile as one large image (47ec5a5)
  
• sbom metadata (eb5225f)
  
• sbom metadata (f97e7a7)
  
• SBOM spec selection logic (d12bd8b)
  
• SBOM spec selection logic (2cd7286)
  
• semantic-release version bump (d45efb7)
  
• set file name correctly for collect_maven_plugin (07e4eb5)
  
• set prerelease back to true (49b130e)
  
• Set the correct version of oras (d8357a4)
  
• set timeout for run_command to reduce hanging (9be8afe)
  
• set timetag to utc timezone (12aa368)
  
• Setup codequality analytics and build attestation (c5c4514)
  
• Setup dependencies on test image (6fabada)
  
• shared RLock for Docker unit tests (b2f3c9c)
  
• Simlink python (0009483)
  
• Simplify some of the configuration options (a52594a)
  
• speed up unit tests (32f8715)
  
• Split out ci config per !184#note_1170995317 (f42e582), closes 184#note_1170995317
  
• stage name regex field type (3d4c133)
  
• strip quotes to compare found URL (396c31a)
  
• syntax (88b8961)
  
• syntax (4e8fc18)
  
• syntax (84c2c38)
  
• syntax (762a702)
  
• temporary peg of securesystemslib to address in-toto bug (8261f41)
  
• test image tags (0180488)
  
• test pattern matching (c6e7c51)
  
• test: credentials unit test coverage (74b981f)
  
• transfer file default value (ac1bf1a)
  
• turn off allow-failure on semantic-release:dry-run job to avoid breaking changes from renovate (3a32a65)
  
• type check errors (02b3d27)
  
• type error (25aea9c)
  
• type errors (30861b6)
  
• unit test context missing delivered sbom (0c3d27a)
  
• unit test message (81415ed)
  
• unit test message (dc95a02)
  
• unit test message (69a164f)
  
• unit test message (5846f61)
  
• Update artifact name (4f64b03)
  
• update assert (eba7ec9)
  
• update CODEOWNERS for repo move (6541b0c)
  
• update delivered_sbom with process return objects (46da6f3)
  
• Update expected toc (since it's changed), and correct the regression boms (fe79087)
  
• update expected toc's with delta stage intermediate delivered bom (f016526)
  
• update expected toc's with delta stage intermediate delivered bom (3291773)
  
• update expected_tar_toc files for changed maven file names (b1ef013)
  
• Update git collector depth defaults per MR suggestion (43a3dbb)
  
• Update maven write to disk (82d42b6)
  
• update Result object to include optional return object. Check that return object matches plugin Bom Access value (b346872)
  
• Update variables to contain artifact name (0400e28)
  
• updated expected tar for pypi (7356d6b)
  
• Updated unit tests for docker collection (7dbd2af)
  
• updates to ensure pipeline works for forks. (5fa6fe9)
  
• urljoin stripping path components (4c6ad9f)
  
• use enums for constants, per code review (40cc853)
  
• Use list of options and check for troublesome values (fb39372)
  
• Use long switches for readability. (fdbfec2)
  
• use more stable package for apt testing (f365df7)
  
• use more stable package for apt testing (1aca9d7)
  
• Use python3 for virtual environment creation in CI Dockerfile (e39ea91)
  
• Use semantic release to publish package (27e8eb0)
  
• Using copy from Maven-Dependency-Plugin instead of get (7ab2fe1)
  
• windows ANSI processing (eba2cb4)
  
• wrapper for run cmd (9d5844b)
  

Reverts

• files not relevant to this branch (fe61dea)
  
• files not relevant to this branch (c66595a)
  
• generic types (96721e4)
  
• generic types (9915c1a)
  
• method_name condition logic (6d9a16b)
  
• method_name condition logic (6445f18)
  
• model integration changes (e27eb91)
  
• shared memory manager changes (09a6ee3)
  
• shared memory manager changes (4dbd8c0)