Based on OWASP Software Component Verification Standard for Software Bill of Materials (SCVS SBOM) criteria, this tool is now capable of producing SBOM documents almost passing Level-2 (only signing needs to be done externally).
Affective changes based on these SCVS SBOM criteria:
- 2.15 — SPDX license expression detection improved (via #726)
- 2.18 — SHA-1 integrity hash detection added (#699 via #735)
Changes
- SPDX license expression detection improved (via #726)
Previously, some expressions were not properly detected, so they were marked as named-license in the SBOM results.
They should be marked as expression, now.
Added
Misc
- Raised dependency
@cyclonedx/cyclonedx-library@^2.0.0, was@^1.14.0(via #726)
Full Changelog: v1.11.0...v1.12.0