Skip to content

Releases: CycloneDX/cdxgen

Release v11.0.3

21 Nov 11:12
@prabhu prabhu
v11.0.3
5cfb69f
This commit was signed with the committer’s verified signature.
prabhu prabhu
GPG key ID: 5589813335E58C11
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v11.0.3 Latest
Latest

What's Changed

Other Changes

Full Changelog: v11.0.2...v11.0.3

Contributors

prabhu
Assets 22

Release v11.0.2

18 Nov 14:28
@prabhu prabhu
v11.0.2
aebea7b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v11.0.2

What's Changed

🚀 Features

Other Changes

  • update atom to get cpg 1.0.1 and the latest protobuf by @prabhu in #1462
  • Safely handle components without names by @prabhu in #1464
  • Update atom to get tagging and android apk improvements by @prabhu in #1465

Full Changelog: v11.0.1...v11.0.2

Contributors

prabhu
Assets 22
Loading

Release v11.0.1

17 Nov 06:55
@prabhu prabhu
v11.0.1
a07301b
This commit was signed with the committer’s verified signature.
prabhu prabhu
GPG key ID: 5589813335E58C11
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v11.0.1

Notable Features

  • Official cdxgen base image updated to almalinux:10-kitten-minimal. dotnet 9 sdk is now used as default.
  • All base images updated to use :v11 as the suffix. Due to a release mistake the last few cdxgen :v10 images inadvertently use cdxgen v11.0.0. Let us know if you are affected by this mistake.
  • Latest dosai with support for dotnet 9 via [email protected].

What's Changed

Other Changes

Full Changelog: v11.0.0...v11.0.1

Contributors

prabhu
Assets 22
Loading

Release v11.0.0

15 Nov 15:18
@prabhu prabhu
v11.0.0
ce64722
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v11.0.0

Announcement blog on LinkedIn

Top Features

  • New ML profiles (ml-tiny, ml, ml-deep) added. Pass them via the cli args --profile.
  • New filter techniques (--min-confidence and --technique)

BREAKING changes

cyclonedx-maven-plugin is no longer used by default. PREFER_MAVEN_DEPS_TREE now defaults to true. Set this value to false should you prefer the cyclonedx maven plugin.

What's Changed

🚀 Features

Other Changes

Full Changelog: v10.11.0...v11.0.0

Contributors

prabhu, aryan-rajoria, and cerrussell
Assets 10
Loading

Release v10.11.0 - Happy swiftwali

31 Oct 14:21
@prabhu prabhu
v10.11.0
cb40883
This commit was signed with the committer’s verified signature.
prabhu prabhu
GPG key ID: 5589813335E58C11
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v10.11.0 - Happy swiftwali

Swift developers deserve better tooling to make their lives simple. Accurate information about where and how a given library (both internal and external) is used, can help with prioritization and vulnerability management.

This release adds a new state-of-the-art semantic analysis engine for swift 😎. cdxgen can generate a precise semantic slice representing the application context with accurate types and fully qualified call names for a range of swift applications. The slices are then utlilized by evinse to generate "occurrences evidence" for the SBOM as shown.

2024-10-30_22-12-16

We can't wait to iterate to bring you more enhancements and visibility over the coming weeks.

What's Changed

🚀 Features

Other Changes

  • Use bom-ref consistently in the dependency tree by @prabhu in #1431
  • Run "Upload base images" action only on main repository by @marob in #1436
  • Run some GitHub action jobs only on main repository by @marob in #1438
  • Graciously fail for fastlane managed swift projects by @prabhu in #1443

Full Changelog: v10.10.7...v10.11.0

Contributors

prabhu and marob
Assets 10
Loading

v10.10.7

22 Oct 11:55
@prabhu prabhu
v10.10.7
b309cff
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v10.10.7

What's Changed

🚀 Features

  • Adds support for specifying npm install args by @prabhu in #1428

Full Changelog: v10.10.6...v10.10.7

Contributors

prabhu
Assets 10
Loading

Release v10.10.6

20 Oct 21:19
@prabhu prabhu
v10.10.6
5b39562
This commit was signed with the committer’s verified signature.
prabhu prabhu
GPG key ID: 5589813335E58C11
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v10.10.6

What's Changed

Other Changes

Full Changelog: v10.10.5...v10.10.6

Contributors

marob and cerrussell
Assets 10
Loading

Release v10.10.5

17 Oct 10:08
@prabhu prabhu
v10.10.5
160b735
This commit was signed with the committer’s verified signature.
prabhu prabhu
GPG key ID: 5589813335E58C11
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v10.10.5

What's Changed

Other Changes

Full Changelog: v10.10.4...v10.10.5

Contributors

prabhu and malice00
Assets 10
Loading

Release v10.10.4

08 Oct 18:06
@prabhu prabhu
v10.10.4
f546437
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v10.10.4

What's Changed

Other Changes

  • Improve root dependency list for Gemfile.lock by @prabhu in #1409

Full Changelog: v10.10.3...v10.10.4

Contributors

prabhu
Assets 10
Loading

Release v10.10.3

03 Oct 10:52
@prabhu prabhu
v10.10.3
49d8e6a
This commit was signed with the committer’s verified signature.
prabhu prabhu
GPG key ID: 5589813335E58C11
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v10.10.3

We are now publishing new language-specific custom base images (contributed by AppThreat). We have seen significant improvements for Python and .Net framework applications in the field with these images. They are also lightweight compared to the default cdxgen image.

What's Changed

🚀 Features

Other Changes

Full Changelog: v10.10.2...v10.10.3

Contributors

prabhu and malice00
Assets 10
Loading