Releases: aboutcode-org/scancode.io
Releases · aboutcode-org/scancode.io
v34.8.3
Changelog
- Include the
aboutcode
module in the wheel and source distribution. #1423 - Update ScanCode-toolkit to v32.3.0 #1418
What's Changed
- Update sctk version to v32.3.0 by @AyanSinhaMahapatra in #1418
- Include the
aboutcode
module in the wheel and source distribution… by @tdruez in #1424
Full Changelog: v34.8.2...v34.8.3
v34.8.2
Changelog
- Add
android_analysis
toextra_requires
. This installs the package
android_inspector
, which provides a pipeline for Android APK
deploy-to-development analysis. - Remove the sleep time in the context of testing
matchcode.poll_run_url_status
to speed up the test. #1411 - Add ability to specify the CycloneDX output spec version using the
output
management command and providing thecyclonedx:VERSION
syntax as format value. aboutcode-org/scancode-action#8 - Add new
compliance
REST API action that list all compliance alert for a given
project. The severity level can be provided using the
?fail_level={ERROR,WARNING,MISSING}
parameter. #1346 - Add new
Compliance alerts
panel in the project detail view. #1346
What's Changed
- Updated the typo mistakes of documentation of ScanCode.io (#1386) by @VarshaUN in #1387
- Add android_inspector in new extra_requires #1373 by @JonoYang in #1391
- Update docs for netrc usage in Docker context #1384 by @JonoYang in #1385
- Upgrade Django to security release 5.1.2 by @tdruez in #1410
- Remove the sleep time in the context of testing poll_run_url_status #… by @tdruez in #1412
- Add ability to specify the CycloneDX output spec version by @tdruez in #1413
- Add new compliance REST API action to list compliance alerts #1346 by @tdruez in #1416
- Base implementation if the project compliance panel view #1346 by @tdruez in #1417
New Contributors
Full Changelog: v34.8.1...v34.8.2
v34.8.1
v34.8.0
Changelog
- Add a new
enrich_with_purldb
add-on pipeline to enrich the discovered packages
with data available in the PurlDB. #1182 - Add the ability to define a results_url on the Pipeline class.
When available, that link is displayed in the UI to easily reach the results view
related to the Pipeline run. #1330 - Expands on the existing WebhookSubscription model by adding a few fields to
configure the behavior of the Webhooks, and moves some of the fields to a new
WebhookDelivery model, which captures the results of a WebhookSubscription
"delivery". #1325 - Add support for creating dependencies using the
load_sboms
pipeline on CycloneDX
SBOM inputs. #1145 - Add a new Dependency view that renders the project dependencies as a tree. #1145
- The
purldb-scan-worker
command has been updated to send project results
back using the Project webhook subscriptions. This allows us to not have the
main task loop to monitor a single project run for completion in order to
return data, and allows us to have multiple scan projects active at once while
we usepurldb-scan-worker
. A new option--max-concurrent-projects
has
been added to set the number of purldb packages that can be requested and
processed at once. #1287 - Add notes field on the DiscoveredPackage model. #1342
- Fix an issue with conflicting groups checkbox id in the Add pipeline modal. #1353
- Move the BasePipeline class to a new
aboutcode.pipeline
module. #1351 - Update link references of ownership from nexB to aboutcode-org #1350
- Add a new
check-compliance
management command to check for compliance issues in
a project. #1182
What's Changed
- Add a new enrich_with_purldb Pipeline #1328 by @tdruez in #1329
- Add the ability to define a results_url on the Pipeline class by @tdruez in #1330
- Add mariner to supported distros by @AyanSinhaMahapatra in #1161
- Add full test coverage for the enrich_with_purldb Pipeline by @tdruez in #1331
- Replace all linter and validation libraries by ruff by @tdruez in #1333
- Put the virtualenv into a .venv directory instead of the project root by @tdruez in #1334
- 1328 enrich with purldb collect endpoint by @tdruez in #1336
- Webhook behavior customization and delivery records by @tdruez in #1338
- Load CycloneDX SBOMs dependencies #1145 by @tdruez in #1344
- 1287 purldb scan worker update by @JonoYang in #1320
- Add notes field on the DiscoveredPackage model #1342 by @tdruez in #1349
- Thirdparty upgrade and .dockerignore updates by @tdruez in #1352
- Fix issue with conflicting groups checkbox id in Add pipeline modal #… by @tdruez in #1354
- Move the BasePipeline class to a new
aboutcode.pipeline
module #1351 by @tdruez in #1357 - Refactor the BasePipeline, move out all Project related logic #1351 by @tdruez in #1358
- Add pyproject.toml for packaging aboutcode.pipeline module #1351 by @tdruez in #1359
- Upgrade Django to latest 5.1 release by @tdruez in #1361
- 1350 owner migration by @chinyeungli in #1362
- Simplify the Project.add_message method for object_instance by @tdruez in #1363
- Add a new
check-compliance
management command #1346 by @tdruez in #1364
New Contributors
- @chinyeungli made their first contribution in #1362
Full Changelog: v34.7.1...v34.8.0
v34.7.1
Changelog
- Add pipeline step selection for a run execution.
This allows to run a pipeline in an advanced mode allowing to skip some steps,
or restart from a step, like the last failed step.
The steps can be edited from the Run "status" modal using the "Select steps" button.
This is an advanced feature and should we used with caution. #1303 - Display the resolved_to_package as link in the dependencies tab. #1314
- Add support for multiple instances of a PackageURL in the CycloneDX outputs.
Thepackage_uid
is now included in each BOM Component as a property. #1316 - Add administration interface. Can be enabled with the SCANCODEIO_ENABLE_ADMIN_SITE
setting.
Add--admin
and--super
options to thecreate-user
management command. #1323 - Add
results_url
andsummary_url
on the API ProjectSerializer. #1325
What's Changed
- Add pipeline step selection for a run execution #1303 by @tdruez in #1310
- Display the resolved_to_package as link in the dependencies tab by @tdruez in #1314
- Add support for multiple instances of a PURL in the CycloneDX outputs… by @tdruez in #1317
- Refactor the Webhook.get_payload to use Serializers #1325 by @tdruez in #1326
- Display sizes in bytes and humanized #1322 by @tdruez in #1324
- Add administration site for main scanpipe models by @tdruez in #1323
Full Changelog: v34.7.0...v34.7.1
v34.7.0
Changelog
- Add all "classify" plugin fields from scancode-toolkit on the CodebaseResource model. #1275
- Refine the extraction errors reporting to include the resource path for rendering
link to the related resources in the UI. #1273 - Add a
flush-projects
management command, to Delete all project data and their
related work directories created more than a specified number of days ago. #1289 - Update the
inspect_packages
pipeline to have an optionalStaticResolver
group to create resolved packages and dependency relationships from lockfiles
and manifests having pre-resolved dependencies. Also update this pipeline to
perform package assembly from multiple manifests and files to create
discovered packages. Also update theresolve_dependencies
pipeline to have
the sameStaticResolver
group and mode the dynamic resolution part to a new
optionalDynamicResolver
group. #1244 - Add a new attribute
is_direct
to the DiscoveredDependency model and two new
attributesis_private
andis_virtual
to the DiscoveredPackage model.
Also update the UIs to show these attributes and show thepackage_data
field
contents for CodebaseResources in theextra_data
tab. #1244 - Update scancode-toolkit to version
32.2.1
. For the complete list of updates
and improvements see https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.0
and https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.1 - Add support for providing pipeline "selected_groups" in the
run
entry point. #1306
What's Changed
- Add all "classify" plugin fields on the CodebaseResource model #1275 by @tdruez in #1286
- Add a flush-projects management command for bulk deletion #1289 by @tdruez in #1291
- Refine the extraction errors reporting include the resource path #1273 by @tdruez in #1276
- Cleanup and re-organise unit test data by @tdruez in #1296
- Add tutorial for end-to-end scanning to DejaCode #1280 by @pombredanne in #1295
- Resolve dependencies from lockfiles by @AyanSinhaMahapatra in #1244
- Update scancode-toolkit to v32.2.1 by @AyanSinhaMahapatra in #1305
- Add support for pipeline "selected_groups" in the run cli #1306 by @tdruez in #1307
Full Changelog: v34.6.3...v34.7.0
v34.6.3
Changelog
- Use the
--option=value
syntax for args entries in place of--option value
for fetching Docker images using skopeo throughrun_command_safely
calls. #1257 - Fix an issue in the d2d JavaScript mapper. #1274
- Add support for a
ignored_vulnerabilities
field on the Project configuration. #1271
What's Changed
- Use the --option=value syntax for run_command_safely args #1257 by @tdruez in #1270
- Fix an issue in the d2d JavaScript mapper by @tdruez in #1274
- Add ignored_vulnerabilities field on the Project configuration #1271 by @tdruez in #1281
Full Changelog: v34.6.2...v34.6.3
v34.6.2
Changelog
- Store SBOMs headers in the
Project.extra_data
field during the load_sboms
pipeline. #1253 - Add support for fetching Git repository as Project input. #921
- Enhance the logging and reporting of input fetch exceptions. #1257
What's Changed
- Do not sys.exit in execute_project function by @tdruez in #1265
- Store SBOMs headers in the
Project.extra_data
field #1253 by @tdruez in #1266 - UI enhancements by @tdruez in #1267
- Add support for fetching git repo as Project input #921 by @tdruez in #1254
- Enhance the logging and reporting of input fetch exceptions #1257 by @tdruez in #1269
Full Changelog: v34.6.1...v34.6.2
v34.6.1
Changelog
- Remove print statements from migration files.
- Display full traceback on error in the
execute
management command. - Log the Project message creation.
- Refactor the
get_env_from_config_file
to support empty config file.
What's Changed
Full Changelog: v34.6.0...v34.6.1
v34.6.0
Changelog
- Add a new
scan_for_virus
add-on pipeline based on ClamAV scan.
Found viruses are stored as "error" Project messages and on their related codebase
resource instance using theextra_data
field. #1182 - Add ability to filter by tag on the resource list view. #1217
- Use "unknown" as the Package URL default type when no values are provided for that
field. This allows to create a discovered package instance instead of raising a
Project error message. #1249 - Rename DiscoveredDependency
resolved_to
toresolved_to_package
, and
resolved_dependencies
toresolved_from_dependencies
for clarity and
consistency.
Addchildren_packages
andparent_packages
ManyToMany field on the
DiscoveredPackage model.
Add full dependency tree in the CycloneDX output. #1066 - Add a new
run
entry point for executing pipeline as a single command. #1256 - Generate a DiscoveredPackage.package_uid in create_from_data when not provided. #1256
What's Changed
- Add ability to filter by tag on the resource list view #1217 by @tdruez in #1247
- Increase size of CodebaseResource.status from 30 to 50 by @JonoYang in #1248
- Implement a ScanForVirus Pipeline #1182 by @tdruez in #1193
- Include virus report in the resource extra_data field by @keshav-space in #1250
- Use "unknown" as the Package URL default type for missing data #1249 by @tdruez in #1251
- Add children_packages m2m and rename resolved_to_package #1066 by @tdruez in #1252
- Add an entry point for executing pipeline as a single command by @tdruez in #1256
- Generate a package_uid in create_from_data when not provided #1256 by @tdruez in #1258
- Release 34.6.0 by @tdruez in #1259
Full Changelog: v34.5.0...v34.6.0