Skip to content

Releases: aboutcode-org/scancode.io

v34.8.3

30 Oct 15:17
Compare
Choose a tag to compare

Changelog

  • Include the aboutcode module in the wheel and source distribution. #1423
  • Update ScanCode-toolkit to v32.3.0 #1418

What's Changed

Full Changelog: v34.8.2...v34.8.3

v34.8.2

28 Oct 17:36
Compare
Choose a tag to compare

Changelog

  • Add android_analysis to extra_requires. This installs the package
    android_inspector, which provides a pipeline for Android APK
    deploy-to-development analysis.
  • Remove the sleep time in the context of testing matchcode.poll_run_url_status
    to speed up the test. #1411
  • Add ability to specify the CycloneDX output spec version using the output
    management command and providing the cyclonedx:VERSION syntax as format value. aboutcode-org/scancode-action#8
  • Add new compliance REST API action that list all compliance alert for a given
    project. The severity level can be provided using the
    ?fail_level={ERROR,WARNING,MISSING} parameter. #1346
  • Add new Compliance alerts panel in the project detail view. #1346

What's Changed

  • Updated the typo mistakes of documentation of ScanCode.io (#1386) by @VarshaUN in #1387
  • Add android_inspector in new extra_requires #1373 by @JonoYang in #1391
  • Update docs for netrc usage in Docker context #1384 by @JonoYang in #1385
  • Upgrade Django to security release 5.1.2 by @tdruez in #1410
  • Remove the sleep time in the context of testing poll_run_url_status #… by @tdruez in #1412
  • Add ability to specify the CycloneDX output spec version by @tdruez in #1413
  • Add new compliance REST API action to list compliance alerts #1346 by @tdruez in #1416
  • Base implementation if the project compliance panel view #1346 by @tdruez in #1417

New Contributors

Full Changelog: v34.8.1...v34.8.2

v34.8.1

06 Sep 07:01
b300d73
Compare
Choose a tag to compare

What's Changed

Full Changelog: v34.8.0...v34.8.1

v34.8.0

15 Aug 12:54
Compare
Choose a tag to compare

Changelog

  • Add a new enrich_with_purldb add-on pipeline to enrich the discovered packages
    with data available in the PurlDB. #1182
  • Add the ability to define a results_url on the Pipeline class.
    When available, that link is displayed in the UI to easily reach the results view
    related to the Pipeline run. #1330
  • Expands on the existing WebhookSubscription model by adding a few fields to
    configure the behavior of the Webhooks, and moves some of the fields to a new
    WebhookDelivery model, which captures the results of a WebhookSubscription
    "delivery". #1325
  • Add support for creating dependencies using the load_sboms pipeline on CycloneDX
    SBOM inputs. #1145
  • Add a new Dependency view that renders the project dependencies as a tree. #1145
  • The purldb-scan-worker command has been updated to send project results
    back using the Project webhook subscriptions. This allows us to not have the
    main task loop to monitor a single project run for completion in order to
    return data, and allows us to have multiple scan projects active at once while
    we use purldb-scan-worker. A new option --max-concurrent-projects has
    been added to set the number of purldb packages that can be requested and
    processed at once. #1287
  • Add notes field on the DiscoveredPackage model. #1342
  • Fix an issue with conflicting groups checkbox id in the Add pipeline modal. #1353
  • Move the BasePipeline class to a new aboutcode.pipeline module. #1351
  • Update link references of ownership from nexB to aboutcode-org #1350
  • Add a new check-compliance management command to check for compliance issues in
    a project. #1182

What's Changed

New Contributors

Full Changelog: v34.7.1...v34.8.0

v34.7.1

15 Jul 10:20
Compare
Choose a tag to compare

Changelog

  • Add pipeline step selection for a run execution.
    This allows to run a pipeline in an advanced mode allowing to skip some steps,
    or restart from a step, like the last failed step.
    The steps can be edited from the Run "status" modal using the "Select steps" button.
    This is an advanced feature and should we used with caution. #1303
  • Display the resolved_to_package as link in the dependencies tab. #1314
  • Add support for multiple instances of a PackageURL in the CycloneDX outputs.
    The package_uid is now included in each BOM Component as a property. #1316
  • Add administration interface. Can be enabled with the SCANCODEIO_ENABLE_ADMIN_SITE
    setting.
    Add --admin and --super options to the create-user management command. #1323
  • Add results_url and summary_url on the API ProjectSerializer. #1325

What's Changed

  • Add pipeline step selection for a run execution #1303 by @tdruez in #1310
  • Display the resolved_to_package as link in the dependencies tab by @tdruez in #1314
  • Add support for multiple instances of a PURL in the CycloneDX outputs… by @tdruez in #1317
  • Refactor the Webhook.get_payload to use Serializers #1325 by @tdruez in #1326
  • Display sizes in bytes and humanized #1322 by @tdruez in #1324
  • Add administration site for main scanpipe models by @tdruez in #1323

Full Changelog: v34.7.0...v34.7.1

v34.7.0

02 Jul 14:03
Compare
Choose a tag to compare

Changelog

  • Add all "classify" plugin fields from scancode-toolkit on the CodebaseResource model. #1275
  • Refine the extraction errors reporting to include the resource path for rendering
    link to the related resources in the UI. #1273
  • Add a flush-projects management command, to Delete all project data and their
    related work directories created more than a specified number of days ago. #1289
  • Update the inspect_packages pipeline to have an optional StaticResolver
    group to create resolved packages and dependency relationships from lockfiles
    and manifests having pre-resolved dependencies. Also update this pipeline to
    perform package assembly from multiple manifests and files to create
    discovered packages. Also update the resolve_dependencies pipeline to have
    the same StaticResolver group and mode the dynamic resolution part to a new
    optional DynamicResolver group. #1244
  • Add a new attribute is_direct to the DiscoveredDependency model and two new
    attributes is_private and is_virtual to the DiscoveredPackage model.
    Also update the UIs to show these attributes and show the package_data field
    contents for CodebaseResources in the extra_data tab. #1244
  • Update scancode-toolkit to version 32.2.1. For the complete list of updates
    and improvements see https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.0
    and https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.1
  • Add support for providing pipeline "selected_groups" in the run entry point. #1306

What's Changed

Full Changelog: v34.6.3...v34.7.0

v34.6.3

21 Jun 12:16
Compare
Choose a tag to compare

Changelog

  • Use the --option=value syntax for args entries in place of --option value
    for fetching Docker images using skopeo through run_command_safely calls. #1257
  • Fix an issue in the d2d JavaScript mapper. #1274
  • Add support for a ignored_vulnerabilities field on the Project configuration. #1271

What's Changed

  • Use the --option=value syntax for run_command_safely args #1257 by @tdruez in #1270
  • Fix an issue in the d2d JavaScript mapper by @tdruez in #1274
  • Add ignored_vulnerabilities field on the Project configuration #1271 by @tdruez in #1281

Full Changelog: v34.6.2...v34.6.3

v34.6.2

18 Jun 10:56
Compare
Choose a tag to compare

Changelog

  • Store SBOMs headers in the Project.extra_data field during the load_sboms
    pipeline. #1253
  • Add support for fetching Git repository as Project input. #921
  • Enhance the logging and reporting of input fetch exceptions. #1257

What's Changed

Full Changelog: v34.6.1...v34.6.2

v34.6.1

07 Jun 15:44
7b97d3b
Compare
Choose a tag to compare

Changelog

  • Remove print statements from migration files.
  • Display full traceback on error in the execute management command.
  • Log the Project message creation.
  • Refactor the get_env_from_config_file to support empty config file.

What's Changed

Full Changelog: v34.6.0...v34.6.1

v34.6.0

07 Jun 14:01
9858953
Compare
Choose a tag to compare

Changelog

  • Add a new scan_for_virus add-on pipeline based on ClamAV scan.
    Found viruses are stored as "error" Project messages and on their related codebase
    resource instance using the extra_data field. #1182
  • Add ability to filter by tag on the resource list view. #1217
  • Use "unknown" as the Package URL default type when no values are provided for that
    field. This allows to create a discovered package instance instead of raising a
    Project error message. #1249
  • Rename DiscoveredDependency resolved_to to resolved_to_package, and
    resolved_dependencies to resolved_from_dependencies for clarity and
    consistency.
    Add children_packages and parent_packages ManyToMany field on the
    DiscoveredPackage model.
    Add full dependency tree in the CycloneDX output. #1066
  • Add a new run entry point for executing pipeline as a single command. #1256
  • Generate a DiscoveredPackage.package_uid in create_from_data when not provided. #1256

What's Changed

Full Changelog: v34.5.0...v34.6.0