Releases: ossf/package-analysis
Releases · ossf/package-analysis
Record file write metadata and notify on analysis completion
What's Changed
- Metadata on file writes is new recorded during dynamic analysis of packages. This includes the number of writes to each file as well as how many bytes were written during each write. More data collection (including the actual bytes written) is planned for future releases
- A new pub/sub topic was added which notifies subscribers when dynamic analysis of a package completes successfully
- Improvements to dev tools
New Contributors
- @elainechien implemented the file write data collection enhancements
- @adaluong implemented the notification mechanism for analysis completion
Full Changelog: rel-14...rel-16
Rust crates.io support.
What's Changed
- Replace [^\s] with \S in regexes by @maxfisher-g in #350
- Add helper scripts for analysis workflows by @maxfisher-g in #359
- Chmod the sandbox logDir so that it can be read by non-root users. by @calebbrown in #361
- Adds the crates.io ecosystem by @another-rex in #366
New Contributors
- @another-rex made their first contribution in #366
Full Changelog: rel-13...rel-14
Bug fixes: unlinkat parsing and docker push tags
What's Changed
- Fix out of bounds error in strace.go by @maxfisher-g in #348
- Make sure all tags are pushed during docker push. by @calebbrown in #345
Other contributions
- Olivekl docs updates 1 by @olivekl in #317
- Improve README for deploying BigQuery loader function by @maxfisher-g in #341
- Re-allow PRs changing only .md files to trigger CI builds by @maxfisher-g in #343
New Contributors
Full Changelog: rel-12...rel-13
Unlink parsing, remove apt-key, update scorecard with v2 beta
Bump cloudbuild timeout
What's Changed
- Extend the cloud build timeout by @calebbrown in #308
Full Changelog: rel-10...rel-11
Packagist Support
Enable Packagist/PHP support
What's Changed
- Bump worker RAM to 2Gi by @calebbrown in #278
- Add a sandbox for running packages downloaded from Packagist. by @calebbrown in #305
- Add Packagist feed support for analyzing PHP packages. by @calebbrown in #307
New Contributors
Full Changelog: rel-9...rel-10
Separate host traffic from sandbox traffic; fix blocking pcap.
What's Changed
- Separate sandbox traffic to avoid capturing host packets during analysis. by @calebbrown in #275
Full Changelog: rel-8...rel-9
Capture DNS Query, Bump GVisor version
What's Changed
- Collect and add DNS queries to the analysis results. by @calebbrown in #270
- Bump GVisor version. It now supports cgroups v2. by @calebbrown in #273
Full Changelog: rel-7...rel-8
rel-7: Better sandboxing
Key Changes
- Block access from the Sandbox to any Private IP address space. by @calebbrown in #248
- Add curl to the sandboxes to make them more representative. by @calebbrown in #251
- Remove the fixed box name to make it harder for sandbox detection. by @calebbrown in #253
- Add a case studies document by @calebbrown in #254
Full Changelog: rel-6...rel-7
Improve security and strace parsing
What's Changed
- Support unlimited line length parsing for strace logs. by @calebbrown in #243
- Set MaxBadRecords for BigQuery loader. by @oliverchang in #244
- Add the ability to filter network access. by @calebbrown in #245