Release v10.6.2

Validations for externalReferences.url has improved further thanks to @timmyteo. Beginning with this release, cdxgen will show a small donation banner in the CI. Please support the CycloneDX team with an active sponsorship, before disabling the banner using a command line argument.

What's Changed

• Update PROJECT_TYPES.md by @matuella in #1150
• Adds premium issue template by @prabhu in #1153
• chore: issue config add slack invite link by @jkowalleck in #1156
• Adds donation message to CI invocations by @prabhu in #1154
• chore: update biomejs v1.8.1 by @setchy in #1159
• docs: add libraries io badge by @setchy in #1160
• validateIri to Reject "http://" URL by @timmyteo in #1158
• Bug fix: yarn v1 dependency tree was incomplete by @prabhu in #1162
• Return error response in submitBom by @marob in #1108

New Contributors

• @matuella made their first contribution in #1150

Full Changelog: v10.6.1...v10.6.2

Release v10.6.1

If something doesn't work, call it the patch 0. Let's go again with pnpm publish.

What's Changed

• Try to fix pnpm publish issues by @prabhu in #1147

Full Changelog: v10.6.0...v10.6.1

Release v10.6.0

externalReferences urls are now validated and filtered. Thanks @timmyteo. There is a new option to use maven dependency tree plugin for Java, instead of the cyclonedx plugin. Set the environment variable PREFER_MAVEN_DEPS_TREE=true to try this out.

What's Changed

• Fallback on 'cdx' or 'bom' JSON files for Java BOM by @nekhtan in #1127
• Switch to pnpm by @prabhu in #1134
• build: update biomejs by @setchy in #1138
• Add IRI Validation for externalReference URL by @timmyteo in #1140
• Feature/dotnet roll forward by @prabhu in #1139
• Feature/component duplicate tracking by @prabhu in #1146

New Contributors

• @nekhtan made their first contribution in #1127
• @timmyteo made their first contribution in #1140

Full Changelog: v10.5.2...v10.6.0

Release v10.5.2

What's Changed

• [fix] seperate npm-release to seperate jobs by @aryan-rajoria in #1050
• [Fix] Docker Build fails almalinux:9.3 by @aryan-rajoria in #1052
• build(vscode) enable always signoff by @setchy in #1063
• fix(biome): noUselessTernary by @setchy in #1062
• docs: add project types by @setchy in #1057
• docs: add NODE_OPTIONS by @setchy in #1056
• docs: update community support by @setchy in #1059
• build: add codeowners file by @setchy in #1058
• docs: link to contribute labels by @setchy in #1060
• docs: ref to new project types page by @setchy in #1067
• feat(docker): default to docker.io registry by @setchy in #1073
• docs: enterprise and community support by @setchy in #1071
• docs: remove unused media. should be in _media/ folder by @setchy in #1070
• docs: env variables by @setchy in #1069
• docs: type args ref to docs by @setchy in #1068
• Fix: Docker-deno and Docker-bun build fails by @aryan-rajoria in #1077
• docs: add documentation section by @setchy in #1079
• docs: update h1 by @setchy in #1080
• docs: fix broken queries.json link by @setchy in #1083
• docs: nodejs permissions by @setchy in #1082
• build: update contributors by @setchy in #1078
• docs: use link labels by @setchy in #1081
• feat: increase yargs terminal width by @setchy in #1087
• feat: increase yargs terminal width by @setchy in #1091
• Improved troubleshooting for go by @prabhu in #1096
• Issue 763 by @cerrussell in #1090
• Fix: Handle TAR_ENTRY_INVALID error by @aryan-rajoria in #1095
• Adding The Installation Of Root Dependencies For Npm by @g-kaz in #1100
• Fix: Split linux-tests job into two jobs by @aryan-rajoria in #1103
• cargo deep mode by @prabhu in #1102
• Fix ppc64 build issue by @prabhu in #1104
• docs: fix repo link by @setchy in #1114
• build(biome): apply safe changes. add script to filter summary for errors only by @setchy in #1111
• build(biome): update formatter options to ignore types/** by @setchy in #1110
• docs(server): add openapi specification by @setchy in #1113
• Adds new vulnerabilities command to the repl by @prabhu in #1120
• Support for dotnet framework. Dependency tree for csproj files by @prabhu in #1119
• Update spdx schema. Update packages by @prabhu in #1121

New Contributors

• @aryan-rajoria made their first contribution in #1050
• @g-kaz made their first contribution in #1100

Full Changelog: v10.5.1...v10.5.2

Release v10.5.1

The cdxgen container image now uses node 22 with compile cache. This offers significant performance improvements compared to the current node 20 based images, especially with server mode. With no breaking changes, we feel this is a patch release for the cdxgen node package rather than a minor release.

What's Changed

• Remove bun lock file by @prabhu in #1030
• Improve deno compatibility by using jar command fallback by @prabhu in #1031
• Enable node 22 tests by @prabhu in #1034
• Use node 22 via nvm in docker. Enable NODE_COMPILE_CACHE by @prabhu in #1036

Full Changelog: v10.5.0...v10.5.1

Release v10.5.0 - Python CBOM for everyone

Introduction

You can now generate CBOM for Python applications. It is as easy as invoking the cbom command.

cbom -t python

cdxi REPL can natively understand CBOM. Simply load the generated CBOM, and try the new commands .cryptos and .provides.

We have also added support for compliance-as-code via standards. Invoke cdxgen with the new --standard arguments to automatically include their definitions.

Example:

cdxgen -t java --standard asvs-4.0.3

What's Changed

• Add support for executing dependencies task in parallel for Gradle by @ajmalab in #1007
• Feature/swh by @prabhu in #1012
• Update jdk to 21.0.3-tem by @prabhu in #1013
• Remove bun frozen install mode by @prabhu in #1017
• Python cbom by @prabhu in #1026
• Update atom. Regenerate types by @prabhu in #1028
• Support for standard templates by @prabhu in #1029

Full Changelog: v10.4.3...v10.5.0

Release v10.4.3

What's Changed

• Removed docsify which is not required for generating docs by @prabhu in #1001
• Adding directories starting with __ to ignore by @almaz045 in #1004
• Adds bun image by @prabhu in #1002

New Contributors

• @almaz045 made their first contribution in #1004

Full Changelog: v10.4.2...v10.4.3

Release v10.4.2

We have applied numerous linting fixes reported by biome (Thanks @setchy). The lock file was deleted and regenerated, since the dependency tree was looking a lot better when compared with the existing one.

What's Changed

• chore(biome): fix use single var declarator by @setchy in #984
• chore(biome): fix use template by @setchy in #985
• chore(biome): remove unused rule overrides by @setchy in #986
• chore(biome): fix optional chaining cases by @setchy in #987
• chore(biome): fix useless else cases by @setchy in #988
• chore(biome): fix unused template literals by @setchy in #989
• Feature/maven private repos by @prabhu in #992
• chore(biome): fix no double equals by @setchy in #991
• chore: update biome by @setchy in #998
• Regenerate lock file and types. Adds vuln scanning by @prabhu in #999

Full Changelog: v10.4.1...v10.4.2

Release v10.4.1

What's Changed

• Applied a number of unsafe fixes using biome by @prabhu in #983
• Bugfix for a problematic yaml file

Full Changelog: v10.4.0...v10.4.1

Release v10.4.0

What's Changed

• docs: update downloads badge by @setchy in #968
• Follow CycloneDX 1.5 spec for SPDX license expressions by @validide in #975
• Export proto support for 1.6 by @prabhu in #974
• Include cyclonedx-maven-plugin under tools for java by @prabhu in #976
• feat: switch to biomejs formatter + linter by @setchy in #977

Full Changelog: v10.3.5...v10.4.0