You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CaPyCLI now supports SBOM generation for Rust projects with the getdependencies rust
command.
getdependencies javascript has an improved source code detection.
Improve filtering in bom filter.
bom map: The options --dbx and -all were replaced by --matchmode.
bom map: new --matchmode options full-search (report all best matches) and qualifier-match (consider PackageURL qualifiers). See Readme_Mapping.md.
Support platform dependent binaries using PyInstaller.
project prerequisites now has a summary at the end of the output to show how many
components have been scanned and how many warnings and errors there are.
Adapt getdependencies python to the Poetry 2.x pyproject.toml format.
getdependencies python now also supports uv and its uv.lock file.
getdependencies python now first tries to get GitHub source code urls, before
using pythonhosted urls.
CaPyCLI displays a warning in bom show, bom DownloadSources, or bom CreateReleases
when the source file does not look like a source file, i.e. the file extension does not match.
CaPyCLI can now created SBOM packages with the new bom bompackage command.
A SBOM package is a single zip archive that contains the SBOM and all source and binary files.
🪲 Bugfixes
fix: bom show now properly shows components without versions.
fix: bom show and bom validate read SBOMs in UTF-8 encoding.
Have correct file:/// uri for files in SBOM external references.
getdependencies python writes now correct package names with dashes in the SBOM.
⚙️ Build & CI
Update to Poetry 2.1.4 including an update of pyproject.toml.
Replace tomli by tomllib and drop support for Python <=3.10.
