v36.0.1

What's Changed

• Add support for authors in ORT package list generation by @FabianRolfMatthiasNoll in #1988
• Store non-supported fields in the comment SPDX field by @tdruez in #1989
• Add support for CycloneDX spec v1.7 by @tdruez in #1975
• Add authors field to the CycloneDX output by @tdruez in #1990
• Bump version for v36.0.1 release by @tdruez in #1991

New Contributors

• @FabianRolfMatthiasNoll made their first contribution in #1988

Full Changelog: v36.0.0...v36.0.1

v36.0.0

What's Changed

• Upgrade multiple dependencies to their latest version by @tdruez in #1972
• Upgrade PostgreSQL from 13 to 17 in Docker compose file by @tdruez in #1973
• Upgrade Django to latest 5.2.x version by @tdruez in #1976
• Remove the dependency on scipy #1754 by @tdruez in #1977
• Add "ort-package-list" to the formats list in run command by @tdruez in #1982
• Bump version for v36.0.0 release by @tdruez in #1983

Full Changelog: v35.5.0...v36.0.0

v35.5.0

What's Changed

• Add script for D2D with SCIO using docker container by @TG1999 in #1912
• Load the resource details in the tree browser view by @tdruez in #1919
• [CRAVEX] Generic CI/CD integration by @tdruez in #1944
• Move resource path in the URL path instead of query string by @tdruez in #1945
• Update "find_jvm_packages" to include all resources by @chinyeungli in #1921
• Refine D2D with Grammar (.g/.g4) Class Mapping #1808 by @chinyeungli in #1942
• Added "META-INF" and "module-info.class" to ignore list by @chinyeungli in #1943
• Create missing image and layer directory codebase resources by @tdruez in #1946
• Add arguments support for the reset action in REST API by @tdruez in #1948
• Use proper serializer_class for the ProjectViewSet by @tdruez in #1952
• Add management command to analyze Kubernetes cluster by @tdruez in #1950
• Only run code stemming on source files that we can handle in fingerprint_stemmed_codebase_resources by @JonoYang in #1961
• Close existing connection before job execution in worker by @rogu-beta in #1959
• Refine D2D with Xtend and Class Mapping #1906 by @chinyeungli in #1947
• Improve source mapping for .py and .pyi files by @Aryan-SINGH-GIT in #1920
• Keep webhook subscription in project reset by @tdruez in #1963
• Add --vulnerabilities option in verify-project by @tdruez in #1964
• Add a workflows to test the ORT to ScanCode.io integration by @tsteenbe in #1886
• Add new Inputs section in the documentation by @tdruez in #1965
• Add support for PyPI PURLs as Inputs by @tdruez in #1966
• Add JFrog Artifactory and Sonatype Nexus integrations documentation by @tdruez in #1970
• Bump version for v35.5.0 release by @tdruez in #1971

New Contributors

• @rogu-beta made their first contribution in #1959
• @tsteenbe made their first contribution in #1886

Full Changelog: v35.4.1...v35.5.0

v35.4.1

What's Changed

• Add utilities to create/init FederatedCode data repo by @keshav-space in #1896
• Refine d2d pipeline for scala and kotlin by @TG1999 in #1898
• Fix placeholder text for Download URLs field to use correct purl-spec… by @Aryan-SINGH-GIT in #1893
• Add a verify-project CLI management command by @tdruez in #1903
• Migrate SCA workflows verification to new verify-project management command by @tdruez in #1902
• Auto-detect pipeline from provided input #1883 by @tdruez in #1904
• [CRAVEX] SCA Integrations: cyclonedx-gomod by @tdruez in #1905
• Upgrade Django to latest v5.1.13 security release by @tdruez in #1909
• Update Java D2D Pipeline to Include Checksum Mapped Sources for Accurate Java Mapping by @chinyeungli in #1870
• Add ability to download all output results formats #1880 by @tdruez in #1910
• Add .. navigation option in table to navigate to parent resource by @aayushkdev in #1869
• Add the django-htmx app to the stack by @tdruez in #1917
• Add support for multiple inputs in the run management command by @tdruez in #1916

New Contributors

• @Aryan-SINGH-GIT made their first contribution in #1893

Full Changelog: v35.4.0...v35.4.1

v35.4.0

What's Changed

• [CRAVEX] SCA Integrations: Anchore by @tdruez in #1820
• [CRAVEX] SCA Integrations: CycloneDX cdxgen by @tdruez in #1824
• [CRAVEX] SCA Integrations: OWASP dep-scan by @tdruez in #1825
• Resolve and load dependencies from SPDX SBOMs #1145 by @tdruez in #1827
• [CRAVEX] SCA Integrations: SBOM tool by @tdruez in #1826
• [CRAVEX] SCA Integrations: OSV-Scanner by @tdruez in #1821
• Use deterministic UID/GID in Dockerfile #1555 by @tdruez in #1569
• Display the optional steps in the Pipelines autodoc #1822 by @tdruez in #1830
• Add new benchmark_purls pipeline #1804 by @tdruez in #1832
• Add left-pane file tree view and related templates by @aayushkdev in #1704
• Resources tree view enhancements by @tdruez in #1839
• [CRAVEX] SCA Integrations: Generic by @tdruez in #1841
• Improve the ORT CycloneDX support by @tdruez in #1843
• [CRAVEX] SCA Integrations: ORT (part.1) by @tdruez in #1837
• add path breadcrumbs and copy-to-clipboard button in resource_table_view by @aayushkdev in #1851
• Track the current browsing path in the browser URL by @aayushkdev in #1853
• Update federatedcode pipes by @JonoYang in #1831
• Add ORT package-list.yml output format by @tdruez in #1852
• Add support for SPDX as YAML in load_sbom pipeline by @tdruez in #1865
• SPDX 2.2 support and documentDescribes update to reference root element only by @tdruez in #1856
• Add a workflow for the ScanCode.io to ORT integration by @tdruez in #1866
• Collect purl metadata by @AyanSinhaMahapatra in #1868
• Pin click to version 8.2.1 #1885 by @JonoYang in #1887
• Avoid creating empty commits when pushing changes to FederatedCode by @keshav-space in #1888
• Bump version to v35.4.0 for release by @AyanSinhaMahapatra in #1892

Full Changelog: v35.3.0...v35.4.0

v35.3.0

What's Changed

• Add support for SPDX license identifiers in license policies file by @tdruez in #1714
• Enhance code format validation by @tdruez in #1717
• Refactor policies implementation to support more than licenses by @tdruez in #1718
• Add macos runner as part of the test matrix strategy by @tdruez in #1713
• Add a QuickStart introduction chapter in the documentation by @tdruez in #1722
• Fix d2d pipeline bugs from ecosytem configurations by @AyanSinhaMahapatra in #1716
• Add discovered dependencies model and queryset methods by @tdruez in #1723
• Enhance the dependency tree view in a more dynamic rendering by @tdruez in #1742
• Use html_name in place of field name attribute #1743 by @tdruez in #1744
• Use fully qualified image names in docker-compose files by @tdruez in #1745
• fix(docker): Update air gap installation configuration by @imfeniljikadara in #1650
• Add results_url attribute on the MatchToMatchCode pipeline class by @tdruez in #1746
• Support SCTK License detection models by @AyanSinhaMahapatra in #1124
• Improve d2d pipeline runs by @AyanSinhaMahapatra in #1747
• Integration of Clarity compliance mechanism by @NucleonGodX in #1705
• Fix license detections page error and improve UI by @AyanSinhaMahapatra in #1751
• Add support for tracking parent of CodebaseResource entries and ensure top level paths are stored by @aayushkdev in #1691
• Leverage the parent_path field when available #1691 by @tdruez in #1776
• Upgrade some dependencies to their latest version by @tdruez in #1755
• Scorecard integration internal by @tdruez in #1777
• Pin fingerprints and normality to fix the Docker build #1795 by @tdruez in #1796
• Bump version for 35.2.0 release by @tdruez in #1798
• Refactor a common threshold mechanism for both license clarity and scorecard score. by @NucleonGodX in #1799
• Update packageurl-python by @JonoYang in #1793
• 1676 add android inspector install doc by @JonoYang in #1775
• Add compliance support based on OpenSSF Scorecard score by @NucleonGodX in #1800
• Update packageurl-python to 0.17.3 by @chinyeungli in #1809
• Improve Go/Rust/Elf/Mach0 binary symbol mapping by @AyanSinhaMahapatra in #1810
• fix policies validation by @NucleonGodX in #1814
• Define the groups and steps as empty list when not provided by @tdruez in #1816
• Add support for vulnerabilities in load_sbom pipeline #1729 by @tdruez in #1817
• [CRAVEX] SCA Integrations: Trivy by @tdruez in #1811
• Upgrade multiple dependencies to their latest version by @tdruez in #1818
• Bump version for v35.3.0 release by @tdruez in #1819

New Contributors

• @imfeniljikadara made their first contribution in #1650

Full Changelog: v35.1.0...v35.3.0

v35.1.0

What's Changed

• Catch NotImplementedError by @JonoYang in #1700
• Debug get unique unresolved purls 2 by @JonoYang in #1701
• Add a --fail-on-vulnerabilities in check-compliance command by @tdruez in #1702
• Improve file handling in UI by @jayanth-kumar-morem in #1036
• Introduce Independent License Clarity Thresholds Mechanism by @NucleonGodX in #1689
• Enable --license-references option in scan_single_package pipeline by @tdruez in #1706
• Add ecosystem specific inclusions or exclusions by @AyanSinhaMahapatra in #1550
• Refine ScanCode.io d2d pipeline for JavaScript using string literals mapping by @keshav-space in #1652
• Update scancode-toolkit to v32.4.0 by @AyanSinhaMahapatra in #1708
• Update D2D pipeline with Cython source to binary matching by @JonoYang in #1703
• Replace the setup.py/setup.cfg by pyproject.toml #1608 by @tdruez in #1709

New Contributors

• @NucleonGodX made their first contribution in #1689

Full Changelog: v35.0.0...v35.1.0

v35.0.0

What's Changed

• Adding sorting layer to the compliance alerts #1581 by @abanoub-samy-farhan in #1632
• Raise a MatchCodeIOException for invalid responses from MatchCode.io … by @tdruez in #1666
• Slice the fragment from the URL to 50 chars max #1669 by @tdruez in #1670
• Match binaries to source using elf symbols by @AyanSinhaMahapatra in #1621
• Upgrade Django and dependencies to latest security release by @tdruez in #1681
• Strip rightmost / in settings.py, from URL envvars #1672 by @JonoYang in #1673
• Add support for using Package URL (purl) as project input. by @tdruez in #1686
• Add filtering by label and pipeline in the flush-projects managem… by @tdruez in #1690
• Upgrade Ace library to latest version 1.42.0 by @tdruez in #1692
• Display matched snippets details in "Resource viewer" by @tdruez in #1693
• Rename the parent_path function to parent_directory #1691 by @tdruez in #1694
• Upgrade Django to latest security release by @tdruez in #1695
• Add "(No value detected)" for Copyright and Holder charts #1697 by @tdruez in #1698
• Add support for Python3.13 by @tdruez in #1469
• Add "Package Compliance Alert" chart in the Policies section by @tdruez in #1699
• Add d2d symbols matching for winpe macho binaries by @AyanSinhaMahapatra in #1674

New Contributors

• @abanoub-samy-farhan made their first contribution in #1632

Full Changelog: v34.11.0...v35.0.0

v34.11.0

What's Changed

• Upgrade Django to latest 5.1.8 security release by @tdruez in #1653
• Add an UUID field on the DiscoveredDependency model #1651 by @tdruez in #1654
• Add functions to create fingerprints from stemmed code, highlight code snippet matches from matchcode by @JonoYang in #1656
• Only process match results for file matches by @JonoYang in #1658
• Add ability to export filtered QuerySet of FilterView to JSON format by @aayushkdev in #1572
• Include ProjectMessages in the JSON output headers section #1659 by @tdruez in #1662
• Dependencies upgrade by @tdruez in #1663
• Define a COMPLIANCE_SEVERITY_MAP on the ComplianceAlertMixin #1581 by @tdruez in #1664

Full Changelog: v34.10.1...v34.11.0

v34.10.1

What's Changed

• Upgrade python-inspector and other dependencies to latest version by @tdruez in #1642
• Add a GitHub workflow that resolves dependencies and generates SBOMS … by @tdruez in #1643
• Convert the declared_license field value in resolve_pypi_packages #1598 by @tdruez in #1645
• Provide dummy wheel distributions for installing on Apple Silicon #866 by @tdruez in #1646
• Refine readability in resolve_pypi_packages and add logging #1598 by @tdruez in #1647

Full Changelog: v34.10.0...v34.10.1