Skip to content

Release v0.2.1
Compare
Choose a tag to compare
@puerco puerco released this 29 Jan 21:39
· 954 commits to main since this release
v0.2.1
1c850e3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This minor patch release includes a fix to automatically detect compressed container image layers.

Release Notes

Changes by Kind

Feature

  • Files and directories passed in flags to the bom utility are now checked for existence before running the SBOM generator
    • New flag --name allows thew user to set the document name from the command line
    • New flag --scan-images controls if container images are scanned for OS packages or not (#34, @puerco)
  • New container image layer scanner for checking inside of layers for OS data. The first version supports extracting packages from debian based OSs. (#31, @puerco)

Bug or Regression

  • Tarball headers are now checked to see if they are compressed. Previously we relied on file extensions which made the tarball handling code flaky
    • Fixed a proble where --scan-images was unresponsive because a bug in the internal plumbing (#37, @puerco)

Other (Cleanup or Flake)

  • Replaced the animation on the main GitHub page with a link to external page as it caused high CPU consumption (#39, @puerco)

Uncategorized

  • Added missing --archive and --image-archive flags to main README (#33, @kfaseela)

Dependencies

Added

Nothing has changed.

Changed

  • golang.org/x/tools: v0.1.8 → v0.1.9

Removed

Nothing has changed.

Contributors

puerco and kfaseela
Assets 8
Loading