v0.2.5

Additional Changes

• update syft/stereoscope for release [#167 @spiffcs]

(Full Changelog)

v0.2.4

Additional Changes

• core dependencies: latest syft and stereoscope (syft v1.17.0) [#156 @willmurphyscode]
• Update Syft to 1.16.0 [#147 @dependabot]

(Full Changelog)

v0.2.3

Additional Changes

• update syft to v1.14.1 [#137 @willmurphyscode]

(Full Changelog)

v0.2.2

Grant v0.2.2

Special thanks to @NyanKiyoshi and @psududemike for the contributions surrounding fixing #101.

Please file an issue or reach out on the issue board tagging @spiffcs if you need support, feature requests, bug fixes, or have ideas for future features and PR.

Bug Fixes

• No way to deny all licenses while allowing specific ones [#101 #123 @NyanKiyoshi]
• Update to support #101 [#124 @psududemike]

Additional Changes

• bump go version for build [#132 @spiffcs]

(Full Changelog)

v0.2.1

Additional Changes

• Add SBOM generation and checksums signing to release [#55 @spiffcs]
• Update Syft to v1.8.0

(Full Changelog)

v0.2.0

Feature Changes

• add CSV output option [#65 @spiffcs]
• update syft source provider [#58 @kzantow]

(Full Changelog)

v0.1.3

Bug Fixes

• default licenses policy [#50 #56 @spiffcs]

Additional Changes

• remove python codeql [#41 @spiffcs]
• create SECURITY.md [#39 @spiffcs]
• dependabot; misc workflow; github actions [#37 @spiffcs]

(Full Changelog)

v0.1.2

Additional Changes

• update syft to latest [#36 @spiffcs]
• show non spdx in list report [#35 @spiffcs]
• Enhance list command json output [#34 @spiffcs]
• update check json output with custom details [#33 @spiffcs]
• separate format packages and update list command formats [#32 @spiffcs]

(Full Changelog)

v0.1.1

Grant – License information is just an SBOM away v0.1.0

Grant is a new tool from the Anchore team that can view and check licenses from a given software bill of material.

Features

• Users can supply an SBOM to grant and obtain a license violation report
• Grant also can take an image or directory input, generate an SBOM, and then use those results as part of the license check.
• list all the licenses found for a given container image or directory
• Grant also has the ability to recognize licenses passed to it as a part of its input.
• Given some text, grant can recognize a license and compare it to the provided configuration along with the SBOM or other supplied containers
• Licenses are checked against the SPDX license list found here: https://spdx.org/licenses/.

Additional Changes

• chore: update automatic release flow for v0.1.1 release [#29 @spiffcs]
• chore: update code static analysis path [#27 @spiffcs]

(Full Changelog)

Grant v0.1.0 (INTERNAL-PRE-RELEASE)

Grant – License information is just an SBOM away v0.1.0 (INTERNAL-PRE-RELEASE)

Grant is a new tool from the Anchore team that can view and check licenses from a given software bill of material.

Features

• Users can supply an SBOM to grant and obtain a license violation report
• Grant also can take an image or directory input, generate an SBOM, and then use those results as part of the license check.
• list all the licenses found for a given container image or directory
• Grant also has the ability to recognize licenses passed to it as a part of its input.
• Given some text, grant can recognize a license and compare it to the provided configuration along with the SBOM or other supplied containers
• Licenses are checked against the SPDX license list found here: https://spdx.org/licenses/.