0.1.0-alpha.10

Changelog

v0.1.0-alpha.10 (2024-07-04)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the history to use UUID instead of i32 from the start.

Features

• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.9

Changelog

v0.1.0-alpha.9 (2024-06-27)

Features

• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.8

Changelog

v0.1.0-alpha.8 (2024-06-24)

Features

• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.6

Changelog

v0.1.0-alpha.6 (2024-06-06)

Features

• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.5

Changelog

v0.1.0-alpha.5 (2024-06-04)

Features

• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.4

Changelog

v0.1.0-alpha.4 (2024-06-03)

Features

• implement OSV ingestion (0bc8a20)

Fixes

• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.3

Changelog

v0.1.0-alpha.3 (2024-06-03)

Features

• implement OSV ingestion (0bc8a20)

Fixes

• ingest scores when loading CSAF docs (4719406), closes #278

0.1.0-alpha.2

Changelog

v0.1.0-alpha.2 (2024-05-31)

Features

• implement OSV ingestion (0bc8a20)

Fixes

• ingest scores when loading CSAF docs (4719406), closes #278