Skip to content

v0.4.0

Compare
Choose a tag to compare
@github-actions github-actions released this 18 Jan 03:36
· 461 commits to main since this release
c3cdc5a

Highlights

  • Addition of a new KeyValue backend (Redis and TiKV)
  • Update and improve guacone CLI
  • Add new graphQL Custom Directives contains and startswith
  • Various updates to arangoDB and ENT backend
  • REST API initial implementation
  • Various bug fixes and improvements

What's Changed

  • 8336525 1434-docker-compose - backend selection on startup (#1435)
  • c197a9d 1550 Ent: hasSBOM 'included' implementation (#1583)
  • 8daf872 Add Guacone collect files json.bz2 capability (#1395)
  • 1fb5ee9 Add Redis and TiKV kv stores (#1502)
  • bb36eab Add benchmark for TiKV (#1579)
  • ab37eb4 Add comment for id field on PkgSpec (#1631)
  • df88a40 Add comment on Edge schema to note that edges are bidirectional (#1632)
  • 7176dec Add concurrency to arango hasSBOM query (#1609)
  • c45498b Add log level configuration (#1422)
  • cb92e23 Add performance test for redis. (#1562)
  • a4faf80 Add support for OCI referrers (#1278)
  • 2304b5e Bump actions/cache from 3.3.2 to 3.3.3 (#1642)
  • cabf7f9 Bump actions/checkout from 3.4.0 to 4.1.1 (#1489)
  • aa334f6 Bump actions/checkout from 4.1.0 to 4.1.1 (#1423)
  • 47f9756 Bump actions/create-github-app-token from 1.5.0 to 1.5.1 (#1467)
  • 4c9a54f Bump actions/create-github-app-token from 1.5.1 to 1.6.0 (#1516)
  • 1c55d0b Bump actions/create-github-app-token from 1.6.0 to 1.6.1 (#1551)
  • 2bfe69a Bump actions/create-github-app-token from 1.6.1 to 1.6.2 (#1570)
  • 48efadb Bump actions/create-github-app-token from 1.6.2 to 1.6.3 (#1641)
  • 54fe233 Bump actions/download-artifact from 3 to 4 (#1591)
  • 7e4740c Bump actions/github-script from 6.4.1 to 7.0.0 (#1494)
  • 5c32cb5 Bump actions/github-script from 7.0.0 to 7.0.1 (#1515)
  • 67ce224 Bump actions/setup-go from 4.0.1 to 4.1.0 (#1493)
  • c4c8ca3 Bump actions/setup-go from 4.1.0 to 5.0.0 (#1568)
  • 7bbde8f Bump actions/setup-python from 4.7.1 to 5.0.0 (#1569)
  • 1395ebf Bump actions/upload-artifact from 3 to 4 (#1640)
  • 880b129 Bump anchore/sbom-action from 0.14.3 to 0.15.0 (#1518)
  • 4553605 Bump anchore/sbom-action from 0.15.0 to 0.15.1 (#1552)
  • 65da979 Bump anchore/sbom-action from 0.15.1 to 0.15.3 (#1626)
  • bfd70a6 Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 (#1443)
  • 552cf9b Bump aquasecurity/trivy-action from 0.13.0 to 0.13.1 (#1468)
  • 79ffb2f Bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#1490)
  • 3e8b997 Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 (#1571)
  • 5692dc6 Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 (#1625)
  • f0c6c23 Bump cloud.google.com/go/storage from 1.33.0 to 1.34.1 (#1462)
  • a3301cb Bump cloud.google.com/go/storage from 1.34.1 to 1.35.1 (#1492)
  • 68c22cc Bump entgo.io/ent from 0.12.4 to 0.12.5 (#1522)
  • 9fd1846 Bump github.com/99designs/gqlgen from 0.17.37 to 0.17.39 (#1411)
  • f48cf42 Bump github.com/99designs/gqlgen from 0.17.39 to 0.17.41 (#1553)
  • 645533d Bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1573)
  • d9609a3 Bump github.com/arangodb/go-driver from 1.6.0 to 1.6.1 (#1523)
  • 64d2c5b Bump github.com/aws/aws-sdk-go from 1.45.24 to 1.45.26 (#1412)
  • 5cf6cbc Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.46.2 (#1425)
  • f92473b Bump github.com/aws/aws-sdk-go from 1.46.2 to 1.48.0 (#1521)
  • 4a67771 Bump github.com/aws/aws-sdk-go from 1.48.0 to 1.49.13 (#1613)
  • c078576 Bump github.com/aws/aws-sdk-go from 1.49.13 to 1.49.17 (#1622)
  • c13e040 Bump github.com/aws/aws-sdk-go-v2 from 1.20.0 to 1.21.2 (#1447)
  • d3611c3 Bump github.com/aws/aws-sdk-go-v2 from 1.22.2 to 1.23.5 (#1556)
  • 6d501cc Bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 (#1621)
  • 4e83d90 Bump github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.19.1 (#1446)
  • 21abc32 Bump github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.26.1 (#1576)
  • 5a12fd2 Bump github.com/aws/aws-sdk-go-v2/config from 1.26.1 to 1.26.2 (#1612)
  • 25250e2 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.1 to 1.40.2 (#1445)
  • 14c40cb Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.2 to 1.42.1 (#1487)
  • b6246e5 Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.26.0 (#1466)
  • a95b0bf Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.29.6 (#1614)
  • f1e2b24 Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1619)
  • 0ce585b Bump github.com/docker/docker (#1442)
  • b6f77f3 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1486)
  • 604d475 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1531)
  • 8ba3f39 Bump github.com/fsouza/fake-gcs-server from 1.47.5 to 1.47.6 (#1428)
  • 1416c0f Bump github.com/fsouza/fake-gcs-server from 1.47.6 to 1.47.7 (#1639)
  • 97cd84f Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#1532)
  • ed19b9b Bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#1588)
  • 1d48ca9 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1409)
  • 00d978b Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 (#1444)
  • d0e7461 Bump github.com/google/osv-scanner from 1.4.2 to 1.4.3 (#1488)
  • 63ebfe7 Bump github.com/jedib0t/go-pretty/v6 from 6.4.7 to 6.4.8 (#1429)
  • f4c68bc Bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.3 (#1638)
  • cb78b8d Bump github.com/klauspost/compress from 1.17.2 to 1.17.3 (#1534)
  • e08c31e Bump github.com/klauspost/compress from 1.17.3 to 1.17.4 (#1557)
  • 1e4157b Bump github.com/nats-io/nats-server/v2 from 2.10.1 to 2.10.2 (#1418)
  • 778f2c6 Bump github.com/nats-io/nats-server/v2 from 2.10.2 to 2.10.3 (#1427)
  • 02152b2 Bump github.com/nats-io/nats-server/v2 from 2.10.3 to 2.10.4 (#1454)
  • 45e8941 Bump github.com/nats-io/nats-server/v2 from 2.10.4 to 2.10.5 (#1495)
  • bac74b5 Bump github.com/nats-io/nats.go from 1.30.1 to 1.31.0 (#1408)
  • 0689514 Bump github.com/nats-io/nkeys from 0.4.5 to 0.4.6 (#1455)
  • a49449a Bump github.com/ossf/scorecard/v4 from 4.13.0 to 4.13.1 (#1464)
  • a591214 Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 (#1637)
  • c91c538 Bump github.com/redis/go-redis/v9 from 9.3.0 to 9.3.1 (#1600)
  • 7857ed7 Bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#1623)
  • 0b7c030 Bump github.com/regclient/regclient from 0.5.1 to 0.5.3 (#1410)
  • 056ca7a Bump github.com/regclient/regclient from 0.5.3 to 0.5.4 (#1519)
  • 79ef3f1 Bump github.com/regclient/regclient from 0.5.4 to 0.5.5 (#1554)
  • 770cf2e Bump github.com/segmentio/kafka-go from 0.4.42 to 0.4.44 (#1463)
  • 6d2150d Bump github.com/segmentio/kafka-go from 0.4.44 to 0.4.46 (#1572)
  • d619162 Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#1426)
  • 596c9f9 Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#1533)
  • 7ae8af7 Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#1587)
  • 9407c75 Bump github.com/sigstore/sigstore from 1.7.6 to 1.8.0 (#1602)
  • 974f14b Bump github.com/spf13/viper from 1.16.0 to 1.17.0 (#1520)
  • 76e2661 Bump github.com/spf13/viper from 1.17.0 to 1.18.2 (#1589)
  • c86d904 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1592)
  • bfa5624 Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#1555)
  • c0eaaeb Bump google.golang.org/api from 0.148.0 to 0.149.0 (#1465)
  • 56cb4f9 Bump google.golang.org/api from 0.150.0 to 0.152.0 (#1535)
  • e9ee86b Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#1620)
  • fe10b55 Bump goreleaser/goreleaser-action from 4 to 5 (#1517)
  • e2b35ad Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#1424)
  • 2b32a09 Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1491)
  • ba1eb78 Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1567)
  • c308c54 CSAF Parser: fixed branches' names collision (#1528)
  • 18ad0d0 Change Keys method in kv interface to Scan (#1558)
  • 030cf7f Convert default backend from "inmem" to "keyvalue" (#1475)
  • c5d84b6 Create a single backend acceptance test suite. (#1597)
  • fb58ab3 Define edges within software tries related nodes (#1450)
  • f2198ad Enable query on benchmark, fix some Scan() issues in keyvalue (#1585)
  • 2a9a787 Ent - HasMetadata: applied concurrent approach (#1458)
  • b178fcd Ent - PackageVersion: added index for improving IsDependency ingestion (#1439)
  • da929fc Ent - Restore IngestPackages concurrently (#1586)
  • 72e03ee Ent - Vulnerability endpoints: applied concurrent approach (#1459)
  • 1b4e681 Ent - VulnerabilityMetadata endpoints (#1416)
  • 7a05b7e Ent: IngestArtifacts optimized using concurrently (#1596)
  • f6a0a24 Ent: IngestBuilders, IngestCertifyBads, IngestCertifyGoods, IngestCertifyLegals refactored concurrently (#1599)
  • 68210cf Ent: IngestOccurrences optimized with concurrently (#1593)
  • a599888 Ent: IngestSources optimized with concurrently (#1595)
  • a20dbc7 Ent: Package,IsDependency concurrent bulk ingestions (#1440)
  • 5521770 Ent: error management when closing Ent client during tests (#1478)
  • 545e294 Ent: fixed lint issue on 'main' (#1598)
  • 7a4373b Feature/arango neighbors nouns query (#1419)
  • 2ad8e2b Feature/arango neighbors verbs with tests (#1420)
  • 09b3c74 Feature/update arango hasSBOM adding includes (#1564)
  • ab00d12 Fix single target build and remove unused function from test (#1543)
  • e560250 Fix some error returns without unlocks. (#1581)
  • 0b8fc18 Fix some logic errors on IsDependency (#1627)
  • 565483d Fixed Error in Scorecard Certifier (#1501)
  • 9faa6de Fixed docker-compose down (#1451)
  • 14a79d9 Fixed the incorrect tests for deps_dev (#1400)
  • c298eea Implemented prometheus (#1500)
  • 1e5a333 Implemented the REST API (#1452)
  • 2af1cc4 Included option to run integration tests locally (#1361)
  • c72e762 Inlcuded a faster fmt (#1507)
  • 165897d Issue 966: Extend HasSBOM to include references to included software … (#1367)
  • 686ce43 Iterating Over all IDs in QueryVulnsViaVulnNodeNeighbors (#1509)
  • c5c346c OCI purl: fix repository URL management (#1485)
  • 92bd33e Query fIlter support for nested keys (#1618)
  • cb550ee Remove extra read locking that will cause deadlock. (#1580)
  • 83b892c S3 collector implementation (#1308)
  • 7144c45 Update ent and arango source model generation. (#1594)
  • 2b1e1ae Update key methods to use a non-cryptographic hash function. (#1559)
  • 32697ae Update mutation API to return only ID (merge branch 1116-return-ID to main) (#1542)
  • 90eb529 Update vuln query to utilize hasSBOM and pass in SBOM URI or purl to search (#1605)
  • 8829931 Updating Arango and Ent with KnownSince (#1399)
  • dbb2ffb [#1405] Feature/query filter (#1610)
  • ab5a1b0 add Contributor Covenant v2.1 (#1628)
  • df7a374 add guac cooking show to roadmap (#1578)
  • b3b67db add missing index for arango collections (#1432)
  • 460976e add openssf scorecard badge for guac (#1498)
  • c59694b add workflow to test ingestion for backends (#1457)
  • 3c8609f change to workflow_dispatch to manually trigger (#1474)
  • 4e01d67 docker-compose.yaml starts postgres but does not use it (#1430)
  • 43d13e6 expose isDep query (#1634)
  • 85b587a feature/Arango - add path query for arango backend with unit tests (#1403)
  • 7092b6c feature[add query-for-package-url] inital commit (#1611)
  • 087923e fix broken link on governance (#1629)
  • c3cdc5a fix bug where duplicate certifyVuln values showed on output (#1646)
  • deca7db fix check for ingested packages and source IDs (#1453)
  • 03d1b26 fix go sum based on dependabot changes (#1471)
  • ca7b6ba fix lint issue on arango hasSBOM (#1643)
  • d825ccf fix queryVulnsViaVulnNodeNeighbors to check for certifyVex edges (#1540)
  • b55c60c fix vulns query not properly evaluating isDependency (#1582)
  • 478e62e fix: use unique sbom identifier for the uri field (#1437)
  • a4e806c nix.shell: Bump go to 1.21 (#1563)
  • ad75a95 remove check if pkgID has already been checked (#1608)
  • f99d581 remove s3 from guacone until further testing is done on the collector (#1645)
  • de8350f update deps.dev parser to output hasSbom (#1584)
  • 30218ea update roadmap (#1526)