v0.4.0
Highlights
- Addition of a new KeyValue backend (Redis and TiKV)
- Update and improve
guacone
CLI - Add new graphQL Custom Directives
contains
andstartswith
- Various updates to arangoDB and ENT backend
- REST API initial implementation
- Various bug fixes and improvements
What's Changed
- 8336525 1434-docker-compose - backend selection on startup (#1435)
- c197a9d 1550 Ent: hasSBOM 'included' implementation (#1583)
- 8daf872 Add Guacone collect files json.bz2 capability (#1395)
- 1fb5ee9 Add Redis and TiKV kv stores (#1502)
- bb36eab Add benchmark for TiKV (#1579)
- ab37eb4 Add comment for id field on PkgSpec (#1631)
- df88a40 Add comment on Edge schema to note that edges are bidirectional (#1632)
- 7176dec Add concurrency to arango hasSBOM query (#1609)
- c45498b Add log level configuration (#1422)
- cb92e23 Add performance test for redis. (#1562)
- a4faf80 Add support for OCI referrers (#1278)
- 2304b5e Bump actions/cache from 3.3.2 to 3.3.3 (#1642)
- cabf7f9 Bump actions/checkout from 3.4.0 to 4.1.1 (#1489)
- aa334f6 Bump actions/checkout from 4.1.0 to 4.1.1 (#1423)
- 47f9756 Bump actions/create-github-app-token from 1.5.0 to 1.5.1 (#1467)
- 4c9a54f Bump actions/create-github-app-token from 1.5.1 to 1.6.0 (#1516)
- 1c55d0b Bump actions/create-github-app-token from 1.6.0 to 1.6.1 (#1551)
- 2bfe69a Bump actions/create-github-app-token from 1.6.1 to 1.6.2 (#1570)
- 48efadb Bump actions/create-github-app-token from 1.6.2 to 1.6.3 (#1641)
- 54fe233 Bump actions/download-artifact from 3 to 4 (#1591)
- 7e4740c Bump actions/github-script from 6.4.1 to 7.0.0 (#1494)
- 5c32cb5 Bump actions/github-script from 7.0.0 to 7.0.1 (#1515)
- 67ce224 Bump actions/setup-go from 4.0.1 to 4.1.0 (#1493)
- c4c8ca3 Bump actions/setup-go from 4.1.0 to 5.0.0 (#1568)
- 7bbde8f Bump actions/setup-python from 4.7.1 to 5.0.0 (#1569)
- 1395ebf Bump actions/upload-artifact from 3 to 4 (#1640)
- 880b129 Bump anchore/sbom-action from 0.14.3 to 0.15.0 (#1518)
- 4553605 Bump anchore/sbom-action from 0.15.0 to 0.15.1 (#1552)
- 65da979 Bump anchore/sbom-action from 0.15.1 to 0.15.3 (#1626)
- bfd70a6 Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 (#1443)
- 552cf9b Bump aquasecurity/trivy-action from 0.13.0 to 0.13.1 (#1468)
- 79ffb2f Bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#1490)
- 3e8b997 Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 (#1571)
- 5692dc6 Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 (#1625)
- f0c6c23 Bump cloud.google.com/go/storage from 1.33.0 to 1.34.1 (#1462)
- a3301cb Bump cloud.google.com/go/storage from 1.34.1 to 1.35.1 (#1492)
- 68c22cc Bump entgo.io/ent from 0.12.4 to 0.12.5 (#1522)
- 9fd1846 Bump github.com/99designs/gqlgen from 0.17.37 to 0.17.39 (#1411)
- f48cf42 Bump github.com/99designs/gqlgen from 0.17.39 to 0.17.41 (#1553)
- 645533d Bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1573)
- d9609a3 Bump github.com/arangodb/go-driver from 1.6.0 to 1.6.1 (#1523)
- 64d2c5b Bump github.com/aws/aws-sdk-go from 1.45.24 to 1.45.26 (#1412)
- 5cf6cbc Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.46.2 (#1425)
- f92473b Bump github.com/aws/aws-sdk-go from 1.46.2 to 1.48.0 (#1521)
- 4a67771 Bump github.com/aws/aws-sdk-go from 1.48.0 to 1.49.13 (#1613)
- c078576 Bump github.com/aws/aws-sdk-go from 1.49.13 to 1.49.17 (#1622)
- c13e040 Bump github.com/aws/aws-sdk-go-v2 from 1.20.0 to 1.21.2 (#1447)
- d3611c3 Bump github.com/aws/aws-sdk-go-v2 from 1.22.2 to 1.23.5 (#1556)
- 6d501cc Bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 (#1621)
- 4e83d90 Bump github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.19.1 (#1446)
- 21abc32 Bump github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.26.1 (#1576)
- 5a12fd2 Bump github.com/aws/aws-sdk-go-v2/config from 1.26.1 to 1.26.2 (#1612)
- 25250e2 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.1 to 1.40.2 (#1445)
- 14c40cb Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.2 to 1.42.1 (#1487)
- b6246e5 Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.26.0 (#1466)
- a95b0bf Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.29.6 (#1614)
- f1e2b24 Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1619)
- 0ce585b Bump github.com/docker/docker (#1442)
- b6f77f3 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1486)
- 604d475 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1531)
- 8ba3f39 Bump github.com/fsouza/fake-gcs-server from 1.47.5 to 1.47.6 (#1428)
- 1416c0f Bump github.com/fsouza/fake-gcs-server from 1.47.6 to 1.47.7 (#1639)
- 97cd84f Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#1532)
- ed19b9b Bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#1588)
- 1d48ca9 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1409)
- 00d978b Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 (#1444)
- d0e7461 Bump github.com/google/osv-scanner from 1.4.2 to 1.4.3 (#1488)
- 63ebfe7 Bump github.com/jedib0t/go-pretty/v6 from 6.4.7 to 6.4.8 (#1429)
- f4c68bc Bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.3 (#1638)
- cb78b8d Bump github.com/klauspost/compress from 1.17.2 to 1.17.3 (#1534)
- e08c31e Bump github.com/klauspost/compress from 1.17.3 to 1.17.4 (#1557)
- 1e4157b Bump github.com/nats-io/nats-server/v2 from 2.10.1 to 2.10.2 (#1418)
- 778f2c6 Bump github.com/nats-io/nats-server/v2 from 2.10.2 to 2.10.3 (#1427)
- 02152b2 Bump github.com/nats-io/nats-server/v2 from 2.10.3 to 2.10.4 (#1454)
- 45e8941 Bump github.com/nats-io/nats-server/v2 from 2.10.4 to 2.10.5 (#1495)
- bac74b5 Bump github.com/nats-io/nats.go from 1.30.1 to 1.31.0 (#1408)
- 0689514 Bump github.com/nats-io/nkeys from 0.4.5 to 0.4.6 (#1455)
- a49449a Bump github.com/ossf/scorecard/v4 from 4.13.0 to 4.13.1 (#1464)
- a591214 Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 (#1637)
- c91c538 Bump github.com/redis/go-redis/v9 from 9.3.0 to 9.3.1 (#1600)
- 7857ed7 Bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#1623)
- 0b7c030 Bump github.com/regclient/regclient from 0.5.1 to 0.5.3 (#1410)
- 056ca7a Bump github.com/regclient/regclient from 0.5.3 to 0.5.4 (#1519)
- 79ef3f1 Bump github.com/regclient/regclient from 0.5.4 to 0.5.5 (#1554)
- 770cf2e Bump github.com/segmentio/kafka-go from 0.4.42 to 0.4.44 (#1463)
- 6d2150d Bump github.com/segmentio/kafka-go from 0.4.44 to 0.4.46 (#1572)
- d619162 Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#1426)
- 596c9f9 Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#1533)
- 7ae8af7 Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#1587)
- 9407c75 Bump github.com/sigstore/sigstore from 1.7.6 to 1.8.0 (#1602)
- 974f14b Bump github.com/spf13/viper from 1.16.0 to 1.17.0 (#1520)
- 76e2661 Bump github.com/spf13/viper from 1.17.0 to 1.18.2 (#1589)
- c86d904 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1592)
- bfa5624 Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#1555)
- c0eaaeb Bump google.golang.org/api from 0.148.0 to 0.149.0 (#1465)
- 56cb4f9 Bump google.golang.org/api from 0.150.0 to 0.152.0 (#1535)
- e9ee86b Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#1620)
- fe10b55 Bump goreleaser/goreleaser-action from 4 to 5 (#1517)
- e2b35ad Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#1424)
- 2b32a09 Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1491)
- ba1eb78 Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1567)
- c308c54 CSAF Parser: fixed branches' names collision (#1528)
- 18ad0d0 Change Keys method in kv interface to Scan (#1558)
- 030cf7f Convert default backend from "inmem" to "keyvalue" (#1475)
- c5d84b6 Create a single backend acceptance test suite. (#1597)
- fb58ab3 Define edges within software tries related nodes (#1450)
- f2198ad Enable query on benchmark, fix some Scan() issues in keyvalue (#1585)
- 2a9a787 Ent - HasMetadata: applied concurrent approach (#1458)
- b178fcd Ent - PackageVersion: added index for improving IsDependency ingestion (#1439)
- da929fc Ent - Restore IngestPackages concurrently (#1586)
- 72e03ee Ent - Vulnerability endpoints: applied concurrent approach (#1459)
- 1b4e681 Ent - VulnerabilityMetadata endpoints (#1416)
- 7a05b7e Ent: IngestArtifacts optimized using concurrently (#1596)
- f6a0a24 Ent: IngestBuilders, IngestCertifyBads, IngestCertifyGoods, IngestCertifyLegals refactored concurrently (#1599)
- 68210cf Ent: IngestOccurrences optimized with concurrently (#1593)
- a599888 Ent: IngestSources optimized with concurrently (#1595)
- a20dbc7 Ent: Package,IsDependency concurrent bulk ingestions (#1440)
- 5521770 Ent: error management when closing Ent client during tests (#1478)
- 545e294 Ent: fixed lint issue on 'main' (#1598)
- 7a4373b Feature/arango neighbors nouns query (#1419)
- 2ad8e2b Feature/arango neighbors verbs with tests (#1420)
- 09b3c74 Feature/update arango hasSBOM adding includes (#1564)
- ab00d12 Fix single target build and remove unused function from test (#1543)
- e560250 Fix some error returns without unlocks. (#1581)
- 0b8fc18 Fix some logic errors on IsDependency (#1627)
- 565483d Fixed Error in Scorecard Certifier (#1501)
- 9faa6de Fixed docker-compose down (#1451)
- 14a79d9 Fixed the incorrect tests for deps_dev (#1400)
- c298eea Implemented prometheus (#1500)
- 1e5a333 Implemented the REST API (#1452)
- 2af1cc4 Included option to run integration tests locally (#1361)
- c72e762 Inlcuded a faster fmt (#1507)
- 165897d Issue 966: Extend HasSBOM to include references to included software … (#1367)
- 686ce43 Iterating Over all IDs in QueryVulnsViaVulnNodeNeighbors (#1509)
- c5c346c OCI purl: fix repository URL management (#1485)
- 92bd33e Query fIlter support for nested keys (#1618)
- cb550ee Remove extra read locking that will cause deadlock. (#1580)
- 83b892c S3 collector implementation (#1308)
- 7144c45 Update ent and arango source model generation. (#1594)
- 2b1e1ae Update key methods to use a non-cryptographic hash function. (#1559)
- 32697ae Update mutation API to return only ID (merge branch 1116-return-ID to main) (#1542)
- 90eb529 Update vuln query to utilize hasSBOM and pass in SBOM URI or purl to search (#1605)
- 8829931 Updating Arango and Ent with KnownSince (#1399)
- dbb2ffb [#1405] Feature/query filter (#1610)
- ab5a1b0 add Contributor Covenant v2.1 (#1628)
- df7a374 add guac cooking show to roadmap (#1578)
- b3b67db add missing index for arango collections (#1432)
- 460976e add openssf scorecard badge for guac (#1498)
- c59694b add workflow to test ingestion for backends (#1457)
- 3c8609f change to workflow_dispatch to manually trigger (#1474)
- 4e01d67 docker-compose.yaml starts postgres but does not use it (#1430)
- 43d13e6 expose isDep query (#1634)
- 85b587a feature/Arango - add path query for arango backend with unit tests (#1403)
- 7092b6c feature[add query-for-package-url] inital commit (#1611)
- 087923e fix broken link on governance (#1629)
- c3cdc5a fix bug where duplicate certifyVuln values showed on output (#1646)
- deca7db fix check for ingested packages and source IDs (#1453)
- 03d1b26 fix go sum based on dependabot changes (#1471)
- ca7b6ba fix lint issue on arango hasSBOM (#1643)
- d825ccf fix queryVulnsViaVulnNodeNeighbors to check for certifyVex edges (#1540)
- b55c60c fix vulns query not properly evaluating isDependency (#1582)
- 478e62e fix: use unique sbom identifier for the uri field (#1437)
- a4e806c nix.shell: Bump go to 1.21 (#1563)
- ad75a95 remove check if pkgID has already been checked (#1608)
- f99d581 remove s3 from guacone until further testing is done on the collector (#1645)
- de8350f update deps.dev parser to output hasSbom (#1584)
- 30218ea update roadmap (#1526)