v0.2.0

v0.2.0 brings a few new features and fixes, in particular Parlay now supports additional formats, with SPDX 2.3 JSON and CycloneDX XML now both supported.

Changelog

Other Changes

• ae7d029: Add SPDX examples to the documentation (@garethr)
• 69782c6: Update email address for reporting code of conduct issues (@torgo)
• 8035799: chore: add copyright headers to lib/sbom (@mcombuechen)
• 7ceeeb8: chore: linting (#23) (@mcombuechen)
• fb880a4: chore: upgrade packageurl-go (@mcombuechen)
• 52a3757: feat: add SPDX support to ecosystems enrich (@mcombuechen)
• f543a3b: feat: add SPDX support to scorecard (#28) (@mcombuechen)
• d074831: feat: add ecosyste.ms support for swift, docker packages (@mcombuechen)
• 32abd52: feat: add support for CycloneDX XML (@mcombuechen)
• ebba7bd: feat: add support for SPDX 2.3 JSON in snyk enrich (@mcombuechen)
• 0c804c2: fix: correctly identify package names in ecosystems (@mcombuechen)
• 4e33b08: fix: golang purl resolution (#34) (@ninjamast3r)
• b786981: fix: resolve alpine packages to alpine-edge repository (@mcombuechen)
• 4f32fba: refactor: use abstract SBOM in lib/scorecard (@mcombuechen)
• f2596d5: refactor: use abstract SBOM in lib/snyk (@mcombuechen)

v0.1.5

Changelog

Other Changes

• b52cc8d: Attempted fix for Gitleaks action (@garethr)
• 53335fe: Create CONTRIBUTING.md (@torgo)
• 49cb0c8: Fix issue with 0.1.0 packageurl library license not being detected (@garethr)
• 7564d07: bug: fix issue with installation instructions (@garethr)
• 886d637: feat: Add enrichment using OpenSSF Scorecard data. (#13) (@garethr)
• 40228c9: fix: Actions need secrets to run, which aren't available on PRs (@garethr)
• 99463ed: refactor: move reading of input to utils package (#18) (@mcombuechen)

v0.1.4

Changelog

Other Changes

• aec49c7: Add LICENSE and copyright information (@torgo)
• 62a48fa: Added Gitleaks checks (@garethr)
• d8f2835: Added Security badge (@garethr)
• 32c9ee8: Added Security checks to the actions workflow (@garethr)
• d95f089: Added a CODEOWNERS file (@garethr)
• 595c19c: Added details of security response (@garethr)
• a2ebbfb: Create CODE_OF_CONDUCT.md (@torgo)
• 49617d0: Create an acknowledgement bundle on release for third party licenses (@garethr)
• ec22f0b: Fix formatting in workflow file (@garethr)
• 792060c: Fix tab issue in workflow config file (@garethr)
• 9267a3e: Ignore false positive secrets detection in the public openapi spec (@garethr)
• 0e05f35: Ignore the spec file, rather than trying to ignore individual issues (@garethr)
• da6999f: Merge pull request #5 from snyk/torgo-add-coc (@garethr)
• 716b0ce: Second fingerprint for ignoring false positive from GitHub Action (@garethr)

v0.1.3

Changelog

Other Changes

• 025307c: Added SBOM generation as part of Goreleaser build (@garethr)
• 0eaa75f: Added a deps.dev command to get repository information (@garethr)
• eb04ade: Added docs on supported package types (@garethr)
• 86dc756: Added installation instructions (@garethr)
• 341cc3a: Expanded examples in README (@garethr)
• 90ae589: Formatting fixes (@garethr)
• f042471: Ignore a license issue with an unknown or missing license (@garethr)
• 3c60456: Ignore the Snyk Code cache (@garethr)
• b76eb04: Small improvement to error messages for deps command (@garethr)

v0.1.2

Changelog

Other Changes

• 0964586: Fix bug with issues without scores (@garethr)
• 2751fc9: Reorganise the code to separate the Snyk and Ecosystems code (@garethr)
• 886359c: Run lint checks as part of test locally (@garethr)
• b41270b: Start adding tests for the Snyk module (@garethr)

v0.1.1

Changelog

Other Changes

• 88432dd: Added debian SBOM example and fixed a bug (@garethr)
• a01b498: Converting output to use the new logger (@garethr)

v0.1.0

The first official release of parlay. This undoubtedly still has bugs, and needs more robust testing, but the UI is coming together, and it's ready for some testing by particularly interested folks.

Changelog

Other Changes

• ec511a1: Add a Java based SBOM example for testing with (@garethr)
• 7aacbe8: Add basic CI setup (@garethr)
• 1551196: Add missing package, map purl types to ecosyste.ms (@garethr)
• 012d369: Added CI badge to the README (@garethr)
• 61be7d3: Added README (@garethr)
• b6d7191: Added a Makefile to running commands (@garethr)
• ad60fdc: Added a consistent logger through all commands (@garethr)
• 75d65fd: Added a fmt command for formatting all the source (@garethr)
• a948dda: Added a global debug flag (@garethr)
• 17f9c8d: Added a goreleaser config (@garethr)
• f241d9e: Added a release workflow based on tag (@garethr)
• 1c366ce: Added advisory information (@garethr)
• 6f3e9c0: Added alias for Snyk subcommand (@garethr)
• beaf63d: Added an acceptance test for the stdin input (@garethr)
• 3c9384c: Added basic acceptance tests (@garethr)
• 5368e2d: Added coverage report to Makefile (@garethr)
• c0beb07: Added license information enrichment (@garethr)
• 2e80cc4: Added location enrichment (@garethr)
• af97489: Added short text for all commands (@garethr)
• fc083ee: Added start of Snyk encrich command (@garethr)
• 943ad57: Added supplier data enrichment (@garethr)
• f6a19ff: Added topics to enrichment (@garethr)
• d275cec: Added vulnerability ratings information (@garethr)
• 0778b2f: Adding linters (@garethr)
• f9c9296: Adding tests for main functions (@garethr)
• 1f0daa7: Be explicit about the version of Go (@garethr)
• fb4355f: Better (rather than good) error handling (@garethr)
• a04483e: Correct formatting (@garethr)
• 4406cda: Enable acceptance tests in CI (@garethr)
• f22643f: Enrichment for externalReferences (@garethr)
• 11dbff2: Fix async problems leading to incorrect descriptions (@garethr)
• d49ef66: Fix up acceptance tests after change in command (@garethr)
• 07b60c1: Fix up some linting issues (@garethr)
• 0ee1de8: Fix up test and lint warnings (@garethr)
• 33968f0: Maps aren't safe for concurrent access, fixed with mutex (@garethr)
• 61cdefb: More moving packages around (@garethr)
• 48e445a: Move some behaviour into functions (@garethr)
• 80255cc: Move the enrichment into the parlay package vs the command (@garethr)
• 412d61a: Moved enrichers into functions, for easier later testing (@garethr)
• 74b0465: Moved the cosystems commands to a dedicated subcommand (@garethr)
• dbaf34c: Moving packages around (@garethr)
• 7b7e959: Refctored out some of the pointers from function interfaces (@garethr)
• d4d9fd8: Some quick go fmting (@garethr)
• e3440db: Start adding Snyk commands (@garethr)
• 9ef2cf7: Starting adding unit tests (@garethr)
• 0c71516: Switched to the direct API rather than the purl lookup (@garethr)
• 41742ea: Test for lower level enrichment functions (@garethr)
• 2a358e4: Tools for building ecosyste.ms clients in Makefile (@garethr)
• 712c89d: Update README as now updated to work with other purl types (@garethr)
• 2c0439f: Update to Go 1.20 (@garethr)
• f8c30cf: Updated README with Snyk command details (@garethr)
• 17f2afd: Updated README with enrichments (@garethr)
• 6313a65: Updated example in README with latest enrichments (@garethr)
• b1d2244: Use the latest version of BATS (@garethr)
• b0c96e8: Use the new license expression data from the API (@garethr)
• 0cb6350: io/ioutil is deprecated (@garethr)