v9.2.0a

Release Notes

Add SBOM Repair and overhaul OSI for easier customization. The full changelog can be found here

Added

Repair SBOM Fields

• HashFixes - Suggests a list of fixes for invalid hashes and hashing algorithms
• LicenseFixes - Suggests a list of fixes for deprecated licenses
• PURLFixes - Use data stored in sbom to generate correct PURLs
• CPEFixes - Use data stored in sbom to generate correct CPEs
• Null copyright checks - use package manger files to check for copyrights

CycloneDX 1.4 XML Support

• Support upload and manipulation of xml sboms for CycloneDX

Changed

Convert

• New manipulate package to alter SVIPSBOM data
• New toSchema package to convert SVIPSBOMs into SBOMs

OSIv4

• Overhaul OSI to use tool config files for easier modification
  • See Adding Additional OSI Tools
  • Total of 18 tools, newly added
    1. Covenant
    2. CycloneDX Bower
    3. CycloneDX Go
    4. CycloneDX Rust
    5. GoBom
    6. SBOM4Files
    7. SBOM4Python
    8. SBOM4Rust
    9. SBOM Tool
• QoL debug messages to get more information about OSI status inside the container
• Add new OSIService to replace old OSI and OSIClient files
• Update OSIController to use new OSIService
• Added additional scripts

Misc.

• SBOM components objects are now compared by name and version
• Changed the max packet size for MySQL to 256M
• Minor changes to QAPipeline to support Repair

Fixed

• Mismatched port inside OSI container that caused issues when using OSI API
• Small typos with SPDX serialization

What's Changed

• Rename SBOMRepository to SBOMFileRepository and SBOM to SBOMFile by @JorWo in #283
• Compare components by name and version by @JorWo in #282
• Hotfix: Rename findByTargetSBOMAndOtherSBOM() to findByTargetSBOMFileAndOtherSBOMFile() by @JorWo in #290
• Made OSI tool calls consistent by @tranw8 in #295
• Fix deserialization bugs with SPDX23 Tag Value Deserializer by @dlg1206 in #298
• HashFixes Improvements by @JorWo in #289
• Add Relationships Header for SPDX23TagValueSerializer by @JorWo in #300
• Convert Rebuild by @txdvse in #272
• Repair by @jwj7297 in #299
• Repair Bom-Ref Fix by @jwj7297 in #304
• Simple fix for boolean convert overwrite by @Hooobot in #306
• Rename by @amandanitta in #308
• Valid PURL Repair by @jwj7297 in #309
• CycloneDX 1.4 XML Serializer by @txdvse in #307
• OSI additional Tools + Refactor by @dlg1206 in #303
• Add OSI heathcheck wait to dockercompose for API by @dlg1206 in #311
• Merger Doc Cleanup by @txdvse in #314
• updated start period and link to curl by @amandanitta in #312
• CycloneDX 1.4 XML Support by @dlg1206 in #313
• SVIP v9.2.0-alpha Pre-Release by @dlg1206 in #315

New Contributors

• @tranw8 made their first contribution in #295

Full Changelog: v8.0.5a...v9.2.0a