Releases: guacsec/trustify
Releases · guacsec/trustify
0.4.2
Changelog
v0.4.2 (2025-10-31)
Features
- delete orphaned PURLs (TC-3020) (ef8927e)
Fixes
- remove useless async from SbomStatus::new (TC-3085) (ceff2ea)
- optimize data in memory (TC-3085) (5ee7a4f)
- add log to track pre-fetched data (TC-3085) (73159ba)
- DatabaseExt as a blanket implementation on TransactionTrait (TC-3085)
(63eb385) - remove DB stream usage (TC-3085) (d1c4a85)
- make GET endpoint working with repeatable read transaction (TC-3085)
(4a45f73) - more scalable license filtering condition (TC-3006) (1a369d9)
- metrics: add DefaultRootRouteFormatter for empty paths (ef760f7)
0.4.1
0.4.0
Changelog
v0.4.0 (2025-10-14)
Features
- disable GC for orphaned packages by default (b4d4d6e)
- Add support for aibom and cbom detection (76d0a30)
- license filter consistent for SBOM packages tab (42b3f43)
- fundamental: return all scores in addition for sbom advisories
(c2a5d19) - enhance correlation for SBOMs without CPE (033e8ba)
- SBOM license filtering with refactoring for SBOM and PURL services (TC-2832)
(23031f9) - license list endpoint with filtering (TC-2922) (b0a7297)
- adding gc endpoint (9d0f3ac)
- expand_license_expression with 'g' flag for global replacement in
regexp_replace (703c9f6) - add licence filter for PURLs (TC-2831) (fed24e9)
- speed up SBOM deletion by deleting purls in a recurring job (8fb514c),
closes #1959 - delete raw docs from storage when advisory/sbom is deleted (1586e6b), closes
#1936 - add 'QueryDoc' derive to manage custom Utoipa Query descriptions (15dceb5)
- add delete method to Storage trait (119f02f), closes #1864
- add scores and severities to response (608d059)
- query field names may include any character except
\(69133f1), closes
#1849 - analysis: reduce memory consumption by ~15% (403ae57)
- analysis: expose cache usage (5496e5f)
- analysis: provide for status details (c984add)
- analysis: ensure parallel loads await each other (f000857)
- start exctracting vulnerability scores from cvss v4 and v2 (3dac8f7)
- analysis: log graph cache size during startup (251aac7)
- import SBOM attachments from Quay repositories (498a1f4)
- analysis: add counter for cache hit/miss (4d5fa9d)
- analysis: track number and size of evictions (6382952)
- implement validation of labels (e8a3d13), closes #1708
- implement PURL extraction endpoint (976666f), closes #1665
- Setting compression to None will remove the header (d84a29d), closes #1682
- allow using path style for S3 (5c2bdd8), closes #1678
Fixes
- ingestor: also consider direct versions (ce6695b)
- analysis: properly escape when exporting to graphviz (f4f4159)
- source document id must be non-null (d105547)
- narrow latest search when using q= or name (dc2d42c)
- ensure we never match on cdx top level component metadata when resolving
descendents (d73c08f) - upgrade antora from 3.1.10 to 3.1.12 (2d660c9)
- docs: remove
--nameCLI argument from oidc (64eca91) - criterion bench (871efc2)
- Improve error handling within Quay Importer (c902cc7), closes #1892
- 'analysis/latest/component/' with PURL key (TC-2717) (8848e2b)
- ui: prevent extract-purls endpoint from returning invalid purls
(d2fef3f), closes #1887 - prevent calculating the total if we don't need it (ccf1cb8)
- properly filter cvss scores for the advisory (4149075)
- nested external sboms in cdx (eed044a)
- storage: ensure an empty string is "none" compression (95c9c6e)
- fundamental: change response of analyse purl endpoint (12d9ab3)
- storage: clean up the returned content encoding (d55e8d8), closes #1850
- add support for golang versions with 'v' prefix (92c92f6)
- add indexes to sbom_node_checksum (46ab4cb)
- set RUSTFLAGS for Windows binary build (52138ef)
- remove 'runs-on' from 'backport' CI job (e9968a8)
- mark advisory average scores and severites deprecated (880f425)
- prevent dumping massive amounts of log info (baeb1a2)
- don't force ansi colors, respect NO_COLOR, default on (cb02e9c)
- analysis: don't load all SBOMs when checking by name (b2cc941)
- include array fields in full-text searches (64e6e90), closes #1746
- timeout the DB ping and return "false" (c363732)
- storage: urlencode bucket name (12db42d)
- align the embedded postgres version with the CI (50e731d), closes #1674
0.4.0-beta.3
Changelog
v0.4.0-beta.3 (2025-10-07)
Features
- fundamental: return all scores in addition for sbom advisories
(c2a5d19) - enhance correlation for SBOMs without CPE (033e8ba)
- SBOM license filtering with refactoring for SBOM and PURL services (TC-2832)
(23031f9) - license list endpoint with filtering (TC-2922) (b0a7297)
- adding gc endpoint (9d0f3ac)
- expand_license_expression with 'g' flag for global replacement in
regexp_replace (703c9f6) - add licence filter for PURLs (TC-2831) (fed24e9)
- speed up SBOM deletion by deleting purls in a recurring job (8fb514c),
closes #1959 - delete raw docs from storage when advisory/sbom is deleted (1586e6b), closes
#1936 - add 'QueryDoc' derive to manage custom Utoipa Query descriptions (15dceb5)
- add delete method to Storage trait (119f02f), closes #1864
- add scores and severities to response (608d059)
- query field names may include any character except
\(69133f1), closes
#1849 - analysis: reduce memory consumption by ~15% (403ae57)
- analysis: expose cache usage (5496e5f)
- analysis: provide for status details (c984add)
- analysis: ensure parallel loads await each other (f000857)
- start exctracting vulnerability scores from cvss v4 and v2 (3dac8f7)
- analysis: log graph cache size during startup (251aac7)
- import SBOM attachments from Quay repositories (498a1f4)
- analysis: add counter for cache hit/miss (4d5fa9d)
- analysis: track number and size of evictions (6382952)
- implement validation of labels (e8a3d13), closes #1708
- implement PURL extraction endpoint (976666f), closes #1665
- Setting compression to None will remove the header (d84a29d), closes #1682
- allow using path style for S3 (5c2bdd8), closes #1678
Fixes
- narrow latest search when using q= or name (dc2d42c)
- ensure we never match on cdx top level component metadata when resolving
descendents (d73c08f) - upgrade antora from 3.1.10 to 3.1.12 (2d660c9)
- docs: remove
--nameCLI argument from oidc (64eca91) - criterion bench (871efc2)
- Improve error handling within Quay Importer (c902cc7), closes #1892
- 'analysis/latest/component/' with PURL key (TC-2717) (8848e2b)
- ui: prevent extract-purls endpoint from returning invalid purls
(d2fef3f), closes #1887 - prevent calculating the total if we don't need it (ccf1cb8)
- properly filter cvss scores for the advisory (4149075)
- nested external sboms in cdx (eed044a)
- storage: ensure an empty string is "none" compression (95c9c6e)
- fundamental: change response of analyse purl endpoint (12d9ab3)
- storage: clean up the returned content encoding (d55e8d8), closes #1850
- add support for golang versions with 'v' prefix (92c92f6)
- add indexes to sbom_node_checksum (46ab4cb)
- set RUSTFLAGS for Windows binary build (52138ef)
- remove 'runs-on' from 'backport' CI job (e9968a8)
- mark advisory average scores and severites deprecated (880f425)
- prevent dumping massive amounts of log info (baeb1a2)
- don't force ansi colors, respect NO_COLOR, default on (cb02e9c)
- analysis: don't load all SBOMs when checking by name (b2cc941)
- include array fields in full-text searches (64e6e90), closes #1746
- timeout the DB ping and return "false" (c363732)
- storage: urlencode bucket name (12db42d)
- align the embedded postgres version with the CI (50e731d), closes #1674
0.4.0-beta.2
Changelog
v0.4.0-beta.2 (2025-09-29)
Features
- adding gc endpoint (9d0f3ac)
- expand_license_expression with 'g' flag for global replacement in
regexp_replace (703c9f6) - add licence filter for PURLs (TC-2831) (fed24e9)
- speed up SBOM deletion by deleting purls in a recurring job (8fb514c),
closes #1959 - delete raw docs from storage when advisory/sbom is deleted (1586e6b), closes
#1936 - add 'QueryDoc' derive to manage custom Utoipa Query descriptions (15dceb5)
- add delete method to Storage trait (119f02f), closes #1864
- add scores and severities to response (608d059)
- query field names may include any character except
\(69133f1), closes
#1849 - analysis: reduce memory consumption by ~15% (403ae57)
- analysis: expose cache usage (5496e5f)
- analysis: provide for status details (c984add)
- analysis: ensure parallel loads await each other (f000857)
- start exctracting vulnerability scores from cvss v4 and v2 (3dac8f7)
- analysis: log graph cache size during startup (251aac7)
- import SBOM attachments from Quay repositories (498a1f4)
- analysis: add counter for cache hit/miss (4d5fa9d)
- analysis: track number and size of evictions (6382952)
- implement validation of labels (e8a3d13), closes #1708
- implement PURL extraction endpoint (976666f), closes #1665
- Setting compression to None will remove the header (d84a29d), closes #1682
- allow using path style for S3 (5c2bdd8), closes #1678
Fixes
- narrow latest search when using q= or name (dc2d42c)
- ensure we never match on cdx top level component metadata when resolving
descendents (d73c08f) - upgrade antora from 3.1.10 to 3.1.12 (2d660c9)
- docs: remove
--nameCLI argument from oidc (64eca91) - criterion bench (871efc2)
- Improve error handling within Quay Importer (c902cc7), closes #1892
- 'analysis/latest/component/' with PURL key (TC-2717) (8848e2b)
- ui: prevent extract-purls endpoint from returning invalid purls
(d2fef3f), closes #1887 - prevent calculating the total if we don't need it (ccf1cb8)
- properly filter cvss scores for the advisory (4149075)
- nested external sboms in cdx (eed044a)
- storage: ensure an empty string is "none" compression (95c9c6e)
- fundamental: change response of analyse purl endpoint (12d9ab3)
- storage: clean up the returned content encoding (d55e8d8), closes #1850
- add support for golang versions with 'v' prefix (92c92f6)
- add indexes to sbom_node_checksum (46ab4cb)
- set RUSTFLAGS for Windows binary build (52138ef)
- remove 'runs-on' from 'backport' CI job (e9968a8)
- mark advisory average scores and severites deprecated (880f425)
- prevent dumping massive amounts of log info (baeb1a2)
- don't force ansi colors, respect NO_COLOR, default on (cb02e9c)
- analysis: don't load all SBOMs when checking by name (b2cc941)
- include array fields in full-text searches (64e6e90), closes #1746
- timeout the DB ping and return "false" (c363732)
- storage: urlencode bucket name (12db42d)
- align the embedded postgres version with the CI (50e731d), closes #1674