Skip to content

Releases: scanoss/vulnerabilities

v0.12.0

20 Apr 12:42
@agustingroh agustingroh
v0.12.0
4bbc461

Choose a tag to compare

View all tags
v0.12.0 Latest
Latest

What's Changed

Changed

  • Updated dependencies to the latest versions
  • Replace error_message/error_code by info_message/info_code
  • Updated linter to v2.10.1

Full Changelog: v0.11.0...v0.12.0

Assets 6
Loading

v0.11.0

02 Mar 18:09
@github-actions github-actions
v0.11.0
70186d6

Choose a tag to compare

View all tags
v0.11.0

What's Changed

Added

  • Added lint_docker_fix Makefile target for auto-fixing linting issues via Docker
  • Added new go-component-helper dependency for shared component handling logic

Changed

  • Extracted SanitizeComponents and GetComponentsVersion to external go-component-helper library, removing local pkg/helpers/component_helper.go
  • Replaced dtos.ComponentDTO and entities.Component with compHelper.ComponentDTO and compHelper.Component across adapters, service, and use cases
  • Improved component status classification in vulnerability use case using exhaustive switch with explicit handling for ComponentNotFound, VersionNotFound, InvalidPurl, ComponentWithoutInfo, and InvalidSemver
  • Components with ComponentNotFound/VersionNotFound status now fall back to requirement as version when no semver operator is present
  • Upgraded scanoss/go-grpc-helper to v0.13.0
  • Upgraded scanoss/go-models to v0.5.1
  • Upgraded scanoss/papi to v0.30.0

Full Changelog: v0.10.0...v0.11.0

Loading

v0.10.0

23 Feb 12:29
@github-actions github-actions
v0.10.0
6cc4908

Choose a tag to compare

View all tags
v0.10.0

What's Changed

Added

  • Included component status (error_code, error_message) in vulnerability and CPE responses
  • Added Component entity with Status field for tracking component processing state
  • Added SanitizeComponents and GetComponentsVersion shared helpers for reuse across vulnerability and CPE use cases
  • Added HasSemverOperator utility to detect invalid semver operators in PURL versions

Changed

  • Refactored component sanitization: invalid PURLs are no longer filtered out but returned with an appropriate status code (invalid_purl, component_without_info)
  • Moved component version resolution logic from vulnerability_use_case.go to shared helpers/component_helper.go
  • Updated OSV and local vulnerability use cases to accept entities.Component instead of dtos.ComponentDTO
  • Simplified adapter functions by removing the valid/invalid component split
  • Upgraded scanoss/go-grpc-helper to v0.12.0

Full Changelog: v0.9.0...v0.10.0

Loading

v0.9.0

02 Feb 10:27
@github-actions github-actions
v0.9.0
f54a813

Choose a tag to compare

View all tags
v0.9.0

What's Changed

Changed

  • Added support for GitHub PURLs in OSV use case by mapping them to GIT ecosystem with Git URLs
  • Refactored component version resolution in vulnerability use case to use concurrent worker pool
  • Upgraded /scanoss/go-models to v0.3.0

Full Changelog: v0.8.0...v0.9.0

Loading

v0.8.0

07 Jan 15:07
@github-actions github-actions
v0.8.0
c60e434

Choose a tag to compare

View all tags
v0.8.0

What's Changed

Added

  • Included Exploit Prediction Scoring System (EPSS) to vulnerability response
  • Added configurable worker pool for local vulnerability processing (VULN_SCANOSS_WORKERS)

Changed

  • Refactored OSV use case
  • Refactored local vulnerability use case with multithreading support and context cancellation handling
  • Upgraded scanoss/papi to v0.28.0

Full Changelog: v0.7.0...v0.8.0

Loading

v0.7.0

13 Nov 16:12
@github-actions github-actions
v0.7.0
8af3375

Choose a tag to compare

View all tags
v0.7.0

What's New

Changed

  • Optimized query performance for retrieving vulnerabilities by PURL version using CTE (Common Table Expression) approach in pkg/models/vulns_purl.go:111
Loading

v0.6.2

05 Nov 22:00
@github-actions github-actions
v0.6.2
ebbb6e9

Choose a tag to compare

View all tags
v0.6.2 
chore:SP-3551 Fixes and updates CI workflows
Loading

v0.6.0

29 Aug 15:46
@github-actions github-actions
v0.6.0
74728d7

Choose a tag to compare

View all tags
v0.6.0

What's new

Changed

  • Replaced REST endpoint GET /api/v2/vulnerabilities/cpes/component by /v2/vulnerabilities/cpes/component
  • Replaced REST endpoint POST /api/v2/vulnerabilities/cpes/components by /v2/vulnerabilities/cpes/components
  • Replaced REST endpoint GET /api/v2/vulnerabilities/component by /v2/vulnerabilities/component
  • Replaced REST endpoint POST /api/v2/vulnerabilities/components by /v2/vulnerabilities/components
  • Replaced REST endpoint POST /api/v2/vulnerabilities/echo by /v2/vulnerabilities/echo
  • Updated github.com/scanoss/papi to v0.17.0
Loading

v0.5.0

28 Aug 11:22
@agustingroh agustingroh
v0.5.0
be1beb9

Choose a tag to compare

View all tags
v0.5.0

What's changed

Added

  • Added new vulnerability PAPI definitions

  • Added semver support for requests

  • Added new adapters to map requests to ComponentDTO

  • Added gRPC GetComponentCpes and REST endpoint GET /api/v2/vulnerabilities/cpes/component

  • Added gRPC GetComponentsCpes and REST endpoint POST /api/v2/vulnerabilities/cpes/components

  • Added gRPC GetComponentVulnerabilities and REST endpoint GET /api/v2/vulnerabilities/component

  • Added gRPC GetComponentsVulnerabilities and REST endpoint POST /api/v2/vulnerabilities/components

Changed

  • Integrated the scanoss go-model module

  • Refactored request and output adapters

  • Refactored CPE and Vulnerability use cases to accept the new ComponentDTO struct

  • Refactored vulnerability service to maintain both legacy and new vulnerability and CPE handlers

  • Updated direct dependencies

Loading

V0.4.1

10 Jul 14:22
@ortizjeronimo ortizjeronimo
v0.4.1
1f8aeb6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
V0.4.1

What's Changed

New Contributors

Full Changelog: v0.4.0...v0.4.1

Contributors

ortizjeronimo
Loading