Skip to content

Releases: CycloneDX/cyclonedx-gomod

v1.1.0-alpha.1

21 Nov 18:23
@github-actions github-actions
v1.1.0-alpha.1
febc262
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0-alpha.1 Pre-release
Pre-release

Changelog

0ec6392 Introduce multi-platform container image builds (#90)
990bd1d build(deps): bump github.com/bradleyjkemp/cupaloy/v2 from 2.6.0 to 2.7.0
1e45c4b build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0
473b2bd build(deps): bump golang base images from 1.17.2 to 1.17.3
c43fe86 feat: add option to assert detected licenses
febc262 feat: add option to include packages in application sbom (#92)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.1.0-alpha.1
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.1
Assets 15
Loading

v1.1.0-alpha.0

23 Oct 15:24
@github-actions github-actions
v1.1.0-alpha.0
3dda452
This commit was signed with the committer’s verified signature.
nscuro Niklas
GPG key ID: 985ADB40F06304B3
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.1.0-alpha.0 Pre-release
Pre-release

Changelog

99f0f89 add multi-platform container image build for arm64
3dda452 enable dependabot for docker images
24bd083 pin docker base image digests

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.1.0-alpha.0
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.1
Assets 15
Loading

v1.0.0

30 Sep 18:51
@github-actions github-actions
v1.0.0
02f40c9
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0

Changelog

Enhancements

  • Introduce multi-command CLI (#42 via #45)
  • Output SBOMs in v1.3 of the CycloneDX specification (#43 via 5bab19b)
  • Add support for application SBOMs (#44 via #50)
    • Also addresses #20 (thanks dlorenc for reporting!)
  • Add support for binary SBOMs (#21 via #46)
  • Include applicable build constraints in application SBOMs (#29 via #59)
  • Add license detection support for binary SBOMs (#51 via #52)
  • Generate pseudo versions using golang.org/x/mod (#55 via #57)
  • Use license evidence for detected licenses (#40 via #49)
  • Build with and test against Go 1.17 (via #54)
  • Introduce improved logging (via #46)
  • Add indication for which application the SBOM was generated for (#67 via #71)
  • Slightly reduce threshold for license detection confidence, and log a debug message if this threshold isn't met (#79 via #80)

Fixes

  • Fix annotated tags not being recognized as versions (#56 via #57)
  • Fix normalized versions interfering with hash calculation (#58 via #60)
  • Fix app command missing dependencies when main package is spread across multiple files (#75 via #78)

Breaking Changes

  • The CLI now consists of multiple subcommands, thus being incompatible with the CLI in cyclonedx-gomod v0.x
  • Detected licenses (when using the -licenses flag) will now use the components/evidence/licenses node instead of components/licenses. Tools that consume SBOMs and don't support CycloneDX v1.3 yet may not recognize those licenses
  • Version normalization has been removed (#60). As a consequence, +incompatible suffixes and v prefixes (-novprefix flag in v0.x) are not trimmed anymore
  • The -reproducible flag has been removed (via 9b45f4a)

Dependency Updates

  • Update github.com/CycloneDX/cyclonedx-go from v0.3.0 to v0.4.0 (via 5bab19b)
  • Update golang.org/x/mod from v0.4.2 to v0.5.1 (via #57 and 088f0e3)
  • Update golang.org/x/crypto from v0.0.0-20210711020723-a769d52b0f97 to v0.0.0-20210817164053-32db794688a5 (via 75ae52a)

Building and Packaging

  • Produce and publish an SBOM for each binary built when releasing (via #62)
  • Builds for windows/386 and linux/386 have been dropped (via #62)
  • Use standard Go notation for architectures in release artifact names (via #62)
    • e.g. cyclonedx-gomod_1.0.0_windows_x64.zip is now cyclonedx-gomod_1.0.0_windows_amd64.zip

Commits since v1.0.0-beta.2

6276d83 feat: decrease min license detection confidence to 0.85 (#80)
b93fc5b refactor: cleanup and cosmetics (#81)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 15
Loading

v1.0.0-beta.2

29 Sep 18:26
@github-actions github-actions
v1.0.0-beta.2
307c17d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0-beta.2 Pre-release
Pre-release

Changelog

307c17d fix: use main package instead of main file as entrypoint for app command (#78)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0-beta.2
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 15
Loading

v1.0.0-beta.1

27 Sep 18:31
@github-actions github-actions
v1.0.0-beta.1
a31c1e4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0-beta.1 Pre-release
Pre-release

Changelog

375e844 feat: prune graph edges to indirect dependencies for main module (#72)
d54784c refactor: remove application name property (#73)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0-beta.1
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 15
Loading

v1.0.0-beta.0

25 Sep 20:05
@github-actions github-actions
v1.0.0-beta.0
43e1e14
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0-beta.0 Pre-release
Pre-release

Changelog

0b09de5 Enable CodeQL Security Scan (#47)
ac53b42 build: update go directive in go.mod to go 1.17
c87bbaa chore(deps): update github.com/rs/zerolog from v1.23.0 to v1.25.0
75ae52a chore(deps): update golang.org/x/crypto to v0.0.0-20210817164053-32db794688a5
088f0e3 chore(deps): update golang.org/x/mod from v0.5.0 to v0.5.1
be6a7f6 ci: cleanup ci workflow
4a9c43e ci: don't build against go 1.16 anymore
43e1e14 feat: add application name as property and update purl with subpath to application (#71)
70ea280 feat: disable colored log output when running in ci (#70)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0-beta.0
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 15
Loading

v1.0.0-alpha.4

12 Sep 17:16
@github-actions github-actions
v1.0.0-alpha.4
d44cc3f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0-alpha.4 Pre-release
Pre-release

Changelog

d44cc3f build: produce an sbom for each binary built (#62)
d577c40 fix: provide error details when resolving replacements failed
cc50b11 fix: resolve local module in app command
b04354b misc: cosmetic tweaks
5221f2a refactor: remove version normalization (#60)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0-alpha.4
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 15
Loading

v1.0.0-alpha.3

04 Sep 14:56
@github-actions github-actions
v1.0.0-alpha.3
7c7f0af
This commit was signed with the committer’s verified signature.
nscuro Niklas
GPG key ID: 985ADB40F06304B3
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0-alpha.3 Pre-release
Pre-release

Changelog

7c7f0af ci: enable prerelease detection in goreleaser
3ed5b37 feat: include build constraints as properties of main component (#59)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0-alpha.3
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 12
Loading

v1.0.0-alpha.2

01 Sep 19:47
@github-actions github-actions
v1.0.0-alpha.2
c8f9ed2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0-alpha.2 Pre-release
Pre-release

Changelog

c8f9ed2 feat: add support for application sboms (#50)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0-alpha.2
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 12
Loading

v1.0.0-alpha.1

23 Aug 21:58
@github-actions github-actions
v1.0.0-alpha.1
9616ceb
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.0.0-alpha.1 Pre-release
Pre-release

Changelog

9616ceb fix: consider annotated tags and use official pseudo version generator (#57)

Docker images

  • docker pull cyclonedx/cyclonedx-gomod:v1.0.0-alpha.1
  • docker pull cyclonedx/cyclonedx-gomod:v1
  • docker pull cyclonedx/cyclonedx-gomod:v1.0
Assets 12
Loading