v1.23.0
Added Features
- Support skipping archive extraction with file source [#3795 @adammcclenaghan]
- Use the R cataloger in directory scans [#3774 @spiffcs]
- Add support for detecting javascript assets in .NET projects using libman [#3825 @wagoodman]
- Parse GitHub actions comments [#3776 @wagoodman]
- Support chrome binary detection [#3174 #3136 @lem-onade]
- Add support for detecting undeclared license files scanning from python installations [#2624 #3779 @wagoodman]
Bug Fixes
- .NET cataloger should consider compile target paths from deps.json [#3821 @wagoodman]
- Skip license scanner injection [#3796 @adammcclenaghan]
- Delete collection name/type key entries when empty [#3797 @adammcclenaghan]
- Use module name over relative paths in
go.modreplace directives [#3812 @VictorHuu] - Correct variable names for Conan lock parsing version handling [#3802 @musangk]
- Consider DLL claims for dependencies of .NET packages from deps.json [#3822 @wagoodman]
- Empty source during decoding an SBOM document should not be fatal [#3791 @wagoodman]
- Dpkg are not detected when scanning a directory [#3726 #3820 @VictorHuu]
- Support golang tip image [#3681 #3757 @VictorHuu]
- syft cataloger list should flatten options [#3801 #3804 @kzantow]
- Unable to generate a correct SBOM for C++ project [#3755]
Contributors
wagoodman, kzantow, and 5 other contributors