0.1.0-alpha.11

Changelog

v0.1.0-alpha.11 (2024-07-12)

⚠ BREAKING-CHANGE

• Breaks the migrations as this PR rewrites the historyto use UUID instead of i32 from the start.

Features

• add import warnings to the report (b59a19b)
• use v5 uuid upsert for CPEs (1fd7470)
• add cpe creator (7c5ee80)
• ingest products from sboms (d5ec88c)
• add more data to the products API (0983ac3)
• allow canceling import runs (7c53e9e)
• add sha384 and sha512 to the SBOM and advisory (bf67cdc)
• add GIN index for labels (3319040)
• add more labels to imported documents, allow user defined labels (87b6a6e)
• return description as well (63a0edd)
• allow setting labels during upload (34d2c06)
• return labels when fetching sboms or advisories (dd54b9f)
• implement setting labels for SBOMs (cf59c85)
• implement setting labels for advisories (22741d5)
• enable backslash to escape operators in filter expressions (5e66c77), closes
  #434
• extract organization name from CVE (1065ab3)
• add CWE for vulnerabilities (181719d)
• implements labels using jsonb (d6b4302)
• initial product endpoints (6112344)
• add filtering/query to "find by sbom package" (93e3eaa), closes #438
• search SBOMs by PURL or package id (a4ce8ec), closes #413
• add version to sbom package (20eefb2), closes #284
• support IS [NOT] NULL in queries (5b658cb)
• add ability to translate queries (8c6f062)
• more efficient detection of advisory formats (d669658), closes #257
• Initial implementation of products (2573b01)
• add an entry for all CSAF data (bc9e6a5)
• update cyclonedx for support of 1.5 (9817ffa)
• allow configuring the OIDC UI settings (f2ad362)
• implement CVE import (f6d2cde)
• implement OSV ingestion (0bc8a20)

Fixes

• ensure that descriptions are not growing with every insert (f7c4f06)
• also check for vuln-id to create all entries (0dc4583)
• apply the CPE fix also for the language (dc7c328)
• prevent the creation of duplicate CPEs (130e41f)
• use the "last_success" time for the next "since" (2456d9e)
• only add the package manager category as a name for that package (1b39eaa)
• used for both advisories and SBOMs (1d536b7)
• retrying later on change means, accepting it now (e3e9c15)
• catch cases of invalid SPDX references and report them as such (094ef8b)
• bump pg-embed to avoid github rate-limiting during tests (7e62347)
• clean up a few openapi issues around labels (94a47eb)
• this file actually belongs to migration 230 (29a52a0)
• the q param now works for /api/v1/sbom/{key}/packages (f36b558), closes
  #434
• allow ingesting spdx SBOMs with files (1f2145e)
• relationship direction for "documentDescribes" (058ee24)
• link with specific node, not any node of the SBOM (8d87482)
• appease graphql and openapi paths wrt slashes (07629a9), closes #376 #422
• honor transaction for requests (97510e7)
• return only the sbom_node, not all nodes belonging to the sbom (6349e91),
  closes #414
• provide the package describing the sbom with the summary (ea8af78)
• enable sorting advisories by average_severity (8de5be2), closes #383
• move graphql under /graphql only (f07f5fa)
• count items being processed for osv and cve (a1f8d21)
• Restore /api/v1/sbom/{key} SBOM metadata access (7bb7c69), closes #253
• the the id issue for SBOMs too (a52b6f4)
• translate the id into a hash before fetching from the storage (12c0d71)
• use newer container to fix/workaround segfault in libgit2 (16deb09)
• accept either domain or full URL (d601573)
• register types, remove infinite reference (724a788)
• reset all jobs when starting up (88ec8da), closes #355
• use correct env-vars for storage settings (a93be47)
• update cve to fix some parsing errors (d46683a)
• directly pass sha256 digest, parsing it misses the perfix (feba99a)
• client ids need to split by comma when coming from the env-var (08c1402)
• update embedded oidc to support refresh tokens (f01dcc5)
• push multi-arch image (d90dae0)
• allow swaggerui to redirect (1bb1ca1)
• ingest scores when loading CSAF docs (4719406), closes #278