Early-Access

What's Changed

• chore: bump to next development version by @github-actions[bot] in #437

Full Changelog: v0.0.16...early-access

Release 0.0.16

What's Changed

• chore: bump to next development version by @github-actions[bot] in #385
• fix: place root component only in metadata.component by @ruromero in #386
• fix: filter toolchain entries in GoModulesProvider by @ruromero in #387
• refactor: remove duplicate DependencyAggregator from JavaMavenProvider by @soul2zimate in #389
• fix: remove scope qualifier from Maven/Gradle provider purls by @ruromero in #388
• feat: upgrade Java compilation target from 17 to 21 by @soul2zimate in #390
• fix: handle peerDependencies and optionalDependencies consistently ac… by @soul2zimate in #392
• feat: add early-access build pipeline for main branch by @soul2zimate in #398
• feat(api): add generateSbom API method and SBOM CLI command by @soul2zimate in #396
• build(deps): bump actions/github-script from 7 to 8 by @dependabot[bot] in #401
• build(deps): bump actions/download-artifact from 4 to 8 by @dependabot[bot] in #402
• chore: exclude test fixture manifests from Dependabot by @ruromero in #409
• refactor: use pip --dry-run --report for pyproject.toml by @ruromero in #406
• build(deps): bump actions/github-script from 8 to 9 by @dependabot[bot] in #410
• build(deps): bump softprops/action-gh-release from 2 to 3 by @dependabot[bot] in #411
• fix: skip PEP 508 marker-constrained packages in pip provider by @ruromero in #400
• ci: suppress dependabot updates for test fixture manifests by @ruromero in #422
• fix(go): merge children on MVS version key collision instead of overwriting by @ruromero in #421
• feat: add JS workspace discovery and public batch API by @a-oren in #415
• fix(npm): stop skipping dependency subtree when root entry has no version by @ruromero in #423
• fix(cargo): propagate timeout error with actionable message by @ruromero in #429
• fix(python): add --quiet flag to pip report command by @ruromero in #430
• ci: fix dependabot exclusions for non-production ecosystems by @ruromero in #431
• build(deps): bump org.pitest:pitest-maven from 1.23.0 to 1.23.1 by @dependabot[bot] in #433
• fix(ci): install pnpm in release workflow to unblock tests by @a-oren in #435
• fix: replace pnpm to npm install by @a-oren in #436

Full Changelog: v0.0.15...v0.0.16

Release 0.0.15

What's Changed

• chore: bump to next development version by @github-actions[bot] in #381
• build(deps): bump jackson.version from 2.21.1 to 2.21.2 by @dependabot[bot] in #357
• fix: read ignore patterns from workspace member Cargo.toml files by @a-oren in #375
• feat: include path dependencies in SBOM with repository_url=local qua… by @a-oren in #384

Full Changelog: v0.0.14...v0.0.15

Release 0.0.14

What's Changed

• chore: bump to next development version by @github-actions[bot] in #313
• build(deps-dev): bump mockito.version from 5.21.0 to 5.22.0 by @dependabot[bot] in #330
• build(deps): bump actions/upload-artifact from 6 to 7 by @dependabot[bot] in #329
• build(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 by @dependabot[bot] in #327
• build(deps-dev): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.4 to 3.5.5 by @dependabot[bot] in #326
• build(deps): bump jackson.version from 2.21.0 to 2.21.1 by @dependabot[bot] in #325
• build(deps): bump com.diffplug.spotless:spotless-maven-plugin from 3.2.1 to 3.3.0 by @dependabot[bot] in #334
• fix(deps): remove dependabot ecosystems for test-only fixtures by @soul2zimate in #336
• build(deps-dev): bump org.apache.maven.plugins:maven-resources-plugin from 3.4.0 to 3.5.0 by @dependabot[bot] in #339
• build(deps): bump org.apache.maven.plugins:maven-shade-plugin from 3.6.1 to 3.6.2 by @dependabot[bot] in #338
• build: bump trustify-da-api-model to 2.0.7 by @soul2zimate in #342
• build(deps-dev): bump mockito.version from 5.22.0 to 5.23.0 by @dependabot[bot] in #345
• fix: handle missing [workspace.dependencies] in virtual workspace component analysis (#344) by @soul2zimate in #346
• build(deps): bump org.pitest:pitest-maven from 1.22.1 to 1.23.0 by @dependabot[bot] in #350
• build(deps): bump org.codehaus.mojo:extra-enforcer-rules from 1.11.0 to 1.12.0 by @dependabot[bot] in #351
• build(deps): bump com.diffplug.spotless:spotless-maven-plugin from 3.3.0 to 3.4.0 by @dependabot[bot] in #353
• feat: implement license resolution and identification by @soul2zimate in #356
• fix: throw error on gradle command failure instead of returning empty… by @a-oren in #362
• feat(python): add pyproject.toml provider support by @ruromero in #358
• feat(python): use pyproject.toml metadata for root SBOM component by @ruromero in #368
• build(deps): bump gradle/actions from 5 to 6 by @dependabot[bot] in #376
• fix: avoid passing empty string argument to skopeo when raw=false by @soul2zimate in #380
• fix(python): avoid FileAlreadyExistsException in venv cleanup by @ruromero in #373

New Contributors

• @github-actions[bot] made their first contribution in #313
• @a-oren made their first contribution in #362

Full Changelog: v0.0.13...v0.0.14

Release 0.0.13

What's Changed

• chore: bump to next development version by @soul2zimate in #238
• chore(deps): exclude test manifest dependencies from dependabot update by @soul2zimate in #249
• Dependabot fix by @soul2zimate in #254
• feat: rust analysis support by @soul2zimate in #252
• build: bump various github actions by @soul2zimate in #266
• fix: fix various issues by @soul2zimate in #273
• fix: add missing environment variable to test by @soul2zimate in #274
• build(deps-dev): bump mockito.version from 5.17.0 to 5.21.0 by @dependabot[bot] in #276
• build(deps): bump org.apache.maven.plugins:maven-enforcer-plugin from 3.3.0 to 3.6.2 by @dependabot[bot] in #275
• build(deps-dev): bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.4 by @dependabot[bot] in #277
• build(deps-dev): bump org.apache.maven.plugins:maven-release-plugin from 3.0.0 to 3.3.1 by @dependabot[bot] in #279
• build: bump com.diffplug.spotless:spotless-maven-plugin from 2.44.4 to 3.2.1 by @soul2zimate in #280
• build(deps): bump softprops/action-gh-release from 1 to 2 by @dependabot[bot] in #281
• build(deps): bump actions/setup-python from 4 to 6 by @dependabot[bot] in #283
• build(deps): bump org.codehaus.mojo:build-helper-maven-plugin from 3.6.0 to 3.6.1 by @dependabot[bot] in #282
• build(deps-dev): bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.4 by @dependabot[bot] in #284
• build(deps): bump peter-evans/create-pull-request from 5 to 8 by @dependabot[bot] in #285
• build(deps): bump org.codehaus.mojo:extra-enforcer-rules from 1.6.2 to 1.11.0 by @dependabot[bot] in #286
• build(deps-dev): bump org.apache.maven.plugins:maven-resources-plugin from 3.3.1 to 3.4.0 by @dependabot[bot] in #287
• build(deps): bump me.fabriciorby:maven-surefire-junit5-tree-reporter from 1.2.1 to 1.5.1 by @dependabot[bot] in #288
• build(deps-dev): bump org.apache.maven.plugins:maven-failsafe-plugin from 3.5.3 to 3.5.4 by @dependabot[bot] in #290
• build(deps-dev): bump org.codehaus.mojo:versions-maven-plugin from 2.15.0 to 2.21.0 by @dependabot[bot] in #292
• build(deps): bump com.mycila:license-maven-plugin from 4.1 to 5.0.0 by @dependabot[bot] in #289
• build(deps-dev): bump org.sonatype.central:central-publishing-maven-plugin from 0.9.0 to 0.10.0 by @dependabot[bot] in #293
• build(deps-dev): bump org.apache.maven.plugins:maven-clean-plugin from 3.2.0 to 3.5.0 by @dependabot[bot] in #291
• build(deps): bump org.cyclonedx:cyclonedx-core-java from 12.0.1 to 12.1.0 by @dependabot[bot] in #298
• build(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.3 to 3.5.4 by @dependabot[bot] in #297
• build(deps): bump io.github.guacsec:trustify-da-api-model from 2.0.1 to 2.0.4 by @dependabot[bot] in #296
• build(deps): bump jakarta.annotation:jakarta.annotation-api from 2.1.1 to 3.0.0 by @dependabot[bot] in #294
• build(deps): bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.15.0 by @dependabot[bot] in #295
• build(deps-dev): bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M6 to 4.0.0-M16 by @dependabot[bot] in #301
• build(deps-dev): bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.0 to 3.10.0 by @dependabot[bot] in #302
• build(deps): bump org.pitest:pitest-junit5-plugin from 1.1.2 to 1.2.3 by @dependabot[bot] in #303
• build(deps): bump org.apache.maven.plugins:maven-source-plugin from 3.2.1 to 3.4.0 by @dependabot[bot] in #304
• fix: handle package name format mismatch in dependency ignore logic by @soul2zimate in #310
• fix: fix project layout detection by @soul2zimate in #308
• doc: add missing doc for Rust support by @soul2zimate in #306

New Contributors

• @dependabot[bot] made their first contribution in #276

Full Changelog: v0.0.12...v0.0.13

Release 0.0.12

What's Changed

• chore: bump to next development version by @soul2zimate in #227
• fix: java stack analysis doesn't ignore deps inherited version by @soul2zimate in #234
• fix: fix parsing with indented comments in requirements.txt by @soul2zimate in #236

Full Changelog: v0.0.11...v0.0.12

Release 0.0.11

What's Changed

• chore: bump to next development version by @soul2zimate in #223
• fix: correct go path for commands executed in method getFinalPackagesVersionsForModule by @soul2zimate in #225

Full Changelog: v0.0.10...v0.0.11

Release 0.0.10

What's Changed

• feat: support image scan in cli by @soul2zimate in #214
• chore: bump to next development version by @soul2zimate in #219
• build: component upgrade (cyclonedx-core-java, jakarta.mail and jackson) by @soul2zimate in #220

Full Changelog: v0.0.9...v0.0.10

Release 0.0.9

What's Changed

• chore: components upgrade by @soul2zimate in #180
• build: repository update by @soul2zimate in #181
• fix: docker and podman are optional for image analysis by @soul2zimate in #173
• feat: accept customized Maven user settings file and local repository. by @soul2zimate in #184
• feat!: remove go toolchain from sbom and qualifiers by @ruromero in #191
• feat!: set golang mvs true as default by @ruromero in #188
• chore: update license header by @soul2zimate in #202
• chore: rename trustification references to guacsec by @soul2zimate in #194
• Trustify da ignore main by @soul2zimate in #205
• build: replace secrets.STAGING_PAT and secrets.DEPLOY_KEY with secrets.GITHUB_TOKEN by @soul2zimate in #206
• build: publish to maven central by @soul2zimate in #207
• fix: don't trigger the workflow in pull_request_target and push event by @soul2zimate in #209
• chore: remove exhort_dev_mode and default endpoints and use value from environment variables or arguments by @soul2zimate in #211
• chore: update gpg plugin version by @ruromero in #212
• chore: generate javadocs and sources by @ruromero in #216

Full Changelog: 0.0.8...v0.0.9

0.0.9-SNAPSHOT

What's Changed

• chore: components upgrade by @soul2zimate in #180
• build: repository update by @soul2zimate in #181
• fix: docker and podman are optional for image analysis by @soul2zimate in #173
• feat: accept customized Maven user settings file and local repository. by @soul2zimate in #184
• feat!: remove go toolchain from sbom and qualifiers by @ruromero in #191
• feat!: set golang mvs true as default by @ruromero in #188
• chore: update license header by @soul2zimate in #202
• chore: rename trustification references to guacsec by @soul2zimate in #194
• Trustify da ignore main by @soul2zimate in #205
• build: replace secrets.STAGING_PAT and secrets.DEPLOY_KEY with secrets.GITHUB_TOKEN by @soul2zimate in #206

Full Changelog: 0.0.8...0.0.9-SNAPSHOT