Releases · guacsec/guac

8e929e7 --- (#1917)
5402c79 --- (#1918)
79bb957 --- (#1919)
1f57e79 --- (#1920)
febf594 --- (#1923)
b74c853 Added annotate-metadata command (#1906)
efa328a Attach hasSBOM nodes to artifacts instead of packages (#1883)
de5da06 Bump actions/checkout from 4.1.4 to 4.1.5 (#1899)
3ad5153 Bump actions/create-github-app-token from 1.10.0 to 1.10.1 (#1946)
5f2c476 Bump actions/create-github-app-token from 1.9.3 to 1.10.0 (#1900)
098c57a Bump actions/setup-go from 5.0.0 to 5.0.1 (#1898)
e72f98e Bump aquasecurity/trivy-action from 0.19.0 to 0.20.0 (#1912)
e166680 Bump aquasecurity/trivy-action from 0.20.0 to 0.21.0 (#1928)
2ff113d Bump docker/login-action from 3.1.0 to 3.2.0 (#1944)
286c0f8 Bump entgo.io/contrib from 0.4.5 to 0.5.0 (#1894)
a6471c3 Bump github.com/aws/aws-sdk-go from 1.51.12 to 1.53.1 (#1909)
2530c26 Bump github.com/aws/aws-sdk-go-v2/config from 1.27.7 to 1.27.16 (#1929)
4485169 Bump github.com/jedib0t/go-pretty/v6 from 6.5.8 to 6.5.9 (#1907)
19b6d7b Bump github.com/nats-io/nats-server/v2 from 2.10.12 to 2.10.14 (#1895)
dfbf8fd Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#1943)
0faef0a Bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 (#1896)
64e4b0e Bump github.com/spf13/viper from 1.18.2 to 1.19.0 (#1942)
6ae6785 Bump github/codeql-action from 3.25.6 to 3.25.7 (#1945)
44e16c9 Bump golang.org/x/oauth2 from 0.19.0 to 0.20.0 (#1908)
b588f97 Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 (#1897)
9da7480 Bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#1911)
7daab4a Bump google.golang.org/api from 0.176.0 to 0.177.0 (#1893)
f126a70 Bump google.golang.org/api from 0.177.0 to 0.180.0 (#1910)
0c83f5d Bump google.golang.org/grpc from 1.63.2 to 1.64.0 (#1930)
6a9639b Bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#1913)
d2717a4 Document that the Equals predicates equate only two nouns (#1886)
14cd291 Get Next Actionable Critical Dependencies Part 1 (#1705)
089496d GraphQL - Expose client queries (#1941)
8b702d0 Improved cdx parsing (#1903)
761d672 Include Aggregated Json Logs (#1905)
0970c35 Include Pagination for KeyValue (#1904)
73108d1 Update S3 collector to support collecting from a directory within the bucket (#1871)
51d3218 [ENT] Versioned Migration via Atlas (#1887)
f478bf0 [ENT] add bulk ingest for hasSBOM nodes (#1915)
66e066b publishToQueue feature flag and add certifiers to guaccollect pipeline (#1914)
c27e7c6 add issues/1885 reviewer/owners (#1902)
4dc7c94 add missing atlas to post merge CI (#1891)
c81838c add releases process (#1733)
b1b9a02 expose certifyVuln and hasSLSA query and pagination query on client side (#1936)
a35a679 expose hasSBOM pagination query on client side (#1916)
7ee25d1 expose vulnerability pagination query on client side (#1925)
e3e0f93 fix generate code for linter and static checks (#1940)
1253f28 fix novuln check for ent query (#1939)
529e33b fix: close file (#1924)
c8b8ff3 update certifier to use paginated query for package and source (#1872)
0921628 use deps.dev v3 API (#1890)
ccad6b3 use underscore instead of colon for blob store key (#1937)

Contributors

nchelluri, lumjjb, and 6 other contributors

Assets 71

30 Apr 21:38

github-actions

v0.6.0

a5d1d12

v0.6.0

Highlights

PostgreSQL/Ent is complete, optimized, and supported!
REST API endpoints are starting to appear
CLI commands now allow specifying arbitrary http headers
Ingestor logs now include document references
Document references are attached to nodes as part of source information

Changelog

c0e35bf Add GUAC Version to Logs (#1856)
3bb8b21 Add a transitive dependencies endpoint to the REST API (#1867)
136ad62 Add guaccollect files option to set origin to blob path (#1811)
ae3c1aa Add missing dev tools to nix shell (#1819)
90d95a5 Add standalone postgres compose (#1868)
d95860c Add the ability to specify HTTP headers for CLI commands (to support Auth proxies) (#1845)
c6aaf87 Bump actions/checkout from 4.1.2 to 4.1.3 (#1861)
e2e4121 Bump actions/checkout from 4.1.3 to 4.1.4 (#1875)
3e827b8 Bump actions/create-github-app-token from 1.9.1 to 1.9.2 (#1802)
eca2727 Bump actions/create-github-app-token from 1.9.2 to 1.9.3 (#1823)
5a048cd Bump actions/setup-python from 5.0.0 to 5.1.0 (#1801)
1984c68 Bump anchore/sbom-action from 0.15.10 to 0.15.11 (#1877)
ae9966c Bump anchore/sbom-action from 0.15.9 to 0.15.10 (#1803)
2dc06e2 Bump aquasecurity/trivy-action from 0.18.0 to 0.19.0 (#1804)
17e8bd7 Bump cloud.google.com/go/storage from 1.39.1 to 1.40.0 (#1799)
eed71a5 Bump github.com/99designs/gqlgen from 0.17.44 to 0.17.45 (#1857)
36f1133 Bump github.com/arangodb/go-driver from 1.6.1 to 1.6.2 (#1826)
70babbd Bump github.com/aws/aws-sdk-go from 1.51.7 to 1.51.12 (#1798)
9c1eb23 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.53.0 to 1.53.1 (#1840)
f0e44fd Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.31.2 to 1.31.4 (#1825)
fd69617 Bump github.com/fsouza/fake-gcs-server from 1.47.8 to 1.48.0 (#1881)
19506b6 Bump github.com/go-git/go-git/v5 from 5.11.0 to 5.12.0 (#1827)
60d8dc8 Bump github.com/google/osv-scanner from 1.7.0 to 1.7.1 (#1824)
21b65fb Bump github.com/klauspost/compress from 1.17.7 to 1.17.8 (#1882)
1857403 Bump github.com/nats-io/nats.go from 1.33.1 to 1.34.0 (#1800)
a586a92 Bump github.com/nats-io/nats.go from 1.34.0 to 1.34.1 (#1879)
282ea21 Bump github.com/pitabwire/natspubsub from 0.1.2 to 0.1.3 (#1843)
6a164f5 Bump github.com/redis/go-redis/v9 from 9.5.0 to 9.5.1 (#1841)
af5d83e Bump github.com/regclient/regclient from 0.5.7 to 0.6.0 (#1797)
1ea2819 Bump github.com/spdx/tools-golang from 0.5.3 to 0.5.4 (#1860)
bb6b63d Bump gocloud.dev/pubsub/rabbitpubsub from 0.36.0 to 0.37.0 (#1842)
9317e44 Bump golang.org/x/net from 0.22.0 to 0.23.0 (#1853)
80d7d0d Bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#1876)
9445fc0 Bump google.golang.org/api from 0.169.0 to 0.172.0 (#1796)
a2c1206 Bump google.golang.org/api from 0.172.0 to 0.176.0 (#1858)
e8e4c30 Bump google.golang.org/grpc from 1.62.1 to 1.63.2 (#1859)
d3f8704 Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#1839)
e69c19f Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 (#1878)
71c5547 Fix GitHub collector to accept explicit tag in urls (#1818)
1381c07 Fix goreleaser flag deprecation warnings (#1814)
db16cdc Fix the Overview Diagram (#1836)
46e8893 Fixes to HTTP Header functionality for CLI commands (#1852)
56ed851 Go generate (#1869)
4741c1c Handle null SPDX relationship values without panicking (#1822)
358205b Include a more descriptive debugger for the collector and processor (#1830)
6100427 Make the CSub GetCollectEntries() RPC response streaming (#1865)
3577d4d Populate SourceInformation.DocumentRef in collectors (#1847)
3f124e3 Remove unused variable (#1851)
ef4658e Run the guacgql HTTP server on only one port (#1805)
d0c51f5 Update error handling on ingestion (#1832)
6638a53 Update gql, parser and backends to add new documentRef field (#1844)
a0a0a82 Update graphQL schema to add documentRef field to all verbs (#1834)
d861241 Update graphQL, resolvers and add backend stubs for pagination (#1862)
c2477fa Update readme with supported backends. (#1873)
8189495 [ENT] Complete ent pagination and update backend tests (#1870)
2ec6bc9 [ENT] fix issue with index on artifact (#1835)
5ff8e90 [ENT] fix trie output for package, source and vulnerability (#1863)
2180123 [Ent] Add missing neighbor, node and path query (#1815)
a5d1d12 [FIX] Ingestor should not ack message on failure (#1874)
d908792 [FIX] implement fixes based on parsing and querying errors for CDX (#1855)
3d6f3c0 [fix] OSV unit test update and replaced deprecated types.Descriptor (#1807)
3dba718 add new re-designed overview diagram for GUAC (#1831)
5b2e267 added github release identifier string type (#1820)
b5e2b39 feat: switch golang/mock to uber-go/mock (#1866)
573a8d8 fix queue to deliver message directly (#1837)
0550c31 remove built in query noder as it was not properly returning the fields in the queried nodes (#1829)

Assets 71

27 Mar 19:50

github-actions

v0.5.2

ef1c2c9

v0.5.2

Highlights

Fix ENT queries
Add missing collectors to guaccollect
Support image references by digest in the OCI collector
Add guacrest to docker-compose
Various bug fixes and improvements

What's Changed

c6a5159 Bump actions/cache from 4.0.1 to 4.0.2 (#1782)
a1b49c5 Bump actions/checkout from 4.1.1 to 4.1.2 (#1776)
0620ad5 Bump actions/create-github-app-token from 1.9.0 to 1.9.1 (#1781)
996f777 Bump anchore/sbom-action from 0.15.8 to 0.15.9 (#1767)
bac5b6d Bump cloud.google.com/go/storage from 1.39.0 to 1.39.1 (#1763)
b87ea96 Bump docker/login-action from 3.0.0 to 3.1.0 (#1775)
ade9c9e Bump github.com/Khan/genqlient from 0.6.0 to 0.7.0 (#1773)
f93a552 Bump github.com/aws/aws-sdk-go from 1.50.36 to 1.51.7 (#1787)
488b99e Bump github.com/aws/aws-sdk-go-v2 from 1.25.3 to 1.26.0 (#1772)
5c5973f Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.1 to 1.51.4 (#1760)
5c56383 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.51.4 to 1.53.0 (#1786)
a895253 Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.29.7 to 1.31.2 (#1766)
b6608f6 Bump github.com/docker/docker (#1778)
e283206 Bump github.com/go-chi/chi from 1.5.5 to 4.1.2+incompatible (#1761)
fe4faee Bump github.com/go-chi/chi/v5 from 5.0.11 to 5.0.12 (#1788)
90fc632 Bump github.com/google/osv-scanner from 1.6.1 to 1.7.0 (#1755)
59897f2 Bump github.com/nats-io/nats-server/v2 from 2.10.11 to 2.10.12 (#1774)
cc5f59f Bump github.com/pitabwire/natspubsub from 0.1.1 to 0.1.2 (#1764)
b69464a Bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 (#1785)
3100b05 Bump go.uber.org/zap from 1.26.0 to 1.27.0 (#1762)
5cccd5e Bump gocloud.dev from 0.36.0 to 0.37.0 (#1770)
dcf7cef Bump gocloud.dev/pubsub/kafkapubsub from 0.36.0 to 0.37.0 (#1784)
3b007a2 Bump golang.org/x/oauth2 from 0.17.0 to 0.18.0 (#1771)
c85eb0e Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 (#1758)
1357a7c Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 (#1783)
755a8e8 Check DependencyType values in isDependency ingestion and queries (#1780)
ac4c273 Include missing collectors (#1759)
f8286dd Included Query for Scorecard (#1791)
638ba85 Included a README for guacrest (#1719)
693be1a Support image references by digest in the OCI collector (#1779)
d41d633 [ENT] Fix all broken queries from the backend test suite (#1790)
6055128 add guacrest to docker and go releaser (#1792)
ef1c2c9 fix health check for rest api (#1793)

Assets 70

07 Mar 21:08

github-actions

v0.5.1

1f9eb7c

v0.5.1

Highlights

Add GitHub release/artifact collector to guacone: guacone collect github.
Fix a validation issue in guac-demo-compose.yaml

Changelog

2b196f5 Add Pagination to the Rest API (#1720)
c3efd23 Bump github.com/cloudevents/sdk-go/v2 from 2.15.1 to 2.15.2 (#1754)
4428d22 Fixed flaky test (#1752)
652c333 Fixed typos (#1751)
249a6f5 Included Guacone Collect Github (#1677)
d4a9a96 Included Polling for Github Collect (#1678)
67e4664 README for the Github Collector (#1731)
1f9eb7c Remove empty depends_on that fails validation. (#1757)
d490212 adds helper function to check for an arango collection index (#1750)
6985a57 move message acknowledgment for pubsub to be done after the ingestion has occured (#1753)

Assets 70

05 Mar 18:45

github-actions

v0.5.0

89019ad

v0.5.0

Highlights

Various updates to the graphQL API
Updated to the ENT backend to make ingestion quicker
Addition of the REST API features and build out
Metrics via Prometheus
Various bug fixes and improvements

What's Changed

ede754a Add Deps.dev collector to guacone (#1661)
89019ad Add a demo level docker compose yaml (#1747)
42f945e Bump actions/cache from 3.3.3 to 4.0.0 (#1653)
642a10c Bump actions/cache from 4.0.0 to 4.0.1 (#1740)
9686503 Bump actions/create-github-app-token from 1.6.3 to 1.6.4 (#1651)
9c3b5d0 Bump actions/create-github-app-token from 1.6.4 to 1.7.0 (#1667)
9e3cd9d Bump actions/create-github-app-token from 1.7.0 to 1.8.0 (#1704)
ceb3192 Bump actions/create-github-app-token from 1.8.0 to 1.8.1 (#1724)
93887c6 Bump actions/create-github-app-token from 1.8.1 to 1.9.0 (#1741)
45356ea Bump anchore/sbom-action from 0.15.3 to 0.15.5 (#1652)
c350930 Bump anchore/sbom-action from 0.15.5 to 0.15.6 (#1668)
3844bcf Bump anchore/sbom-action from 0.15.6 to 0.15.8 (#1691)
a3c3690 Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#1703)
1b58cd4 Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#1742)
a1fd412 Bump cloud.google.com/go/storage from 1.36.0 to 1.37.0 (#1687)
1770712 Bump cloud.google.com/go/storage from 1.37.0 to 1.38.0 (#1716)
033f281 Bump cloud.google.com/go/storage from 1.38.0 to 1.39.0 (#1744)
d597f9e Bump entgo.io/ent v0.13.0 (#1707)
9e5d83d Bump github.com/99designs/gqlgen from 0.17.43 to 0.17.44 (#1715)
60210aa Bump github.com/aws/aws-sdk-go from 1.49.17 to 1.50.6 (#1672)
f7bdab8 Bump github.com/aws/aws-sdk-go from 1.50.6 to 1.50.11 (#1689)
68230c5 Bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#1725)
b1c67c9 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#1662)
590df02 Bump github.com/cloudevents/sdk-go/v2 from 2.10.1 to 2.15.0 (#1669)
ce741a7 Bump github.com/cloudevents/sdk-go/v2 from 2.15.0 to 2.15.1 (#1728)
5b8d7a9 Bump github.com/deepmap/oapi-codegen/v2 from 2.0.1-0.20240123090344-d326c01d279a to 2.1.0 (#1713)
0919d31 Bump github.com/fsouza/fake-gcs-server from 1.47.7 to 1.47.8 (#1743)
13b5121 Bump github.com/getkin/kin-openapi from 0.122.0 to 0.123.0 (#1727)
a6c67d3 Bump github.com/google/osv-scanner from 1.4.3 to 1.6.1 (#1657)
b7e84b9 Bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 (#1673)
755c47e Bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (#1671)
efd46f3 Bump github.com/klauspost/compress from 1.17.5 to 1.17.6 (#1701)
6c45c18 Bump github.com/moby/buildkit from 0.12.2 to 0.12.5 (#1679)
e1d3451 Bump github.com/nats-io/nats-server/v2 from 2.10.9 to 2.10.10 (#1686)
32169e5 Bump github.com/nats-io/nats.go from 1.32.0 to 1.33.1 (#1726)
8eaa7ed Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 (#1745)
cf9ccd3 Bump github.com/redis/go-redis/v9 from 9.4.0 to 9.5.0 (#1714)
75a5ae7 Bump github.com/regclient/regclient from 0.5.5 to 0.5.6 (#1688)
644b493 Bump github.com/regclient/regclient from 0.5.6 to 0.5.7 (#1700)
91a9be2 Bump github.com/segmentio/kafka-go from 0.4.46 to 0.4.47 (#1655)
315dfef Bump github.com/sigstore/sigstore from 1.8.0 to 1.8.1 (#1654)
ec85ecd Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1746)
4adbf13 Bump github.com/swaggo/swag from 1.16.2 to 1.16.3 (#1698)
694a8f2 Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#1702)
6e88dab Bump google.golang.org/api from 0.154.0 to 0.157.0 (#1656)
9db9b6a Bump google.golang.org/api from 0.157.0 to 0.160.0 (#1670)
abd5a73 Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#1685)
e023b46 Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1690)
d5feab1 ENT - bulk ingestion and update to use IDorInputSpec (#1732)
237ff8c Encoding guesser (#1472)
f750549 Error and exit when initialization fails (#1674)
e9e3551 Fix License node ingestion when no LicenseListVersion provided. (#1738)
431a286 Fix the incorrect callingFuncName in the getNeighborIDFromCursor (#1730)
52a55e4 Github Collector Enhancements (#1566)
dbf92ad Gqlschemafix (#1683)
5fbba0d Id or inputspec (#1708)
645dcbc Implemented key value search (#1711)
e8ff763 Improve guac query vuln error message (#1695)
e2c8157 Included http middleware to measure the graphql response times using prometheus. (#1675)
de3cd11 Included prometheus server for guacql (#1635)
c628147 Move all arango tests to common integration test suite. (#1660)
2169376 Update CONTRIBUTING.md about DCO and CLA. (#1723)
b0969e3 Update default blob-addr to use filesystem (for docker-compose and k8s) (#1666)
f6e9f46 Use filename as qualifier for SBOM file references (#1546)
f393612 Use graphql.HasOperationContext in arangodb assembler (#1659)
db84270 Utilize gocloud and blob store to work around pubsub message size (#1630)
2b3b18e [Rest API] Adds the initial API Spec and guacrest cli. (#1665)
eee82ba abstract pubsub service via gocloud (#1664)
3f2ef06 add purl helper to convert from allPkgTree fragment (#1681)
99a4d54 attempt to fix golangci-lint issues (#1735)
8c27a44 feature: Verify the DSSE envelope if the verifier-key-path and verifier-key-id are provided. Fail the provenance ingestion if the document is not verified. (#1712)
1e337e3 fix: s3 collector (#1658)
f1703bd fix[update-arango-graph] - creates a missing collection in already pr… (#1649)
db6cfcc removing MAX_CONCURRENT_JOBS (#1682)
ef4c295 save qualifiers from golang loop semantics (#1684)
753e57b separate software IDs into packages and artifacts for hasSBOM ingestion (#1718)
c3464f8 update dsse processor to not guess unpacked payload (#1647)
277c791 update hasSBOM ingestion for large SBOMs and increase batch size for bulk ingestion (#1748)

Assets 70

18 Jan 03:36

github-actions

v0.4.0

c3cdc5a

v0.4.0

Highlights

Addition of a new KeyValue backend (Redis and TiKV)
Update and improve guacone CLI
Add new graphQL Custom Directives contains and startswith
Various updates to arangoDB and ENT backend
REST API initial implementation
Various bug fixes and improvements

What's Changed

8336525 1434-docker-compose - backend selection on startup (#1435)
c197a9d 1550 Ent: hasSBOM 'included' implementation (#1583)
8daf872 Add Guacone collect files json.bz2 capability (#1395)
1fb5ee9 Add Redis and TiKV kv stores (#1502)
bb36eab Add benchmark for TiKV (#1579)
ab37eb4 Add comment for id field on PkgSpec (#1631)
df88a40 Add comment on Edge schema to note that edges are bidirectional (#1632)
7176dec Add concurrency to arango hasSBOM query (#1609)
c45498b Add log level configuration (#1422)
cb92e23 Add performance test for redis. (#1562)
a4faf80 Add support for OCI referrers (#1278)
2304b5e Bump actions/cache from 3.3.2 to 3.3.3 (#1642)
cabf7f9 Bump actions/checkout from 3.4.0 to 4.1.1 (#1489)
aa334f6 Bump actions/checkout from 4.1.0 to 4.1.1 (#1423)
47f9756 Bump actions/create-github-app-token from 1.5.0 to 1.5.1 (#1467)
4c9a54f Bump actions/create-github-app-token from 1.5.1 to 1.6.0 (#1516)
1c55d0b Bump actions/create-github-app-token from 1.6.0 to 1.6.1 (#1551)
2bfe69a Bump actions/create-github-app-token from 1.6.1 to 1.6.2 (#1570)
48efadb Bump actions/create-github-app-token from 1.6.2 to 1.6.3 (#1641)
54fe233 Bump actions/download-artifact from 3 to 4 (#1591)
7e4740c Bump actions/github-script from 6.4.1 to 7.0.0 (#1494)
5c32cb5 Bump actions/github-script from 7.0.0 to 7.0.1 (#1515)
67ce224 Bump actions/setup-go from 4.0.1 to 4.1.0 (#1493)
c4c8ca3 Bump actions/setup-go from 4.1.0 to 5.0.0 (#1568)
7bbde8f Bump actions/setup-python from 4.7.1 to 5.0.0 (#1569)
1395ebf Bump actions/upload-artifact from 3 to 4 (#1640)
880b129 Bump anchore/sbom-action from 0.14.3 to 0.15.0 (#1518)
4553605 Bump anchore/sbom-action from 0.15.0 to 0.15.1 (#1552)
65da979 Bump anchore/sbom-action from 0.15.1 to 0.15.3 (#1626)
bfd70a6 Bump aquasecurity/trivy-action from 0.12.0 to 0.13.0 (#1443)
552cf9b Bump aquasecurity/trivy-action from 0.13.0 to 0.13.1 (#1468)
79ffb2f Bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#1490)
3e8b997 Bump aquasecurity/trivy-action from 0.14.0 to 0.16.0 (#1571)
5692dc6 Bump aquasecurity/trivy-action from 0.16.0 to 0.16.1 (#1625)
f0c6c23 Bump cloud.google.com/go/storage from 1.33.0 to 1.34.1 (#1462)
a3301cb Bump cloud.google.com/go/storage from 1.34.1 to 1.35.1 (#1492)
68c22cc Bump entgo.io/ent from 0.12.4 to 0.12.5 (#1522)
9fd1846 Bump github.com/99designs/gqlgen from 0.17.37 to 0.17.39 (#1411)
f48cf42 Bump github.com/99designs/gqlgen from 0.17.39 to 0.17.41 (#1553)
645533d Bump github.com/CycloneDX/cyclonedx-go from 0.7.2 to 0.8.0 (#1573)
d9609a3 Bump github.com/arangodb/go-driver from 1.6.0 to 1.6.1 (#1523)
64d2c5b Bump github.com/aws/aws-sdk-go from 1.45.24 to 1.45.26 (#1412)
5cf6cbc Bump github.com/aws/aws-sdk-go from 1.45.26 to 1.46.2 (#1425)
f92473b Bump github.com/aws/aws-sdk-go from 1.46.2 to 1.48.0 (#1521)
4a67771 Bump github.com/aws/aws-sdk-go from 1.48.0 to 1.49.13 (#1613)
c078576 Bump github.com/aws/aws-sdk-go from 1.49.13 to 1.49.17 (#1622)
c13e040 Bump github.com/aws/aws-sdk-go-v2 from 1.20.0 to 1.21.2 (#1447)
d3611c3 Bump github.com/aws/aws-sdk-go-v2 from 1.22.2 to 1.23.5 (#1556)
6d501cc Bump github.com/aws/aws-sdk-go-v2 from 1.24.0 to 1.24.1 (#1621)
4e83d90 Bump github.com/aws/aws-sdk-go-v2/config from 1.18.32 to 1.19.1 (#1446)
21abc32 Bump github.com/aws/aws-sdk-go-v2/config from 1.19.1 to 1.26.1 (#1576)
5a12fd2 Bump github.com/aws/aws-sdk-go-v2/config from 1.26.1 to 1.26.2 (#1612)
25250e2 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.38.1 to 1.40.2 (#1445)
14c40cb Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.40.2 to 1.42.1 (#1487)
b6246e5 Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.26.0 (#1466)
a95b0bf Bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.24.1 to 1.29.6 (#1614)
f1e2b24 Bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 (#1619)
0ce585b Bump github.com/docker/docker (#1442)
b6f77f3 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1486)
604d475 Bump github.com/fsnotify/fsnotify from 1.6.0 to 1.7.0 (#1531)
8ba3f39 Bump github.com/fsouza/fake-gcs-server from 1.47.5 to 1.47.6 (#1428)
1416c0f Bump github.com/fsouza/fake-gcs-server from 1.47.6 to 1.47.7 (#1639)
97cd84f Bump github.com/go-git/go-git/v5 from 5.10.0 to 5.10.1 (#1532)
ed19b9b Bump github.com/go-git/go-git/v5 from 5.10.1 to 5.11.0 (#1588)
1d48ca9 Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1409)
00d978b Bump github.com/google/osv-scanner from 1.4.1 to 1.4.2 (#1444)
d0e7461 Bump github.com/google/osv-scanner from 1.4.2 to 1.4.3 (#1488)
63ebfe7 Bump github.com/jedib0t/go-pretty/v6 from 6.4.7 to 6.4.8 (#1429)
f4c68bc Bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.3 (#1638)
cb78b8d Bump github.com/klauspost/compress from 1.17.2 to 1.17.3 (#1534)
e08c31e Bump github.com/klauspost/compress from 1.17.3 to 1.17.4 (#1557)
1e4157b Bump github.com/nats-io/nats-server/v2 from 2.10.1 to 2.10.2 (#1418)
778f2c6 Bump github.com/nats-io/nats-server/v2 from 2.10.2 to 2.10.3 (#1427)
02152b2 Bump github.com/nats-io/nats-server/v2 from 2.10.3 to 2.10.4 (#1454)
45e8941 Bump github.com/nats-io/nats-server/v2 from 2.10.4 to 2.10.5 (#1495)
bac74b5 Bump github.com/nats-io/nats.go from 1.30.1 to 1.31.0 (#1408)
0689514 Bump github.com/nats-io/nkeys from 0.4.5 to 0.4.6 (#1455)
a49449a Bump github.com/ossf/scorecard/v4 from 4.13.0 to 4.13.1 (#1464)
a591214 Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0 (#1637)
c91c538 Bump github.com/redis/go-redis/v9 from 9.3.0 to 9.3.1 (#1600)
7857ed7 Bump github.com/redis/go-redis/v9 from 9.3.1 to 9.4.0 (#1623)
0b7c030 Bump github.com/regclient/regclient from 0.5.1 to 0.5.3 (#1410)
056ca7a Bump github.com/regclient/regclient from 0.5.3 to 0.5.4 (#1519)
79ef3f1 Bump github.com/regclient/regclient from 0.5.4 to 0.5.5 (#1554)
770cf2e Bump github.com/segmentio/kafka-go from 0.4.42 to 0.4.44 (#1463)
6d2150d Bump github.com/segmentio/kafka-go from 0.4.44 to 0.4.46 (#1572)
d619162 Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 (#1426)
596c9f9 Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 (#1533)
7ae8af7 Bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#1587)
9407c75 Bump github.com/sigstore/sigstore from 1.7.6 to 1.8.0 (#1602)
974f14b Bump github.com/spf13/viper from 1.16.0 to 1.17.0 (#1520)
76e2661 Bump github.com/spf13/viper from 1.17.0 to 1.18.2 (#1589)
c86d904 Bump golang.org/x/crypto from 0.16.0 to 0.17.0 (#1592)
bfa5624 Bump golang.org/x/oauth2 from 0.14.0 to 0.15.0 (#1555)
c0eaaeb Bump google.golang.org/api from 0.148.0 to 0.149.0 (#1465)
56cb4f9 Bump google.golang.org/api from 0.150.0 to 0.152.0 (#1535)
e9ee86b Bump google.golang.org/protobuf from 1.31.0 to 1.32.0 (#1620)
fe10b55 Bump goreleaser/goreleaser-action from 4 to 5 (#1517)
e2b35ad Bump ossf/scorecard-action from 2.3.0 to 2.3.1 (#1424)
2b32a09 Bump sigstore/cosign-installer from 3.1.2 to 3.2.0 (#1491)
ba1eb78 Bump sigstore/cosign-installer from 3.2.0 to 3.3.0 (#1567)
c308c54 CSAF Parser: fixed branches' names collision (#1528)
18ad0d0 Change Keys method in kv interface to Scan (#1558)
030cf7f Convert default backend from "inmem" to "keyvalue" (#1475)
c5d84b6 Create a single backend acceptance test suite. (#1597)
fb58ab3 Define edges within software tries related nodes (#1450)
f2198ad Enable query on benchmark, fix some Scan() issues in keyvalue (#1585)
2a9a787 Ent - HasMetadata: applied concurrent approach (#1458)
b178fcd Ent - PackageVersion: added index for improving IsDependency ingestion (#1439)
da929fc Ent - Restore IngestPackages concurrently (#1586)
72e03ee Ent - Vulnerability endpoints: applied concurrent approach (#1459)
1b4e681 Ent - VulnerabilityMetadata endpoints (#1416)
7a05b7e Ent: IngestArtifacts optimized using concurrently (#1596)
f6a0a24 Ent: IngestBuilders, IngestCertifyBads, IngestCertifyGoods, IngestCertifyLegals refactored concurrently (#1599)
68210cf Ent: IngestOccurrences optimized with concurrently (#1593)
a599888 Ent: IngestSources optimized with concurrently (#1595)
a20dbc7 Ent: Package,IsDependency concurrent bulk ingestions (#1440)
5521770 Ent: error management when closing Ent client during tests (#1478)
545e294 Ent: fixed lint issue on 'main' (#1598)
7a4373b Feature/arango neighbors nouns query (#1419)
2ad8e2b Feature/arango neighbors verbs with tests (#1420)
09b3c74 Feature/update arango hasSBOM adding includes (#1564)
ab00d12 Fix single target build and remove unused function from test (#1543)
e560250 Fix some error returns without unlocks. (#1581)
0b8fc18 Fix some logic errors on IsDependency (#1627)
565483d Fixed Error in Scorecard Certifier (#1501)
9faa6de Fixed docker-compose down (#1451)
14a79d9 Fixed the incorrect tests for deps_dev (#1400)
c298eea Implemented prometheus (#1500)
1e5a333 Implemented the REST API (#1452)
2af1cc4 Included option to run integration tests locally (#1361)
c72e762 Inlcuded a faster fmt (#1507)
165897d Issue 966: Extend HasSBOM to include references to included software … (#1367)
686ce43 Iterating Over all IDs in QueryVulnsViaVulnNodeNeighbors (#1509)
c5c346c OCI purl: fix repository URL management (#1485)
92bd33e Query fIlter support for nested keys (#1618)
cb550ee Remove extra read locking that will cause deadlock. (#1580)
83b892c S3 collector implementation (#1308)
7144c45 Update ent and arango source model generation. (#1594)
2b1e1ae Update key methods...

Assets 69

13 Oct 20:35

github-actions

v0.3.0

7c3b1b9

v0.3.0

Highlights

Add timestamp fields to certifyBad, certifyGood, and hasSBOM
Ingest SPDX CPEs from externalRefs
Fix the issue with OSV certifier failing to ingest vulnerabilities while polling
Fix noVuln not showing on query known CLI

What's Changed

2c19f25 Add License and CertifyLegal to Arango backend. (#1349)
b7ff00e Add SECURITY-INSIGHTS (#1353)
ffadd34 Add a developer readme to the cli commands. (#1324)
caebd0c Bump actions/create-github-app-token from 1.2.2 to 1.5.0 (#1372)
baae9ca Bump entgo.io/ent from 0.12.4-0.20230918073025-797534a0d1ca to 0.12.4 (#1377)
583c478 Bump github.com/aws/aws-sdk-go from 1.45.20 to 1.45.24 (#1375)
1db53ed Bump github.com/fsouza/fake-gcs-server from 1.47.4 to 1.47.5 (#1376)
686fcad Bump github.com/nats-io/nats-server (#1352)
2f87865 Bump github.com/ossf/scorecard/v4 from 4.12.0 to 4.13.0 (#1374)
ff8bcb9 Bump golang.org/x/net from 0.15.0 to 0.17.0 (#1389)
457ace8 Bump golang.org/x/sync from 0.3.0 to 0.4.0 (#1373)
dc8d75a Bump ossf/scorecard-action from 2.2.0 to 2.3.0 (#1371)
7c3b1b9 Certifier OSV: fixed emit func when polling (#1396)
c923aa6 Ent - HasMetadata (#1365)
64850de Ent - HasMetadata: fix ingesting same twice (#1392)
d18327b Ent - PointOfContact (#1391)
9e65098 Feature/arango node query with updates to inmem unit tests (#1369)
24dc68f Fix lint errors and increase golangci-lint timeout (#1351)
d681a8d Include Timestamps for Verbs (#1338)
542f03f SPDX Parser: ingest CPE from externalRefs (#1347)
b540d46 Support TLS for csub server and clients (#1390)
4652364 Support TLS for graphql server (#1380)
a3299ca Update packages for slices import (#1356)
3b4bc8e Update query used in docs with new vuln structure. (#1385)
e48e534 Wait for guac server to start before running tests (#1383)
a9dc7af [feature] Unionize parsing for cdx SBOM and VEX data (#1247)
c225a8e add flag to toggle getting deps.dev dependencies (#1382)
9254f32 change package version list to a map and add tests (#1332)
9caebd6 edit arangosearch view to exclude subpath search results (#1397)
5ecc2be fix contributor.md broken links to docs (#1393)
d7daa07 fix noVuln type not showing up when querying for known (#1394)
23cdc26 fix: typo (#1379)
09c5879 process PACKAGE_OF relationship in SPDX files (#1337)
51e8fc6 refactor(depversion): avoid unnecessary byte/string conversion (#1384)
70a6fe2 remove gql-test-data as its no longer needed to test the backends (#1355)

Assets 57

04 Oct 17:27

github-actions

v0.2.0

7e52b35

v0.2.0

Highlights

Major redesign to Vulnerability GraphQL Schema/API.
- Vulnerability types are no longer hard-coded
- Vulnerability metadata nodes include scores
IsDependency can now point to Package Versions.
GraphQL ingest mutations only return ID now.
OpenVEX Parser
Many fixes and smaller improvements.
Large progress on Arango and Ent, though not fully complete yet.

What's Changed

update vulnerability api by @pxp928 in #1147
Feature/arango certify vuln implementation by @pxp928 in #1161
Implement new IsDependency graphql to point to versions by @lumjjb in #1125
Fix XML format validation by @mlieberman85 in #1164
Fixed a Potential Stack Overflow Error in findProductRef by @nathannaveen in #1146
Feature/add novuln bool to vulnerability filter by @pxp928 in #1165
Fix check for docker buildx by @s-spindler in #1159
Bump cloud.google.com/go/storage from 1.31.0 to 1.32.0 by @dependabot in #1171
Bump google.golang.org/api from 0.136.0 to 0.138.0 by @dependabot in #1172
Bump github.com/aws/aws-sdk-go from 1.44.323 to 1.44.328 by @dependabot in #1174
Bump go.uber.org/zap from 1.24.0 to 1.25.0 by @dependabot in #1173
Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #1175
Feature/add vuln metadata schema by @pxp928 in #1170
Add check for docker compose by @s-spindler in #1176
Fixed Part of SemVer Issue by @nathannaveen in #1157
Minor fixes to error messages patch.go by @rmetzman in #1145
Feature/add vuln metadata backend [inmem] by @pxp928 in #1180
remove parallel assembler as no longer needed by @pxp928 in #1183
Bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0 by @dependabot in #1191
Bump github.com/aws/aws-sdk-go from 1.44.328 to 1.44.333 by @dependabot in #1189
Bump github.com/jedib0t/go-pretty/v6 from 6.4.6 to 6.4.7 by @dependabot in #1187
Bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2 by @dependabot in #1188
Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #1190
changing mutationAPI to only return IDs instead of whole struct to fi… by @arorasoham9 in #1169
Updated CollectedPypiWheelAxle by @mrizzi in #1192
CertifyBad: refactor validation checks by @mrizzi in #1185
Fixed a Potential Stack Overflow Error in findPurl 2 by @nathannaveen in #1194
Implement RDMS backend (postgres/mysql/sqlite) by @ivanvanderbyl in #910
Tag ent tests by @jeffmendoza in #1200
[Feature] add ingestion (including bulk) and query for VEX in Arango and inmem by @pxp928 in #1184
IngestVEXStatement resolver: fix err management by @mrizzi in #1203
Add 'integration' tag to golangci-lint by @mrizzi in #1202
add regen via make generate and add missing bulk ingest vex by @pxp928 in #1204
update readme to include backends and update supported types by @lumjjb in #1205
[feature] Adds a parser for CycloneDX Vex data by @stevemenezes in #1181
prevent checking for dependency version in test so changes in this do… by @m-brophy in #1209
Move validation checks into resolvers by @mrizzi in #1210
Add Legal information schema and inmem backend. by @jeffmendoza in #1207
Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #1214
Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 by @dependabot in #1215
Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 by @dependabot in #1216
Bump github.com/aws/aws-sdk-go from 1.44.333 to 1.45.2 by @dependabot in #1217
Bump github.com/regclient/regclient from 0.4.8 to 0.5.1 by @dependabot in #1218
Bump github.com/spdx/tools-golang from 0.5.2 to 0.5.3 by @dependabot in #1219
Bump github.com/sigstore/sigstore from 1.6.5 to 1.7.3 by @dependabot in #1221
Feature/ Add arango unit tests by @pxp928 in #1213
Ent - Vulnerabilities management by @mrizzi in #1212
Feature/vuln metadata implementation on arango by @pxp928 in #1223
Disable ent on 32 bit by @jeffmendoza in #1226
Included docstrings for parser_csaf by @nathannaveen in #1186
Refactor ingestor code by @dejanb in #1195
Feature/vuln equal bulk ingestion and arango updates by @pxp928 in #1227
Ent - Dependency management by @mrizzi in #1232
update SPDX parser to skip empty and 0 hashes by @lumjjb in #1228
fix: increase gprc max message size by @dejanb in #1230
Fix inmem unit test. by @jeffmendoza in #1235
Bump github.com/DATA-DOG/go-txdb from 0.1.6 to 0.1.7 by @dependabot in #1220
remove helper as unused code from old pre-release assembler by @pxp928 in #1236
Ent - CertifyVuln: fixed noVuln management by @mrizzi in #1240
Feature/pkg equals bulk ingestion and arango updates by @pxp928 in #1239
Ent - IngestVulnEquals with tests by @mrizzi in #1238
Add support for sending encoded documents by @dejanb in #1222
Ent - IngestPkgEquals with tests by @mrizzi in #1243
Fix/add missing unit tests arango by @pxp928 in #1246
Ent - IngestSLSAs implementation with tests by @mrizzi in #1248
Improved Runtime of Function Process in process.go by @neilnaveen in #1245
Bump github.com/aws/aws-sdk-go from 1.45.2 to 1.45.7 by @dependabot in #1254
Bump cloud.google.com/go/storage from 1.32.0 to 1.33.0 by @dependabot in #1252
Bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.9 by @dependabot in #1253
Bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 by @dependabot in #1255
Bump actions/cache from 3.3.1 to 3.3.2 by @dependabot in #1256
Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in #1257
Bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 by @dependabot in #1258
Bump github.com/99designs/gqlgen from 0.17.36 to 0.17.37 by @dependabot in #1251
Ent - IngestBuilders with tests by @mrizzi in #1260
Feature/has metadata bulk ingestion and arango updates by @pxp928 in #1262
Ent - IngestHasSBOMs implementation with tests by @mrizzi in #1265
inmem - PkgEqual: Subpath query filtering by @mrizzi in #1249
guacone - managing totalSuccess by @mrizzi in #1267
Ingestor/Assembler and SPDX Parser for Legal information. by @jeffmendoza in #1244
Feature/pointofcontact bulk arango by @pxp928 in #1268
Update resolvers for legal nodes and add tests. by @jeffmendoza in #1269
Fixed CSAF GetIdentifiers by @nathannaveen in #1264
Log and continue on ingest errors with bulk assemler. by @jeffmendoza in #1275
add nightly release by @sunnyyip in #1273
Ent - IngestScorecards implementation with tests by @mrizzi in #1271
Ent - Bump v0.12.4-0.20230918073025-797534a0d1ca by @mrizzi in #1283
Changed JSON encoder from encoding/json to json-iterator/go by @neilnaveen in #1250
Feature/ hasSourceAt bulk inmem and arango implementation by @pxp928 in #1281
Changed make fmt to ignore .git files by @neilnaveen in https://g...

Contributors

ivanvanderbyl, desmax74, and 17 other contributors

Assets 57

23 Sep 04:48

github-actions

v0-nightly

51100b7

v0-nightly Pre-release

Pre-release

Changelog

b7c8690 Ent - IngestPkgEquals with tests (#1243)
3f96625 Add 'integration' tag to golangci-lint (#1202)
68e0455 Add Legal information schema and inmem backend. (#1207)
2290eb0 Add check for docker compose (#1176)
204016c Add support for sending encoded documents (#1222)
37c6a0d Bump actions/cache from 3.3.1 to 3.3.2 (#1256)
b8b130d Bump actions/checkout from 3.5.3 to 3.6.0 (#1190)
9aeea26 Bump actions/checkout from 3.6.0 to 4.0.0 (#1214)
9cd716f Bump actions/upload-artifact from 3.1.2 to 3.1.3 (#1257)
a86c104 Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 (#1215)
f594c3a Bump cloud.google.com/go/storage from 1.31.0 to 1.32.0 (#1171)
3ed7b5d Bump cloud.google.com/go/storage from 1.32.0 to 1.33.0 (#1252)
ee18335 Bump docker/login-action from 2.2.0 to 3.0.0 (#1286)
349527b Bump github.com/99designs/gqlgen from 0.17.36 to 0.17.37 (#1251)
a27452a Bump github.com/CycloneDX/cyclonedx-go from 0.7.1 to 0.7.2 (#1188)
a311a3d Bump github.com/DATA-DOG/go-txdb from 0.1.6 to 0.1.7 (#1220)
e9877b0 Bump github.com/aws/aws-sdk-go from 1.44.323 to 1.44.328 (#1174)
cda8855 Bump github.com/aws/aws-sdk-go from 1.44.328 to 1.44.333 (#1189)
e508715 Bump github.com/aws/aws-sdk-go from 1.44.333 to 1.45.2 (#1217)
987935c Bump github.com/aws/aws-sdk-go from 1.45.2 to 1.45.7 (#1254)
b0e92e1 Bump github.com/aws/aws-sdk-go from 1.45.7 to 1.45.12 (#1289)
c2286f4 Bump github.com/jedib0t/go-pretty/v6 from 6.4.6 to 6.4.7 (#1187)
4730899 Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#1291)
4bf6212 Bump github.com/regclient/regclient from 0.4.8 to 0.5.1 (#1218)
623d7a1 Bump github.com/sigstore/sigstore from 1.6.5 to 1.7.3 (#1221)
ff57642 Bump github.com/spdx/tools-golang from 0.5.2 to 0.5.3 (#1219)
e3d8893 Bump github.com/vektah/gqlparser/v2 from 2.5.8 to 2.5.9 (#1253)
6d70867 Bump go.uber.org/zap from 1.24.0 to 1.25.0 (#1173)
970af6a Bump go.uber.org/zap from 1.25.0 to 1.26.0 (#1288)
1f4c35b Bump golang.org/x/oauth2 from 0.11.0 to 0.12.0 (#1255)
9280233 Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#1175)
e3135b5 Bump google.golang.org/api from 0.136.0 to 0.138.0 (#1172)
9b74bde Bump google.golang.org/api from 0.138.0 to 0.141.0 (#1287)
1c104d0 Bump goreleaser/goreleaser-action from 4.4.0 to 5.0.0 (#1258)
51e8026 Bump sigstore/cosign-installer from 3.1.1 to 3.1.2 (#1216)
72d3825 Bump slsa-framework/slsa-github-generator from 1.8.0 to 1.9.0 (#1191)
31c9dbc CertifyBad: refactor validation checks (#1185)
a79ec2e Changed encoding/json to json-iterator/go for perf (#1250)
33af200 Changed make fmt to ignore .git files (#1280)
c46528b Confusing name of field in IsDependency GraphQL (#1305)
4dfaf8b Disable ent on 32 bit (#1226)
58d623e Ent - Bump v0.12.4-0.20230918073025-797534a0d1ca (#1283)
4f2c49e Ent - CertifyVuln: fixed noVuln management (#1240)
ceefb94 Ent - Dependency management (#1232)
80eab75 Ent - IngestBuilders with tests (#1260)
dc2f4d2 Ent - IngestCertifyGoods and IngestCertifyBads (#1295)
b28dce1 Ent - IngestHasSBOMs implementation with tests (#1265)
ebb6442 Ent - IngestHasSourceAts implementation (#1299)
6b9617c Ent - IngestHashEquals implementation (#1304)
40d3454 Ent - IngestSLSAs implementation with tests (#1248)
37fecf4 Ent - IngestScorecards implementation with tests (#1271)
810b0a9 Ent - IngestVulnEquals with tests (#1238)
dfa6537 Ent - Vulnerabilities management (#1212)
5ebbc66 Ent - upsertPackageIDDoNothing vs upsertPackageIDIgnore (#1270)
fce5de8 Feature/ Add arango unit tests (#1213)
e8816e2 Feature/ hasSourceAt bulk inmem and arango implementation (#1281)
4d685e2 Feature/add novuln bool to vulnerability filter (#1165)
3128475 Feature/add vuln metadata backend [inmem] (#1180)
48998db Feature/add vuln metadata schema (#1170)
e55fa24 Feature/arango certify vuln implementation (#1161)
f8b701e Feature/arango node query (#1301)
88dfb7e Feature/has metadata bulk ingestion and arango updates (#1262)
70774ce Feature/pkg equals bulk ingestion and arango updates (#1239)
6dfd549 Feature/pointofcontact bulk arango (#1268)
9fdc9a2 Feature/vuln equal bulk ingestion and arango updates (#1227)
30e2a71 Fix XML format validation (#1164)
967a46a Fix check for docker buildx (#1159)
c035663 Fix inmem unit test. (#1235)
4589fbf Fix/add missing unit tests arango (#1246)
dfab82e Fixed CSAF GetIdentifiers (#1264)
655342e Fixed Part of SemVer Issue (#1157)
be3da8d Fixed a Potential Stack Overflow Error in findProductRef (#1146)
1bba6a4 Fixed a Potential Stack Overflow Error in findPurl 2 (#1194)
8eb43c3 Fixed breaking change by bumping openVex to new release (#1306)
1c0a63f Implement RDMS backend (postgres/mysql/sqlite) (#910)
5f19f1c Implement new IsDependency graphql to point to versions (#1125)
861288d Implemented OpenVEX (#1241)
0268d1a Improved Runtime of Function Process in process.go (#1245)
567895e Included docstrings for parser_csaf (#1186)
c1413ad IngestVEXStatement: fix err management (#1203)
ebd91bb Ingestor/Assembler and SPDX Parser for Legal information. (#1244)
20fca4d Log and continue on ingest errors with bulk assemler. (#1275)
0423c59 Minor fixes to error messages patch.go (#1145)
a72cbbc Move validation checks into resolvers (#1210)
249fdd6 Performance improvements for depsdev API (#1263)
e59bbf4 Refactor ingestor code (#1195)
1e83043 Tag ent tests (#1200)
5fe78f7 Update resolvers for legal nodes and add tests. (#1269)
0e3ad1c Updated CollectedPypiWheelAxle (#1192)
7835a82 [Feature] add ingestion (including bulk) and query for VEX in Arango and inmem (#1184)
8634dd5 [feature] Adds a parser for CycloneDX Vex data (#1181)
69586ae add nightly release (#1273)
f5346dd add regen via make generate and add missing bulk ingest vex (#1204)
51100b7 add register for guesser, processor and parser. fix unknown status and justification (#1307)
8fbe560 add vuln metadata to arangodb with unit tests (#1223)
9c793a9 changing mutationAPI to only return IDs instead of whole struct to fi… (#1169)
fa78489 fix bug in hasSLSA for arango (#1303)
00fe9fa fix: increase gprc max message size (#1230)
2b44e51 guacone - managing totalSuccess (#1267)
3e496d1 inmem - PkgEqual: Subpath query filtering (#1249)
86b2099 prevent checking for dependency version in test so changes in this don't break the test (#1209)
c0efbbf remove helper as unused code (#1236)
0428adc remove parallel assembler as no longer needed (#1183)
5756e69 update SPDX parser to skip empty and 0 hashes (#1228)
3b1e4e0 update docker manifest name in nightly releases (#1302)
b2c9ce8 update readme to include backends and update supported types (#1205)
a085423 update vulnerability api (#1147)
0e5aa36 use github app token to trigger nightly release (#1294)
82d666d use officially released go-vex dependency (#1284)

Assets 57

Releases: guacsec/guac

v0.7.1

Contributors

What's Changed

Contributors

Uh oh!

v0.7.0

Contributors

What's Changed

Contributors

Uh oh!

v0.6.0

Highlights

Changelog

Uh oh!

v0.5.2

Highlights

What's Changed

Uh oh!

v0.5.1

Highlights

Changelog

Uh oh!

v0.5.0

Highlights

What's Changed

Uh oh!

v0.4.0

Highlights

What's Changed

Uh oh!

v0.3.0

Highlights

What's Changed

Uh oh!

v0.2.0

Highlights

What's Changed

Contributors

Uh oh!

v0-nightly

Changelog

Uh oh!