Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
CycloneDX/cdxgen (CycloneDX/cdxgen)
### [`v9.5.0`](https://togithub.com/CycloneDX/cdxgen/releases/tag/v9.5.0): - Where's the evidence?
[Compare Source](https://togithub.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0)
#### SBoM with evidence
This release introduces `evinse`, a new command to generate component evidence for Java projects. Three kinds of evidence are supported.
##### Occurrences
Shows all the places in the application source code where a given package is used.
Shows a dataflow call stack where a component gets invoked
Services and HTTP entry points created by the application.
#### What's Changed
- Fixes [#464](https://togithub.com/CycloneDX/cdxgen/issues/464): Updated the regex to support 'relocation' of a complete component by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/467](https://togithub.com/CycloneDX/cdxgen/pull/467)
- Evinse tool preview - part 1 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/465](https://togithub.com/CycloneDX/cdxgen/pull/465)
- Adds cdx-verify a simple command to verify signature by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/468](https://togithub.com/CycloneDX/cdxgen/pull/468)
- Evinse support for java with gradle project - part 2 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/472](https://togithub.com/CycloneDX/cdxgen/pull/472)
- Handle Gradle sub-projects correctly by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/470](https://togithub.com/CycloneDX/cdxgen/pull/470)
- Try multiple encoding to parse nuspec data. Fixes [#469](https://togithub.com/CycloneDX/cdxgen/issues/469) by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/475](https://togithub.com/CycloneDX/cdxgen/pull/475)
**Full Changelog**: https://github.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
9.4.0->9.5.0⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
CycloneDX/cdxgen (CycloneDX/cdxgen)
### [`v9.5.0`](https://togithub.com/CycloneDX/cdxgen/releases/tag/v9.5.0): - Where's the evidence? [Compare Source](https://togithub.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0) #### SBoM with evidence This release introduces `evinse`, a new command to generate component evidence for Java projects. Three kinds of evidence are supported. ##### Occurrences Shows all the places in the application source code where a given package is used.  Shows a dataflow call stack where a component gets invoked  Services and HTTP entry points created by the application.  #### What's Changed - Fixes [#464](https://togithub.com/CycloneDX/cdxgen/issues/464): Updated the regex to support 'relocation' of a complete component by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/467](https://togithub.com/CycloneDX/cdxgen/pull/467) - Evinse tool preview - part 1 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/465](https://togithub.com/CycloneDX/cdxgen/pull/465) - Adds cdx-verify a simple command to verify signature by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/468](https://togithub.com/CycloneDX/cdxgen/pull/468) - Evinse support for java with gradle project - part 2 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/472](https://togithub.com/CycloneDX/cdxgen/pull/472) - Handle Gradle sub-projects correctly by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/470](https://togithub.com/CycloneDX/cdxgen/pull/470) - Try multiple encoding to parse nuspec data. Fixes [#469](https://togithub.com/CycloneDX/cdxgen/issues/469) by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/475](https://togithub.com/CycloneDX/cdxgen/pull/475) **Full Changelog**: https://github.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.