Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
CycloneDX/cdxgen (CycloneDX/cdxgen)
### [`v9.5.0`](https://togithub.com/CycloneDX/cdxgen/releases/tag/v9.5.0): - Where's the evidence?
[Compare Source](https://togithub.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0)
#### SBoM with evidence
This release introduces `evinse`, a new command to generate component evidence for Java projects. Three kinds of evidence are supported.
##### Occurrences
Shows all the places in the application source code where a given package is used.
![Selection\_015](https://togithub.com/CycloneDX/cdxgen/assets/7842/cfa192c9-be14-4070-ac3a-c82efb6acbf5)
Shows a dataflow call stack where a component gets invoked
![Selection\_019](https://togithub.com/CycloneDX/cdxgen/assets/7842/9f71eedf-974a-4fa8-807c-e167a3222f87)
Services and HTTP entry points created by the application.
![Selection\_020](https://togithub.com/CycloneDX/cdxgen/assets/7842/450e977d-993b-46b8-a970-9756683a83af)
#### What's Changed
- Fixes [#464](https://togithub.com/CycloneDX/cdxgen/issues/464): Updated the regex to support 'relocation' of a complete component by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/467](https://togithub.com/CycloneDX/cdxgen/pull/467)
- Evinse tool preview - part 1 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/465](https://togithub.com/CycloneDX/cdxgen/pull/465)
- Adds cdx-verify a simple command to verify signature by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/468](https://togithub.com/CycloneDX/cdxgen/pull/468)
- Evinse support for java with gradle project - part 2 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/472](https://togithub.com/CycloneDX/cdxgen/pull/472)
- Handle Gradle sub-projects correctly by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/470](https://togithub.com/CycloneDX/cdxgen/pull/470)
- Try multiple encoding to parse nuspec data. Fixes [#469](https://togithub.com/CycloneDX/cdxgen/issues/469) by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/475](https://togithub.com/CycloneDX/cdxgen/pull/475)
**Full Changelog**: https://github.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
9.4.0
->9.5.0
⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
Release Notes
CycloneDX/cdxgen (CycloneDX/cdxgen)
### [`v9.5.0`](https://togithub.com/CycloneDX/cdxgen/releases/tag/v9.5.0): - Where's the evidence? [Compare Source](https://togithub.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0) #### SBoM with evidence This release introduces `evinse`, a new command to generate component evidence for Java projects. Three kinds of evidence are supported. ##### Occurrences Shows all the places in the application source code where a given package is used. ![Selection\_015](https://togithub.com/CycloneDX/cdxgen/assets/7842/cfa192c9-be14-4070-ac3a-c82efb6acbf5) Shows a dataflow call stack where a component gets invoked ![Selection\_019](https://togithub.com/CycloneDX/cdxgen/assets/7842/9f71eedf-974a-4fa8-807c-e167a3222f87) Services and HTTP entry points created by the application. ![Selection\_020](https://togithub.com/CycloneDX/cdxgen/assets/7842/450e977d-993b-46b8-a970-9756683a83af) #### What's Changed - Fixes [#464](https://togithub.com/CycloneDX/cdxgen/issues/464): Updated the regex to support 'relocation' of a complete component by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/467](https://togithub.com/CycloneDX/cdxgen/pull/467) - Evinse tool preview - part 1 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/465](https://togithub.com/CycloneDX/cdxgen/pull/465) - Adds cdx-verify a simple command to verify signature by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/468](https://togithub.com/CycloneDX/cdxgen/pull/468) - Evinse support for java with gradle project - part 2 by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/472](https://togithub.com/CycloneDX/cdxgen/pull/472) - Handle Gradle sub-projects correctly by [@malice00](https://togithub.com/malice00) in [https://github.com/CycloneDX/cdxgen/pull/470](https://togithub.com/CycloneDX/cdxgen/pull/470) - Try multiple encoding to parse nuspec data. Fixes [#469](https://togithub.com/CycloneDX/cdxgen/issues/469) by [@prabhu](https://togithub.com/prabhu) in [https://github.com/CycloneDX/cdxgen/pull/475](https://togithub.com/CycloneDX/cdxgen/pull/475) **Full Changelog**: https://github.com/CycloneDX/cdxgen/compare/v9.4.0...v9.5.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.