v1.0.0-alpha.0

Changelog

0cbc174 ci: build and test against go 1.17 (#54)
9cff325 ci: build prs to develop-v1.0.0 as well
e93ff2d feat: add license resolution support for bin command (#52)
2b197e4 feat: generate sboms from binaries (#46)
edd71cb feat: use license evidence for detected licenses (#49)
d5e9f22 fix: ensure binary path is not a directory
404d7ee introduce multi-command cli (#45)
aee6d77 refactor: remove spdx code (#48)
2cb46a5 update cyclonedx-cli: 0.15.2 -> 0.17.0
5bab19b update cyclonedx-go: v0.3.0 -> v0.4.0

Docker images

• docker pull cyclonedx/cyclonedx-gomod:v1.0.0-alpha.0
• docker pull cyclonedx/cyclonedx-gomod:v1
• docker pull cyclonedx/cyclonedx-gomod:v1.0

v0.10.0

Changelog

2d76e87 build: set pseudo version for Makefile builds
370a540 chore: tidy go.mod and go.sum
d975554 chore: update spdx licenses
830142c feat: sort dependencies by path
08d0a50 refactor: add license header to generated file
27eb9c8 refactor: fix inconsistency of b911e74
1dbd74a refactor: handle error when executing template
9a2a1a0 refactor: move spdx files into their own package
aa5c7c8 refactor: transfer copyright to owasp
b911e74 refactor: use common funcs for go command execution

Docker images

• docker pull cyclonedx/cyclonedx-gomod:v0.10.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.10

v0.9.0

Changelog

8f35eaf feat: correctly identify versions of modules in repo subdirectories (#35)
dfa3099 feat: local license detection (#41)

Docker images

• docker pull cyclonedx/cyclonedx-gomod:v0.9.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.9

v0.8.3

⚠ This bugfix release fixes an issue which caused the license resolution to fail. If you use the -licenses flag, please update. ⚠

Changelog

9ae9572 build(deps): bump github.com/PuerkitoBio/goquery from 1.7.0 to 1.7.1
2c7c568 build(deps): bump github.com/google/uuid from 1.2.0 to 1.3.0
d378fe3 chore(deps): update cyclonedx-go to v0.3.0
85c1508 ci: add github-actions ecosystem to dependabot.yml
7005c88 ci: add golangci-lint; fix issues discovered by linters
28a46db ci: build on branch only
5377933 ci: don't run workflow when only examples were changed
4ce10bd ci: schedule CI workflow to run daily
8496e70 ci: update gh action to v0.3.0
6d91ed0 ci: update version in gh action to v0.8.2
9460c18 feat: check for minimum required go version
c1177f4 fix: broken license resolution due to tag change in pkg.go.dev

Docker images

• docker pull cyclonedx/cyclonedx-gomod:v0.8.3
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.8.2

⚠ This bugfix release fixes an issue which caused the license resolution to fail. If you use the -licenses flag, please update. ⚠

Changelog

197c8f6 build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.1.0 to 0.2.1
dbdb7b2 build(deps): bump github.com/PuerkitoBio/goquery from 1.6.1 to 1.7.0
a962022 build(deps): bump github.com/go-git/go-git/v5 from 5.4.1 to 5.4.2
7ed6aba ci: gitignore SBOMs generated during CI
d14295c ci: update cyclonedx-cli: v0.15.1 -> v0.15.2
74f749d ci: update gh action to v0.2.0
7099a37 ci: use gh action; only generate json sbom
85eae01 fix: broken license resolution due to tag change in pkg.go.dev
1d28706 fix: strip major version suffixes from github URLs

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.8.2
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.8.1

Changelog

7af0966 fix: download modules before running go list -m (#26)

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.8.1
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.8.0

• Instead of the complete module graph, SBOMs now include only those modules that are actually used by the main module.
• Test-only dependencies are now excluded per default. Use the new -test flag to include them.
• Test-only components now have the scope optional.

Changelog

1466b5d build(deps): bump github.com/go-git/go-git/v5 from 5.3.0 to 5.4.1
57b5119 chore: add NOTICE; add license headers
f98dd7c feat: filter out unused modules and identify test-only dependencies
3bf1012 refactor: correctly determine batch sizes for go mod why calls

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.8.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.7.1

Changelog

91534cd fix: incomplete dependency graph (missing some edges)

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.7.1
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.7

v0.7.0

Changelog

7be407b ci: remove make bom step from workflow
fcba54a ci: update cyclonedx-cli: v0.14.0 -> v0.15.1
3e844b9 feat: don't resolve licenses for local modules
5cf9b4d feat: introduce -reproducible flag
4e7d435 fix: null-deref panic when using -std on a module without dependencies

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.7.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.7

v0.6.1

Changelog

5c79db4 feat: also include non-spdx resolvable licenses
6257210 fix: licenses cannot include ID and name

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.6.1
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.6