v2.2.6

🌲 Major improvements

• Added libyear scanner for Java binary applications
• Replaced mustache by handlebars for reports. Added local container build for handlebar on Mac/Linux ARM/x86
  • 10x faster HTML generation
  • partial page rendering and component reuse
• Updated OWASP DC to its latest version (9.2.0) leveraging the latest NDV database

🪴 Minor changes

• Security and cloud-readiness heatmaps updated to have one column per tool
• Various fixes and improvements

🌱 Tools updated

• Linguist updated to 7.30.0
• PMD updated to 7.2.0
• Syft updated to 1.6.0
• Grype updated to 0.78.0
• OSV updated to 1.7.4
• Bearer updated to 1.43.7
• Fernflower updated to 242.12881.66
• NGinx updated to 1.27.0
• Rust updated to 1.78.0
• .NET runtime updated to 8.0.6

Full Changelog: v2.2.4...v2.2.6

v2.2.4

🦒 Major improvements

• Adding Handlebars as alternative to Mustache
  • Used Rust implementation has been tested to be 10x-15x faster than Mustache
  • Provides more modularity (partials)
• Adding support for Amazon Linux 2023

🦘 Minor changes

• Adding summary-page for Archeologist
• Various fixes (including for #25 and #23)

🐥 Tools updated

• Grype updated to 0.77.3
• Trivy updated to 0.51.1
• Fernflower updated to 241.15989.150

Full Changelog: v2.2.3...v2.2.4

v2.2.3

🛡 Major improvements

• Added dedicated security pages with summaries (statistics, pie diagram) for:
  • OWASP DC
  • FindSecBugs
  • Bearer
  • Insider SAST
• Kept one column per tool on the security heatmap page (reordered columns)

🌺 Minor improvements

• Moved all mustache templates in a separate directory
• Various fixes and markup cleanup (SLScan extraction, broken links on empty pages ...)

v2.2.2

🦒 Major improvements

• Added donut/pie diagrams summarizing findings for Archeo, OSV, Grype, Trivy and SLScan
• Added full-fledge HTML report for OSV results (d1bdad9)
• Updating WAMT to also analyze JAR applications (a8c78f4)

🦘 Minor changes

• Reactivated autoindex pages (e448bbc)
• Updated CLI command names (599a494)
• Added validation for generated reports (6fdffd3)
• Fixed various minor layout and links issues

🐥 Tools updated

• PMD updated to 7.1.0
• Syft updated to 1.3.1
• Grype updated to 0.77.1
• Trivy updated to 0.50.4
• OSV updated to 1.7.2
• Fernflower updated to 241.15989.69
• NGINX updated to 1.26.0

Full Changelog: v2.2.1...v2.2.2

Thanks to @nevenc for his contribution!

v2.2.1

• Made generated reports rootless
• Upgraded Syft and Fernflower
• Fixed erroneous CSA "0" scores
• Various minor fixes

v2.2.0

🐘 Major improvements

• Added Bearer security analyzer
• Updated PMD to its next major version (7.0.0)
• Containerized all remaining tools in use: CSA-Bagger, CSA, CLOC, Fernflower, PMD: heavily reduced prerequisites, validations, simplified execution
• Removed multi-application-group mode and application group name from report folders
• Restructured generated reports and logs by tool
• Centralized used versions and container names in _versions.sh
• Added ./audit reports command to review the generated reports
• Added ./audit validatecommand to validate the container images in use

🦓 Minor changes

• Added memory limit check for the container engine in used (docker/podman)
• Cleaned up layout, documentation, and K8s deployments
• Added overall audit duration to the execution timeline page
• Added ./audit version command
• Bagger: upgraded dependencies and fixed CSA DB issues
• Archeo: updated supportability-related information
• Various fixes, stability improvements, and code removal

🦎 Tools updated

• CSA updated to 4.1.15
• IBM WAMT updated to 24.0.0.1
• Linguist updated to 7.29.0
• Scancode updated to 32.1.0
• MAI updated to 1.9.22
• PMD updated to 7.0.0
• Syft updated to 1.1.1
• Grype updated to 0.75.0
• Trivy updated to 0.50.1
• OSV updated to 1.7.0
• Fernflower updated to 241.14494.240

Full Changelog: v2.1.0...v2.2.0

v2.1.0

☀️ New features

• Integrated OSV, an Open source vulnerability DB and triage service. 7aba985
• Crafted a custom analyzer "Archeologist" checking duplicated, undesirable and unsupported libraries (Spring/Micrometer).
• Upgrade external image loading and processing to dynamic model (node.js). 3c521db
• Updated report logos and style to match Broadcom guidelines. 3a8c79b
• Various fixes and improvements.

🧰 Tool updates

• CSA updated to 4.1.12
• WAMT updated to 23.0.0.5
• GitHub Linguist updated to 7.28.0
• CLOC updated to 2.00
• MAI updated to 1.9.19
• Syft updated to 0.105.0
• Grype updated to 0.74.6
• Trivy updated to 0.49.1
• NGINX updated to 1.25.4
• Bootstrap Icons updated to 1.11.3

v2.0.5

🩹 Fixes

• Solving issue on older Ubuntu versions during setup process f289184

Thank you for this contribution 🙏

v2.0.4

🧰 Tool updates

• MAI updated to 1.9.15 9faa1f8
• Syft updated to 0.97.1 d371d3b
• Grype updated to 0.73.3 8f91b47
• Trivy updated to 0.47.0 909cf58
• CSA updated to 4.1.11 28b01a5
• OWASP DC updated to 8.4.3 2695363
• Mustache updated to 3.0.4 909cf58

🩹 Fixes

• Solving issue #4 during setup process f35a08d

🙏 Thanks a lot for your contributions.

v2.0.3

🧰 Tool updates

• Trivy updated to 0.46.1 b5e8c17
• Syft updated to 0.94.0 a237dff
• Grype updated to 0.72.0 a237dff
• OWASP DC updated to 8.4.2 a237dff
• IBM WAMT updated to 23.0.0.4 5c5a6fc
• Scancode updated to 32.0.8 5c5a6fc
• CSA updated to 4.1.9 a237dff
• MAI updated to 1.9.14 5c5a6fc
• NGINX updated to 1.25.3 b5e8c17
• Mustache updated to 3.0.3 110e223
• Bootstrap updated to 5.3.2 110e223
• Bootstrap Icons updated to 1.11.1 110e223

🎃 Fixes

• Improving setup process c566f8c

🙏 Thanks a lot for your contributions and happy Halloween!