You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
bom merge improved: the dependencies are reconstructed, i.e. all dependencies
that existed in the SBOMs before the merge should also exist after the merge.
bom convert improved: we can now convert from and to CycloneDX XML.
new command bom validate to do a simple validation whether a given SBOM
complies with the CycloneDX spec version 1.4, 1.5 or 1.6.
bom findsources: programming language can be golang or go.
support for the new CyCloneDX 1.6 external reference type source-distribution
when trying to find the source code for a component.
Dependency updates.
2.6.0.dev1
make findsources more resilient against SW360 issues.
project createbom now stores multiple purls in the property "purl_list" instead of
trying to encode them in a strange way in the "purl" field.
support CycloneDX 1.6 and Siemens Standard BOM 3.
bom createcomponents: attachment upload is now more robust to prevent .git files being uploaded.
granularity list extended.
dependency updates.
getdependencies python can now detect and ignore dev dependencies also for new versions
of the poetry.lock file. This is done by using also the information of the pyproject.toml file.
