Skip to content

v1.6.1
Compare
Choose a tag to compare
@github-actions github-actions released this 18 Jan 01:37
· 171 commits to main since this release
v1.6.1
f6b0443
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

v1.6.0/v1.6.1:

Features

  • Feature #694 Add support for NuGet lock files version 2.

  • Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities.

  • Feature #702 Created an option to skip/disable upload to code scanning.

  • Feature #732 Add option to not fail on vulnerability being found for GitHub Actions.

  • Feature #729 Verify the spdx licenses passed in to the license allowlist.

Fixes

  • Bug #736 Show ecosystem and version even if git is shown if the info exists.

  • Bug #703 Return an error if both license scanning and local/offline scanning is enabled simultaneously.

  • Bug #718 Fixed parsing of SBOMs generated by the latest CycloneDX.

  • Bug #704 Get go stdlib version from go.mod.

API Features

  • Feature #727 Changes to Reporter methods to add verbosity levels and to deprecate functions.

New Contributors

Full Changelog: v1.5.0...v1.6.0-alpha3

Contributors

geekNero
Assets 10