Skip to content

v2.0.0
Compare
Choose a tag to compare
@tngraf tngraf released this 02 Jun 13:48
· 139 commits to main since this release
v2.0.0
eecb7f8

2.0.0 (2023-06-02)

This is the list of changes from version 1.9.1 to 2.0.0:

  • breaking changes

    • new command bom convert to import and export SBOM in mutiple formats.
      This new command replaces bom fromCSV, bom FromFlatFist, bom FromSbom,
      bom ToHtml and bom ToSbom.
    • bom sort is discontinued, CycloneDX SBOMs are always sorted by component name.
    • The option -source of GetDependencies python is discontinued, please use
      bom downloadsources instead.
    • project show writes the output file only in plain JSON and not CycloneDX.
    • project CreateReadme requires new entries in readme_oss_config.json to be independent
      of the name Siemens
      • CompanyName
      • CompanyAddressN, N = 1..4
    • bom map now uses alphanumeric identifier for mapping instead of integer values:
      • INVALID: 0-invalid instead of 0
      • FULL_MATCH_BY_ID: 1-full-match-by-id instead of 1
      • FULL_MATCH_BY_HASH: 2-full-match-by-hash instead of 2
      • FULL_MATCH_BY_NAME_AND_VERSION: 3-full-match-by-name-and-version instead of 3
      • MATCH_BY_FILENAME: 4-good-match-by-filename instead of 4
      • MATCH_BY_NAME: 5-candidate-match-by-name instead of 5
      • SIMILAR_COMPONENT_FOUND: 6-candidate-match-similar-component instead of 6
      • NO_MATCH: 9-no-match instead of 100
    • bom map now uses alphanumeric identifier for map modes (-m) instead of integer values:
      • all instead of 0
      • found instead of 1
      • notfound instead of 2
    • dropped support for option -stage. The SW360 server instance can get specified via the -url parameter.
    • The hard coded address https://sw360.siemens.com has been removed.
      CaPyCLI reads the SW360 server address either from the environment variable SW360ServerUrl or
      via the -url parameter.
    • CaPyCLI supports an optional config file .capycli.cfg. Settings defined in the config file
      supersede settings in environment variables. Command line parameters supersede config file settings.
    • bom map will report matches by name, but different version only if -all has been specified.
      The original idea of CaPyCLI was to report as many potential matches as possible and to let the user
      decide which match to take by editing the SBOM. But it seems that many users did not read the documentation
      and the expectations were different. Therefore the default behavior has been changed.
      The original behavior of versions prior to 2.x can be enabled via the -all switch.

  • Enhancements

    • Have an updated granularity list.
    • A list of frequently asked questions has been added.
    • getdependencies python now also accepts a Poetry lock file (must be poetry.lock) as input.
      Development dependencies are automatically excluded.
    • Code of conduct added.
    • Warnings about multiple purls entries when running bom map are now only shown if -v has been specified.
    • The cache functionality of bom map also supports the staging system.
    • project GetLicenseInfo can take over data from existing Readme_OSS config files.
Assets 2