Workflow

Capycli

Latest version: v2.6.0

Safety actively analyzes 693883 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 1 of 7

2.6.0

* `bom merge` improved: the dependencies are reconstructed, i.e. all dependencies
that existed in the SBOMs before the merge should also exist after the merge.
* `bom convert` improved: we can now convert from and to CycloneDX XML.
* new command `bom validate` to do a simple validation whether a given SBOM
complies with the CycloneDX spec version 1.4, 1.5 or 1.6.
* `bom findsources`: programming language can be `golang` or `go`.
* support for the new CyCloneDX 1.6 external reference type `source-distribution`
when trying to find the source code for a component.
* Dependency updates.

2.6.0.dev1

* make `findsources` more resilient against SW360 issues.
* `project createbom` now stores multiple purls in the property "purl_list" instead of
trying to encode them in a strange way in the "purl" field.
* support CycloneDX 1.6 and Siemens Standard BOM 3.
* `bom createcomponents`: attachment upload is now more robust to prevent .git files being uploaded.
* granularity list extended.
* dependency updates.
* `getdependencies python` can now detect and ignore dev dependencies also for new versions
of the `poetry.lock` file. This is done by using also the information of the `pyproject.toml` file.
* add documentation for SBOM filtering.

2.5.1

* fix: urls coming from granularity file are repository urls and not source code
download urls.
* fix wrong variable to correct `bom findsources`.
* fix loading of SBOMs that support different kinds of licenses.
* run unit tests also for Python 3.12 and 3.13.

2.5.0

* Fixed an error when creating an SBOM from a project on SW360 when this project
contains a component with more than one package-url.
* Fixed an issues when getting invalid package-urls.
* New flag `-pms` or `--project-mainline-state` to specify which project mainline state
should be used for releases of a new project created by `project create`.
* Dependency updates.

2.4.0

* CaPyCLI is more resilient when accessing SW360.
* Dependency updates:
* idna 3.6 => 3.7 to fix a security vulnerability
* sw360 1.4.1 -> 1.5.0 to have an improved session handling for all api requests.

2.3.0

Not secure
* Have an updated granularity list.
* New feature that adds a flag `force error` to `project prerequisites` to exit the application
with an error code in case of a failed prerequisites check.
* The flag `force error` is also available for `project getlicenseinfo` and results in an error
code if a CLI file is missing.

Page 1 of 7

Links

Releases

Has known vulnerabilities

Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.