- Include (CycloneDX)[https://cyclonedx.org/] software bill of materials (SBOM) generation support - Use SPDX official license list for dependency license IDs - Include (Package URL i.e. purl)[https://github.com/package-url/purl-spec] in Dependency model - Include discovered package hashes in Dependency model
1.1.0
- Introduced new dynamic policies -- Existing policy types, `package_name` and `license_type` will now be known as `legacy` policies. -- New policy types can be defined as logical condition strings (i.e. `license_type IN MIT,ISC,Apache-2.0`)
1.0.2
- Avoid errors when processing dependency specifications with invalid characters
1.0.1
- Fixed bug where vuln processing could fail if version was unspecified
1.0.0
- Operating model changed from API based to local analysis - Added support for policy checks - Removed support for project and DADA configuration - Removed the need for any account, credentials, or usage limits