This release is a mix of features, bug fixes, and technical debt cleanup. In accordance with EO 14028, this release added functionality to ensure that Tern's SPDX reports include all of the NTIA's minimum elements for an SBOM. This release also adds Package URL (purl) external references to SPDX reports. Finally, this release includes an important security update for GitPython to address CVE-2022-24439.
- Add purl ExternalRefs to SPDX reports
- Add package architecture info to data model
- Add package supplier info to SPDX reports
- Catch all invalid license key characters
- Fix container package version when no tag provided
- Fix container package name when analyzing local image
- Commas included in SPDX license expressions instead of 'AND'
- Remove slashes from SPDX package refs
Note: This changelog will not include these release notes
Changelog generated by command: git log --pretty=format:"%h %s" v2.11.0..HEAD
ba67656 Update LicenseListVersion to 3.20
ea97fb6 Remove slashes from SPDX package refs
6be6976 Invalid chars included in SPDX declared licenses
c4b3508 Add purl information to SPDX reports
a5ebbc1 Add purl information to SPDX reports
eec8761 Add pkg_supplier collection method for tdnf
3624b30 Add package architecture info to data model
5ab79f3 Change pacman and go pkg_format to mirror PURL
df242ba Correctly parse and report local image names
b45e584 Add package supplier info to Tern reports
ede4645 Add package supplier info to SPDX reports
bb2a724 Add package supplier info to package objects
2e51f67 Add version info to layer Packages in SPDX reports
700df46 Catch all invalid license key characters
Marc-Etienne Vargenau [email protected]
Ivana Atanasova [email protected]
Rose Judge: [email protected] Nisha Kumar: [email protected]