Skip to content

Release v11.2.6
Compare
Choose a tag to compare
@prabhu prabhu released this 22 Apr 23:53
· 127 commits to master since this release
v11.2.6
67affb4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

cdxgen can now statically analyse itself to create a detailed SBOM with all occurrences and call-stack evidence. Plotting all call-stack evidence for a large pure JavaScript codebase like ours was previously not possible due to various issues in the downstream tools, all of which have finally been addressed. The generated BOMs, including atom slices, can be found in this Hugging Face repo.

Below is an example of a complete data-flow that was plotted only using the information in the cdxgen generated BOM file.

Screenshot 2025-04-23 at 03 37 25 Screenshot 2025-04-23 at 03 37 43

More examples can be found in this file.

What's Changed

  • [Gradle] Optimization for included/composite builds broke cdxgen on single module by @malice00 in #1744
  • Prefix language to support multiple slices files for evinse by @prabhu in #1748
  • pnpm add and dlx plugins detection by @prabhu in #1749
  • Makes oci image export more robust when using cli by @prabhu in #1751

Full Changelog: v11.2.5...v11.2.6

Contributors

prabhu and malice00
Assets 22
Loading