Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

Added

Upcoming changes...

1.18.1 - 2024-11-19

Added

Added 'component' field in CycloneDX output

1.18.0 - 2024-11-11

Fixed

Fixed post processor being accesed if not set

Added

Added support for replace action when specifying a settings file
Added replaced files as context to scan request
Added sbom format flag to define status output for undeclared policy

1.17.5 - 2024-11-12

Fixed

Fix dependencies scan result structure

1.17.4 - 2024-11-08

Fixed

Fix backslashes in file paths on Windows

1.17.3 - 2024-11-05

Fixed

Fixed undeclared policy

1.17.2 - 2024-11-01

Fixed

Fixed parsing of dependencies in Policy Checks
Fixed legacy SBOM.json support

Added

Added supplier to SPDX packages

Changed

Changed undeclared summary output

1.17.1 - 2024-10-24

Fixed

Fixed policy summary output

1.17.0 - 2024-10-23

Added

Added inspect subcommand
Inspect for copyleft licenses (scanoss-py inspect copyleft -i scanoss-results.json)
Inspect for undeclared components (scanoss-py inspect undeclared -i scanoss-results.json)

Fixed

Fixed SPDX date format

1.16.0 - 2024-10-08

Added

Added the metadata field to the output in CycloneDX format, now including the fields timestamp, tool vendor, tool and tool version

1.15.0 - 2024-09-17

Added

Added Results sub-command:
Get all results (scanoss-py results /path/to/file)
Get filtered results (scanoss-py results /path/to/file --match-type=file,snippet status=pending)
Get pending declarations (scanoss-py results /path/to/file --has-pending)
Added --settings option to scan command to specify a settings file
Specify settings file (scanoss-py scan --settings /path/to/settings.json /path/to/file)
Added support for filtering dependencies based on development or production dependency scopes
Added support for defining custom scopes to include or exclude dependencies with specified scope criteria

1.14.0 - 2024-08-09

Added

Added support for Python3.12
Module pkg_resources has been replaced with importlib_resources
Added support for UTF-16 filenames

1.13.0 - 2024-06-05

Added

Added scan command option to specify a list of files (--files) to analyse

1.12.3 - 2024-05-13

Fixed

Fixed export issue when license details are missing (SPDX/CycloneDX)

1.12.2 - 2024-04-15

Added

Added tagging workflow to aid release generation

1.12.1 - 2024-04-12

Changed

Removed '.whl' file extension from filtered extensions

1.12.0 - 2024-03-26

Changed

Updated free default URL to now point to https://api.osskb.org
Updated premium default URL to now point to https://api.scanoss.com

1.11.1 - 2024-03-18

Added

Integrate CURL and jq
- Includes CURL and jq within the Docker image to facilitate seamless interactions with third-party integrations.

1.11.0 - 2024-03-13

Added

Added scan/wfp file filtering options
- Exclude files matching MD5 --skip-md5 (repeat as needed)
- Strip code fragments using HPSM --strip-hpsm (repeat as needed)
- Strip code fragments using snippet IDs --strip-snippet (repeat as needed)

1.10.0 - 2024-02-09

Added

Added scan/wfp file filtering options
- Exclude file extensions --skip-extension (repeat as needed)
- Exclude folder --skip-folder (repeat as needed)
- Exclude files smaller than specified --skip-size
Added scan_files_with_options SDK capability
- Enables a programmer to supply a specific list of files to scan

1.9.0 - 2023-12-29

Added

Added dependency file decoration option to scanning (scan) using --dep
- More details can be found in CLIENT_HELP.md

1.8.0 - 2023-11-13

Added

Added Component Decoration sub-command:
- Semgrep (scanoss-py comp semgrep)

1.7.0 - 2023-09-15

Added

Added Component Decoration sub-commands:
- Search (scanoss-py comp search)
- Versions (scanoss-py comp versions)
- Vulnerabilities (scanoss-py comp vulns)

1.6.3 - 2023-08-22

Changed

Changed default scan POST size to 32k
Changed default scanning threads to 5 (and timeout to 180 seconds)
Improved HPSM generation performance

1.6.2 - 2023-08-11

Added

Added .woff2 to the list of file type to skip while scanning

1.6.1 - 2023-07-06

Fixed

Fixed issue with CSV dependency generation
Increased scanoss-winnowing minimum requirement to match HPSM support

1.6.0 - 2023-06-16

Added

Added support for High Precision Snippet Matching (--hpsm or -H) while scanning
- scanoss-py scan --hpsm ...

1.5.2 - 2023-06-13

Added

Added retry limit option (--retry) while scanning
- --retry 0 will fail immediately

1.5.1 - 2023-04-21

Added

Added support scanning/fingeprinting file contents from STDIN
- cat test.py | scanoss-py scan --stdin test.py -o results.json
- cat test.py | scanoss-py wfp --stdin test.py -o fingers.wfp

1.5.0 - 2023-03-21

Added

Added support for component cryptographic reporting
- scanoss-py component crypto ...

1.4.2 - 2023-03-09

Fixed

Fixed issue with custom certificate when scanning (--ca-cert)

Added

Added support to download full certificate chain with:
- cert_download.sh
- scanoss-py utils cdl

1.4.0 - 2023-03-01

Added

Added support for fast winnowing (15x improvement) thanks to a contribution from tardyp
- This is enabled by a supporting package; scanoss_winnowing.
- It can be installed using: pip3 install scanoss_winnowing
- Or using: pip3 install --upgrade scanoss[fast_winnowing]

1.3.7 - 2023-02-07

Added

Upgrade to the latest protobuf and grpcio packages
Added GH Actions for building

1.3.6 - 2023-02-02

Added

Added support for Proxy Auto-Config (--pac) and GRPC proxy (--grpc-proxy)

1.3.5 - 2023-01-31

Added

Added extra fields to CSV output (detected_url, detected_path)

1.3.4 - 2023-01-16

Added

Added User-Agent client/version to requests

1.3.3 - 2023-01-06

Added

Added support for handling 503 service unavailable responses
Added latest SPDX license definitions (2.2.7)

1.3.2 - 2022-12-28

Added

Added x-request-id to all scanning requests
Added bad_request error log file to aid debug

Fixed

Fixed issue when fingerprinting large files with a small POST (--post-size)

1.3.1 - 2022-12-07

Added

Added utils cert-download sub-command to help with the use of custom certificates
- Included a local certificate download script leveraging openssl too: cert_download.sh
Added documentation to help with certificate and proxy configuration

1.3.0 - 2022-12-02

Added

Added support for proxy (--proxy) and certificates (--ca-certs) while scanning
- Certificates can also be supplied using environment variables: REQUESTS_CA_BUNDLE & GRPC_DEFAULT_SSL_ROOTS_FILE_PATH
- Proxies can be supplied using: grpc_proxy, https_proxy, http_proxy, HTTPS_PROXY, HTTP_PROXY
Added snippet match fields to CSV output
Added convert command to convert raw JSON reports into CSV, CycloneDX and SPDXLite
Added utils certloc sub-command to print the location of Python's CA Cert file
- This is useful to know where to append custom certificates to if needed

1.2.3 - 2022-11-22

Added

Added Max Threaded scanning override env var (SCANOSS_MAX_ALLOWED_THREADS) If the backend system can handle more than the current maximum (30), then set this env to that number export SCANOSS_MAX_ALLOWED_THREADS=40

1.2.2 - 2022-11-18

Added

Added SSL cert error ignore option (--ignore-cert-errors) for REST calls Custom certificates can be supplied using environment variables
Added multi-platform Docker images (AMD64 & ARM64)

1.2.1 - 2022-11-11

Added

Added sub-command (file_count)to produce a file summary (extensions & size) into a CSV

1.2.0 - 2022-11-08

Added

Added vulnerability reporting to CycloneDX output
Added obfuscation to fingerprinting (--obfuscate)
Added obfuscation to scanning (--obfuscate)

1.1.1 - 2022-10-19

Fixed

Fixed issue with dependency parsing of yarn.lock files

1.1.0 - 2022-10-12

Fixed

Added LicenseRef info to SPDX Lite output
Updated CycloneDX output format to support version 1.4

Added

Added request id to gRPC requests

1.0.6 - 2022-09-19

Added

Added support for scancode 2.0 output format

1.0.4 - 2022-09-07

Fixed

Fixed spelling mistake in SPDX output
Adjusted protobuf module requirements

1.0.0 - 2022-07-22

Added

Added support for CSV output (--format csv)
Added documentDescribes to SPDXLite output

0.9.0 - 2022-06-09

Added

Added support for dependency scanning (--dependencies)
- This depends on scancode to search for dependency files
Added dependency data to output reports

0.7.4 - 2021-12-15

Changed

Updated SPDX Lite report output data (--format spdxlite)

0.7.3 - 2021-12-11

Added

Added support for SPDX Lite report output (--format spdxlite)

0.7.2 - 2021-12-10

Added

Added option to process all file extensions while scanning (--all-extensions)
Added option to process all folders while scanning (--all-folders)
Added option to process all hidden files/folders while scanning (--all-hidden)

0.7.1 - 2021-11-12

Added

Added option to skip WFP file generation while scanning (--no-wfp-output)

0.7.0 - 2021-11-08

Added

Added option to change default REST timeout (--timeout)
Added threaded scanning to WFP file processing

Changed

Changed from GPL license to MIT
Changed minimum Python version to 3.7

0.6.11 - 2021-10-18

Added

Added option to skip snippet generation in the client (--skip-snippets)
Added option to tune the scan packet post size (--post-size)
Added Docker/Container support for running the client
Fixed threading issue while scanning

0.6.6 - 2021-08-20

Fixed

Fixed broken call for scanning WFP file only

0.6.5 - 2021-07-15

Added

Added support to start scanning while fingerprinting to further increase scan performance

Fixed

Ignoring broken symlink files

0.6.0 - 2021-07-14

Added

Added threading to speed up fingerprint scanning

0.5.6 - 2021-07-12

Added

Added changelog

0.5.5 - 2021-07-09

Added

Added input SBOM JSON validation
Added REST POST retry logic

0.5.4 - 2021-07-08

Added

Added --ignore option to scan command

[0.5.2] - 2021-06-29

Fixed

Fixed filtering bug