Pre-release v0.17.1

What's Changed

• Fix functional tests that do not validate by @mrutkows in #111
• Enable loading of remote JSON schemas (e.g., "https") on --force flag by @mrutkows in #112
• Support offline validation (no network) using only built-in, local schema by @mrutkows in #114

Full Changelog: v0.17.0...v0.17.1-pre

Release v0.17.0

What's Changed

• Add "Go Report Card" badge to README by @mrutkows in #98
• Enable additional CI workflow action linting/checks to main branch by @mrutkows in #100
• Update examples with new column output by @mrutkows in #101
• Support the --normalize flag on the Patch command by @mrutkows in #102
• Fix formatting of the patch example showing normalize by @mrutkows in #103
• Update links for CDX and SPDX spec. support badges by @mrutkows in #104
• Sync sample config.json with resources version by @mrutkows in #108
• Fix vuln. source name dereference if source nil by @mrutkows in #110

Full Changelog: v0.16.0...v0.16.1

Release v0.16.0

What's Changed

• Add CycloneDX v1.6 JSON schema (release) and base test by @mrutkows in #72
• Minor update to SPDX 2.3.1-development JSON schema which added a $schema meta-tag by @mrutkows in #73
• Update to latest 1.6-dev schema and add MLBOM, CBOM data tests by @mrutkows in #77
• Assure that License.Text struct is not nil before format/display by @mrutkows in #78
• Catch "diff" command panics within external library deps. and exit gracefully by @mrutkows in #80
• Support --normalize flag (sort+) for CycloneDX BOM on trim command output by @mrutkows in #81
• Streamline license list command report output and provide consistent column data by @mrutkows in #83
• Improve resource list command by adding group and description columns by @mrutkows in #84
• Support a component list report command with column (--where) filters and --summary options by @mrutkows in #85
• Support v1.6 bindings for new S&C standards Attestations by @mrutkows in #86
• Add new crypto-related datatypes for v1.6 Cryptographic BOM support by @mrutkows in #87
• Add datatypes for new v1.6 EnvironmentalConsiderations to ModelCard data by @mrutkows in #88
• Update README to document the new component list command with examples by @mrutkows in #89
• Update documentation to account for CycloneDX v1.6 data schema changes by @mrutkows in #90
• Fix query command example and supply minor edits by @mrutkows in #93
• Assure all configuration files are copied into release archive as samples by @mrutkows in #97

Full Changelog: v0.15.0...v0.16.0

Release v0.15.0

What's Changed

• go mod tidy imports
• Update base Go to v1.21 as well as update GitHub workflows and actions to latest versions
• Add tests to assure the indent flag works on all commands that produce JSON output by @mrutkows in #67
• Prepare underlying SHA256 and IETF RFC 6902 JSON Patch functionality for patch and merge commands by @mrutkows in #68
• Add new "patch" command using IETF RFC 6902 format by @mrutkows in #69
• Add more functional tests for the patch "remove" operation by @mrutkows in #70
• Simplify and update README to include patch command by @mrutkows in #71

Full Changelog: v0.14.0...v0.15.0

Release v0.14.0

What's Changed

• Normalize and export all utility commands and their parameters by @mrutkows in #60
• Add Trim command supporting rewriting of BOMs without selected fields and their data by @mrutkows in #62
• Trim() JSON document keys only under paths supplied using the '--from' flag by @mrutkows in #63
• Improve marshal performance by using pointers within CycloneDX Vulnerability data structures by @mrutkows in #65
• Enable JSON output from Trim(), Query() to be indented using a user-supplied number of space characters by @mrutkows in #66

Full Changelog: v0.13.0...v0.14.0

v0.14.0 Pre-release

v0.14.0-pre

Improve marshal performance by using pointers within CycloneDX Vulner…

Release v0.13.0

What's Changed

• Updates for v1.5 schema as structures by @mrutkows in #48
• Support JSF schema in CycloneDX code structures
• Embed default configuration files into binary (i.e., config.json and license.json) by @mrutkows in #52
• Support stdin for --input-file flag on all commands by @mrutkows in #54
• Test validation using all CycloneDX bom-examples including SBOM, HBOM, OBOM, VEX, etc. by @mrutkows in #55
• Enable mocking of stdin for all Validate command unit tests by @mrutkows in #56
• Update release workflow to use Go v1.21.0 by @mrutkows in #57
• Update release workflow to use wangyoucao577/[email protected]
• Refactor README examples accounting for stdin and example SBOM path changes by @mrutkows in #59

Full Changelog: v0.12.0...v0.13.0

Release v0.12.0

What's Changed

• Add new command to "diff" two BOM versions and produce JSON Patch output (RFC 6902) by @mrutkows in #33
• Support schema error results to be ouptut in JSON format including custom format flags by @mrutkows in #40
• Add CycloneDX v1.5 JSON schema and update resource config by @mrutkows in #41
• Remove invalid output file warning on validate command by @mrutkows in #42
• Add CSV output for validation errors and further streamline formatting code path by @mrutkows in #43
• replace deprecated ioutil functions by @ajistrying in #44

New Contributors

• @ajistrying made their first contribution in #44

Full Changelog: v0.11.0...v0.12.0

v0.11.0

What's Changed

• Add support for where filter and text wrap in license policy command by @mrutkows in #16
• Vulnerability command improvements by @mrutkows in #17
• Add the omitempty directive for the JSON marshaller for all CycloneDX struct fields by @mrutkows in #19
• Improve responsiveness of SBOMs that have large #s of errors by @mrutkows in #22
• Add custom JSON Marshallers to reduce size of JSON vulnerability reports by @mrutkows in #28
• Update license policies to include SPDX 3.20 data and improve the policy list command by @mrutkows in #30
• Update JSON schema to latest versions of CycloneDX v1.5-dev and SPDX 2.3.1 development by @mrutkows in #32

Full Changelog: v0.10.0...v0.11.0

v0.10.0

What's Changed

• Add aliases support for license names and add some SPDX 3.20 license entries by @mrutkows in #2
• Adjust github workflow go.yml to not fail due to false positives on error test output by @mrutkows in #4
• Add basic vulnerability list command support by @mrutkows in #7
• Fix license expression parser to allow for single compound expression with parens by @mrutkows in #8
• Add another VEX test file from dep-scan with attribution by @mrutkows in #10
• Update SPDX schemas for v2.2.2, v2.3, v2.3.1 by @mrutkows in #9
• Add support for filtering list command using where flag by @mrutkows in #11
• Initial update of simplified README based upon new demo script by @mrutkows in #14
• Fix column names for vulnerability command by @mrutkows in #15

Full Changelog: v0.9.3...v0.10.0