Releases: JulietSecurity/abom
Releases · JulietSecurity/abom
Release list
v0.2.1
Changes
- Advisory database is now fetched from
https://advisories.juliet.sh/db/advisories.json(CDN-cached, behind a stable custom domain). Previously usedraw.githubusercontent.com, which has tighter rate limits under heavy CI use. No user-facing behavior change.
v0.2.0
Features
--verify-shas: verify SHA-pinned action refs are reachable from their upstream repo (#4)--fail-on-warnings: exit non-zero when any warnings fire (#4)--resolve-refs: optionally resolve tag and branch refs to commit SHAs at scan time (#7)- OSV 1.7.5 advisory format: advisories are now consumed in OSV format from abom-advisories (#6)
Fixes
- SHA-pinned refs at fixed versions are no longer flagged as compromised (#8). Tag resolution via
git ls-remoteenables version comparison for SHA-pinned actions. Runs automatically with--check, no extra flag needed.
Thanks
- @digorgonzola for #8, his first contribution