Releases: aboutcode-org/dejacode
Releases · aboutcode-org/dejacode
v5.3.0
What's Changed
- Rename ProductDependency is_resolved to is_pinned #189 by @tdruez in #190
- Upgrade the RQ stack to latest version by @tdruez in #197
- Upgrade HTMX to version 2.0.3 by @tdruez in #198
- Store and display new
Package.risk_scorefield in the UI by @tdruez in #194 - Add ProductVulnerabilityAnalysis model implementation #98 by @tdruez in #187
- Add ability to select affected products for analysis data propagation by @tdruez in #201
- Add ldap as requirements for dev install doc by @pombredanne in #204
- Update makefile and docs for dev setup by @pombredanne in #205
- Add vulnerabilities REST API endpoint #104 by @tdruez in #203
- Add
is_reachablefield on the VulnerabilityAnalysis model #103 by @tdruez in #206 - Refine the available settings for RQ_QUEUES #103 by @tdruez in #208
- Add
override_unknownoption inupdate_from_datamethod #202 by @tdruez in #209 - Update "unknown" ProductPackage.license_expression from Package #202 by @tdruez in #211
- Add
vulnerabilities_risk_thresholdfields #97 by @tdruez in #210 - Add reference documentation about Vulnerability Management #109 by @tdruez in #212
- Implement the CSAF VEX output view #107 by @tdruez in #213
- 110 tutorial vulnerabilities by @tdruez in #217
- Add exposure_factor field to the ProductItemPurpose model #102 by @tdruez in #218
- Add vulnerabilities notification #106 by @tdruez in #220
- Fix error when Request comment contains curly braces by @tdruez in #224
- Fix minor typo in SBOM load form by @pombredanne in #228
- Add a new "Working with SBOMs in a Product" tutorial #225 by @tdruez in #231
- Add a new "Create a Product Vulnerability Report" tutorial #226 by @tdruez in #232
- Dependencies upgrade by @tdruez in #246
- Use the "disable" label in place of "delete" in User admin #245 by @tdruez in #247
- Truncate the display of very long PURLs #227 by @tdruez in #248
- Enable the delete_selected action on RequestTemplateAdmin #243 by @tdruez in #259
- Add user time zone and use consistent rendering of date across the app #240 by @tdruez in #260
- Django 5.1.x by @tdruez in #261
- Fix package usage policy not getting set automatically from the license #200 by @tdruez in #262
- Upgrade multiple dependencies to their latest versions by @tdruez in #265
- Create missing Owner from the Product/Component form #239 by @tdruez in #264
- Add "Find vulnerabilities" workflow based on scancode-action by @tdruez in #267
- Refine the consistency of Product import actions #241 by @tdruez in #268
- Refine the GitHub workflows by @tdruez in #269
- Use deterministic UID/GID in Dockerfile #230 by @tdruez in #270
- Improve Evaluation Sign Up UX #233 by @tdruez in #274
- Add "CRAVEX support in DejaCode" reference documentation #242 by @tdruez in #277
- Fix the ProductDependencyAdmin form by @tdruez in #287
- Add PURL fragment search in ProductDependencyAdmin #286 by @tdruez in #288
- Fix an issue with urlize_target_blank when the URL contains curly braces by @tdruez in #292
- Replace hCaptcha with Altcha #235 by @tdruez in #278
- Upgrade Django to latest 5.1.8 security release by @tdruez in #294
- Add the ability to download Product "Imports" input file by @tdruez in #296
- Fix the unique_together_lookups in import_package #295 by @tdruez in #298
- Prevent the creation of duplicated "resolved" dependencies during imp… by @tdruez in #299
- Refactor the package lookups into a function #295 by @tdruez in #300
- Improve exception support in improve_packages_from_purldb task #303 by @tdruez in #304
- Add a new "Package Set" tab to the Package details view #276 by @tdruez in #305
- Add the ability to delete a Scan from Product inventory #222 by @tdruez in #281
- Refine get_purldb_entries to compare on plain PURL #307 by @tdruez in #308
- Release v5.3.0 by @tdruez in #309
Full Changelog: v5.2.1...v5.3.0
Contributors
tdruez and pombredanne
Assets 4
v5.2.1
Contributors
tdruez
Assets 2
v5.2.0
Changelog
- Add visual indicator in hierarchy views, when an object on the far left or far right
also belong or have a hierarchy (relationship tree). #70 - Add search and pagination on the Product Inventory tab. #3 #112
- Fix an issue displaying the "Delete" button in the "Edit Product Relationship"
modal form. #128 - Add support for PURL(s) in the "Add Package" modal.
If the PURL type is supported by the packageurl_python library, a download URL
will be generated for creating the package and submitting a scan. #131 - Leverage PurlDB during the "Add Package" process.
DejaCode will look up the PurlDB to retrieve and fetch all available data to
create the package. #131 - Populate the Package notice_text using "NOTICE" file content from Scan "key files". #136
- Added 2 new license related fields on the Component and Package models:
- declared_license_expression
- other_license_expression
#63
- Added 2 properties on the Component and Package models:
- declared_license_expression_spdx (computed from declared_license_expression)
- other_license_expression_spdx (computed from other_license_expression)
#63
- Removed 2 fields: Package.declared_license and Component.concluded_license #63
- The new license fields are automatically populated from the Package scan
"Update packages automatically from scan".
The new license fields are pre-filled in the Package form when using the
"Add Package" from a PurlDB entry.
The new license fields are pre-filled in the Component form when using the
"Add Component from Package data".
The license expression values provided in the form for the new field is now
properly checked and return a validation error when incorrect. #63 - Use the declared_license_expression_spdx value in SPDX outputs. #63
- Add new ProductDependency model to support relating Packages in the context of a
Product. #138 - Add a task scheduler service to the Docker Compose stack.
This service runs a dedicatedsetupcronmanagement command to create the
application's scheduled cron jobs.
The scheduler is configured to run the daily vulnerabilities update task. #94 - Add a new Vulnerability model and all the code logic to fetch and create
Vulnerability records and assign those to Package/Component through ManyToMany
relationships.
A fetchvulnerabilities management command is available to fetch all the relevant
data from VulnerableCode for a given Dataspace.
The latest vulnerability data refresh date is displayed in the Admin dashboard in a
new "Data updates" section in the bottom right corner.
It is also available in the "Integration Status" page.
The Package/Component views that display vulnerability information (icon or tab)
are now using the data from the Vulnerability model in place of calling the
VulnerableCode API on each request. This results into much better performances as
we do not depend on the VulnerableCode service to render the DejaCode view anymore.
Also, this will make Vulnerability data available in the Reporting system.
The vulnerability icon is displayed next to the Package/Component identifier in the
Product views: "Inventory", "Hierarchy", "Dependencies" tabs.
The vulnerability data is available in Reporting either through the is_vulnerable
property on Package/Component column template or going through the full
affected_by_vulnerabilities m2m field.
This is available in both Query and ColumnTemplate.
The vulnerabilities are fetched each time a Package is created/modified
(note that a purl is required on the package for the lookup).
Also, all the Packages of a Product are updated with latest vulnerabilities from
the VulnerableCode service following importing data in Product using:- Import data from Scan
- Load Packages from SBOMs
- Import Packages from manifests
- Pull ScanCode.io Project data #94
- Add a new Vulnerabilities list available from the "Tools" menu when
enable_vulnerablecodedb_accessis enabled on a Dataspace.
This implementation focuses on ranking/sorting: Vulnerabilities can be sorted and
filtered by severity score.
It's also possible to sort by the count of affected packages to help prioritize. #94 - Display warning when a "download_url" could not be determined from a PURL in
"Add Package". #163 - Add a Vulnerabilities tab in the Product details view. #95
- Add a "Improve Packages from PurlDB" action in the Product details view. #45
- Add the ability to download the CycloneDX VEX-only and SBOM+VEX combined outputs. #108
What's Changed
- Add visual indicator when an object also have tree in hierarchy view #70 by @tdruez in #126
- Implement pagination in tab_inventory #3 by @tdruez in #24
- Set the proper permission for the "Inventory" tab #128 by @tdruez in #134
- Add support for PURLs in create_package_from_url #131 by @tdruez in #133
- Populate the Package notice_text from Scan "key files" #136 by @tdruez in #137
- Store additional license fields #63 by @tdruez in #130
- Use the declared_license_expression_spdx value in SPDX output #63 by @tdruez in #140
- Refactor BaseService to take a dataspace in place of user #94 by @tdruez in #142
- Refine the action triggering the test CI by @tdruez in #143
- Replace all linter and validation libraries by ruff by @tdruez in #150
- Put the virtualenv into a .venv directory instead of the project root by @tdruez in #151
- Upgrade packageurl-python to latest 0.15.6 by @tdruez in #154
- Add Dependency model and view #138 by @tdruez in #147
- Update .dockerignore with latest venv changes by @tdruez in #159
- Enhance the Package search logic #160 by @tdruez in #161
- Base implementation of a Vulnerability models #94 by @tdruez in #148
- Migrate repository URL references to aboutcode-org by @tdruez in #169
- Display warning when a "download_url" could not be determined from a … by @tdruez in #170
- Add global Vulnerability list #95 by @tdruez in #171
- Fix an issue with vulnerability m2m when copying a package/component … by @tdruez in #172
- Add a Vulnerabilities tab in the Product details view #95 by @tdruez in #173
- 45 improve from purldb by @tdruez in #135
- Add the ability to download the VEX output #108 by @tdruez in #174
- Move the vulnerabilities related code to its own module #95 by @tdruez in #177
- Release 5.2.0 by @tdruez in #178
Full Changelog: v5.1.0...v5.2.0
Contributors
tdruez
Assets 4
v5.1.0
What's Changed
- Improve the "Install ScanCode.io" docs #34 by @tdruez in #37
- Lookup in PurlDB by purl in Add Package by @tdruez in #47
- Dark theme mode by @tdruez in #49
- Download Product comparison as XLSX #7 by @tdruez in #51
- Improve the presentation of "multi-values" in DejaCode Reports #10 by @tdruez in #52
- Remove the need to define SITE_URL by @tdruez in #53
- Replace Celery by RQ for async job queue #6 by @tdruez in #56
- Upgrade to Python 3.12 by @tdruez in #57
- Add a "Load Packages from SBOMs" Product action in the REST API #59 by @tdruez in #62
- Upgrade to Django 5.0.x #50 by @tdruez in #58
- Add a link to the VulnerableCode app in the Vulnerability tab #4 by @tdruez in #69
- Add support to import packages from manifest #65 by @tdruez in #67
- Use correct Makefile target name #75 by @pombredanne in #77
- Add a DEJACODE_SUPPORT_EMAIL setting by @tdruez in #80
- Add REST API endpoint to download ABOUT files and SPDX document #60 by @tdruez in #82
- Upgrade the cyclonedx_python_lib for spec 1.6 support by @tdruez in #79
- Show the individual PURL fields in the Package details view #83 by @tdruez in #85
- Fix the logout link of the admin app #89 by @tdruez in #90
- Display full commit in the version displayed in the UI #88 by @tdruez in #91
- Change the on_delete value of the homepage_layout FK by @tdruez in #93
- Refine the product comparison logic for Packages #113 by @tdruez in #114
- Refactor the implementation of Keywords on forms #48 by @tdruez in #54
- Display Product inventory count on the Product list view #81 by @tdruez in #116
- Add multi-selection using shift key in the table list views by @tdruez in #117
- Always display the full Package URL including "pkg:" prefix #115 by @tdruez in #118
- Add a new AboutCode tab in Package details view #42 by @tdruez in #119
- Enhance Package Import to support modifications #84 by @tdruez in #120
- Display the full Package URL including qualifiers and subpath #115 by @tdruez in #123
- Add replace_existing_version field on the AddToProduct form #12 by @tdruez in #124
- Release 5.1 by @tdruez in #125
New Contributors
- @pombredanne made their first contribution in #77
Full Changelog: v5.0.1...v5.1.0
Contributors
tdruez and pombredanne
Assets 4
v5.0.1
What's Changed
- Improve the stability of the "Check for new Package versions" #17 by @tdruez in #23
- Improve the support for SourgeForge download URLs #26 by @tdruez in #29
- Improve documentation for integrations setup #31 by @tdruez in #32
- Release 5.0.1 by @tdruez in #33
Full Changelog: v5.0.0...v5.0.1
Contributors
tdruez