4.8

What's Changed:

• Removed public visibility from component @ltdonner-bah (#213)

📖 Documentation

• fix: add optional flag that allows skipping npm audit checks with OWASP dependency-check scanner @ravi-m-bah (#214)
• Added "reusable" tag to catalog-info.yaml @ConnorDY (#212)

4.7

What's Changed:

🚀 Features

• Added a separate Git repo option to NPM library @psig-bah (#211)
• Added the ability to override nvm_container at the step level in the NPM library @psig-bah (#211)
• Added immutable option to yarn install @morganmspencer (#210)
• Added a new Docker build strategy to support multiple Dockerfiles and Dockerfiles with custom file names @ConnorDY (#208)

4.6

What's Changed:

🚀 New Features

• Add Cypress Testing Library @psig-bah (#194)
• Add option to remove existing Syft config @mackeyaj (#195)

🔧 Maintenance

• Change default image tag to not use latest for OWASP Dep Check @psig-bah (#199)

4.5

What's Changed:

🚀 Features

• Grype SBOM scan capability @mackeyaj (#193)
• Syft multiple SBOM formats @mackeyaj (#192)
• Syft multiple formats @mackeyaj (#189)

4.4

What's Changed:

• Implement new Yarn library @ConnorDY (#187)

🚀 Features

• Update NPM library to allow overriding the container image used @ConnorDY (#186)

4.3

Allows Grype to skip fail_on_severity using the key "none" as well as fixes a bug where Syft may not have been able to retrieve the container image when building the SBOM.

What's Changed:

🚀 Features

• Add "none" option to disable fail on severity for Grype scans @mackeyaj (#184)

🐛 Bug Fixes

• Bug Fix: Syft image retrieval @mackeyaj (#183)
• Bug Fix: Syft Docker Save @mackeyaj (#178)

Full Changelog: 4.2...4.3

4.2

🐛 Bug Fixes

• Fixed incorrect use of syft's output parameter to correctly dump SBOM to a file that can be archived in Jenkins @psig-bah (#174 )
• Fix for when additional / could slip into the output filename, causing permissions and access errors later in the step @psig-bah (#173)
• Updated filenames used for container tarballs to replace / with - to keep all archives at the top level and avoid directory permission/availability issues @psig-bah (#172)
• Fix for when containers flagged for syft sbom generation are stored in a container repository that requires authentication, the step fails as repository creds provided to the docker library are not passed to the syft container @psig-bah (#171)

4.1

What's Changed:

🚀 Features

• Add Syft SBOM library @psig-bah (#166)
• Add Grype Scan library @mackeyaj (#153)

🐛 Bug Fixes

• Grype library: add report_format/fail_on_severity defaults and fix bug where file extensions don't exist on generated reports @mackeyaj (#170)

🔧 Maintenance

• Add docs linting to CI @steven-terrana (#169)

4.0

What's Changed

💥 Breaking changes

• Rework NPM library to use dynamic step aliasing @ConnorDY (#154) (see here for migration guide)
• Rework Maven library to use dynamic step aliasing @psig-bah (#158) (see here for migration guide)

🚀 Features

• New .NET library for building and running unit tests @mackeyaj (#159)
• Support overriding the .NET SDK SDP image used @ConnorDY (#167)
• Add suppression file support in OWASP dependency scan @ConnorDY (#165)

📖 Documentation

• Created How-To guide for pinning a Library Source to a specific release @ConnorDY (#157)

3.2

What's Changed:

• Make on_change a combination of on_commit and on_merge @ConnorDY (#145)
• Docker enhancement with buildx @jholt96 (#141)

🚀 Features

• Adding configurable image_name to Docker @psig-bah (#150)

🐛 Bug Fixes

• Fix on_pull_request GitHub flow helper method @ConnorDY (#144)

📖 Documentation

• Fix link to contributing guide @karlkovaciny (#152)
• docs updates from linters @psig-bah (#149)
• updating docs theme and applying new theme features @psig-bah (#151)
• Create docs.yaml @steven-terrana (#148)
• Mkdocs @jholt96 (#147)