Skip to content

v1.2.0

Latest
Latest

Choose a tag to compare

View all tags
@Allda Allda released this 19 Mar 13:28
v1.2.0
300eed1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

1.2.0 (2026-03-19)

Features

  • add the base checks for filtering the Hermeto SBOM (a566d8e)
  • Bootstrap new version of augment-compoent-sbom-ta task (ea087d6)
  • Filter RPMs by architecture in Hermeto SBOMs (9028452)
  • hermeto-sbom: Deduplicate noarch RPMs during filtering (3ebfdb9)
  • hermeto-sbom: filter RPMs from SPDX SBOMs (dad5bfa)
  • hermeto-sbom: filter RPMs when generating an oci-image SBOM (6a1ca91)
  • hermeto-sbom: implement RPM filtering for CycloneDX SBOMs (9bc6658)
  • Install syft from github releases (ca66df5)
  • Install syft from github releases (cd42673)
  • ISV-6343: Create structured log of the contextual SBOM matching statistics in the mobster (11046ac)
  • ISV-6343: Create structured log of the contextual SBOM matching statistics in the mobster (2428b4b)
  • ISV-6384: Create short user roadmap && documentation for contexual SBOM in mobster (ef7f6c1)
  • ISV-6445: Contextual SBOM performance improvement (573c447)
  • ISV-6445: Contextual SBOM performance improvement (2763986)
  • ISV-6451: add option to make SBOM validation optional (041db51)
  • ISV-6451: add option to make SBOM validation optional (d3f8f4f)
  • ISV-6470: Scan images using syft (fbaff43)
  • ISV-6470: Scan images using syft (875867c)
  • ISV-6519: update regeneration script (89bbd91)
  • ISV-6519: update regeneration script (481429e)
  • ISV-6523: upload SBOMs to s3 if upload to Atlas fail (f0fff36)
  • ISV-6523: upload SBOMs to s3 if upload to Atlas fail (911b778)
  • ISV-6660: Add CPE information to the image augmentation process (7d726da)
  • ISV-6660: Add CPE information to the image augmentation process (ff25be8)
  • ISV-6660: Add CPE information to the image augmentation process (modify tekton task) (67c57d6)
  • ISV-6660: Add CPE information to the image augmentation process… (a4633cc)
  • ISV-6660: update image reference in augment tekton task (d6752b0)
  • ISV-6660: update image reference in augment tekton task (d58c400)
  • ISV-6680: add keyless Cosign client, allow its use in SBOM attestation (#321) (563b786)
  • ISV-6681: use keyless Cosign for SBOM verification (#330) (6e30a52)
  • ISV-6717: Pass keyless config to augment-component-sbom (7ab0595)
  • ISV-6717: Pass keyless config to augment-component-sbom (dac7e11)
  • ISV-6789: add support for custom CA bundles in TPA operations (804b046)
  • ISV-6789: add support for custom CA bundles in TPA operations (07e2d1d)
  • ISV-6790: Make S3 retry optional in component augmentation. (7023797)
  • ISV-6790: Make S3 retry optional in component augmentation. (67dbeb5)
  • ISV-6790: Undo non-relevant code changes. (72cfcb1)
  • ISV-6863: make releaseData cpe param optional (augment) and mandatory (product generation) (5e43cf5)
  • ISV-6863: make releaseData param optional (augment) (29fd968)
  • parallelize SBOM deletion (a0e3e61)
  • parallelize SBOM deletion (35766d6)
  • unit-tests flag in codecov (4acd72a)
  • unit-tests flag in codecov (f31cc57)
  • Use None instead of Empty string. (e731275)

Bug Fixes

  • (ISV-6496) Install conforma only in integration tests (b9e8f9f)
  • added and improved tests for logging (7b343b3)
  • added explanation for duplicates (2afb7a1)
  • added log level for log_elapsed as option (d28a8a8)
  • adderess comments (3b3d152)
  • addressed comments (91cd112)
  • code refactor (0adf19a)
  • hermeto-sboms: Solve issues with filtering and arch identification (b6f69d5)
  • ISV-6382: images used as builder and base now have BUILD_TOOL_OF (9502758)
  • ISV-6383: BUILD_TOOL_OF/DESCENDANT_OF fixes (4c57bdf)
  • ISV-6451: --validate (boolean arg) -> --skip-validation (flag) (7270b74)
  • ISV-6451: doc issues (12a5d99)
  • ISV-6451: more doc fixes (didn't actually add that flag to that mobster script...) (e6e0b8e)
  • ISV-6451: new oci-image generation now skips validation properly (8abdfbb)
  • ISV-6451: product save now properly using validate option (4cbc969)
  • ISV-6481: add a warning comment (ca98d30)
  • ISV-6481: also update product tasks with CA workaround (b3ccc68)
  • ISV-6481: also update product tasks with CA workaround (67ebbc3)
  • ISV-6481: fix pylint (14ab79f)
  • ISV-6481: release fixed mobster version into a task (e43acca)
  • ISV-6481: release fixed mobster version into a task (42fbc36)
  • ISV-6481: temporarily ignore Atlas validation errors (3a1ff05)
  • ISV-6481: temporarily ignore Atlas validation errors (acf941f)
  • ISV-6519: address comments (7dc0ae2)
  • ISV-6519: prune useless tests (382ebcc)
  • ISV-6519: update naming from Sbom to SBOM (af951cc)
  • ISV-6599: fix cosign binary architecture (d21c464)
  • ISV-6599: fix cosign binary architecture (5467507)
  • ISV-6660: add missing release-data arg to ProcessComponentArgs (6544773)
  • ISV-6660: add missing release-data arg to ProcessComponentArgs (84ec0fe)
  • Logging references to the parent and component (5a5acbc)
  • minor updates (526e9f5)
  • Rebase fix + all component candidates for match with parent package are modified (a86eb04)
  • reorganized code based on code review (d2081b5)
  • replace erroneous uses of "enrich" with "augment" (ea0f8a6)
  • treat FROM oci-archive: like FROM scratch for base image classification (57d0a9b)
  • treat FROM oci-archive: like FROM scratch for base image classification (a922eda)
  • typo (3b2fdfb)
  • Upgrade task-deprecated-image-check image (c842d2a)

Documentation

  • Add documentation for the delete command (4e754d0)
  • ISV-6451: added flag documentation to renegerate command (6f754b0)
  • ISV-6451: docs for new flag added (511f4b8)
  • ISV-6451: missed some docstrings (bdee8e5)
  • ISV-6460: added clarification for argument order (5f7a760)
  • ISV-6460: added SBOM generation primer (69b9f22)
  • ISV-6460: added SBOM generation primer (557abfc)
Assets 2
Loading