v34.9.0

What's Changed

• Add pipeline selected groups in create project API endpoint #1426 by @tdruez in #1427
• Bump go-inspector to v0.4.0 by @AyanSinhaMahapatra in #1425
• Add a list-pipelines management command #1397 by @tdruez in #1428
• Refactor the policies related code to its own module #386 by @tdruez in #1430
• Project policies #386 by @tdruez in #1440
• Upgrade RQ to v2.0.0 and django-rq to 3.0.0 by @tdruez in #1441
• Add pipeline to publish scan to federatedcode by @keshav-space in #1400
• Do not fail on invalid extracted requirements by @AyanSinhaMahapatra in #1429
• Spelling and Grammatical Errors in ScanCode.io Official Documentation #1443 by @alok1304 in #1448

New Contributors

• @alok1304 made their first contribution in #1448

Full Changelog: v34.8.3...v34.9.0

v34.8.3

Changelog

• Include the aboutcode module in the wheel and source distribution. #1423
• Update ScanCode-toolkit to v32.3.0 #1418

What's Changed

• Update sctk version to v32.3.0 by @AyanSinhaMahapatra in #1418
• Include the aboutcode module in the wheel and source distribution… by @tdruez in #1424

Full Changelog: v34.8.2...v34.8.3

v34.8.2

Changelog

• Add android_analysis to extra_requires. This installs the package
  android_inspector, which provides a pipeline for Android APK
  deploy-to-development analysis.
• Remove the sleep time in the context of testing matchcode.poll_run_url_status
  to speed up the test. #1411
• Add ability to specify the CycloneDX output spec version using the output
  management command and providing the cyclonedx:VERSION syntax as format value. aboutcode-org/scancode-action#8
• Add new compliance REST API action that list all compliance alert for a given
  project. The severity level can be provided using the
  ?fail_level={ERROR,WARNING,MISSING} parameter. #1346
• Add new Compliance alerts panel in the project detail view. #1346

What's Changed

• Updated the typo mistakes of documentation of ScanCode.io (#1386) by @VarshaUN in #1387
• Add android_inspector in new extra_requires #1373 by @JonoYang in #1391
• Update docs for netrc usage in Docker context #1384 by @JonoYang in #1385
• Upgrade Django to security release 5.1.2 by @tdruez in #1410
• Remove the sleep time in the context of testing poll_run_url_status #… by @tdruez in #1412
• Add ability to specify the CycloneDX output spec version by @tdruez in #1413
• Add new compliance REST API action to list compliance alerts #1346 by @tdruez in #1416
• Base implementation if the project compliance panel view #1346 by @tdruez in #1417

New Contributors

• @VarshaUN made their first contribution in #1387

Full Changelog: v34.8.1...v34.8.2

v34.8.1

What's Changed

• Update match to matchcode by @JonoYang in #1365
• Release 34.8.1 by @tdruez in #1380

Full Changelog: v34.8.0...v34.8.1

v34.8.0

Changelog

• Add a new enrich_with_purldb add-on pipeline to enrich the discovered packages
  with data available in the PurlDB. #1182
• Add the ability to define a results_url on the Pipeline class.
  When available, that link is displayed in the UI to easily reach the results view
  related to the Pipeline run. #1330
• Expands on the existing WebhookSubscription model by adding a few fields to
  configure the behavior of the Webhooks, and moves some of the fields to a new
  WebhookDelivery model, which captures the results of a WebhookSubscription
  "delivery". #1325
• Add support for creating dependencies using the load_sboms pipeline on CycloneDX
  SBOM inputs. #1145
• Add a new Dependency view that renders the project dependencies as a tree. #1145
• The purldb-scan-worker command has been updated to send project results
  back using the Project webhook subscriptions. This allows us to not have the
  main task loop to monitor a single project run for completion in order to
  return data, and allows us to have multiple scan projects active at once while
  we use purldb-scan-worker. A new option --max-concurrent-projects has
  been added to set the number of purldb packages that can be requested and
  processed at once. #1287
• Add notes field on the DiscoveredPackage model. #1342
• Fix an issue with conflicting groups checkbox id in the Add pipeline modal. #1353
• Move the BasePipeline class to a new aboutcode.pipeline module. #1351
• Update link references of ownership from nexB to aboutcode-org #1350
• Add a new check-compliance management command to check for compliance issues in
  a project. #1182

What's Changed

• Add a new enrich_with_purldb Pipeline #1328 by @tdruez in #1329
• Add the ability to define a results_url on the Pipeline class by @tdruez in #1330
• Add mariner to supported distros by @AyanSinhaMahapatra in #1161
• Add full test coverage for the enrich_with_purldb Pipeline by @tdruez in #1331
• Replace all linter and validation libraries by ruff by @tdruez in #1333
• Put the virtualenv into a .venv directory instead of the project root by @tdruez in #1334
• 1328 enrich with purldb collect endpoint by @tdruez in #1336
• Webhook behavior customization and delivery records by @tdruez in #1338
• Load CycloneDX SBOMs dependencies #1145 by @tdruez in #1344
• 1287 purldb scan worker update by @JonoYang in #1320
• Add notes field on the DiscoveredPackage model #1342 by @tdruez in #1349
• Thirdparty upgrade and .dockerignore updates by @tdruez in #1352
• Fix issue with conflicting groups checkbox id in Add pipeline modal #… by @tdruez in #1354
• Move the BasePipeline class to a new aboutcode.pipeline module #1351 by @tdruez in #1357
• Refactor the BasePipeline, move out all Project related logic #1351 by @tdruez in #1358
• Add pyproject.toml for packaging aboutcode.pipeline module #1351 by @tdruez in #1359
• Upgrade Django to latest 5.1 release by @tdruez in #1361
• 1350 owner migration by @chinyeungli in #1362
• Simplify the Project.add_message method for object_instance by @tdruez in #1363
• Add a new check-compliance management command #1346 by @tdruez in #1364

New Contributors

• @chinyeungli made their first contribution in #1362

Full Changelog: v34.7.1...v34.8.0

v34.7.1

Changelog

• Add pipeline step selection for a run execution.
  This allows to run a pipeline in an advanced mode allowing to skip some steps,
  or restart from a step, like the last failed step.
  The steps can be edited from the Run "status" modal using the "Select steps" button.
  This is an advanced feature and should we used with caution. #1303
• Display the resolved_to_package as link in the dependencies tab. #1314
• Add support for multiple instances of a PackageURL in the CycloneDX outputs.
  The package_uid is now included in each BOM Component as a property. #1316
• Add administration interface. Can be enabled with the SCANCODEIO_ENABLE_ADMIN_SITE
  setting.
  Add --admin and --super options to the create-user management command. #1323
• Add results_url and summary_url on the API ProjectSerializer. #1325

What's Changed

• Add pipeline step selection for a run execution #1303 by @tdruez in #1310
• Display the resolved_to_package as link in the dependencies tab by @tdruez in #1314
• Add support for multiple instances of a PURL in the CycloneDX outputs… by @tdruez in #1317
• Refactor the Webhook.get_payload to use Serializers #1325 by @tdruez in #1326
• Display sizes in bytes and humanized #1322 by @tdruez in #1324
• Add administration site for main scanpipe models by @tdruez in #1323

Full Changelog: v34.7.0...v34.7.1

v34.7.0

Changelog

• Add all "classify" plugin fields from scancode-toolkit on the CodebaseResource model. #1275
• Refine the extraction errors reporting to include the resource path for rendering
  link to the related resources in the UI. #1273
• Add a flush-projects management command, to Delete all project data and their
  related work directories created more than a specified number of days ago. #1289
• Update the inspect_packages pipeline to have an optional StaticResolver
  group to create resolved packages and dependency relationships from lockfiles
  and manifests having pre-resolved dependencies. Also update this pipeline to
  perform package assembly from multiple manifests and files to create
  discovered packages. Also update the resolve_dependencies pipeline to have
  the same StaticResolver group and mode the dynamic resolution part to a new
  optional DynamicResolver group. #1244
• Add a new attribute is_direct to the DiscoveredDependency model and two new
  attributes is_private and is_virtual to the DiscoveredPackage model.
  Also update the UIs to show these attributes and show the package_data field
  contents for CodebaseResources in the extra_data tab. #1244
• Update scancode-toolkit to version 32.2.1. For the complete list of updates
  and improvements see https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.0
  and https://github.com/nexB/scancode-toolkit/releases/tag/v32.2.1
• Add support for providing pipeline "selected_groups" in the run entry point. #1306

What's Changed

• Add all "classify" plugin fields on the CodebaseResource model #1275 by @tdruez in #1286
• Add a flush-projects management command for bulk deletion #1289 by @tdruez in #1291
• Refine the extraction errors reporting include the resource path #1273 by @tdruez in #1276
• Cleanup and re-organise unit test data by @tdruez in #1296
• Add tutorial for end-to-end scanning to DejaCode #1280 by @pombredanne in #1295
• Resolve dependencies from lockfiles by @AyanSinhaMahapatra in #1244
• Update scancode-toolkit to v32.2.1 by @AyanSinhaMahapatra in #1305
• Add support for pipeline "selected_groups" in the run cli #1306 by @tdruez in #1307

Full Changelog: v34.6.3...v34.7.0

v34.6.3

Changelog

• Use the --option=value syntax for args entries in place of --option value
  for fetching Docker images using skopeo through run_command_safely calls. #1257
• Fix an issue in the d2d JavaScript mapper. #1274
• Add support for a ignored_vulnerabilities field on the Project configuration. #1271

What's Changed

• Use the --option=value syntax for run_command_safely args #1257 by @tdruez in #1270
• Fix an issue in the d2d JavaScript mapper by @tdruez in #1274
• Add ignored_vulnerabilities field on the Project configuration #1271 by @tdruez in #1281

Full Changelog: v34.6.2...v34.6.3

v34.6.2

Changelog

• Store SBOMs headers in the Project.extra_data field during the load_sboms
  pipeline. #1253
• Add support for fetching Git repository as Project input. #921
• Enhance the logging and reporting of input fetch exceptions. #1257

What's Changed

• Do not sys.exit in execute_project function by @tdruez in #1265
• Store SBOMs headers in the Project.extra_data field #1253 by @tdruez in #1266
• UI enhancements by @tdruez in #1267
• Add support for fetching git repo as Project input #921 by @tdruez in #1254
• Enhance the logging and reporting of input fetch exceptions #1257 by @tdruez in #1269

Full Changelog: v34.6.1...v34.6.2

v34.6.1

Changelog

• Remove print statements from migration files.
• Display full traceback on error in the execute management command.
• Log the Project message creation.
• Refactor the get_env_from_config_file to support empty config file.

What's Changed

• Release 34.6.1 by @tdruez in #1260

Full Changelog: v34.6.0...v34.6.1