v0.9.5

Changelog

• enhancement - Added support for vulnerability analysis for Gradle build manifests.
• enhancement - Added support for vulnerability analysis on images in Dockerfiles.
• enhancement - Added new settings for the Python and Go ecosystems.
• enhancement - Added support for private GitHub Registries.
• fixes - Fixed an issue by removing a redundant / at the beginning of Windows URI paths that was causing some mvn commands to fail. See PR#692 for details.
• fixes - Fixed an issue with the Stack Analysis running on an open file, instead of running on an opened manifest file. See PR#692 for details.
• known issue - You can get an error by using the Use Pip Dep Tree and Use Python Virtual Environment options simultaneously. See the Known Issues section of the README for more information.
• known issue - Red Hat Dependency Analytics has limitations for Maven and Gradle. See the Known Issues section of the README for more information.
• informational - Added a telemetry event to track Red Hat's recommended version acceptance.

What's Changed

• feat: gradle support by @IlonaShishov in #708

Full Changelog: v0.9.4...v0.9.5

v0.9.4

Changelog

• informational - Removing access to Snyk's Vulnerability Database.

What's Changed

• chore: disable snyk token by @IlonaShishov in #694

Full Changelog: v0.9.3...v0.9.4

v0.9.3

Changelog

• enhancement - Red Hat Dependency Analytics reporting has integrated the ONGuard service by using Open Source Vulnerability (OSV) and the National Vulnerability Database (NVD) data sources for additional vulnerability information.
• enhancement - Integrated VS Code's Secret Storage feature for securing the Snyk token. See PR689 for details.
• fixes - Fixed an issue with displaying wrong data when the event handler for Component Analysis was triggered on a unsaved manifest file. Component Analysis is no longer triggered on unsaved manifest files. See PR#239 for details.
• fixes - Fixed an issue where the diagnostic source name is being obscured in the View Problem panel from an inline analysis. See PR#239 for details.
• informational - The naming convention for VS Code commands has changed from fabric8 to rhda. For example, fabric8.stackAnalysis is now rhda.stackAnalysis.

What's Changed

• feat: add osv-nvd provider by @IlonaShishov in #683

Full Changelog: v0.9.2...v0.9.3

v0.9.2

What's Changed

• chore: issue handling by @IlonaShishov in #676

• informational - The redHatDependencyAnalyticsReportFilePath setting name has changed to reportFilePath. If you had a custom file path set for redHatDependencyAnalyticsReportFilePath, then you need to add your custom file path to the reportFilePath setting.
• enhancement - Added a vulnerability severity alert level setting for the user to receive inline notifications for just errors or warnings. See PR#674 for details.
• fixes - Fixed an issue with the codeActionsMap call. When multiple manifest documents are open that have the same dependency, one of the document entries gets deleted. This gave a wrong result in the analysis. See PR#236 for details.
• fixes - Fixed an issue in the Exhort Javascript API. This fix enables and supports analysis of pom.xml manifests that include local modules, and a parent Project Object Model (POM). See the PR#237 for details.
• fixes - Fixed an issue with the analysis report not displaying because of spaces in the manifest file path. See PR#100 for details.

Full Changelog: v0.9.1...v0.9.2

v0.9.1

What's Changed

• fix: endpoint configuration issue by @IlonaShishov in #672

Full Changelog: v0.9.0...v0.9.1

v0.9.0

What's Changed

• refactor: code structure supporting single source exhort payload to multi source by @IlonaShishov in PR#661
• informational - Service Preview release of Red Hat Dependency Analytics (RHDA) extension.
• informational - Configuration names for all supported executable paths in the extension settings have changed. These executable paths are only used for the analysis.
• enhancement - Added support for error observation by using Sentry.
• enhancement - Support for more complex SPDX SBOM relationships.
• enhancement - Added recommendations and remediations in the Quick Fix... tab.
• fixes - Fixed an issue where unique Snyk vulnerability information was not being displayed in the Dependency Analytics report. See PR#217 for details.
• fixes - Better valid and invalid token alert messages for the Snyk vulnerability information provider. See PR#218 for details.
• fixes - Fixed analysis report discrepancies between Red Hat Dependency Analytics and Snyk’s analytics. See PR#219 for details.
• fixes - Fixed the Go and Python package links so they point to their specific package manager website.

v0.7.5

What's Changed

• chore: Update catalog-info.yaml by @lokeshrangineni in #663

Full Changelog: v0.7.4...v0.7.5

v0.7.4

What's Changed

• chore: creating backstage configuration catalog-info.yaml by @lokeshrangineni in #659

New Contributors

• @lokeshrangineni made their first contribution in #659

Full Changelog: v0.7.3...v0.7.4

v0.7.3

What's Changed

• feat: added support for golang and python ecosystems by @IlonaShishov in #656

Full Changelog: v0.7.2...v0.7.3

v0.7.2

What's Changed

• docs: Removed GitHub action statement by @ritz303 in #647

Full Changelog: v0.7.1...v0.7.2