Releases: trustification/guac
Releases · trustification/guac
v0.1.2
Changelog
- 463b800 📖 Included comments for the bfs on patchPlanning (guacsec#1130)
- 64dfda6 Add @jeffmendoza as Maintainer. (guacsec#1144)
- 542de58 Bump actions/setup-go from 4.0.1 to 4.1.0 (guacsec#1149)
- c88d885 Bump github.com/aws/aws-sdk-go from 1.44.318 to 1.44.323 (guacsec#1155)
- c618ce8 Bump github.com/nats-io/nats-server/v2 from 2.9.20 to 2.9.21 (guacsec#1152)
- 6fb18da Bump github.com/ossf/scorecard/v4 from 4.11.0 to 4.12.0 (guacsec#1153)
- 6b4d7a4 Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.2 (guacsec#1151)
- 191faac Bump google.golang.org/api from 0.134.0 to 0.136.0 (guacsec#1154)
- 3b3cb50 Bump goreleaser/goreleaser-action from 4.3.0 to 4.4.0 (guacsec#1150)
- 021655e Refactored and Included Tests for TopoSortFromBfsNodeMap (guacsec#1133)
- a8e7ad3 [fix] Removed Empty String Parents for Root Nodes (guacsec#1131)
- 606f5da fix to add type filter for dependent package (guacsec#1156)
Contributors
jeffmendoza
Assets 57
v0.1.0-nightly.20230810
Changelog
- 7510cab Add Compose Tarball to Release Workflow (guacsec#1076)
- ddabdf6 Add HasMetadata operations and inmem implementation (guacsec#1023)
- 08bfd91 Add PkgEqual and HashEqual predictaes -- testing + code planning (guacsec#1069)
- 778091b Add PointOfContact predicate ingest (guacsec#1075)
- 9368f3a Add PointOfContact predicate to PatchPlanning (guacsec#1088)
- 9cc17ad Add ability to add ingestPredicates documents for ingestion (guacsec#1051)
- 3587e04 Add initial nodes for arangoDB backend implementation (guacsec#911)
- 3885c0e Add packages to shell.nix (guacsec#1025)
- 61f54cd Added non-nil dereferencing to SLSA parser (guacsec#1127)
- 73359ad Adding check for docker builx toolkit in Makefile to fix#1057 (guacsec#1083)
- e92f4ff Bump actions/setup-python from 4.6.1 to 4.7.0 (guacsec#1061)
- e1b0475 Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 (guacsec#1040)
- 74cc02e Bump github.com/99designs/gqlgen from 0.17.34 to 0.17.35 (guacsec#1066)
- be6f554 Bump github.com/99designs/gqlgen from 0.17.35 to 0.17.36 (guacsec#1111)
- 93f9ec8 Bump github.com/aws/aws-sdk-go from 1.44.284 to 1.44.318 (guacsec#1134)
- cd0816e Bump github.com/fsouza/fake-gcs-server from 1.45.2 to 1.46.0 (guacsec#1108)
- dff7644 Bump github.com/fsouza/fake-gcs-server from 1.46.0 to 1.47.4 (guacsec#1136)
- bc9970c Bump github.com/go-git/go-git/v5 from 5.7.0 to 5.8.0 (guacsec#1090)
- 83cd681 Bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (guacsec#1109)
- bf5c0d9 Bump github.com/google/osv-scanner from 1.3.4 to 1.3.5 (guacsec#1064)
- d01bc9c Bump github.com/google/osv-scanner from 1.3.5 to 1.3.6 (guacsec#1089)
- c8fd1a8 Bump github.com/grpc-ecosystem/go-grpc-middleware from 1.3.0 to 1.4.0 (guacsec#1137)
- be194ab Bump github.com/nats-io/nats-server/v2 from 2.9.19 to 2.9.20 (guacsec#1062)
- acc26ce Bump github.com/nats-io/nats.go from 1.27.1 to 1.28.0 (guacsec#1092)
- 01f8b31 Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (guacsec#1038)
- 33755da Bump github.com/regclient/regclient from 0.5.0 to 0.5.1 (guacsec#1138)
- 618f779 Bump github.com/secure-systems-lab/go-securesystemslib (guacsec#1065)
- 4c6e169 Bump github.com/spdx/tools-golang from 0.5.2 to 0.5.3 (guacsec#1110)
- ec385a9 Bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 (guacsec#1135)
- 045fe10 Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 (guacsec#1041)
- a998793 Bump google.golang.org/api from 0.128.0 to 0.130.0 (guacsec#1039)
- 605a5fa Bump google.golang.org/api from 0.130.0 to 0.133.0 (guacsec#1091)
- d635768 Bump google.golang.org/grpc from 1.56.0 to 1.56.2 (guacsec#1042)
- 50f97f7 Bump slsa-framework/slsa-github-generator from 1.7.0 to 1.8.0 (guacsec#1139)
- 37971bd Cleanup arango backend and add source ingestion and query for arango (guacsec#1034)
- 093d702 Fix Logging in Collectsub Server (guacsec#995)
- 8f639ae Fix typo (guacsec#1084)
- 2046ab7 Implement FIndSoftware for Arango backend (guacsec#1032)
- 3cc7cde Implement HasSLSA predicate case + tests (patchPlanning search method) (guacsec#1046)
- 952bdac Implement search dependent packages + testing (updated) (guacsec#969)
- 8b799ed Included Unit Test for Subscribe (guacsec#1056)
- 3a24c08 Ingest and Query vulnerabilities for arango backend (guacsec#1052)
- d1267d1 Involve
since_timefor collect-sub entry getting. (guacsec#1049) - 1bd9fef Mandatory queries filtering specs (guacsec#1114)
- 069edcb Parse SPDX: manage relations with top level package (guacsec#1103)
- 32c2b3c Remove SBOM annotations (guacsec#1027)
- a0b4370 Remove UI Opts, add queries used by viz under packages (guacsec#1122)
- 5a2dc45 Remove annotations from hasSBOM gql example (guacsec#1037)
- a0ac552 Workaround depversion handling. (guacsec#1113)
- 7d1960b [PatchPlanning] Add CLI cmd for patch planning (guacsec#1129)
- 00e931f [PatchPlanning] Rename dependencies to dependents in search (guacsec#1142)
- 90cb0b7 [PatchPlanning] Toposort / frontiers (guacsec#1101)
- 30321c7 [fix] ingests nouns before verbs for test data (guacsec#1003)
- c3fe7c4 [patchPlanning] Make Parent field in BfsNode into a list (guacsec#1095)
- c0614ec add
certifyBadquery,certifyGoodingestion and query, update bulk assembler (guacsec#1123) - fb5b129 add docker-compose for arango (guacsec#1031)
- d988552 add guac friends md (guacsec#1080)
- 3feba2c add ingestion and query of hasSLSA for Arango, remove IngestMaterials (guacsec#1081)
- 4e6f922 add missing hasMetadata for arango (guacsec#1028)
- 3f93cd4 add query for IsOccurrence, isDependency and HasSBOM for Arango backend (guacsec#1096)
- 0fec13b add support for using Tilt for local development (guacsec#1021)
- 48b2234 add vex info to VULN cli (guacsec#1086)
- 1f147b7 arango ingest/query scorecard and bulk ingestion (guacsec#1070)
- 7724bda arango: query hashEqual, bulk ingest hasSBOM and hashEqual, filter on builtFrom on hasSLSA (guacsec#1100)
- 2b9306d cleanup arango backend, add ingestion of builder, add support for source ingestion for Occurrences, return IDs during ingestion and query (guacsec#1048)
- bc5c042 connects guac with a given aws neptune cluster endpoint (guacsec#1126)
- d438521 feat: allow filtering of CertifyVuln query results based on whether they have vulnerabilities (guacsec#1073)
- 39bff2a fix PURL NPE and add OCI heuristic (guacsec#1060)
- 97bb3d4 fix allow for go git to be parsed for VcsToSrc (guacsec#1047)
- b18d6c7 fix lint err around annotations (guacsec#1029)
- 9f1ccf2 fix ui opts and examples for visualizer code gen (guacsec#1121)
- de956fc fixing typo to fix guacsec#1078 (guacsec#1079)
- 4181c17 hasSourceAt predicate for patch planning search (guacsec#1058)
- ccc795c implement PointOfContact in inmem backend (guacsec#1033)
- febfb54 issue-1105 inmem HasSBOM: manage no
hasSBOMSpecsent (guacsec#1106) - c00ff53 proposed PointOfContact schema (guacsec#1026)
- 1bb597c remove unused old nodes (pre 0.1) (guacsec#1035)
- 21273d4 set guacone collect files to ingest doc in parallel with bulk assembler (guacsec#1043)
- bdd1b0c specify the version of the nats helm chart (guacsec#1119)
- 15ad9f9 update API for bulk ingestion for CertifyBad/CertifyGood, add missing unit tests, update collections on arango (guacsec#1115)
- e49ce9e update client GQL fragments to public usable by go (guacsec#1085)
v0.1.1
Changelog
- 7510cab Add Compose Tarball to Release Workflow (guacsec#1076)
- ddabdf6 Add HasMetadata operations and inmem implementation (guacsec#1023)
- 08bfd91 Add PkgEqual and HashEqual predictaes -- testing + code planning (guacsec#1069)
- 778091b Add PointOfContact predicate ingest (guacsec#1075)
- 9cc17ad Add ability to add ingestPredicates documents for ingestion (guacsec#1051)
- 3587e04 Add initial nodes for arangoDB backend implementation (guacsec#911)
- 3885c0e Add packages to shell.nix (guacsec#1025)
- 73359ad Adding check for docker builx toolkit in Makefile to fix#1057 (guacsec#1083)
- e92f4ff Bump actions/setup-python from 4.6.1 to 4.7.0 (guacsec#1061)
- e1b0475 Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 (guacsec#1040)
- 74cc02e Bump github.com/99designs/gqlgen from 0.17.34 to 0.17.35 (guacsec#1066)
- bf5c0d9 Bump github.com/google/osv-scanner from 1.3.4 to 1.3.5 (guacsec#1064)
- be194ab Bump github.com/nats-io/nats-server/v2 from 2.9.19 to 2.9.20 (guacsec#1062)
- 01f8b31 Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (guacsec#1038)
- 618f779 Bump github.com/secure-systems-lab/go-securesystemslib (guacsec#1065)
- 045fe10 Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 (guacsec#1041)
- a998793 Bump google.golang.org/api from 0.128.0 to 0.130.0 (guacsec#1039)
- d635768 Bump google.golang.org/grpc from 1.56.0 to 1.56.2 (guacsec#1042)
- 37971bd Cleanup arango backend and add source ingestion and query for arango (guacsec#1034)
- 8f639ae Fix typo (guacsec#1084)
- 2046ab7 Implement FIndSoftware for Arango backend (guacsec#1032)
- 3cc7cde Implement HasSLSA predicate case + tests (patchPlanning search method) (guacsec#1046)
- 952bdac Implement search dependent packages + testing (updated) (guacsec#969)
- 8b799ed Included Unit Test for Subscribe (guacsec#1056)
- 3a24c08 Ingest and Query vulnerabilities for arango backend (guacsec#1052)
- d1267d1 Involve
since_timefor collect-sub entry getting. (guacsec#1049) - 32c2b3c Remove SBOM annotations (guacsec#1027)
- 5a2dc45 Remove annotations from hasSBOM gql example (guacsec#1037)
- 30321c7 [fix] ingests nouns before verbs for test data (guacsec#1003)
- fb5b129 add docker-compose for arango (guacsec#1031)
- d988552 add guac friends md (guacsec#1080)
- 3feba2c add ingestion and query of hasSLSA for Arango, remove IngestMaterials (guacsec#1081)
- 4e6f922 add missing hasMetadata for arango (guacsec#1028)
- 0fec13b add support for using Tilt for local development (guacsec#1021)
- 48b2234 add vex info to VULN cli (guacsec#1086)
- 1f147b7 arango ingest/query scorecard and bulk ingestion (guacsec#1070)
- 2b9306d cleanup arango backend, add ingestion of builder, add support for source ingestion for Occurrences, return IDs during ingestion and query (guacsec#1048)
- d438521 feat: allow filtering of CertifyVuln query results based on whether they have vulnerabilities (guacsec#1073)
- 39bff2a fix PURL NPE and add OCI heuristic (guacsec#1060)
- 97bb3d4 fix allow for go git to be parsed for VcsToSrc (guacsec#1047)
- b18d6c7 fix lint err around annotations (guacsec#1029)
- de956fc fixing typo to fix guacsec#1078 (guacsec#1079)
- 4181c17 hasSourceAt predicate for patch planning search (guacsec#1058)
- ccc795c implement PointOfContact in inmem backend (guacsec#1033)
- c00ff53 proposed PointOfContact schema (guacsec#1026)
- 1bb597c remove unused old nodes (pre 0.1) (guacsec#1035)
- 21273d4 set guacone collect files to ingest doc in parallel with bulk assembler (guacsec#1043)
- e49ce9e update client GQL fragments to public usable by go (guacsec#1085)
v0.1.0-nightly.20230706
Changelog
- d29cbb8 Add search gql (guacsec#998)
- 290c1c3 Add support for ingesting VEX documents in the CSAF format (guacsec#729)
- 06fec9c Bump actions/checkout from 3.5.2 to 3.5.3 (guacsec#951)
- bd619a7 Bump actions/setup-python from 4.6.0 to 4.6.1 (guacsec#890)
- 4692cde Bump anchore/sbom-action from 0.14.2 to 0.14.3 (guacsec#981)
- 4bb77e7 Bump anchore/sbom-action from 0.7.0 to 0.14.2 (guacsec#933)
- f58d03b Bump aquasecurity/trivy-action from 0.10.0 to 0.11.0 (guacsec#912)
- 6fdf14c Bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 (guacsec#952)
- 92b5a2e Bump docker/login-action from 2.1.0 to 2.2.0 (guacsec#932)
- 2629e6c Bump github.com/99designs/gqlgen from 0.17.32 to 0.17.33 (guacsec#953)
- 7c9bf1e Bump github.com/99designs/gqlgen from 0.17.33 to 0.17.34 (guacsec#984)
- 484051c Bump github.com/fsouza/fake-gcs-server from 1.45.1 to 1.45.2 (guacsec#938)
- 7a87726 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (guacsec#893)
- 8a37528 Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4 (guacsec#936)
- 6eb39e9 Bump github.com/nats-io/nats-server/v2 from 2.9.17 to 2.9.18 (guacsec#956)
- a415378 Bump github.com/nats-io/nats-server/v2 from 2.9.18 to 2.9.19 (guacsec#1009)
- 5a4182b Bump github.com/nats-io/nats.go from 1.25.0 to 1.26.0 (guacsec#892)
- d49e868 Bump github.com/nats-io/nats.go from 1.26.0 to 1.27.0 (guacsec#934)
- 09c6148 Bump github.com/nats-io/nats.go from 1.27.0 to 1.27.1 (guacsec#987)
- 1401f7c Bump github.com/ossf/scorecard/v4 from 4.10.5 to 4.11.0 (guacsec#1012)
- 9bfd464 Bump github.com/package-url/packageurl-go (guacsec#988)
- fd1fcf5 Bump github.com/regclient/regclient from 0.4.8 to 0.5.0 (guacsec#1010)
- c90a50a Bump github.com/sigstore/sigstore from 1.6.4 to 1.6.5 (guacsec#916)
- bf738cb Bump github.com/sigstore/sigstore from 1.6.5 to 1.7.1 (guacsec#1011)
- bbe27f7 Bump github.com/spf13/viper from 1.15.0 to 1.16.0 (guacsec#917)
- ef94059 Bump github.com/vektah/gqlparser/v2 from 2.5.4 to 2.5.6 (guacsec#1008)
- 529dadf Bump github/codeql-action from 2.3.3 to 2.3.5 (guacsec#889)
- 4dec012 Bump github/codeql-action from 2.3.5 to 2.3.6 (guacsec#914)
- f25d7f4 Bump github/codeql-action from 2.3.6 to 2.13.4 (guacsec#931)
- 6db34f6 Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (guacsec#985)
- 4e84729 Bump golang.org/x/sync from 0.2.0 to 0.3.0 (guacsec#957)
- 366a649 Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (guacsec#913)
- e0898dd Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (guacsec#950)
- d4b73fd Bump google.golang.org/api from 0.123.0 to 0.124.0 (guacsec#891)
- d182921 Bump google.golang.org/api from 0.124.0 to 0.125.0 (guacsec#915)
- 6598766 Bump google.golang.org/api from 0.125.0 to 0.128.0 (guacsec#954)
- 4f965f1 Bump google.golang.org/grpc from 1.55.0 to 1.56.0 (guacsec#955)
- 5bac0b1 Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (guacsec#986)
- b439054 Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (guacsec#929)
- 309c675 Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (guacsec#983)
- 218b613 Bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (guacsec#982)
- 314d6fd Bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (guacsec#1013)
- b912fa2 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (guacsec#930)
- 8a03729 Changed build tag to separate scorecardRunner_test.go to run only on Merge (guacsec#927)
- 0d557cb DoesRangeInclude function (guacsec#886)
- 41d4ee8 Enable tracing of GraphQL requests (guacsec#940)
- 08bbd69 Fix parallel ingest when guacgql is in docker. (guacsec#900)
- e1c36ff Fixed Stackoverflow for simpledoc (guacsec#958)
- 131eeab Fixed issue with Github client tests timing out (guacsec#906)
- a3d96a8 Fixed: Stackoverflow in internal/testing/dochelper (guacsec#946)
- dc2035a Implement batch ingestion for packages, artifacts, isDependency and isOccurrences (guacsec#999)
- 2360f60 Included tests and handled stack overflow error for parser (guacsec#907)
- e9063d4 Make ingestion from guacone parallel (guacsec#884)
- dad342b Remove DoesRangeInclude error testing (guacsec#926)
- f79b2c9 Reorg graphQL to ingest nouns and verbs separately (guacsec#942)
- a2d5192 Update spdx and osv libraries. (guacsec#908)
- f3cbf4c add GUAC use cases (guacsec#978)
- 7d625e7 add docker context for snapshot and release build (guacsec#960)
- 25a5c72 add generic metadata gql (guacsec#1002)
- 1e89b83 add guac links to past presentations (guacsec#885)
- 1bf5d5e add support for 'githubactions' package types (guacsec#924)
- 165ec24 added error if CycloneDX sboms are missing top level metadata fields (guacsec#992)
- 7247869 build with goreleaser (guacsec#918)
- 5f261e9 feat(collector): expose Google Cloud Storage collector from guacone CLI (guacsec#989)
- 4afe4f6 feat: add environment file for configuring docker compose (guacsec#901)
- e784f0e fix deps.dev unit test (guacsec#928)
- dcbfc56 fix docker build and check for goreleaser (guacsec#947)
- d46cbbd fix time equal check bug in certifyVuln and ensure that other match in the inmem database (guacsec#923)
- 6adc09e fix: logging typo (guacsec#961)
- 7164de2 getTopLevelPackage will now check DESCRIBES and DESCRIBED_BY relationships to populate the pUrl. It will fall back to the original method of generating pUrl if neither are available. Added test cases for both of these options. (guacsec#979)
- 8282449 moved vcs.go and vcs_test.go to misc (guacsec#962)
- fcedbd0 parse current docker context from ls output (guacsec#994)
- b0defd6 special case for arch x86_64 should be converted to amd64 for GOARCH consistency (guacsec#968)
- 7b3c00b update gqlgen and gqlparser (guacsec#939)
- 9b8c4ca update spdx parsing and check for spdxIdentifier==DOCUMENT (guacsec#997)
- 2dff95e use POSIX compliant way to redirect file descriptor (guacsec#919)
- a67b116 use current docker context of host for buildx (guacsec#959)
- 81e180b use docker compose healthcheck (guacsec#944)
- 48579aa use goreleaser for local builds (guacsec#945)