Sbom-action Release Notes

1 - v0.20.5

Release Notes

Version v0.20.5

Changes in v0.20.5

• Update Syft to v1.31.0 (#531)

2 - v0.20.4

Release Notes

Version v0.20.4

Changes in v0.20.4

• chore: update Syft to v1.29.0 (#529)

3 - v0.20.3

Release Notes

Version v0.20.3

Changes in v0.20.3

• Fix: Strip emojis from correlator before using github APIs (#527) [AndrewHendry]

4 - v0.20.2

Release Notes

Version v0.20.2

Changes in v0.20.2

• Update Syft to v1.28.0 (#526)

5 - v0.20.1

Release Notes

Version v0.20.1

Changes in v0.20.1

• Update Syft to v1.27.1 (#525)

6 - v0.20.0

Release Notes

Version v0.20.0

Changes in v0.20.0

• chore(deps): update Syft to v1.24.0 (#522)

7 - v0.19.0

Release Notes

Version v0.19.0

Changes in v0.19.0

• chore(deps): update Syft to v1.23.0 (#521)
• chore(deps): bump peter-evans/create-pull-request from 7.0.6 to 7.0.8 (#519)
• chore(deps): bump cross-spawn (#514)

8 - v0.18.0

Release Notes

Version v0.18.0

Changes in v0.18.0

• chore(deps): update Syft to v1.19.0 (#513)
  • See Syft changelog for latest changes

9 - v0.17.9

Release Notes

Version v0.17.9

Changes in v0.17.9

• chore(deps): update Syft to v1.18.1 (#510) [anchore-actions-token-generator]
• chore(deps): update Syft to v1.18.0 (#509) [anchore-actions-token-generator]

10 - v0.17.8

Release Notes

Version v0.17.8

Changes in v0.17.8

• chore(deps): update Syft to v1.17.0 (#507) [anchore-actions-token-generator]

11 - v0.17.7

Release Notes

Version v0.17.7

Changes in v0.17.7

• chore(deps): update Syft to v1.16.0 (#506) [anchore-actions-token-generator]

12 - v0.17.6

Release Notes

Version v0.17.6

Changes in v0.17.6

• chore(deps): update Syft to v1.15.0 (#505) [anchore-actions-token-generator]
• chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#504) [dependabot]

13 - v0.17.5

Release Notes

Version v0.17.5

Changes in v0.17.5

• chore(deps): update Syft to v1.14.2 (#503) [anchore-actions-token-generator]

14 - v0.17.4

Release Notes

Version v0.17.4

Changes in v0.17.4

• chore(deps): update Syft to v1.14.1 (#502) [anchore-actions-token-generator]

15 - v0.17.3

Release Notes

Version v0.17.3

Changes in v0.17.3

• chore(deps): update Syft to v1.14.0 (#498) [anchore-actions-token-generator]

16 - v0.17.2

Release Notes

Version v0.17.2

Changes in v0.17.2

• Update Syft to v1.11.1 (#485) [anchore-actions-token-generator]

17 - v0.17.1

Release Notes

Version v0.17.1

Changes in v0.17.1

• chore(deps): update Syft to v1.11.0 (#483) [anchore-actions-token-generator]

18 - v0.17.0

Release Notes

Version v0.17.0

Changes in v0.17.0

• chore(deps): update Syft to v1.9.0 (#479) [anchore-actions-token-generator]

19 - v0.16.1

Release Notes

Version v0.16.1

Changes in v0.16.1

• fix: workaround windows install issue (#477) [willmurphyscode]
• fix: allow users to properly use the file input over the default path value (#471) [komish]
• chore(deps): update Syft to v1.5.0 (#470) [anchore-actions-token-generator]
• docs: notes for matrix and required permissions (#469) [kzantow]
• chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#466) [dependabot]

20 - v0.16.0

Release Notes

Version v0.16.0

Changes in v0.16.0

• Update Syft to v1.4.1 (#465)
• Update GitHub artifact client (#463) [kzantow]

NOTE: if you are using this action within a matrix build and see failures attempting to upload artifacts with duplicate names, you will need to set the artifact-name to be unique based on the matrix properties (an example here). This is due to a change to use a newer GitHub API which no longer allows artifacts with duplicate names.

21 - v0.15.11

Release Notes

Version v0.15.11

Changes in v0.15.11

• chore(deps): update Syft to v1.3.0 (#456) [anchore-actions-token-generator]
• chore: remove outdated snapshot workflow (#457) [spiffcs]
• fix: don’t pass in a separate env. This makes it impossible to pass env vars via the action context to syft. (#455) [iNoahNothing]

22 - v0.15.10

Release Notes

Version v0.15.10

Changes in v0.15.10

• Update Syft to v1.1.0 (#454)
• Bump Node to v20 on download-syft/publish-sbom actions (#448) [ViacheslavKudinov]

23 - v0.15.9

Release Notes

Version v0.15.9

Changes in v0.15.9

• reduce syft debug level (#446) [kzantow]
• update Syft to v0.105.0 (#442) [anchore-actions-token-generator]

24 - v0.15.8

Release Notes

Version v0.15.8

Changes in v0.15.8

• Update Syft to v0.103.1 (#441) [anchore-actions-token-generator]

25 - v0.15.7

Release Notes

Version v0.15.7

Changes in v0.15.7

• chore: migrate action to use node v20.11.0 (Iron) FROM node v16.x.x (#440) [spiffcs]

26 - v0.15.6

Release Notes

Version v0.15.6

Changes in v0.15.6

• chore(deps): update Syft to v0.102.0 (#438) [anchore-actions-token-generator]

27 - v0.15.5

Release Notes

Version v0.15.5

Changes in v0.15.5

• chore(deps): update Syft to v0.101.1 (#437) [anchore-actions-token-generator]

28 - v0.15.4

Release Notes

Version v0.15.4

Changes in v0.15.4

• chore(deps): update Syft to v0.101.0 (#436) [anchore-actions-token-generator]

29 - v0.15.3

Release Notes

Version v0.15.3

Changes in v0.15.3

• chore(deps): update Syft to v0.100.0 (#435) [anchore-actions-token-generator]

30 - v0.15.2

Release Notes

Version v0.15.2

Changes in v0.15.2

• chore(deps): update Syft to v0.99.0 (#432) [anchore-actions-token-generator]
• chore: fix github-script invocation in update-snapshots workflow (#433) [willmurphyscode]

31 - v0.15.1

Release Notes

Version v0.15.1

Changes in v0.15.1

• chore(deps): update Syft to v0.98.0 (#431) [anchore-actions-token-generator]
• Add config input (#430) [eyakubovich]
• chore: pin and upgrade gh actions (#429) [willmurphyscode]

32 - v0.15.0

Release Notes

Version v0.15.0

Changes in v0.14.4

Breaking Changes

• Previously, running on Windows required WSL. Now, running on Windows expects to be run on native windows (#426) [willmurphyscode].

Other Changes

• pin and upgrade actions/checkout (#428) [willmurphyscode]
• chore(deps): update Syft to v0.97.1 (#427) [anchore-actions-token-generator]
• add oss community board auto-add workflow (#421) [wagoodman]

33 - v0.14.3

Release Notes

Version v0.14.3

Changes in v0.14.3

• update Syft to v0.84.0 (#418) [anchore-actions-token-generator]

34 - v0.14.2

Release Notes

Version v0.14.2

Changes in v0.14.2

• Update Syft to v0.80.0 (#415)
• Make sure all invalid artifact name characters are replaced #396 (#417) [lts-po]
• Ensure SBOM is copied to output-file (#411) [gszr]

35 - v0.14.1

Release Notes

Version v0.14.1

Changes in v0.14.1

• chore(deps): update Syft to v0.76.0 (#403) [anchore-actions-token-generator]

36 - v0.13.4

Release Notes

Version v0.13.4

Changes in v0.13.4

• Added support of workflow artifact’s retention policy (#398) [ViacheslavKudinov]
• Use the correct SHA for dependency snapshots from pull requests (#401) [juxtin]
• Update Syft to v0.75.0 (#394) [anchore-actions-token-generator]

37 - v0.13.3

Release Notes

Version v0.13.3

Changes in v0.13.3

• Update Syft to v0.68.1 (#391) [anchore-actions-token-generator]

38 - v0.13.2

Release Notes

Version v0.13.2

Changes in v0.13.2

• Update Syft to v0.68.0 (#387) [anchore-actions-token-generator]

39 - v0.13.1

Release Notes

Version v0.13.1

Changes in v0.13.1

• File input not being passed properly to Syft invocation (#385) [kzantow]
• Update Syft to v0.60.3 (#386) [anchore-actions-token-generator]

40 - v0.13.0

Release Notes

Version v0.13.0

Changes in v0.13.0

• Allow type “file:…” to enable creation of SBOMs from tar and other package formats (#357) [malt3]
• Update Syft to v0.59.0 (#371) [anchore-actions-token-generator]
• Update dependencies and node version (#372) [kzantow]

41 - v0.12.0

Release Notes

Version v0.12.0

Changes in v0.12.0

• Update dependencies (#317) kzantow
• Update Syft to v0.53.4 (#266) anchore-actions-token-generator
• Expose upload-artifact and upload-release-assets inputs (#277) joshowen
• Document the dependency-snapshot property (#297) kzantow

42 - v0.11.0

Release Notes

Version v0.11.0

Changes in v0.11.0

• Update GitHub Snapshot to use correlator (#259) kzantow

43 - v0.10.0

Release Notes

Version v0.10.0

Changes in v0.10.0

• Update Syft to v0.43.2 (#225)
• Improve SBOM format handling (#235)

44 - v0.9.0

Release Notes

Version v0.9.0

Changes in v0.9.0

• Add syft-version input to download-syft action (#228)

🐛 Bug Fixes

• Don’t use JSON.stringify for logging purposes (#236)

45 - v0.8.0

Release Notes

Version v0.8.0

Changes in v0.8.0

• Specify the Syft version to use (#126)
• Add support for GitHub dependency snapshot API (#201)

46 - v0.7.0

Release Notes

Version v0.7.0

Changes in v0.7.0

• Bump Syft to 0.40.1 (#206)

47 - v0.6.0

Release Notes

Version v0.6.0

Changes in v0.6.0

• Bump Syft to 0.33.0 (#163)

48 - v0.5.0

Release Notes

Version v0.5.0

Changes in v0.5.0

• Bump Syft to 0.32.0 (#158)
• Bump multiple NPM dependencies

49 - v0.4.0

Release Notes

Version v0.4.0

Changes in v0.4.0

• Update Syft version to 0.26.0 (#111)
• Update @actions/core (#101)
• Bump @types/node from 16.10.2 to 16.10.3 (#92)
• Bump eslint-plugin-jest from 24.5.2 to 25.0.1 (#100)
• Bump jest from 27.2.4 to 27.2.5 (#96)
• Bump @octokit/webhooks-types from 4.8.2 to 4.12.0 (#98)
• Bump @octokit/webhooks from 9.15.1 to 9.17.0 (#99)

50 - v0.3.0

Release Notes

Version v0.3.0

Changes in v0.3.0

🚀 Features

• Add support for running on Windows via WSL (#97)

51 - v0.2.0

Release Notes

Version v0.2.0

Changes in v0.2.0

• Update Syft to 0.25.0 (#95)

52 - v0.1.0

Release Notes

Version v0.1.0

Initial release of SBOM action 🎉

Integrates software bill of material (SBOM) scanning into your GitHub action workflow!