v0.61.0

Release notes for syft v0.61.0
Categories:
Tags:

Release Notes

Version v0.61.0

v0.61.0 (2022-11-18)

Full Changelog

Added Features

  • Add support for map fields in CycloneDX (XML and JSON) [Issue #1032]
  • Dependency’s MIT license not picked up when scanning package-lock.json [Issue #1113]
  • Support SPDX 2.3 [Issue #1292]
  • Add support for dependency relationships for alpine (apk) [PR #1063]

Bug Fixes

  • Normalize alpm md5 refs [PR #1333] [wagoodman]
  • APK Metadata decoding should be backwards compatible [PR #1341] [wagoodman]
  • Add spdx relationship encoding for dependencies [PR #1342] [wagoodman]
  • v0.3.0 SPDX SBOM Does Not Have Unique SPDXID Package IDs [Issue #923]
  • Missing licenses and “skipping encoding of unsupported property: syft:metadata:goBuildSetting” [Issue #1007]
  • System independent build not possible [Issue #1084]
  • Dependency’s MIT license not picked up when scanning package-lock.json [Issue #1113]
  • No packages discovered in SIF when image source not specified [Issue #1189]
  • syft packages panics on OCI archive creation [Issue #1318]
  • Missing metadata in syft-json artifacts crashes grype [Issue #1334]
  • CPE for amazoncorretto:19.0.1-al2 is incorrect [Issue #1337]
Last modified October 10, 2025: fix reference links (1594d93)