v1.6.1
v1.6.0/v1.6.1:
Features
-
Feature #694 Add support for NuGet lock files version 2.
-
Feature #655 Scan and report dependency groups (e.g. "dev dependencies") for vulnerabilities.
-
Feature #702 Created an option to skip/disable upload to code scanning.
-
Feature #732 Add option to not fail on vulnerability being found for GitHub Actions.
-
Feature #729 Verify the spdx licenses passed in to the license allowlist.
Fixes
-
Bug #736 Show ecosystem and version even if git is shown if the info exists.
-
Bug #703 Return an error if both license scanning and local/offline scanning is enabled simultaneously.
-
Bug #718 Fixed parsing of SBOMs generated by the latest CycloneDX.
-
Bug #704 Get go stdlib version from go.mod.
API Features
- Feature #727 Changes to
Reporter
methods to add verbosity levels and to deprecate functions.
New Contributors
Full Changelog: v1.5.0...v1.6.0-alpha3