Releases: google/osv-scanner-action
Releases · google/osv-scanner-action
v2.3.1
What's Changed
- chore(deps): update workflows (major) by @renovate-bot in #105
- chore(deps): update github/codeql-action action to v4.31.7 by @renovate-bot in #108
- chore: more specific name for uploaded artifact by @marcusburghardt in #111
- Update to v2.3.1 by @cuixq in #112
New Contributors
- @marcusburghardt made their first contribution in #111
Full Changelog: v2.3.0...v2.3.1
Contributors
marcusburghardt, renovate-bot, and cuixq
Assets 2
v2.3.0
What's Changed
- chore(deps): update workflows by @renovate-bot in #104
- Add gemini config.yaml file by @michaelkedar in #107
- Update to v2.3.0 by @michaelkedar in #106
Full Changelog: v2.2.4...v2.3.0
Contributors
michaelkedar and renovate-bot
Assets 2
v2.2.4
What's Changed
- chore(deps): update github/codeql-action action to v4 by @renovate-bot in #102
- Update to v2.2.4 by @another-rex in #103
Full Changelog: v2.2.3...v2.2.4
Contributors
renovate-bot and another-rex
Assets 2
v2.2.3
What's Changed
- chore(deps): update workflows by @renovate-bot in #86
- chore(deps): update workflows to v5 (major) by @renovate-bot in #87
- Update to v2.2.3 by @jess-lowe in #101
Full Changelog: v2.2.2...v2.2.3
Contributors
renovate-bot and jess-lowe
Assets 2
v2.2.2
This updates OSV-Scanner to v2.2.2.
What's Changed
- docs: Update Automatic install instructions by @another-rex in #94
- Update to v2.2.2 by @cuixq in #95
Full Changelog: v2.2.1...v2.2.2
Contributors
cuixq and another-rex
Assets 2
v2.2.1
What's Changed
OSV-Scanner now supports all OSV-Scalibr features behind experimental flags (--experimental-plugins, see details here)!
Features:
- Feature #2146 Allow manual OSV-Scalibr plugin selection.
- Feature #2144 Add OSV-Scalibr version to osv-scanner --version output.
- Feature #2021 Add experimental support for running OSV-Scalibr detectors.
- Feature #2079 Fall back to offline extractor if the transitive one fails, so at least direct dependencies are returned.
- Feature #2032 Add summary section at the top of outputs and a 'Fixed Version' column.
- Feature #2076 Support Ubuntu severity type.
Fixes:
- Bug #2141 Fix OSV-Scanner json scans not matching with correct ecosystem.
- Bug #2084 Show absolute paths when scanning containers.
- Bug #2126 Log and preserve package count before continuing on db error.
- Bug #2095 Pass through plugin capabilities correctly.
- Bug #2051 Properly flag if running on Linux or Mac OSs for plugin compatibility.
- Bug #2072 Add missing "text" property in description fields.
- Bug #2068 Change links in output to go to the specific vulnerability page instead of the list page.
- Bug #2064 Fix SARIF v3 output to include results.
- Bug #2151 Filter by ecosystem before querying.
API Changes:
- API Change #2096 Allow log handler to be overridden.
Warning
This release was originally incorrectly pointing to the bugged v2.2.0 osv-scanner release, it has now been retagged to the correct v2.2.1 release.
v2.1.0
What's Changed
- chore(deps): update github/codeql-action action to v3.29.0 by @renovate-bot in #76
- Update to v2.1.0 by @michaelkedar in #81
Full Changelog: v2.0.3...v2.1.0
Contributors
michaelkedar and renovate-bot
Assets 2
v2.0.3
Update to use osv-scanner v2.0.3
Notable changes:
- There's now a flag
--allow-no-lockfilesyou can pass to osv-scanner to avoid getting an error when running against a repo with no lockfiles. - We no longer ignore general errors when they occur on osv-scanner-action, and will fail the workflow (e.g. invalid flags passed in)
v2.0.2
Update osv-scanner to v2.0.2
v2.0.1
Contributors
michaelkedar