v0.9.0

Changelog

8f35eaf feat: correctly identify versions of modules in repo subdirectories (#35)
dfa3099 feat: local license detection (#41)

Docker images

• docker pull cyclonedx/cyclonedx-gomod:v0.9.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.9

v0.8.3

⚠ This bugfix release fixes an issue which caused the license resolution to fail. If you use the -licenses flag, please update. ⚠

Changelog

9ae9572 build(deps): bump github.com/PuerkitoBio/goquery from 1.7.0 to 1.7.1
2c7c568 build(deps): bump github.com/google/uuid from 1.2.0 to 1.3.0
d378fe3 chore(deps): update cyclonedx-go to v0.3.0
85c1508 ci: add github-actions ecosystem to dependabot.yml
7005c88 ci: add golangci-lint; fix issues discovered by linters
28a46db ci: build on branch only
5377933 ci: don't run workflow when only examples were changed
4ce10bd ci: schedule CI workflow to run daily
8496e70 ci: update gh action to v0.3.0
6d91ed0 ci: update version in gh action to v0.8.2
9460c18 feat: check for minimum required go version
c1177f4 fix: broken license resolution due to tag change in pkg.go.dev

Docker images

• docker pull cyclonedx/cyclonedx-gomod:v0.8.3
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.8.2

⚠ This bugfix release fixes an issue which caused the license resolution to fail. If you use the -licenses flag, please update. ⚠

Changelog

197c8f6 build(deps): bump github.com/CycloneDX/cyclonedx-go from 0.1.0 to 0.2.1
dbdb7b2 build(deps): bump github.com/PuerkitoBio/goquery from 1.6.1 to 1.7.0
a962022 build(deps): bump github.com/go-git/go-git/v5 from 5.4.1 to 5.4.2
7ed6aba ci: gitignore SBOMs generated during CI
d14295c ci: update cyclonedx-cli: v0.15.1 -> v0.15.2
74f749d ci: update gh action to v0.2.0
7099a37 ci: use gh action; only generate json sbom
85eae01 fix: broken license resolution due to tag change in pkg.go.dev
1d28706 fix: strip major version suffixes from github URLs

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.8.2
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.8.1

Changelog

7af0966 fix: download modules before running go list -m (#26)

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.8.1
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.8.0

• Instead of the complete module graph, SBOMs now include only those modules that are actually used by the main module.
• Test-only dependencies are now excluded per default. Use the new -test flag to include them.
• Test-only components now have the scope optional.

Changelog

1466b5d build(deps): bump github.com/go-git/go-git/v5 from 5.3.0 to 5.4.1
57b5119 chore: add NOTICE; add license headers
f98dd7c feat: filter out unused modules and identify test-only dependencies
3bf1012 refactor: correctly determine batch sizes for go mod why calls

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.8.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.8

v0.7.1

Changelog

91534cd fix: incomplete dependency graph (missing some edges)

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.7.1
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.7

v0.7.0

Changelog

7be407b ci: remove make bom step from workflow
fcba54a ci: update cyclonedx-cli: v0.14.0 -> v0.15.1
3e844b9 feat: don't resolve licenses for local modules
5cf9b4d feat: introduce -reproducible flag
4e7d435 fix: null-deref panic when using -std on a module without dependencies

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.7.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.7

v0.6.1

Changelog

5c79db4 feat: also include non-spdx resolvable licenses
6257210 fix: licenses cannot include ID and name

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.6.1
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.6

v0.6.0

Changelog

7e52523 feat: add support for license resolution (via #18)
ec2d198 ci: don't run go mod download and go mod tidy explicitly anymore (#16)
4e189e8 ci: resolve licenses
0a11b4b ci: set app version when installing during goreleaser run
7c74821 feat: add licenses flag; ensure detected licenses are valid SPDX licenses (#2)
13150e2 feat: add some very basic logging (#17)
1b63b32 feat: bare bones prototype of license resolution via pkg.go.dev (#2)
9bb7d60 feat: consider module privacy when fetching license info (#2)
cb6081a feat: run go mod download and go mod tidy before listing modules (#16)
b03b144 feat: support resolution of multiple licenses (#2)
0393c81 refactor: remove unnecessary StartsWith util function

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.6.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.6

v0.5.0

Changelog

9638c06 ci: auto-close github milestones when releasing
956dec6 ci: don‘t skip docker pushes anymore (#13)
a253418 ci: enable docker login again (#13)

Docker images

• docker pull cyclonedx/cyclonedx-gomod:latest
• docker pull cyclonedx/cyclonedx-gomod:v0.5.0
• docker pull cyclonedx/cyclonedx-gomod:v0
• docker pull cyclonedx/cyclonedx-gomod:v0.5