1.3
Implemented support for compositions which precisely describe the completeness of relationships (component assemblies and dependencies). Added name-value store that can be used to describe additional data about the components, services, or the SBOM that isn’t native to the core specification. Improved support for copyright holders and licenses as additional evidence. Added license support for the SBOM itself. Added support for Protocol Buffers to make machine to machine SBOM transport more efficient.
Announcement: https://cyclonedx.org/news/cyclonedx-v1.3-released/
What's Changed
- Bump junit from 4.12 to 4.13.1 in /tools by @dependabot in #39
- manufacture grammar fix by @bradh in #58
- Add protobuf format by @coderpatros in #54
- Add BOM license information by @coderpatros in #52
- Added support for key/value store (properties) by @stevespringett in #55
- Initial implementation for compositions (known unknowns) by @stevespringett in #59
- Added support for evidence of licenses and copyrights by @stevespringett in #61
- Refactor BOM license to make use of license choice type by @coderpatros in #65
- Tracking updates to protobuf format for feedback by @coderpatros in #66
- #69 - Added support for hashes on external references. Added unit tests by @stevespringett in #71
- URI cleanup for JSON by @stevespringett in #68
- Removed default empty string and unnecessary regex pattern by @stevespringett in #74
- Fix a few places where uri-reference has been applied at the array level instead of the array item level by @coderpatros in #75
- Specification v1.3 by @coderpatros in #63
- v1.3 Release candidate - Removing snapshot in preparation for release by @stevespringett in #76
- Bump commons-io from 2.5 to 2.7 in /tools by @dependabot in #64
New Contributors
Full Changelog: 1.2...1.3