Skip to content

v0.1.1
Compare
Choose a tag to compare
@github-actions github-actions released this 24 Jul 18:18
· 606 commits to main since this release
v0.1.1
73359ad
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This GUAC release is mostly incremental changes from the last few months. This includes bug fixes, small features, and performance improvements.

Releases now include compiled binaries with sboms, signed checksums, and intoto attestations. Additionally a guac-compose tarball is attached that is pre-configured to point to the published container for this release, ghcr.io/guacsec/guac:v0.1.1.

Changelog

  • 7510cab Add Compose Tarball to Release Workflow (#1076)
  • ddabdf6 Add HasMetadata operations and inmem implementation (#1023)
  • 08bfd91 Add PkgEqual and HashEqual predictaes -- testing + code planning (#1069)
  • 778091b Add PointOfContact predicate ingest (#1075)
  • 9cc17ad Add ability to add ingestPredicates documents for ingestion (#1051)
  • 3587e04 Add initial nodes for arangoDB backend implementation (#911)
  • 3885c0e Add packages to shell.nix (#1025)
  • d29cbb8 Add search gql (#998)
  • 290c1c3 Add support for ingesting VEX documents in the CSAF format (#729)
  • 73359ad Adding check for docker builx toolkit in Makefile to fix#1057 (#1083)
  • 06fec9c Bump actions/checkout from 3.5.2 to 3.5.3 (#951)
  • bd619a7 Bump actions/setup-python from 4.6.0 to 4.6.1 (#890)
  • e92f4ff Bump actions/setup-python from 4.6.1 to 4.7.0 (#1061)
  • 4692cde Bump anchore/sbom-action from 0.14.2 to 0.14.3 (#981)
  • 4bb77e7 Bump anchore/sbom-action from 0.7.0 to 0.14.2 (#933)
  • f58d03b Bump aquasecurity/trivy-action from 0.10.0 to 0.11.0 (#912)
  • 6fdf14c Bump aquasecurity/trivy-action from 0.10.0 to 0.11.2 (#952)
  • e1b0475 Bump cloud.google.com/go/storage from 1.30.1 to 1.31.0 (#1040)
  • 92b5a2e Bump docker/login-action from 2.1.0 to 2.2.0 (#932)
  • 2629e6c Bump github.com/99designs/gqlgen from 0.17.32 to 0.17.33 (#953)
  • 7c9bf1e Bump github.com/99designs/gqlgen from 0.17.33 to 0.17.34 (#984)
  • 74cc02e Bump github.com/99designs/gqlgen from 0.17.34 to 0.17.35 (#1066)
  • 484051c Bump github.com/fsouza/fake-gcs-server from 1.45.1 to 1.45.2 (#938)
  • 7a87726 Bump github.com/go-git/go-git/v5 from 5.6.1 to 5.7.0 (#893)
  • 8a37528 Bump github.com/google/osv-scanner from 1.3.3 to 1.3.4 (#936)
  • bf5c0d9 Bump github.com/google/osv-scanner from 1.3.4 to 1.3.5 (#1064)
  • 6eb39e9 Bump github.com/nats-io/nats-server/v2 from 2.9.17 to 2.9.18 (#956)
  • a415378 Bump github.com/nats-io/nats-server/v2 from 2.9.18 to 2.9.19 (#1009)
  • be194ab Bump github.com/nats-io/nats-server/v2 from 2.9.19 to 2.9.20 (#1062)
  • 5a4182b Bump github.com/nats-io/nats.go from 1.25.0 to 1.26.0 (#892)
  • d49e868 Bump github.com/nats-io/nats.go from 1.26.0 to 1.27.0 (#934)
  • 09c6148 Bump github.com/nats-io/nats.go from 1.27.0 to 1.27.1 (#987)
  • 1401f7c Bump github.com/ossf/scorecard/v4 from 4.10.5 to 4.11.0 (#1012)
  • 9bfd464 Bump github.com/package-url/packageurl-go (#988)
  • 01f8b31 Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 (#1038)
  • fd1fcf5 Bump github.com/regclient/regclient from 0.4.8 to 0.5.0 (#1010)
  • 618f779 Bump github.com/secure-systems-lab/go-securesystemslib (#1065)
  • c90a50a Bump github.com/sigstore/sigstore from 1.6.4 to 1.6.5 (#916)
  • bf738cb Bump github.com/sigstore/sigstore from 1.6.5 to 1.7.1 (#1011)
  • bbe27f7 Bump github.com/spf13/viper from 1.15.0 to 1.16.0 (#917)
  • ef94059 Bump github.com/vektah/gqlparser/v2 from 2.5.4 to 2.5.6 (#1008)
  • 529dadf Bump github/codeql-action from 2.3.3 to 2.3.5 (#889)
  • 4dec012 Bump github/codeql-action from 2.3.5 to 2.3.6 (#914)
  • f25d7f4 Bump github/codeql-action from 2.3.6 to 2.13.4 (#931)
  • 6db34f6 Bump golang.org/x/oauth2 from 0.8.0 to 0.9.0 (#985)
  • 045fe10 Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 (#1041)
  • 4e84729 Bump golang.org/x/sync from 0.2.0 to 0.3.0 (#957)
  • 366a649 Bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#913)
  • e0898dd Bump golangci/golangci-lint-action from 3.5.0 to 3.6.0 (#950)
  • d4b73fd Bump google.golang.org/api from 0.123.0 to 0.124.0 (#891)
  • d182921 Bump google.golang.org/api from 0.124.0 to 0.125.0 (#915)
  • 6598766 Bump google.golang.org/api from 0.125.0 to 0.128.0 (#954)
  • a998793 Bump google.golang.org/api from 0.128.0 to 0.130.0 (#1039)
  • 4f965f1 Bump google.golang.org/grpc from 1.55.0 to 1.56.0 (#955)
  • d635768 Bump google.golang.org/grpc from 1.56.0 to 1.56.2 (#1042)
  • 5bac0b1 Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 (#986)
  • b439054 Bump goreleaser/goreleaser-action from 4.2.0 to 4.3.0 (#929)
  • 309c675 Bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#983)
  • 218b613 Bump sigstore/cosign-installer from 3.0.5 to 3.1.0 (#982)
  • 314d6fd Bump sigstore/cosign-installer from 3.1.0 to 3.1.1 (#1013)
  • b912fa2 Bump slsa-framework/slsa-github-generator from 1.6.0 to 1.7.0 (#930)
  • 8a03729 Changed build tag to separate scorecardRunner_test.go to run only on Merge (#927)
  • 37971bd Cleanup arango backend and add source ingestion and query for arango (#1034)
  • 0d557cb DoesRangeInclude function (#886)
  • 41d4ee8 Enable tracing of GraphQL requests (#940)
  • 08bbd69 Fix parallel ingest when guacgql is in docker. (#900)
  • 8f639ae Fix typo (#1084)
  • e1c36ff Fixed Stackoverflow for simpledoc (#958)
  • 131eeab Fixed issue with Github client tests timing out (#906)
  • a3d96a8 Fixed: Stackoverflow in internal/testing/dochelper (#946)
  • 2046ab7 Implement FIndSoftware for Arango backend (#1032)
  • 3cc7cde Implement HasSLSA predicate case + tests (patchPlanning search method) (#1046)
  • dc2035a Implement batch ingestion for packages, artifacts, isDependency and isOccurrences (#999)
  • 952bdac Implement search dependent packages + testing (updated) (#969)
  • 8b799ed Included Unit Test for Subscribe (#1056)
  • 2360f60 Included tests and handled stack overflow error for parser (#907)
  • 3a24c08 Ingest and Query vulnerabilities for arango backend (#1052)
  • d1267d1 Involve since_time for collect-sub entry getting. (#1049)
  • e9063d4 Make ingestion from guacone parallel (#884)
  • dad342b Remove DoesRangeInclude error testing (#926)
  • 32c2b3c Remove SBOM annotations (#1027)
  • 5a2dc45 Remove annotations from hasSBOM gql example (#1037)
  • f79b2c9 Reorg graphQL to ingest nouns and verbs separately (#942)
  • a2d5192 Update spdx and osv libraries. (#908)
  • 30321c7 [fix] ingests nouns before verbs for test data (#1003)
  • f3cbf4c add GUAC use cases (#978)
  • 7d625e7 add docker context for snapshot and release build (#960)
  • fb5b129 add docker-compose for arango (#1031)
  • 25a5c72 add generic metadata gql (#1002)
  • d988552 add guac friends md (#1080)
  • 1e89b83 add guac links to past presentations (#885)
  • 3feba2c add ingestion and query of hasSLSA for Arango, remove IngestMaterials (#1081)
  • 4e6f922 add missing hasMetadata for arango (#1028)
  • 1bf5d5e add support for 'githubactions' package types (#924)
  • 0fec13b add support for using Tilt for local development (#1021)
  • 48b2234 add vex info to VULN cli (#1086)
  • 165ec24 added error if CycloneDX sboms are missing top level metadata fields (#992)
  • 1f147b7 arango ingest/query scorecard and bulk ingestion (#1070)
  • 7247869 build with goreleaser (#918)
  • 2b9306d cleanup arango backend, add ingestion of builder, add support for source ingestion for Occurrences, return IDs during ingestion and query (#1048)
  • 5f261e9 feat(collector): expose Google Cloud Storage collector from guacone CLI (#989)
  • 4afe4f6 feat: add environment file for configuring docker compose (#901)
  • d438521 feat: allow filtering of CertifyVuln query results based on whether they have vulnerabilities (#1073)
  • 39bff2a fix PURL NPE and add OCI heuristic (#1060)
  • 97bb3d4 fix allow for go git to be parsed for VcsToSrc (#1047)
  • e784f0e fix deps.dev unit test (#928)
  • dcbfc56 fix docker build and check for goreleaser (#947)
  • b18d6c7 fix lint err around annotations (#1029)
  • d46cbbd fix time equal check bug in certifyVuln and ensure that other match in the inmem database (#923)
  • 6adc09e fix: logging typo (#961)
  • de956fc fixing typo to fix #1078 (#1079)
  • 7164de2 getTopLevelPackage will now check DESCRIBES and DESCRIBED_BY relationships to populate the pUrl. It will fall back to the original method of generating pUrl if neither are available. Added test cases for both of these options. (#979)
  • 4181c17 hasSourceAt predicate for patch planning search (#1058)
  • ccc795c implement PointOfContact in inmem backend (#1033)
  • 8282449 moved vcs.go and vcs_test.go to misc (#962)
  • fcedbd0 parse current docker context from ls output (#994)
  • c00ff53 proposed PointOfContact schema (#1026)
  • 1bb597c remove unused old nodes (pre 0.1) (#1035)
  • 21273d4 set guacone collect files to ingest doc in parallel with bulk assembler (#1043)
  • b0defd6 special case for arch x86_64 should be converted to amd64 for GOARCH consistency (#968)
  • e49ce9e update client GQL fragments to public usable by go (#1085)
  • 7b3c00b update gqlgen and gqlparser (#939)
  • 9b8c4ca update spdx parsing and check for spdxIdentifier==DOCUMENT (#997)
  • 2dff95e use POSIX compliant way to redirect file descriptor (#919)
  • a67b116 use current docker context of host for buildx (#959)
  • 81e180b use docker compose healthcheck (#944)
  • 48579aa use goreleaser for local builds (#945)
Assets 57