v0.5.0

Highlights

• Various updates to the graphQL API
• Updated to the ENT backend to make ingestion quicker
• Addition of the REST API features and build out
• Metrics via Prometheus
• Various bug fixes and improvements

What's Changed

• ede754a Add Deps.dev collector to guacone (#1661)
• 89019ad Add a demo level docker compose yaml (#1747)
• 42f945e Bump actions/cache from 3.3.3 to 4.0.0 (#1653)
• 642a10c Bump actions/cache from 4.0.0 to 4.0.1 (#1740)
• 9686503 Bump actions/create-github-app-token from 1.6.3 to 1.6.4 (#1651)
• 9c3b5d0 Bump actions/create-github-app-token from 1.6.4 to 1.7.0 (#1667)
• 9e3cd9d Bump actions/create-github-app-token from 1.7.0 to 1.8.0 (#1704)
• ceb3192 Bump actions/create-github-app-token from 1.8.0 to 1.8.1 (#1724)
• 93887c6 Bump actions/create-github-app-token from 1.8.1 to 1.9.0 (#1741)
• 45356ea Bump anchore/sbom-action from 0.15.3 to 0.15.5 (#1652)
• c350930 Bump anchore/sbom-action from 0.15.5 to 0.15.6 (#1668)
• 3844bcf Bump anchore/sbom-action from 0.15.6 to 0.15.8 (#1691)
• a3c3690 Bump aquasecurity/trivy-action from 0.16.1 to 0.17.0 (#1703)
• 1b58cd4 Bump aquasecurity/trivy-action from 0.17.0 to 0.18.0 (#1742)
• a1fd412 Bump cloud.google.com/go/storage from 1.36.0 to 1.37.0 (#1687)
• 1770712 Bump cloud.google.com/go/storage from 1.37.0 to 1.38.0 (#1716)
• 033f281 Bump cloud.google.com/go/storage from 1.38.0 to 1.39.0 (#1744)
• d597f9e Bump entgo.io/ent v0.13.0 (#1707)
• 9e5d83d Bump github.com/99designs/gqlgen from 0.17.43 to 0.17.44 (#1715)
• 60210aa Bump github.com/aws/aws-sdk-go from 1.49.17 to 1.50.6 (#1672)
• f7bdab8 Bump github.com/aws/aws-sdk-go from 1.50.6 to 1.50.11 (#1689)
• 68230c5 Bump github.com/aws/aws-sdk-go-v2/config from 1.26.6 to 1.27.4 (#1725)
• b1c67c9 Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.48.0 to 1.48.1 (#1662)
• 590df02 Bump github.com/cloudevents/sdk-go/v2 from 2.10.1 to 2.15.0 (#1669)
• ce741a7 Bump github.com/cloudevents/sdk-go/v2 from 2.15.0 to 2.15.1 (#1728)
• 5b8d7a9 Bump github.com/deepmap/oapi-codegen/v2 from 2.0.1-0.20240123090344-d326c01d279a to 2.1.0 (#1713)
• 0919d31 Bump github.com/fsouza/fake-gcs-server from 1.47.7 to 1.47.8 (#1743)
• 13b5121 Bump github.com/getkin/kin-openapi from 0.122.0 to 0.123.0 (#1727)
• a6c67d3 Bump github.com/google/osv-scanner from 1.4.3 to 1.6.1 (#1657)
• b7e84b9 Bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 (#1673)
• 755c47e Bump github.com/klauspost/compress from 1.17.4 to 1.17.5 (#1671)
• efd46f3 Bump github.com/klauspost/compress from 1.17.5 to 1.17.6 (#1701)
• 6c45c18 Bump github.com/moby/buildkit from 0.12.2 to 0.12.5 (#1679)
• e1d3451 Bump github.com/nats-io/nats-server/v2 from 2.10.9 to 2.10.10 (#1686)
• 32169e5 Bump github.com/nats-io/nats.go from 1.32.0 to 1.33.1 (#1726)
• 8eaa7ed Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 (#1745)
• cf9ccd3 Bump github.com/redis/go-redis/v9 from 9.4.0 to 9.5.0 (#1714)
• 75a5ae7 Bump github.com/regclient/regclient from 0.5.5 to 0.5.6 (#1688)
• 644b493 Bump github.com/regclient/regclient from 0.5.6 to 0.5.7 (#1700)
• 91a9be2 Bump github.com/segmentio/kafka-go from 0.4.46 to 0.4.47 (#1655)
• 315dfef Bump github.com/sigstore/sigstore from 1.8.0 to 1.8.1 (#1654)
• ec85ecd Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#1746)
• 4adbf13 Bump github.com/swaggo/swag from 1.16.2 to 1.16.3 (#1698)
• 694a8f2 Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 (#1702)
• 6e88dab Bump google.golang.org/api from 0.154.0 to 0.157.0 (#1656)
• 9db9b6a Bump google.golang.org/api from 0.157.0 to 0.160.0 (#1670)
• abd5a73 Bump google.golang.org/grpc from 1.60.1 to 1.61.0 (#1685)
• e023b46 Bump sigstore/cosign-installer from 3.3.0 to 3.4.0 (#1690)
• d5feab1 ENT - bulk ingestion and update to use IDorInputSpec (#1732)
• 237ff8c Encoding guesser (#1472)
• f750549 Error and exit when initialization fails (#1674)
• e9e3551 Fix License node ingestion when no LicenseListVersion provided. (#1738)
• 431a286 Fix the incorrect callingFuncName in the getNeighborIDFromCursor (#1730)
• 52a55e4 Github Collector Enhancements (#1566)
• dbf92ad Gqlschemafix (#1683)
• 5fbba0d Id or inputspec (#1708)
• 645dcbc Implemented key value search (#1711)
• e8ff763 Improve guac query vuln error message (#1695)
• e2c8157 Included http middleware to measure the graphql response times using prometheus. (#1675)
• de3cd11 Included prometheus server for guacql (#1635)
• c628147 Move all arango tests to common integration test suite. (#1660)
• 2169376 Update CONTRIBUTING.md about DCO and CLA. (#1723)
• b0969e3 Update default blob-addr to use filesystem (for docker-compose and k8s) (#1666)
• f6e9f46 Use filename as qualifier for SBOM file references (#1546)
• f393612 Use graphql.HasOperationContext in arangodb assembler (#1659)
• db84270 Utilize gocloud and blob store to work around pubsub message size (#1630)
• 2b3b18e [Rest API] Adds the initial API Spec and guacrest cli. (#1665)
• eee82ba abstract pubsub service via gocloud (#1664)
• 3f2ef06 add purl helper to convert from allPkgTree fragment (#1681)
• 99a4d54 attempt to fix golangci-lint issues (#1735)
• 8c27a44 feature: Verify the DSSE envelope if the verifier-key-path and verifier-key-id are provided. Fail the provenance ingestion if the document is not verified. (#1712)
• 1e337e3 fix: s3 collector (#1658)
• f1703bd fix[update-arango-graph] - creates a missing collection in already pr… (#1649)
• db6cfcc removing MAX_CONCURRENT_JOBS (#1682)
• ef4c295 save qualifiers from golang loop semantics (#1684)
• 753e57b separate software IDs into packages and artifacts for hasSBOM ingestion (#1718)
• c3464f8 update dsse processor to not guess unpacked payload (#1647)
• 277c791 update hasSBOM ingestion for large SBOMs and increase batch size for bulk ingestion (#1748)