Release v5.5.0

What's Changed

• Support for cvss v4 by @prabhu in #365

Full Changelog: v5.4.8...v5.5.0

Release v5.4.8

What's Changed

• Support for app-only vdb by @prabhu in #360

Full Changelog: v5.4.7...v5.4.8

Release v5.4.7

What's Changed

• Adds alias for dompdf by @prabhu in #358

Full Changelog: v5.4.6...v5.4.7

Release v5.4.6

What's Changed

• Removes aliasing for namespaces that affected maven by @prabhu in #349

Full Changelog: v5.4.5...v5.4.6

Release v5.4.5

What's Changed

• fix: add reachable label when a purl does not have a vendor by @harshit-kochar in #345
• Do not suffix s for all pypi packages. Fixes #341 by @prabhu in #346

Full Changelog: v5.4.4...v5.4.5

Release v5.4.4

What's Changed

• Removed project alias for pypi which was resulting in FP by @prabhu in #342

Full Changelog: v5.4.3...v5.4.4

v5.4.3

Bump vdb version to get fixes for false positives.

Full Changelog: v5.4.2...v5.4.3

Release v5.4.2

What's Changed

• Fix for generic packages false positives by @prabhu in #322

Full Changelog: v5.4.1...v5.4.2

Release v5.4.1

Bump cdxgen version. Also disables cdxgen banner, since depscan has its own banner ;-)

Full Changelog: v5.4.0...v5.4.1

Release v5.4.0

Depscan container image is now based on almalinux 9.4 with python 3.12, so might be a breaking change for python scans. If your project requires an older version of Java or python, use the AppThreat base-images to generate an SBOM first, and then invoke depscan with the --bom argument.

We have also added support for malicious packages scanning.

What's Changed

• Feature/default risk audit by @prabhu in #311

Full Changelog: v5.3.5...v5.4.0