Skip to content
This repository was archived by the owner on Jul 3, 2026. It is now read-only.

v2.0.0

Choose a tag to compare

@fpintoppb fpintoppb released this 13 Jun 11:36
47dfcd1

Changelog (v2.0.0 - 13.06.2024)

The Software Composition Analysis (SCA) tool is designed to help developers and organizations manage their open-source dependencies, ensuring they are up-to-date and free of vulnerabilities. The tool synchronizes Software Bill of Materials (SBOMs) from our sbom-repo (https://github.com/surface-security/django-sbomrepo), processes dependencies and their vulnerabilities fetched from OSV.dev database, groups them by project, and offers features to suppress or automatically remediate vulnerabilities using Renovate (https://github.com/renovatebot/renovate).

Added

  • GitSource Model: New model to track code sources
  • SCA (Software Composition Analysis) app
  • Application Model Admin: New admin view to manage applications.

Features

  • SBOM Synchronization: Automatically syncs Software Bill of Materials (SBOMs) to keep track of all dependencies in your projects.
  • Dependency Processing: Identifies and processes all dependencies and their associated vulnerabilities.
  • Project Grouping: Organizes dependencies and vulnerabilities by project for better visibility and management.
  • Vulnerability Management: Offers options to suppress or automatically remediate vulnerabilities using Renovate.