This repository was archived by the owner on Jul 3, 2026. It is now read-only.
v2.0.0
Changelog (v2.0.0 - 13.06.2024)
The Software Composition Analysis (SCA) tool is designed to help developers and organizations manage their open-source dependencies, ensuring they are up-to-date and free of vulnerabilities. The tool synchronizes Software Bill of Materials (SBOMs) from our sbom-repo (https://github.com/surface-security/django-sbomrepo), processes dependencies and their vulnerabilities fetched from OSV.dev database, groups them by project, and offers features to suppress or automatically remediate vulnerabilities using Renovate (https://github.com/renovatebot/renovate).
Added
- GitSource Model: New model to track code sources
- SCA (Software Composition Analysis) app
- Application Model Admin: New admin view to manage applications.
Features
- SBOM Synchronization: Automatically syncs Software Bill of Materials (SBOMs) to keep track of all dependencies in your projects.
- Dependency Processing: Identifies and processes all dependencies and their associated vulnerabilities.
- Project Grouping: Organizes dependencies and vulnerabilities by project for better visibility and management.
- Vulnerability Management: Offers options to suppress or automatically remediate vulnerabilities using Renovate.