|
| 1 | +# Created with WinGet Updater using komac v2.16.0 |
| 2 | +# yaml-language-server: $schema=https://aka.ms/winget-manifest.defaultLocale.1.12.0.schema.json |
| 3 | + |
| 4 | +PackageIdentifier: CycloneDX.cdxgen |
| 5 | +PackageVersion: 12.5.0 |
| 6 | +PackageLocale: en-US |
| 7 | +Publisher: OWASP Foundation |
| 8 | +PublisherUrl: https://owasp.org/ |
| 9 | +PublisherSupportUrl: https://github.com/CycloneDX/cdxgen/issues |
| 10 | +Author: CycloneDX |
| 11 | +PackageName: CycloneDX Generator (cdxgen) |
| 12 | +PackageUrl: https://github.com/CycloneDX/cdxgen |
| 13 | +License: Apache-2.0 |
| 14 | +LicenseUrl: https://github.com/CycloneDX/cdxgen/blob/HEAD/LICENSE |
| 15 | +ShortDescription: A polyglot tool and a library for generating various Bill of Materials in CycloneDX specification. |
| 16 | +Description: Generate Software Bill of Materials (SBOM) for most applications and container images with a single command. Generate Operations Bill of Materials (OBOM) for Linux and Windows hosts. Integrate with any CI/CD pipeline. Automatically submit the generated BOM to your dependency track server for analysis. |
| 17 | +Moniker: cdxgen |
| 18 | +Tags: |
| 19 | +- bom |
| 20 | +- cbom |
| 21 | +- containers |
| 22 | +- cyclonedx |
| 23 | +- docker |
| 24 | +- oci |
| 25 | +- owasp |
| 26 | +- package-url |
| 27 | +- purl |
| 28 | +- saasbom |
| 29 | +- sbom |
| 30 | +- sca |
| 31 | +- software-bill-of-materials |
| 32 | +- supply-chain |
| 33 | +ReleaseNotes: |- |
| 34 | + Highlights |
| 35 | + This release introduces go evinse with golem integration for deep, data-flow-aware analysis of go projects. The JavaScript analyzer gains type-only import detection, better Vue.js scope resolution, and new npm build script metadata. Angular projects have improved CSS, template, and CLI evidence collection. |
| 36 | + Major Features |
| 37 | + go evinse with golem (#4073) — Full integration of the golem plugin binary for Go project analysis. Includes call graph and data-flow extraction, evidence collection (callstacks, locations, supply-chain scope), and crypto-flow evidence with cryptographic-asset component generation. |
| 38 | + Angular analyzer enhancements (#4074) — Improved required-scope detection for CSS, template, and CLI-based package usage. Style file parsing handles .css, .scss, and .less references. Template and icon class heuristics cover material-symbols, primeicons,bootstrap-icons, and fontawesome. Analyzer now detects CLI scripts including npx and pnpm dlx wrappers and hydrates npm package metadata from disk in deep mode. |
| 39 | + Vue.js precision improvements (#4115) — Scope detection parses vite.config.* and vue.config.* to reduce false negatives. astgen from atom-parsetools is improved to better infer types for angular and vue.js in JavaScript and TypeScript. |
| 40 | + JavaScript type-only imports (#4110) — The JS/TS analyzer now detects and prunes type-only imports and exports (import type { X }, export type { Y }), producing more accurate scope assignment and reducing false positives for packages used only at compiletime. |
| 41 | + @types packages excluded from runtime scope (#4108) — @types/* npm packages are now filtered out from runtime scope and excluded from requiredOnly BOMs, so they appear correctly as dev-only. |
| 42 | + Other Changes |
| 43 | + cdxgen-plugins-bin updated: Includes dosai 3.0.5 support with more improvement for dotnet and R. |
| 44 | + Pixi parsing hardened (#4077): Better handling of missing base paths and malformed toml in pixi.lock workspace files. |
| 45 | + Full Changelog: v12.4.4...v12.5.0 |
| 46 | +ReleaseNotesUrl: https://github.com/cdxgen/cdxgen/releases/tag/v12.5.0 |
| 47 | +ManifestType: defaultLocale |
| 48 | +ManifestVersion: 1.12.0 |
0 commit comments