v0.5.0

What's New

• Adds experimental OpenAI html report output. Please refer to the README.md file for more information.
• Fixes a ton of bugs and security issues.
• Updated README.md

Changelog

• 529c88e Openai report output (#210)
• 79b5dc7 Fixes 0xProto Font in devcontainer (#206)
• bd9d2b8 Extended devcontainer functionality (#205)
• 6a46058 Adds devcontainer (#203)
• 7438ff5 Toolchain patch (#197)
• 870ab0d OpenAI integration and Bug Fixes (#196)
• 56a61bf build(deps): bump actions/checkout from 3 to 4 in /.github/workflows (#190)
• 9d72ecd build(deps): bump actions/setup-go from 4 to 5 in /.github/workflows (#191)
• 430a8cf build(deps): bump github/codeql-action from 2 to 3 in /.github/workflows (#195)
• 8c44fb0 build(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.4 (#192)
• cb9f644 Create code-analysis.yaml (#194)
• 259c8b3 Fix broken link to test folder (#184)

v0.4.8

Changelog

• 831aa1c Refactoring, optimizations, and bug fixes (#183)

v0.4.7

Changelog

• 6493ced Exitcode fix, Filtering fixes (#181)

v0.4.6

Changelog

• 0d0b561 Documentation and Version Bump (#177)

v0.4.5

Changelog

• Fixes an issue where the OSV provider no longer returned results
• Adds in exit return codes (Markdown documentation outstanding, use bomber --help for usage and options)

v0.4.4

bomber doesn't like bad Purls (or empty ones for that matter). This version will warn you if there is a bad Purl in your SBOM (without a valid Purl, there is no way to pull vulnerability information). Bad Purls will not be scanned.

Changelog

• ce7c346 feat: Issue handling (#158)
• e847795 Update Snyk docs (#157)

v0.4.3

Changelog

• c67aa58 Misc. Fixes (#153)
• 3fb6906 build(deps): bump actions/setup-go from 3 to 4 in /.github/workflows (#149)

v0.4.2

Fixes an issue where bomber would exit if an ignore file wasn't specified

Changelog

• 3a1e173 Emergency fix to release.yml
• 315e647 Release v0.4.2
• df459ac Version bump and update release to go 1.20 (#141)
• 579b39b Bug Fixes (#138)

v0.4.1

Changelog

• 64ab76a Adds --ignore-file functionality (#126)
• fcea0a1 chore: update snyk readme to include more ecosystems support (#124)
• 7e83fd2 Create FUNDING.yml (#118)
• 44323cc Added missing logo asset (#117)
• 82dc67e Updated with new branding (#116)
• df79c72 Updated README.md (#115)
• 2a2695b New Bomber logo (#113)
• 1a421ad fix: Fixes issue where a license expression wasn't being utilized (#108)
• 9ee85bb fix: EPSS Score Issues (#104)
• c8a0f6b build(deps): bump goreleaser/goreleaser-action from 3 to 4 in /.github/workflows (#103)
• ef3d15f build(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.2 to 6.4.3 (#96)
• a10d9db build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#74)
• fc401c8 build(deps): bump actions/setup-go from 2 to 3 in /.github/workflows (#93)
• d1c36c6 feat: add Snyk provider docs (#99)

v0.4.0

bomber now supports enrichment of vulnerability data! Our first enrichment adds EPSS scores into the vulnerability output. What's an EPSS score? It tells us the probability that a vulnerability will be exploited. For in depth information, check out the fascinating documentation at https://www.first.org/epss/

Changelog

• 4747311 feat: EPSS support (#89)