All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Changed top level supplier to reflect project level custom field Application Publisher
- Misc tag/value format updates
- Package URL fix
- RegEx update to remove _ from pacakge names
- Fix tag/value dupliate file when single file mapped to multiple packages
- Change top level relationship for project name package
- Tested with pyspdxtools
- Included Copyrights pipe seprated for project, Associated files & Unassociated files with inventories
- Remove regex sub on name/version and only applied on full package name
- Issue with non associated files when there are no files
- Updated package name to reflect just component name
- Created top level container package to contain inventory and have the document describe
- Moved package to root relatinship above file to package relationships for tag/value
- Support inventory level Package Supplier field.
- Removed "OtherFiles" package and assign any files not mapped to inventory to the top level container package
- Validated all formats with SPDX Command Line Tools using the Spdx-Java-Library v1.1.7
- Reintroduced tag/value format
- Support for License Only and Work in Progress Items
- Report option for including/excluding non runtime dependencies
- Fix documentNamespace
- Files section always included all files independent of includeUnassociatedFiles option
- Add supplier field
- Update common submodule to prep for tomcat upgrade in 2023R4
- Worked around potential issue with mismatch between file data response and files in inventory
- Added logic to set non inventory file option to False if files are being ignored
- Changed submodule to https://github.com/flexera-public/sca-codeinsight-reports-common
- Used common functions from common module
- Consolidated all children projects into single report
- Unified requirement with other reports (Python v3.6.8)
- Support for JSON output
- Added option to ignore all file level data
- Code Insight Vesion into report
- Validated with SPDX Command Line Tools using the Spdx-Java-Library v1.1.7
- Removed tag/value format
- Main report name to reflect primary project
- Update APIs to get all scanned file in a single call (performance improvement)
- Resolved lack of parentInventoryID issue with OtherFiles pacakge
- Improved logging for main output to provide more context for current report location
- Updated registration script to include registraion_config.json
- Fix dependency relationship for SPDX ID vs package name
- Handle failure in purl creation gracefully (custom components will probably be skipped)
- Support file with evidence but no copyright or license
- Encoding fix for copyrights
- Improved debugging
- LicenseRef values
- Add package dependency support
- File level license fixes for Public Domain
- support packages without associated files
- Fix declared vs concluded license determination
- Support non SPDX licenses with LicenseRef
- File level licese updates
- Special character replacement to avoid warnings
- NPM and pypi purl updates
- Misc purl value fixes
- purl and package homepage for non associated files
- SHA1 handling for imported projects
- SHA1 fix
- Purl values
- Application name from project fields
- Registration updates
- Option to include unassociated files
- Support for self signed certificates
- Updated requirements
- Use just compenant name for package
- Added component version as separate tag
- Migrated to flexera-public org
- Fixed support for server_properties.json file
- Support for report installer
- Logging cleanup
- Misc cleanup
- Create a single SPDX report for each project vs each inventory item.
- Updates for 2021R3 release
- Project Hierarchy Option
- Initial public release of SPDX Report