Rate Limiting Support

Added the following features:

• Added x-request-id to all scanning requests to give better tracking of issues
• Added bad_request error log file to aid debug
• Added support for handling 503 service unavailable responses

Certificate Download Support

Added

• Added utils cert-download sub-command to help with the use of custom certificates
  • Included a local certificate download script leveraging openssl too: cert_download.sh
• Added documentation to help with certificate and proxy configuration

Proxy and Results Conversion Support

This release contains multiple features:

• Added support for proxy (--proxy) and certificates (--ca-certs) while scanning
  • Certificates can also be supplied using environment variables: REQUESTS_CA_BUNDLE & GRPC_DEFAULT_SSL_ROOTS_FILE_PATH
  • Proxies can be supplied using: grpc_proxy, https_proxy, http_proxy, HTTPS_PROXY, HTTP_PROXY
• Added snippet match fields to CSV output
• Added convert command to convert raw JSON reports into CSV, CycloneDX and SPDXLite
• Added utils certloc sub-command to print the location of Python's CA Cert file
  • This is useful to know where to append custom certificates to if needed

File statistics and multi-platform container images

This release contains a new sub command; scanoss-py file_count . which will produce file extension statistics for evaluating how much source code is in a folder.
It also contains multiple container platform (amd64 and arm64) images.

CycloneDX Vulnerability Details and Scan Obfuscation

This release contains vulnerability details in the CycloneDX output and adds support for filename obfuscation (--obfuscate) while scanning source files.

Fixed issue with dependency lock file parsing

Fixed an issue where some .lock files were overwriting dependency entries.

SPDXLite and CycloneDX Improvements

Updated the SPDX Lite license references for non-SPDX compliant instances. Updated CycloneDX to support version 1.4.

Scancode 2.0 output support

This version adds support for parsing Scancode 2.0 output format.

CSV Output and SPDX Updates

This release contains updates to the SPDX Lite output to make it compliant with the 2.2 standard, including documentDescribes.
It also has added support for CSV report output (--format csv).

Dependency Analysis Support

This version of the CLI now supports package dependency decoration as part of the scanning process (--dependencies).
Please note, it depends on scancode to search for the dependency data.
There is also a docker image which contains both tools (for convenience). It can be found here.