v0.1.0
·
1442 commits
to main
since this release
What's Changed
Enhancements 🚀
- Simplify handling of secret key by @nscuro in #188
- Implementation of stateful retries for vulnerability analyzers by @nscuro in #174
- Snyk: skip unsupported PURL types by @nscuro in #200
- Add health-, ready-, and liveness checks for vuln analyzer by @nscuro in #202
- Export request duration metrics for Snyk HTTP client by @nscuro in #205
- Unify metric and tag names by @nscuro in #207
- Add Grafana dashboard for vulnerability analyzer by @nscuro in #211
- Support multiple instances in vuln analyzer Grafana dashboard by @nscuro in #214
- helm charts capability added for repo meta analyzer as well as notifi… by @mehab in #225
- Remove last traces of Alpine by @nscuro in #237
- Cleanup dependency management by @nscuro in #242
- Use native images for demo Compose setup by @nscuro in #243
- Use pre-built API server container image for demo by @nscuro in #246
- Use Quarkus'
fast-jarpackaging again by @nscuro in #249 - Build and publish native executables for amd64 and arm64 by @nscuro in #255
- Compose: Add frontend container; Increase default stream threads to 3 by @nscuro in #275
- Tweak dockerfiles by @nscuro in #277
- Disable database features for mirror service by @nscuro in #298
- Add basic checkstyle config by @nscuro in #314
- Avoid repartition caused by tombstone emitters by @nscuro in #312
- Re-enable SonarCloud by @nscuro in #324
- Feature/snyk batch processor by @VithikaS in #323
- Add protobuf serializers and schemas for vulnerability analysis domain by @nscuro in #337
- Build and push JVM-based images with Quarkus again by @nscuro in #358
- Remove mirroring of analyzer results by @nscuro in #357
- Metrics trial by @VithikaS in #351
- Refactor
vulnerability-analyzerto use Protobuf schemas by @nscuro in #338 - Add prefix by @VithikaS in #360
- Log retryable exceptions in
debuglevel instead ofwarnby @nscuro in #365 - Prevent Quarkus datasource dev services from starting for metrics service by @nscuro in #371
- Reduce memory footprint of demo Compose setup by @nscuro in #385
- Change protoc version by @sahibamittal in #395
- Enable compaction for metrics topics by @nscuro in #397
- Map description of OSS Index vulnerabilities by @nscuro in #407
- Refactor repository meta analyzer to use Protobuf schemas by @nscuro in #411
- Bump Redpanda and Redpanda Console by @nscuro in #413
- Revert ID column types from int to long again by @nscuro in #412
- Introduce
buffor QA of Protobuf schemas by @nscuro in #414 - Feature/fix internal analyzer by @mehab in #418
- Add dashboards by @VithikaS in #421
- Refactor notification publisher to use Protobuf schemas by @nscuro in #415
- Initial work for end-to-end tests by @nscuro in #422
- Add filters to
instancevariable of Grafana dashboards by @nscuro in #453 - Consider topic prefix for notification topic pattern by @nscuro in #460
- Enable Snappy compression for notification-publisher and repository-meta-analyzer by @nscuro in #463
- Feature/new OSV implement by @mehab in #462
- Replace legacy mirror-service with mirror-service-x by @nscuro in #477
- Cleanup by @nscuro in #479
- Port
BOM_PROCESSING_FAILEDnotification from upstream by @nscuro in #484 - Emit a single result event for vulnerability scans by @nscuro in #464
- Ensure all services expose health endpoints by @nscuro in #495
- build(deps): upgrade open-vulnerability-clients by @jeremylong in #506
- backported enhancement from 2396 by @mehab in #514
- Add mapping for alias sync enabled by @sahibamittal in #508
- build(deps): bump open-vulnerability-clients from 3.0.0 to 4.0.1 by @jeremylong in #511
- Optimize state store usage by @nscuro in #538
- Added SnykAnalyserException by @VithikaS in #543
- Replace cpe with generic as versioning scheme in NVD parser by @sahibamittal in #546
- Update supported PURL types for Snyk and bump default API version by @nscuro in #552
- Handle multiple topic configs in
create-topics.shby @nscuro in #555 - Add helm chart by @nscuro in #556
- Port tests for
SendMailPublisherby @nscuro in #565 - Helm: Add port definition to vuln analyzer service by @nscuro in #569
- Bump various container image versions by @nscuro in #577
- Helm: Add API server and frontend by @nscuro in #570
- Capture physical allocated memory (RSS) of the JVM process by @nscuro in #580
- Revise labels in Helm chart by @nscuro in #583
- Migrate Notification Publisher to Confluent Parallel Consumer by @nscuro in #586
- Have the API server generate the DB schema for the demo setup by @nscuro in #623
- Add Benthos configs for BOM forwarding by @nscuro in #634
- Update demo setup by @nscuro in #650
- Remove indexing service notification by @nscuro in #662
- Update API server Grafana dashboard by @nscuro in #677
- Bump Redpanda and Redpanda Console image versions by @nscuro in #697
- Switch to Mandrel for native image builds by @nscuro in #714
- Add release workflow by @nscuro in #709
- Add IntelliJ run configurations for common tasks by @nscuro in #726
- Remove unused
org.hyades.vuln.v1proto by @nscuro in #730
Bug Fixes 🐛
- Revert "Update actions/setup-java action to v3.7.0 (#143)" by @nscuro in #152
- Fix build of container image for native executable by @nscuro in #195
- Use GH Action to build and push container image in one step by @nscuro in #196
- Register RetryableRecord.JsonRecordHeader for reflection by @nscuro in #201
- Fix load test fixture generation by @nscuro in #216
- Fix Maven repo meta analysis failing with native image by @nscuro in #241
- Fix sonar project key by @nscuro in #260
- Fix ClassNotFoundException in Caffeine for native image by @nscuro in #263
- Build multi-platform images for jar-based distribution by @nscuro in #264
- Fix container image repo name; Do not push on forks by @nscuro in #266
- Fix
NugetMetaAnalyzerreportingMetaModel.componentasnullby @nscuro in #292 - Provide empty fallback value for
API_TOPIC_PREFIXincreate-topics.shby @nscuro in #355 - Increase timeout for arm64 native builds to 75 minutes by @nscuro in #367
- Fix JVM-based container images for arm64 by @nscuro in #393
- Fix NPE when preparing notification template by @nscuro in #404
- Avoid erroneous WARN logs during Snyk analysis by @nscuro in #408
- Feature/fix internal analyzer by @mehab in #417
- Fix
XPathFactoryConfigurationExceptioninMavenMetaAnalyzerwhen running JVM-based container image by @nscuro in #423 - Fix e2e tests failing in CI due to
host.docker.internalnot being available by @nscuro in #436 - Ensure timestamps for Go modules are parsed as UTC by @nscuro in #521
- Fix incorrect
containscheck inModelConverter#compareSeveritiesby @nscuro in #524 - Quick-fix : publisher class in NotificationRouter by @sahibamittal in #537
- set limit to 100 in batch by @VithikaS in #547
- set limit to 100 in batch by @VithikaS in #550
- Register
RocksDbConfigSetterfor reflection by @nscuro in #551 - Refactor affected range parsing by @sahibamittal in #579
- Fix inconsistent usage of labels in Helm chart by @nscuro in #588
- Fix insufficient token permissions in
_build_native_meta.ymlby @nscuro in #608 - Fix broken native images after KStreams upgrade by @nscuro in #622
- Fix native image tests for mirror-service by @nscuro in #628
- Fix
BomUploadProcessingE2ETby @nscuro in #680 - Add missing proto classes to notification-publisher's reflection config by @nscuro in #681
- Port Kafka Streams exception handler test flakiness fix by @nscuro in #703
- Fix native image integration tests by @nscuro in #711
- Fix container image group not being lower-cased by @nscuro in #729
- Default auth required and is internal to False by @mehab in #737
- Fix mirror task rejection causing KStreams to fail by @nscuro in #739
- Use
dependencytrack-botaccount to push commits tomainduring release by @nscuro in #746
Dependency Updates 🤖
- Bump ubi8/ubi-minimal from 8.7-1031 to 8.7-1049 in /mirror-service/src/main/docker by @dependabot in #267
- Bump docker/setup-buildx-action from 2.2.1 to 2.3.0 in /.github/workflows by @dependabot in #278
- Bump quarkus-helm from 0.2.3 to 0.2.4 by @dependabot in #290
- Bump docker/setup-buildx-action from 2.3.0 to 2.4.0 in /.github/workflows by @dependabot in #288
- Bump json-unit-assertj from 2.36.0 to 2.36.1 by @dependabot in #281
- Bump quarkus-helm from 0.2.4 to 0.2.5 by @dependabot in #294
- Bump maven-artifact from 4.0.0-alpha-3 to 4.0.0-alpha-4 by @dependabot in #296
- Bump returntocorp/semgrep-action from 0.37.0 to 0.38.0 in /.github/workflows by @dependabot in #295
- Bump returntocorp/semgrep-action from 0.38.0 to 0.39.0 in /.github/workflows by @dependabot in #306
- Bump quarkus.platform.version from 2.16.0.Final to 2.16.1.Final by @dependabot in #307
- Bump checkstyle from 10.6.0 to 10.7.0 by @dependabot in #315
- Bump maven-checkstyle-plugin from 3.1.2 to 3.2.1 by @dependabot in #316
- Bump quarkus.platform.version from 2.16.1.Final to 2.16.2.Final by @dependabot in #320
- Bump docker/setup-buildx-action from 2.4.0 to 2.4.1 in /.github/workflows by @dependabot in #318
- Bump quarkus.platform.version from 2.16.2.Final to 2.16.3.Final by @dependabot in #333
- Bump quarkus-helm from 0.2.5 to 0.2.6 by @dependabot in #327
- Bump returntocorp/semgrep-action from 0.39.0 to 0.43.0 in /.github/workflows by @dependabot in #334
- Bump surefire-plugin.version from 3.0.0-M8 to 3.0.0-M9 by @dependabot in #328
- Bump nvd-lib from 2.0.1 to 2.0.2 by @dependabot in #340
- Bump docker/build-push-action from 3 to 4 in /.github/workflows by @dependabot in #289
- Bump quarkus-helm from 0.2.6 to 0.2.7 by @dependabot in #344
- Bump pebble from 3.1.6 to 3.2.0 by @dependabot in #270
- Bump checkstyle from 10.7.0 to 10.8.0 by @dependabot in #345
- Bump quarkus.platform.version from 2.16.3.Final to 2.16.4.Final by @dependabot in #356
- Bump maven-compiler-plugin from 3.10.1 to 3.11.0 by @dependabot in #350
- Bump cyclonedx-core-java from 7.3.1 to 7.3.2 by @dependabot in #349
- Bump json from 20220924 to 20230227 by @dependabot in #348
- Bump checkstyle from 10.8.0 to 10.8.1 by @dependabot in #366
- Bump docker/setup-buildx-action from 2.4.1 to 2.5.0 in /.github/workflows by @dependabot in #387
- Bump surefire-plugin.version from 3.0.0-M9 to 3.0.0 by @dependabot in #403
- Bump checkstyle from 10.8.1 to 10.9.1 by @dependabot in #410
- Bump checkstyle from 10.9.1 to 10.9.2 by @dependabot in #416
- Bump maven-artifact from 4.0.0-alpha-4 to 4.0.0-alpha-5 by @dependabot in #419
- Bump quarkus.platform.version from 2.16.4.Final to 2.16.5.Final by @dependabot in #432
- Bump quarkus-helm from 0.2.7 to 0.2.8 by @dependabot in #440
- Bump json-unit-assertj from 2.36.1 to 2.37.0 by @dependabot in #441
- Bump checkstyle from 10.9.2 to 10.9.3 by @dependabot in #445
- Bump Kafka client libraries to 3.4.0 by @nscuro in #442
- Update vuln libs to 2.0.4; Remove workarounds by @nscuro in #457
- Bump jacoco-maven-plugin from 0.8.8 to 0.8.9 by @dependabot in #473
- Bump returntocorp/semgrep-action from 0.43.0 to 0.44.0 in /.github/workflows by @dependabot in #474
- Bump quarkus.platform.version from 2.16.5.Final to 2.16.6.Final by @dependabot in #481
- Bump returntocorp/semgrep-action from 0.44.0 to 0.45.0 in /.github/workflows by @dependabot in #482
- Bump jandex-maven-plugin from 3.0.5 to 3.1.0 by @dependabot in #485
- Bump jandex-maven-plugin from 3.1.0 to 3.1.1 by @dependabot in #492
- Bump maven-checkstyle-plugin from 3.2.1 to 3.2.2 by @dependabot in #502
- Bump returntocorp/semgrep-action from 0.45.0 to 0.46.0 in /.github/workflows by @dependabot in #510
- Bump jacoco-maven-plugin from 0.8.9 to 0.8.10 by @dependabot in #516
- Bump checkstyle from 10.9.3 to 10.10.0 by @dependabot in #527
- Bump log4j-over-slf4j from 2.0.6 to 2.0.7 by @dependabot in #526
- Bump returntocorp/semgrep-action from 0.46.0 to 0.47.0 in /.github/workflows by @dependabot in #532
- Bump pebble from 3.2.0 to 3.2.1 by @dependabot in #531
- Bump surefire-plugin.version from 3.0.0 to 3.1.0 by @dependabot in #541
- Bump returntocorp/semgrep-action from 0.47.0 to 0.48.0 in /.github/workflows by @dependabot in #544
- Bump checkstyle from 10.10.0 to 10.11.0 by @dependabot in #542
- Bump returntocorp/semgrep-action from 0.48.0 to 0.49.0 in /.github/workflows by @dependabot in #557
- Bump json-unit-assertj from 2.37.0 to 2.38.0 by @dependabot in #572
- Bump maven-checkstyle-plugin from 3.2.2 to 3.3.0 by @dependabot in #571
- Bump returntocorp/semgrep-action from 0.49.0 to 0.50.0 in /.github/workflows by @dependabot in #578
- Bump checkstyle from 10.11.0 to 10.12.0 by @dependabot in #587
- Bump lib.kafka.version from 3.4.0 to 3.4.1 by @dependabot in #591
- Bump surefire-plugin.version from 3.1.0 to 3.1.2 by @dependabot in #594
- Bump docker/setup-buildx-action from 2.5.0 to 2.6.0 in /.github/workflows by @dependabot in #596
- Bump docker/setup-qemu-action from 2.1.0 to 2.2.0 in /.github/workflows by @dependabot in #595
- Bump returntocorp/semgrep-action from 0.50.0 to 0.51.0 in /.github/workflows by @dependabot in #605
- Bump open-vulnerability-clients from 4.0.1 to 4.1.0 by @dependabot in #599
- Bump jandex-maven-plugin from 3.1.1 to 3.1.2 by @dependabot in #600
- Bump docker/setup-buildx-action from 2.6.0 to 2.7.0 in /.github/workflows by @dependabot in #610
- Bump docker/build-push-action from 4.1.0 to 4.1.1 in /.github/workflows by @dependabot in #611
- Bump lib.kafka.version from 3.4.1 to 3.5.0 by @dependabot in #612
- Bump quarkus.platform.version from 3.1.0.Final to 3.1.2.Final by @dependabot in #615
- Update
snappy-javato 1.1.10.1 by @nscuro in #616 - Bump bufbuild/buf-setup-action from 1.21.0 to 1.22.0 in /.github/workflows by @dependabot in #631
- Bump checkstyle from 10.12.0 to 10.12.1 by @dependabot in #632
- Bump failsafe from 3.3.1 to 3.3.2 by @dependabot in #630
- Bump json from 20230227 to 20230618 by @dependabot in #617
- Bump docker/setup-buildx-action from 2.7.0 to 2.8.0 in /.github/workflows by @dependabot in #639
- Bump bufbuild/buf-setup-action from 1.22.0 to 1.23.0 in /.github/workflows by @dependabot in #647
- Bump bufbuild/buf-setup-action from 1.23.0 to 1.23.1 in /.github/workflows by @dependabot in #651
- Bump json-unit-assertj from 2.38.0 to 3.0.0 by @dependabot in #653
- Bump bufbuild/buf-setup-action from 1.23.1 to 1.24.0 in /.github/workflows by @dependabot in #670
- Bump returntocorp/semgrep-action from 0.51.0 to 0.53.0 in /.github/workflows by @dependabot in #673
- Bump actions/setup-python from 4.6.1 to 4.7.0 in /.github/workflows by @dependabot in #669
- Bump bufbuild/buf-setup-action from 1.24.0 to 1.25.0 in /.github/workflows by @dependabot in #678
- Bump quarkus.platform.version from 3.1.2.Final to 3.2.0.Final by @dependabot in #654
- Bump snappy-java from 1.1.10.1 to 1.1.10.2 by @dependabot in #668
- Bump lib.resilience4j.version from 2.0.2 to 2.1.0 by @dependabot in #652
- Bump maven-artifact from 4.0.0-alpha-5 to 4.0.0-alpha-7 by @dependabot in #637
- Bump docker/setup-buildx-action from 2.8.0 to 2.9.1 in /.github/workflows by @dependabot in #666
- Bump quarkus.platform.version from 3.2.0.Final to 3.2.1.Final by @dependabot in #683
- Bump quarkus.platform.version from 3.2.1.Final to 3.2.2.Final by @dependabot in #695
- Bump lib.kafka.version from 3.5.0 to 3.5.1 by @dependabot in #696
- Bump org.xerial.snappy:snappy-java from 1.1.10.2 to 1.1.10.3 by @dependabot in #694
- Bump actions/setup-java from 3.11.0 to 3.12.0 in /.github/workflows by @dependabot in #698
- Bump com.puppycrawl.tools:checkstyle from 10.12.1 to 10.12.2 by @dependabot in #706
- Bump us.springett:cvss-calculator from 1.4.1 to 1.4.2 by @dependabot in #707
- Bump bufbuild/buf-setup-action from 1.25.0 to 1.25.1 in /.github/workflows by @dependabot in #720
- Bump quarkus.platform.version from 3.2.2.Final to 3.2.3.Final by @dependabot in #721
- Bump parallel consumer to 0.5.2.6 by @nscuro in #723
- Bump bufbuild/buf-setup-action from 1.25.1 to 1.26.0 in /.github/workflows by @dependabot in #738
- Bump returntocorp/semgrep-action from 0.53.0 to 0.55.0 in /.github/workflows by @dependabot in #740
Other Changes
- Feature/snyk analyzer by @mehab in #1
- Feature/snyk analyzer by @mehab in #2
- Update maven.yml by @VinodAnandan in #3
- Removed hardcoded topic names by @japurva1502 in #4
- Feature/snyk analyzer by @mehab in #5
- Changes to pass the Snyk and OSS event on to same topic ( PR feedback… by @japurva1502 in #6
- Impleted callback while sending data back to DT(Alioune's PR Review) by @japurva1502 in #7
- Update README.md by @VinodAnandan in #8
- added code owners file by @mehab in #9
- added whole team by @mehab in #10
- adding for auto merge bot by @mehab in #11
- another try by @mehab in #12
- Refactoring of Config changes to use Memory Map instead of GlobalKTable by @japurva1502 in #13
- Redpanda 22.2.5 by @VinodAnandan in #15
- Configure Renovate by @renovate in #16
- Update returntocorp/semgrep-action digest to 64cc85a by @renovate in #17
- Update quarkus.platform.version to v2.13.1.Final by @renovate in #18
- Update dependency org.apache.maven.plugins:maven-compiler-plugin to v3.10.1 by @renovate in #20
- Update registry.access.redhat.com/ubi8/openjdk-11 Docker tag to v1.14-5 by @renovate in #21
- Feature/pr fixes by @mehab in #14
- Add Redpanda Console by @nscuro in #22
- Update dependency org.glassfish.jaxb:jaxb-runtime to v4 by @renovate in #25
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.6-941 by @renovate in #24
- added changes for make producers more resillient by @mehab in #23
- Update quay.io/quarkus/quarkus-micro-image Docker tag to v2 by @renovate in #27
- Update dependency org.json:json to v20220924 by @renovate in #26
- PR Fix: https://github.com/syalioune/DTKafkaPOC/pull/1#discussion_r98… by @japurva1502 in #28
- Feature/dt kafka by @japurva1502 in #30
- added size check on snyk vulnerable software list by @mehab in #32
- Update dependency us.springett:alpine-parent to v2.1.0 by @renovate in #31
- Remove
PrimaryConsumerby @nscuro in #33 - Update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.2 by @renovate in #36
- Update returntocorp/semgrep-action digest to bda1bd5 by @renovate in #35
-
- Added random UUID to application config of ConfigConsumer, so that… by @japurva1502 in #34
- code cleanup by @mehab in #40
- Update maven.compiler.release to 17 + CodeQL JDK 17 by @VinodAnandan in #41
- Feature/dt kafka by @japurva1502 in #39
- Update quarkus.platform.version to v2.13.2.Final by @renovate in #42
- Feature/remove config from topic by @mehab in #43
- Update registry.access.redhat.com/ubi8/openjdk-11 Docker tag to v1.14-5.1665493380 by @renovate in #44
- Feature/snyk batch revamp by @mehab in #45
- Update scanner configuration to be loadable from properties as well by @nscuro in #46
- Feature/dt kafka by @japurva1502 in #47
- Update returntocorp/semgrep-action digest to 080fad8 by @renovate in #48
- Fix and improve OSS Index analyzer by @nscuro in #49
- Update actions/setup-java action to v3.6.0 by @renovate in #51
- Update returntocorp/semgrep-action digest to 1635b94 by @renovate in #52
- Update quarkus.platform.version to v2.13.3.Final by @renovate in #53
- Update returntocorp/semgrep-action digest to 448aa1b by @renovate in #56
- Update registry.access.redhat.com/ubi8/openjdk-11 Docker tag to v1.14-6 by @renovate in #54
- upgrading java version by @mehab in #57
- Fix snyk analyzer by @nscuro in #58
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.6-985 by @renovate in #59
- Feature/dt kafka by @japurva1502 in #61
- Update dependency com.konghq:unirest-java to v3.13.12 by @renovate in #60
- Feature/dt kafka by @japurva1502 in #62
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.2.7 by @renovate in #64
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.6-994 by @renovate in #67
- Rework Analyzer Topology by @nscuro in #66
- Fix kafka dev ui on quarkus dev services by @mehab in #72
- Update returntocorp/semgrep-action digest to b470269 by @renovate in #71
- Fix Snyk client failing to encode PURLs properly by @nscuro in #74
- Update quarkus.platform.version to v2.13.4.Final by @renovate in #75
- Clarify key of
component-analysistopic by @nscuro in #76 - Update dependency com.fasterxml.jackson.datatype:jackson-datatype-jsr310 to v2.14.0 by @renovate in #73
- externalized secret generation and usage added. by @mehab in #77
- Update returntocorp/semgrep-action digest to 2c47a3d by @renovate in #78
- Update quarkus.platform.version to v2.14.0.Final by @renovate in #82
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-923 by @renovate in #80
- Update returntocorp/semgrep-action digest to a1b2486 by @renovate in #81
- Update dependency org.cyclonedx:cyclonedx-core-java to v7.2.1 by @renovate in #83
- Update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.7.3 by @renovate in #84
- Update returntocorp/semgrep-action digest to 72a8de1 by @renovate in #85
- Hibernate-Integration by @japurva1502 in #86
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.1 by @renovate in #88
- NotificationService Onboarding on Quarkus by @japurva1502 in #87
- Update docker.redpanda.com/vectorized/console Docker tag to v2.1.0 by @renovate in #91
- Notification Service changes by @japurva1502 in #90
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.2 by @renovate in #92
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.3 by @renovate in #94
- Update returntocorp/semgrep-action digest to 75c9432 by @renovate in #95
- Update quarkus.platform.version to v2.14.1.Final by @renovate in #93
- Load CWE dictionary from classpath by @nscuro in #96
- Implement per-analyzer caching by @nscuro in #89
- Feature/repo meta analysis by @mehab in #79
- Update dependency org.cyclonedx:cyclonedx-core-java to v7.3.0 by @renovate in #100
- Update dependency com.konghq:unirest-java to v3.13.13 by @renovate in #101
- Update resilience4j to v2 (major) by @renovate in #102
- Multi module structure by @japurva1502 in #99
- Fix repo meta analyzer by @nscuro in #104
- Add workflow to publish container images to ghcr by @nscuro in #106
- Fix typo by @nscuro in #107
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.4 by @renovate in #108
- Basic demo Docker Compose setup by @VinodAnandan in #109
- Update dependency io.smallrye:jandex-maven-plugin to v3.0.4 by @renovate in #111
- Update dependency com.github.ben-manes.caffeine:jcache to v3.1.2 by @renovate in #110
- Clarify some details in
DEMO.mdby @nscuro in #112 - Update quarkus.platform.version to v2.14.2.Final by @renovate in #114
- Update dependency com.konghq:unirest-java to v3.14.0 by @renovate in #116
- Housekeeping by @nscuro in #117
- Feature/unit test coverage by @japurva1502 in #115
- Feature/unit test coverage by @japurva1502 in #119
- Build and publish multi-platform container images by @nscuro in #121
- Add JaCoCo by @nscuro in #118
- Update returntocorp/semgrep-action digest to cb0ca88 by @renovate in #129
- Feature/unit test coverage by @japurva1502 in #128
- Add basic monitoring stack and load testing skeleton by @nscuro in #122
- Perform sonar analysis in CI workflow by @nscuro in #127
- Update grafana/grafana-oss Docker tag to v9.3.0 by @renovate in #130
- Fix erroneous removal of jacoco plugins by @nscuro in #132
- Vulnerability analyzer Test by @sahibamittal in #123
- Add more tests for SnykAnalyzer and SnykClient by @nscuro in #133
- Port repository analyzer tests from API server by @nscuro in #140
- Add build status and Sonar metrics badges by @nscuro in #139
- Update docker.redpanda.com/vectorized/console Docker tag to v2.1.1 by @renovate in #142
- Update actions/setup-java action to v3.7.0 by @renovate in #143
- Update returntocorp/semgrep-action digest to 1f574d3 by @renovate in #145
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-923.1669829893 by @renovate in #146
- Update grafana/grafana-oss Docker tag to v9.3.1 by @renovate in #144
- Update prom/prometheus Docker tag to v2.40.5 by @renovate in #131
- Update postgres Docker tag to v15 by @renovate in #105
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.5 by @renovate in #151
- Update returntocorp/semgrep-action digest to af37f2c by @renovate in #150
- Update resilience4j to v2.0.1 by @renovate in #149
- Update dependency io.smallrye:jandex-maven-plugin to v3.0.5 by @renovate in #147
- Update dependency com.konghq:unirest-java to v3.14.1 by @renovate in #148
- Update returntocorp/semgrep-action digest to 027b0fd by @renovate in #155
- Update actions/setup-java action to v3.8.0 by @renovate in #154
- Update prom/prometheus Docker tag to v2.40.6 by @renovate in #159
- Update returntocorp/semgrep-action digest to 031b0ac by @renovate in #157
- Update resilience4j to v2.0.2 by @renovate in #158
- Update actions/setup-java action to v3.9.0 by @renovate in #164
- Update prom/prometheus Docker tag to v2.40.7 by @renovate in #163
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.6 by @renovate in #160
- Update dependency us.springett:alpine-common to v2.2.0 by @renovate in #165
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.8 by @renovate in #166
- Issue 125 : Caching repo meta analyzer by @sahibamittal in #161
- Update grafana/grafana-oss Docker tag to v9.3.2 by @renovate in #168
- Update returntocorp/semgrep-action digest to 9d0e5a1 by @renovate in #169
- Update dependency org.apache.maven:maven-artifact to v4.0.0-alpha-3 by @renovate in #167
- Update prom/prometheus Docker tag to v2.41.0 by @renovate in #173
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.9 by @renovate in #170
- Update dependency @types/k6 to ^0.42.0 by @renovate in #171
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-1031 by @renovate in #172
- Update dependency org.cyclonedx:cyclonedx-core-java to v7.3.1 by @renovate in #176
- Update quarkus.platform.version to v2.15.1.Final by @renovate in #153
- Internal analyzer by @japurva1502 in #156
- Feature/vulnanalyzer native binary by @mehab in #179
- Issue-126 : Circuit breaker for snyk and oss clients by @sahibamittal in #181
- Feature/analyzer completion by @japurva1502 in #180
- Feature/helm charts by @mehab in #177
- change to graalvm image generation by @mehab in #183
- graalvm native binary tryout by @mehab in #184
- graalvm native binary creation by @mehab in #185
- fix version for native binary by @mehab in #186
- Update dependency io.quarkiverse.helm:quarkus-helm to v0.2.1 by @renovate in #182
- Update dependency io.pebbletemplates:pebble to v3.2.0 by @renovate in #113
- Downgrade dependency io.pebbletemplates:pebble to v3.1.6 by @VinodAnandan in #187
- Feature/trygraal by @mehab in #193
- Add script to generate test fixture BOMs for load testing by @nscuro in #189
- Feature/trygraal by @mehab in #194
- Feature/update helm to native by @mehab in #198
- Mirror service setup with OSV implementation by @sahibamittal in #204
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.10 by @renovate in #213
- Update dependency org.glassfish.jersey.core:jersey-common to v2.38 by @renovate in #209
- Update dependency org.assertj:assertj-core to v3.24.1 by @renovate in #203
- Update dependency org.assertj:assertj-core to v3.24.1 by @renovate in #208
- Update mirroring response to Cyclonedx schema by @sahibamittal in #217
- Update dependency io.quarkiverse.helm:quarkus-helm to v0.2.2 by @renovate in #218
- Update surefire-plugin.version to v3.0.0-M8 by @renovate in #223
- Update dependency org.mock-server:mockserver-netty to v5.15.0 by @renovate in #224
- Feature/repo meta native by @mehab in #210
- Add basic architecture overview diagram by @nscuro in #228
- Update registry.access.redhat.com/ubi8/ubi-minimal Docker tag to v8.7-1049 by @renovate in #226
- Update docker.redpanda.com/vectorized/redpanda Docker tag to v22.3.11 by @renovate in #229
- Update dependency io.quarkiverse.helm:quarkus-helm to v0.2.3 by @renovate in #230
- Update dependency org.assertj:assertj-core to v3.24.2 by @renovate in #232
- Update dependency org.assertj:assertj-core to v3.24.2 by @renovate in #231
- Update quarkus.platform.version to v2.15.3.Final by @renovate in #199
- Update dependency io.quarkus:quarkus-apache-httpclient to v2.15.3.Final by @renovate in #227
- Workaround for buildx build failures by @nscuro in #236
- Add missing Dockerfiles for mirror-service by @nscuro in #238
- Update
CONFIGURATION.mdby @nscuro in #235 - Update returntocorp/semgrep-action digest to 4a4a38b by @renovate in #248
- Update CODEOWNERS by @VinodAnandan in #250
- bugfix/fix-documentation by @VithikaS in #251
- Enable compaction for
dtrack.vulnerabilitytopic by @nscuro in #233 - Update returntocorp/semgrep-action digest to 137b6fa by @renovate in #252
- Tracking of scanner completion with Kafka Streams by @nscuro in #219
- Update dependency maven to v3.8.7 by @renovate in #254
- Add justifications for various architectural decisions by @nscuro in #257
- make sonar happy by @VithikaS in #256
- Update grafana/grafana-oss Docker tag to v9.3.4 by @renovate in #259
- changes to project name and repo name tested successfully locally by @mehab in #258
- added required label by @mehab in #261
- Update quarkus.platform.version to v2.16.0.Final by @renovate in #240
- Fix various links; Adjust various names by @nscuro in #265
- Limit dependabot Maven ecosystem to root directory by @nscuro in #276
- NVD Mirroring by @sahibamittal in #247
- Fix broken native image build of mirror-service by @nscuro in #297
- Fix Kafka compression not working in native image by @nscuro in #302
- Register
cyclonedx-core-javaandnvd-libmodel classes for reflection by @nscuro in #303 - Feature/reafctor parser by @VithikaS in #309
- Add
LICENSEby @nscuro in #313 - Add smoke tests for native images by @nscuro in #310
- Add basic documentation for vulnerability analyzer by @nscuro in #317
- First part of using batch processign api by @VithikaS in #319
- Publish Analysers results to mirror result topic by @sahibamittal in #311
- Bugfix/change org by @VithikaS in #321
- Added snyk properties in configuration.md by @VithikaS in #326
- added appropriate content type header by @VithikaS in #330
- Update _build-native-meta.yml by @VithikaS in #331
- Removed snykHttpClient bean by @VithikaS in #332
- Update SonarCloud organization and project key by @nscuro in #336
- Update nvd-lib version and imports by @sahibamittal in #339
- Re-enable SonarCloud badges in
README.mdby @nscuro in #342 - Issue-343 : Make topic prefix configurable by @sahibamittal in #347
- Add native workflow for metrics service by @VithikaS in #361
- Set timeouts for GitHub Actions workflows by @nscuro in #364
- enable compression by @VithikaS in #363
- Add integration test by @VithikaS in #378
- remove hibernate sql logging in dev mode as well by @mehab in #380
- Fix vulnerability project count and add dashboard by @VithikaS in #396
- Refactor metrics service to use Protobuf schemas by @nscuro in #386
- Remove metrics service by @VithikaS in #409
- Fix NPE on mirror service by @VithikaS in #427
- added api_topic_prefix in the environment variables of init container by @mehab in #428
- Fixed epoch issue by @VithikaS in #438
- Fixed epoch issue by @VithikaS in #439
- Fixed epoch issue by @VithikaS in #446
- Do not require topics of disabled scanners to be present by @nscuro in #429
- Run integration tests in CI workflow by @nscuro in #449
- updated default version by @mehab in #450
- Update snyk purl API default version to 2023-03-29~beta by @VinodAnandan in #454
- Add tests for reworked mirror service by @nscuro in #448
- Add end-to-end tests for OSS Index and Snyk analysis by @nscuro in #456
- Add parsing for nvd OSV to mirror x by @VithikaS in #459
- Provide OSS Index credentials to E2E tests; Increase timeout by @nscuro in #458
- Add
TOPICS.mdby @nscuro in #471 - Fix PURL casing mismatches for Snyk by @nscuro in #472
- Rework mirror service by @nscuro in #447
- Do not expect an explicit result for every submitted PURL from Snyk by @nscuro in #480
- Use back references instead of including all affected projects in notification subject by @nscuro in #468
- Feature/openshift by @mehab in #487
- Retry added to NvdMirror task by @mehab in #491
- Disable mapping of system properties in helm chart creation by @mehab in #494
- Bump Redpanda by @nscuro in #497
- Bump frontend for demo setup to 4.8.0 by @nscuro in #496
- removing wrapper by @mehab in #498
- added changes for backport pr 2327 addressing issue: 2134 by @mehab in #512
- Map SNYK publication time and remedies by @sahibamittal in #513
- Increase timeout of
testjob to 25 minutes by @nscuro in #520 - Add CPAN repository type by @sahibamittal in #518
- Better handling of repository meta analysers errors by @sahibamittal in #519
- Implement proper priority handling for Snyk severity sources by @nscuro in #507
- Remove CodeQL workflow by @nscuro in #523
- DataNucleus: Add logging bridge by @sahibamittal in #522
- Add
CODE_OF_CONDUCT.md,CONTRIBUTING.md, andSECURITY.mdby @nscuro in #528 - Update API server Grafana dashboard by @nscuro in #533
TOPICS.md: Specify compaction for changelog topics by @nscuro in #534- Clean notification publisher templates by @sahibamittal in #530
- Fix mirror service demo setup by @nscuro in #536
- Use atomic integer for comparison by @VithikaS in #549
- Update quarkus.platform.version to 2.16.7.Final by @VinodAnandan in #558
- Convert Bom to object from string by @VithikaS in #560
- fix SIGTERM container handling by @sahibamittal in #562
- Fix NPE for email alerts by @sahibamittal in #563
- Update load test script by @mehab in #564
- Update
TOPICS.mdby @nscuro in #566 - Issue-554 : merge notification and vex topics by @sahibamittal in #568
- Temporarily disable Linux package types for Snyk by @nscuro in #567
- removed internal cache and increased ttl for snyk and ossindex entries by @mehab in #575
- Replace Flyway with testcontainers init script by @nscuro in #585
- Upgrade to Quarkus 3 by @nscuro in #590
- Feature/vulnanalysis complete notification by @mehab in #593
- using try with resources on httpclient by @mehab in #598
- fix pipeline by @VithikaS in #603
- Lock down GitHub Actions workflows by @nscuro in #607
- Make properties configurable for httpClient by @mehab in #601
- renamed proto messages to sync up with apiserver per review comments by @mehab in #604
- Separate persistence classes into
commons-persistencemodule by @nscuro in #539 - use httpClient from commons module so proxy settings can be applied for osv client by @mehab in #621
- renamed variable for better semantics of json result by @mehab in #625
- Feature/e2etest by @mehab in #613
- Include Snyk request ID in exception message by @nscuro in #627
- Add support for logging in JSON format by @nscuro in #626
- Avoid parse exceptions showing up as errors in the osv mirror log by @mehab in #614
- Revert "Fix native image tests for mirror-service" by @nscuro in #629
- Replace deprecated call by @mehab in #658
- added changes to support global authentication by @mehab in #659
- Feature/revert debug logs by @mehab in #667
- added build plugin by @mehab in #672
- Update scannerResult with BOV instead of DT vulnerabilities by @sahibamittal in #663
- Use JVM-based images for
docker-compose.ymlby @nscuro in #676 - Remove
quarkus-maven-pluginfromcommons-persistenceby @nscuro in #679 - Fix Snyk reporting unrelated vulnerabilities by @nscuro in #688
- Add
commons-kstreamsmodule and implement Kafka Streams exception handlers by @nscuro in #675 - Issue 392 improve integration test coverage by @sahibamittal in #682
- Add status in ProjectVulnAnalysisCompleteSubject by @sahibamittal in #705
- Decouple design docs from #664 into markdown file by @nscuro in #715
- Fix precision of CVSS scores by @sahibamittal in #722
- Remove unused
ManagedUserclass from persistence model by @nscuro in #734 - Change project version to
0.1.0-SNAPSHOTin preparation of first release by @nscuro in #742 - Run e2e tests against
snapshottags by @nscuro in #744
New Contributors
- @mehab made their first contribution in #1
- @VinodAnandan made their first contribution in #3
- @japurva1502 made their first contribution in #4
- @renovate made their first contribution in #16
- @sahibamittal made their first contribution in #123
- @VithikaS made their first contribution in #251
- @dependabot made their first contribution in #267
- @jeremylong made their first contribution in #506
Full Changelog: https://github.com/DependencyTrack/hyades/commits/v0.1.0
Contributors
jeremylong, renovate, and 7 other contributors