Skip to content

Releases: stacknil/scientific-computing-toolkit

sbom-diff-and-risk v0.2.0

15 Apr 06:29
@stacknil stacknil
v0.2.0
b59d1f1

Choose a tag to compare

View all tags
sbom-diff-and-risk v0.2.0 Latest
Latest

Highlights

  • policy-aware reporting and enforcement-oriented CLI behavior
  • GitHub-compatible SARIF export with code scanning validation on main
  • conservative parser tightening for deterministic local mode
  • sbom-diff-and-risk package version bumped to 0.2.0

Verification

  • local python -m pytest passed before release
  • GitHub code scanning analysis on main now reports tool version 0.2.0
Assets 2
Loading

v0.1.0

10 Apr 03:23
@stacknil stacknil
v0.1.0
88ca227

Choose a tag to compare

View all tags
v0.1.0

v0.1.0

  • Added deterministic diffing for CycloneDX JSON, SPDX JSON, requirements.txt, and pyproject.toml
  • Added conservative risk buckets for new packages, major upgrades, unknown licenses, suspicious sources, and opt-in future stale evaluation
  • Added stable JSON/Markdown reporting with golden tests
  • Clarified scope: no CVE matching, no hidden enrichment, no reputation scoring by default
Loading