Skip to content

Releases: siemens/continuous-clearing

Release v8.3.0

06 Nov 12:44
@github-actions github-actions
v8.3.0
e24afd5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v8.3.0 Latest
Latest

📝Release Notes

👩‍💻 Changelog for Continuous Clearing Tool Version v8.3.0

Features

  • Enhanced Package Identifier: Detects .NET Runtime for self-contained projects and provides Chromium component warnings with extensible suggestions.
  • Upgraded to Spectre.Console for improved CA Tool output visualization.
  • CA Tool now supports clearance for Conan 2.0 and Cargo packages.

Bug Fixes

  • CA Tool can successfully download source code for all supported Poetry packages (e.g., "azure-storage-blob").
  • Artifactory uploader reliably copies all relevant Maven and NuGet packages to the siparty-release repository without failures.
  • Tool now properly handles source code upload attachment failures.
  • Correctly identifies NuGet components from packages.config files and creates them in SW360.
Assets 7
Loading

Release v8.2.1

10 Sep 08:06
@github-actions github-actions
v8.2.1
2cf0af1
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v8.2.1

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version v8.2.1:

Bug Fix

  • When creating a new release, users will now see accurate information reflecting changes such as the updated source code folder name and the revised source download URL in SW360. This ensures clarity and transparency about what is included in each release.
  • Previously, components from different package ecosystems could share the same name, leading to potential confusion during release creation and updates. To resolve this, we now leverage the package URL (purl) ID to uniquely identify each component.
    As a result, component release and update details are created and maintained correctly within SW360, preventing misidentification and improving data integrity.
Loading

Release v8.2.0

13 Aug 10:54
@github-actions github-actions
v8.2.0
e564ca2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v8.2.0

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version v8.2.0:

Feature

  • The SW360 project name is now an optional parameter; if not provided, the tool uses the mandatory project ID to fetch the name.
  • The CA Tool supports importing SPDX SBoMs and processes them correctly for all packages.

Bug Fix

  • If a release already exists in SW360 and lacks an attachment, the CA Tool correctly finds and attaches the source code to the release.
  • The CA Tool can successfully download the source code for all supported NuGet packages, including Ex: "NUnit.ConsoleRunner."
  • The Artifactory uploader reliably copies all relevant packages to the siparty-release repository without failures.
  • The tool handles unnecessary Fossology uploads and associated failures.
  • The CA Tool correctly reflects attachment status for packages, especially in "report approved" cases.
  • ArtifactoryUploader writes a comprehensive log file even after encountering exceptions.

Chore

  • Maintainability and open static code analysis for CA Tool making it all to Zero
Loading

Release v8.1.0

30 Jun 05:10
@github-actions github-actions
v8.1.0
63dad79
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v8.1.0

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version v8.1.0:

Feature

  • Upgraded the CA Tool to support the latest CycloneDX SBOM schema (v1.6) with Siemens SBOM Standard version v3.
  • Implemented reflection-based access to Microsoft component detection tool's internal APIs.
  • Enhanced SBOM generation
    1. Mark framework packages as Dev_Dependency.
    2. Include explicit .NET runtime version requirements.

Bug Fix

  • After the package is copied in the Artifactory uploader the JFrog package path is updated in SBOM.
  • If fossology-url is found in SW360 we updated that details in SBOM.
  • Initiating fossology process we are displaying Un-wanted message shown to the user in each run ,we removed that message.
  • While updating fossology url in sw360.user won't have enough permission to updating url its sending moderation request.Now we are displaying that message as warning.

Chore

  • SonarQube bugfixes
  • Code coverage to 80%
Loading

Release v8.0.0

16 May 10:39
@github-actions github-actions
v8.0.0
2be8fd7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v8.0.0

Release Note:

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version v8.0.0:

Feature

  • App settings redesign for Package Identifier , Component creator and Artifactory uploader
  • Implement CA Tool telemetry
  • Adding validation for the Fossology URL and its token validity in SW360
  • HTTP retry logic for the request made from the tool
  • Decoupling the package identifier from sw360 and package identifier.

Bug Fix

  • Handle null exceptions when initiating Telemetry for all exes.
  • Updated retry logic warning message for all apis and added Bad request condition for retry.
  • Initiate trigger fossology process when clearing state is sent to clearing.
  • Updated nuget build query for identifying nuget packages in jfrog repository.
  • When creating a Maven BOM file using the package identifier, the ?type=jar suffix is removed from the purl and bomref fields in the components.

Chore

  • Adding UT for the pipeline artifact uploader class.
  • Refactoring the artifactory uploader.
  • SonarQube bugfixes
  • Code coverage to 80%
  • Adding a workflow which contains PR checks.
Loading

Release v7.0.2

24 Jan 08:09
@github-actions github-actions
v7.0.2
109a634
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v7.0.2

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version v7.0.2:

Feature

  • Provide a summary of packages present in various JFrog repositories.

Bug Fix

  • SBOM - Packages found in the dependency sections are not present in the components section, making the SBOM in-valid.
  • CA tool artifactory uploader mentions internal packages not present even if they are valid in JFrog artifactory.

Chore

  • Improvement in unit test code coverage.
Loading

Release v7.0.1

27 Nov 13:11
@github-actions github-actions
v7.0.1
1cbc34f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v7.0.1

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version v7.0.1:

Bug Fix

  • Changed the Poetry lock file Dev Dependency identification logic
Loading

Release v7.0.0

04 Sep 11:22
@github-actions github-actions
v7.0.0
2556a52
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v7.0.0

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version v7.0.0:

Features

  • CC tool Migrated from .NET 6.0 to .NET 8.0.

  • Publish Continuous clearing(CC) tool produced Logs and BOMs as artifacts in the pipeline by CC tool

  • Updated SBOM to adhere to Siemens standardized SBOM.

  • CC Tool application version info should be displayed in the CLI

  • Terminate the Continuous clearing tool execution when the SW360 project status is Closed

Bug Fix

  • Releases to have the Relation field value as "Contained" from "UNKNOWN" while linking to projects

  • NPM Releases not attaching the parent-child relationship correctly.

Loading

Release v6.2.2

04 Jul 12:10
@github-actions github-actions
v6.2.2
538cd81
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v6.2.2

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 6.2.2 :

  • Bug fix: Warning to be displayed when Components are not present in the BOM for MAVEN package type.
Loading

Release v6.2.1

06 Jun 13:33
@github-actions github-actions
v6.2.1
70a1493
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v6.2.1

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 6.2.1 :

  • Bug fix: Linking the child entries instead of it's parent component in Sw360.
Loading