- Migrated license enrichment PURL lookup to the org-scoped endpoint (
POST /v0/orgs/{slug}/purl) from the deprecated global endpoint (POST /v0/purl).
- Hardened GitHub Actions workflows.
- Fixed broken links on PyPI page.
- Updated minimum required Python version.
- Tweaked CI checks.
- Fixed reachability filtering.
- Added config file support.
- Fixed
has_manifest_filesfailing to match root-level manifest files.
- Added SARIF file output support.
- Improved reachability filtering.
- Fixed
workspaceflag regression by updating SDK dependency.
- Added
--workspaceflag to CLI args. - Added GitLab branch protection flag.
- Added e2e tests for full scans and full scans with reachability.
- Bumped dependencies:
cryptography,virtualenv,filelock,urllib3.
- Added
straceto the Docker image for debugging purposes.
- Set the scan to
'socket_tier1'when using the--reachflag. This ensures Tier 1 scans are properly integrated into the organization-wide alerts.
- Added
--reach-enable-analysis-splittingflag to enable analysis splitting (disabled by default). - Added
--reach-detailed-analysis-log-fileflag to print detailed analysis log file path. - Added
--reach-lazy-modeflag to enable lazy mode for reachability analysis. - Changed default behavior: analysis splitting is now disabled by default. The old
--reach-disable-analysis-splittingflag is kept as a hidden no-op for backwards compatibility.
- Included PyPy in the Docker image.
- Fixed Dockerfile to set
GOROOTto/usr/lib/gowhen using system Go (GO_VERSION=system) instead of always using/usr/local/go.
- Removed process timeout from reachability analysis subprocess. Timeouts are now only passed to the Coana CLI via the
--analysis-timeoutflag.