Releases: snyk/artifactory-snyk-security-plugin
Releases · snyk/artifactory-snyk-security-plugin
Release 5.0.2-RC-2
What's Changed
Full Changelog: v5.0.2-rc-1...v5.0.2-rc-2
Contributors
samsnyk
Assets 4
Release 5.0.2-RC-1
What's Changed
Full Changelog: 5.0.1...v5.0.2-rc-1
Contributors
samsnyk
Assets 4
5.0.1
What's Changed
Full Changelog: 5.0.0...5.0.1
Contributors
samsnyk
Assets 4
Release 5.0.1-RC-1
What's Changed
Full Changelog: 5.0.0...v5.0.1-rc-1
Contributors
samsnyk
Assets 4
5.0.0
What's Changed
Major Feature Summary
- Add support to use the Snyk packages API for Maven/NPM/Python issues
- Add configurable delay "last_modified_date" which will prevent packages from being downloaded if the package release date is less than the configured value (in days)
- Add artifact property "snyk.block.reason" to indicate why the package was blocked (vulnerabilities or within time delay window)
- Upgrade dependent Open Source packages to latest safe versions.
Commit List
- chore: add perm ignores for trans deps of provided artifactory-papi by @wayne-grant in #129
- [PRODSEC-3273]: Change secrets scanning channel by @wayne-grant in #130
- chore: ignore further papi transitive dep vulns by @wayne-grant in #131
- chore: update codeowners [OSM-3115] by @prodsec-github-automation in #133
- chore: add SNYK-JAVA-ORGSPRINGFRAMEWORK-11958848 to papi ignores by @wayne-grant in #134
- chore: additional papi ignore by @wayne-grant in #136
- chore: ignore latest papi vuln for transitive dep by @wayne-grant in #137
- chore: Update workflows to v4 by @calhar-snyk in #139
- feat: [OSM-3346] Add config for using packages api for maven/npm/python issues by @calhar-snyk in #138
- chore: Update .snyk papi ignores by @wayne-grant in #141
- feat: Add handling for a optional configurable delay in days to prevent package downloads by @samsnyk in #142
- SLS-709 - Add debug logging for last modified date determination by @samsnyk in #143
- SLS-709 - Add logic to populate last modified date after resolving artifact by @samsnyk in #144
- feat/Add artifact property to indicate reason for blocking the package by @samsnyk in #147
New Contributors
- @prodsec-github-automation made their first contribution in #133
- @calhar-snyk made their first contribution in #139
- @samsnyk made their first contribution in #142
Full Changelog: 4.0.0...5.0.0
Contributors
wayne-grant, prodsec-github-automation, and 2 other contributors
Assets 4
Release 5.0.0-RC-1
What's Changed
- feat: [OSM-3346] Add config for using packages api for maven/npm/python issues by @calhar-snyk in #138
Full Changelog: 4.0.0...v5.0.0-rc-1
Contributors
calhar-snyk
Assets 4
4.0.0
What's Changed
- feat: scanning support for Nuget repositories. Needs an explicit opt-in with
snyk.scanner.packageType.nuget=true. - feat: scanning support for CocoaPods repositories. Needs an explicit opt-in with
snyk.scanner.packageType.cocoapods=true. - feat: scanning support for Ruby Gems repositories. Needs an explicit opt-in with
snyk.scanner.packageType.gems=true. - feat: introduced a new config param
snyk.scanner.test.continuously(falseby default). It decides whether the plugin should periodically refresh vulnerability data from Snyk or filter access according to results obtained while the package was first requested. Without the continuous mode, new vulnerabilities aren't reported for a package that has already been allowed through the gatekeeper.
Full Changelog: 3.2.1...4.0.0
Upgrading from version 3.*
Version 3 exhibits the same behaviour as release 4.0.0 with continuous mode on. In order to keep the periodic re-tests of packages, include the new parameter in snykSecurityPlugin.properties: snyk.scanner.test.continuously=true.
3.2.1
3.2.0
What's Changed
- feat: introduced a plaintext Snyk URL property as a workaround for users suffering from Artifactory URL render bug. PR
- feat: introduced the Snyk URL in error messages returned when the plugin blocks access to artifacts. PR
Full Changelog: 3.1.0...3.2.0
3.1.0
What's Changed
- fix: got rid of the typo in error logs which used to always talk about license issues, instead of vuln issues.
Full Changelog: 3.0.0...3.1.0