continuous-clearing

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 6.1.0 :

• Added feature: Alpine package clearance support in clearing automation tool.

• Added feature: Debian Artifactory Uploader support.

• Added feature: JFrog connectivity with Ref token.

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 6.0.2 :

• Bug fix: Enabling the CC Tool to handle JFrog Ref token for connectivity.

👩‍💻Changelog for Continuous Clearing Tool Version 6.0.2 👍

• Bug fix: Enabling Continuous Clearing Tool to support Artifactory ref token along with API key

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 6.0.1 :

• Added feature: Updating the usage document to mention that the SEPP tool has been integrated with the Artifactory uploader.

• Added feature: Adding the JFrog Artifactory error response message to the log file.

• Bug fix: Artifactory uploader log message to show "copy" instead of "move" for development packages - as they are copied from the remote repo to the siparty-devdev-* repo.

• Bug fix: Updating the Artifactory uploader KPI to "copy" instead of "move" for dev packages.

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 6.0.0 :

• Added feature: Integration of SEPP Tool with Continuous Clearing Tool.

• Added feature: Conan package clearance support in clearing automation tool .

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 5.1.1 :

• Fixed bug: Including devOptional flag also for identification of development dependency.

• Fixed bug: Installing specific version of syft in Continuous Clearing Docker Image.

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 5.1.0 :

• Added feature: SBOM implementation for identifying CONAN package type.

• Fixed bug: NuGet Package error while parsing multiple input files that are referencing to same project.

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 5.0.0 :

• Added feature: Python package clearance support in clearing automation tool .

• Defect Fix: Error in uploading packages to Artifactory uploader.

• Improved feature: Updated to dotnet SDK from dotnet Runtime in Docker Image.

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 4.0.0 :

• Added feature: Bringing the SBOM file importing functionalities in PackageIdentifier module.

• Added feature: Reading SBOM template file for the static information & for manually maintained components along with source repo.

• Added feature: Added properties related to Internal/External and Development Dependency in the CycloneDX json file.

• Added feature: Added Python package Identification feature(Component creation in SW360 not supported).

• Added feature: Added Dependency mapping for all package types in BOM.

• Improved feature: Change in the logic for finding DevDependency for all the package types supported by CC Tool(NPM/NUGET/MAVEN).

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 3.1.3 :

• Improved feature: Exception handling for Debian components while patching source code.

• Improved feature: Continuous clearing docker image name change

• Added feature: Wildcard pattern matching added for Component exclusion list to remove any version of the same component.

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 3.1.2 - HotFix :

• Defect Fix: Identification of correct JFrog Artifactory repository information for NuGet packages.
• Improved feature: Correct the CLI message for already uploaded components in JFrog Artifactory from type warn to info

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 3.1.1 :

• Added feature: Performance improvement for internal component identification & repo identification in package identifier.

• Added feature: Adapted the angular 15+ package-lock.json format in package identifier.

• Added feature: Added timeout for Jfrog artifactory communication workflow.

• Added feature: Parsing cycloneDx BOM for maven as input.

• Improved feature: Correct the CLI message for Http Timeout exception.

• Improved feature: Correct the ms to sec in the timer displayed in CLI.

📝Release Notes

👩‍💻Changelog for Continuous Clearing Tool Version 3.1.0 :

• Added feature: Clearing Automation Tool will now support clearance of Maven type packages.

• Added feature:  Help messages are now available in the command line for the NuGet package. (https://github.com/siemens/continuous-clearing/issues/24)

• Improved feature: NuGet packages are updated across the project to target .NET 6.0. (https://github.com/siemens/continuous-clearing/issues/22)

• Fixed bug: .Net runtime updation in Dockerfile (https://github.com/siemens/continuous-clearing/issues/23)

📝Release Notes

The Continuous Clearing Tool is a software tool that helps developers ensure that the third-party components used in their software projects meet certain standards and requirements. When a software project is developed, it often relies on external components, such as libraries and modules, to perform certain functions. However, it is important to ensure that these components do not pose any security risks, contain any bugs, or violate any licensing agreements.

The Continuous Clearing Tool consists of three different components: a Package Identifier, a Package Creator, and a JFrog Artifactory Uploader. Each of these components serves a specific purpose and can be used separately depending on the project requirements. Currently this tools supports clearance of NPM ,NuGet and Debian Packages. 

👩‍💻Changelog for Continuous Clearing Tool Version 3.0.0 :

• Added feature: Continuous Clearing Tool is now available as a containerized Docker image, which makes it more flexible and easier to use in different environments.

• Added feature: Help messages are now available right from the command line on how to use the tool as a containerized image, making it more user-friendly.

• Improved feature: Code coverage has been improved from 40% to 80%, which means that more parts of the tool are now tested and verified.

• Fixed bug: Duplicate components were being added while the Package Identifier was executed for different project types, which has now been fixed, making the tool more reliable and accurate.