Releases: CycloneDX/cyclonedx-rust-cargo
0.5.7 - 2024-11-30
Release Notes
Added
- Cargo.lock v4 format stabilized in Rust 1.78 is now supported. ([#772]) Previously the SBOM would be generated but package hashes would not be recorded in presence of v4 lockfiles.
- The
component.author
field is now set to comma-separated list of authors ([#770]). We'd like to usecomponent.authors
instead once CycloneDX v1.6 is supported.
Install cargo-cyclonedx 0.5.7
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.7/cargo-cyclonedx-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.7/cargo-cyclonedx-installer.ps1 | iex"
Download cargo-cyclonedx 0.5.7
File | Platform | Checksum |
---|---|---|
cargo-cyclonedx-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
cargo-cyclonedx-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
cargo-cyclonedx-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo
You can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>
0.8.0 - 2024-11-07
0.5.6 - 2024-11-07
Release Notes
Added
- The target platform for which the SBOM is generated is now recorded, in accodrance with the CycloneDX taxonomy we've contributed upstream ([#762])
Install cargo-cyclonedx 0.5.6
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.6/cargo-cyclonedx-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.6/cargo-cyclonedx-installer.ps1 | iex"
Download cargo-cyclonedx 0.5.6
File | Platform | Checksum |
---|---|---|
cargo-cyclonedx-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
cargo-cyclonedx-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
cargo-cyclonedx-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo
You can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>
0.7.0 - 2024-08-06
Release Notes
Changed
- Made model types
pub
instead ofpub(crate)
, which allows client code to write more fields in SBOMs ([#758]) - Removed
#[non_exhaustive]
fromSpecVersion
, which was a source of bugs in client code ([#749]) - Switched from
packageurl
topurl
crate as the PURL implementation ([#746]) - Removed JSON schema validation from the public API and moved
jsonschema
to dev-dependencies to combat dependency bloat ([#750])
0.5.5 - 2024-07-01
Release Notes
Changed
- Build dependencies are now recorded with
scope: "excluded"
, to indicate that they are not used at runtime. ([#755])
Added
--no-build-deps
flag to omit build dependencies entirely. ([#755])
Install cargo-cyclonedx 0.5.5
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.5/cargo-cyclonedx-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.5/cargo-cyclonedx-installer.ps1 | iex"
Download cargo-cyclonedx 0.5.5
File | Platform | Checksum |
---|---|---|
cargo-cyclonedx-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
cargo-cyclonedx-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
cargo-cyclonedx-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo
You can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>
0.5.4 - 2024-07-17
Release Notes
Fixed
- Fixed PURLs being percent-encoded incorrectly when using the
purl
crate v0.1.3 or later ([#746])
Install cargo-cyclonedx 0.5.4
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.4/cargo-cyclonedx-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.4/cargo-cyclonedx-installer.ps1 | iex"
Download cargo-cyclonedx 0.5.4
File | Platform | Checksum |
---|---|---|
cargo-cyclonedx-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
cargo-cyclonedx-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
cargo-cyclonedx-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
Verifying GitHub Artifact Attestations
The artifacts in this release have attestations generated with GitHub Artifact Attestations. These can be verified by using the GitHub CLI:
gh attestation verify <file-path of downloaded artifact> --repo CycloneDX/cyclonedx-rust-cargo
You can also download the attestation from GitHub and verify against that directly:
gh attestation verify <file-path of downloaded artifact> --bundle <file-path of downloaded attestation>
0.6.2 - 2024-07-16
Release Notes
Fixed
- Dropped a lot of unnecessary dependencies pulled in transitively though the
jsonschema
crate ([#744])
0.6.1 - 2024-06-04
Release Notes
Added
- A series of APIs that serialize and deserialize in the format specified with the
SpecVersion
enum ([#725])
Fixed
- Fixed a panic when parsing CycloneDX v1.5 from a
serde_json::Value
([#723])
Changed
- Removed
--allow-dirty
flag from the publishing workflow so that the provenance of the package uploaded to crates.io can be established ([#724])
0.5.3 - 2024-06-04
Release Notes
Added
- Add metadata to let
cargo binstall
locate our release binaries ([#727])
Fixed
- Committed an up-to-date lockfile to ease packaging for downstreams
Install cargo-cyclonedx 0.5.3
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.3/cargo-cyclonedx-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.3/cargo-cyclonedx-installer.ps1 | iex"
Download cargo-cyclonedx 0.5.3
File | Platform | Checksum |
---|---|---|
cargo-cyclonedx-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
cargo-cyclonedx-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
cargo-cyclonedx-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |
0.5.2 - 2024-06-04
Release Notes
Fixed
- Fixed a panic when outputting CycloneDX v1.5 ([#722])
Changed
- Removed
--allow-dirty
flag from the publishing workflow so that the provenance of the package uploaded to crates.io can be established ([#724])
Install cargo-cyclonedx 0.5.2
Install prebuilt binaries via shell script
curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.2/cargo-cyclonedx-installer.sh | sh
Install prebuilt binaries via powershell script
powershell -c "irm https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.2/cargo-cyclonedx-installer.ps1 | iex"
Download cargo-cyclonedx 0.5.2
File | Platform | Checksum |
---|---|---|
cargo-cyclonedx-aarch64-apple-darwin.tar.xz | Apple Silicon macOS | checksum |
cargo-cyclonedx-x86_64-apple-darwin.tar.xz | Intel macOS | checksum |
cargo-cyclonedx-x86_64-pc-windows-msvc.zip | x64 Windows | checksum |
cargo-cyclonedx-x86_64-unknown-linux-gnu.tar.xz | x64 Linux | checksum |
cargo-cyclonedx-x86_64-unknown-linux-musl.tar.xz | x64 MUSL Linux | checksum |