Skip to main content

Trustify: Release 0.1.0-alpha.10

· 2 min read
Jens Reimann
Jens Reimann
Maintainer

Today we released Trustify 0.1.0-alpha.10. It's another alpha release as part of our weekly release cadence. Read on to learn what's new.

New and noteworthy

  • There are more labels that get applied during the upload process. It also is possible to automatically add labels using the importer configuration.

  • The system will now also record the SHA384 and SHA512 digests of uploaded documents.

  • The package API endpoint and corresponding UI have been renamed to "PURL".

    The reason for that is pretty simple, the discussion was not. Right now, these "packages" actually had been "PURLs", and not much more. That led to confusion about what arguments to pass in, and what information to expect back.

    For the future, we still want to collect information about packages, outside the context of an SBOM. However today, that model didn't work well.

  • In addition to titles, also descriptions will be returned now for advisories. As many advisories don't have a title, this allows the UI to render a title, based on those descriptions instead.

  • Allow setting labels during the upload of a document.

  • There are some incompatible changes to the database migration. While our goal is to provide migrations as good as possible, this change was simply too big. So, as we are still in an alpha cycle, the decision was made to simply update the schema in a breaking way.

  • The UI can show the relationship between package and vulnerabilities for each entity

What's next?

Of course, we would recommend you try out the new version! In "Trying out Trustify, on a local machine", we introduced a quick and easy way to get there within minutes.

And of course: