ChangelogBomly CLI
v0.14.12
GitHub-aligned severities for non-CVSS findings + compact license IDs; Emit security-severity, map GitHub levels, format descriptions; Ra… — 5 changes.
What's Changed
- feat(sdk): GitHub-aligned severities for non-CVSS findings + compact license IDs by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/195
- feat(sarif): emit security-severity, map GitHub levels, format descriptions by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/196
- fix(maven): raise TGF scanner buffer to handle large dependency trees by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/194
- fix(diff): classify carried-over findings as persisted, not introduced+resolved by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/197
- feat(diff): polish the markdown summary for PR reviews by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/198
Full Changelog: https://github.com/bomly-dev/bomly-cli/compare/v0.14.11...v0.14.12
Release artifacts
- Full builtin
bomlyarchives for Linux, macOS, and Windows. - Alternate
bomly-litearchives for users who prefer external Syft and Grype binaries. - Linux packages for Debian, RPM, Alpine, and Arch-compatible package managers.
- Homebrew, Scoop, and WinGet package-manager manifests or publishing pull requests.
SHA256SUMSfor release artifact verification.
Each archive includes LICENSE, NOTICE, and a licenses/ directory with third-party license texts. GitHub-native artifact attestations are planned for a future release.