Bomly CLI v0.16.0
Bomly CLI v0.16.0 release notes: Rename `plugin` command to `plugins` (keep `plugin` alias); Rename `--container` scan flag to `--image` (keep `--container` alias); Uploa… — 3 changes.
What's Changed
- feat(cli): rename
plugincommand toplugins(keeppluginalias) by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/224 - feat: rename
--containerscan flag to--image(keep--containeralias) by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/205 - ci: upload SLSA provenance by release ID, not via the generator's auto-upload by @bomly-guy in https://github.com/bomly-dev/bomly-cli/pull/225
Full Changelog: https://github.com/bomly-dev/bomly-cli/compare/v0.15.4...v0.16.0
Release artifacts
- Full builtin
bomlyarchives for Linux, macOS, and Windows. - Alternate
bomly-litearchives for users who prefer external Syft and Grype binaries. - Linux packages for Debian, RPM, Alpine, and Arch-compatible package managers.
- Homebrew, Scoop, and WinGet package-manager manifests or publishing pull requests.
SHA256SUMSfor release artifact verification, signed keylessly with cosign (SHA256SUMS.sigstore.json).- SLSA Build Level 3 provenance (
multiple.intoto.jsonl) generated by slsa-github-generator.
Each archive includes LICENSE, NOTICE, and a licenses/ directory with third-party license texts. See Verify release checksums for signature and provenance verification commands.