Releases: priv-kweihmann/meta-sca
Releases · priv-kweihmann/meta-sca
Release 1.18 - Milestone M9
Main features
- dedicated release branches
- for each poky release since thud there is a dedicated branch of this layer
- If a change affects only a few of the branches, it will be highlighted with [branch name]
- CI
- zeus compatibility
- lua language support
- pre-packed dependencies for NPM and composer based modules. This should heavily reduce build time
Important changes
- [master, zeus, warrior] cvecheck module is working again
- [master, zeus] ansible-lint is currently disabled, as it isn't currently buildable with the underlying poky release
- [master, zeus, thud] mind the slightly different requirements when using layer in combination with meta-clang. See branch README for details
- [thud] gosec module is disabled by default, as it requires a newer version of go, as available in thud-poky
- oclint module was removed. A stub-recipe still exists, which will warn you about this fact, in case you manually had enabled this module
New
Updates
- #390 - Update textlint-rule-no-nfd to 1.0.2
- #392, #395, #400 - Update phpstan to 0.11.19
- #393, #406, #413, #424, #450 - Update phan to 2.4.3
- #402, #436, #447 - Update python-pytest to 5.3.0
- #404 - Update eslint to 6.6.0
- #407 - Update python-black to 19.10b0
- #409 - Update ropgadget to 5.9
- #410 - Update composer to 1.9.1
- #411 - Update textlint to 11.5.0
- #415, #420, #428 - Update python-pyparsing to 2.4.5
- #431, #432 - Update systemdlint to 1.1.3
- #434 - Update phpcodefixer to 2.0.21
- #437 - Update stylelint to 12.0.0
- #439 - Update oelint-adv to 1.8.0
Bugfixes
- #408 - Unbuildable dependency for 'core-image-minimal'
- #414 - SDK setting of scatest distro throws error on zeus
- #425 - gosec isn't working for thud
- #433 - Syntax issue in clang integration
- #448 - ImportError: The 'enchant' C library was not found
- Fix xmllint suppress
Thanks
Release 1.17.2 - M8 patch release
Release 1.17.1 - M8 patch release
Important Changes
- cvecheck is disabled by default, due to breaking changes in poky-warrior release. If you're not on warrior you need to enable cvecheck-module manually in your config. If you're on warrior is not recommended to use the cvecheck module at the moment till a valid fix (see #389) exists
Bugfixes
- #387 - Cve-check-tool has been removed from warrior
Release 1.17 - Milestone M8
Main features
- Security auditing
- Layer is now capable to run tools on the final cross-compiled image. This enables tools like lynis for security auditing.
- Full support for PHP
- Further tools for python and C
- All classes from this layer have appropriate SPDX-license information set (see #329)
Important Changes
- shellcheck cannot be build on mips, mipsel or powerpc build hosts as the support for these architectures has been removed from the module. If you really need this support, feel free to create an issue
- SCA_VERBOSE_OUTPUT=0 is now the default, so you won't see any parsing output when running the build console. See #349
- oelint-adv support for python2 was removed, as this tool does support only python3 (See #384)
New
- #30 - lynis
- #96 - cspell supports user dictionaries
- #110 - wotan
- #121 - cbmc
- #139 - looong
- #232 - yara
- #273 - progpilot
- #274 - phpstan
- #275 - phpcodefixer
- #334 - flawfinder
- #354 - tiger
- #356 - upc
- #366 - flake8 includes now python-cohesion
- #370 - flake8 includes now flake8-2020
Updates
- #315, #350, #374 - Update phan to 2.3.0
- #316 - Update python-flake8-bugbear to 19.8.0
- #317 - Update kconfig-hardened-check to latest
- #318 - Update shellcheck to 0.60.0-1
- #320, #341, #345 - Update eslint to 6.5.1
- #322, #371 - Update stylelint to 11.1.1
- #324 - Update phpstan to 0.11.16
- #325 - Update python-packaging to 19.2
- #327, #342, #355 - Update python-pytest to 5.2.1
- #335, #343, #367 - Update python-anytree to 2.7.2
- #337 - Update creack/pty to 1.1.9
- #339, #384 - Update oelint-adv to 1.7.0
- #340, #382 - Update python-flake8-eradicate to 0.2.3
- #344 - Update github.com-fatih-structtag to 1.1.0
- #347 - Update python-attrs to 19.2.0
- #351 - Update python-jinja to 2.10.3
- #362 - Update python-configargparse to 0.15.1
- #365 - Update gosec to 2.1.0
- #375 - Update textlint to 11.4.0
- #376, #386 - Update textlint-rule-terminology to 2.0.1
- #377 - Update PhpCodeFixer to 2.0.20
- #383 - Update python-networkx to 2.4
Bugfixes
- #208 - All tool statistics are recalculated from buildstats information
- #328 - Replace nodejs by pure native variant
- #331 - file finding fixed when probing without an file extension
- #346 - fixed typo in packaging of golang.org-x
- #358, #360 - Fixed several issues in README
- #364 - Fixed naming scheme in recipe names/versions
- #372 - Fixed issue that let to steady rebuilding of packages
- #379 - Fixed several issues with typos in protocol-option at git fetcher
- dictionary paths when using cspell
- fix wrong LICENSE in python-typing-extension
- standard tool does require online access
Release 1.16 - Milestone M7
Main features
- Basic support of PHP
- Filtering by scope (see #301)
- Improved documentation incl. configuration examples and much more
Important Changes
- The optional layer dependencies of meta-clang and meta-oe are configured differently now.
See README.md for details
New
Updates
- #304, #307, #311 - python-pytest to 5.1.2
- #303 - stretchr/testify to 1.4.0
- #305, #306, #310 - eslint to 6.3.0
- #309 - ikos to 2.2
- #312 - cppcheck to 1.89
- #313 - systemdlint to 1.1.1
- #314 - textlint-rule/textlint-rule-no-dead-link to 4.6.1
Bugfixes
- various
Release 1.15 - Milestone M6
Main features
- go-language support
- enhanced security/hardening tooling added
- severity transformation feature (see #214)
- better performance due to improved file-filtering
Important Changes
- score-module isn't enabled by default - if you rely on it, please enable it manually
New
- #213 - darglint
- #209 - gcc hardening checks
- #150 - sparse
- #257 - npmaudit
- #256 - python-safety
- #19 - govet
- #282 - golint
- #82 - gosec
- #277 - revive
- #166 - alex kohler tools
- #286 - dlint
- #289 - wemake-python-styleguide
Updates
- #216 + #262 - textlint-rule-no-dead-link to 4.4.4
- #215 + #238 - textlint to 11.3.1
- #224 - pylint to 2.3.1
- #225 - python-astroids to 2.2.5
- #226 - python-wrapt to 1.11.2
- #223 - flake8 to 3.7.8
- #244 - more-itertools to 7.2.0
- #242 - eslint to 6.1.0
- #235 - flake8-eradicate to 0.2.1
- #231 + #267 - textlint-rule-stop-words to 1.0.17
- #239 - textlint-rule-rousseau to 1.4.6
- #248 - oelint-adv to 1.4.0
- #252 + #253 + #260 - pyparsing to 2.4.2
- #255 - systemdlint to 1.1.0
- #263 - ruamelordereddict to 0.4.14
- #264 - detect-secrects to 0.12.5
Bugfixes
- various
Thanks
- @RobertBerger for finding bugs, enhancing the documentation and much more
Release 1.14 - Milestone M5
Main features
- overall usage of internal data model
- additional tools for shell
- test code for every included tool
- metric tools for c & python
- heavily improved documentation
Important Changes
- tlv, oclint and clang are disabled in default configuration - if you want to use them, you have to manually enable them
- internal data model is used
- in configuration wizard it can be configured if your build host does have internet access or not
New
- #145 - bashate
- #146 - checkbashims
- #141 - cqmetrics
- #170 - tlv
- #156 - radon
- #212 - option to suppress sca output while parsing recipes
- #202 - force run option
- #200 - Cleanup export folder option
Updates
- #138 - oelint-adv 1.3.0
- #151 - systemdlint 1.0.2
- #152 - textlint-rule-en-max-word-count 1.0.2
- #153 - stylelint 10.1.0
- #162 + #186 - python-bandit 1.6.2
- #158 - ropgadget 5.8
- #167 - kconfig-hardened-check to latest
- #176 - eslint 6.0.1
- #178 - python-isort 4.3.21
- #179 - cppcheck 1.88
- #203 - textlint 11.2.6
- #206 - textlint-rule-period-in-list-item 0.3.2
- #211 - textlint-rule-stop-words 1.0.14
Thanks
Release 1.13 - Milestone M4
Main features of this release are
- security related tools, such as memory checkers, tools to find passphrases or login credentials
- html, css and javascript checkers
- configuration wizard for more easier configuration of this layer
- score module, which gives you a hint on the quality of a software package in the sense of security, functionality and style
- warrior compatibility
New
- #106 - htmlhint
- #107 - stylelint
- #114 - detect-secrets
- #80 - standard
- #93 - configuration wizard
- #108 - ansible-lint
- #117 - ropgadget
- #127 - proselint
- #128 - py-find-injection
- #129 - module score
Updates
- #112 - textlint-rule/textlint-rule-en-capitalization to 2.0.2
- #116 - systemdlint to 1.0.1
- #118 + #132 + #134 - python-isort to 4.3.20
- #130 - bandit to 1.6.0
- #122 - textlint:textlint-rule-stop-words to 1.0.13
- #131 - yocto "warrior" compatibility
- #137 - python-scikit-build to 0.10
- #135 - kconfig-hardened-check to latest
- #136 - oclint to 0.14
Bugfixes
- Fixed some wrong configurations for several tools
- Turned all tool description into numeric to achieve a better handling, now all values are based on a scale 0-10
- Removed some cycle-deps from recipes
Release 1.12 - Milestone M3
New
- global file filter
- Tool: ansible security playbooks (security)
- Tool: cspell (spelling)
- Tool: dennis (i18n)
- Tool: gixy (nginx)
- Tool: pytype (python)
- Tool: rats (security for c/php/python/perl/ruby)
- Tool: systemdlint (systemd)
- Tool: textlint (spelling)
- Tool: tscancode (c,c#,lua)
- Tool: yamllint (yaml)
- Tool: zeroresourcedetector (i18n)
Updates
- eslint to 5.16.0
- kconfig-hardened-check to latest
- oelint-adv to 1.2.0
- python-isort to 4.3.17
- python-jinja2 tp 2.10.1
- python-networkx to 2.3
- python-pyparsing to 2.4.0
Bugfixes
- fixed multiple ninja recipes issue
- several README issues
- some minor patches
Release 1.11 - Milestone M2
New
- BestOf mode
- Blacklisting functionality
Updates
- python-isort to 4.3.13
Bugfixes
- fixed missing modules in global module list
- worked around the cve-check rebuild of all recipes due to db-update
- README fixes