1.2.0 (2025-11-03)
Added
- The command “bom match” find matches between components of provided BOM documents, and vulnerability assessments of CSAF documents on the server.
- The command “csaf match” finds matches between vulnerability assessments of provided CSAF documents and components of BOM documents on the server.
- Introduced “analyze” subcommands for “bom”, “component”, “vulnerability”, “csaf” and “product”, which take one or more documents as inputs and display the data of interest in a table.
Changed
- Introduced a caching mechanism for hashes and signatures to improve download performance by a factor of 100.
- BOM to CSAF matching is case-insensitive and trims any leading “v” in the version name.
Fixed
- BOMnipotent Server can now read encrypted OpenPGP v6 keys, which was previously not possible because of an error in a dependency.
- The ROLIE feed was not quite conforming to RFC8322, because the “updated” field was nullable.