-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: prepare release blog post for 0.1.0-alpha.10
- Loading branch information
Showing
1 changed file
with
40 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| --- | ||
| title: "Trustify: Release 0.1.0-alpha.10" | ||
| authors: ctron | ||
| tags: [ trustify, release ] | ||
| --- | ||
|
|
||
| Today we released Trustify `0.1.0-alpha.10`. It's another alpha release as part of our weekly release cadence. | ||
| Read on to learn what's new. | ||
|
|
||
| <!--truncate--> | ||
|
|
||
| ## New and noteworthy | ||
|
|
||
| * There are more labels that get applied during the upload process. It also is possible to automatically add labels | ||
| using the importer configuration. | ||
| * The system will now also record the SHA384 and SHA512 digests of uploaded documents. | ||
| * The package API endpoint and corresponding UI have been renamed to "PURL". | ||
|
|
||
| The reason for that is pretty simple, the discussion was not. Right now, these "packages" actually had been "PURLs", | ||
| and not much more. That led to confusion about what arguments to pass in, and what information to expect back. | ||
|
|
||
| For the future, we still want to collect information about packages, outside the context of an SBOM. However today, | ||
| that model didn't work well. | ||
| * In addition to titles, also descriptions will be returned now for advisories. As many advisories don't have a title, | ||
| this allows the UI to render a title, based on those descriptions instead. | ||
| * Allow setting labels during the upload of a document. | ||
| * There are some incompatible changes to the database migration. While our goal is to provide migrations as good as | ||
| possible, this change was simply too big. So, as we are still in an alpha cycle, the decision was made to simply | ||
| update the schema in a breaking way. | ||
| * The UI can show the relationship between package and vulnerabilities for each entity | ||
|
|
||
| ## What's next? | ||
|
|
||
| Of course, we would recommend you try out the new version! In "[Trying out Trustify, on a local machine](2024-06-27-trying-out-trustify.md)", we introduced a quick and easy way to get there within minutes. | ||
|
|
||
| And of course: | ||
|
|
||
| * Check out the [release 0.1.0-alpha.10](https://github.com/trustification/trustify/releases/tag/v0.1.0-alpha.10). | ||
| * Reach out to [us on Matrix](https://matrix.to/#/#trustification:matrix.org), and let us know what you think. | ||
|
|