Changelog

2023 Weeks 31-36

New

  • API Token: Added an API token service making it much easier to interact directly with the API
  • Policy: Added support for group-level package suppression
  • CLI: Capture and display lockfile paths making it easier to see where a dependency comes from
  • SBOM: Added CycloneDX support for both SBOM ingest and export

Improved

  • UI: Improved project detail page view focusing more on package-level triage
  • CLI: Added bundle and cargo extensions for Phylum pre-check
  • Search: Added support for contexualized CVE searching in the global search bar
  • Dashboard: Added contexualized dashboard elements

2023 Weeks 25-30

New

  • Search: Added a global search bar which can include contextualized results from your projects
  • Policy: Added support for group-level policy preferences
  • Integration: Added an integration for Tines

Improved

  • CLI: Support for NuGet's packages.lock.json lockfiles
  • CLI: Support for pnpm-lock.yaml lockfiles

2023 Weeks 19-24

New

  • Threat Feed: Added a threat feed capability highlighting software supply chain attacks (contact sales if interested)
  • Dashboard: Created Dashboard view showing software supply chain statistics
  • CLI: Added support for lockfile generation from manifest files (updated list of supported filetypes here)

Improved

  • CLI: Added pip version checking to the phylum pip extension
  • CLI: Removed pip-compile requirement for lockfile generation
  • SBOM: SPDX export supports PURL
  • SBOM: SPDX ingest supports tag:value format

2023 Weeks 13-18

New

  • Policy: Open Policy Agent (OPA) has been implemented allowing users to create custom policies
  • Event Logs: A UI view was added showing project/group event logs
  • SBOM: SPDX export added for generating an SBOM from a Phylum project
  • SBOM: spdx added as a type allowing an SBOM to be analyzed with the phylum analyze -t spdx command

Improved

2023 Weeks 7-12

New

  • Integrations: A Bitbucket Cloud integration was created

Improved

  • CLI: v4.7.0 was released including automatic lockfile detection

2023 Weeks 1-6

New

  • Groups: The ability to delete Groups was added to the UI/CLI/API
  • CLI: An extension supporting the pip package manager for installation pre-check and sandboxing was published

Improved

  • CLI: phylum package command now automatically submits a package for analysis if results are not already available
  • Analysis: Phylum project/analysis job submissions can now contain multiple lockfiles/ecosystems