4.0.0

What's Changed

• feat: scanning support for Nuget repositories. Needs an explicit opt-in with snyk.scanner.packageType.nuget=true.
• feat: scanning support for CocoaPods repositories. Needs an explicit opt-in with snyk.scanner.packageType.cocoapods=true.
• feat: scanning support for Ruby Gems repositories. Needs an explicit opt-in with snyk.scanner.packageType.gems=true.
• feat: introduced a new config param snyk.scanner.test.continuously (false by default). It decides whether the plugin should periodically refresh vulnerability data from Snyk or filter access according to results obtained while the package was first requested. Without the continuous mode, new vulnerabilities aren't reported for a package that has already been allowed through the gatekeeper.

Full Changelog: 3.2.1...4.0.0

Upgrading from version 3.*

Version 3 exhibits the same behaviour as release 4.0.0 with continuous mode on. In order to keep the periodic re-tests of packages, include the new parameter in snykSecurityPlugin.properties: snyk.scanner.test.continuously=true.

3.2.1

What's Changed

• fix: corrected handling of none severity threshold

Full Changelog: 3.2.0...3.2.1

3.2.0

What's Changed

• feat: introduced a plaintext Snyk URL property as a workaround for users suffering from Artifactory URL render bug. PR
• feat: introduced the Snyk URL in error messages returned when the plugin blocks access to artifacts. PR

Full Changelog: 3.1.0...3.2.0

3.1.0

What's Changed

• fix: got rid of the typo in error logs which used to always talk about license issues, instead of vuln issues.

Full Changelog: 3.0.0...3.1.0

3.0.0

What's Changed

• feat: skipping Snyk tests when cache is fresh. Introduced the snyk.scanner.frequency.hours param which dictates how often Snyk test requests are made - default 1 week. #109

Full Changelog: v2.0.1...3.0.0

v2.0.1

What's Changed

• fix: fix for CVE-2017-5929 by @37IulianPopovici in #89
• chore: add asset classification by @wayne-grant in #88
• fix: [OSM-683] update transitive version by @37IulianPopovici in #90
• fix: bumping overrides for Snyk on Snyk by @dotkas in #91
• fix: [SUP-2696] adding extended logging information by @dotkas in #95

New Contributors

• @37IulianPopovici made their first contribution in #89

Full Changelog: v2.0.0...v2.0.1

v2.0.0

What's Changed

• Java 11 is no longer supported. Minimum version is currently the LTS version (17)
• The Bintray Maven repository is not maintained, moved source of truth to releases.jfrog.io

Full Changelog: v1.5.4...v2.0.0

v1.5.4

What's Changed

• [Snyk] Security upgrade com.fasterxml.jackson.core:jackson-databind from 2.13.4 to 2.13.4.2 by @metju90 in #71
• chore: updated CODEOWNERS by @bastiandoetsch in #72
• Docs: Update README.md by @awileysnyk in #73
• chore: secrets scanning by @dragos-cojocari in #76
• [SUP-926] Performance optimization of scanning endpoints by @dotkas in #78

New Contributors

• @metju90 made their first contribution in #71
• @awileysnyk made their first contribution in #73
• @dragos-cojocari made their first contribution in #76
• @dotkas made their first contribution in #78

Full Changelog: v1.5.3...v1.5.4

v1.5.3

[Snyk] Security upgrade com.fasterxml.jackson.core:jackson-* from 2.1…

1.5.2

• documentation updates
• example script to setup artifactory with helm locally on minikube
• dependency updates
• better debug information in case of errors