Release Notes 6.8.0

Version 6.8.0

Feb 10, 2021

New features

  • Added support for Conan projects that have the Conan revisions feature enabled.

  • Added detect.pip.path for advanced users who wish to specify which pip executable to run.

  • Improved the Pip Inspector to attempt to discover files named "requirements.txt" if no requirements files are specified through detect.pip.requirements.path.

Changed features

  • Added the detect.timeout property to consolidate the functionality of blackduck.timeout and

  • Deprecated the blackduck.timeout and properties, which are consolidated into the detect.timeout property.

  • Added the latest scan date for a project version to the risk report PDF file.

  • Deprecated all Detect exclusion properties. Future releases will feature a new property to extend and consolidate these properties.

  • The deprecation of the Detect signature scanner properties was intended in 6.8.0 because an alternative mechanism was planned. However, that mechanism is no longer viable and the intended deprecation is reversed. There are no functional issues with using the Detect signature scanner properties in this release.

  • Deprecated the detect.blackduck.signature.scanner.offline.local.path and properties in this release.

  • Deprecated the property. Resolving tildes is a shell feature which Detect will not support in a future version.

  • Deprecated the detect.python.python3 property because of the January 2020 sunset of Python 2; this property (which toggles between searching for a 'python' and 'python3' executable) is no longer necessary. Refer to: PEP-394

  • Deprecated the,, and properties to simplify using Detect.

  • Deprecated the detect.default.project.version.scheme, detect.default.project.version.text, and detect.default.project.version.timeformat properties to simplify using Detect.

  • Deprecated the blackduck.username and blackduck.password properties. Users should use a Black Duck API token for authentication.

Resolved issues

  • (IDETECT-2216) Resolved an issue that prevented non-ASCII filenames from being correctly transmitted to Black Duck during a binary scan file upload.

  • (IDETECT-2227) Resolved an issue where Nuget Inspectors would parse source files for the assembly version.

  • (IDETECT-2281) Resolved an issue that included golang dependencies that were not linked in the compiled go application. (Refer to 241)

  • (IDETECT-2294) Resolved an issue where Git credentials could be logged when reading the remote URL.

  • (IDETECT-2296) Resolved an issue wherein the Pip Inspector would stop parsing a requirements file if it discovered a dependency that it couldn't resolve.

  • (IDETECT-2276) Resolved an issue that caused the CLANG detector to omit components for which multiple architectures are installed.

Version 6.7.0

Nov 20, 2020

Resolved issues

  • (IDETECT-2285) Resolved an issue that could cause Detect to fail to authenticate with Black Duck with the following error message: No Bearer token found when authenticating

  • (IDETECT-2221) Resolved an issue where the Docker Inspector logging. level was not set correctly when the property logging.level.detect was used.

  • (IDETECT-2213) Resolved an issue that could cause the CLANG detector to omit some components on Debian-based Linux systems.

  • (IDETECT-2284) Resolved an issue that could cause the CLANG detector to omit some components for projects using the clang/clang++ compiler when source files reference include files using non-canonical paths.

  • (IDETECT-2216) Resolved an issue that caused non-ASCII characters in binary scan metadata (filename, code location name, project name, and version name) to be converted to ? characters when submitted to Black Duck.

  • (IDETECT-2291) Reverted replacement data support. Detect now reports exactly what gradle reports. This change reverts IDETECT-2038, IDETECT-2203.

  • (IDETECT-2241) Resolved an issue where platform dependent cocoapods throw an exception when they are not installed.

  • (IDETECT-2289) Resolved an issue that might cause Black Duck API token-based authorization to fail with  a 411 Length Required HTTP status message when communicating with Black Duck through a proxy.

Version 6.6.0

Oct 20, 2020

Changed features

  • The Docker Inspector works on Windows 10 Enterprise.

  • When connecting to Black Duck, the user's roles and groups, which are only used in DEBUG-level logging are not fetched unless the logging level is DEBUG or higher.

  • Improved the error messages produced for binary scan file upload failures.

  • The detectors field in the status.json file now features status data with more informative error codes derived from the runtime class of a detectable result.

Resolved issues

  • (IDETECT-2038, IDETECT-2203) Resolved an issue where the Gradle Inspector produced false positives in Gradle as a result of dependency replacement from the root project.

  • (IDETECT-2180) Resolved an issue where the Pip Inspector would fail against requirements.txt files generated by the pip-compile tool.

  • (IDETECT-2108) Resolved an issue where Lerna packages were being reported as missing dependencies.

  • (IDETECT-2138, IDETECT-2161, IDETECT-2172) Resolved an issue where the Gradle parse detector would fail because of an inability to resolve classes referenced in the project's build scripts that were outside of Detect's classpath.

  • (IDETECT-2110) Nuget inspectors correctly return -1 when an error occurs by default.

  • (IDETECT-2202) Impact analysis code locations now appear in the status.json file.

Known issues

Version 6.5.0

Aug 27, 2020

New features

Changed features

  • Enabling diagnostic mode is controlled through two new properties.

    • --detect.diagnostic

    • --detect.diagnostic.extended

  • The -d and --diagnostic options are deprecated.

  • The -de and --diagnosticExtended options are deprecated.

  • The detect.bazel.dependency.type property now accepts a comma-separated list of dependency types, or the value NONE or ALL.

Resolved issues

  • (IDETECT-2054) Resolved an issue that caused the Gradle Inspector to fail when detect.output.path is set to a relative path.

Version 6.4.2

Aug 18, 2020

Resolved Issue

  • (IDETECT-2164) Resolved an issue with scanning Go applications when using the go list -m command, which couldn't determine available upgrades using the vendor directory.

Version 6.4.1

Aug 4, 2020

Resolved Issue

  • (IDETECT-2157) Resolved an issue wherein an index was out of bounds in the Go Mod Cli Detector.

Version 6.4.0

Jul 27, 2020

New features

  • Synopsys Detect supports projects managed by the Cargo package manager.

  • Synopsys Detect supports projects managed by the Poetry package manager.

  • Added the property

  • Synopsys Detect supports projects managed by the Lerna package manager.

  • The NuGet detector supports dotnet 3.1 (.NET) runtime.

  • Bazel detector supports Bazel projects that specify dependencies using the haskell_cabal_library repository rule.

Changed features

  • Removed the requirement for the Black Duck Global Code Scanner overall role.

  • The CLANG detector collects any dependency files not recognized by the Linux package manager that reside outside the source directory (the directory containing the compile_commands.json file) and writes them to the status.json file.

  • Removed PipEnv from the list of buildless detectors because it was never buildless.

  • Improved output for signature scanner status, and included descriptions for exit codes when reporting overall status.

  • The status.json file now collects code location data generated by all tools, not just detectors.

  • The status.json file now collects issue data generated by all tools.

Resolved issues

  • (IDETECT-2019) Resolved an issue where the pip inspector was unable to parse the requirements.txt file if pip's version was greater than or equal to 20.1.

  • (IDETECT-2034) Resolved an issue that caused a NullPointerException when Synopsys Detect's first attempt at generating a code location name produced a code location name longer than 250 characters and either code location prefix or code location suffix was not set.

  • (IDETECT-1979) Resolved an issue that can cause the CLANG detector to miss some dependencies because it failed to correctly parse complex nested quoted strings within compile_commands.json values.

  • (IDETECT-1966) Resolved an issue that would cause Detect to ignore replacement directives for Go Mod projects.

Known Issue

  • When a Lerna package depends on another Lerna package within a project, an error might occur indicating a missing dependency on that package. This is normal and no dependencies are missing. This issue will be resolved in a later release.

Version 6.3.0

New features

  • The Yarn detector now extracts project information from package.json files. Git is no longer the default supplier of project information for Yarn projects.

  • Added Yarn Detector support for dependencies that are missing a fuzzy version in a lockfile dependency declaration.

  • Synopsys Detect logs policy violations when it is configured to fail on policy violations.

Changed features

  • Users can upload source files when license search is enabled regardless of whether snippet matching has been enabled.

  • Synopsys Detect is now compatible with Yocto 3.0.

  • Synopsys Detect stops if the Docker Inspector tool applies and Synopsys Detect is running on Windows.

  • Synopsys Detect configures Docker Inspector's working directories inside Synopsys Detect's run directory.

  • Synopsys Detect requires and runs Docker Inspector version 9.

  • Moved the location to which downloads the Synopsys Detect .jar from /tmp to ~/synopsys-detect/download.

Resolved issues

  • (IDETECT-1906) Resolved an issue wherein git extraction might fail if "git log" returned unexpected output. As a last resort, the commit hash will be used as a version.

  • (IDETECT-1883) Resolved an issue where Synopsys Detect failed to extract project information when parsing a Git repository with a detached head while in buildless mode.

  • (IDETECT-1970) Resolved an issue where the default value for parallel processors was not used. The available runtime processor count was being used instead.

  • (IDETECT-1973) Resolved an issue where the NuGet exe inspector would not resolve from Artifactory.

  • (IDETECT-1965) Resolved an issue where Synopsys Detect would fail to resolve environment variables where it did so previously.

  • (IDETECT-1974) Resolved an issue wherein the Yarn detector was throwing an exception for dependencies not defined in the yarn.lock file.

  • (IDETECT-2037) Resolved an issue where Synopsys Detect would fail with a "hostname in certificate didn't match" error while downloading the Gradle inspector.

Version 6.2.1

Resolved issues

  • Resolved an issue wherein an exception was thrown when generating a risk report if users didn't set the risk report output path explicitly. (IDETECT-1960)

Version 6.2.0

New features

Changed features

  • The PipEnv Detector now parses a json representation of the dependency tree.

  • Powershell download speed increased.

Resolved issues

  • Resolved an issue where the download URL for Synopsys Detect was being set to an internal URL upon release (IDETECT-1847).

  • Resolved an issue where all transitive dependencies found by the Pip inspector were being reported as direct dependencies (IDETECT-1893).

  • Resolved an issue where using pip version 20+ with the Pip inspector caused a failure to import a dependency. GitHub PR (IDETECT-1868)

  • Resolved the following vulnerabilities (IDETECT-1872):

  • org.springframework.boot:spring-boot-starter 5.1.7.RELEASE BDSA-2020-0069 (CVE-2020-5398)

  • Resolved an issue where Synopsys Detect had the potential to fail on projects that utilized Yarn workspaces (IDETECT-1916).

  • Note: Yarn workspaces are not currently supported. See yarn workspace support.

  • Resolved an issue in the Bazel Detector that caused it to fail for the maven_install rule when the tags field contained multiple tags with a mixture of formats (IDETECT-1925).

  • When parsing package.xml files, Detect will no longer raise a SAXParseException when the file contains a doctype declaration, and will continue parsing the rest of the file (IDETECT-1866).

  • Resolved an issue that could cause generation of an invalid Black Duck Input/Output (BDIO) file when the only differences between two component names/versions are non-alphanumeric characters (IDETECT-1856).

Version 6.1.0

New features

Changed features

  • Deprecated all Polaris-related properties.

  • Added wildcard support for several include/exclude list properties.

  • Improved the structure of the dependency information produced by the Yarn detector by changing its approach. It now parses dependency information from yarn.lock and package.json, instead of running the yarn command. Since the yarn command is no longer executed, the detect.yarn.path property has been removed.

  • Improved match accuracy for Bitbake projects by improving external ID generation for dependencies referenced using Git protocols, and dependencies referenced with an epoch and/or revision.

  • Improved the reliability of the Bitbake detector by generating and files the source directory, instead of a temporary directory.

  • Changed the logging level of Polaris CLI output from DEBUG to INFO.

  • Added support for the Noto-CJK font (for Chinese, Japanese, and Korean text) in the risk report.

Resolved issues

  • Resolved an issue that can cause a Null Pointer Exception on Maven projects configured for multi-threaded builds.

  • Resolved an issue that can cause Detect to fail due to an expired Black Duck bearer token.

  • Resolved an issue that causes Detect to fail when a parent project and version are specified, and the project is already a child of the specified parent.

  • Resolved an issue that causes Detect to log the git username and password when a git command executed by Detect fails.

  • Resolved an issue that can cause Detect to generate a new code location (scan) when the character case of the value of the detect.source.path property differs from a previous run on the same project.

  • Resolved the following vulnerabilities: commons-beanutils:commons-beanutils 1.9.3 / BDSA-2014-0129 (CVE-2019-10086), org.apache.commons:commons-compress 1.18 / BDSA-2019-2725 (CVE-2019-12402)

Version 6.0.0

New features

  • Added the property

  • Added the property which accepts a comma-separated list of file names to exclude from the Detector search.

  • Custom arguments for the source command can now be supplied to Detect through the property detect.bitbake.source.arguments which accepts a comma-separated list of arguments. (1614)

  • Added support for the Swift package manager.

  • Added support for GoGradle.

  • Added support for Go Modules.

  • The property detect.pip.requirements.path is now a comma-separated list of paths to requirements.txt files. This enables you to specify multiple requirements files. Each requirements file displays as a new code location in Black Duck.

  • Detect now logs username, roles, and groups for the current user.

  • Detect now includes the project name/version in every code location name.

  • Detect now takes in a go path, but does not take in go.dep.path; nor does Detect trigger on *.go.

  • The property detect.parallel.processors is added. This property controls the number of parallel threads, and replaces the properties detect.blackduck.signature.scanner.parallel.processors and detect.hub.signature.scanner.parallel.processors.

  • Added the property detect.maven.included.scopes. This is a comma-separated list of Maven scopes. Output is limited to dependencies within these scopes, and is overridden by exclude.

  • Added the property detect.maven.excluded.scopes. This is a comma-separated list of Maven scopes. Output is limited to dependencies outside these scopes, and is overridden by include.

  • Bazel detector: added support for dependencies specified using the maven_install workspace rule. The detect.bazel.advanced.rules.path property is removed.

  • When using Detect for static analysis, you can pass the build command to let the Polaris CLI know how to analyze a given project.

Changed features

  • Architecture is no longer included in BitBake dependencies discovered by Detect. The property detect.bitbake.reference.impl is no longer used and is deprecated.

  • The BitBake detector no longer uses the property detect.bitbake.reference.impl because architecture is no longer required to match with artifacts in the KnowledgeBase. The Bitbake detector now attempts to determine the layer in which a component originated instead of the architecture.

  • Improved the Detect on-screen logging to be more concise.

  • The PiP inspector is no longer deprecated, and is currently supported.

  • When creating an air gap zip of Detect using the switch -z or --zip, the created zip file is now published to your output directory.

  • Scripts no longer fail if the Artifactory server is unavailable.

  • Enhanced placement and formatting of deprecation logs.

  • Added support for Java version 11.

  • The following properties are removed in Detect version 6.0.0:

  • detect.go.dep.path

  • detect.npm.node.path

  • detect.perl.path


  • detect.maven.scope

  • detect.bazel.advanced.rules.path

Resolved issues

  • Resolved an issue wherein the Windows Java path construction did not account for direction of the slash. The shell script now uses the correct slash direction, based on the operating system on which Detect is running.

  • Resolved an issue wherein Detect was not finding the file written to the current directory. Detect now looks in the source directory to a depth of 1 if it cannot find the expected files in the expected location.

  • Resolved an issue wherein Detect was failing if it could not resolve placeholders.

  • Resolved an issue wherein Detect was not handling SSH URLs, which caused Detect to fail in extracting project information from the Git executable. GitCliDetectable now properly handles SSH URLs.

  • Resolved an issue wherein the Detect JAR was downloading for each scan when the script could not communicate with Artifactory. Now, if the script cannot communicate with Artifactory, and there is an existing downloaded Detect, then the previously-downloaded version of Detect runs. However, if you provided a DETECT_LATEST_RELEASE_VERSION and Detect cannot communicate with Artifactory, Detect will not run.

  • Resolved an issue wherein Detect was not properly parsing GIT URLs such as git://

Version 5.6.2

Resolved issues

  • Synopsys Detect version 5.6.2 is a rebuild of version 5.6.0 and 5.6.1 to address an issue with the binary repository to which it was published.

Version 5.6.0

New features

  • You can now set custom fields on created Black Duck projects.

  • Detect can now generate its own air gap zip.

  • Detectors now nest by default.

  • Added support for Gradle Kotlin.

  • Added support for wildcard (*) in the Detect flag blackduck.proxy.ignored.hosts.

  • Added support for --detect.project.tags.

  • Added the properties and

  • Added the property --detect.clone.project.version.latest=true which takes precedence over the exact version name.

  • Added support for Yocto 2.0.0.

  • Added support to parse components from the <plugins> block in pom.xml. This only works when detect.detector.buildless=true.

  • Added capability to represent '' and "" as a null value in Detect multiselect custom fields.

Changed features

  • You can now specify the search depth for buildless mode.

  • Updated the help menu and provided more detailed help options.

  • Diagnostics now includes signature scanner log files.

  • Re-enabled empty aggregate file generation.

  • Polaris no longer runs the the -w switch enabled by default. To retrieve the issue/policy count, you can use the -w switch.

  • Match accuracy for Docker images is improved by running the signature scanner on a squashed version of the Docker image instead of the container file system. This results in a different name for the code location because the name of the file being scanned is different. For existing projects, the old code location named by default as <repo>_<tag>_containerfilesystem.tar.gz/<repo>/<tag> scan must be removed to ensure it does not contribute stale data to the BOM. Due to the new method of scanning, the code location name has changed. You must remove the old code location in favor of the new code location.

Resolved issues

  • Resolved an issue that could cause code location names to contain relative file paths when the value of detect.source.path uses symbolic links to specify the source directory.

  • Resolved an issue that caused to fail when Java is not on the system path, and the JAVA_HOME path contains a space.

  • Resolved an issue wherein the signature scanner may not have been reporting failures correctly.

  • Resolved an issue wherein Detect was not locating the file when it was written to the current directory. Detect now searches for the file to a depth of 1 when extracting on a BitBake project.

  • Detect no longer fails if the Git executable is not found.

  • Resolved an issue wherein Detect may fail when the directory pointed to by does not exist.

Version 5.5.1

Resolved issues

  • Resolved an issue wherein the Pipenv detector was omitting project dependencies.

Version 5.5.0

New features

  • Added support for snippet modes.

  • The property detect.wait.for.results is been added to wait for Black Duck. The default value is false. If this property is set to true, Detect won't complete until the normal timeout is reached or the underlying systems with which Detect is communicating are once again idle and ready to receive more data. The timeout value is controlled by blackduck.timeout.

  • The shell script and PowerShell script now accept DETECT_JAVA_PATH and DETECT_JAVA_HOME as environment variables for pointing to your Java installation.

  • Added a new property A comma-separated list of directory paths to exclude from a detector search. For example, foo/bar/biz only excludes the biz directory if the parent directory structure is 'foo/bar/'.

  • Detect now uses Git information to determine the default project and version names.

  • There is a new Detect property for overriding the Git executable: detect.git.path.

Resolved issues

  • Resolved an issue that caused the risk report to be generated with invalid links to Black Duck components.

  • Resolved an issue that caused a null pointer exception error when a golang's Gopkg.lock file contained zero projects.

  • Resolved an issue wherein the Clang detector could omit the epoch from the version string in RPM packages.

  • Resolved an issue wherein with two users running Detect on a single system may result in a Permission denied error.

  • Resolved an issue wherein the property may not be waiting for the snippet scans to complete.

  • Resolved an issue wherein the property may not be following the paths.

  • Resolved an issue wherein Detect may fail when the directory specified by did not exist. Detect now attempts to create the directory structure to the specified path. A warning is logged if Detect fails to create the directory.

  • Resolved an issue wherein properties that had a primary group and additional property group may have been excluded from the group search.

  • Resolved an issue wherein the deprecation warning displayed when the deprecated property was provided by the user.

  • Resolved an issue with aggregate BOM filename generation that could cause the message Unable to relativize path, full source path will be used to display in the log.

  • Resolved an issue that could cause components to be omitted from the BOM for Conda projects.

  • Resolved an issue that could cause errors during parsing of Maven projects with long sub-project names.

Changed features

  • The default value for the property detect.docker.path.required is now false.

  • The ALL logging level is replaced with the TRACE logging level.

  • The results URL for the Black Duck project BOM is now moved to the Detect Results panel.

  • Renamed Detect Results to Detect Status.

  • Previously, a temp file remained which could contain plain-text user name or password information. This temp file is now removed.

  • Bazel is added as an acceptable value to the properties.

  • Detect now uses the current version of Docker Inspector. This means that no matter what version of Docker Inspector is currently released, Detect now uses that version.

Version 5.4.0

New features

  • Added buildless mode.

  • Added a new property for BitBake to remove Yocto reference implementation characters.

  • Added a new property for adding group names to projects.

  • Added a new property for uploading source files.

  • Added the additional_components placeholder.

Resolved issues

  • Resolved an issue wherein Yarn may have been incorrectly calculating the tree level.

  • Resolved an issue wherein Detect may fail when Polaris is excluded, a Polaris URL is provided, and connection to Polaris failed.

  • Resolved an issue that caused Detect to follow symbolic links while searching directories for files.

  • Resolved an issue wherein Detect was not failing policy for UNSPECIFIED when fail on severities is set to ALL.

  • Resolved an issue that could cause a counter (an integer intended to ensure uniqueness), to be unnecessarily appended to a code location name.

  • Resolved an issue that may have caused the package manager name to be excluded from the code location name when a code location name was provided.

  • Resolved an issue that could cause Detect to continue after a Polaris connection failure.

  • Resolved an issue wherein the Detect scan results may incorrectly show development dependencies.

  • Resolved an issue that could cause reports to fail due to timeout intermittently.

  • Resolved an issue that could cause the value of --polaris.access.token to be logged to the console when is invoked.

  • Resolved an issue wherein Detect was cleaning up the contents but not the directory of the run.

Changed features

  • For getting all logs, the ALL logging level is now TRACE.

  • Improved the error message logged when the property detect.binary.scan.file.path, which must point to a readable file, points to something other than a readable file, such as a directory.

  • Changed the environment variable used to tell the Detect scripts where to download the Detect jar. The previous value DETECT_JAR_PATH is now changed to DETECT_JAR_DOWNLOAD_DIR.

  • Improved the parsing of packrat.lock files to better represent the relationships between dependencies in the graph.

  • The version of Detect is no longer part of the code location name.

Version 5.3.3

  • Resolved an issue wherein reports for projects containing risks may be generated with a status of zero risks shown.

Version 5.3.2

  • Synopsys Detect version 5.3.2 is a minor maintenance release.

Version 5.3.1

New features

  • Added new property detect.ignore.connection.failures which enables Synopsys Detect to continue even if it fails to talk to Black Duck.

Resolved issues

  • Resolved an issue wherein build scan failures may occur in TFS with the error [COPY Operation] noSuchPath in source, path provided: //license/ownership.

  • Resolved an issue wherein if the property is set to a non-existent project version, the log messages are now improved to make it easier to recognize the problem.

Changed features#

  • In cases where the property is set to a non-existent project version, the log messages are now improved to make it easier to recognize the issue.

Version 5.2.0

New features

  • Added support for Bazel.

  • Added support for CMake.

  • Added a property to support using project version nicknames.

  • Added a property for application ID.

  • Added Java wildcard pattern support.

  • Added support for Coverity on Polaris.

Resolved issues

  • Resolved an issue wherein the package-lock.json file may be missing additional versions.

  • Resolved an issue wherein multiple simultaneous Detect executions may cause BDIO merges.

  • Resolved an issue wherein permission errors may display when creating projects or scanning.

Changed features

  • The property now checks for an empty BOM. If the BOM is empty, it is not uploaded to Black Duck.

  • Added support for PiP versions 6.0.0 and higher.

  • Improved error messages for Black Duck connection issues.

  • Cosmetic changes: from Black Duck Detect to Synopsys Detect.

  • Streamlined execution of Coverity and Black Duck scans through a single continuous integration job.

  • Updated location of the shell/PowerShell scripts.

  • Updated location of the air-gapped archive.

Version 5.1.0

New features

  • Added support for GoVendor.

  • Added executable output to diagnostic mode.

  • Added the project/version GUID in the console output.

  • Added error codes.

Resolved issues

  • Resolved an issue that fixes the Clang Detector (for C/C++) handling of complex quoted strings occurring in compiler commands found in the JSON compilation database (compile_commands.json) file.

  • Resolved an issue wherein a Null Pointer Exception error may occur when Detect cannot access a file during signature scan exclusion calculating.

  • Resolved an issue wherein the RubyGems package manager had missing components.

  • Resolved an issue wherein the NPM package lock added every dependency as a root dependency.

Changed features

  • The properties --detect.nuget.path and are deprecated.

  • The properties detect.suppress.results.output and detect.suppress.configuration.output are deprecated. The output from these properties is logged instead of written to sysout.

  • Improved the reporting of scan registration limit errors.

Version 5.0.1

Resolved issues

  • Resolved an issue wherein a null pointer exception error may occur in the NuGet portion of a scan when running Synopsys Detect in Linux.

  • Resolved an issue that fixes the Clang Detector (for C/C++) handling of complex quoted strings occurring in compiler commands found in the JSON compilation database (compile_commands.json) file.

  • Resolved an issue wherein using did not run any tools.

  • Resolved an issue wherein Coverity on Polaris may return a failure status for a successful upload.

Changed features

  • NuGet air gap mode now points to other folders.

  • Removed support for PiP resolving the project version.

Version 5.0.0

New features

  • Added a new property to execute Black Duck Docker Inspector.

  • CocoaPods are now nestable under Bill of Materials (BOM) tools.

  • Added functionality to exclude all BOM tools.

  • Added a new property that enables you to search at a determined depth.

  • Added functionality to log all found executables.

  • Added functionality to run in Docker mode.

  • Added support for NuGet in MacOS.

  • Added ability to include and exclude all tools.

  • Added a new properties for SWIP in Detect scans.

Resolved issues

  • Resolved an issue that caused the Gradle inspector to retrieve the maven-metadata.xml file from the default repository, even when the property detect.gradle.inspector.repository.url was set to point to a different repository.

  • Resolved an issue wherein Gradle may upload older BDIO files into the current project.

Changed features

  • Improved C/C++ multi-threading functionality.

  • Deprecated Pipenv inspector messages are now logged.

  • The term BOM_TOOL is now replaced with DETECTOR.

  • You can no longer supply ranges for the Inspector versions.

  • Enhanced the code location naming conventions.

©2018 Synopsys, Inc. All Rights Reserved