JIRA: Breaking Change, Update Required
FOSSA’s Jira integration now supports connecting multiple Jira Sites to the same FOSSA instance. This change requires updates to your configurations within your integration settings.
Webhooks on Jira that send notifications to FOSSA will need to be reconfigured to include an authorization key. The new webhook URL can be found in Settings > Integrations > Jira. For more information on configuring webhooks, please see our documentation. If the webhooks are not updated, then exported issues that are closed on Jira will not be resolved on FOSSA.
We’ve overhauled our archive uploader to improve both product stability and performance. Our investments in the archive uploader infrastructure not only improves analysis speed , but also allow FOSSA to support much larger file sizes.
New Reporting Format: SPDX
SPDX is an industry-standard that makes reporting and communicating open source dependencies easier. We are excited to roll out SPDX to all our users. Contact us at firstname.lastname@example.org if you are interested in getting it activated for your account.
New Report Data Available: Dependency Graphs for Provided Builds
Understand how each open source component is brought into your product by including Dependency Paths in your reports. You can include dependency graphs by selecting Customize Columns in the reporting view for each project.
In addition to improving general stability and performance, we have made the following updates:
We now support integrating the FOSSA-CLI with projects using RPM as the package manager. Please check out these docs to get started.
FOSSA Report Dependency Update
The CLI command
fossa report dependencies outputs a JSON report that now includes the open source component’s version and commit hash. This allows Golang dependencies to have their commit hashes explicitly defined in CLI reports.
Python Support 2.0
We have updated our Python analyzer to improve accuracy and performance.