snyk/parlay
Enrich SBOMs with data from third party services
23 Releases
Latest: 4mo ago
v0.11.0Latest
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4){kind=small}
github-actions[bot]·4mo ago·February 10, 2026✨ New Features
- 116cb0e2126c3603ab2da7ae8e1421687e211c17: feat: add parlay user-agent in snyk API calls (#134) (@mcombuechen)
- c6d18aff98491df1d846d930463e0c3744f4176d: feat: dedupe snyk API calls for identical PURLs (#132) (@snyk-will)
v0.10.1
github-actions[bot]·4mo ago·January 30, 2026🐛 Bug Fixes
- f405d1e70c16829498d8374f040049f699eef13b: fix: handle unsuccessful scorecard url lookups (#131) (@mcombuechen)
v0.10.0
github-actions[bot]·6mo ago·December 18, 2025✨ New Features
- 9f8af05d696839902dff2fb43722f0b1599a7cd2: feat: add local cache to sbom enrichment (#119) (@snyk-will)
- da1d699a202f7f3bc71e8c974c1e881596892155: feat: add support of purl repository_url (#123) (@snieguu)
📋 Other Changes
- d007d32a8942c2682d438b9e6a46516ab41a10b2: chore: add security.md [PRODSEC-5886] (#122) (@cvaidas)
- 07e4d5a5180e72086ae52c5abc5cf1c674f446e7: chore: update codeowners [unify-831] (#120) (@prodsec-github-automation)
- ed745d83d262e2950979e082c5ab43477dbe9c94: feat(ecosystems): add missing PURL types to registry mappings (#126) (@andrew)
- cb2136af5fafde6f0873c9cbc8eb44d71385394e: fix(ecosystems): reuse cache across SBOM enrichments (#125) (@andrew)
v0.9.0
github-actions[bot]·11mo ago·July 15, 2025✨ New Features
- 262732426472a36b64421af480ca1fbc0102f5cd: feat: add User-Agent header to ecosyste.ms API requests (#118) (@andrew)
📋 Other Changes
- 92b58cc4a5ed2324ffff6a2e4f6898735c663eb9: chore: update secrets alerts channel (#113) (@wayne-grant)
v0.8.0
github-actions[bot]·1y ago·February 10, 2025📋 Other Changes
- e5607ba3424822c17ef0e1314e1fc54f5f7e1de7: Support CVSSv4 information for Snyk envrichment (#106) (@garethr)
- 9e999517293eff7ae115bff07a2fec7bf32816ad: fix: fall back to license from package if not present in versioned package (#109) (@thomasschafer)
- 07595e5d545c26b9fb6c5f4762484ae7753de6fe: fix: increase number of retries during Snyk enrichment (#110) (@JoeySnyk)
- 09544e5467e8fd3a378ece07d66411448d1b076a: fix: update ecosystems, snyk API clients (#105) (@mcombuechen)
- f45e2e12046b6ce9eeff77f275932d917e741caa: fix: upgrade github.com/CycloneDX/cyclonedx-go to latest (#104) (@mcombuechen)
v0.7.0
github-actions[bot]·1y ago·January 10, 2025📋 Other Changes
- cdc9a13902063bf4c34373c1a97cd4d772791c34: feat: log unexpected status codes in the retryable client (#99) (@paulrosca-snyk)
- a2115ef78aedd2e2132216a78f547c81dcf65521: fix: backoff function error handling (#98) (@paulrosca-snyk)
v0.6.5
github-actions[bot]·1y ago·January 6, 2025📋 Other Changes
- 7d69dae16684b33aee33d4b3d5869242546a9de0: fix: ecosystems validate external references urls (#97) (@acidghost)
- 2f3d685d2dc1b90907a088bf2ec8a3dafadbbd02: fix: handle empty package supplier name in SPDX (#93) (@mcombuechen)
- bc55e4def82d7bfe71335b538833d1773c5f229c: fix: return ecosyste.ms license based on package version (#88) (@paulrosca-snyk)
- 9cc9d47a1e21869a890c1148ff3ad681a1c83c97: fix: wrong vuln rating source (#81) (@paulrosca-snyk)
v0.6.4
github-actions[bot]·1y ago·November 28, 2024📋 Other Changes
- b0523a0670c92442860900d4c4e94bb5c1a3d8f5: fix: upgrade go version to 1.23 in github action (#91) (@mcombuechen)
v0.6.1
github-actions[bot]·1y ago·November 20, 2024📋 Other Changes
- 5e753b3e3cdb5ca339cbcb48e178b785cc120e8a: fix: handle comma-separated websites in ecosyste.ms enrichment (#85) (@acidghost)
v0.6.0
github-actions[bot]·1y ago·October 24, 2024📋 Other Changes
- 327a30a795a858efd18ae262f465d77ade7f6d3f: feat: add supplier to SPDX documents (#79) (@mcombuechen)
- c51c0c9a59ca8157e1e97c81d0fb2ae3fc6c6d66: fix!: improve interoperability of SNYK_API environment variable (#74) (@paulrosca-snyk)
- f5fed05a0a16d6034072b952be62d687be61c39d: fix: empty ecosyste.ms repository url (#75) (@paulrosca-snyk)
v0.5.1
github-actions[bot]·1y ago·August 16, 2024📋 Other Changes
- 3bfc60581bc82023587c7871d20756886560dbb9: chore: add prodsec/security_scans (#69) (@wayne-grant)
- eb55f41ee7d6898e0a15737eed597182cff54d73: feat: add support for CycloneDX 1.6 (#72) (@paulrosca-snyk)
- c52ed5146e7f4352d11c3bcaa2f9b92d5c96cbdc: feat: get snyk api endpoint from env (#67) (@paulrosca-snyk)
- 0ea7ec621c6d2ff7a69c7e306bd2a054d8bdfd6e: fix: goreleaser config (#73) (@paulrosca-snyk)
- 689562a2f1ce30b73c18074efedb4ebb36d67484: fix: handle unsuccessful Snyk API responses (#70) (@mcombuechen)
- 43919140d50e12fa89e4542375df3d5eacd4cdc3: refactor: enrich scorecard data through mutation (#65) (@mcombuechen)
v0.4.0
github-actions[bot]·2y ago·March 5, 2024📋 Other Changes
- 6bf7ae4d6b65f6eb9b64e2b9d47430c9e9329625: feat: more verbose log messages in all commands (#61) (@mcombuechen)
- 04ba00b02c4a17e3444feebd478b90688cb86faa: feat: snyk enrich external refs (#62) (@paulrosca-snyk)
- 419eda3ffa7a62eb9d47b1194ce99d77639b9a92: refactor: enrich ecosyste.ms data through mutation (#64) (@mcombuechen)
v0.3.0
github-actions[bot]·2y ago·March 1, 2024📋 Other Changes
- b7a921b5321c1d21c609ce81e4a7f2a6cc4cd48d: feat: add support for CycloneDX 1.5 (#58) (@paulrosca-snyk)
- 3b2986ad19891364cba92ec3a69bd980e316fcb1: feat: add version command (#19) (@krishnaduttPanchagnula)
- af7b7a7a2dea53a0261cbd53eb1c7474147bae84: fix: deep traversal of cyclonedx components (#60) (@paulrosca-snyk)
v0.2.3
github-actions[bot]·2y ago·February 16, 2024📋 Changelog
- This releases fixes an issue when enriching namespaced npm packages with ecosyste.ms data.
📋 Other Changes
- f32004e3389d433a514054234a70a569bf33f717: fix: fix npm namespace encoding for ecosystem.ms (#57) (@paulrosca-snyk)
v0.2.2
github-actions[bot]·2y ago·February 7, 2024📋 Other Changes
- f9b35a4a3d3ea92de383e8d0a6d514d2585ea3e5: chore: transfer code ownership to Team Unify (#53) (@mcombuechen)
- e5db958c9ddc760d6f4052647344e5780f21c075: fix: log failure reasons during `snyk enrich` (#54) (@mcombuechen)
v0.2.1
github-actions[bot]·2y ago·February 5, 2024📋 Other Changes
- bb1862d8643806246db119fb6040ad6eb0bf494e: Add go to the Snyk docs (#41) (@garethr)
- 8ce0d37a84e6156585337c2287d70ee4939484c7: chore: add secrets scanning (#45) (@wayne-grant)
- d90e7d2e6483e824406247164448ae85062be56b: chore: asset classification (#44) (@wayne-grant)
- 1273e937ef9f352c2722e92730f1b0557c54ca51: chore: update CODEOWNERS (@dragos-cojocari)
- 3bc5a4ce42f7c8e3f6926b95e43d436ce57480ec: chore: update CODEOWNERS (@dragos-cojocari)
- 7f8789fd40c8fbe16dd95fbdc170d475dc113972: chore: update CODEOWNERS (@dragos-cojocari)
- 60602d515230d8cb5465f6beb168ad83b402df32: fix: apk package lookup for ecosyste.ms doesn't use the namespace (#40) (@garethr)
- cb1c7c59f0500157e75a2500d7d9955a9eeed8d2: fix: log errors during SPDX snyk enrich (#52) (@mcombuechen)
- + 2 more
v0.2.0
github-actions[bot]·2y ago·August 18, 2023📋 Other Changes
- ae7d02982fac1c2aeded17581cd730b677b28392: Add SPDX examples to the documentation (@garethr)
- 69782c6c3c9f3ddb62c82d0a7f5ea2db925140b5: Update email address for reporting code of conduct issues (@torgo)
- 803579969607bafd837143466a9e560518c8103c: chore: add copyright headers to lib/sbom (@mcombuechen)
- 7ceeeb83b735d91462ae0f0a6fbb242f075fff4e: chore: linting (#23) (@mcombuechen)
- fb880a4ebe1779fba44862498a49307eace7df75: chore: upgrade packageurl-go (@mcombuechen)
- 52a37571a7cad4b54682119f75d7be2d3367e7a0: feat: add SPDX support to ecosystems enrich (@mcombuechen)
- f543a3bc9fe118c6e687794d81da1008a3b49fdb: feat: add SPDX support to scorecard (#28) (@mcombuechen)
- d07483171acec30edc516ce2619b3975a2e24ecf: feat: add ecosyste.ms support for swift, docker packages (@mcombuechen)
- + 7 more
v0.1.5
github-actions[bot]·3y ago·June 12, 2023📋 Other Changes
- b52cc8d9016f6b1044e3f624830a8ae9ebcac44f: Attempted fix for Gitleaks action (@garethr)
- 53335fe6d65b6692b6c19e0ceb3220c8ab1f80d3: Create CONTRIBUTING.md (@torgo)
- 49cb0c8dfe01b725f34d76b7c49a41f03bbd4899: Fix issue with 0.1.0 packageurl library license not being detected (@garethr)
- 7564d0757605cb40070a6d5fa13c87b0d78ae92c: bug: fix issue with installation instructions (@garethr)
- 886d6374eda7eeb4dfb40943eeffd5c9d3759aea: feat: Add enrichment using OpenSSF Scorecard data. (#13) (@garethr)
- 40228c9f8a6e26f0361eb72485fe6b59b99e1b1c: fix: Actions need secrets to run, which aren't available on PRs (@garethr)
- 99463ed0667f53e8691d6a894bb33e7b99975c25: refactor: move reading of input to utils package (#18) (@mcombuechen)
v0.1.4
github-actions[bot]·3y ago·June 7, 2023📋 Other Changes
- aec49c7b9360dfbc7ccb76e7033256d08ebe3871: Add LICENSE and copyright information (@torgo)
- 62a48fab0c0db60dd2446b2a52d1996ea2bfc4a7: Added Gitleaks checks (@garethr)
- d8f28350a686550abc5866ae9fd6a3c7faa87966: Added Security badge (@garethr)
- 32c9ee87430a2b63a9160b8a1ea9f3a6797b6d7a: Added Security checks to the actions workflow (@garethr)
- d95f0894f0369c4692dcffa413ef572f98fe82b7: Added a CODEOWNERS file (@garethr)
- 595c19ccf76043d8fad3963cc0ca4ae9239ed65b: Added details of security response (@garethr)
- a2ebbfb3969bc09efe5d141f581d7e5bd20db9be: Create CODE_OF_CONDUCT.md (@torgo)
- 49617d0fa07ffb9ab1885eac71885469cde948c9: Create an acknowledgement bundle on release for third party licenses (@garethr)
- + 6 more
v0.1.3
github-actions[bot]·3y ago·June 6, 2023📋 Other Changes
- 025307cbae217b837335863797775bcb28f505b8: Added SBOM generation as part of Goreleaser build (@garethr)
- 0eaa75f95fddb7c83fc2bb75107d63b71c5ff8f9: Added a deps.dev command to get repository information (@garethr)
- eb04ade22df5b3d6a400e7416105ab2bad6c2252: Added docs on supported package types (@garethr)
- 86dc756f005e745c0d5272ebe381d1ba2dd44751: Added installation instructions (@garethr)
- 341cc3a18afe53e4f30be32ab513b8626fab3d57: Expanded examples in README (@garethr)
- 90ae5899517898ffd51192d9d0dc81065b681594: Formatting fixes (@garethr)
- f04247190d71b66998511e338a3dff0ede75eb11: Ignore a license issue with an unknown or missing license (@garethr)
- 3c60456f78ffb80b245f69eaaa31d0c16dd469b6: Ignore the Snyk Code cache (@garethr)
- + 1 more
v0.1.2
github-actions[bot]·3y ago·May 15, 2023📋 Other Changes
- 096458629a2056450c09023a0a78305eb0058d63: Fix bug with issues without scores (@garethr)
- 2751fc94eb98795b8f80fc9653312e7b6a94514d: Reorganise the code to separate the Snyk and Ecosystems code (@garethr)
- 886359caa8d2e5506cbdb90b9893fc5e5019491d: Run lint checks as part of test locally (@garethr)
- b41270bb4747887af773c418be83e4c9a0bd3463: Start adding tests for the Snyk module (@garethr)
v0.1.1
github-actions[bot]·3y ago·May 9, 2023📋 Other Changes
- 88432dd30b4e6fde26eaad0a9a9ff2b3b390937c: Added debian SBOM example and fixed a bug (@garethr)
- a01b4987ddae04ac1b05013e52e3c6891e6bcca0: Converting output to use the new logger (@garethr)
v0.1.0Pre-release
github-actions[bot]·3y ago·May 8, 2023📋 Other Changes
- ec511a19e7f1632a577e0aa18171c9c756172ea0: Add a Java based SBOM example for testing with (@garethr)
- 7aacbe838495bd5b3e84ea16a6c963fb11e62299: Add basic CI setup (@garethr)
- 155119682e86d4ffeea40a2b810466536c59e5df: Add missing package, map purl types to ecosyste.ms (@garethr)
- 012d3697d7055070afceb7107ac96903b9c7fb60: Added CI badge to the README (@garethr)
- 61be7d39915dcae6a70d8e5df821d0050a8d939e: Added README (@garethr)
- b6d7191835cf9dde50acee4a0c288b9f52eb6382: Added a Makefile to running commands (@garethr)
- ad60fdc178d54edde4556b1e87acf70746999017: Added a consistent logger through all commands (@garethr)
- 75d65fd0d1c318126e234f700e01eb82f70cbe45: Added a fmt command for formatting all the source (@garethr)
- + 48 more