Grafeas v0.2.2 release

[Wiktor Kozlik]

Hello Grafeas and Kritis Community,

I'm excited to announce the Grafeas v0.2.2 release! You can get it through the corresponding Docker image, us.gcr.io/grafeas/grafeas-server:v0.2.2, and Helm chart. The highlights are:

• Enhanced support for Vulnerability Notes and Occurrences, with the following changes:
  • Indicate the location at which an affected package was found in the container image.
  • CVSS proto compatible with v2 and v3.
  • More detailed status of language package scans in the Discovery occurrence.
  • Added cvss_version field to indicate which version was used to populate fields: cvss_score and severity.
  • Added support for Vex Assessments.
• Added support for language packages in Package Notes and Occurrences.
• Enhanced SLSA support.
  • Added support for SLSA v0.2 to the intoto statement.
  • Added SLSA v0.2 converter.
• Added SBOM support.
• Updated versions of frameworks and libraries
  • Use ANTLR v4.
  • Golang 1.20.

Big thanks to Shmuel Herzberg, Neetha Sebastian, Erik Varga, Yousef Alowayed, Nicholas Cho, Yonghe Zhao, vincentyl@, Chuang Wang, Hua Meng, Zoran Regvart, Yeshwanth Gunasekaran, Han Zhang, and Giang Nguyen for your contributions to Grafeas.

Cheers,

Wiktor