v0.9.0 — Shareable SBOM URLs

What's new

Shareable SBOM URLs — Instantly generate a secure, hosted viewer link for your SBOM by appending the --share flag to your scan.

• Privacy-first: Includes a strict confirmation prompt before uploading, unless explicitly bypassed with --share-yes for CI/CD pipelines.
• Telemetry: Added cli_share_created event tracking the has_share_yes parameter to measure bypass usage.
• Safe Empty Scans: Automatically aborts upload if the target path is empty and no artifacts or dependencies are discovered.
• Documentation: Added a new "Share Your SBOM" section to the README and updated the Telemetry & Privacy section to reflect the opt-in upload behavior (data retained for 30 days).

What's not changing

Scanner behavior, exit codes, output formats — all identical to v0.8.x.

Telemetry behavior remains the same as v0.8.0.

v0.8.0 — CLI telemetry preview

What's new

• CLI telemetry preview — opt-in via AISBOM_TELEMETRY_V2=1. Off by default in this release while we soak the pipeline.
• New events: cli_install_first_seen, cli_scan (with target_type, model_format, risk_level_max, scan_duration_ms, file_count, parse_error_count, strict_mode), cli_scan_critical_found, cli_strict_mode, cli_diff, cli_error (exception class name only).
• Anonymous user_id (SHA-256 of MAC + salt, 16 hex chars) stored in ~/.aisbom/config.json for returning-user analytics.
• New "Telemetry & Privacy" section in README documenting the full schema, where data goes, and how to opt out.

Privacy

Set AISBOM_NO_TELEMETRY=1 to disable telemetry entirely. This setting wins over every other gate. The opt-out is forward-compatible — it'll work the same way after the next release flips the default.

What's not changing

• Scanner behavior, exit codes, output formats — all identical to v0.7.x.
• aisbom-cli 0.7.x clients keep working unchanged against the deployed Worker.

Next release

Will flip telemetry to default-on, with AISBOM_NO_TELEMETRY=1 documented as the opt-out.

v0.7.8 - Stability Release (macOS CI & Publish Fixes)

Summary
This release stabilizes the CI/CD pipeline, ensuring reliable multi-architecture builds and automated publishing.

Changelog

• Fix(CI): Implemented "Rosetta Strategy" for macOS Intel builds (macos-14 host + x64 python architecture).
• Fix(CI): Resolved Resource not accessible by integration error in publish.yml by replacing API calls with authenticated git commands for tagging.
• Fix(CI): Corrected YAML syntax error (duplicate key) in binaries.yml.

Artifacts

• aisbom-linux-amd64
• aisbom-macos-amd64 (Intel compatible)
• aisbom-macos-arm64 (Apple Silicon native)

v0.7.7 - macOS CI Architecture Fix

Summary
This release revamps the macOS build pipeline to ensure reliable delivery of Intel binaries by leveraging Apple Silicon runners with Rosetta 2.

Changelog

• Fix(CI): Switched the build strategy to use macos-14 (Apple Silicon) for ALL macOS builds.
  • Intel (amd64): Built using python-architecture: x64, running via Rosetta 2 on the M1/M2 host.
  • Silicon (arm64): Built natively.
  • Why? This bypasses the instability/unavailability of legacy Intel runners on GitHub Actions.

Artifacts

• aisbom-linux-amd64
• aisbom-macos-amd64 (Intel compatible)
• aisbom-macos-arm64 (Apple Silicon native)

v0.7.6: Addresses build pipeline failure for macOS

This patch release addresses a build pipeline failure for macOS Intel binaries.

Changelog

Fix(CI): Downgraded the macOS Intel runner from macos-13 to macos-12 to resolve "configuration not supported" errors in GitHub Actions.

Artifacts This release should correctly generate:

aisbom-linux-amd64
aisbom-macos-amd64 (Intel)
aisbom-macos-arm64 (Apple Silicon)

v0.7.5 - Multi-Architecture Standalone Binaries

This release introduces full support for Air-Gapped / "USB Test" scenarios across all major platforms, answering the demand for secure, offline usage.

Key Features:

• Multi-Arch Standalone Binaries: We now ship three distinct executables attached to this release:
  • aisbom-linux-amd64 (Linux x86_64)
  • aisbom-macos-amd64 (macOS Intel)
  • aisbom-macos-arm64 (macOS Silicon M1/M2/M3)
• Documentation Upgrade: Added comprehensive instructions for "Standalone Binary" usage, including a critical Troubleshooting guide for macOS Gatekeeper permissions (xattr -d).

How to Install:

Pip: pip install aisbom-cli==0.7.5
Binary: Download the appropriate file below, chmod +x it, and run!

v0.7.0: Standalone Binaries ("The USB Test")

Features

• Standalone Binaries: You can now run aisbom without Python installed!
  Linux (x86_64) and macOS (ARM64) builds are automatically attached to this release.
  Perfect for air-gapped environments or quick audits ("The USB Test").
  Just download, chmod +x, and run ./aisbom scan ..

Improvements

• Build System: Added PyInstaller integration and GitHub Actions workflow for automated binary releases.
• Documentation: Updated README with Quick Start guide for binaries.

Fixes

• Compatibility: Resolved Python < 3.15 requirement for PyInstaller.
• Data Files: Fixed missing CycloneDX and SPDX schemas in frozen builds.

v0.6.0: Sandbox Wrapper Scripts

This follow-up release improves the usability of the "Defense in Depth" runtime sandbox by including official wrapper scripts.

New Features

• Sandbox Wrapper (scripts/asb-wrapper.sh): A convenience shell script to run commands inside the amazing-sandbox via uvx without typing the full command string.
• Safe Loader Template (scripts/safe_loader.py): An example Python script demonstrating how to safely load legacy models that require weights_only=False within the isolated environment.

Documentation

Updated Sandboxed Execution Guide to reference the new scripts.

v0.5.0: Defense in Depth & Linter Hardening

This release solidifies the security architecture with a "Defense in Depth" strategy, aligning AIsbom with the upcoming PyTorch 2.6+ security defaults (weights_only=True).

Security & Linter Improvements

• Arbitrary Execution Detection: The Migration Linter (--lint) now explicitly flags REDUCE, BUILD, and INST opcodes as WARNINGs. This highlights models that require dynamic object construction (a key vector for RCE) while acknowledging that some legacy models rely on this behavior. Logic is now fully aligned with PyTorch's safe_globals validation strategy.

Documentation & Strategy

• Defense in Depth Guide: Added Sandboxed Execution Docs, detailing how to combine Static Analysis (AIsbom) with Runtime Isolation (uvx + amazing-sandbox).
• README Expansion: Updated the README to articulate the two-layer security approach (Layer 1: Static, Layer 2: Runtime).

Maintenance

• Repo Cleanup: Removed temporary staging directories (repro_stage) and moved internal maintenance documentation to
  .github/MAINTAINERS.md
• Tests: Extended test suite coverage for opcode warnings.

v0.4.2: Telemetry & Version Checks

🚀 Features

• CLI Version Check: The CLI now checks for updates in the background and notifies you if a newer version is available.
• Ethical Telemetry: Collects minimal, anonymous usage data (OS, Python version, CI status) to help improve the tool.
  • Privacy: Set AISBOM_NO_TELEMETRY=1 to completely disable this behavior.
• SPDX Support: The offline viewer now supports SPDX 2.2/2.3 JSON files.

🐛 Fixes

• Fixed CI build failure by synchronizing poetry.lock.
• Improved documentation for the scan commands.

📦 Installation

pip install aisbom-cli==0.4.2