Skip to content

Releases: SalkCoding/Oswl

OsWL v1.0.0

11 Jun 13:03
@SalkCoding SalkCoding
1.0.0-SNAPSHOT
e226805
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
OsWL v1.0.0 Latest
Latest

OsWL v1.0.0 — First Release

The first stable release of OsWL (Open-source Software Watchlist) — an in-house SCA (Software Composition Analysis) platform for tracking and managing CVE vulnerabilities and license risks across your OSS dependencies.

✨ Highlights

Scanning & Data Collection

  • Quick Import — One-click repository import via GitHub / GitLab VCS connections (Maven BOM & Kotlin DSL support)
  • CLI Integration — Language-agnostic scan submission REST API with project-scoped API keys
  • Enrichment via OSV and deps.dev for CVE and license data

Security & Compliance

  • Security Center — Full CVE list with CVSS scores, severity ranking, and status management (Open / Suppressed / False Positive)
  • License Analysis — SPDX detection with policy enforcement (Permitted / Caution / Restricted)
  • Risk Trend — Historical charts across up to 10 scans showing CVE and license posture changes
  • Version Diff — Side-by-side comparison of added, removed, and changed dependencies
  • Component Detail — Patch availability and security fix version guidance

AI & Insights

  • AI Insights — Optional LLM-generated summaries for CVE posture, license compliance, and risk trends

Operations & Governance

  • Role-Based Access Control — Role templates (Admin / Developer / Viewer) plus per-project membership
  • Audit Logging — Immutable log of user and system events with CSV export
  • 2FA / Trusted Devices — Email OTP two-factor authentication with per-browser trusted devices
  • Single-session enforcement and session management

UI & Internationalization

  • English / Korean i18n support
  • Setup Wizard — Create the first System Admin account on first run
  • Responsive dashboard (Tailwind CSS, Chart.js, HTMX, Alpine.js)

🛠 Tech Stack

Component Version
Spring Boot 4.0.5
Java 25
Database PostgreSQL 15+ (production) / H2 file-mode (local)
License MIT

📦 Download

This release includes oswl-1.0.0.jar.

Quick start (local development)

./gradlew bootRun
# http://localhost:8080 — complete the setup wizard to create the first admin account

Production deployment (PostgreSQL)

export SPRING_PROFILES_ACTIVE=prod
export DB_URL=jdbc:postgresql://localhost:5432/oswl
export DB_USERNAME=oswl
export DB_PASSWORD=your_password
export OSWL_ENCRYPTION_KEY=$(openssl rand -base64 32)

java -jar oswl-1.0.0.jar

Before deploying to production, review the Production Deployment Checklist.

📚 Documentation

👥 Authors

Author Role
SalkCoding Project lead & primary maintainer
Tengball Design & UI/UX

📝 Known Limitations

  • Swagger UI is available only under the local profile (disabled in prod).

Feedback and bug reports are welcome via GitHub Issues.

Assets 3
Loading