Support for H2, MySQL, and Microsoft SQL Server is dropped.
To facilitate communication between services, a Kafka-compatible broker is required.
Publishing of notifications, fetching component metadata from repositories,
and vulnerability analysis is performed by services separately from the API server.
The services can be scaled up and down as needed.
Some services (i.e. notification-publisher) can be omitted entirely from a deployment,
if publishing of notification via e.g. Webhook is not needed.
All services except the API server can optionally be deployed as native executables
(thanks to GraalVM), offering a lower resource footprint than their JVM-based counterparts.
Database migrations are performed through a more reliable, changelog-based approach.
Breaking Changes
All deprecated endpoints mentioned below were removed:
POST /api/v1/policy/{policyUuid}/tag/{tagName}
DELETE /api/v1/policy/{policyUuid}/tag/{tagName}
GET /api/v1/tag/{policyUuid}
GET /api/v1/bom/token/{uuid}
Notifications
subject objects passed to notification templates are now objects generated from Protobuf definitions.