v0.9.0

foxguard v0.9.0 — Semgrep registry-parity wave

foxguard's Semgrep-compatible loader now handles 85.3% of the public semgrep-rules registry (1,828 / 2,144 rules) — up from ~61%. This release adds six new languages, a Ruby taint engine, and a batch of Semgrep-compatible operators, all parity-checked in CI against the real semgrep CLI.

New languages (tree-sitter grammars)

• Solidity, YAML, Dockerfile, bash, OCaml, Scala, Elixir, JSON (plus HCL/Terraform)
• languages: [regex] rules — pattern-regex matched over raw file text (no AST), unlocking ~190 registry rules

Taint mode (mode: taint)

• New engines + Semgrep bridges: Java, C, Kotlin, and a full Ruby dataflow engine
• patterns: AND-blocks inside pattern-sources / pattern-sinks / pattern-sanitizers
• $METAVAR.method($X) receiver sinks and $EL.field = $X member-assignment (DOM-XSS) sinks

Metavariable operators

• metavariable-comparison, metavariable-pattern, focus-metavariable, metavariable-analysis (Shannon-entropy analyzer)
• fix: — emits Semgrep autofix templates as finding suggestions

Tooling & hardening

• New registry-coverage measurement harness + living report (docs/parity/registry-coverage.md)
• Semgrep-parity CI extended to C / Kotlin / inverse suites
• Loader fixes: MEDIUM severity, optional metavariable: in comparison, PCRE-lookahead + \Z-anchor regex normalization
• Plus the github-app / scan-threshold / diff / OSV-version fixes carried over from the 0.8.x line

Install

npm install -g foxguard        # or: cargo install foxguard

Binaries for macOS (x64/arm64), Linux (x64/arm64 musl), and Windows (x64) are attached below.

Full Changelog: v0.8.1...v0.9.0