Releases: JoshuaMart/WebSec0
Releases · JoshuaMart/WebSec0
v0.0.6
WebSec0 v0.0.6
Multi-arch binaries and a distroless Docker image. The binary embeds
the Astro frontend; running ./websec0 exposes the UI on :8080.
Changelog
Features
- 4db2a9f: feat(tls): make scan ban-resilient against WAFs that fingerprint legacy ClientHellos (@JoshuaMart)
Fixes
- c1f7931: fix(tls): never marshal nil slices as JSON null in TLSReport (@JoshuaMart)
Docker image — ghcr.io/joshuamart/websec0:v0.0.6 (linux/amd64 + linux/arm64).
Verifying release artefacts — the checksums.txt file and the
Docker manifest are signed with cosign keyless via Sigstore. The
checksum signature is published in the new self-contained Sigstore
bundle format (signature + certificate + transparency log entry in
one file). Verify with cosign >= 2.5:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/JoshuaMart/WebSec0/.github/workflows/release.yml@refs/tags/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--bundle checksums.txt.sig \
checksums.txtContributors
JoshuaMart
Assets 12
v0.0.5
WebSec0 v0.0.5
Multi-arch binaries and a distroless Docker image. The binary embeds
the Astro frontend; running ./websec0 exposes the UI on :8080.
Changelog
Fixes
- 279d475: fix(release): migrate cosign checksum signing to the new bundle format (@JoshuaMart)
CI / build
- c3537e2: ci(release): bump docker/setup-buildx-action to v4 (Node.js 24 runtime) (@JoshuaMart)
Docker image — ghcr.io/joshuamart/websec0:v0.0.5 (linux/amd64 + linux/arm64).
Verifying release artefacts — the checksums.txt file and the
Docker manifest are signed with cosign keyless via Sigstore. The
checksum signature is published in the new self-contained Sigstore
bundle format (signature + certificate + transparency log entry in
one file). Verify with cosign >= 2.5:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/JoshuaMart/WebSec0/.github/workflows/release.yml@refs/tags/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--bundle checksums.txt.sig \
checksums.txtContributors
JoshuaMart
Assets 12
v0.0.3
WebSec0 v0.0.3
Multi-arch binaries and a distroless Docker image. The binary embeds
the Astro frontend; running ./websec0 exposes the UI on :8080.
Changelog
Features
- 500d173: feat(web): make landing responsive down to ~320px (@JoshuaMart)
- 504272d: feat(web): make report page responsive (@JoshuaMart)
Fixes
- 0b962eb: fix(frontend): use filepath.IsLocal as the path-traversal sanitiser (@JoshuaMart)
- cee74ed: fix(frontend): validate overlay path stays inside static_overlay_dir (@JoshuaMart)
Docker image — ghcr.io/joshuamart/websec0:v0.0.3 (linux/amd64 + linux/arm64).
Verifying release artefacts — the checksums.txt file and the
Docker manifest are signed with cosign keyless via Sigstore. To
verify the checksum signature:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/JoshuaMart/WebSec0/.github/workflows/release.yml@refs/tags/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--signature checksums.txt.sig \
checksums.txtContributors
JoshuaMart
Assets 12
v0.0.2
WebSec0 v0.0.2
Multi-arch binaries and a distroless Docker image. The binary embeds
the Astro frontend; running ./websec0 exposes the UI on :8080.
Changelog
Features
- c2314b9: feat(frontend): configurable /.well-known/ overlay directory (@JoshuaMart)
- 6836b6a: feat(frontend): generalise overlay to /.well-known/ + root statics, ship robots.txt (@JoshuaMart)
Documentation
- ec31a5c: docs(readme): lead self-host with the published GHCR image (@JoshuaMart)
- 849893a: docs(web): point the landing curl snippet at the public instance (@JoshuaMart)
Other changes
- c7b802c: refactor(custom): drive robots/security check parseability off Content-Type (@JoshuaMart)
Docker image — ghcr.io/joshuamart/websec0:v0.0.2 (linux/amd64 + linux/arm64).
Verifying release artefacts — the checksums.txt file and the
Docker manifest are signed with cosign keyless via Sigstore. To
verify the checksum signature:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/JoshuaMart/WebSec0/.github/workflows/release.yml@refs/tags/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--signature checksums.txt.sig \
checksums.txtContributors
JoshuaMart
Assets 12
v0.0.1
WebSec0 v0.0.1
Multi-arch binaries and a distroless Docker image. The binary embeds
the Astro frontend; running ./websec0 exposes the UI on :8080.
Changelog
Features
- 651c980: feat(frontend): embed Astro build and serve at / with SPA fallback (Joshua MARTINELLE contact@jomar.fr)
- d7c6636: feat(frontend): optional head_inject snippet for opt-in analytics (Joshua MARTINELLE contact@jomar.fr)
- 058667d: feat(web): add report page with Preact island (Joshua MARTINELLE contact@jomar.fr)
- df3d335: feat(web): expand Overview highlights with header, cert and custom signals (Joshua MARTINELLE contact@jomar.fr)
- 00be765: feat(web): port maquette landing with live form and history strip (Joshua MARTINELLE contact@jomar.fr)
- e9be5e5: feat(web): render custom findings as colored chips with URL link (Joshua MARTINELLE contact@jomar.fr)
- 77f830f: feat(web): replace brand mark with dot+ring SVG and ship favicon (Joshua MARTINELLE contact@jomar.fr)
- 3aec760: feat(web): scaffold Astro 6 + Preact static frontend (Joshua MARTINELLE contact@jomar.fr)
- 5012477: feat: add HTTP security headers probe and scoring engine (Joshua MARTINELLE contact@jomar.fr)
- 33bffe6: feat: add SSLv2, SSLv3 and modern TLS probes (Joshua MARTINELLE contact@jomar.fr)
- 17bf81b: feat: add TLS scoring engine with SSL Labs-style floors (Joshua MARTINELLE contact@jomar.fr)
- f3b0cb4: feat: add chi-based HTTP API with typed errors and rate limiting (Joshua MARTINELLE contact@jomar.fr)
- f7eaad9: feat: add config loader, scoring grades and scan payload types (Joshua MARTINELLE contact@jomar.fr)
- 5717a2b: feat: add custom checks for security.txt and robots.txt (Joshua MARTINELLE contact@jomar.fr)
- 261b724: feat: add embedded check catalog and serve it from /api/v1/checks (Joshua MARTINELLE contact@jomar.fr)
- f4ebd0d: feat: add entry point, version package and distroless Dockerfile (Joshua MARTINELLE contact@jomar.fr)
- 2f4d5c1: feat: add in-memory cache and opt-in scan history (Joshua MARTINELLE contact@jomar.fr)
- ef7f17f: feat: add safehttp module for SSRF, DNS-rebinding and rate-limiting defences (Joshua MARTINELLE contact@jomar.fr)
- 6ba814b: feat: add scan orchestrator that fans out probes and assembles results (Joshua MARTINELLE contact@jomar.fr)
- 6f64322: feat: detect cipher preference, OCSP status and session resumption (Joshua MARTINELLE contact@jomar.fr)
- 4c3b7bd: feat: remove ROBOT, add Heartbleed/Lucky13/Ticketbleed heuristics (Joshua MARTINELLE contact@jomar.fr)
- dbf339b: feat: wire history into scanner and expose /api/v1/history (Joshua MARTINELLE contact@jomar.fr)
Fixes
- 8dce209: fix(ci): bump golangci-lint-action to v7 for golangci-lint v2 support (Joshua MARTINELLE contact@jomar.fr)
- 6be91e9: fix(custom): accept lowercase 'z' in security.txt Expires per RFC 3339 (Joshua MARTINELLE contact@jomar.fr)
- 1b813a8: fix(docs): use canonical case JoshuaMart/WebSec0 in repo URLs (Joshua MARTINELLE contact@jomar.fr)
- 52ee0ee: fix(scanner): probe headers on www-sibling when apex redirects off-host (Joshua MARTINELLE contact@jomar.fr)
- fed3a57: fix(web): polish landing recent strip and unify report row pattern (Joshua MARTINELLE contact@jomar.fr)
- 88a2862: fix(web): polish landing strip and report grade panel (Joshua MARTINELLE contact@jomar.fr)
Documentation
- dca9fbc: docs(readme): add project banner (Joshua MARTINELLE contact@jomar.fr)
- 6711361: docs(readme): add usage, self-host, configuration and architecture sections (Joshua MARTINELLE contact@jomar.fr)
- 7c52fd5: docs(skills): add websec0 SKILL.md for AI agents (Phase 12) (Joshua MARTINELLE contact@jomar.fr)
- df8b164: docs(todo): trim TODO down to the v1.1 outstanding work (Joshua MARTINELLE contact@jomar.fr)
- 06845cf: docs: add CLAUDE.md with project context for AI agents (Joshua MARTINELLE contact@jomar.fr)
- 8e23d5d: docs: add CONTRIBUTING.md stub focused on adding a new check (Joshua MARTINELLE contact@jomar.fr)
- 081bfc7: docs: check Phase 11 items completed by the Astro scaffold (Joshua MARTINELLE contact@jomar.fr)
- ec25f19: docs: initial README and v1 specifications (Joshua MARTINELLE contact@jomar.fr)
- 0fbacb5: docs: remove SPECIFICATIONS.md and absorb the SSRF model into CLAUDE.md (Joshua MARTINELLE contact@jomar.fr)
- f8ea881: docs: rewrite Phase 4 TODO to mirror the actual state of the TLS probe (Joshua MARTINELLE contact@jomar.fr)
CI / build
- 92a3767: ci(deps): Bump actions/checkout from 4.3.1 to 6.0.2 (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)
- 6ea3055: ci(deps): Bump actions/setup-node from 4.4.0 to 6.4.0 (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)
- 9144170: ci(deps): Bump golangci/golangci-lint-action from 7.0.1 to 9.2.0 (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)
- fecae41: ci(deps): Bump ossf/scorecard-action in the actions-minor-patch group (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)
- b69201b: ci(deps): Bump pnpm/action-setup from 4.3.0 to 6.0.8 (dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>)
- 3c7139f: ci(release): tagged-release pipeline via goreleaser + cosign + syft (Joshua MARTINELLE contact@jomar.fr)
- 36f09dd: ci: SHA-pin GitHub Actions + Docker base images, add dependabot (Joshua MARTINELLE contact@jomar.fr)
- bd3c3e0: ci: add Phase 14 quality gates — ci.yml, codeql.yml, scorecard.yml, SECURITY.md (Joshua MARTINELLE contact@jomar.fr)
Chores
- 1bb5c2c: chore(web): drop unused gradeRingClass and copyToClipboard helpers (Joshua MARTINELLE contact@jomar.fr)
- 19f06b3: chore: scaffold repo layout, Go module and build tooling (Joshua MARTINELLE contact@jomar.fr)
- 42cc90f: chore: strip dangling SPEC §X.Y citations from doc comments (Joshua MARTINELLE contact@jomar.fr)
Other changes
- 7607bf0: docs(readme) : Remove warning banner (Joshua MARTINELLE contact@jomar.fr)
Docker image — ghcr.io/joshuamart/websec0:v0.0.1 (linux/amd64 + linux/arm64).
Verifying release artefacts — the checksums.txt file and the
Docker manifest are signed with cosign keyless via Sigstore. To
verify the checksum signature:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/JoshuaMart/WebSec0/.github/workflows/release.yml@refs/tags/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--signature checksums.txt.sig \
checksums.txt