WebSec0 v0.0.6
Multi-arch binaries and a distroless Docker image. The binary embeds
the Astro frontend; running ./websec0 exposes the UI on :8080.
Changelog
Features
- 4db2a9f: feat(tls): make scan ban-resilient against WAFs that fingerprint legacy ClientHellos (@JoshuaMart)
Fixes
- c1f7931: fix(tls): never marshal nil slices as JSON null in TLSReport (@JoshuaMart)
Docker image — ghcr.io/joshuamart/websec0:v0.0.6 (linux/amd64 + linux/arm64).
Verifying release artefacts — the checksums.txt file and the
Docker manifest are signed with cosign keyless via Sigstore. The
checksum signature is published in the new self-contained Sigstore
bundle format (signature + certificate + transparency log entry in
one file). Verify with cosign >= 2.5:
cosign verify-blob \
--certificate-identity-regexp 'https://github.com/JoshuaMart/WebSec0/.github/workflows/release.yml@refs/tags/' \
--certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
--bundle checksums.txt.sig \
checksums.txtContributors
JoshuaMart