Skip to content

v8.0.0 — Slack/Teams, GitHub Issues, DAST, Scorecard, License, Supply Chain, PR Diff, Trend, False Positive Suppression

Latest

Choose a tag to compare

@OmarRao OmarRao released this 24 Jun 14:11

What's New in v8.0.0

Notification Integrations

  • Slack — post scan summaries to channels via incoming webhooks (--slack-webhook)
  • Microsoft Teams — adaptive card summaries (--teams-webhook)
  • GitHub Issues — auto-create labelled, deduplicated issues for ERROR findings (--create-issues)

Advanced Scanning

  • OpenSSF Scorecard — repo security scorecard via CLI or public REST API (--scorecard)
  • DAST — Nuclei + OWASP ZAP baseline scanning against live URLs (--dast-url)
  • License Compliance — classify dependency licenses by copyleft risk (--license-scan)
  • Supply Chain — dependency confusion + typosquatting detection (--supply-chain)
  • PR Diff Mode — scan only changed files vs base branch, ideal for CI (--pr-diff)

Workflow and Reporting

  • Trend Tracking — SVG sparkline of findings over time appended to trend.jsonl
  • False Positive Suppression — accept-risk workflow with .secscope-suppressions.json
  • GitHub Actions CI — .github/workflows/secscope.yml self-scans on push and uploads SARIF
  • UI — new /api/trend and /api/suppress REST endpoints; all new options in the scan wizard