Releases
v8.0.0
v8.0.0 — Slack/Teams, GitHub Issues, DAST, Scorecard, License, Supply Chain, PR Diff, Trend, False Positive Suppression
Latest
Compare
Sorry, something went wrong.
No results found
What's New in v8.0.0
Notification Integrations
Slack — post scan summaries to channels via incoming webhooks (--slack-webhook)
Microsoft Teams — adaptive card summaries (--teams-webhook)
GitHub Issues — auto-create labelled, deduplicated issues for ERROR findings (--create-issues)
Advanced Scanning
OpenSSF Scorecard — repo security scorecard via CLI or public REST API (--scorecard)
DAST — Nuclei + OWASP ZAP baseline scanning against live URLs (--dast-url)
License Compliance — classify dependency licenses by copyleft risk (--license-scan)
Supply Chain — dependency confusion + typosquatting detection (--supply-chain)
PR Diff Mode — scan only changed files vs base branch, ideal for CI (--pr-diff)
Workflow and Reporting
Trend Tracking — SVG sparkline of findings over time appended to trend.jsonl
False Positive Suppression — accept-risk workflow with .secscope-suppressions.json
GitHub Actions CI — .github/workflows/secscope.yml self-scans on push and uploads SARIF
UI — new /api/trend and /api/suppress REST endpoints; all new options in the scan wizard
You can’t perform that action at this time.