Skip to content

Releases: Varpost/Scout

v0.1.7

Choose a tag to compare

@github-actions github-actions released this 14 Jul 17:10
0a87e8d

What's Changed

  • fix: scout-security entry-point alias so uvx scout-security works (0.1.7) by @tejaswirajgit in #64

Full Changelog: v0.1.6...v0.1.7

v0.1.6

Choose a tag to compare

@github-actions github-actions released this 14 Jul 16:10
9fd5edd

What's Changed

Full Changelog: v0.1.4...v0.1.6

v0.1.3 — fewer false positives

Choose a tag to compare

@tejaswirajgit tejaswirajgit released this 15 Jun 14:57
1880e5c

Patch release — accuracy/false-positive reduction, driven by real-world testing on a Flask/Supabase backend (which had returned 4 findings, all false positives).

Fixed

  • secrets: placeholder/prose values no longer flagged for freeform patterns (e.g. password="(sent to user email)", api_key="<your key>"). Strict provider-format keys (AWS/GitHub/Stripe) are unaffected.
  • headers / CSRF: now a single project-level finding, and only when cookie/session/form auth is present — token/Bearer JSON APIs are no longer falsely flagged.
  • headers: snippet comment style matches the file language (# for Python).
  • reporter: fixed stale tejaswirajgitVarpost link in the report footer.
  • docs: website documents the --format markdown|ai-prompt|json output layers; fixed links and version. (#13)

Real-world false-positive input now yields 0 findings; real secrets + genuine session apps still detected. 29 tests, ruff + mypy clean.

git checkout v0.1.3 to restore this state.

Full changelog: v0.1.2...v0.1.3

v0.1.2 — Windows crash fix

Choose a tag to compare

@tejaswirajgit tejaswirajgit released this 15 Jun 14:09
db7753d

Patch release.

Fixed

  • Windows crash: scout scan no longer dies with UnicodeEncodeError on Windows consoles/pipes (cp1252 couldn't encode the progress spinner glyphs and severity emoji). stdout/stderr are now forced to UTF-8 at startup. (#12)

Notes

  • First version intended for PyPI publishing.

To roll back to this exact state: git checkout v0.1.2

Full changelog: v0.1.1...v0.1.2

v0.1.1 — first release

Choose a tag to compare

@tejaswirajgit tejaswirajgit released this 15 Jun 13:23
ad52754

First tagged release of Scout — your restore point.

A free, local, no-signup security scanner: it finds vulnerabilities in your code and frames them for your own AI to fix.

Highlights

  • Four scanners: secrets, injection, headers, deps (JS/TS + Python).
  • Three output layers (scout scan --format ...):
    • markdown (default) — human-readable report
    • ai-prompt — ready-to-paste prompts for Cursor / Claude / Copilot
    • json — machine-readable; pipes clean to stdout (scout scan . --format json | jq)
  • No LLM required in the scan path — fully offline and free.

Install

pip install scout-security
scout scan ./my-project

Restore

To roll back to this exact state:

git checkout v0.1.1

Full changelog: https://github.com/Varpost/Scout/commits/v0.1.1