Releases: Varpost/Scout
Release list
v0.1.7
What's Changed
- fix: scout-security entry-point alias so uvx scout-security works (0.1.7) by @tejaswirajgit in #64
Full Changelog: v0.1.6...v0.1.7
v0.1.6
What's Changed
- feat: ship composite GitHub Action (scan + SARIF upload) by @tejaswirajgit in #35
- feat: release workflow with PyPI trusted publishing by @tejaswirajgit in #36
- test: coverage floor at 75% + base/headers blind-spot tests by @tejaswirajgit in #37
- refactor: one canonical severity ordering; delete dead models by @tejaswirajgit in #38
- feat(deps): npm lockfile scanning via OSV — delete npm subprocess path by @tejaswirajgit in #39
- chore: release 0.1.5 by @tejaswirajgit in #40
- ci: bump softprops/action-gh-release from 2 to 3 by @dependabot[bot] in #41
- ci: bump actions/download-artifact from 7 to 8 by @dependabot[bot] in #42
- feat: wire the optional AI confirmation pass by @tejaswirajgit in #43
- feat: ship a Scout MCP server by @tejaswirajgit in #44
- feat(headers): security findings for Flask, Django, FastAPI by @tejaswirajgit in #45
- feat: honest language scoping by @tejaswirajgit in #46
- feat: lead with uvx zero-install + CI entry-point check by @tejaswirajgit in #47
- docs: document the Scout verify loop for AI assistants by @tejaswirajgit in #48
- docs: sync landing page with shipped reality by @tejaswirajgit in #49
- feat: delete the fix/validate/report stub commands (T3.4) by @tejaswirajgit in #50
- feat(secrets): detect current-format provider keys (T3.3a) by @tejaswirajgit in #51
- chore(mcp): official MCP registry manifest + ownership marker by @tejaswirajgit in #52
- feat: honor .gitignore in file collection (T3.2) by @tejaswirajgit in #53
- feat: Claude Code plugin manifest + marketplace (T2.7) by @tejaswirajgit in #54
- feat: /scout-scan slash command (T2.8) by @tejaswirajgit in #55
- docs: README plugin install section (T2.9) by @tejaswirajgit in #56
- docs: canonical per-host MCP setup table (T2.10) by @tejaswirajgit in #57
- feat: scout scan --watch (T2.12) by @tejaswirajgit in #58
- feat: scout scan --git-history — secrets in past commits (T2.13) by @tejaswirajgit in #59
- chore: gitignore SCOUT_VIDEO_PLAN.md (local-only doc) by @tejaswirajgit in #60
- chore: bump version to 0.1.6 (plugin-batch release) by @tejaswirajgit in #61
- feat: one-click MCP connect buttons + click-to-copy snippets (Connect Links Phase B) by @tejaswirajgit in #63
Full Changelog: v0.1.4...v0.1.6
v0.1.3 — fewer false positives
Patch release — accuracy/false-positive reduction, driven by real-world testing on a Flask/Supabase backend (which had returned 4 findings, all false positives).
Fixed
- secrets: placeholder/prose values no longer flagged for freeform patterns (e.g.
password="(sent to user email)",api_key="<your key>"). Strict provider-format keys (AWS/GitHub/Stripe) are unaffected. - headers / CSRF: now a single project-level finding, and only when cookie/session/form auth is present — token/Bearer JSON APIs are no longer falsely flagged.
- headers: snippet comment style matches the file language (
#for Python). - reporter: fixed stale
tejaswirajgit→Varpostlink in the report footer. - docs: website documents the
--format markdown|ai-prompt|jsonoutput layers; fixed links and version. (#13)
Real-world false-positive input now yields 0 findings; real secrets + genuine session apps still detected. 29 tests, ruff + mypy clean.
git checkout v0.1.3 to restore this state.
Full changelog: v0.1.2...v0.1.3
v0.1.2 — Windows crash fix
Patch release.
Fixed
- Windows crash:
scout scanno longer dies withUnicodeEncodeErroron Windows consoles/pipes (cp1252 couldn't encode the progress spinner glyphs and severity emoji). stdout/stderr are now forced to UTF-8 at startup. (#12)
Notes
- First version intended for PyPI publishing.
To roll back to this exact state: git checkout v0.1.2
Full changelog: v0.1.1...v0.1.2
v0.1.1 — first release
First tagged release of Scout — your restore point.
A free, local, no-signup security scanner: it finds vulnerabilities in your code and frames them for your own AI to fix.
Highlights
- Four scanners:
secrets,injection,headers,deps(JS/TS + Python). - Three output layers (
scout scan --format ...):markdown(default) — human-readable reportai-prompt— ready-to-paste prompts for Cursor / Claude / Copilotjson— machine-readable; pipes clean to stdout (scout scan . --format json | jq)
- No LLM required in the scan path — fully offline and free.
Install
pip install scout-security
scout scan ./my-projectRestore
To roll back to this exact state:
git checkout v0.1.1Full changelog: https://github.com/Varpost/Scout/commits/v0.1.1