Releases: adnxy/rnsec
Releases · adnxy/rnsec
Release list
rnsec v1.1.0 - Major Feature Release
Important Improvements (community asked)
- Path exclusion support: ability to exclude specific files and directories from scans
- Incremental scanning via --changed-files for faster CI/CD security checks
- Rule ignoring support through .rnsec.jsonc configuration
- NPM dependency vulnerability scanning with visual badges and configurable options
- Cleaner warnings output with improved formatting and readability
- False positive fixes for:
TEST_CREDENTIALS_IN_CODE (now requires quoted values)
INSECURE_KEYCHAIN_USAGE edge cases - Improved debug context detection on Android (debugOptimized folders)
- Better CI/CD documentation with updated GitHub Actions and EAS examples
Other
- 16 new security rules with expanded coverage across Android, iOS, React Native, Network, Storage, and WebView
- New high-severity detections for Android Keystore misuse, iOS Keychain misuse, missing root/jailbreak detection, missing runtime integrity checks, and unsafe deserialization
- New medium-severity rules for sensitive data leaks in errors, insecure biometric fallbacks, missing network timeouts, weak TLS configuration, and insecure file storage
- New privacy and hardening checks for excessive Android permissions, risky third-party SDKs, and missing WebView security headers
- Context-aware detection improvements to reduce false positives and adjust severity based on real security impact
- Rule cleanup: removed noisy and low-value checks that did not represent real vulnerabilities