Skip to content

Releases: adnxy/rnsec

rnsec v1.1.0 - Major Feature Release

Choose a tag to compare

@adnxy adnxy released this 17 Jan 23:41

Important Improvements (community asked)

  • Path exclusion support: ability to exclude specific files and directories from scans
  • Incremental scanning via --changed-files for faster CI/CD security checks
  • Rule ignoring support through .rnsec.jsonc configuration
  • NPM dependency vulnerability scanning with visual badges and configurable options
  • Cleaner warnings output with improved formatting and readability
  • False positive fixes for:
    TEST_CREDENTIALS_IN_CODE (now requires quoted values)
    INSECURE_KEYCHAIN_USAGE edge cases
  • Improved debug context detection on Android (debugOptimized folders)
  • Better CI/CD documentation with updated GitHub Actions and EAS examples

Other

  • 16 new security rules with expanded coverage across Android, iOS, React Native, Network, Storage, and WebView
  • New high-severity detections for Android Keystore misuse, iOS Keychain misuse, missing root/jailbreak detection, missing runtime integrity checks, and unsafe deserialization
  • New medium-severity rules for sensitive data leaks in errors, insecure biometric fallbacks, missing network timeouts, weak TLS configuration, and insecure file storage
  • New privacy and hardening checks for excessive Android permissions, risky third-party SDKs, and missing WebView security headers
  • Context-aware detection improvements to reduce false positives and adjust severity based on real security impact
  • Rule cleanup: removed noisy and low-value checks that did not represent real vulnerabilities