Shield v0.3.0 — Full Multi-Ecosystem Support
What's New
Shield now supports 12 package managers across 7 languages with 72 Semgrep rules.
New Ecosystems
| Ecosystem | Vulnerability Audit | Outdated Check | SAST Rules |
|---|---|---|---|
| Go | govulncheck | go list -m -u | 10 rules |
| Ruby | bundle-audit | bundle outdated | 10 rules |
| Rust | cargo-audit | cargo-outdated | 8 rules |
| Java | OWASP dependency-check (Maven/Gradle) | mvn versions / gradle dependencyUpdates | 10 rules |
| C#/.NET | dotnet list --vulnerable | dotnet list --outdated | -- |
| Bun | Graceful fallback | Graceful fallback | -- |
New Semgrep Rules (28 added, 72 total)
- go.yaml (10): SQL injection, command injection, SSRF, insecure TLS, hardcoded credentials, weak crypto, path traversal, unhandled errors, open redirect, race conditions
- ruby.yaml (10): SQL injection, command injection, mass assignment, open redirect, XSS, insecure deserialization, hardcoded secrets, path traversal, CSRF disabled, weak session
- rust.yaml (8): SQL injection, command injection, unsafe blocks, hardcoded secrets, insecure TLS, path traversal, panic unwrap, weak random
- java.yaml (10): SQL injection, command injection, path traversal, XXE, insecure deserialization, hardcoded credentials, weak crypto, SSRF, open redirect, CSRF disabled
Polyglot Project Support
detect-stack.sh now outputs all_package_managers as a JSON array, enabling full coverage for projects that use multiple ecosystems (e.g., Node.js frontend + Python backend).
Extended Tool Detection
check-prereqs.shvalidates 15 tools (was 7): added govulncheck, bundle-audit, cargo-audit, cargo-outdated, trivy, dotnet, maven, gradleinstall.shinstalls new ecosystem tools automatically where possible