v0.2.0
Immutable
release. Only release title and notes can be modified.
Changelog
- 085307c release: revert egress to audit mode (block broke on the syft download host)
- 7923b16 ci: add explicit contents:read to codeql/scorecard jobs
- 03a70d4 security: L5 + supply-chain hardening, lint in CI, durability
- 5a84fc3 security: address remaining audit items (M1-M4, L1-L4, hardening)
- fb3c2e5 test: expand error-path + branch coverage; gate at 90%
- 5981ddb security: validate secret names (H1) + block agent self-approval (H2)
- ba804f3 feat: JSON output, shell completion, and multi-recipient/teams
- 318505d feat: TTL / ephemeral secrets (--ttl, --expires-at)
- ff32422 release: draft → publish flow for immutable releases
- 78a1a34 release: upload cosign certificate (.pem) alongside checksums signature
- be99037 ci(scorecard): add workflow_dispatch for on-demand runs