Skip to content

v0.18.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 23 Jun 10:58
v0.18.0
dc320a0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Docker images

Pull the matching ghcr.io tag:

docker pull ghcr.io/cloudfieldcz/shieldoo-gate:0.18.0
docker pull ghcr.io/cloudfieldcz/scanner-bridge:0.18.0

Image pages:

shdg CLI

Push-from-CI client. Pre-built for Linux, macOS, and Windows:

OS Arch Archive
Linux x86_64 shdg-0.18.0-linux-amd64.tar.gz
Linux aarch64 shdg-0.18.0-linux-arm64.tar.gz
macOS Intel shdg-0.18.0-darwin-amd64.tar.gz
macOS Apple Silicon shdg-0.18.0-darwin-arm64.tar.gz
Windows x86_64 shdg-0.18.0-windows-amd64.zip

shdg version reports 0.18.0 to match the Docker tag.
Verify archive integrity with SHA256SUMS (also attached).

Supply-chain security

All artifacts are signed and carry SLSA build provenance (keyless, via GitHub OIDC + Sigstore).

  • Images — cosign signature + SLSA provenance + CycloneDX SBOM attached as OCI referrers: 
    cosign verify ghcr.io/cloudfieldcz/shieldoo-gate:0.18.0 \
  --certificate-identity-regexp 'https://github.com/cloudfieldcz/.+' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com
gh attestation verify oci://ghcr.io/cloudfieldcz/shieldoo-gate:0.18.0 --repo cloudfieldcz/shieldoo-gate
  • shdg binaries — SLSA provenance: gh attestation verify shdg-0.18.0-linux-amd64.tar.gz --repo cloudfieldcz/shieldoo-gate
  • SBOMs — the CycloneDX SBOMs dogfooded through the gate are attached (*.cdx.json) with a detached cosign bundle (*.cdx.json.cosign.bundle): 
    cosign verify-blob --bundle sbom-gate.cdx.json.cosign.bundle \
  --certificate-identity-regexp 'https://github.com/cloudfieldcz/.+' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com sbom-gate.cdx.json

Changes (v0.17.0…v0.18.0)

  • test(ui): standalone Playwright visual-regression + flow suite (#74) (dc320a0)
  • fix(cache): validate name components in LocalCacheStore.Delete (#73) (43df7d2)
  • fix(e2e): restore dependency consistency broken by dependabot merges (#72) (1ea7112)
  • chore(ui): major frontend upgrades — React 19, TS 6, Tailwind 4, recharts 3 (#71) (1bf23d6)
  • chore(deps): bump lucide-react from 0.383.0 to 1.21.0 in /ui (#48) (980f844)
  • chore(deps): bump openai from 1.82.0 to 2.43.0 in /scanner-bridge (#49) (d0101af)
  • build(docker): bump ubuntu from 24.04 to 26.04 in /tests/e2e-shell (#54) (af9ec75)
  • build(docker): bump alpine from 3.20.10 to 3.24.1 in /docker (#52) (f4fba50)
  • build(docker): bump node in /docker (#50) (7d87518)
  • build(deps): bump pydantic-settings in /scanner-bridge (#33) (f7446d9)
  • chore(deps): bump the gomod-minor-patch group across 1 directory with 20 updates (#62) (894b5a9)
  • chore(deps): bump python-multipart in /scanner-bridge (#61) (0861cd0)
  • chore(deps): bump pytest from 9.0.3 to 9.1.1 in /scanner-bridge (#58) (b26bcf4)
  • chore(deps): bump bundled Trivy to 0.71.2 across shdg CLI + docs (#70) (1821e2b)
  • chore(deps): bump grpcio from 1.68.1 to 1.81.1 in /scanner-bridge (#63) (bafefe0)
  • chore(deps): bump idna from 3.15 to 3.18 in /scanner-bridge (#60) (1538e98)
  • chore(deps): bump cryptography from 48.0.1 to 49.0.0 in /scanner-bridge (#59) (93e86bc)
  • chore(deps): bump pytest-asyncio from 1.3.0 to 1.4.0 in /scanner-bridge (#57) (8178901)
  • build(docker): bump aquasec/trivy from 0.71.1 to 0.71.2 in /docker (#38) (28a6f7d)
  • build(ci): bump actions/upload-artifact from 4.6.2 to 7.0.1 (#44) (5e13764)
  • build(ci): bump actions/checkout from 4.3.1 to 7.0.0 (#43) (405ab49)
  • build(ci): bump actions/download-artifact from 4.3.0 to 8.0.1 (#42) (c6eeb29)
  • build(ci): bump actions/setup-go from 5.6.0 to 6.4.0 (#41) (b080307)
  • build(ci): bump docker/login-action from 3.7.0 to 4.2.0 (#40) (82f3fd7)
  • build(ci): bump docker/setup-buildx-action from 3.12.0 to 4.1.0 (#39) (9c1920c)
  • build(ci): bump softprops/action-gh-release from 2.6.2 to 3.0.1 (#37) (da93672)
  • build(ci): bump docker/build-push-action from 6.19.2 to 7.2.0 (#36) (217e75f)
  • build(ci): bump docker/metadata-action from 5.10.0 to 6.1.0 (#35) (01d7e47)
  • chore(deps): bump the npm-minor-patch group across 1 directory with 5 updates (#45) (f9abb55)
  • docs(plan): close out security-hardening plan (T15 done, all 15 complete) (#69) (f1d112d)
  • ci(security): SLSA provenance + keyless cosign signing for releases (T7) (#68) (4751bf4)
  • feat(shdg): add --sbom-output to persist the uploaded SBOM (T7 prep) (#67) (e5b29b9)
  • docs(community): add CONTRIBUTING, CODE_OF_CONDUCT, issue/PR templates (T12-T14) (#66) (a808446)
  • ci(security): OpenSSF Scorecard workflow + README badge (T8) (#65) (e87897c)
  • ci(security): add PR CI + CodeQL/govulncheck, wire up UI eslint (T3+T4) (#64) (beb4564)
  • chore(ci): add CODEOWNERS + Dependabot (security hardening T2) (#34) (c85780b)
  • cleanup plans (2b25e56)
Assets 18
Loading