Skip to content

v0.20.0

Latest

Choose a tag to compare

@github-actions github-actions released this 17 Jul 05:17
69101f2

Added

  • draugr diff <base.sarif> <head.sarif> — compare two scans and classify every finding as
    new / fixed / unchanged, with a delta by severity and priority. The headline use case is a
    PR's security impact vs its base branch. Adds a differential gate (--fail-on-new /
    --fail-on-new-priority) that fails a build only for findings the change introduces, not the
    pre-existing backlog — so gating stays adoptable. Renders as console, markdown (a ready-made
    MR comment), or json. Findings are matched line-insensitively, so carried-over findings that
    merely moved lines aren't reported as fixed + new.
  • Two more draugr scan --format outputs. html renders a self-contained, browser-viewable
    report (inline CSS, no assets) you can publish as a build artifact; junit emits JUnit XML so
    CI systems (GitLab, Jenkins, Azure DevOps…) surface findings in their native test-results panel
    — one <testsuite> per control, one failing <testcase> per finding. Both plug into the same
    Reporter interface as console/markdown/json/sarif.