v0.47.0
Changelog
New detectors
- 92615d5: feat(detectors): add context-extraction Verify to 10 Shai-Hulud-targeted detectors (#155) (@HikaruEgashira)
Engine and CLI
- 456189b: feat(connectors): add SIEM category — Datadog, Splunk, BigQuery, Redash (#157) (@HikaruEgashira)
- 44ad9d1: feat(piidb): add cross-finding PIIDB candidate detection and severity escalation (#156) (@HikaruEgashira)
- 0e5cc3a: feat: add S3 source connector (#158) (@HikaruEgashira)
- 8a01902: feat: add sqldump source connector for database dump scanning (#159) (@HikaruEgashira)
- cdbd51f: feat: add verified-only scan output (@HikaruEgashira)
- 50f97c0: feat: fingerprint github scans (@HikaruEgashira)
- 46537d6: feat: support github pat revoke (@HikaruEgashira)
Other
- 3e5fcb5: Merge pull request #161 from plenoai/codex/pleno-dlp-migration-foundation (@HikaruEgashira)
- 0b22ff4: ci: enable required status checks and build-provenance attestation (#160) (@HikaruEgashira)
- dbb776a: docs: add repository banner (@HikaruEgashira)
- 4c2c121: docs: simplify README entrypoints (@HikaruEgashira)
- f05c357: docs: trim PII section in README (@HikaruEgashira)
- 00e3f61: slim comment (@HikaruEgashira)
checksums.txt is signed with Sigstore keyless (cosign). Verify with:
cosign verify-blob checksums.txt \
--bundle checksums.txt.sigstore.json \
--certificate-identity-regexp \
'https://github.com/plenoai/pleno-dlp/.github/workflows/release.yml@refs/tags/.*' \
--certificate-oidc-issuer https://token.actions.githubusercontent.com
Or verify checksums only (no cryptographic signing):
sha256sum -c checksums.txt
Build-provenance attestations (gh attestation verify) require a
public repo or GHAS and are skipped while this repo is private.
Contributors
HikaruEgashira