v0.49.0

Changelog

Engine and CLI

• a8cf5a2: feat: scan changed github resources incrementally (@HikaruEgashira)

Other

• 09f0b1e: Merge pull request #163 from plenoai/codex/github-granular-incremental (@HikaruEgashira)

---

checksums.txt is signed with Sigstore keyless (cosign). Verify with:

cosign verify-blob checksums.txt \
  --bundle checksums.txt.sigstore.json \
  --certificate-identity-regexp \
    'https://github.com/plenoai/pleno-dlp/.github/workflows/release.yml@refs/tags/.*' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com

Or verify checksums only (no cryptographic signing):

sha256sum -c checksums.txt

Build-provenance attestations (gh attestation verify) require a
public repo or GHAS and are skipped while this repo is private.