v0.53.0

Changelog

Engine and CLI

• 87870b6: feat(website): visual-first redesign using brand banner (#170) (@HikaruEgashira)
• 80e3ecd: feat: add project website deployed via GitHub Pages (#169) (@HikaruEgashira)

Bug fixes

• 1caa5ed: fix(pii): repair anonymize engine bootstrap; docs: add measured comparison vs trufflehog/gitleaks (#172) (@HikaruEgashira)
• 00c339b: fix(website): align demo output with real CLI format, untangle chips taxonomy (#171) (@HikaruEgashira)

Other

• 1b6b41b: add pii detection docs (#168) (@HikaruEgashira)
• 4a38050: chore: roll changelog for v0.53.0 (#173) (@HikaruEgashira)

---

checksums.txt is signed with Sigstore keyless (cosign). Verify with:

cosign verify-blob checksums.txt \
  --bundle checksums.txt.sigstore.json \
  --certificate-identity-regexp \
    'https://github.com/plenoai/pleno-dlp/.github/workflows/release.yml@refs/tags/.*' \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com

Or verify checksums only (no cryptographic signing):

sha256sum -c checksums.txt

Build-provenance attestations (gh attestation verify) require a
public repo or GHAS and are skipped while this repo is private.