Skip to content

v1.2.0 β€” Web Dashboard, 11 Languages, CI/CD Suite

Choose a tag to compare

@rahuldk1105 rahuldk1105 released this 27 Jun 12:49

What's new in v1.2.0

🌐 Web Dashboard

  • --serve β€” Opens a live interactive browser dashboard with health gauge, donut chart, filterable/sortable findings, category bar chart, and Export JSON button

🌍 4 New Languages (11 total)

  • Ruby β€” complexity, God classes, SQL injection, eval, frozen_string_literal
  • PHP β€” complexity, SQL injection, MD5 passwords, system(), strict_types
  • Swift β€” complexity, force-unwrap overuse, callback pyramid, mixed concurrency
  • Kotlin β€” complexity, !! overuse, GlobalScope, runBlocking

πŸ”„ CI/CD Suite

  • --junit / --junit-file β€” JUnit XML for Jenkins, GitLab CI, Bitbucket Pipelines
  • --sarif / --sarif-file β€” SARIF for GitHub Code Scanning
  • --pr-comment β€” Post report as GitHub PR comment
  • --init-ci β€” Generate .github/workflows/roast.yml in one command
  • --fail-on-regression β€” Fail CI if health score dropped vs last snapshot
  • --install-hooks β€” Git pre-commit hook installer

⚑ Performance

  • 3-5x faster β€” All core scanners now run in parallel with Promise.all

πŸ”Œ Plugin System

  • Plugins now actually run on every scan
  • --list-plugins β€” Show configured plugins with load status
  • --init-plugin <name> β€” Scaffold a new plugin package

πŸ“¦ Monorepo Support

  • --monorepo β€” Scan each workspace package separately (npm/yarn/pnpm/lerna/nx)

πŸ—‚ More Features

  • --init β€” Interactive wizard to generate .roastrc.json
  • --hotmap β€” ASCII directory tree with issue density per folder
  • .roastignore β€” Exclude files/folders from all scans
  • --incremental / --since <ref> β€” Only scan changed files
  • --html-file β€” Standalone HTML report with charts
  • Dependency health scanner β€” npm audit CVEs + npm outdated stale packages

πŸ”’ Security

  • Path traversal fix in --init-plugin
  • Symlink loop protection (followSymbolicLinks: false) across all scanners
  • Markdown injection prevention in PR comments
  • Package name validation in auto-fix uninstall
  • Dependabot configured for weekly dependency updates

Full changelog

See commit history for details.