v1.2.0 β Web Dashboard, 11 Languages, CI/CD Suite
What's new in v1.2.0
π Web Dashboard
--serveβ Opens a live interactive browser dashboard with health gauge, donut chart, filterable/sortable findings, category bar chart, and Export JSON button
π 4 New Languages (11 total)
- Ruby β complexity, God classes, SQL injection, eval, frozen_string_literal
- PHP β complexity, SQL injection, MD5 passwords, system(), strict_types
- Swift β complexity, force-unwrap overuse, callback pyramid, mixed concurrency
- Kotlin β complexity, !! overuse, GlobalScope, runBlocking
π CI/CD Suite
--junit/--junit-fileβ JUnit XML for Jenkins, GitLab CI, Bitbucket Pipelines--sarif/--sarif-fileβ SARIF for GitHub Code Scanning--pr-commentβ Post report as GitHub PR comment--init-ciβ Generate.github/workflows/roast.ymlin one command--fail-on-regressionβ Fail CI if health score dropped vs last snapshot--install-hooksβ Git pre-commit hook installer
β‘ Performance
- 3-5x faster β All core scanners now run in parallel with
Promise.all
π Plugin System
- Plugins now actually run on every scan
--list-pluginsβ Show configured plugins with load status--init-plugin <name>β Scaffold a new plugin package
π¦ Monorepo Support
--monorepoβ Scan each workspace package separately (npm/yarn/pnpm/lerna/nx)
π More Features
--initβ Interactive wizard to generate.roastrc.json--hotmapβ ASCII directory tree with issue density per folder.roastignoreβ Exclude files/folders from all scans--incremental/--since <ref>β Only scan changed files--html-fileβ Standalone HTML report with charts- Dependency health scanner β
npm auditCVEs +npm outdatedstale packages
π Security
- Path traversal fix in
--init-plugin - Symlink loop protection (
followSymbolicLinks: false) across all scanners - Markdown injection prevention in PR comments
- Package name validation in auto-fix uninstall
- Dependabot configured for weekly dependency updates
Full changelog
See commit history for details.