Skip to content

Releases: sanks205/getobserver

Observer v0.2.0 — finds and shows the fix + offline mode

Choose a tag to compare

@sanks205 sanks205 released this 08 Jul 18:41
345e5f3

Observer v0.2.0

The headline: every finding now ships with a concrete before→after fix, and Observer's
offline promise is now enforceable. Plus broader language coverage and optional engine
integrations. Still a single, self-contained binary — no runtime, no account, no telemetry.

✨ Highlights

  • Finds and shows the fix. Every finding in the HTML report now includes a collapsible
    "Suggested fix" with a before→after code example — no --ai and no API key required.
    It's deterministic, offline guidance about the issue class (it never fabricates specifics).
  • --assert-offline — a guaranteed air-gapped mode. Refuses any network-touching flag
    (--cve/--email/--slack/--teams/--webhook) and forces the AI layer to its local
    heuristic, printing Offline mode: no network I/O. Ideal for finance/health/gov or auditing
    a client's code under NDA — the code stays on the machine, and you can evidence it.
  • Multi-language static rules — native security rules for PHP, JS/TS, Python, Java, and
    Ruby
    (secrets, injection, XSS, command exec, insecure deserialization, weak crypto,
    dangerous config), each tagged CWE/OWASP.
  • Optional engine wrappers — auto-detects Semgrep, PHPStan, Bandit, and gosec if
    present and folds their findings into the same report. Absent? They're silently skipped;
    the single-binary, offline promise holds.

🛠 Improvements & fixes

  • Fewer false positives: matching is now trailing-comment aware, so trigger words inside
    comments no longer flag.
  • Expanded remediation coverage (incl. CSRF and empty-encryption-key classes).
  • Report polish and score/CWE/OWASP mapping refinements.

📦 Install

Download the binary for your OS below and run it — nothing else to install.

OS File
Windows (x64) observer_windows_amd64.exe
Windows (ARM) observer_windows_arm64.exe
macOS (Apple Silicon) observer_darwin_arm64
macOS (Intel) observer_darwin_amd64
Linux (x64) observer_linux_amd64
Linux (ARM) observer_linux_arm64

On macOS/Linux: chmod +x observer_*. Verify downloads against SHA256SUMS.txt.

observer analyze ./your-project --out report.html

Free and MIT. Optional one-time Observer Pro add-ons (branded PDF, scheduled scans,
premium framework rules) are available separately.

Feedback welcome — especially on false positives and which rules/languages to add next.

Observer v0.1.0

Choose a tag to compare

@sanks205 sanks205 released this 25 Jun 20:34
e79e9dc

First public release of Observer — a zero-setup, offline CLI that scans a
codebase and produces one production-health report.

What's in it

  • Static analysis — secrets, SQL injection, XSS, SSRF, path traversal, insecure
    deserialization, weak crypto, dangerous config (CWE / OWASP tagged)
  • Technology detection — language, framework, database, infrastructure
  • Runtime errors — via the drop-in observer-agent
  • Log analysis — frequency, repeated failures, likely causes
  • Dependency CVEs--cve (OSV.dev: PHP / npm / PyPI / Go)
  • AI explanations — root cause, impact, fix (bring-your-own key, or offline mode)
  • Scoring — Security + Code Health grades (A–F), est. fix effort
  • Reports — self-contained HTML, plus SARIF / JSON / CSV export
  • CI-ready — quality gate (exit codes), baseline ("new issues only"), GitHub Action
  • Local dashboardobserver serve

Install

Download the binary for your OS below and run it. No runtime, no dependencies.

OS File
Windows observer_windows_amd64.exe
macOS (Apple Silicon) observer_darwin_arm64
macOS (Intel) observer_darwin_amd64
Linux observer_linux_amd64 / observer_linux_arm64

On macOS/Linux: chmod +x observer_* (optionally rename to observer).

Quick start