Releases: sanks205/getobserver
Release list
Observer v0.2.0 — finds and shows the fix + offline mode
Observer v0.2.0
The headline: every finding now ships with a concrete before→after fix, and Observer's
offline promise is now enforceable. Plus broader language coverage and optional engine
integrations. Still a single, self-contained binary — no runtime, no account, no telemetry.
✨ Highlights
- Finds and shows the fix. Every finding in the HTML report now includes a collapsible
"Suggested fix" with a before→after code example — no--aiand no API key required.
It's deterministic, offline guidance about the issue class (it never fabricates specifics). --assert-offline— a guaranteed air-gapped mode. Refuses any network-touching flag
(--cve/--email/--slack/--teams/--webhook) and forces the AI layer to its local
heuristic, printingOffline mode: no network I/O.Ideal for finance/health/gov or auditing
a client's code under NDA — the code stays on the machine, and you can evidence it.- Multi-language static rules — native security rules for PHP, JS/TS, Python, Java, and
Ruby (secrets, injection, XSS, command exec, insecure deserialization, weak crypto,
dangerous config), each tagged CWE/OWASP. - Optional engine wrappers — auto-detects Semgrep, PHPStan, Bandit, and gosec if
present and folds their findings into the same report. Absent? They're silently skipped;
the single-binary, offline promise holds.
🛠 Improvements & fixes
- Fewer false positives: matching is now trailing-comment aware, so trigger words inside
comments no longer flag. - Expanded remediation coverage (incl. CSRF and empty-encryption-key classes).
- Report polish and score/CWE/OWASP mapping refinements.
📦 Install
Download the binary for your OS below and run it — nothing else to install.
| OS | File |
|---|---|
| Windows (x64) | observer_windows_amd64.exe |
| Windows (ARM) | observer_windows_arm64.exe |
| macOS (Apple Silicon) | observer_darwin_arm64 |
| macOS (Intel) | observer_darwin_amd64 |
| Linux (x64) | observer_linux_amd64 |
| Linux (ARM) | observer_linux_arm64 |
On macOS/Linux: chmod +x observer_*. Verify downloads against SHA256SUMS.txt.
observer analyze ./your-project --out report.htmlFree and MIT. Optional one-time Observer Pro add-ons (branded PDF, scheduled scans,
premium framework rules) are available separately.
Feedback welcome — especially on false positives and which rules/languages to add next.
Observer v0.1.0
First public release of Observer — a zero-setup, offline CLI that scans a
codebase and produces one production-health report.
What's in it
- Static analysis — secrets, SQL injection, XSS, SSRF, path traversal, insecure
deserialization, weak crypto, dangerous config (CWE / OWASP tagged) - Technology detection — language, framework, database, infrastructure
- Runtime errors — via the drop-in
observer-agent - Log analysis — frequency, repeated failures, likely causes
- Dependency CVEs —
--cve(OSV.dev: PHP / npm / PyPI / Go) - AI explanations — root cause, impact, fix (bring-your-own key, or offline mode)
- Scoring — Security + Code Health grades (A–F), est. fix effort
- Reports — self-contained HTML, plus SARIF / JSON / CSV export
- CI-ready — quality gate (exit codes), baseline ("new issues only"), GitHub Action
- Local dashboard —
observer serve
Install
Download the binary for your OS below and run it. No runtime, no dependencies.
| OS | File |
|---|---|
| Windows | observer_windows_amd64.exe |
| macOS (Apple Silicon) | observer_darwin_arm64 |
| macOS (Intel) | observer_darwin_amd64 |
| Linux | observer_linux_amd64 / observer_linux_arm64 |
On macOS/Linux: chmod +x observer_* (optionally rename to observer).