Observer v0.1.0
First public release of Observer — a zero-setup, offline CLI that scans a
codebase and produces one production-health report.
What's in it
- Static analysis — secrets, SQL injection, XSS, SSRF, path traversal, insecure
deserialization, weak crypto, dangerous config (CWE / OWASP tagged) - Technology detection — language, framework, database, infrastructure
- Runtime errors — via the drop-in
observer-agent - Log analysis — frequency, repeated failures, likely causes
- Dependency CVEs —
--cve(OSV.dev: PHP / npm / PyPI / Go) - AI explanations — root cause, impact, fix (bring-your-own key, or offline mode)
- Scoring — Security + Code Health grades (A–F), est. fix effort
- Reports — self-contained HTML, plus SARIF / JSON / CSV export
- CI-ready — quality gate (exit codes), baseline ("new issues only"), GitHub Action
- Local dashboard —
observer serve
Install
Download the binary for your OS below and run it. No runtime, no dependencies.
| OS | File |
|---|---|
| Windows | observer_windows_amd64.exe |
| macOS (Apple Silicon) | observer_darwin_arm64 |
| macOS (Intel) | observer_darwin_amd64 |
| Linux | observer_linux_amd64 / observer_linux_arm64 |
On macOS/Linux: chmod +x observer_* (optionally rename to observer).