Skip to content

Scanio v0.3.0

Latest
Latest

Choose a tag to compare

View all tags
@japroc japroc released this 06 May 05:54
· 153 commits to main since this release
v0.3.0
40ea843
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • Significantly extended the Global Scanio config with new directives for the HTTP client.
  • Added support for injecting environment variables directly into the config.
  • Introduced new Trufflehog3 directives to control default behavior:
    • Write default config to the repository root if specific config is missing.
    • Override existing configs regardless of their presence.
  • Renamed --vcs-url to --domain (not backward compatible).
  • Added support for SARIF and Markdown output formats for Thrufflehog3 plugin.
  • Introduced a new JSON output format for CI mode to support easy automation.
  • Fixed issues with SARIF report parsing and metadata enrichment
  • Fixed issues with incorrect command building when additional Trufflehog arguments are specified.
  • fetch command now supports --output to specify the directory for fetched results.
  • Introduced Build Rules via YAML to automatically compile rule sets from multiple repositories.
  • Added custom Scanio build script to create private builds with custom global config and rule sets.
  • Unified functionality across VCS plugins (except language search, which remains GitLab-only).
  • Added a new VCS URL parser, supporting a broader range of VCS URL formats.
  • integration-vcs now supports:
    • Attaching files.
    • Using comment templates.
  • Added support for custom HTML templates via --templates-path.
  • Removed deprecated commands: run and run2.
  • Rewritten list command with improved repository listing functionality.
    • Supports filtering by namespace or language (GitLab only).
  • Standardized metadata file naming:
    • User mode: <COMMAND_NAME>_<PLUGIN_NAME>
    • CI mode: <COMMAND_NAME>_<PLUGIN_NAME>_<TIMESTAMP>
  • Enhanced to-html command:
    • Better debug logging.
    • VCS-specific hyperlink support (e.g., GitHub, Bitbucket).
  • Improved HTML report template with visual refinements and dark theme.
  • Better error logging in CI mode.
  • Improved help messages across commands.
  • Makefile improvements for better usability.
  • Upgraded Golang from v1.19 to v1.23.
  • Dependency updates across the codebase.
  • Refactored major commands: integration-vcs, list, and analyse.
  • Major documentation update.

Contributors

@shikari-ac, @japroc

Full Changelog: v0.2.0...v0.3.0

Contributors

japroc and shikari-ac
Assets 2
Loading