v0.8.0

Added

• Full State of Docker Compose Security report content in
  docs/state-of-compose.md — an empirical study of security
  misconfigurations across a 6,444-file corpus of public Compose files,
  with per-tier SVG charts in docs/assets/ generated by
  scripts/corpus/charts.py (new maintainer-only [corpus] extra). The
  README hero stat now cites the corpus headline and links to the report.
• A recorded terminal demo (GIF) in the README hero, regenerated
  deterministically from scripts/demo/. (#235)
• -q / --quiet text mode: one line per finding, dropping the fix
  block, reference URL, source excerpt, and suppression reason. The
  inverse of -v, and mutually exclusive with it. (#239)
• NO_COLOR and FORCE_COLOR are honored: NO_COLOR disables color
  even on a terminal, FORCE_COLOR forces it through a pipe (e.g. into a
  pager or an ANSI-rendering CI log). (#239)
• --help now lists the valid --fail-on values
  ({low,medium,high,critical}) instead of a bare FAIL_ON. (#239)

Changed

• Text output readability (no change to JSON or SARIF): findings now
  render highest-severity first within each service; a column header
  labels the line / severity / rule / message columns; the offending
  value is marked with a severity-colored box-drawing underline instead
  of a red caret; parse failures (exit 2) show a distinct ⚠ ERROR
  verdict rather than the ✗ FAIL used for threshold breaches (exit 1);
  and a passing run names its sub-threshold findings
  (✓ PASS · threshold: critical · below: 1 high, 15 medium). (#239)

Fixed

• Text-mode stdout is flushed so the header and findings can no longer
  appear after stderr when both streams are captured together (2>&1),
  which scrambled combined CI logs. (#239)
• The aggregate summary pluralizes correctly: 1 file scanned, not
  1 files scanned. (#239)