v1.4.0: New UI

What's Changed

Improvements

Updated UI

• Progress Bars for every file for better verbosity

• Updated Report view

• Improved parsing of config files
• Fixes for Dangerous Variable Detection
  
  
  

Full Changelog: v1.3.0...v1.4.0

v1.3.0: SARIF support and masking by default

Improvements

• Added support for SARIF output format (--outformat dojo-sarif). The tool is now compatible with DefectDojo (#9, kudos to @dmarushkin)
• Secrets inside reports are now masked by default (Use --disable-masking to control this behaviour but be careful)
• Added support for Python 3.13

Bugfixes

• Updated dependencies, including pydantic (#10 )

Full Changelog: v1.2.0...v1.3.0

v1.2.0

Improvements

• The default multiprocessing context has been changed from fork (fast but unstable) to spawn (slower but more stable) to address the tool freezing issue (#5)

Warning

This fix has made the tool a bit slower. It's okay.

• Added a handle for multiprocessing context choice (--multiprocessing-context)
• The debug mode now shows the current progress of processed tokens once a second to indicate the liveness of the tool.
• Added a handle to control the maximum size of a file for analysis (--max-file-size)
• Better logging

Bugfixes

• Fixed an issue causing a crash while processing a ruleset with predefined false findings.

Full Changelog: v1.1.4...v1.2.0

v1.1.4

Bugfixes

• Fix for "Password in URI" rule in the built-in ruleset #4
• Improved docs on "excluded paths" #3

Minor changes

• Support for Python 3.12
• Updated dependencies

Full Changelog: v1.1.3...v1.1.4

v1.1.3

Cumulative update with a bunch of improvements

• Reduced false positive rate with 'key-value' pairs
• More variable suppression rules for Golang