Releases: chainguard-dev/bincapz
Releases · chainguard-dev/bincapz
v0.19.0
Tool Improvements
Rule Improvements
- Improve detection of Python attacks similar to 'yocolor' by @tstromberg in #427
Developer Improvements
Full Changelog: v0.18.2...v0.19.0
Contributors
tstromberg and egibs
Assets 2
v0.18.2
v0.18.1
Tool Improvements
Rule Improvements
Developer Improvements
- Remove GitHub user configuration from Workflows by @egibs in #411
- Update QuantityIncreasesRisk field name by @egibs in #417
Full Changelog: v0.18.0...v0.18.1
Contributors
egibs
Assets 2
v0.18.0
Tool Improvements
- Scan file descriptors rather than files per go-yara docs by @egibs in #406
- Use concurrency for path scanning by @egibs in #405
Rule Improvements
- Address Spark false positives by @egibs in #397
- Address onepassword-sdk false positives by @egibs in #404
Developer Improvements
- Bump golang.org/x/term from 0.22.0 to 0.23.0 by @dependabot in #401
- Bump step-security/harden-runner from 2.9.0 to 2.9.1 in the all group by @dependabot in #398
- Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 in the all group by @dependabot in #399
- Update bincapz to use go1.23 by @egibs in #403
- Add octo-sts identity to help with release automation by @egibs in #408
- Fix trust policy by @egibs in #409
New Contributors
Full Changelog: v0.17.1...v0.18.0
Contributors
egibs, dependabot, and octo-sts
Assets 2
v0.17.1
Rule Improvements
- Update third party rules by @tstromberg in #395
Developer Improvements
Full Changelog: v0.17.0...v0.17.1
Contributors
tstromberg and egibs
Assets 2
v0.17.0
Rule Improvements
- Address mlflow PyPI index JSON false positive by @egibs in #385
- Address false positives for mlflow and pytorch by @egibs in #387
- Address false positives with google-cloud-sdk by @egibs in #388
- Address more run-tests.php false positives by @egibs in #389
- Address Kibana false positives by @egibs in #391
- Address false positives with argo-workflows-ui by @egibs in #392
Developer Improvements
- Update go-yara to 4.3.3 by @egibs in #386
- [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #390
- Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 in the all group by @dependabot in #393
- Add benchmarks for samples by @egibs in #380
Full Changelog: v0.16.2...v0.17.0
Contributors
egibs, dependabot, and step-security-bot
Assets 2
v0.16.2
v0.16.1
Rule Improvements
- More /dev/tcp rule tweaks for GitLab healthcheck script by @egibs in #372
- Address false positives for SQLPad and Lerna by @egibs in #375
Developer Improvements
- Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 in the all group by @dependabot in #374
- Bump step-security/harden-runner from 2.8.1 to 2.9.0 in the all group by @dependabot in #373
Full Changelog: v0.16.0...v0.16.1
Contributors
egibs and dependabot
Assets 2
v0.16.0
Tool Improvements
Rule Improvements
- Fix GitLab healthcheck script false positive by @egibs in #364
- Turn off ELCEEF_HTML_Smuggling_A rule by @egibs in #365
- Address false positives for playwright and mongosh by @egibs in #367
- Address false positives for Chromium, KOTS, and Nuclei by @egibs in #368
- Address py3-setuptools false positives by @egibs in #369
Developer Improvements
- Bump the all group with 2 updates by @dependabot in #362
- Bump github.com/google/go-containerregistry from 0.19.2 to 0.20.0 by @dependabot in #363
Full Changelog: v0.15.1...v0.16.0
Contributors
egibs and dependabot