v2.0.0

What's Changed

New features:

• Adding support for running YARA and private rules by @sobregosodd in #401
• Support Go ecosystem by @juliendoutre in #413

Improvements and bugfixes:

• Improve DLL hijacking rule coverage by @ikretz in #414
• Add detection for Python sqlite3 data exfiltration by @ikretz in #420
• Remove duplicated sourcode findings by @sobregosodd in #407
• Simplify local target checks by @ikretz in #419

Chores:

• add setuptools to dependencies by @xopham in #412
• Bump disposable-email-domains from 0.0.103 to 0.0.104 by @dependabot in #409
• Bump certifi from 2023.7.22 to 2024.7.4 by @dependabot in #408

New Contributors

• @ikretz made their first contribution in #414

Full Changelog: v1.11.2...v2.0.0

v1.11.2

What's Changed

• Hotfix: No rules are ran by default by @sobregosodd in #406

Full Changelog: v1.11.1...v1.11.2

v1.11.1

What's Changed

• Fix rules filtering by @sobregosodd in #405

Full Changelog: v1.11.0...v1.11.1

v1.11.0

What's Changed

Bug fixes and improvements

• Add steganography for NPM by @sobregosodd in #396
• Add exceptions to shady-links by @sobregosodd in #395
• Improve detection to avoid memory over-usage by @sobregosodd in #400
• Bugfix: Input rules are not correctly set in analyzers by @sobregosodd in #399

Chores

• Bump mypy from 1.10.0 to 1.10.1 by @dependabot in #402
• Bump setuptools from 70.0.0 to 70.2.0 by @dependabot in #403
• Bump coverage from 7.5.3 to 7.5.4 by @dependabot in #398

Full Changelog: v1.10.1...v1.11.0

v1.10.1

Bug fixes and improvements

• Fixing the timezone in dns lookups by @sobregosodd in #385
• add --version flag to cli by @xopham in #392
• Create RELEASING.md by @christophetd in #393
• Addressing fixes in DLL hijacking by @sobregosodd in #384
• Bugfix Bundled binary rule by @sobregosodd in #386

Chores

• Bump urllib3 from 2.2.1 to 2.2.2 by @dependabot in #391
• Bump flake8 from 7.0.0 to 7.1.0 by @dependabot in #390

New Contributors

• @xopham made their first contribution in #392

Full Changelog: v1.10.0...v1.10.1

v1.10.0

What's Changed

Improvements and bug fixes:

• Add exception for wrong JSFuck detection by @sobregosodd in #383
• Add DLL hijacking detection by @sobregosodd in #382
• Feature: honor requirements versions by @sobregosodd in #380
• Fixing the timezone in dns lookups by @sobregosodd in #379

Chores:

• Bump pytest from 8.2.1 to 8.2.2 by @dependabot in #381

Full Changelog: v1.9.0...v1.10.0

v1.9.0

What's Changed

Improvements and bug fixes:

• remove redundant docker layer by @jxdv in #368
• Add Sebastian to maintainers by @christophetd in #370
• Fix typo in environment variable to set scan parallelism by @christophetd in #376
• Add detection for Deceptive Author by @sobregosodd in #374
• Pushed top pkgs update for typosquatting by @sobregosodd in #345
• Add detection of bidirectional characters by @sobregosodd in #356

Chores:

• Bump requests from 2.32.0 to 2.32.2 by @dependabot in #371
• Bump coverage from 7.5.1 to 7.5.3 by @dependabot in #377
• Bump setuptools from 69.5.1 to 70.0.0 by @dependabot in #372
• Bump requests from 2.32.2 to 2.32.3 by @dependabot in #378

Full Changelog: v1.8.2...v1.9.0

v1.8.2

What's Changed

• Bugfix: Fix regression in SARIF scan output by @christophetd in #369

Full Changelog: v1.8.1...v1.8.2

v1.8.1

What's Changed

Improvements and bug fixes:

• Adding FP case to npm-obfuscation by @sobregosodd in #366
• fix rules assignment per ecosystem by @sobregosodd in #365

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

Improvements and bug fixes:

• Add npm-exfiltrate-sensitive-data case by @sobregosodd in #352
• improve shady-links matching by @sobregosodd in #358
• Add detection of compiled binaries in package code by @sobregosodd in #355
• add download_executable missing detection by @sobregosodd in #363

Chores:

• Bump requests from 2.31.0 to 2.32.0 by @dependabot in #361
• Bump pygit2 from 1.14.1 to 1.15.0 by @dependabot in #360
• Bump pytest from 8.2.0 to 8.2.1 by @dependabot in #359

Full Changelog: v1.7.0...v1.8.0