Releases: coinbase/salus
Releases · coinbase/salus
2.7.0
[2.7.0] - 2019-10-01
Added
- stronger gosec integration that supports disabling nosec comments, changing the nosec directive, explicit inclusion and exclusion of rules, sorting issues by severity, filtering issues by severity and/or confidence, auto-pass (for testing purposes), scanning test files, and directory whitelisting.
- gosec documentation on available options
- stronger yarn integration that supports selective scanning of production, optional, and/or developer dependencies (Issue #68)
- yarn documentation on available options
- better circleci orb support via custom_info on the salus_reports object (Thanks @jsulinksi)
- decouple Salus orb version with Salus versioning (Thanks @jsulinksi)
Changed
- golang upgrade from 1.12 to 1.13.1
Fixed
- fixed salus command line documentation for adding salus config files (Issue #74)
Gosec scanning
Gosec is smart enough to figure out where a project is. This patch version improves detection of Go by fully traversing all subfolders and files to look for go files.
Minor Bug Fix
This release fixes a minor bug in parsing yarn audit json output.
2.6.0
2.5.1
2.5.0
- Enable exclude_entension for the Pattern Search Scanner. Thanks @raphdev!
- A Salus Orb for easier integration with CircleCi. Thanks @raphdev and @jsulinski for their efforts!
- The orb can be found at https://circleci.com/orbs/registry/orb/federacy/salus
- Upgraded Go from 1.8.3 to 1.12.4
- Upgrade Gosec Scanner to 2.0.0 to support Go modules and deprecates the support of GOPATH-related projects
- README updates
Ruby and Docker Upgrades
This release updates the ruby version to 2.4.5 and uses the corresponding ruby base image that is patched for security issues. We have also published the clair report for users to quickly verify what CVEs exist.
Ruby 2.4.5 base image switches from ubuntu to debian.
This release also releases a minor yarn bug fix.
Pinning gosec to 1.2.0
This version pins gosec to v1.2.0 as there have been issues with running 1.3.0.