Skip to content

Releases: coinbase/salus

2.7.0

02 Oct 00:32
Compare
Choose a tag to compare

[2.7.0] - 2019-10-01

Added

  • stronger gosec integration that supports disabling nosec comments, changing the nosec directive, explicit inclusion and exclusion of rules, sorting issues by severity, filtering issues by severity and/or confidence, auto-pass (for testing purposes), scanning test files, and directory whitelisting.
  • gosec documentation on available options
  • stronger yarn integration that supports selective scanning of production, optional, and/or developer dependencies (Issue #68)
  • yarn documentation on available options
  • better circleci orb support via custom_info on the salus_reports object (Thanks @jsulinksi)
  • decouple Salus orb version with Salus versioning (Thanks @jsulinksi)

Changed

  • golang upgrade from 1.12 to 1.13.1

Fixed

  • fixed salus command line documentation for adding salus config files (Issue #74)

Gosec scanning

20 Sep 04:49
b6f77b9
Compare
Choose a tag to compare

Gosec is smart enough to figure out where a project is. This patch version improves detection of Go by fully traversing all subfolders and files to look for go files.

Minor Bug Fix

06 Aug 00:04
426a378
Compare
Choose a tag to compare

This release fixes a minor bug in parsing yarn audit json output.

2.6.0

16 Jul 01:50
f2ecc52
Compare
Choose a tag to compare

Added a heartbeat feature that is on by default but can be controlled with the heartbeat flag. Heartbeats respect the quiet flag

2.5.1

10 Jun 23:12
d010b75
Compare
Choose a tag to compare

This update fixes a bug where Salus did not scan for go files recursively when it correctly detected to run the go-related scanners.

2.5.0

07 Jun 21:52
18e1cce
Compare
Choose a tag to compare
  • Enable exclude_entension for the Pattern Search Scanner. Thanks @raphdev!
  • A Salus Orb for easier integration with CircleCi. Thanks @raphdev and @jsulinski for their efforts!
  • Upgraded Go from 1.8.3 to 1.12.4
  • Upgrade Gosec Scanner to 2.0.0 to support Go modules and deprecates the support of GOPATH-related projects
  • README updates

Ruby and Docker Upgrades

09 May 19:06
b86925e
Compare
Choose a tag to compare

This release updates the ruby version to 2.4.5 and uses the corresponding ruby base image that is patched for security issues. We have also published the clair report for users to quickly verify what CVEs exist.

Ruby 2.4.5 base image switches from ubuntu to debian.

This release also releases a minor yarn bug fix.

Pinning gosec to 1.2.0

18 Apr 22:57
2274dd7
Compare
Choose a tag to compare

This version pins gosec to v1.2.0 as there have been issues with running 1.3.0.

Bundler 2 compatibility, updated Rails app detection and gem updates

03 Apr 04:02
469e5b6
Compare
Choose a tag to compare

#46 General gem updates
#40 Detect Rails app when a repo has an app directory
#45 Bundler 2 compatibility
#47 Update spec

Adds Go Static Code Vulnerability Support

01 Feb 05:41
cbda437
Compare
Choose a tag to compare

#29 integrates gosec, go static code vulnerability checker
#36 #37 #38 fix failing build and bump version