📈 We have tuned our Ruby scanning engines to detect more security issues, specifically related to Cross-Site-Scripting.
📉 We have also tuned our Secret detection engines to be more accurate with detecting false positives.
As always, a big thanks to all of our users that take the time to report false positives and false negatives and help make GuardRails better for everyone!
We are super excited about this feature!
Now you are able to trigger an on-demand scan of the default branch of an enabled repository, straight from the dashboard.
Just click the 🔎 button and it will immediately start a scan.
📄 We are happy to announce the release of our PDF export feature.
You can now browse to the Pull Request, and for paid plans, the Branch, tabs and export the view as PDF!
🐛 A bug was fixed in our local caching, which was responsible for login errors.
🔎 We have included a new rule into our python security scanning engine and further improved the false positive detection of our engines.
🙏 A big thanks to all of our users that report these issues and improvements. GuardRails is continuously getting better because of your valuable feedback.
Thanks to all our users who keep reporting false positives, GuardRails has been updated and got even more accurate.
The main improvements were made to the secret detection engines. Some improvements affected the go, python and c engines as well.
Still finding false positives, or false negatives - issues that should be reported, but are not - please send us a report or mark the findings via the dashboard.
We are now supporting Ruby on Rails applications that follow the monorepo software development strategy.
That means ♾ continuous security verification, no matter how you structure your projects!
🎉 The following improvements have been shipped:
- Update to all scanning engines, except Java and Solidity
- Improved error handling of all scanning engines
- More accurate scan duration timing
- Improved encoding to make scan processing more reliable
- Fixed rendering errors related to some use-cases in Pull Request comments
📈 We have re-factored our entire architecture in order to be able to fulfill the ever-growing scans requests that are processed by GuardRails.
⚡ This release results in much faster scans of your repositories.
GuardRails supports finding more relevant security bugs in your Ruby and Rails now applications now!
The old changelog has been ported to AppVoice.
The updated Java documentation can be viewed here:
Our Java engines require byte-code to perform their security analysis. At the moment, GuardRails attempts to build Maven projects automatically. This only succeeds if no private registries are referenced.
We are proud to announce that we have further improved our support for Solidity by adding the MythX engine in collaboration with our partners at Consensys.
The updated Solidity documentation can be viewed here:
Several bug fixes and improvements have been shipped to our dashboard.
The error handling of our PHP engines has been improved and the engines have been updated to the latest version.
We have shipped several improvements to the UI of our GuardRails dashboard.
We are happy to announce that we have migrated from the GitHub oAuth app to the native GitHub app integration in our dashboard.
This unlocks several improvements in how we manage permissions and the integration between the GitHub app and the Dashboard login.
We have shipped several improvements to improve the stability and reliability of the Ruby engines.
Several improvements have been deployed to the dashboard including features that are required for the GitHub Marketplace verification.
Several improvements have been shipped to reduce the amount of false positives detected by our secrets engine.
Improved Bundler-Audit engine reporting and rendering of results.
- Improved experimental Spotbugs support
- Improved Retire.js error handling
Shipped several enhancements to the Go engines and how results are rendered.
We have added support for Slack that allows showing the GuardRails scan results on PRs and branches right in your Slack workflow.
More information on how to configure the Slack integration can be found here.
We proudly announce the release of our new and improved GuardRails dashboard.
Enhancements to the GuardRails configuration have been deployed.
Improvements to Java and Python engines as well as updates to the documentation on how to fix them.
🎉 Added support for detecting known security vulnerabilities in Java dependencies thanks to Dependency-Check.
The detection logic of false alarms in our secrets engine has been improved.
Improved de-duplication of Python issues and added monorepo support.
Added support for detecting known security vulnerabilities in open source Python libraries thanks to Safety.
- 🎉 Improved secrets engine to identify API tokens for:
Mailgun, Paypal, Stripe, Dropbox, Mailchimp, Twilio, Google Cloud Platform, Slack, Heroku, AWS, Facebook, Twitter, Github, and more.
- Improved false positives detection for the secrets engine, by removing results for git SHAs in Gemfile.
Added configuration option to ignore lines with
Improving false alert detection across languages:
- Remove results for common test files and folders for all languages.
- Remove results for secure properties in
- Remove results for third party code or static assets.
Published the following improvements:
- Added GuardRails config file validation.
- Established language-wide de-duplication of findings.
- Performance improvements.
It’s now possible to configure Guardrails to alert on issues that occured in changed lines only.
🎉 GuardRails now supports detecting security vulnerabilities in the language Go.
Adding support for ignore file.
Enhancing the Mythril Solidity Engine:
- Ability to analyze all .sol files (even in the root directory).
- Excluding Migrations.sol from analysis.
- Setting —max-transaction-count 1.
- Improved error handling.
- Update to Mythril 0.18.13.
- Removed initial pull request in favur of an initial issue.
- Deployed Performance improvements.
- Deduplicate findings for the Python engines.
This was a big release, we shipped some great new features:
- 🎉 Released Solidity support.
- Only showing newly introduced security issues in the pull request.
- We updated the status we set on GitHub.
- ❌ Builds are now failing when we detect any new issues.
- Stability improvements.
- Add new engine to detect secrets in the codebase. The secrets engine is language agnostic and will run on every repository enabled.
- Slim down the GitHub pull request comment to reduce the noise.
- Improve the
- Reduced the permission needed on GitHub when installing the GitHub App.
- Fix removed installations still showing up on the dashboard.
- Improved stability when installing on a large amount of repositories at the same time.
- Incorporated feedback from first users.
- Remove dependency on CI systems,
- Add support for forked repositories.
- Improve the experience for the initial pull request.