GuardRails supports finding more relevant security bugs in your Ruby and Rails now applications now!
The old changelog has been ported to AppVoice.
The updated Java documentation can be viewed here:
Our Java engines require byte-code to perform their security analysis. At the moment, GuardRails attempts to build Maven projects automatically. This only succeeds if no private registries are referenced.
We are proud to announce that we have further improved our support for Solidity by adding the MythX engine in collaboration with our partners at Consensys.
The updated Solidity documentation can be viewed here:
Several bug fixes and improvements have been shipped to our dashboard.
The error handling of our PHP engines has been improved and the engines have been updated to the latest version.
We have shipped several improvements to the UI of our GuardRails dashboard.
We are happy to announce that we have migrated from the GitHub oAuth app to the native GitHub app integration in our dashboard.
This unlocks several improvements in how we manage permissions and the integration between the GitHub app and the Dashboard login.
We have shipped several improvements to improve the stability and reliability of the Ruby engines.
Several improvements have been deployed to the dashboard including features that are required for the GitHub Marketplace verification.
Several improvements have been shipped to reduce the amount of false positives detected by our secrets engine.
Improved Bundler-Audit engine reporting and rendering of results.
- Improved experimental Spotbugs support
- Improved Retire.js error handling
Shipped several enhancements to the Go engines and how results are rendered.
We have added support for Slack that allows showing the GuardRails scan results on PRs and branches right in your Slack workflow.
More information on how to configure the Slack integration can be found here.
We proudly announce the release of our new and improved GuardRails dashboard.
Enhancements to the GuardRails configuration have been deployed.
Improvements to Java and Python engines as well as updates to the documentation on how to fix them.
🎉 Added support for detecting known security vulnerabilities in Java dependencies thanks to Dependency-Check.
The detection logic of false alarms in our secrets engine has been improved.
Improved de-duplication of Python issues and added monorepo support.
Added support for detecting known security vulnerabilities in open source Python libraries thanks to Safety.
- 🎉 Improved secrets engine to identify API tokens for:
Mailgun, Paypal, Stripe, Dropbox, Mailchimp, Twilio, Google Cloud Platform, Slack, Heroku, AWS, Facebook, Twitter, Github, and more.
- Improved false positives detection for the secrets engine, by removing results for git SHAs in Gemfile.
Added configuration option to ignore lines with
Improving false alert detection across languages:
- Remove results for common test files and folders for all languages.
- Remove results for secure properties in
- Remove results for third party code or static assets.
Published the following improvements:
- Added GuardRails config file validation.
- Established language-wide de-duplication of findings.
- Performance improvements.
It’s now possible to configure Guardrails to alert on issues that occured in changed lines only.
🎉 GuardRails now supports detecting security vulnerabilities in the language Go.
Adding support for ignore file.
Enhancing the Mythril Solidity Engine:
- Ability to analyze all .sol files (even in the root directory).
- Excluding Migrations.sol from analysis.
- Setting —max-transaction-count 1.
- Improved error handling.
- Update to Mythril 0.18.13.
- Removed initial pull request in favur of an initial issue.
- Deployed Performance improvements.
- Deduplicate findings for the Python engines.
This was a big release, we shipped some great new features:
- 🎉 Released Solidity support.
- Only showing newly introduced security issues in the pull request.
- We updated the status we set on GitHub.
- ❌ Builds are now failing when we detect any new issues.
- Stability improvements.
- Add new engine to detect secrets in the codebase. The secrets engine is language agnostic and will run on every repository enabled.
- Slim down the GitHub pull request comment to reduce the noise.
- Improve the
- Reduced the permission needed on GitHub when installing the GitHub App.
- Fix removed installations still showing up on the dashboard.
- Improved stability when installing on a large amount of repositories at the same time.
- Incorporated feedback from first users.
- Remove dependency on CI systems,
- Add support for forked repositories.
- Improve the experience for the initial pull request.