Improvements to Ruby Engines

GuardRails supports finding more relevant security bugs in your Ruby and Rails now applications now!

The GuardRails Changelog is now managed via AppVoice

The old changelog has been ported to AppVoice.

Improvements to the Java documentation

The updated Java documentation can be viewed here:

  • https://www.guardrails.io/docs/en/vulnerabilities/java/

Note:

Our Java engines require byte-code to perform their security analysis. At the moment, GuardRails attempts to build Maven projects automatically. This only succeeds if no private registries are referenced.

New Engine: MythX

We are proud to announce that we have further improved our support for Solidity by adding the MythX engine in collaboration with our partners at Consensys.

Improvements to the Solidity documentation

The updated Solidity documentation can be viewed here:

  • https://www.guardrails.io/docs/en/vulnerabilities/solidity/

General improvements to the documentation

To ensure consistent fonts and layout.

Improvements to the Java engines

Stability and performance improvements.

Bug fixes and improvements to the dashboard

Several bug fixes and improvements have been shipped to our dashboard.

PHP Engines Improvements

The error handling of our PHP engines has been improved and the engines have been updated to the latest version.

Several improvements to the Dashboard UI.

We have shipped several improvements to the UI of our GuardRails dashboard.

Migrated to native GitHub App integration

We are happy to announce that we have migrated from the GitHub oAuth app to the native GitHub app integration in our dashboard.

This unlocks several improvements in how we manage permissions and the integration between the GitHub app and the Dashboard login.

Stability Improvements to the Ruby Engines

We have shipped several improvements to improve the stability and reliability of the Ruby engines.

JavaScript Engine Improvements

We have shipped new security rules for the JavaScript engines.

Dashboard Improvements

Several improvements have been deployed to the dashboard including features that are required for the GitHub Marketplace verification.

Improvements to the Secrets Engine

Several improvements have been shipped to reduce the amount of false positives detected by our secrets engine.

Improvements to Ruby Engines

Improved Bundler-Audit engine reporting and rendering of results.

Ruby Engines Mono Repo Support

Improved Ruby Engines to support monorepos.

Engine Improvements

  • Improved experimental Spotbugs support
  • Improved Retire.js error handling

Improvements to the Go Engines

Shipped several enhancements to the Go engines and how results are rendered.

Added support for Slack

We have added support for Slack that allows showing the GuardRails scan results on PRs and branches right in your Slack workflow.

More information on how to configure the Slack integration can be found here.

Monorepo support for JavaScript engines

We have added monorepo support for all our JavaScript scanning engines.

Released the new GuardRails Dashboard

We proudly announce the release of our new and improved GuardRails dashboard.

Improvements to the JavaScript Engines

Roses are red, Violets are blue and we have just shipped enhancements to the npm-audit JavaScript engine.

Several Improvements to Configuration

Enhancements to the GuardRails configuration have been deployed.

Improvements to engines and documentation

Improvements to Java and Python engines as well as updates to the documentation on how to fix them.

Experimental Java Support

πŸŽ‰ Added support for detecting known security vulnerabilities in Java dependencies thanks to Dependency-Check.

Improvement to the False Positives detection of the secrets engines

The detection logic of false alarms in our secrets engine has been improved.

General Bug Fixes

Deployed several bug fixes to improve stability.

Python Scanning Engines

Improved de-duplication of Python issues and added monorepo support.

Detection of Known Vulnerabilities in Python

Added support for detecting known security vulnerabilities in open source Python libraries thanks to Safety.

New Secrets Detection Engine

  • πŸŽ‰ Improved secrets engine to identify API tokens for:
    Mailgun, Paypal, Stripe, Dropbox, Mailchimp, Twilio, Google Cloud Platform, Slack, Heroku, AWS, Facebook, Twitter, Github, and more.
  • Improved false positives detection for the secrets engine, by removing results for git SHAs in Gemfile.

GuardRails Configuration Options

Added configuration option to ignore lines with // guardrails-disable-line.

Adding Support for PHP

πŸŽ‰ GuardRails now supports detecting vulnerabilities in PHP.

Improving False Alert Detection

Improving false alert detection across languages:

  • Remove results for common test files and folders for all languages.
  • Remove results for secure properties in travis.yml.
  • Remove results for third party code or static assets.

General Improvements

Published the following improvements:

  • Added GuardRails config file validation.
  • Established language-wide de-duplication of findings.
  • Performance improvements.

Added Configuration Options

It’s now possible to configure Guardrails to alert on issues that occured in changed lines only.

Added Go Support

πŸŽ‰ GuardRails now supports detecting security vulnerabilities in the language Go.

Overall Improvements

Adding support for ignore file.

Enhancing the Mythril Solidity Engine:

  • Ability to analyze all .sol files (even in the root directory).
  • Excluding Migrations.sol from analysis.
  • Setting β€”max-transaction-count 1.
  • Improved error handling.
  • Update to Mythril 0.18.13.

Added Documentation

Improvement to the GuardRails docs.

Added documentation for:

General Improvements

  • Removed initial pull request in favur of an initial issue.
  • Deployed Performance improvements.
  • Deduplicate findings for the Python engines.

Several New Features

This was a big release, we shipped some great new features:

  • πŸŽ‰ Released Solidity support.
  • Only showing newly introduced security issues in the pull request.
  • We updated the status we set on GitHub.
  • ❌ Builds are now failing when we detect any new issues.
  • Stability improvements.

Added Support for Python

πŸŽ‰ Released Python support (including Django and Flask apps).

Added Secrets Documentation

Added Several New Features

  • Add new engine to detect secrets in the codebase. The secrets engine is language agnostic and will run on every repository enabled.
  • Slim down the GitHub pull request comment to reduce the noise.
  • Improve the eval ruleset for the JavaScript engine to be more accurate.
  • Reduced the permission needed on GitHub when installing the GitHub App.
  • Fix removed installations still showing up on the dashboard.
  • Improved stability when installing on a large amount of repositories at the same time.

General Improvements

  • Incorporated feedback from first users.
  • Remove dependency on CI systems,
  • Add support for forked repositories.
  • Improve the experience for the initial pull request.

First Release of GuardRails

πŸš€ Alpha release with JavaScript / Secrets support.

Launch Docs

Released initial documentation.