Skip to content

Release 1.4.0

Choose a tag to compare

View all tags
@eFAILution eFAILution released this 08 Jun 13:41
· 29 commits to main since this release
Immutable release. Only release title and notes can be modified.
1.4.0
55dd970

1.4.0 (2026-06-08)

Features

  • attest: sign the scan attestation with cosign (OpenVEX in-toto, opt-in) (#244) (2109310), closes #242 #237 #240
  • container: bind scan results to the resolved image content digest (#239) (92668a5), closes #237
  • core: record scanner toolchain provenance in scan results (#243) (6b39a0f), closes #237 #241
  • reporters: OpenVEX output for container/SCA scans (spike, #229) (#230) (b7501e4)
  • reporters: organize report output by scope (security/lint/supply-chain) (#231) (988e29d), closes #229
  • scanner-mumps: MUMPS / M language SAST scanner (16 rules, call-graph foundation) (#213) (bc2e939)

Bug Fixes

  • container: scan daemon-present images by ref via docker: source (#233) (#234) (5305b7a)

Maintenance

  • deps: bump node (#246) (de16ef8)
  • deps: bump the npm-minor-patch group with 4 updates (#245) (9b65035)
  • deps: Update container-images to v1.15.5 (#236) (a16e887)
  • deps: Update container-images to v3.2.531 (#238) (d6d548f)
Assets 3
Loading