Releases: kulkansecurity/gitxray
Releases · kulkansecurity/gitxray
1.0.17.3
1.0.17.2
Release v1.0.17.2 (February 16th, 2025)
- Added a Highlighted findings section to the HTML report. Special thanks to Viktor and Darin from DevOps Paradox for their feedback.
- Added to every table in the HTML report the ability to collapse and expand.
- Merged the finding on similar repository names with the finding on the repository being the most starred.
- Improved the introduction section of the HTML report to guide users with sample use-cases for Gitxray.
1.0.17.1
Release v1.0.17.1 (January 30th, 2025)
- Fixed parsing of legacy workflows which include an empty path attribute.
- Fixed parsing of broken armored PGP keys which appear to be accepted by GitHub when being added to a user's profile.
1.0.17
Release v1.0.17 (January 26th, 2025)
- Added a new "--shush" parameter which turns "shushable" mode on, discarding any progress output from stdout.
- Added a new finding under the "personal" category which tells if the contributor has enabled "Available for hire" in their profile (docs describe it here: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-available-for-hire)
- Added a "WARNING" label/prefix on a couple of Workflow findings which deserve an extra highlight.
- Turned gh_api into a class named GitHubRESTAPI which stores a reference to gx_output.
- Added a new stdout method in gx_output to act as a proxy for print() calls, discarding "shushable" output.
1.0.16.5
Release v1.0.16.5 (January 18th, 2025)
- Fixed an error case (an unhandled exception) that showed up when scanning repositories with a very large list of contributors (e.g. torvalds/linux, or MicrosoftDocs/azure-docs), which leads to GitHub REST APIs responding in an undocumented manner, stating that: "The history or contributor list is too large to list contributors for this repository via the API".
1.0.16.4
Release v1.0.16.4 (October 30th, 2024)
- Fixed an error case that should be fixed in gh_api.py eventually: GitHub returning unexpected error responses when querying for certain releases while being unauthenticated. Thank you once again fearcito for your input and testing.
1.0.16.3
Release v1.0.16.3 (October 28th, 2024)
- Only showing "updated at" for comments if the created_at and updated_at field values differ. This helps place focus on updated comments which could potentially reveal a contributor trying to hide a past comment. GitHub is kind to show an Edit history for said comments as a menu option next to the comment itself.
1.0.16.2
Release v1.0.16.2 (October 25th, 2024)
- Added validation against Null values for fields "author" and "uploader" in Releases and Assets. Special thanks to fearcito for reporting the issue.
1.0.16.1
Release v1.0.16.1 (October 22nd, 2024)
- Fixed a typo in a call to r_log() which led to an uhandled exception when scanning repositories with self-hosted runners. Special thanks to farnaboldi for reporting the issue.
1.0.16
Release v1.0.16 (October 18th, 2024)
- Added a brand new HTML output format/report by default, making results a lot easier to navigate! Custom search bar instead of relying on DataTables which can be super slow for large HTML files. We're now also groupping results by Category across all contributors and highlighting results which contain a WARNING keyword.
- Added certain association results to Contributor results, not all to prevent extra noise.
- Added the ability to specify a directory for output instead of a file, gitxray creating the filename for you.
- Removed the concept of 'Verbose' results, merging them with the non-verbose categories.
- Removed the need for repositories and organizations to start with https://github.com (Thanks to mattaereal for pointing that out!)