v1.0.0
This is a new major version with breaking changes.
What's Changed
Breaking changes:
- The commands
guarddog scan
andguarddog verify
have been deprecated and will be removed in an upcoming version. Useguarddog pypi scan
andguarddog pypi verify
instead
New features:
- Added support for scanning npm packages (
guarddog npm scan
) and package.json (guarddog npm verify
) - Support SARIF output to allow for easy use with GitHub Code Scanning
- Added commands
guarddog pypi list-rules
andguarddog npm list-rules
- Support verbose debugging output through
guarddog --log-level debug ...
New heuristics:
- New Python heuristic
silent-process-execution
to identify packages silently executing processes, similar to the Pytorch attack - New PyPI metadata heuristic:
repository_integrity_mismatch
compares the contents of a package on PyPI with its contents on GitHub, and flags packages that have extraneous or modified files not reflected on GitHub - New npm heuristic: typosquatting
- New npm heuristic: detecting silent process execution
- New npm heuristic: detecting post and pre-install hooks
- New npm heuristic: detecting when a npm package serializes
process.env
Cosmetics:
- GuardDog now has an official logo!
- README heuristics documentation is now automatically generated and injected in the README
Minor changes:
- chores: Bump certify version to fix GHSA-43fp-rhv2-5gv8
Full Changelog: v0.1.10...v1.0.0