v0.7.0

Changelog

• 2f0334b Add -tracked flag to ignore git-untracked files during scan (#70)
• 056d9c9 Add Zensical (#62)
• 3803e7c Add tool entries for Just, Task, Pixi, Spin (#74)
• 7bb6681 Bump goreleaser/goreleaser-action from 7.1.0 to 7.2.1 (#68)
• f5b577d Detect Invoke as a task runner via tasks.py (#73)
• 566f562 Detect setuptools/hatch/flit and infer flat-layout source dirs (#69)
• f33178a Reject directories when matching file globs in exists() (#71)
• 61a3a4e Sanitize CI matrix values and resource filenames in human/markdown output (#66)
• 09b230c Split runtime libraries out of build into a library category (#72)

v0.6.1

Changelog

• 055e2d7 Bump git-pkgs deps to latest patch releases
• bbe9ca3 Redact credentials from git remote URLs in reports
• 813721c Reject symlinks in enrich manifest reads (#67)
• 89494aa Use cosign v4 bundle format for release signing

v0.5.2

Changelog

• e57ca6e Add Homebrew install instructions
• c3be64c Bump golang.org/x/term from 0.41.0 to 0.42.0
• 7bc49ef Sign release checksums with cosign

v0.5.1

Changelog

• 2f36707 Tighten threat-model output: filter stack, fix empty message, remove SSRF from backend mapping

v0.5.0

Changelog

• bb4e160 Add 66 detection-only tool defs for security-relevant libraries
• a572a74 Add [taxonomy] and [security] sections to KB schema
• 9c9f0d1 Add brief threat-model and brief sinks commands
• a16010a Fill sinks for tools where threat-model fires but sinks was empty
• da4b626 Hand-classify [taxonomy] for build, database, environment, monorepo tools
• efcbc54 Refresh vendored oss-taxonomy terms (166 to 172)
• 8655320 Retag tools with the new precise function terms
• 00ff068 Seed mechanical [taxonomy] mappings across 335 tool definitions
• fe27838 Seed sinks for web frameworks and ORMs
• de6f414 Seed stdlib sinks for C#, Rust, Elixir, C, C++, Kotlin, Scala, Swift, Dart, Perl, Lua
• 7687256 Seed stdlib sinks for Ruby, Python, JavaScript, Go, PHP, Java
• be1961e Tighten _threats.toml: add feature-flags mapping, LDAP libs, drop dead scraping mapping
• abe6546 Update README with threat-model, sinks, taxonomy docs
• d6ca724 Validate taxonomy tags against vendored oss-taxonomy term list

v0.4.3

Changelog

• 891c9bb Add 93 tool definitions across all categories
• 7e3a588 Add brief list -readme tools to generate README tool list
• cdff64f Bump actions/setup-go from 6.3.0 to 6.4.0
• 34635de Bump github.com/git-pkgs/enrichment from 0.2.1 to 0.2.2
• 488a3de Fix script source files parsed as empty tool definitions
• 051533a Fix security, correctness, and quality issues from code review
• 56ae6e3 Update README tool list to reflect 446 tools
• b20441c Update project description in README.md

v0.4.2

Changelog

• 12fc5c8 Bump all git-pkgs dependencies to latest releases
• cc7755e Bump github.com/git-pkgs/forge from 0.2.0 to 0.3.0

v0.4.1

Changelog

• 222e6d2 Add markdown output format via -markdown flag

v0.4.0

Changelog

• add0d40 Add brief missing subcommand and expand knowledge base
• 8745766 Fix all golangci-lint issues
• 4fed97b Update README for missing command and new tool counts

v0.3.0

Changelog

• 21b5bc1 Add brief diff subcommand
• df9c15f Fix golangci-lint issues: gofmt alignment, redundant selectors, loop simplification