GuardRails Changelog 🚀

February 13th 2019

  • Enhancements to the Retire.js engine and it's rendering.

February 12th 2019

  • Enhancements to the GuardRails configuration.
  • Added new links to the vulnerability description pages, and the first suggested fixes for Java SCA.

February 11th 2019

  • Improved Java and Python SCA engines to provide more details in the reported issues.

February 8th 2019

  • 🎉 Added support for detecting known security vulnerabilities in Java thanks to Dependency-Check.

January 24th 2019

January 17th 2019

  • Deployed several bug fixes to improve stability.

January 11th 2019

  • Improved Safety de-duplication of issues and added monorepo support.

January 8th 2019

  • 🎉 Added support for detecting known security vulnerabilities in Python thanks to Safety.

December 21st 2018

  • 🎉 Improved secrets engine to identify API tokens for:
    • Mailgun, Paypal, Stripe, Dropbox, Mailchimp, Twilio, Google Cloud Platform, Slack, Heroku, AWS, Facebook, Twitter, Github, and more.
  • Improved false positives detection for the secrets engine:
    • Remove results for git SHAs in Gemfile.

December 6rd 2018

December 3rd 2018

  • 🎉 Adding support for PHP.

November 27th 2018

  • Improving filtering of results:
    • Remove results for common test files and folders for all languages.
    • Remove results for secure properties in travis.yml.
    • Remove results for third party code or static assets.

November 23th 2018

  • Added GuardRails config file validation.
  • Established language-wide de-duplication of findings.
  • Performance improvements.

November 20th 2018

November 14th 2018

  • 🎉 Adding support for Go.

October 30th 2018

  • Adding support for ignore file.
  • Enhancing the Mythril Solidity Engine:
    • Ability to analyze all .sol files (even in the root directory).
    • Excluding Migrations.sol from analysis.
    • Setting --max-transaction-count 1.
    • Improved error handling.
    • Update to Mythril 0.18.13.

October 27th 2018

October 19th 2018

  • Remove initial pull request in favour of an initial issue. Example GuardRails initial issue
  • Performance improvements.
  • Deduplicate findings for the python bundle.

October 5th 2018

This was a big release this time, we shipped some great improvements:

  • 🎉 Released Solidity support.
  • Only showing newly introduced security issues in the pull request.
  • We updated the status we set on GitHub.
  • ❌ Builds are now failing when we detect any new issues.
  • Stability improvements.

September 26th 2018

  • 🎉 Released Python support (including Django and Flask apps).

September 2nd 2018

  • Add new content for issue of hard-coded secrets.

August 15th 2018

  • Add new engine to detect secrets in the codebase. The secrets engine is language agnostic and will run on every repository enabled.
  • Slim down the GitHub pull request comment to reduce the noise.
  • Improve the eval ruleset for the JavaScript engine to be more accurate.
  • Reduced the permission needed on GitHub when installing the GitHub App.
  • Fix removed installations still showing up on the dashboard.
  • Improved stability when installing on a large amount of repositories at the same time.

August 1st 2018

  • Incorporated feedback from first users.
  • Remove dependency on CI systems,
  • Add support for forked repositories.
  • Improve the experience for the initial pull request.

July 19th 2018

  • 🚀 Alpha release with JavaScript / Secrets support.

June 26th 2018