2.13.4 (2021-10-11)

Fixed

Yarn Audit Specs #460
Brakeman exceptions #460

2.13.3 (2021-10-06)

#458

Added:
Properties.severity in SARIF result entries. This field contains the raw scanner severity.

Fixed:
SARIF location URIs are now properly relative.

2.13.2 (2020-09-28)

Fixed:
Ensure node exceptions handle int ids correctly
#456

2.13.1 (2021-09-24)

Added

• Normalized exception configurations.
• Time boxing support for exceptions.

#448
#449
#450
#451
#452
#453
#454

2.12.1 (2021-09-01)

Fixed

• #438 Empty sarifs caused by the YarnAudit sarif adapter.

2.12.0 (2021-08-24)

Added

• #415 #417 #429 #432 CycloneDX integration
• #413 #415 #419 #420 #421 #430 CycloneDX language support (Ruby, Rust, Python, Node Modules, Go)

Changed

• #411 Updated ReportGoDep to use go.sum/go.mod in addition to gopkg.lock
• #418 Scanner timeout values can now be floating point numbers

2.11.13 (2021-07-27)

Fixed

#405 Ignore salus config files that cannot be fetched and log error.

2.11.12 (2021-07-22)

Added

• #388 Support for running Bundle Audit with local vulnerability database.
• #396 Salus enforced bool under tool.driver.properties in SARIF in order to update Salus-bots display and cause less confusion surrounding active/enforced scanners

Upgraded

• #387 Bundle Audit to 0.8.0.
• #400 Rust to 1.53.0
• Some Gem dependencies.

Fixed

• #390 Yarn/NPM Audit config overwrites.

2.11.11 (2021-06-25)

Added

#379 SARIF refactor to messageStrings
#378 SARIF filter for plugins

Updated

#382 Expanded plugin support. Added events cli_startup, cli_scan, salus_scan, skip_scanner, run_scanner, scanners_ran, run_shell
#376 Bundler gem version to 2.2.19

Fixed

#385 Fixed sample circle ci orb file.
#380 Non zero error code for bad invocations

2.11.10 (2021-05-28)

Added

#369 Support for running Gosec from a configurable list of subdirs
#370 supported_languages in all current scanners