github Bearer/bearer v1.0.0
on GitHub

latest releases: v1.46.4, v1.46.3-rc.0, v1.46.2...
20 months ago

Highlights

  • Further OWASP Top 10 coverage on both Ruby and JavaScript.
  • Reworked severity calculation see documentation for more details.
  • Summary report renamed to Security report #682
  • Secret scanning separated from security scanning with --scanner flag #679

Changelog

  • af4650a chore(deps): bump github.com/go-enry/go-enry/v2 from 2.8.3 to 2.8.4 (#731)
  • 1cdc390 chore(deps): bump golang.org/x/mod from 0.8.0 to 0.9.0 (#733)
  • 0dd817f chore(deps): update dependencies (#740)
  • 8308b5c chore(rule): yank dangerous_insert_html (#745)
  • a625c5a feat(JS ruels): add insecure CORS rule for express (#707)
  • 8fe75d7 feat(JS rules): Add CWE 916 weak password encryption (#689)
  • e6a6246 feat(JS rules): Add more rules for hardcoded JWT secrets (#705)
  • fc4e698 feat(JS rules): Extend expressjs insecure cookie rule (#696)
  • b642439 feat(JS rules): add AWS dynamodb query injection (#664)
  • ff9c4d9 feat(JS rules): add CWE to JS insecure cookie (#687)
  • 0d94455 feat(JS rules): add CWE-525 bad caching policy for expressjs JWT not revoked (#695)
  • f4ae336 feat(JS rules): add CWE-94 AWS Lambda code injection (#726)
  • 004d2f9 feat(JS rules): add expressjs rule for missing HTTPS protocol (#715)
  • 85650e1 feat(JS rules): add open redirect rule (#713)
  • 7a4fe5c feat(JS rules): add template render rule patterns for express js (#712)
  • 747bbf5 feat(JS rules): extend expressjs cookie rule (#700)
  • 7658ca0 feat(express rule): detect missing usage within same file (#711)
  • 4c80de7 feat(javascript rule): add dom purify lib (#721)
  • f77ca4e feat(javascript rule): add support for react's dangerouslySetInnerHTML (#688)
  • 72e7f07 feat(javascript rule): dangerous javvascript html inserts (#693)
  • 11a1ba7 feat(js rule): enrich js axios rule (#686)
  • 28d99ed feat(ruby rules): add rails rule for http verb confusion (#683)
  • bd7bc3e feat(ruby rules): add rails rule for permissive regex validation (#723)
  • c43f1a5 feat(ruby rules): add rails send_file to path rule (#709)
  • 7222310 feat(ruby rules): rails rule for render using user input (#725)
  • bf75b4e feat(ruby rules): rule for hardcoded secret (#699)
  • b479804 feat(ruby rules): rule for reflection using user input (#710)
  • 84ebfd9 feat(ruby rules): rule for regex using user input (#694)
  • d7d784e feat: Separate secrets scanning and sast (#690)
  • 97e8e40 feat: add jsonlines (#742)
  • c011a71 feat: enrich dangerous insert html (#697)
  • 86cdb46 feat: optimize report saving (#729)
  • e8b8250 feat: rename summary report to security report (#684)
  • b81e2c7 feat: simplify PDS key (#724)
  • a68bd4f feat: update rules default severity (#730)
  • 383492f fix(JS rules): make express eval rule stricter (#714)
  • 3b65905 fix(JS tests): fix outdated testdata (#722)
  • 9823386 fix(docs): broken links (#702)
  • ada10d7 fix(ruby rules): set correct match node in hard coded secret rule (#708)
  • 422989d fix(rules): Update missing rule documentation (#748)
  • 77d701d fix(rules): special case warning severity (#749)
  • 962e330 fix(security report): hide progress bar for built-in rules (#706)
  • 08f8a15 fix: clean up superfluous YAML attributes in rules (#741)
  • d48862a fix: ignore empty string literals (#720)
Check out latest releases or
releases around Bearer/bearer v1.0.0

Don't miss a new bearer release

NewReleases is sending notifications on new releases.

Get notifications