v3.1.2

What's Changed

• fix: use full checkout for detect secrets jobs by @droguljic in #65

Full Changelog: v3.1.1...v3.1.2

v3.1.1

What's Changed

• build: update studion/core to v3.0.1 by @droguljic in #64

Full Changelog: v3.1.0...v3.1.1

v3.1.0

What's Changed

• feat: add option to provide root for the analyze_code command by @droguljic in #63

Full Changelog: v3.0.0...v3.1.0

v3.0.0

What's Changed

• feat: perform env subst on image for the generate_sbom command by @droguljic in #53
• feat: perform env subst on image for the assess_image command by @droguljic in #54
• style: format sh files by @droguljic in #55
• feat: standardize output paths of the commands by @droguljic in #56
• refactor: use array for passing arguments in scripts by @droguljic in #57
• feat: use sarif as output format for the assess_image command by @droguljic in #58
• chore: update machine images to ubuntu-2404 by @droguljic in #59
• ci: reorganize test and deploy configuration by @droguljic in #60
• feat: store SBOM as artifact by @droguljic in #61
• docs: add scanner summary by @droguljic in #62

Full Changelog: v2.3.0...v3.0.0

v2.3.0

What's Changed

• feat: add install_semgrep command by @droguljic in #50
• feat: add install_gitleaks command by @droguljic in #51
• docs: update list of features by @droguljic in #52

Full Changelog: v2.2.0...v2.3.0

v2.2.0

What's Changed

• feat: add install_syft command by @droguljic in #44
• feat: add install_grype command by @droguljic in #45
• feat: add generate_sbom command by @droguljic in #46
• feat: add assess_image command by @droguljic in #47
• docs: update description of severity for scan_dockerfile command by @droguljic in #48
• ci: update studion/core to v3.0.0 by @droguljic in #49

Full Changelog: v2.1.0...v2.2.0

v2.1.0

What's Changed

• build: update studion/core to v3.0.0 by @droguljic in #41
• chore: update dependencies of the sample project by @droguljic in #42
• feat: add install_trivy command by @droguljic in #43

Full Changelog: v2.0.0...v2.1.0

v2.0.0

What's Changed

• chore: update dependencies of the sample project by @droguljic in #22
• feat: base secret detection on the detect_secrets command by @droguljic in #23
• feat: base the code analysis on the analyze_code command by @droguljic in #24
• docs: update the sast example by @droguljic in #25
• feat: remove the source pathfrom the detect_secrest_git job by @droguljic in #26
• refactor: rename base branch param to env assignment by @droguljic in #27
• refactor: change verbosity of the detect secrets scripts by @droguljic in #28
• feat: replace the scan_dependencies job with the command by @droguljic in #29
• refactor: standardize env variable handling by @droguljic in #30
• feat: add scan_dockerfile command by @droguljic in #31
• feat: change the source path usage for secrets detection by @droguljic in #32
• feat: remove the checkout step from the dependency scanning by @droguljic in #33
• ci: add the scan_dockerfile as the requirement for publishing by @droguljic in #34
• docs: add Dockerfiles scanning to the README by @droguljic in #35
• feat: enable debug mode for custom dependencies scan by @droguljic in #36
• style: format sh files by @droguljic in #37
• feat: add node executor by @droguljic in #38
• build: update studion/core to v2.0.1 by @droguljic in #39
• feat: replace other executors with the node executor by @droguljic in #40

Full Changelog: v1.0.0...v2.0.0

v1.0.0

What's Changed

• chore: add orb info by @droguljic in #1
• feat: add scan_dependencies job by @droguljic in #2
• chore: remove template artifacts by @droguljic in #3
• ci: update publish requirements by @droguljic in #4
• feat: add detect_secrets_(git|dir) jobs by @droguljic in #5
• fix: typo in param name in scan-deps script command call by @MiroDojkic in #7
• docs: fix typo in scan_dependencies job parameter description by @MiroDojkic in #6
• build: update studion/core to v1.0.0 by @droguljic in #8
• feat: explicitly ensure package manager in scan_dependencies by @droguljic in #9
• refactor: set medium resource class for gitleaks executor by @droguljic in #10
• fix: check lockfile before scanning dependencies by @droguljic in #11
• feat: add analyze_code job by @droguljic in #12
• docs: update docs across jobs, executors, and examples by @droguljic in #13
• refactor: export git branches by @droguljic in #14
• docs: add a note about Semgrep's strange behavior by @droguljic in #15
• docs: fix typo in base_revision parameter description by @droguljic in #16
• feat: remove reporting to file for detecting secrets jobs by @droguljic in #17
• fix: echo correct target of detect_secrets_git job by @droguljic in #18
• chore: add organization to license by @droguljic in #19
• docs: add description and usage by @droguljic in #20
• style: ensure only one empty line at EOF by @droguljic in #21

New Contributors

• @droguljic made their first contribution in #1
• @MiroDojkic made their first contribution in #7

Full Changelog: https://github.com/ExtensionEngine/pipeline-security-orb/commits/v1.0.0