v2.9.0-beta.3

Changelog

Others

• b3e237f: start:bugfix wrong interpretation of subversion of docker (#1156) (@smoogie)

Docker images

• docker pull horuszup/horusec-cli:v2.9.0-beta.3

Full Changelog: v2.9.0-beta.2...v2.9.0-beta.3

v2.9.0-beta.2

Changelog

Docker images

• docker pull horuszup/horusec-cli:v2.9.0-beta.2

Full Changelog: v2.9.0-beta.1...v2.9.0-beta.2

v2.9.0-beta.1

Changelog

Features

• 5efcc7a: java:feature - Add Rule for CVE-2022-21724 (#1033) (@wiliansilvazup)
• d309b63: docs:feat - Security Policies (#1052) (@lucasbrunozup)
• e5a7fd0: rules:feat - adding rule to spring framework rce (#1053) (@nathanmartinszup)
• 602e40a: roadmap:feat - Public Roadmap (#1055) (@wiliansilvazup)

Bug fixes

• 3b6822c: sarif:bugfix - removing version prefix (#1019) (@nathanmartinszup)
• f6bfb74: goreleaser:bugfix - adding release auto (#1027) (@nathanmartinszup)
• dcdcdf8: utils/file:fix - missing {HORUSEC_CLI} prefix and typo on log debug (#1025) (@matheusalcantarazup)
• f4d13a6: docker:fix - missing image name on debug log (#1026) (@matheusalcantarazup)
• 4ff44db: horusec:fix - Errors reported in v2.8.0-beta.1 (#1050) (@wiliansilvazup)
• 39d4c9c: analyzer:fix - Fixing details wrong (#1054) (@wiliansilvazup)

Hotfixes

• 8fb0125: e2e:hotfix - Fixing problems on e2e and github files (#1084) (@wiliansilvazup)

Chores

• d1be5f9: formatters:chore - normalize not found files warn message (#1023) (@matheusalcantarazup)
• 358fd4a: formatters/ruby:chore - removing unnecessary error messages (#1024) (@nathanmartinszup)
• a3efede: csharp:chore - Improvements on safe and unsafe code in csharp (#1037) (@wiliansilvazup)
• 71b07db: dart:chore - Adding improvements on dart rules (#1038) (@wiliansilvazup)
• 630a870: javascript::chore - Adding improvements on javascript rules (#1043) (@wiliansilvazup)
• 7e5a606: k8s:chore - Adding improvements on k8s rules (#1039) (@wiliansilvazup)
• ae78215: leaks:chore - Adding improvements on leaks rules (#1040) (@wiliansilvazup)
• 6184e55: swift:chore - Adding improvements on swift rules (#1042) (@wiliansilvazup)
• 08734c1: nginx:chore - Adding improvements on nginx rules (#1041) (@wiliansilvazup)
• 6fa62e4: custom_rules:chore - Refactored tests for custom_rules to table tests (#1049) (@Adam88morris)
• 2d9d7e7: java:chore - Adding improvements on Java Rules (#1048) (@wiliansilvazup)

Others

• 940debf: scs: bugfix - att outdated chsharp sdk on horusec-engine-csharp (#1022) (@iancardosozup)
• c7af3b3: This commit implements vulnerable and safe samples for the javascript rules. (#1051) (@lucasbrunozup)
• 38d249d: Increased all XXE severities in Java Rules to High (#1056) (@gustavomarinhozup)
• 68a999b: Added CAPEC and CWE to Clipboard findings (#1060) (@gustavomarinhozup)
• a8aab11: feat:deps - Update dependancy files (#1085) (@wiliansilvazup)
• 00bcca1: fixing pipeline (@guilhermepaulozup)
• 2101949: fixing build pipeline (@guilhermepaulozup)
• b532d4b: fixing releases pipelines (@guilhermepaulozup)
• c38d1c5: fixing release-alpha pipeline (@guilhermepaulozup)
• f807fde: fixing releases pipelines (@guilhermepaulozup)

Docker images

• docker pull horuszup/horusec-cli:v2.9.0-beta.1

Full Changelog: v2.8.0-beta.2...v2.9.0-beta.1

v2.8.0

Changelog

Features

• f0df9f4: docker:feature - Validate Docker version from the Docker API (#965) (@luiguip)
• 522076a: cli:feat - add SARIF output support (#946) (@anthturner)
• df2e20c: hash:feature - new hash format and handle the future depreciations (#996) (@nathanmartinszup)
• 578e883: workflow:feat - Automating the release notes (#997) (@wiliansilvazup)
• 6e052fb: java:feature - Add Rule for CVE-2022-21724 (#1033) (@wiliansilvazup)
• 2c11096: rules:feat - adding rule to spring framework rce (#1053) (@nathanmartinszup)
• a615329: docs:feat - Security Policies (#1052) (@lucasbrunozup)

Bug fixes

• 1bfe223: install/sh:bugfix - updating install sh to install latest if more recent (#913) (@nathanmartinszup)
• 9245d7d: bundler:fix - correctly parse output error (#921) (@matheusalcantarazup)
• e263056: formatters:fix - not show which tool generate the error (#932) (@matheusalcantarazup)
• 0a2ecee: trivy:bugfix - adding func to avoid hash changes in trivy formatter (#929) (@nathanmartinszup)
• 73511f0: engine/swift:bugfix - improving HS-SWIFT-24 rule to avoid false positives (#930) (@nathanmartinszup)
• 18e8b89: formatters/tfsec:bugfix - vulnerabilities were being ignored due missing severity (#934) (@nathanmartinszup)
• 87673d1: engine/leaks:bugfix - improving leaks rule 26 (#972) (@nathanmartinszup)
• c4184c5: engines/jvm:fix - false positives on base64 encode/decode (#974) (@matheusalcantarazup)
• 22acb2b: dockerfile:fix - update and upgrade packages (#977) (@matheusalcantarazup)
• 0c1e691: commitAuthors:bugfix - fix when pass invalid line to SetCommitAuthors and changed formatters error handling approach (#978) (@iancardosozup)
• b6d92cd: dockerfiles:bugfix - adding no cache flag (#982) (@nathanmartinszup)
• 1b9673d: dockerfiles:bugfix - updating docker base image (#983) (@nathanmartinszup)
• 6e4d0c1: dockerfile:bugfix - updating dockerfiles docker base image (#989) (@nathanmartinszup)
• f860773: docs:fix - commit template message (#992) (@matheusalcantarazup)
• 345c748: analyzer:bugfix - separate warnings from errors (#1013) (@nathanmartinszup)
• 29c7330: gitleaks:bugfix - updating formatter to gitleaks v8 (#1010) (@nathanmartinszup)
• 96fbcc8: sarif:bugfix - removing version prefix (#1019) (@nathanmartinszup)
• 8517c84: goreleaser:bugfix - adding release auto (#1027) (@nathanmartinszup)
• 748d681: utils/file:fix - missing {HORUSEC_CLI} prefix and typo on log debug (#1025) (@matheusalcantarazup)
• a0c13d2: docker:fix - missing image name on debug log (#1026) (@matheusalcantarazup)
• e8eb1ba: horusec:fix - Errors reported in v2.8.0-beta.1 (#1050) (@wiliansilvazup)
• df32c1c: analyzer:fix - Fixing details wrong (#1054) (@wiliansilvazup)

Chores

• f2c500d: yarnaudit:chore - improve tests and code cleaning (#910) (@matheusalcantarazup)
• 0df35e4: analyzer:chore - split analyzer implementation into runner (#909) (@matheusalcantarazup)
• d3018a8: workflow/security:chore - updating security workflow to use latest rc (#911) (@nathanmartinszup)
• 802f0c4: formatters:chore - remove unused methods from IService (#912) (@matheusalcantarazup)
• 04f682e: formatter:chore - replace strings.Replace to fmt.Sprintf (#914) (@matheusalcantarazup)
• d0f5f52: nancy:chore - remove logs when running without GITHUB_TOKEN env (#922) (@matheusalcantarazup)
• c43d93c: engine/java:chore - add CVE-2021-44832 detail to the description of the HS-JAVA-150 rule (#916) (@dearrudam)
• bfb07e6: workflows:chore - removing old release file to avoid confusion (#924) (@nathanmartinszup)
• 112e82e: bundler:chore - improve tests and code cleaning (#925) (@matheusalcantarazup)
• 5d8b435: phpcs:chore - Update PHP_CodeSniffer to show severity and code (#935) (@wiliansilvazup)
• 3d9f22a: engine:chore - update to new engine (#923) (@iancardosozup)
• a175361: sonarqube:chore - merge entities/sonarqube with services/sonarqube pkg (#947) (@matheusalcantarazup)
• ae31579: git:chore - move CommitAuthor declaration to git pkg (#948) (@matheusalcantarazup)
• 886da4c: makefile:chore - bump gci tool (#970) (@matheusalcantarazup)
• 43c551d: swift:chore - Improvements Tests of all Swift Rules (#953) (@wiliansilvazup)
• 6b630c1: kubernetes:chore - Improvements Tests of all Kubernetes Rules (#961) (@wiliansilvazup)
• aadaaed: enums:chore - remove unused enums/engine pkg (#979) (@matheusalcantarazup)
• 9f7dd64: checkov:chore - removing pborman/ansi dependency (#975) (@iancardosozup)
• 6abcc37: engine/java:chore - updating log4j rule to avoid false positives (#980) (@nathanmartinszup)
• 8659ee7: formatters:chore - add missing RuleIDs (#967) (@anthturner)
• d7fcbe3: lint:chore - Fix lint, format and Horusec API tests (#1004) (@wiliansilvazup)
• 0bd4d4d: formatters:chore - normalize not found files warn message (#1023) (@matheusalcantarazup)
• 649b267: formatters/ruby:chore - removing unnecessary error messages (#1024) (@nathanmartinszup)
• 763a796: custom_rules:chore - Refactored tests for custom_rules to table tests (#1049) (@Adam88morris)
• 013b22e: javascript::chore - Adding improvements on javascript rules (#1043) (@wiliansilvazup)
• 40d4191: csharp:chore - Improvements on safe and unsafe code in csharp (#1037) (@wiliansilvazup)
• cf7b1bf: dart:chore - Adding improvements on dart rules (#1038) (@wiliansilvazup)
• 6a4dd93: k8s:chore - Adding improvements on k8s rules (#1039) (@wiliansilvazup)
• 841c343: leaks:chore - Adding improvements on leaks rules (#1040) (@wiliansilvazup)
• 229df8b: swift:chore - Adding improvements on swift rules (#1042) (@wiliansilvazup)
• c6f20fe: nginx:chore - Adding improvements on nginx rules (#1041) (@wiliansilvazup)

Others

• f14f910: fix:semgrep - Disable collect metrics and fix log message (#968) (@wiliansilvazup)
• 0f24a9e: chore:workflow - Added new workflow to validate release workflows (#988) (@wiliansilvazup)
• 51a7006: docs: add issues section (#991) (@HenriqueZup)
• 2aa2c5b: release:build - Removing GPG and sign images from build.yaml (#1018) (@wiliansilvazup)
• ac6405a: scs: bugfix - att outdated chsharp sdk on horusec-engine-csharp (#1022) (@iancardosozup)
• cce34ce: This commit implements vulnerable and safe samples for the javascript rules. (#1051) (@lucasbrunozup)

Docker images

• docker pull horuszup/horusec-cli:v2.8.0

Full Changelog: v2.7.1...v2.8.0

v2.8.0-rc.1

Changelog

Features

• f0df9f4: docker:feature - Validate Docker version from the Docker API (#965) (@luiguip)
• 522076a: cli:feat - add SARIF output support (#946) (@anthturner)
• df2e20c: hash:feature - new hash format and handle the future depreciations (#996) (@nathanmartinszup)
• 578e883: workflow:feat - Automating the release notes (#997) (@wiliansilvazup)
• 6e052fb: java:feature - Add Rule for CVE-2022-21724 (#1033) (@wiliansilvazup)
• 2c11096: rules:feat - adding rule to spring framework rce (#1053) (@nathanmartinszup)
• a615329: docs:feat - Security Policies (#1052) (@lucasbrunozup)

Bug fixes

• 87673d1: engine/leaks:bugfix - improving leaks rule 26 (#972) (@nathanmartinszup)
• c4184c5: engines/jvm:fix - false positives on base64 encode/decode (#974) (@matheusalcantarazup)
• 22acb2b: dockerfile:fix - update and upgrade packages (#977) (@matheusalcantarazup)
• 0c1e691: commitAuthors:bugfix - fix when pass invalid line to SetCommitAuthors and changed formatters error handling approach (#978) (@iancardosozup)
• b6d92cd: dockerfiles:bugfix - adding no cache flag (#982) (@nathanmartinszup)
• 1b9673d: dockerfiles:bugfix - updating docker base image (#983) (@nathanmartinszup)
• 6e4d0c1: dockerfile:bugfix - updating dockerfiles docker base image (#989) (@nathanmartinszup)
• f860773: docs:fix - commit template message (#992) (@matheusalcantarazup)
• 345c748: analyzer:bugfix - separate warnings from errors (#1013) (@nathanmartinszup)
• 29c7330: gitleaks:bugfix - updating formatter to gitleaks v8 (#1010) (@nathanmartinszup)
• 96fbcc8: sarif:bugfix - removing version prefix (#1019) (@nathanmartinszup)
• 8517c84: goreleaser:bugfix - adding release auto (#1027) (@nathanmartinszup)
• 748d681: utils/file:fix - missing {HORUSEC_CLI} prefix and typo on log debug (#1025) (@matheusalcantarazup)
• a0c13d2: docker:fix - missing image name on debug log (#1026) (@matheusalcantarazup)
• e8eb1ba: horusec:fix - Errors reported in v2.8.0-beta.1 (#1050) (@wiliansilvazup)
• df32c1c: analyzer:fix - Fixing details wrong (#1054) (@wiliansilvazup)

Chores

• 3d9f22a: engine:chore - update to new engine (#923) (@iancardosozup)
• a175361: sonarqube:chore - merge entities/sonarqube with services/sonarqube pkg (#947) (@matheusalcantarazup)
• ae31579: git:chore - move CommitAuthor declaration to git pkg (#948) (@matheusalcantarazup)
• 886da4c: makefile:chore - bump gci tool (#970) (@matheusalcantarazup)
• 43c551d: swift:chore - Improvements Tests of all Swift Rules (#953) (@wiliansilvazup)
• 6b630c1: kubernetes:chore - Improvements Tests of all Kubernetes Rules (#961) (@wiliansilvazup)
• aadaaed: enums:chore - remove unused enums/engine pkg (#979) (@matheusalcantarazup)
• 9f7dd64: checkov:chore - removing pborman/ansi dependency (#975) (@iancardosozup)
• 6abcc37: engine/java:chore - updating log4j rule to avoid false positives (#980) (@nathanmartinszup)
• 8659ee7: formatters:chore - add missing RuleIDs (#967) (@anthturner)
• d7fcbe3: lint:chore - Fix lint, format and Horusec API tests (#1004) (@wiliansilvazup)
• 0bd4d4d: formatters:chore - normalize not found files warn message (#1023) (@matheusalcantarazup)
• 649b267: formatters/ruby:chore - removing unnecessary error messages (#1024) (@nathanmartinszup)
• 763a796: custom_rules:chore - Refactored tests for custom_rules to table tests (#1049) (@Adam88morris)
• 013b22e: javascript::chore - Adding improvements on javascript rules (#1043) (@wiliansilvazup)
• 40d4191: csharp:chore - Improvements on safe and unsafe code in csharp (#1037) (@wiliansilvazup)
• cf7b1bf: dart:chore - Adding improvements on dart rules (#1038) (@wiliansilvazup)
• 6a4dd93: k8s:chore - Adding improvements on k8s rules (#1039) (@wiliansilvazup)
• 841c343: leaks:chore - Adding improvements on leaks rules (#1040) (@wiliansilvazup)
• 229df8b: swift:chore - Adding improvements on swift rules (#1042) (@wiliansilvazup)
• c6f20fe: nginx:chore - Adding improvements on nginx rules (#1041) (@wiliansilvazup)

Others

• f14f910: fix:semgrep - Disable collect metrics and fix log message (#968) (@wiliansilvazup)
• 0f24a9e: chore:workflow - Added new workflow to validate release workflows (#988) (@wiliansilvazup)
• 51a7006: docs: add issues section (#991) (@HenriqueZup)
• 2aa2c5b: release:build - Removing GPG and sign images from build.yaml (#1018) (@wiliansilvazup)
• ac6405a: scs: bugfix - att outdated chsharp sdk on horusec-engine-csharp (#1022) (@iancardosozup)
• cce34ce: This commit implements vulnerable and safe samples for the javascript rules. (#1051) (@lucasbrunozup)

Docker images

• docker pull horuszup/horusec-cli:v2.8.0-rc.1

Full Changelog: v2.7.0-rc.3...v2.8.0-rc.1

v2.8.0-beta.2

Changelog

Features

• 6e052fb: java:feature - Add Rule for CVE-2022-21724 (#1033) (@wiliansilvazup)
• 2c11096: rules:feat - adding rule to spring framework rce (#1053) (@nathanmartinszup)
• a615329: docs:feat - Security Policies (#1052) (@lucasbrunozup)

Bug fixes

• e8eb1ba: horusec:fix - Errors reported in v2.8.0-beta.1 (#1050) (@wiliansilvazup)

Chores

• 763a796: custom_rules:chore - Refactored tests for custom_rules to table tests (#1049) (@Adam88morris)
• 013b22e: javascript::chore - Adding improvements on javascript rules (#1043) (@wiliansilvazup)
• 40d4191: csharp:chore - Improvements on safe and unsafe code in csharp (#1037) (@wiliansilvazup)
• cf7b1bf: dart:chore - Adding improvements on dart rules (#1038) (@wiliansilvazup)
• 6a4dd93: k8s:chore - Adding improvements on k8s rules (#1039) (@wiliansilvazup)
• 841c343: leaks:chore - Adding improvements on leaks rules (#1040) (@wiliansilvazup)
• 229df8b: swift:chore - Adding improvements on swift rules (#1042) (@wiliansilvazup)
• c6f20fe: nginx:chore - Adding improvements on nginx rules (#1041) (@wiliansilvazup)

Others

• cce34ce: This commit implements vulnerable and safe samples for the javascript rules. (#1051) (@lucasbrunozup)

Docker images

• docker pull horuszup/horusec-cli:v2.8.0-beta.2

Full Changelog: v2.8.0-beta.1...v2.8.0-beta.2

v2.8.0-beta.1

Changelog

Features

• f0df9f4: docker:feature - Validate Docker version from the Docker API (#965) (@luiguip)
• 522076a: cli:feat - add SARIF output support (#946) (@anthturner)
• df2e20c: hash:feature - new hash format and handle the future depreciations (#996) (@nathanmartinszup)
• 578e883: workflow:feat - Automating the release notes (#997) (@wiliansilvazup)

Bug fixes

• c4184c5: engines/jvm:fix - false positives on base64 encode/decode (#974) (@matheusalcantarazup)
• f860773: docs:fix - commit template message (#992) (@matheusalcantarazup)
• 345c748: analyzer:bugfix - separate warnings from errors (#1013) (@nathanmartinszup)
• 29c7330: gitleaks:bugfix - updating formatter to gitleaks v8 (#1010) (@nathanmartinszup)
• 96fbcc8: sarif:bugfix - removing version prefix (#1019) (@nathanmartinszup)
• 8517c84: goreleaser:bugfix - adding release auto (#1027) (@nathanmartinszup)
• 748d681: utils/file:fix - missing {HORUSEC_CLI} prefix and typo on log debug (#1025) (@matheusalcantarazup)
• a0c13d2: docker:fix - missing image name on debug log (#1026) (@matheusalcantarazup)

Chores

• 0df35e4: analyzer:chore - split analyzer implementation into runner (#909) (@matheusalcantarazup)
• d3018a8: workflow/security:chore - updating security workflow to use latest rc (#911) (@nathanmartinszup)
• 802f0c4: formatters:chore - remove unused methods from IService (#912) (@matheusalcantarazup)
• 04f682e: formatter:chore - replace strings.Replace to fmt.Sprintf (#914) (@matheusalcantarazup)
• bfb07e6: workflows:chore - removing old release file to avoid confusion (#924) (@nathanmartinszup)
• 3d9f22a: engine:chore - update to new engine (#923) (@iancardosozup)
• a175361: sonarqube:chore - merge entities/sonarqube with services/sonarqube pkg (#947) (@matheusalcantarazup)
• ae31579: git:chore - move CommitAuthor declaration to git pkg (#948) (@matheusalcantarazup)
• 886da4c: makefile:chore - bump gci tool (#970) (@matheusalcantarazup)
• 43c551d: swift:chore - Improvements Tests of all Swift Rules (#953) (@wiliansilvazup)
• 6b630c1: kubernetes:chore - Improvements Tests of all Kubernetes Rules (#961) (@wiliansilvazup)
• aadaaed: enums:chore - remove unused enums/engine pkg (#979) (@matheusalcantarazup)
• 8659ee7: formatters:chore - add missing RuleIDs (#967) (@anthturner)
• d7fcbe3: lint:chore - Fix lint, format and Horusec API tests (#1004) (@wiliansilvazup)
• 0bd4d4d: formatters:chore - normalize not found files warn message (#1023) (@matheusalcantarazup)
• 649b267: formatters/ruby:chore - removing unnecessary error messages (#1024) (@nathanmartinszup)

Others

• 0f24a9e: chore:workflow - Added new workflow to validate release workflows (#988) (@wiliansilvazup)
• 51a7006: docs: add issues section (#991) (@HenriqueZup)
• 2aa2c5b: release:build - Removing GPG and sign images from build.yaml (#1018) (@wiliansilvazup)
• ac6405a: scs: bugfix - att outdated chsharp sdk on horusec-engine-csharp (#1022) (@iancardosozup)

Docker images

• docker pull horuszup/horusec-cli:v2.8.0-beta.1

Full Changelog: v2.7.1...v2.8.0-beta.1

v2.7.1

What's Changed

⚠️ If you are using the CLI docker image: Please update Horusec to version >= 2.7.1, where we fixed some issues related to a expat vulnerable dependency on the dind image which we use as a base to build the cli docker image.

• dockerfile:bugfix - updating dockerfiles docker base image by @nathanmartinszup in #989
• dockerfiles:bugfix - updating docker base image by @nathanmartinszup in #983
• dockerfiles:bugfix - adding no cache flag by @nathanmartinszup in #982
• commitAuthors:bugfix - fix when pass invalid line to SetCommitAuthors and changed formatters error handling approach by @iancardosozup in #978
• yarnaudit:chore - improve tests and code cleaning by @matheusalcantarazup in #910
• checkov:chore - removing pborman/ansi dependency by @iancardosozup in #975
• engine/java:chore - updating log4j rule to avoid false positives by @nathanmartinszup in #980
• dockerfile:fix - update and upgrade packages by @matheusalcantarazup in #977
• engine/leaks:bugfix - improving leaks rule 26 by @nathanmartinszup in #972
• fix:semgrep - Disable collect metrics and fix log message by @wiliansilvazup in #968

Docker images

• docker pull horuszup/horusec-cli:v2.7.1
• docker pull horuszup/horusec-cli:v2
• docker pull horuszup/horusec-cli:v2.7

Full Changelog: v2.7.0...v2.7.1

v2.7.0

What's Changed

• formatters/trivy:fix - find correct line of dependency by @ne0z in #882
• images:fix - upgrade Ruby Docker image by @matheusalcantarazup in #892
• brakeman:fix - search for Gemfile's before start analysis by @matheusalcantarazup in #877
• deps:chore - update module github.com/spf13/cobra to v1.3.0 by @renovate-bot in #890
• deps:chore - update elixir Docker tag to v1.13.1 by @renovate-bot in #884
• deps:chore - update zricethezav/gitleaks Docker tag to v8.2.4 by @renovate-bot in #887
• language_detect:chore - remove redundant code by @matheusalcantarazup in #893
• dependency_check:chore - improve tests and code cleaning by @matheusalcantarazup in #895
• deps:chore - update module github.com/spf13/viper to v1.10.1 by @renovate-bot in #885
• deps:chore - update php Docker tag to v8.1.1 by @renovate-bot in #886
• deps:chore - update Node.js to v17.3.0 by @renovate-bot in #903
• deps:chore - update module github.com/magefile/mage to v1.12.1 by @renovate-bot in #889
• deps:chore - update module github.com/briandowns/spinner to v1.18.0 by @renovate-bot in #888
• docker:chore - rename SetData method of AnalysisData by @matheusalcantarazup in #896
• mixaudit:chore - improve tests and code cleaning by @matheusalcantarazup in #897
• sobelow:chore - improve tests and code cleaning by @matheusalcantarazup in #898
• trivy:chore - improve tests and code cleaning by @matheusalcantarazup in #899
• checkov:chore - improve tests and code cleaning by @matheusalcantarazup in #900
• tfsec:chore - improve tests and code cleaning by @matheusalcantarazup in #901
• npmaudit:chore - improve tests and code cleaning by @matheusalcantarazup in #902
• workflows:feature - add go mod tidy check by @iancardosozup in #904
• log4j:chore - update log4j min version to 2.17.1 by @iancardosozup in #907
• nancy:chore - Error not handled by Horusec in Nancy tool by @wiliansilvazup in #906
• bundler:fix - correctly parse output error by @matheusalcantarazup #921
• engine/java:chore - add CVE-2021-44832 detail to the description of the HS-JAVA-150 rule by @dearrudam #916
• nancy:chore - remove logs when running without GITHUB_TOKEN env by @matheusalcantarazup #922
• install/sh:bugfix - updating install sh to install latest if more recent by @nathanmartinszup #913
• phpcs:chore - Update PHP_CodeSniffer to show severity and code (#935) @wiliansilvazup
• formatters/tfsec:bugfix - vulnerabilities were being ignored due missing severity (#934) @nathanmartinszup
• engine/swift:bugfix - improving HS-SWIFT-24 rule to avoid false positives (#930) @nathanmartinszup
• trivy:bugfix - adding func to avoid hash changes in trivy formatter (#929) @nathanmartinszup
• formatters:fix - not show which tool generate the error (#932) @matheusalcantarazup
• bundler:chore - improve tests and code cleaning (#925) @matheusalcantarazup

Docker images

• docker pull horuszup/horusec-cli:v2.7.0
• docker pull horuszup/horusec-cli:v2
• docker pull horuszup/horusec-cli:v2.7

New Contributors

• @ne0z made their first contribution in #882

Full Changelog: v2.6.9...v2.7.0

v2.7.0-rc.3

What's Changed

• phpcs:chore - Update PHP_CodeSniffer to show severity and code (#935) @wiliansilvazup
• formatters/tfsec:bugfix - vulnerabilities were being ignored due missing severity (#934) @nathanmartinszup
• engine/swift:bugfix - improving HS-SWIFT-24 rule to avoid false positives (#930) @nathanmartinszup
• trivy:bugfix - adding func to avoid hash changes in trivy formatter (#929) @nathanmartinszup
• formatters:fix - not show which tool generate the error (#932) @matheusalcantarazup
• bundler:chore - improve tests and code cleaning (#925) @matheusalcantarazup

Full Changelog: v2.7.0-rc.2...v2.7.0-rc.3