Releases: DataDog/guarddog
Releases · DataDog/guarddog
v2.6.0
New features
Bug fixes and improvements
- Detect Base64-decoded content being passed to execution functions in Go by @martinvoigt-dd in #547
- [Go - New Detection] Detect executable downloads in Go by @dd-ahmed in #548
- Adding new NPM obfuscation case by @sobregosodd in #557
- Semgrep timeout fix + use of env variables to set max_target_bytes by @tesnim5hamdouni in #556
- [Go - New Detection] Detect data collection and exfiltration in Go by @dd-ahmed in #553
- Update shady links rule by @tesnim5hamdouni in #563
- Refactor to use Dependency structure by @sobregosodd in #564
- Fix scan on empty python dependencies by @sobregosodd in #568
Chores
- Bump setuptools from 75.6.0 to 76.0.0 by @dependabot in #538
- Bump disposable-email-domains from 0.0.108 to 0.0.120 by @dependabot in #540
- Bump pygit2 from 1.16.0 to 1.17.0 by @dependabot in #545
- Bump googleapis-common-protos from 1.66.0 to 1.69.2 by @dependabot in #544
- Bump jinja2 from 3.1.4 to 3.1.6 by @dependabot in #546
- Bump deprecated from 1.2.15 to 1.2.18 by @dependabot in #542
- Bump packaging from 21.3 to 24.2 by @dependabot in #541
- Bump lxml from 5.2.2 to 5.3.2 by @dependabot in #555
- Bump bracex from 2.3.post1 to 2.5 by @dependabot in #551
- Bump exceptiongroup from 1.2.0 to 1.2.2 by @dependabot in #552
- Bump mypy-extensions from 1.0.0 to 1.1.0 by @dependabot in #562
- Updating deps and top pkgs by @sobregosodd in #567
- Bump iniconfig from 2.0.0 to 2.1.0 by @dependabot in #560
New Contributors
- @martinvoigt-dd made their first contribution in #547
- @dd-ahmed made their first contribution in #548
- @tesnim5hamdouni made their first contribution in #556
Full Changelog: v2.5.0...v2.6.0
Contributors
bthuilot, dependabot, and 4 other contributors
Assets 2
v2.5.0
New features
- Added zip domain to shadylinks check by @rtvkiz in #530
- feat(github-action): add support for 'verify' command by @bthuilot in #532
Bug fixes and improvements
- Update top-pypi-packages filename by @hugovk in #536
- Bump disposable-email-domains from 0.0.108 to 0.0.118 by @dependabot in #535
New Contributors
Full Changelog: v2.4.0...v2.5.0
Contributors
hugovk, bthuilot, and 2 other contributors
Assets 2
v2.4.0
New features
- Add new Github Action ecosystem by @juliendoutre in #527
Bug fixes and improvements
- Add shady links domains by @sobregosodd in #521
- Add Mach-O magic bytes to bundled binary detector by @ocku in #523
- Adding packer detection by @sobregosodd in #524
Chores
- Bump disposable-email-domains from 0.0.108 to 0.0.115 by @dependabot in #519
- Bump pygit2 from 1.16.0 to 1.17.0 by @dependabot in #518
- Bump disposable-email-domains from 0.0.108 to 0.0.117 by @dependabot in #525
- Fix the output parsing on the latest semgrep tool by @sobregosodd in #517
New Contributors
Full Changelog: v2.3.0...v2.4.0
Contributors
dependabot, juliendoutre, and 2 other contributors
Assets 2
v2.3.0
Bug fixes and improvements
- Remove BIDI rule and pin semgrep by @sobregosodd in #516
Contributors
sobregosodd
Assets 2
v2.2.0
Bug fixes and improvements
- Enhance Python obfuscation rule by @ikretz in #493
- Fix tests and upgrade pkgs by @sobregosodd in #496
- Adding new case to npm-exfiltration by @sobregosodd in #501
- Adding new shady-links patterns by @sobregosodd in #507
- Prevent code from bypassing semgrep by @sobregosodd in #510
- Add and improve shady-links patterns by @sobregosodd in #515
Chores
- Bump disposable-email-domains from 0.0.108 to 0.0.111 by @dependabot in #497
- Bump pytest from 8.3.3 to 8.3.4 by @dependabot in #495
- Bump coverage from 7.6.8 to 7.6.9 by @dependabot in #500
- Bump disposable-email-domains from 0.0.111 to 0.0.112 by @dependabot in #504
- Bump click from 8.1.7 to 8.1.8 by @dependabot in #506
- Bump mypy from 1.13.0 to 1.14.0 by @dependabot in #505
- Bump urllib3 from 2.2.3 to 2.3.0 by @dependabot in #503
- Bump jinja2 from 3.1.4 to 3.1.5 by @dependabot in #509
- Bump mypy from 1.14.0 to 1.14.1 by @dependabot in #512
- Bump coverage from 7.6.9 to 7.6.10 by @dependabot in #511
- Bump disposable-email-domains from 0.0.108 to 0.0.114 by @dependabot in #513
Full Changelog: v2.1.0...v2.2.0
Contributors
dependabot, ikretz, and sobregosodd
Assets 2
v2.1.0
Bug fixes and improvements
- feat: add typosquatting analyzer for go modules by @bthuilot in #481
- Dedup YARA findings by @sobregosodd in #480
- Change logging stream to stderr by @sobregosodd in #492
Chores
- Bump mypy from 1.12.1 to 1.13.0 by @dependabot in #479
- Bump disposable-email-domains from 0.0.107 to 0.0.108 by @dependabot in #478
- Bump setuptools from 75.2.0 to 75.3.0 by @dependabot in #482
- Bump prettytable from 3.11.0 to 3.12.0 by @dependabot in #483
- Bump python-whois from 0.9.4 to 0.9.5 by @dependabot in #488
- Bump sarif-tools from 3.0.3 to 3.0.4 by @dependabot in #487
- Bump coverage from 7.6.4 to 7.6.7 by @dependabot in #486
- Bump setuptools from 75.3.0 to 75.5.0 by @dependabot in #485
- Bump coverage from 7.6.7 to 7.6.8 by @dependabot in #490
- Bump setuptools from 75.5.0 to 75.6.0 by @dependabot in #489
New Contributors
Full Changelog: v2.0.6...v2.0.7
Contributors
bthuilot, dependabot, and sobregosodd
Assets 2
v2.0.6
Bug fixes and improvements
- Enhance exfiltrate-sensitive-data rule by @ikretz in #475
- Enhance shady links rule by @sobregosodd in #476
- Fix os usage case in npm-exfiltrate-sensitive-data by @sobregosodd in #477
Chores
- Bump setuptools from 75.1.0 to 75.2.0 by @dependabot in #474
- Bump mypy from 1.11.2 to 1.12.1 by @dependabot in #473
- Bump coverage from 7.6.1 to 7.6.4 by @dependabot in #472
- Bump pygit2 from 1.15.1 to 1.16.0 by @dependabot in #469
- Bump termcolor from 2.4.0 to 2.5.0 by @dependabot in #467
Full Changelog: v2.0.5...v2.0.6
Contributors
dependabot, ikretz, and sobregosodd
Assets 2
v2.0.5
Bug fixes and improvements
- Improve code execution and shady links rules by @ikretz in #463
- Updating npm and pypi top pkgs by @sobregosodd in #466
- Compute SHA-256 in bundled_binary by @ikretz in #471
Chores
- Bump disposable-email-domains from 0.0.104 to 0.0.107 by @dependabot in #465
- Bump pytest from 8.3.2 to 8.3.3 by @dependabot in #459
- Bump setuptools from 74.1.2 to 75.1.0 by @dependabot in #460
- Bump sarif-tools from 2.0.0 to 3.0.3 by @dependabot in #464
- Bump urllib3 from 2.2.2 to 2.2.3 by @dependabot in #461
Full Changelog: v2.0.4...v2.0.5
Contributors
dependabot, ikretz, and sobregosodd
Assets 2
v2.0.4
Bug fixes and improvements
- Fix RST syntax by @miketheman in #453
- FP npm-install-script - exclude case by @sobregosodd in #452
- FN: Adding a new detection case to npm-exec-base64 by @sobregosodd in #456
Chores
- Updating top packages list for typosquatting by @sobregosodd in #451
- Bump setuptools from 73.0.1 to 74.1.2 by @dependabot in #455
- Bump pyyaml from 6.0.1 to 6.0.2 by @dependabot in #450
- Bump configparser from 7.0.0 to 7.1.0 by @dependabot in #449
New Contributors
- @miketheman made their first contribution in #453
Full Changelog: v2.0.3...v2.0.4
Contributors
miketheman, dependabot, and sobregosodd
Assets 2
v2.0.3
Bug fixes and improvements
- Bugfix: obfuscation False Positive by @sobregosodd in #445
- Fix YARA execution bugs by @sobregosodd in #444
Chores
- Bump setuptools from 70.3.0 to 73.0.1 by @dependabot in #447
- Bump mypy from 1.11.0 to 1.11.2 by @dependabot in #446
- Bump flake8 from 7.1.0 to 7.1.1 by @dependabot in #438
- Bump coverage from 7.6.0 to 7.6.1 by @dependabot in #436
- Bump prettytable from 3.10.2 to 3.11.0 by @dependabot in #441
Full Changelog: v2.0.2...v2.0.3
Contributors
dependabot and sobregosodd