Added

• #770 Trufflehog
• #767 New config option for GradleOSV and ReportGradleDeps to handle multi project build.

Added

#762 Semgrep config option show_syntax_errors.

Upgraded

• #752 semgrep to 1.0.0

Added

• #753 support normalized semgrep exceptions
• #755 allow semgrep config to be from root dir

Fixed

• #754 Fix warn_message bug

Full Changelog: https://github.com/coinbase/salus/compare/2.23.4...2.24.0

Updated

https://github.com/coinbase/salus/pull/749 - Adding support for sub-directory for Semgrep https://github.com/coinbase/salus/pull/746 - Adding a new salusWarnMessage flag in SARIF

Updated

https://github.com/coinbase/salus/pull/744 - Bump Golang 1.19.3

Upgraded

#740 - Update Gosec scanner to 2.12.0

Updated

https://github.com/coinbase/salus/pull/734 - Enable reporting transitive dependencies for yarn2.x+ https://github.com/coinbase/salus/pull/735 - Support for proto files https://github.com/coinbase/salus/pull/733 - Bump nokogiri to 1.13.9 https://github.com/coinbase/salus/pull/737 - Improving version parsing

Added

#728 git diff support for semgrep

###Updated #729, #730 README for semgrep. Fixed incorrect semgrep version, updated semgrep doc for allowlisting findings

Fixed

• #722 Semgrep sarif - severity always hardcoded.
• #720 Semgrep sarif - special salus SCANNER_ERROR id not used if parser error.
• #718 Semgrep sarif - code snippet sometimes incomplete.
• #717 Semgrep sarif - all forbidden patterns always have the same id.
• #705 Semgrep - incomplete error message missing key info, and sometimes wrong semgrep exit status.
• #707 Bandit installation issue with circle ci.

#695 Update Brakeman to v5.3.1 #693 Update Semgrep