Releases: kulkansecurity/gitxray
Releases · kulkansecurity/gitxray
1.0.17.4
Release v1.0.17.4 (April 27th, 2025)
- Removed external links to Bootstrap CSS, JavaScript, and the Gitxray logo; now all assets (styles, scripts, images) are embedded so HTML reports are fully self-contained.
- Merged a PR by satoridev01 which prevents Gitxray from printing stars, watchers, created, updated, contributors and anonymous if they were not found, as opposed to stating "0".
1.0.17.3
Release v1.0.17.3 (March 2nd, 2025)
- Added handling of Blocked repositories. The GitHub API presents a different error than for not-found repos, and includes a reason; which we now include in our reports. Thanks to satoridev01 for reporting the behavior.
1.0.17.2
Release v1.0.17.2 (February 16th, 2025)
- Added a Highlighted findings section to the HTML report. Special thanks to Viktor and Darin from DevOps Paradox for their feedback.
- Added to every table in the HTML report the ability to collapse and expand.
- Merged the finding on similar repository names with the finding on the repository being the most starred.
- Improved the introduction section of the HTML report to guide users with sample use-cases for Gitxray.
1.0.17.1
Release v1.0.17.1 (January 30th, 2025)
- Fixed parsing of legacy workflows which include an empty path attribute.
- Fixed parsing of broken armored PGP keys which appear to be accepted by GitHub when being added to a user's profile.
1.0.17
Release v1.0.17 (January 26th, 2025)
- Added a new "--shush" parameter which turns "shushable" mode on, discarding any progress output from stdout.
- Added a new finding under the "personal" category which tells if the contributor has enabled "Available for hire" in their profile (docs describe it here: https://docs.github.com/en/account-and-profile/setting-up-and-managing-your-personal-account-on-github/managing-user-account-settings/about-available-for-hire)
- Added a "WARNING" label/prefix on a couple of Workflow findings which deserve an extra highlight.
- Turned gh_api into a class named GitHubRESTAPI which stores a reference to gx_output.
- Added a new stdout method in gx_output to act as a proxy for print() calls, discarding "shushable" output.
1.0.16.5
Release v1.0.16.5 (January 18th, 2025)
- Fixed an error case (an unhandled exception) that showed up when scanning repositories with a very large list of contributors (e.g. torvalds/linux, or MicrosoftDocs/azure-docs), which leads to GitHub REST APIs responding in an undocumented manner, stating that: "The history or contributor list is too large to list contributors for this repository via the API".
1.0.16.4
Release v1.0.16.4 (October 30th, 2024)
- Fixed an error case that should be fixed in gh_api.py eventually: GitHub returning unexpected error responses when querying for certain releases while being unauthenticated. Thank you once again fearcito for your input and testing.
1.0.16.3
Release v1.0.16.3 (October 28th, 2024)
- Only showing "updated at" for comments if the created_at and updated_at field values differ. This helps place focus on updated comments which could potentially reveal a contributor trying to hide a past comment. GitHub is kind to show an Edit history for said comments as a menu option next to the comment itself.
1.0.16.2
Release v1.0.16.2 (October 25th, 2024)
- Added validation against Null values for fields "author" and "uploader" in Releases and Assets. Special thanks to fearcito for reporting the issue.
1.0.16.1
Release v1.0.16.1 (October 22nd, 2024)
- Fixed a typo in a call to r_log() which led to an uhandled exception when scanning repositories with self-hosted runners. Special thanks to farnaboldi for reporting the issue.