Skip to content
This repository was archived by the owner on Jun 9, 2022. It is now read-only.

Releases: hawkeyesec/scanner-cli

Improvement Release

Choose a tag to compare

@felixhammerl felixhammerl released this 17 Feb 08:50

With v1.8.0, the Hawkeye Scanner CLI moved its base image from CentOS to alpine. The image now clocks in at ~546 MB, most of which is the OWASP Dependency Scanner's feeds. This should significantly speed up a whole bunch of CI scans out there! A shout out to @CzarScar @z0u and @haohaolee

While we were at it, we've upgraded a bunch of tools:

  • OWASP Dependency Scanner was upgraded to v5.3.0
  • Find-Sec-Bugs was upgraded to v1.10.1
  • Moved to alpine's builtins for node, npm, yarn, ruby, and python, as they are less maintenance overhead.

Bugfix Release

Choose a tag to compare

@felixhammerl felixhammerl released this 26 Sep 10:00

Feature Release

Choose a tag to compare

@felixhammerl felixhammerl released this 25 Sep 20:01

Service Update

Choose a tag to compare

@felixhammerl felixhammerl released this 02 Jul 09:29
  • Update OWASP dependency check and bundle-audit at build time, no updates at runtime
  • Remove the superfluous node-crossenv module
  • Use temporary file for brakeman report instead of spamming the target folder
  • Use temporary file for findsecbugs report instead of spamming the target folder
  • Remove floating ruby dependencies

Service Update

Choose a tag to compare

@felixhammerl felixhammerl released this 06 Jun 14:20

This update brings:

Yarn support

Choose a tag to compare

@felixhammerl felixhammerl released this 03 Dec 15:54

This release adds support for yarn projects, identified by both package.json and yarn.lock files being present in the project root.

Maintenance Release

Choose a tag to compare

@felixhammerl felixhammerl released this 03 Dec 15:57

This release fixes the behavior of the node modules when no dependencies were added to the package.json file.

Also allows node versions starting with Carbon LTS to run hawkeye when installing locally as an npm dependency.

Security Release

Choose a tag to compare

@felixhammerl felixhammerl released this 03 Dec 16:01

This release removes the dependency on the vulnerable event-stream package (report here) that was ingested via multiple packages.

Further information: