v2.10.0

2.10.0 (2026-03-31)

Features

• add HTML dashboard report format + fix YAML indentation (15a6dd2)

v2.9.0

2.9.0 (2026-03-31)

Features

• add --format (table/json/csv/toml) and --verbose flags (2db8427)

v2.8.3

2.8.3 (2026-03-31)

Bug Fixes

• ci: fix checkout v6 credential conflict with create-pull-request (8c8e1db)

v2.8.2

2.8.2 (2026-03-31)

Bug Fixes

• ci: clear checkout credentials before create-pull-request (0d882b9)
• ci: fix versioning workflow duplicate Authorization header (eabdbf3)

v2.8.1

2.8.1 (2026-03-31)

Bug Fixes

• security: upgrade all deps — axios supply chain attack (2026-03-31) (7b416bc)

v2.8.0

2.8.0 (2026-03-19)

Bug Fixes

• address regressions and remaining security issues from re-audit (8d7d0cb)
• address remaining bugs, hardening, and test coverage (5de96be)
• migrate console.* to logger, remove request pkg, fix empty catches (a37faa0)
• P1 hardening — GCP log sanitization, Docker non-root, K8s Jobs (6393dba)
• prevent TypeError when alert type has no required env vars (7e1d4a2)
• remove AWS key from logs, add GCP Cloud Storage export/save (00684da)
• security: address critical injection and TLS vulnerabilities (aa09eb0), closes #7332

Features

• add CIS security rules for PostgreSQL, MySQL, Oracle and MongoDB (#656) (4cc8fc9)
• add integration tests to CI/CD pipelines (#655) (491da53)
• enrich per-rule webhook payload for external remediation (#657) (231eba7)
• implement remaining P0 — SSRF protection, Slack alerts, S3 save (0e28825)

v2.7.0

2.7.0 (2026-01-28)

Features

• updates all packages (27b556d)

v2.6.0

2.6.0 (2025-11-27)

Features

• github: test Sha1hulud supply chain attack rule (986d3c8)
• send condition to display in alerting & display addon (195d467)

v2.5.9

2.5.9 (2025-11-27)

Bug Fixes

• release � (4cfbc27)

v2.5.8

2.5.8 (2025-11-27)

Bug Fixes

• release kexa fix for js-yaml infected (985fe36)