February 24th, 2021
:mega: Release Highlights
- Added a concept of ["filters"](./docs/filters.md), to weed out false positives
- Introduce the concept of ["transformers"](./docs/design.mdTransformers), to standardize file
parsing across plugins
- Designed an upgrade system for easy migrations of older baseline versions
- Core engine redesigned to support module usage (rather than just interacting with it through
the command line)
- Added a global [`Settings`](./docs/design.mdSettings) object for repeatable, serializable,
configurations
- Introduced dependency injection framework for easy-to-design filters.
:boom: Breaking Changes
Honestly, too many to list out. Check out the original pull request
([355](https://github.com/Yelp/detect-secrets/pull/355)) for more details. It's safe to assume
that if you interacted with `detect-secrets` as a module (rather than solely a pre-commit hook
or CLI tool), the APIs have changed (for the better).
**However**, with the new upgrade infrastructure in place, the baseline files will auto upgrade
by themselves. Users that have used it solely as a pre-commit hook or CLI tool may need to consult
the ["User Facing Changes"](https://github.com/Yelp/detect-secrets/pull/355) for flag renaming.
:tada: New Features
- Added `NpmDetector` ([347], thanks [ninoseki])
- Added `AzureStorageKeyDetector` ([359], thanks [DariuszPorowski])
- Added `SquareOauthDetector` ([398], thanks [pablosantiagolopez])
- Added `--only-allowlisted` flag to scan for inline ignores
- Added `--list-all-plugins` to show a list of all plugins available to the engine
- Added `--exclude-secrets` flag to ignore secrets that match specific regexes
([391], thanks [pablosantiagolopez])
- Added `--slim` flag to generate baselines that minimize git diffs
- Added `--disable-filter` to disable specific filters
- Added `--disable-plugin` to disable specific plugins
- Added support for ` pragma: allowlist nextline secret` to ignore the following line
([367], thanks [nickiaconis])
[347]: https://github.com/Yelp/detect-secrets/pull/347
[359]: https://github.com/Yelp/detect-secrets/pull/359
[367]: https://github.com/Yelp/detect-secrets/pull/367
[391]: https://github.com/Yelp/detect-secrets/pull/391
[398]: https://github.com/Yelp/detect-secrets/pull/398
[DariuszPorowski]: https://github.com/DariuszPorowski
[nickiaconis]: https://github.com/nickiaconis
[ninoseki]: https://github.com/ninoseki
[pablosantiagolopez]: https://github.com/pablosantiagolopez
:telescope: Accuracy
- AWS Plugin now scans for secret tokens as well ([397], thanks [pablosantiagolopez])
[397]: https://github.com/Yelp/detect-secrets/pull/397
[pablosantiagolopez]: https://github.com/pablosantiagolopez
:mortar_board: Walkthrough / Help
- The README now includes examples of common usages, features, and an FAQ section for
the common questions we often receive as GitHub issues.
- So much better [technical documentation](./docs)!
- Type support added
:bug: Bugfixes
- Inline allowlisting is respected by regular scans, rather than only pre-commit hook
- `audit` functionality improved on Windows machines
- git operations now handle file paths with spaces
- fix KeywordDetector hanging on very long lines ([373], thanks [gpflaum])
[373]: https://github.com/Yelp/detect-secrets/pull/373
[gpflaum]: https://github.com/gpflaum