Workflow

Guarddog

Latest version: v2.1.0

Safety actively analyzes 688313 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 7 of 8

1.1.0

What's Changed

New features:
* Create new heuristic to identify PyPI packages with a single Python file (closes 160) by christophetd in https://github.com/DataDog/guarddog/pull/162

Enhancements:
* Catch dynamic execution of base64-encoded code through `__import__` (fixes 157) by christophetd in https://github.com/DataDog/guarddog/pull/158

Bug fixes:
* Don't run Semgrep when no sourcecode rule should be run (fixes 161) by christophetd in https://github.com/DataDog/guarddog/pull/163
* Fix package extraction for namespaced npm packages (fixes 155) by christophetd in https://github.com/DataDog/guarddog/pull/156



Chores:
* Bump click-option-group from 0.5.3 to 0.5.5 by dependabot in https://github.com/DataDog/guarddog/pull/152
* Bump docker from 6.0.0b1 to 6.0.1 by dependabot in https://github.com/DataDog/guarddog/pull/149
* Bump idna from 3.3 to 3.4 by dependabot in https://github.com/DataDog/guarddog/pull/151
* Bump platformdirs from 2.5.2 to 3.0.0 by dependabot in https://github.com/DataDog/guarddog/pull/150
* Sync requirements.txt by christophetd in https://github.com/DataDog/guarddog/pull/154

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.0.2...v1.1.0

1.0.2

What's Changed

Bug fixes:
* Fixed a bug where a local target could be considered a remote one by mistake (e.g. `guarddog pypi scan ../foo`) (147)

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.0.1...v1.0.2

1.0.1

What's Changed

Bug fixes:
* Fix a bug where a remote target could be considered a local one by mistake (144)

Chores:
* Bump ujson from 5.4.0 to 5.7.0 by dependabot in https://github.com/DataDog/guarddog/pull/143
* Bump jsonschema from 4.9.1 to 4.17.3 by dependabot in https://github.com/DataDog/guarddog/pull/142
* Bump websocket-client from 1.3.3 to 1.5.1 by dependabot in https://github.com/DataDog/guarddog/pull/141
* Bump requests from 2.28.1 to 2.28.2 by dependabot in https://github.com/DataDog/guarddog/pull/140
* Bump pathos from 0.2.9 to 0.3.0 by dependabot in https://github.com/DataDog/guarddog/pull/139

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v1.0.0...v1.0.1

1.0.0

This is a new major version with breaking changes.

What's Changed

**Breaking changes:**
* The commands `guarddog scan` and `guarddog verify` have been deprecated and will be removed in an upcoming version. Use `guarddog pypi scan` and `guarddog pypi verify` instead


New features:
* Added support for scanning npm packages (`guarddog npm scan`) and package.json (`guarddog npm verify`)
* Support SARIF output to allow for easy use with GitHub Code Scanning
* Added commands `guarddog pypi list-rules` and `guarddog npm list-rules`
* Support verbose debugging output through `guarddog --log-level debug ...`

New heuristics:
* New Python heuristic `silent-process-execution` to identify packages silently executing processes, similar to the Pytorch attack
* New PyPI metadata heuristic: `repository_integrity_mismatch` compares the contents of a package on PyPI with its contents on GitHub, and flags packages that have extraneous or modified files not reflected on GitHub
* New npm heuristic: typosquatting
* New npm heuristic: detecting silent process execution
* New npm heuristic: detecting post and pre-install hooks
* New npm heuristic: detecting when a npm package serializes `process.env`

Cosmetics:
* GuardDog now has an official logo!
* README heuristics documentation is now automatically generated and injected in the README

Minor changes:
* chores: Bump certify version to fix GHSA-43fp-rhv2-5gv8

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v0.1.10...v1.0.0

0.1.10

What's Changed
* Add pre-commit hooks configuration for local development by christophetd in https://github.com/DataDog/guarddog/pull/107
* Fixing False Positives and Duplicate Errors in the Typosquatting Algorithm by QuinceyJames in https://github.com/DataDog/guarddog/pull/108

New Contributors
* QuinceyJames made their first contribution in https://github.com/DataDog/guarddog/pull/108

**Full Changelog**: https://github.com/DataDog/guarddog/compare/v0.1.9...v0.1.10

0.1.9

What's Changed
* Bug fix: scanning zip packages by christophetd in https://github.com/DataDog/guarddog/pull/105
* Heuristic: identify usage of globals and __import__ (closes 62) by christophetd in https://github.com/DataDog/guarddog/pull/106


**Full Changelog**: https://github.com/DataDog/guarddog/compare/v0.1.8...v0.1.9

Page 7 of 8

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.