Skip to content

Release 3.1.0

Latest
Latest

Choose a tag to compare

View all tags
@devatsecure devatsecure released this 28 Mar 04:47
v3.1.0
7a6b42c

🚀 What's Changed

  • feat: add whole-repo LLM review (Phase 2.8) + expanded Semgrep rules (@devatsecure)
  • fix: guard against None LLM responses in agent_personas and remediation_engine (@devatsecure)
  • feat: add per-phase model routing + fix MiMo None response (@devatsecure)
  • docs: update CLAUDE.md with OpenRouter provider docs and Docker ARM64 instructions (@devatsecure)
  • feat: add OpenRouter provider + fix config passthrough for all 46 features (@devatsecure)
  • docs: update CLAUDE.md with skills knowledge across all phases (@devatsecure)
  • feat: wire skills knowledge into Phase 2, Phase 4, and Phase 6 (@devatsecure)
  • docs: add Feature Matrix to README with ON/OFF default status (@devatsecure)
  • feat: enable skills knowledge by default with auto-discovery (@devatsecure)
  • feat: integrate cybersecurity skills knowledge into Phase 3 agent personas (@devatsecure)
  • fix(tests): use tests.utils.* imports in integration tests (@devatsecure)
  • fix: add required utils and audit docs (db_connection, retry_policies) (@devatsecure)
  • fix: audit follow-up — fixture comments, advanced_suppression config_path, scanner runners (@devatsecure)
  • fix: audit fixes — path traversal, ruff lint, test robustness, docs (@devatsecure)
  • chore: remove redundant docs and one-off summaries (@devatsecure)
  • docs: update Audited Projects with scanned repos, order by GitHub stars (#46) (@waseem Ahmed)
  • feat: Add proxy support and explicit model override for LLM pipeline (@devatsecure)
  • fix: Update Gitleaks scanner for v8.21+ CLI changes and add MiroFish audit (@devatsecure)
  • feat: Wire Gitleaks scanner into pipeline and rewrite README (@devatsecure)

🐳 Docker Images

Multi-platform container images are available on GitHub Container Registry:

# Pull the image
docker pull ghcr.io/devatsecure/Argus-Security:3.1.0
docker pull ghcr.io/devatsecure/Argus-Security:3.1
docker pull ghcr.io/devatsecure/Argus-Security:3
docker pull ghcr.io/devatsecure/Argus-Security:latest

Supported Platforms

  • linux/amd64
  • linux/arm64

Quick Start

# Run security audit on current directory
docker run -v $(pwd):/workspace \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  ghcr.io/devatsecure/Argus-Security:3.1.0 \
  /workspace audit

GitHub Actions Usage

- name: Run Argus Security Review
  uses: devatsecure/argus-action@v3.1.0
  with:
    anthropic_api_key: 
    severity_threshold: high

📦 Installation

Using Docker (Recommended)

docker pull ghcr.io/devatsecure/Argus-Security:3.1.0

Using pip

pip install git+https://github.com/devatsecure/Argus-Security.git@v3.1.0

Using GitHub Actions

See README.md for complete setup instructions.

🔒 Security

This release includes:

  • ✅ Signed container images (Sigstore/cosign)
  • ✅ Software Bill of Materials (SBOM)
  • ✅ Provenance attestations
  • ✅ Vulnerability scanning (Trivy)

Verify Container Signature

cosign verify \
  --certificate-identity-regexp="https://github.com/devatsecure/Argus-Security" \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  ghcr.io/devatsecure/Argus-Security:3.1.0

📚 Documentation

🐛 Bug Reports

Found a bug? Please open an issue.

Full Changelog: v6.0.0...v3.1.0

Contributors

waseem and devatsecure
Assets 2
Loading