Skip to content

Release 2.0.0

Choose a tag to compare

View all tags
@devatsecure devatsecure released this 08 Feb 11:04
· 93 commits to main since this release
v2.0.0
5197f3b

🚀 What's Changed

  • fix: Address 5 bugs from Cursor Bugbot code review (#33) (@devatsecure)
  • docs: Clean up internal comments and section headers (@devatsecure)
  • feat: Add 15 advanced security modules (Shannon + Trivy feature ports) (@devatsecure)
  • fix: Reduce false positives by detecting safe coding patterns before flagging (@claude)
  • fix: Resolve 7 pipeline-breaking bugs found during full Docker scan (@devatsecure)
  • fix: Replace remaining || true with continue-on-error for mypy in tests.yml (@devatsecure)
  • refactor: Decompose god objects and harden security across pipeline (@devatsecure)
  • feat: Add Pipeline Stage Interface, Typed Schemas, and Config Profiles (@claude)
  • feat: Add responsible disclosure generator (Phase 6.5) (@devatsecure)
  • fix: Resolve dataclass attribute access errors and add missing CLI options (@devatsecure)
  • refactor: Add exceptions module and all exports to all modules (@devatsecure)
  • test: Update regression test results after import fixes (@devatsecure)
  • chore: Add local artifacts to .gitignore (@devatsecure)
  • refactor: Extract ReviewMetrics to separate module and update CLAUDE.md (@devatsecure)
  • refactor: Extract classes from run_ai_audit.py into separate modules (@devatsecure)
  • fix: Production readiness improvements and test fixes (@devatsecure)
  • fix: 6 critical accuracy improvements to Enhanced FP Detector (@devatsecure)
  • feat: Complete Enhanced False Positive Detector with 8 Architectural Improvements (@devatsecure)
  • fix: Correct Phase 4 sandbox validation status reporting (@devatsecure)
  • fix: Correct Semgrep field name mappings in hybrid_analyzer (@devatsecure)
  • docs: Clarify phase numbering convention (2.5-2.7 explained) (@devatsecure)
  • docs: Update README with complete pipeline (Phases 2.5-2.7), DAST, and Vulnerability Chaining (@devatsecure)

🐳 Docker Images

Multi-platform container images are available on GitHub Container Registry:

# Pull the image
docker pull ghcr.io/devatsecure/Argus-Security:2.0.0
docker pull ghcr.io/devatsecure/Argus-Security:2.0
docker pull ghcr.io/devatsecure/Argus-Security:2
docker pull ghcr.io/devatsecure/Argus-Security:latest

Supported Platforms

  • linux/amd64
  • linux/arm64

Quick Start

# Run security audit on current directory
docker run -v $(pwd):/workspace \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  ghcr.io/devatsecure/Argus-Security:2.0.0 \
  /workspace audit

GitHub Actions Usage

- name: Run Argus Security Review
  uses: devatsecure/argus-action@v2.0.0
  with:
    anthropic_api_key: 
    severity_threshold: high

📦 Installation

Using Docker (Recommended)

docker pull ghcr.io/devatsecure/Argus-Security:2.0.0

Using pip

pip install git+https://github.com/devatsecure/Argus-Security.git@v2.0.0

Using GitHub Actions

See README.md for complete setup instructions.

🔒 Security

This release includes:

  • ✅ Signed container images (Sigstore/cosign)
  • ✅ Software Bill of Materials (SBOM)
  • ✅ Provenance attestations
  • ✅ Vulnerability scanning (Trivy)

Verify Container Signature

cosign verify \
  --certificate-identity-regexp="https://github.com/devatsecure/Argus-Security" \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  ghcr.io/devatsecure/Argus-Security:2.0.0

📚 Documentation

🐛 Bug Reports

Found a bug? Please open an issue.

Full Changelog: v1.5.0...v2.0.0

Contributors

claude and devatsecure
Assets 2
Loading