v1.6.0

Leakwatch is now available on the GitHub Marketplace — add secret scanning to any workflow in one line.

Highlights

• GitHub Marketplace Action — uses: HodeTech/Leakwatch@v1. A composite action that installs a prebuilt, checksum-verified binary (no Go toolchain), runs a scan, maps exit codes, writes a job summary, and can upload SARIF to Code Scanning. Supports PR-diff scanning (scan-diff), format, min-severity, only-verified, extra-args, and more. Linux & macOS runners.
• New github output format — --format github emits workflow commands so findings appear as inline annotations on pull requests.
• Config keys now take effect — custom-rules, verification.*, filter.exclude-detectors, and output.severity-threshold from .leakwatch.yaml are wired into the scan (previously documented but no-ops). scan repos honors all scan config too.
• Accurate locations & inline ignore — findings report real line numbers; # leakwatch:ignore / # leakwatch:ignore:<detector-id> markers are honored; SARIF results carry location-stable partialFingerprints so Code Scanning tracks an alert across line moves.
• Security hardening — credentials are redacted in Git URLs and verifier transport errors; the composite action isolates inputs via env (no shell injection) and honors the leakwatch exit code.
• Docs & site — bilingual (EN/TR) user manuals on a GitHub Pages site, plus an in-browser playground.

Fixed

• dbconn placeholder matching is now case-insensitive (Password=TODO no longer reported).
• Detection-core hardening (matcher race, redaction, output model) and verifier fixes (no credential leak on redirect; correct status semantics).

Install

# .github/workflows/leakwatch.yml
- uses: HodeTech/Leakwatch@v1
  with:
    scan-type: fs

brew install HodeTech/tap/leakwatch
go install github.com/HodeTech/leakwatch@latest
docker run --rm -v "$(pwd):/scan" ghcr.io/hodetech/leakwatch scan fs /scan

Full changelog: v1.5.0...v1.6.0

v1.5.0

Changelog

• d750bc7 fix(detector): reduce false positives — lock files, placeholders, ADO.NET support
• f3597a5 fix(test): update PagerDuty tests for context-aware detection

v1.4.0

Changelog

• 60dc653 feat(cli): scan summary with date, target, duration, file count
• 1cbefc9 fix(security): Go 1.25.9 + go-git v5.17.1, comprehensive docs update

v1.3.2

Changelog

• c7c9d42 feat(cli): rich help messages, init command, colored table, default cwd scan (#5)

v1.3.1

Changelog

• 3dd56e1 fix: force lowercase binary name in GoReleaser (#4)

v1.3.0

Changelog

• e760301 chore: add Code of Conduct, issue templates, enable discussions (#1)
• 85b18ed docs(readme): update supported secret types table — 20+ detectors
• f513edd feat(detector): Sprint 2 — 13 new detectors for cloud, AI, CI/CD, identity
• ab60f64 feat(detector): Sprint 3 — 15 new detectors for packages, cloud, SaaS, monitoring
• 19f9a53 feat(detector): Sprint 4 — 15 new detectors for CI/CD, data, infra, security
• a903819 feat(detector): add 5 more detectors — Discord, Telegram, Redis, Snowflake, Datadog
• e3044e9 feat(detector): add 5 new detectors — OpenAI, Anthropic, GitLab, SendGrid, NPM
• 9312f5d feat(detector): add APISIX key patterns to generic API key detector
• cde284a feat(remediation): Phase 6 — remediation guidance for all detectors
• 2ed85d1 feat(slack): Phase 7 — Slack workspace scanning source
• 9e8d2b1 feat(verifier): Slack token verifier via auth.test API
• 6e36edb feat(verifier): V-1 sprint — 11 new verifiers (coverage 4.8% → 22%)
• 342a93b feat(verifier): V-2 sprint — 12 new verifiers (coverage 22% → 41%)
• ce23a19 feat(verifier): V-3 sprint — 10 new verifiers (coverage 41% → 57%)
• 1a2fae0 feat(verifier): V-4 sprint — 10 Tier 2 verifiers (coverage 57% → 73%)
• a5d2357 feat(verifier): V-5 sprint — 7 Tier 2+3 verifiers (coverage 73% → 84%)
• f8144cb fix: resolve all lint issues, enforce pre-commit lint standard

v1.0.0

Changelog

• 85d20d8 chore: proje iskeleti, Go modülü ve build altyapısı oluşturuldu
• a917c1d docs(guides): add VS Code, Git scanning, verification, and Docker guides
• a5f7d0a docs(readme): update status, add S3/GCS/Docker/parallel repo examples
• c48b2ce docs(roadmap): Faz 1-4 tamamlandı olarak işaretlendi, durum özeti eklendi
• 43f9ebf docs(roadmap): Faz 5 kısa vadeli hedefler tamamlandı olarak güncellendi
• 9d6f979 docs(roadmap): restructure document for readability
• cc41b96 docs(roadmap): update to v3.0 with v1.0.0 release summary
• 9caf674 feat(cli): Cobra CLI komutları — scan fs, scan git, version
• 4f58b2b feat(core): temel arayüzler, tipler ve altyapı paketleri oluşturuldu
• 0d541ad feat(detect): Faz 3 — Aho-Corasick, yeni dedektörler, verifier altyapısı
• 0599dc0 feat(engine): tarama motoru, dedektörler, filesystem source ve JSON formatter
• 35ecf31 feat(git): Git deposu tarama kaynağı ve commit geçmişi analizi
• 0b3d0a3 feat(phase4): container tarama, SARIF/CSV/Table çıktı, ignore sistemi
• 40ea57d feat(phase5): GitHub Action, Docker, Homebrew, verifier'lar, S3/GCS, parallel repo
• d0ba3a3 feat(vscode): VS Code extension — diagnostics, scan-on-save, status bar
• 7a3f6ab feat: add architectural decision records for programming language, CLI framework, Git library, plugin architecture, pattern matching strategy, container library, license, and concurrency model
• be941f0 fix: Faz 3-4 review bulguları düzeltildi (71 bulgu)