v0.5.1 — Supply-Chain Intelligence (hardening)

v0.5.1 — Supply-Chain Intelligence (hardening)

A hardening + correctness release on top of v0.5.0, including a focused /attack pass on the new OSV egress surface.

Fixed

• Verification request amplification — identical secrets gathered concurrently each fired a separate outbound auth request to the provider (the in-run dedup populated its cache only after the await). Now collapses to a single request per distinct secret via an await-once pattern. Also fixes cross-Python-version flakiness in the dedup test.
• OSV robustness — a malformed-but-200 OSV response (non-JSON body or unexpected shape) crashed the supply-chain scan instead of degrading to the curated list; per-batch and per-vuln parsing is now guarded.
• Click ≥8.2 / CI compatibility — the v0.5 CLI/smoke tests used CliRunner(mix_stderr=), removed in Click 8.2 (CI installs it on Python 3.10+); switched to --no-verify-banner so parsed stdout stays clean on every Click version.
• Version-fragile test — test_status_is_string_enum asserted the Python-3.12 (str, Enum).__str__ output; now asserts the version-stable JSON-serialization contract.

Security (hardening — /attack pass on the v0.5 egress surface)

• URL-encode OSV-provided vuln IDs before interpolating them into the hydration URL path.
• Cap total OSV vuln-hydration fan-out to --osv-max (a dependency with many advisories — or a hostile OSV — can no longer amplify into unbounded outbound requests).
• Skip lock files larger than 1 MB in parse_all (mirrors the filesystem scanner).
• Clamp --osv-max (≥0) and --osv-timeout (≥0.1).

329 tests. No changes to the v0.5.0 feature set.

v0.5.0 — Supply-Chain Intelligence

v0.5.0 — Supply-Chain Intelligence

Turns GitExpose's static supply-chain signatures into real, live dependency SCA.

Added

• Live dependency SCA — lock-file parsing for Python (requirements.txt, poetry.lock, Pipfile.lock) and JavaScript (package-lock.json, yarn.lock v1 + Berry), enriched via OSV.dev live CVE/GHSA/malicious-package advisories. New vulnerable_dependency finding type (OWASP A06:2021 / CICD-SEC-3; AI middleware also keeps its ATLAS tag).
• OSV.dev integration — default on; sends only package names + versions (no secrets) via the batch endpoint (≤1000/request → bounded fan-out). --offline opt-out falls back to the curated known-bad list; any network failure degrades gracefully rather than failing the scan. New flags: --offline, --osv-timeout, --osv-max.
• CycloneDX 1.6 AI-BOM — -o cyclonedx (alias aibom); components (PURLs + lock-file integrity hashes), dependency-vulnerability VEX, and NTIA minimum elements.
• Exploitability-first ranking — vulnerable_dependency findings are ordered by exploitability context (direct/transitive, fix-available, pinned, credential-co-presence), CVSS only as a tiebreaker.
• Honest VEX — a vulnerability is marked exploitable only when proven (a credential in the same source file was --verify-confirmed live, or OSV flags it known-exploited), else in_triage. Never not_affected. Self-contained CVSS v3.1 base-score computation (no external CVSS dependency).

Changed

• New core deps: cyclonedx-python-lib, packageurl-python (pure-Python); tomli only on Python 3.9/3.10.
• 325 tests (was 287 at v0.4).

Deferred to v0.6

• Classic typosquatting; lock-file poisoning checks (data already captured); Shai-Hulud install-time behavioral analysis; Go/Cargo ecosystems.

Note: the tagged tree (v0.5.0) ships the correct product code on all supported Python versions. A follow-up test-only commit on main (3c979fb) makes the v0.5 CLI test harness compatible with Click ≥8.2 (which removed CliRunner(mix_stderr=)); it does not change any shipped behavior.

v0.4.0 — Detection Depth

v0.4.0 — 2026-05-28 — Detection Depth

Added

• gitexpose git-history <path> — scans all reachable git history (git log -p --all --reverse) for credentials committed and later removed, reusing the full credential matrix. Each secret is reported once at its earliest-introducing commit, with commit SHA / author / date. Composes with --verify: a historical secret can be reported verified/dead/error — "deleted N commits ago, confirmed live." Flags: -o/--output, --out-file, --since, --max-commits, and the --verify* family.
• AI-supply-chain signature pack (working-tree, via supply-chain):
  • polyglot_file (HIGH) — text-extension file whose leading bytes are a binary/executable/archive signature (ELF, PE, ZIP, PDF, Mach-O, gzip). Built-in magic-byte detection — no external dependency.
  • skill_prompt_injection (HIGH, LLM01) — hidden directives in instruction files (CLAUDE.md/AGENTS.md/.continue/…): "ignore previous instructions", exfil directives, system-prompt-reveal attempts.
  • agent_config_malicious_content (CRITICAL) — command/exfil payloads inside CrewAI/AutoGen/litellm configs.
  • langgrinch_lc_key (CRITICAL) — heuristic pattern for LangChain lc--prefixed credentials (LangGrinch / CVE-2025-68664 context; upstream key format not authoritatively confirmed).
• AWS access+secret pairing — same-source aws_access_key + aws_secret_key findings are paired into ACCESS:SECRET so AWS keys now verify live (previously always ERROR). Applies to both supply-chain --verify and git-history --verify.
• Shared add_verify_args Click decorator (reused by supply-chain and git-history).

Changed

• New OPTIONAL dependency: python-magic>=0.4.27 (advanced extra; reserved for future richer format detection — the polyglot detector itself uses built-in magic bytes and needs no system lib).
• Test count grew from 251 (v0.3.0) to 287 (v0.4.0).
• Internal _verify_input (the paired AWS secret) is scrubbed from all command output.

Fixed

• The v0.3 smoke-test fixture (tests/fixtures/synthetic_repo_v03/.env) was never tracked — the generic .env gitignore rule silently dropped it at commit time, so test_smoke_v03 was red on clean checkouts. It is now tracked via a gitignore negation.

Deferred to v0.5

• AI-BOM (--format aibom) structured security inventory
• Policy engine + tamper-evident audit log
• Unreachable/dangling-blob history walk (force-pushed-away secrets)
• Additional provider verifiers (Discord/Telegram/Twilio/SendGrid/Stripe)
• --verify on the web-scan path; capability/scope enumeration

Full Changelog: v0.3.0...v0.4.0

v0.3.0 — Active Verification

v0.3.0 — 2026-05-28 — Active Verification

Added

• Active Verification engine (opt-in via --verify). 16 providers
  supported: OpenAI (3 variants), Anthropic, Groq, OpenRouter, Perplexity,
  xAI, Cerebras, Hugging Face, ElevenLabs, Pinecone, LangSmith (v2 + legacy),
  GitHub, GitLab, Docker Hub, Slack token, AWS (SigV4 GetCallerIdentity).
  Verification adds binary verified / dead / error status to each
  applicable finding.
• --verify CLI flags on the supply-chain command: --verify,
  --verify-concurrency, --verify-timeout, --verify-only-severity,
  --no-verify-banner.
• Consent banner printed to stderr when --verify is active. Names every
  destination host.
• Verification surfaces in all reporters: JSON (verification_status,
  verification_detail), SARIF (properties.verification_status + tags),
  HTML (color badge), CSV (two new columns), console (colored tag).
• In-run dedup: identical secrets in multiple files trigger only one
  verification call per scan.
• Log-redaction safety net: every verifier and engine path tested with a
  sentinel canary to guarantee no raw secret leaks to logs, stdout, stderr, or
  verification_detail.
• Tier 3 provider patterns: Helicone, Portkey, Voyage, Cohere, Modal
  (paired token), Runpod. Detection-only in v0.3; verification deferred to
  v0.4.
• GitHub Actions sample workflow at .github/workflows/gitexpose-scan.yml.
• pre-commit hook config at .pre-commit-hooks.yaml.
• docs/INTEGRATIONS_CICD.md — pipeline setup walkthrough.
• docs/INTEGRATIONS_CODE_SCANNING.md — GitHub Code Scanning setup +
  SARIF tag filtering.
• docs/MITRE_ATLAS_COVERAGE.md — per-detection ATLAS technique mapping.
• README "Why this matters" section linking to the CISA Private-CISA
  incident.

Changed

• New runtime dependency: httpx>=0.27.0.
• New dev dependency: respx>=0.21.0 for HTTP mocking in tests.
• Test count grew from 122 (v0.2.0) to 253 (v0.3.0).
• Project research notes now tracked under docs/notes/.
• .gitignore extended for workspace artifacts (.serena/, RESEARCH/,
  files/, root PNGs, uv.lock, .venv/).

Fixed

• gitexpose/advanced/mcp_server.py — removed unsupported validate=
  kwarg from SecretExtractor.extract() call; fixed .get("valid") →
  .get("validated") typo; fixed broken from .secret_extractor import path.
  Regression test added.
• gitexpose/advanced/local_fs_scanner.py — .env dotfiles were silently
  skipped (Path('.env').suffix is empty); added .env to the bare-filename
  allowlist so supply-chain scans actually read .env files.
• github_token verifier registration — the scanner emits finding type
  github_token (not github_pat); registered the alias so GitHub tokens are
  actually liveness-checked.

Deferred to v0.4

• Capability/scope enumeration (AWS IAM perms, GitHub PAT scopes, OpenAI
  org/project membership)
• AI-BOM (SPDX 3.0) output format
• Verifiers for Discord bot/webhook, Telegram, Twilio, SendGrid, Stripe (each
  needs case-by-case side-effect analysis)
• Tier 3 provider verification (need documented endpoint surfaces)
• Persistent cross-run verification cache
• Deep git-history traversal
• --verify on the web-scan command (cli.py:main produces URL findings, not
  extractable credentials)

Full Changelog: v0.2.0...v0.3.0

v0.2.0

Full Changelog: https://github.com/fevra-dev/GitExpose/commits/v0.2.0