How It Works Features Integrations Pricing Changelog Docs Blog
Request access
Changelog

Release history

Every release from first commit to current build. Versions follow semver. Engine changes, rule additions, integration launches, and UX improvements are tagged per entry.

v0.9.2 — current
v0.9.0
v0.8.1
v0.7.0
...
v0.1.0 — 2022-11
v0.9.2 2025-04-14
Engine Rules
  • Added taint tracking for Go database/sql package calls — reduces false negatives on ORM-bypassed queries
  • 24 new Python rules covering Django REST Framework serializer injection patterns
  • Improved confidence scoring for SSRF rules in Node.js — false positive rate reduced ~30%
  • Engine: scan time improvement for repositories with >5000 changed lines
v0.9.0 2025-03-03
Integrations UX
  • Linear integration: auto-create issues from HIGH severity findings
  • Jira integration: finding status now syncs when issues are resolved in Jira
  • Suppression comments now show on the Suppressions page in dashboard with reviewer + timestamp
  • PR comment redesign: more compact, single-card format per finding (was multi-comment per file)
v0.8.1 2025-01-27
Engine
  • Rust support added: initial ruleset covering unsafe block patterns, hardcoded secrets, path traversal
  • Ruby on Rails: 18 new rules for ActiveRecord raw SQL, CSRF bypass, mass assignment
  • Engine stability: fixed rare crash on files with encoding mismatches in comments
v0.8.0 2024-12-09
Rules UX
  • Custom rule test harness: grcd test-rules CLI command validates YAML rules against fixture files
  • Shared rule library now available on Team plan: push rules to org/rules repo, applies across all org repos
  • Dashboard: findings trend chart now shows 12-week history (was 4-week)
  • New per-rule severity override in .gritcadence.yaml
v0.7.0 2024-10-21
Integrations Engine
  • GitLab native MR comments integration — GA (was beta)
  • Bitbucket PR comment integration — GA (was beta)
  • GitHub Actions native integration: grcd-action available for CI-triggered scans
  • Engine: Java Spring framework rules extended to cover reactive WebFlux patterns
v0.6.2 2024-08-12
Rules
  • TypeScript: 32 new rules for Express and NestJS patterns
  • Python: extended hardcoded-secret detection to cover .env loading via python-dotenv
  • CWE metadata added to all 500+ existing rules (was partial coverage)
v0.5.0 2024-05-06
UX Integrations
  • Slack notifications: configurable per-repo and per-severity-threshold
  • Suppression workflow: reviewers can now dismiss findings inline with a required justification note
  • Dashboard launched: findings by repo, severity trend, top rule violations
v0.4.0 2024-02-19
Engine Rules
  • Custom YAML rule authoring — Pro and Team plans
  • Go language support: initial ruleset (SQL injection, path traversal, hardcoded secrets, SSRF)
  • REST API v1 launched — findings export, repo management, rule override endpoints
  • Engine: taint tracking for Python data-flow now follows function call boundaries
v0.3.0 2023-09-11
Engine Integrations
  • Java support added: Spring, Hibernate, JAX-RS rules
  • GitLab MR comments — beta
  • Bitbucket PR comments — beta
  • GitHub required status checks: security/gritcadence-scan check now configurable as required
v0.2.0 2023-04-24
Rules UX
  • Ruby and Rails support added
  • OWASP Top 10 full coverage for Python and JavaScript
  • Confidence scoring on all findings — LOW/MEDIUM/HIGH displayed in PR comments
  • Monorepo support: per-subdirectory rule exclusions via .gritcadence.yaml
v0.1.0 2022-11-07
Engine
  • Initial release. Python and JavaScript/TypeScript support
  • GitHub App with native PR comment posting
  • 140 initial built-in rules covering SQL injection, XSS, path traversal, hardcoded credentials
  • Confidence scoring (binary: flagged / not flagged)

We use cookies to improve your experience. Cookie policy