Skip to content

Nosey Parker v0.15.0

Compare
Choose a tag to compare
@bradlarsen bradlarsen released this 13 Oct 02:59
· 260 commits to main since this release

Docker Images

A prebuilt multiplatform Docker image for this release is available for x86_64 and ARM64 architectures:

docker pull ghcr.io/praetorian-inc/noseyparker:v0.15.0

Additions

  • A default value (datastore.np) is now set for commands that take a datastore parameter (#74). This makes simpler noseyparker command-line invocations possible.

  • A new shell-completions command has been added, which generates shell-specific completion scripts for zsh, bash, fish, powershell, and elvish (#76). These generated completion scripts make discovery of Nosey Parker's command-line API simpler. Thank you @Coruscant11!

  • The report command supports a new --max-matches=N parameter to control the maximum number of matches that will be output for any single finding (#75). A negative number means "no limit".

  • The scan command now supports a new --git-history={full,none} parameter to control whether encountered Git history will be scanned. This defaults to full, but specifying a value of none will cause Git history to be ignored.

  • New rules have been added:

    • Mapbox Temporary Access Token
    • Salesforce Access Token
  • A new disable_tracing Cargo feature has been added, which disables trace-level logging and tracing messages. This feature is also aliased by a new release feature, which is enabled in prebuilt releases.

  • The NP_LOG environment variable is inspected at runtime to allow find-grain control over Nosey Parker's diagnostic output. The syntax of this variable are defined by the tracing-subscriber Rust crate.

Changes

  • All the output formats for the report command now respect the new --max-matches=N parameter. Previously, the output formats other than human would run without limit (i.e., as though --max-matches=-1 had been specified).

  • The release process is now codified in a shell script: scripts/create-release.zsh. This emits a release tree at release in the top-level of the repository, which includes the prebuilt binary as well as shell completions (#80).

  • The report command has improved performance when using JSON output format. Previously, the entire JSON output document needed to be accumulated in memory and then written in one step at the end. Now, the JSON output document is written in a streaming fashion, one finding at a time.

  • mimalloc is now used as the global allocator (#81). This reduces peak resident memory when scanning large inputs with a high degree of parallelism.

Fixes

  • Fixed a bug in the report command when --format=sarif is used which caused some metadata to be unintentionally omitted from the output.