Nosey Parker v0.15.0
Docker Images
A prebuilt multiplatform Docker image for this release is available for x86_64 and ARM64 architectures:
docker pull ghcr.io/praetorian-inc/noseyparker:v0.15.0
Additions
-
A default value (
datastore.np
) is now set for commands that take a datastore parameter (#74). This makes simplernoseyparker
command-line invocations possible. -
A new
shell-completions
command has been added, which generates shell-specific completion scripts for zsh, bash, fish, powershell, and elvish (#76). These generated completion scripts make discovery of Nosey Parker's command-line API simpler. Thank you @Coruscant11! -
The
report
command supports a new--max-matches=N
parameter to control the maximum number of matches that will be output for any single finding (#75). A negative number means "no limit". -
The
scan
command now supports a new--git-history={full,none}
parameter to control whether encountered Git history will be scanned. This defaults tofull
, but specifying a value ofnone
will cause Git history to be ignored. -
New rules have been added:
- Mapbox Temporary Access Token
- Salesforce Access Token
-
A new
disable_tracing
Cargo feature has been added, which disablestrace
-level logging and tracing messages. This feature is also aliased by a newrelease
feature, which is enabled in prebuilt releases. -
The
NP_LOG
environment variable is inspected at runtime to allow find-grain control over Nosey Parker's diagnostic output. The syntax of this variable are defined by thetracing-subscriber
Rust crate.
Changes
-
All the output formats for the
report
command now respect the new--max-matches=N
parameter. Previously, the output formats other thanhuman
would run without limit (i.e., as though--max-matches=-1
had been specified). -
The release process is now codified in a shell script:
scripts/create-release.zsh
. This emits a release tree atrelease
in the top-level of the repository, which includes the prebuilt binary as well as shell completions (#80). -
The
report
command has improved performance when using JSON output format. Previously, the entire JSON output document needed to be accumulated in memory and then written in one step at the end. Now, the JSON output document is written in a streaming fashion, one finding at a time. -
mimalloc
is now used as the global allocator (#81). This reduces peak resident memory when scanning large inputs with a high degree of parallelism.
Fixes
- Fixed a bug in the
report
command when--format=sarif
is used which caused some metadata to be unintentionally omitted from the output.