DevSec 0.1.3

DevSec v0.1.3 - Windows Compatibility Release

This release fixes all Windows compatibility issues and ensures full cross-platform support across Linux, macOS, and Windows.

🐛 Bug Fixes

Windows Compatibility

• Fixed Windows path handling: Updated gowritter dependency to v1.0.1 which resolves drive letter corruption issues
• Fixed hardcoded Unix paths: Replaced 18+ instances of hardcoded /tmp paths with t.TempDir() across test files
• Fixed platform-specific commands: Replaced Unix-specific /bin/echo with cross-platform command resolution
• Fixed timing tests: Updated timeout values from nanoseconds to milliseconds for reliable cross-platform execution

Linter & Static Analysis

• Fixed staticcheck SA1012 warnings: Properly handle nil context in tests using variable assignment pattern
• Fixed prealloc warnings: Preallocate slices with appropriate capacity for better performance
• Fixed gocritic warnings: Added appropriate nolint directives for intentional test cases

📦 Dependencies

• Updated github.com/victoralfred/gowritter from v1.0.0 to v1.0.1

✅ Test Coverage

All tests now pass on:

• Linux (ubuntu-latest) - Go 1.22, 1.23, stable
• macOS (macos-latest) - Go 1.22, 1.23, stable
• Windows (windows-latest) - Go 1.22, 1.23, stable

📝 Files Changed

• internal/cli/scan_edge_test.go
• internal/cli/scan_security_test.go
• internal/cli/policy_test.go
• internal/helm/chart_test.go
• internal/pipeline/runner_test.go
• internal/policy/decision_test.go
• internal/policy/engine_test.go
• internal/scanner/osv/osv_security_test.go
• internal/scanner/osv/osv_test.go
• internal/scanner/semgrep/semgrep_test.go
• internal/scanner/trivy/trivy_test.go
• internal/alerting/manager.go
• internal/ml/detector_test.go
• internal/ml/integration_test.go
• internal/sbom/sbom.go
• go.mod & go.sum

🔗 Full Changelog

See PR #12: #12

---

Full Changelog: v0.1.2...v0.1.3

DevSec 0.1.2

What's Changed

Bug Fixes

CLI Usage Message Display Fix

Fixed an issue where the CLI would display confusing usage instructions when scans found security issues. The usage message is now only shown for actual command parsing errors (invalid flags, missing arguments, etc.), not when scans successfully complete but find vulnerabilities or policy violations.

Before:

error: secrets found
Usage:
  devsec scan secrets [path] [flags]

Flags:
  -f, --format string      output format (text, json) (default "text")
  ...

After:

error: secrets found

Impact:

• Cleaner, less confusing error output
• Users can focus on the actual security findings without distraction
• Better user experience in CI/CD pipelines

Affected Commands:

• scan secrets
• scan sast
• scan vulnerabilities
• scan dependencies
• policy check
• pipeline run

Technical Details

• Added SilenceUsage: true to commands that return errors for execution results
• All tests pass with race detection
• No breaking changes

Full Changelog: v0.1.1...v0.1.2

DevSec 0.1.1

DevSec 0.1.1

Installation

Linux/macOS:

curl -sSL https://raw.githubusercontent.com/victoralfred/devsec/main/install.sh | bash

Windows (PowerShell):

iwr -useb https://raw.githubusercontent.com/victoralfred/devsec/main/scripts/install.ps1 | iex

Install specific version:

curl -sSL https://raw.githubusercontent.com/victoralfred/devsec/main/install.sh | bash -s -- -v 0.1.1

Changelog

Other

• 0967296: add community and AI documentation files (@victoralfred)
• 7abb17d: fix unbound variable error in install script cleanup trap (@victoralfred)
• 4d07b9e: install semgrep using pipx (@victoralfred)

DevSec 0.1.0

DevSec 0.1.0

Installation

Linux/macOS:

curl -sSL https://raw.githubusercontent.com/victoralfred/devsec/main/install.sh | bash

Windows (PowerShell):

iwr -useb https://raw.githubusercontent.com/victoralfred/devsec/main/scripts/install.ps1 | iex

Install specific version:

curl -sSL https://raw.githubusercontent.com/victoralfred/devsec/main/install.sh | bash -s -- -v 0.1.0

Changelog

Other

• 63650cf: Add CLI integration tests and output formatters for ML module (Victor Oseghale victoralfred32@gmail.com)
• 741c239: Add Gitleaks scanner and CLI for secret detection (Victor Oseghale victoralfred32@gmail.com)
• fcf0810: Add Helm client for chart deployment and release management (Victor Oseghale victoralfred32@gmail.com)
• f47a03c: Add Jupyter notebook cell tracking for framework detection (Victor Oseghale victoralfred32@gmail.com)
• 4f70d3a: Add Kubernetes client for deployment integration (Victor Oseghale victoralfred32@gmail.com)
• 506a942: Add ML-specific validation and analysis module (Victor Oseghale victoralfred32@gmail.com)
• cf5021c: Add OPA policy engine for security findings evaluation (Victor Oseghale victoralfred32@gmail.com)
• 3c2beaf: Add OSV scanner for dependency vulnerability detection (Victor Oseghale victoralfred32@gmail.com)
• 4dac309: Add Prometheus metrics package for pipeline observability (Victor Oseghale victoralfred32@gmail.com)
• fc34b09: Add SBOM generation with SPDX and CycloneDX support (Victor Oseghale victoralfred32@gmail.com)
• 2941972: Add SLSA provenance and in-toto attestation support (Victor Oseghale victoralfred32@gmail.com)
• 7ec726c: Add Semgrep scanner for SAST vulnerability detection (Victor Oseghale victoralfred32@gmail.com)
• 259e992: Add Slack notification job to CI pipeline (Victor Oseghale victoralfred32@gmail.com)
• a030eff: Add Trivy scanner for dependency vulnerability detection (Victor Oseghale victoralfred32@gmail.com)
• 6c6904c: Add additional output format flags to ML CLI commands (Victor Oseghale victoralfred32@gmail.com)
• 4acd85d: Add alerting package for Slack and webhook notifications (Victor Oseghale victoralfred32@gmail.com)
• 3ba0d28: Add artifact signing with ECDSA-P256 keys (Victor Oseghale victoralfred32@gmail.com)
• a6a8761: Add audit trail for scan operations (Victor Oseghale victoralfred32@gmail.com)
• 2106026: Add benchmark and fuzz tests for ML validation and fairness (Victor Oseghale victoralfred32@gmail.com)
• d0d3ed9: Add compliance mapping and pipeline orchestration modules (Victor Oseghale victoralfred32@gmail.com)
• bbe42aa: Add comprehensive README and SETUP documentation (Victor Oseghale victoralfred32@gmail.com)
• 24c5b39: Add comprehensive webhooks documentation (Victor Oseghale victoralfred32@gmail.com)
• 62bd593: Add configuration system with YAML loader and validation (Victor Oseghale victoralfred32@gmail.com)
• c5a8967: Add custom policy support with validation and documentation (Victor Oseghale victoralfred32@gmail.com)
• cefb5fc: Add deployment gates for pre/post deployment validation (Victor Oseghale victoralfred32@gmail.com)
• c75b790: Add edge case tests for ML detector (Victor Oseghale victoralfred32@gmail.com)
• 69982cd: Add enhanced metadata extraction for PyTorch, ONNX, and HDF5 models (Victor Oseghale victoralfred32@gmail.com)
• 3b27730: Add example pipeline and policy configurations (Victor Oseghale victoralfred32@gmail.com)
• b22635a: Add full metadata extraction for Keras and PyTorch models (Victor Oseghale victoralfred32@gmail.com)
• d3f2635: Add integration tests for real ML project structures (Victor Oseghale victoralfred32@gmail.com)
• 6e92296: Add per-file context timeout for ML detection (Victor Oseghale victoralfred32@gmail.com)
• 9103146: Add pipeline CLI commands for orchestration management (Victor Oseghale victoralfred32@gmail.com)
• 3b66996: Add policy decision point with pass/fail logic and violation reporting (Victor Oseghale victoralfred32@gmail.com)
• eaebd0b: Add policy validation and documentation commands to CLI (Victor Oseghale victoralfred32@gmail.com)
• 1835b66: Add report aggregator for multi-scanner findings (Victor Oseghale victoralfred32@gmail.com)
• 05c3d4c: Add report formatters for JSON, SARIF, and Markdown (Victor Oseghale victoralfred32@gmail.com)
• 8adf41b: Add resource limits and concurrency improvements to ML detector (Victor Oseghale victoralfred32@gmail.com)
• 4ee768a: Add result caching for ML detector (Victor Oseghale victoralfred32@gmail.com)
• 8da1b26: Add statistical methods, concurrent scanning, SARIF output, and enhanced metadata (Victor Oseghale victoralfred32@gmail.com)
• fc2cf92: Add structured JSON logging package with correlation IDs (Victor Oseghale victoralfred32@gmail.com)
• 7b28c57: Add symlink tests and SHA256 model integrity verification (Victor Oseghale victoralfred32@gmail.com)
• f4793fa: Add version injection via ldflags at build time (Victor Oseghale victoralfred32@gmail.com)
• 2181679: Add webhooks documentation link to README (Victor Oseghale victoralfred32@gmail.com)
• afea0d8: Develop (#1) (Victor Oseghale 33849476+victoralfred@users.noreply.github.com)
• 2c3a0d6: Enhance CLI policy commands with improved error handling and output formatting (Victor Oseghale victoralfred32@gmail.com)
• 9d6f21a: Enhance ML module with CLI commands, Jupyter support, and config system (Victor Oseghale victoralfred32@gmail.com)
• 104b867: Enhance Semgrep and Gitleaks scanners with input validation and context handling (Victor Oseghale victoralfred32@gmail.com)
• 71c8642: Enhance Trivy and OSV scanners with improved error handling and performance optimizations (Victor Oseghale victoralfred32@gmail.com)
• bd6610f: Enhance policy engine and report aggregator with validation and concurrency controls (Victor Oseghale victoralfred32@gmail.com)
• 8a4238e: Fix CI workflow for Go 1.25 compatibility (Victor Oseghale victoralfred32@gmail.com)
• 5796adf: Fix CI: upgrade to golangci-lint-action v7, adjust coverage threshold (Victor Oseghale victoralfred32@gmail.com)
• e6d06e6: Fix Slack webhook secret access in CI notification (Victor Oseghale victoralfred32@gmail.com)
• aee35e3: Fix errcheck lint errors in TestDetectProvider (Victor Oseghale victoralfred32@gmail.com)
• dc6f555: Fix scanner binary discovery to use PATH lookup (Victor Oseghale victoralfred32@gmail.com)
• aca5ab2: Fix scanner patches for lint compliance and test compatibility (Victor Oseghale victoralfred32@gmail.com)
• 15b9ffa: Implement CI/CD provider API methods with HTTP clients (Victor Oseghale victoralfred32@gmail.com)
• 1589464: Implement pipeline stage runners with real integrations (Victor Oseghale victoralfred32@gmail.com)
• 76a2dee: Implement runQuickScan with concurrent scanner execution (Victor Oseghale victoralfred32@gmail.com)
• eff5535: Initialize MLSecOps pipeline project foundation (Victor Oseghale victoralfred32@gmail.com)
• f4e1466: Merge develop: dead code cleanup and security dependency updates (Victor Oseghale victoralfred32@gmail.com)
• 8ac9db6: Refactor CLI commands for policy validation and documentation generation (Victor Oseghale victoralfred32@gmail.com)
• f9cbe64: Refactor output handling in CLI tests and improve error management (Victor Oseghale victoralfred32@gmail.com)
• 254b1a9: Remove dead code and replace duplicate utilities with stdlib (Victor Oseghale victoralfred32@gmail.com)
• 0b87207: Remove deprecated unused methods from ML detector (Victor Oseghale victoralfred32@gmail.com)
• 13534ea: Remove generated test report file (Victor Oseghale victoralfred32@gmail.com)
• 5f1007a: Remove problematic race condition tests (Victor Oseghale <victoralfred32@gmail.co...