Skip to content

Releases: EdgarPsda/devsecops-kit

v0.6.0 — "Multi-Platform & Intelligence"

30 Mar 02:53
@EdgarPsda EdgarPsda
v0.6.0
51df149

Choose a tag to compare

View all tags
v0.6.0 — "Multi-Platform & Intelligence" Latest
Latest

v0.6.0 — "Multi-Platform & Intelligence"

3 major features shipped:

🌐 Multi-CI Support
Generate security pipelines for GitLab CI and Bitbucket Pipelines, not just GitHub Actions. All 4 languages supported.
devsecops init --ci=gitlab
devsecops init --ci=bitbucket

🏗️ IaC Scanning (Checkov)
Scan Terraform, CloudFormation, Kubernetes manifests, and Dockerfiles for misconfigurations.
devsecops scan --tool=checkov
Enable in security-config.yml: tools.checkov: true

🤖 AI Fix Suggestions
Get actionable fix suggestions for HIGH/CRITICAL findings powered by Ollama (local), OpenAI, or Anthropic. Privacy-first — defaults to local Ollama, no data sent
externally unless you configure it.
ai:
enabled: true
provider: "ollama"
model: "llama3.1"

Also in this release: Python and Java workflow templates for GitHub Actions, SBOM generation, SARIF output, and license compliance scanning (shipped in v0.5.0 but
missing from prior release).

Assets 2
Loading

🚀 GitHub Release: v0.4.1

23 Nov 06:35
@EdgarPsda EdgarPsda
0.4.1
d08f347
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
🚀 GitHub Release: v0.4.1

We've closed the security feedback loop! v0.4.1 moves the DevSecOps Kit from a CI-only tool to a complete, developer-first security platform.

This release ensures developers get fast, actionable feedback before pushing to CI.

✨ Major New Features

  • Local Security Scanning (devsecops scan): Run all configured tools (Semgrep, Trivy, Gitleaks) on your machine with a single command. The local result always matches the CI policy.
  • Git Hooks Integration:
    • devsecops init-hooks installs pre-commit (blocking) and pre-push (warning) hooks. Security policy enforcement is now Shifted Furthest Left!
  • Rich Reporting & UX:
    • HTML Reports: Generate beautiful, interactive reports locally: devsecops scan --format=html --open
    • Rich terminal output with progress bars and color-coding for faster developer feedback.

⚙️ Improvements

  • Parallel execution of all scanners for minimal performance impact.
  • Respects all fail_on thresholds and exclude_paths in the security-config.yml locally.
  • New go.mod structure for better dependency management.

📦 Installation

To update your kit:

go install [github.com/edgarpsda/devsecops-kit/cmd/devsecops@latest](https://github.com/edgarpsda/devsecops-kit/cmd/devsecops@latest)
Loading