Release v1.0

We're excited to announce the first official release of our tool – v1.0!

New Features:

• Public Registry Scanning:

  • Support scanning images from major public registries: DockerHub, AWS ECR, Google GCR, and GitHub GHCR.

• Asset Extraction Improvements:

  • Added a domain resolver to reduce false positives and improve accuracy in asset extraction.

What's Coming in the Next Release:

• Private Image Scanning:

  • We will be adding support for scanning private images across all registries.

• Expanded Vulnerability Scanning:

  • Expect support for more languages in vulnerability scanning.

This release marks a significant step forward, and we're looking forward to bringing more features and improvements in future versions!

Thank you for your continued support and contributions!

Release v0.7 - Beta Testing

In this release, we are excited to announce the addition of all-tag scanning support for DockerHub. Users can now comprehensively scan tags of a repository in Dockerhub.

Changes:

• Added support for all-tag scanning in DockerHub, enabling comprehensive vulnerability assessment across all available tags.
• Updated configuration files:
  • https://devanghacks.in/varunastra/config.yaml
  • https://devanghacks.in/varunastra/regexes.json

What’s Next: We plan to extend all-tag scanning support to GCP Container Registry and AWS ECR in the upcoming release.

Release v0.5 - Beta Testing

We're excited to announce the release of version 0.5! As always, expect the unexpected during this beta phase.

New Features:

• Secrets Scanning: Our secrets scanning feature is now ready! This will help you identify sensitive information in your codebase.
• Dependency-Check: We’ve implemented a dependency check for npm, Yarn, and Ruby Gems. Please note that this feature is expected to break in certain scenarios, so proceed cautiously.

Your feedback is invaluable as we continue to refine our tool. Thank you for being part of our journey!