- Add
--allflag to scan every formula in homebrew-core - Accept one or more formula names as arguments to scan specific formulae, including ones that are not installed
- Exit with status 2 on errors so callers can distinguish errors from "vulnerabilities found" (exit 1)
- Add example GitHub Actions workflows for tap PR checks and full homebrew-core scans
- Compute severity bands from CVSS vector strings when OSV data does not provide a severity label
- Improve CVSS severity fallback handling when multiple score sources are present
- Handle unbounded
introduced: 0OSV ranges and multi-interval SEMVER ranges correctly - Fail closed (report as affected) when a version range comparison raises instead of silently skipping
- Sanitize ANSI/terminal escape sequences, carriage returns and backspaces from text output
- Cap concurrent requests when fetching vulnerability details to avoid unbounded thread spawning
- Cap OSV pagination at a fixed page limit to avoid unbounded loops on bad responses
- Set a
User-Agentheader on OSV API requests
- Move repository to the Homebrew organisation and update install instructions, formula and links accordingly
- Internal: shared CI/lint configuration sync and dependency updates
- Add retry logic to OSV API requests (up to 3 attempts on timeout or connection errors)
- Fix severity extraction for OSS-Fuzz vulnerabilities by reading
ecosystem_specific.severityfrom OSV data
- Add CycloneDX SBOM output with vulnerabilities (
--cyclonedx) - Add Brewfile scanning support (
--brewfile) to check packages from a Brewfile - Add SARIF output for GitHub code scanning integration (
--sarif) - Add severity filtering to only show vulnerabilities at or above a threshold (
--severity) - Add configurable summary truncation length (
--max-summary) - Fetch vulnerability details in parallel for faster scans
- Add GitLab and Codeberg support alongside GitHub
- Log warnings when version parsing fails instead of silently ignoring errors
- Initial release