Skip to content

Releases: microsoft/ApplicationInspector

Release v1.0.23

24 Jan 16:52
@guyacosta guyacosta
v1.0.23
ad148b6
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.23

Fixes #97 for TagDiff command including a related issue for TagTest
Additional patterns were added for detection of cloud storage services, and minor improvements to regex patterns for client based TLS auth, Kerberos and SAML. The newer Metadata tags checks against the file type scanned for avoiding elimination of subsequent checks for an unaccepted match was relocated to the rulesengine to ensure valid matches were not eliminated . We will continue to add and improve rules for detection while keeping false positives a low rate.

Assets 2
Loading

Release v.1.0.22

22 Jan 16:04
@guyacosta guyacosta
v1.0.22
473b8cd
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v.1.0.22

Addresses HTML report rendering issues when run outside of the application directory i.e. from a source folder using a path to the app installation folder vs running from the application folder with a path to source code. See #75 and #93 for issues submitted. With the change, either approach will work.

Assets 2
Loading

Release v1.0.21

21 Jan 16:31
@guyacosta guyacosta
v1.0.21
88cb8be
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.21

Adds app container detection like Docker etc. Improves name standardization / clarity on a few rules. Completes the effort begun in v1.0.20 to add the ability to distinguish features in executable code files from just information in build files by adding the 'Metadata' root to a few more solution rule tags. See wiki Tags section for more.

Minor fixes for bugs #75, #79 including issuing console message on use of -o argument when using the default or specified 'html' output format that generates an output.html file, which is application managed and not redirect-able. Both json and text formats do allow the output path to be specified.

Assets 2
Loading

Release v1.0.20

19 Jan 20:53
@guyacosta guyacosta
v1.0.20
390a4f8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Release v1.0.20

Better separation of build metadata from executable features. Sets new scope limit to prevent "features" being detected in build files e.g. pom.xml, .yaml or package.json to reduce the possibility of false positive matches on features which should only be accepted from executable code e.g. cryptography code signing detection which applies to the package not the program execution. Features may only be detected in code files with these change. "Metadata" tags will continue to be identified in build or code files. Relabels a few rules with Metadata root nomenclature like code repos and adds a file type "code" or "build" to each language file.

Assets 2
Loading