Releases: owasp-noir/noir
v0.22.0
What's Changed
- Add .graphql file analyzer by @hahwul in #605
- Update Road Map by @hahwul in #606
- Migrate Rakefile to justfile by @hahwul in #608
- feat: Add detector and analyzer for Koa.js by @hahwul in #610
- Add AI.md by @hahwul in #613
- Update
AI.mdby @hahwul in #614 - Improve AI.md by @hahwul in #616
- build(deps): Bump github.com/go-chi/chi/v5 from 5.2.0 to 5.2.2 in /spec/functional_test/fixtures/go/chi by @dependabot in #620
- Validate HTTP methods and default invalid ones to GET by @hahwul in #621
- Improve Performance by @hahwul in #623
- Bump version to 0.22.0 by @hahwul in #624
Full Changelog: v0.21.1...v0.22.0
Contributors
Assets 2
v0.21.1
What's Changed
- [ImgBot] Optimize images by @imgbot in #585
- Skip symlinks during llm analysis by @ksg97031 in #587
- Add Crystal version 1.16.0 to CI build matrix by @hahwul in #588
- build(deps): Bump golang.org/x/net from 0.36.0 to 0.38.0 in /spec/functional_test/fixtures/go/gin by @dependabot in #591
- build(deps): Bump golang.org/x/net from 0.36.0 to 0.38.0 in /spec/functional_test/fixtures/go/beego by @dependabot in #592
- build(deps): Bump nokogiri from 1.18.4 to 1.18.8 in /docs by @dependabot in #593
- Migrate documentation from Jekyll to Hugo by @hahwul in #595
- build(deps): Bump golang.org/x/net from 0.36.0 to 0.38.0 in /spec/functional_test/fixtures/go/echo by @dependabot in #598
- feat: Add --ai-max-token flag for LLM token limit control by @hahwul in #599
- Fixed bug in max_tokens by @hahwul in #600
- Linting by @hahwul in #601
- Update version from v0.21.0 to v0.21.1 by @hahwul in #602
- Add AI token limit configuration option by @hahwul in #603
- Fixed USN-7467-1: CVE-2025-32414, CVE-2025-32415 Update outdated Ubuntu packages by @hahwul in #597
Full Changelog: v0.21.0...v0.21.1
Contributors
Assets 2
v0.21.0
What's Changed
-
Added Features:
-
Improvements:
-
Bug Fixes:
-
Dependency Updates:
- Updated
github.com/beego/beego/v2from 2.3.4 to 2.3.6 in/spec/functional_test/fixtures/go/beegoby @dependabot in #576. - Updated
http_proxyto version 0.13.0 by @hahwul in #578. - Updated project dependencies for improved stability and performance.
- Updated
AI Analyzer Performance Improvements
The AI analyzer has been optimized for speed and efficiency, with testing focused on Python and Ruby codebases in the spec. These enhancements, evaluated using LM Studio and the Llama3 3B model, make the AI analyzer significantly faster, especially for larger projects, achieving a reduction of over 71% in processing time. Below are the performance differences before and after optimization:
| Project Size | Before Optimization | After Optimization | Improvement |
|---|---|---|---|
| Small Project | 3.7112 s | 3.2663 s | 0.4449 s (12.0%) |
| Large Project | 101.3066 s | 29.21 s | 72.0966 s (71.2%) |
New Contributors
Full Changelog
For a detailed list of changes, see the full changelog.
Contributors
Assets 2
v0.20.1
What's Changed
- Fixed bug in JSON/YAML OutputBuilder by @StepanGulyaev @hahwul (#571 #572)
- Improve unit testing by @hahwul (#560 #572)
- Add deadlink checker plugin for Jekyll builds by @hahwul (#562)
- Update dependencies
Full Changelog: v0.20.0...v0.20.1
Contributors
Assets 2
v0.20.0
What's Changed
- ✨ New Features
- Expanded AI Integration
- Local LLM: Ollama, LM Studio, vLLM
- AI Provider: OpenAI, xAI, Github Models (Marketplace)
- Added intellij
.httpFile Analysis (FileAnalyzer) - Added golang chi framework detector and analyzer
- Expanded AI Integration
- 🔧 Improvements
- Code Refactoring
- Improve CI
- 🐛 Bug Fixes: #552 #542 #537
- 🛠 Other Updates
- Documentation Update
New flags
--ai-provider--ai-model--ai-key--help-all--verbose
AI Features Reference
For more details on the AI features, feel free to check out the blog post and our documents below:
Special Thanks
- @ksg97031 (Co-lead): For your tireless dedication to tackling countless challenges and driving the project to new heights.
- @boundmania: Thanks for your steady input on feature suggestions and helping move the project forward.
- @JohnDuq: Thanks for your careful bug reporting and keeping the project on track.
Full Changelog: v0.19.1...v0.20.0
Contributors
Assets 2
v0.19.1
What's Changed
- Fixed Not working exclude_techs by @hahwul
- Fixed Noir docker image latest version error by @Nameisjohn247, @hahwul
- Fixed Unhandled exception (JSON::ParseException) in AI Integration by @schniggie, @ksg97031
- Enhancing Accuracy of LLM Integration by @ksg97031
Note
The base image has been officially changed from Alpine to Debian. This decision was prompted by issues related to Crystal and ARM. For general use, this change should not cause any problems; however, if you are building additional images based on the Noir image, there may be impacts at the package level. While this change could introduce some issues, we believe it is a better choice in the long term. Once Alpine becomes ready in the future, we will provide it as a separate image tag.
Full Changelog: v0.19.0...v0.19.1
Contributors
Assets 2
v0.19.0
What's Changed
- ✨ New Features
- AI Integration: Introduced AI-based functionality with AI Analyzer and LLM integration.
- New Analyzers Added:
- ZAP Site Tree Analyzer for enhanced site tree analysis.
- 🔧 Improvements
- Detector & Analyzer Enhancements:
- Improved support for JavaScript Express and JavaScript Restify frameworks.
- Logger Improvements: Enhanced logging capabilities for better debugging and traceability.
- CLI Enhancements:
- Improved --build-info flag to provide more detailed build information.
- Performance Optimization:
- Enhanced concurrency for Detectors, Analyzers, and Delivery Pipelines, improving overall performance.
- Code Quality: Refactored and optimized codebase for better maintainability.
- Documentation:
- Upgraded Ruby version.
- Improved clarity and structure of documentation.
- Added documents for new features.
- Detector & Analyzer Enhancements:
- 🐛 Bug Fixes
- 🛠 Other Updates
- Dockerfile: Updated with metadata labels to improve container usability and traceability.
Special Thanks
We would like to extend our deepest gratitude to everyone who contributed to this release. Your efforts have been instrumental in making this update a success!
- @ksg97031 (co-lead): For your relentless effort in resolving numerous issues and propelling the project forward.
- @Nameisjohn247: For your insightful ideas and contributions that were instrumental in shaping this release.
Your dedication and collaboration are what make this project thrive. Thank you! ❤️
Full Changelog: v0.18.3...v0.19.0
Contributors
Assets 2
v0.18.3
What's Changed
- Fix URL Path Handling Issues in Django and Spring Analyzers by @ksg97031 in #450
- Add
completion:checkRake Task by @hahwul in #451 - Enhance deadlinks workflow by @hahwul in #452
- Fix documentation link for output formats in basic.md by @hahwul in #454
- Fix: Improve Java lexer and endpoint parsing to resolve crashes and newline issues by @ksg97031 in #455
- Update community articles and add DAST pipeline documentation by @hahwul in #457
- Enhance technology listing (--list-techs) output formatting and hierarchy by @hahwul in #460
- Prevent duplicate URL printing in output by @hahwul in #461
Full Changelog: v0.18.2...v0.18.3
Contributors
Assets 2
v0.18.2
Contributors
Assets 2
v0.18.1
What's Changed
Full Changelog: v0.18.0...v0.18.1