Skip to content

Releases: moinsen-dev/depswiz

v0.5.0 - Go Support, SARIF Output, NVD Integration

28 Dec 11:11
@udiedrichsen udiedrichsen
v0.5.0
d5454ed

Choose a tag to compare

View all tags
v0.5.0 - Go Support, SARIF Output, NVD Integration Latest
Latest

What's New in v0.5.0

🆕 Go Language Support

  • New Go/Golang plugin for go.mod and go.sum parsing
  • Go Module Proxy integration for version checking
  • Workspace support via go.work files
  • Vulnerability scanning via OSV, GHSA, and NVD (Go ecosystem)

📊 SARIF Output Format

  • New --sarif output flag for check, audit, and licenses commands
  • SARIF 2.1.0 compliant output for GitHub Code Scanning integration
  • VS Code SARIF Viewer support
  • Includes vulnerability severity mapping, CWE references, and fix suggestions

🔒 NVD Vulnerability Source

  • National Vulnerability Database (NVD) integration
  • CVSS 3.1/3.0/2.0 score support
  • Optional API key for higher rate limits (NVD_API_KEY env var)
  • Configure via sources = ["osv", "ghsa", "rustsec", "nvd"] in config

🐳 Docker Plugin

  • Scan Dockerfiles for outdated base images
  • Docker Compose support for multi-container projects
  • Registry integration for version checking

🚀 Comprehensive Scan Mode

  • Run depswiz with no arguments to check everything at once
  • Combines dependency check, vulnerability audit, and license compliance
  • Unified output with summary counts and top issues

🔧 Smart CI Detection

  • Auto-detects 13 CI platforms (GitHub Actions, GitLab CI, CircleCI, etc.)
  • Automatically enables --strict mode in CI environments
  • Auto-defaults to JSON output when no format specified in CI

Summary

  • 6 language ecosystems (Python, Rust, Dart, JavaScript, Go, Docker)
  • 4 vulnerability sources (OSV, GHSA, RustSec, NVD)
  • 7 output formats (CLI, JSON, Markdown, HTML, SARIF, CycloneDX, SPDX)

Installation

pip install depswiz==0.5.0
# or
uv add depswiz==0.5.0

Quick Start

# Check everything at once
depswiz

# Individual commands
depswiz check --only golang      # Check Go dependencies
depswiz audit --sarif -o out.sarif  # SARIF output for GitHub
depswiz audit                    # Now includes NVD vulnerabilities
Assets 4
Loading

v0.4.0

27 Dec 23:05
@github-actions github-actions
v0.4.0
c9a12a5

Choose a tag to compare

View all tags
v0.4.0

Full Changelog: v0.3.0...v0.4.0

Loading

v0.3.0

27 Dec 16:16
@github-actions github-actions
v0.3.0
0ec235f

Choose a tag to compare

View all tags
v0.3.0

Full Changelog: v0.2.0...v0.3.0

Loading

v0.2.0

27 Dec 12:39
@github-actions github-actions
v0.2.0
8a13260

Choose a tag to compare

View all tags
v0.2.0

Full Changelog: https://github.com/moinsen-dev/depswiz/commits/v0.2.0

Loading