v0.9.0

What's Changed

Tool Improvements

• Add --min-file-level flag to filter out results for uninteresting files by @tstromberg in #112
• terminal output: revert reverse risk sorting by @tstromberg in #86
• Reduce noisy logging messages by @tstromberg in #117
• fix: update usage message by @willswire in #90

Rule Improvements

• Update to YARA Forge Rule Set Release 20240407 by @tstromberg in #108
• Detect __tls_get_addr (xzutils) & avasa-zombie remnants by @tstromberg in #85
• Tune rules based on avasa-zombie analysis by @tstromberg in #84
• Tune rules based on ctop v0.7.7 analysis by @tstromberg in #114
• Tune rules based on rook analysis by @tstromberg in #116
• Reduce "HIGH" rule hits based on initial Wolfi analysis by @tstromberg in #118
• Fix typo by @mattmoor in #113

Development Improvements

• Add --verbose flag, hide INFO log messages from stderr by default by @tstromberg in #109
• Fix the top level tests, fix a typo in the name. by @vaikas in #98
• Refactor so that testdata samples are in their own namespace by @tstromberg in #110
• Remove executable bit from samples by @tstromberg in #111
• Add "make lint" rule and golangci-lint config by @tstromberg in #87
• Run gofumpt on Go code by @tstromberg in #88
• Refactor, add tests. by @vaikas in #91
• Add gha for tests, dependabot. Fixes #28, #97. by @vaikas in #100
• add boilerplates and ci jobs for lint by @cpanato in #102
• add chainguard source by @cpanato in #103
• Bump golang.org/x/term from 0.18.0 to 0.19.0 by @dependabot in #101
• Move to clog, plumb context through as necessary. by @vaikas in #104
• Makefile: add 'update-yaraforge' rule by @tstromberg in #105
• Add .wokeignore for third_party code by @tstromberg in #107

New Contributors

• @willswire made their first contribution in #90
• @vaikas made their first contribution in #98
• @cpanato made their first contribution in #102
• @dependabot made their first contribution in #101

Full Changelog: v0.8.0...v0.9.0

v0.8.0

What's Changed

• diff: Use levenshtein score to approximate moves. by @mattmoor in #80
• rules: Increasingly paranoid rules based on xz analysis by @tstromberg in #82
• rules: Update to YARA Forge Rule Set Release 20240331 by @tstromberg in #83

New Contributors

• @mattmoor made their first contribution in #80

Full Changelog: v0.7.0...v0.8.0

v0.7.0

What's Changed

• Introduce per-file risk scores, reverse sort behaviors by @tstromberg in #73
• Cleanup rules for packers, weird hostnames, relative paths, and interface listing by @tstromberg in #74
• Improve rules based on requirementstxxt PyPI analysis by @tstromberg in #76
• Rule tuning from PyPI & Homebrew analysis by @tstromberg in #77

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

• Improve packed ELF detection by @tstromberg in #71
• Update based on AcidPour analysis by @tstromberg in #67
• Improve rules based on analysis of trojan.stealer/amos by @tstromberg in #68
• Tune rules based on ua-parser-js analysis by @tstromberg in #69
• Improve suspicious eval() detection in scripting languages by @tstromberg in #70

Full Changelog: v0.5.0...v0.6.0

v0.5.0

What's Changed

It's our biggest release yet! With the latest additions, bincapz now implements all of the features you might need to monitor CI/CD artifacts. Enjoy!

New Features!

• Add 'diff' implementation (--diff flag) by @tstromberg in #51
• Add markdown rendering, refactor renderer handling by @tstromberg in #53

Improvements

• Improve rules through hCrypto analysis, update README by @tstromberg in #45
• Improve rules through laysound PyPi analysis by @tstromberg in #46
• Improve rules through Magnet Goblin analysis by @tstromberg in #47
• Make table output more concise & magical by @tstromberg in #44
• Simplify table output by @tstromberg in #48
• More rule and output tuning from local malware analysis by @tstromberg in #49
• Increase risk width by 1 to include diff marker by @tstromberg in #52
• Shorten terminal rendering width by @tstromberg in #56
• Update to latest YaraFORGE ruleset by @tstromberg in #50

Bugfixes

• test cleanup: Add tests for markdown, simple & diff by @tstromberg in #54
• Improve Markdown titles, add tests by @tstromberg in #55

Full Changelog: v0.4.1...v0.5.0

v0.4.1

What's Changed

• Make output more concise by @tstromberg in #43

Full Changelog: v0.4.0...v0.4.1

v0.4.0

What's Changed

• Rule description improvements for consistency by @tstromberg in #29
• Increase /dev/shm suspicion, more proclist rules by @tstromberg in #30
• Improve fake process name detection by @tstromberg in #31
• Improve identification of shell scripts by @tstromberg in #32
• Stream table rendering, widen values column by @tstromberg in #33
• Tune query results against Wolfi by @tstromberg in #34
• Improve rules from FreeDownloadManager analysis by @tstromberg in #35
• Improve rules from Godzilla webshell analysis by @tstromberg in #36
• Colorize risk levels in table output by @tstromberg in #37
• Show rule name for base64/xor content by @tstromberg in #38
• table output: separate matching values with newlines by @tstromberg in #39
• Improve rules from Platypus/Termite inspection by @tstromberg in #40
• Improve rules from Stealthworker inspection by @tstromberg in #41
• Improve PHP/Python/NodeJS rules through BSKC analysis by @tstromberg in #42

Full Changelog: v0.3.0...v0.4.0

v0.3.0

What's Changed

• Improve SSH worm detection by @tstromberg in #17
• Add rules for tools within D3m0n1z3dShell by @tstromberg in #18
• Improve detection for Hugging AI backdoor & ChinaZ_Managers by @tstromberg in #19
• Rename --only-programs to include-data-files by @tstromberg in #20
• Improve rule description output for samples by @tstromberg in #21
• Improve table presentation, add generic rules by @tstromberg in #22
• Update out-of-date README.md by @tstromberg in #23
• Add RuleLicense to JSON output by @tstromberg in #24
• Upgrade Yara FORGE data to 20240303 by @tstromberg in #25
• Omit empty fields from JSON/YAML output by @tstromberg in #26

Full Changelog: v0.2.0...v0.3.0

v0.2.0

What's Changed

• Port remaining rules from yara-defense-kit by @tstromberg in #3
• Return an error for nonexistent scan paths by @tstromberg in #4
• Make all combo/ rules a minimum of notable by @tstromberg in #5
• Use rule name for descriptions, limit key length by @tstromberg in #6
• Add --omit-empty flag, force-wrap output strings by @tstromberg in #7
• Simplify existing rules by @tstromberg in #8
• rules: Tune down false positives by @tstromberg in #9
• Add --only-programs flag by @tstromberg in #10
• Add hostinfo_collector rule by @tstromberg in #11

New Contributors

• @tstromberg made their first contribution in #3

Full Changelog: v0.1.0...v0.2.0

v0.1.0

Oh hey, it's the first release! Recent enhancements:

• Recursive directory walking
• YARA Forge support

Full Changelog: https://github.com/chainguard-dev/bincapz/commits/v0.1.0