v1.1.6 🌈

Changes

Reduction in False Positives

• False positive improvements were done for the Java frontend

v1.1.5 🌈

Changes

• Probable Sink listing
• Inventory Dataflows with Reverse Graph
• Multi-pattern support in the rule
• Warning message to alert user, if privado doesn’t have permission to write result to it
• Bug - If a repo have Java as a minor language, rules are were not getting picked correctly
• In validation stage of rule earlier regex of rule was not validated, now it will be
• Fix - Test cases not running

v1.1.4 🌈

Changes

• add - jooq database details @khemrajrathore (#238)
• Scan-time analytics and trigger metadata included in the report @karan-batavia (#227)
• Comparison result generation @karan-batavia (#223)
• added cpu and memory usage stats @karan-batavia (#222)
• added cpu and memory usage stats @karan-batavia (#221)
• changed need trigger @karan-batavia (#219)
• Comparison result generation @karan-batavia (#218)

v1.1.3 🌈

Changes

• Sink Processing
• Probable Sinks
• Experimental JS support
• Database Name Identification
• Validate Rules

v1.1.2 🌈

Changes

• upgraded dependency @khemrajrathore (#178)

v1.1.1 🌈

Changes

• add - tag fieldIdentifier matching source rule @khemrajrathore (#176)

v1.1.0 🌈

Changes

Features:

1. Support for Console Output: Privado now shows the scan results as a summarized report on the console itself. Before this release, users had only two options either look at the privado.json file or view results on the Privado dashboard. Now, users can quickly see the scan results and for interesting scans visualize them on the dashboard or look at the privado.json file.
2. Upload command: Users can explicitly pass a command for uploading the results from their machine to the dashboard. This will help if the automatic upload fails or if the user by default does not want to upload results and only wants to upload results for a few repositories. Details of the command are in our documentation.
3. Added. flags to let CLI run in a non-interactive way: Users can now pass additional flags with the scan command to skip upload or explicitly upload results. This will be useful in a CI environment where there is no UI for users to interact with our consent question. Details on the flags are added to our documentation.
4. Added Support for Configurable Semantics. With semantics, users have control over how data propagates through a function call. For example - log.debug(name, email), the user can choose if the name would further taint email, log, or does not taint anything.

• Fix the http:// replace for url parsing @dbMundada (#135)
• fix - only show compliance threat on console @khemrajrathore (#134)
• Handling for skip upload and upload flags @pandurangpatil (#129)
• Fix the leakage numbers in console output @dbMundada (#130)
• Update the collection value in console output @dbMundada (#127)
• Feat - Update Console output @dbMundada (#123)
• Patch/file upload @abhstabs (#119)
• Exporter models @khemrajrathore (#125)
• Update the joern version to v1.1.1078 @dbMundada (#122)
• fix - extra pathIds in violations @khemrajrathore (#121)
• semver: replaced . with - for versioning in dev @hiteshbedre (#120)
• patch: add data leaks to log threat for non android repos @abhstabs (#113)
• feat: changes for upload command @abhstabs (#118)
• fix: change command to upload @abhstabs (#117)
• added packaging command @hiteshbedre (#116)
• Versioning for dev branch @hiteshbedre (#115)
• fix - excessive leakage @khemrajrathore (#111)
• request: sync-retry changes for cli @abhstabs (#110)
• Fix/excessive leakage @khemrajrathore (#109)
• sbt: updated dependency version @hiteshbedre (#108)
• sbt: updated dependency @hiteshbedre (#105)
• License @dbMundada (#107)

v1.0.1 🌈

Changes

• License update

v1.0.0 🌈

Changes

• Release: First release of privado code scanning tool to scan Java source code project and identify data flows and privacy issues.

v0.1.0 🌈

Changes

• First trial release @pandurangpatil (#98)
• Dev temp @pandurangpatil (#97)
• fix - limit sources which result in False positive @khemrajrathore (#95)
• Feature/threat - IsKeyboardCache @khemrajrathore (#56)
• Fix - collection tagger @khemrajrathore (#49)
• Upgrade joern @pandurangpatil (#48)
• fixed exclusions rules issue @pandurangpatil (#47)
• Feature/policy @khemrajrathore (#46)
• Feature/pre commit hook @abhstabs (#44)
• Feat: Artifact changes via Dockerfile @hiteshbedre (#43)
• Fix - https://privado-ai.atlassian.net/browse/DM-1291?atlOrigin=eyJpIjoiMzAwMDAwOGM2Y2I1NGUzZjk0MTI1ZDc1MWQwNWFlYzkiLCJwIjoiaiJ9 @khemrajrathore (#45)
• Feature/policy @khemrajrathore (#41)
• reverted code artifact deploy changes @pandurangpatil (#42)
• Logger change @pandurangpatil (#40)
• Feature/authflow @abhstabs (#38)
• Feat: Update Dependencies @hiteshbedre (#39)
• fix: indent and output of the file in authentication @abhstabs (#37)
• Parsing of config rules and refactoring @pandurangpatil (#36)
• Feat: Upload jar over AWS CodeArtifact @hiteshbedre (#35)
• support for skipping files which belong to Excluded list, some refactoring @khemrajrathore (#33)
• fix - printing isSensitive as boolean, fileNumber/columnNumber as Int @khemrajrathore (#34)
• added option -dd --disable-deduplication @khemrajrathore (#32)
• feat(versioning): Added version file in jar @hiteshbedre (#31)
• update - dedup/subset flow removal @khemrajrathore (#30)
• Feature/authflow @abhstabs (#27)
• Feat: Semantic versioning support for docker tag and jar file @hiteshbedre (#29)
• Feature/policy @khemrajrathore (#28)
• Feature/tagging pass @khemrajrathore (#26)
• Feature/tagging pass @khemrajrathore (#25)
• added loggers @khemrajrathore (#24)
• fixes - testing fixes @khemrajrathore (#23)
• Feature/tagging pass @khemrajrathore (#22)
• Feature/tagging pass @khemrajrathore (#21)
• policy parsing handling done. @pandurangpatil (#20)
• Domains filed parsing for third party rules. @pandurangpatil (#19)
• Parsing changes to read category levels and other rule attributes. @pandurangpatil (#18)
• git metadata in output @khemrajrathore (#15)
• Feature/tagging pass @khemrajrathore (#14)
• few CLI fixes @pandurangpatil (#13)
• Parsing external rules and merging them by removing duplicates. @pandurangpatil (#12)
• Refactored input processing flow and processed internal rules @pandurangpatil (#11)
• Feature/tagging pass @khemrajrathore (#10)
• Rule parser @pandurangpatil (#9)
• Dataflow changes @khemrajrathore (#8)
• Sink tagging and source tagging refactoring @khemrajrathore (#7)
• Dockerfile @hiteshbedre (#4)
• merge dev into dockerfile branch @hiteshbedre (#6)
• Feature/tagging pass @khemrajrathore (#5)
• Initial setup @pandurangpatil (#2)