What's New in v1.3.0
This release adds enterprise-grade CI/CD integration with flexible ignore mechanisms, baseline comparison, and configurable exit codes.
New Features
| Feature | Description |
|---|---|
--ignore |
Suppress specific pattern IDs (e.g., RSA-001,CERT-*) |
--ignore-category |
Suppress entire categories (e.g., Certificate,Library Import) |
--fail-on |
Configurable exit codes (info, low, medium, high, critical) |
--baseline |
Compare against previous scan - only report NEW findings |
--config |
Explicit config file path |
.cryptoscan.yaml |
Auto-detected configuration file |
| Pattern-specific inline ignore | // cryptoscan:ignore RSA-001 suppresses only that pattern |
Configuration File
Create a .cryptoscan.yaml in your project root:
ignore:
patterns:
- CERT-SELFSIGNED-001 # Known dev certificates
- RSA-001 # Legacy auth, tracked in JIRA-123
categories:
- Library Import
files:
- "vendor/*"
failOn: high # Exit non-zero on HIGH or CRITICAL
minSeverity: low
baseline: baseline.json # Only report new findingsCI/CD Workflow Example
# Generate baseline (one-time or after fixing issues)
cryptoscan scan . --format json --output baseline.json
# CI pipeline - fail only on NEW high+ severity findings
cryptoscan scan . --baseline baseline.json --fail-on highInline Suppression
import "crypto/rsa" // cryptoscan:ignore RSA-001 (suppresses only RSA)
import "crypto/ecdsa" // This will still be detectedBug Fixes
- Fixed MigrationScore showing incorrect counts after baseline filtering
Quick Install
# Using Go
go install github.com/csnp/cryptoscan/cmd/cryptoscan@v1.3.0
# Or download binary from assets belowChecksums
Verify your download with the checksums.txt file.
Full Docs: qramm.org/learn/cryptoscan-guide | Source: github.com/csnp/cryptoscan
Part of the QRAMM Toolkit by CSNP