Skip to content

Release 6.0.0

Latest
Latest

Choose a tag to compare

View all tags
@devatsecure devatsecure released this 04 Mar 06:29
· 9 commits to main since this release
v6.0.0
ea79556
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

🚀 What's Changed

  • docs: Update README, CLAUDE.md, and CHANGELOG for v6.0.0 release (@claude)
  • feat: Add 7 continuous security testing modules (v3.0) (@claude)
  • docs: Add continuous security testing guide with gap analysis (@claude)
  • docs: Fix orchestrator roles and Docker commands in CLAUDE.md and rules (@devatsecure)
  • fix: Improve Falco installation reliability with version verification (@devatsecure)
  • fix: Downgrade .argus directory check to warning in Action E2E fast mode (@devatsecure)
  • perf: Auto-detect IaC frameworks to speed up Checkov scans (@devatsecure)
  • test: Add unit tests for config_loader, hybrid_analyzer, semgrep_scanner (@devatsecure)
  • fix: Auto-detect Docker socket path for macOS and Linux (@devatsecure)
  • fix: Suppress TruffleHog self-update stderr noise (@devatsecure)
  • feat: Enrich heuristic findings with title, description, CWE, and severity (@devatsecure)
  • fix: Improve Semgrep PATH resolution with python -m fallback (@devatsecure)
  • fix: Update Anthropic model fallback chain with latest model IDs (@devatsecure)
  • fix: Allow spaces in --disclosure-reporter CLI argument (@devatsecure)
  • fix: Update ZAP to v2.16.0 (v2.15.0 release removed from GitHub) (@devatsecure)
  • ci: Add Docker E2E workflow to build and smoke-test Dockerfile.complete (@devatsecure)

🐳 Docker Images

Multi-platform container images are available on GitHub Container Registry:

# Pull the image
docker pull ghcr.io/devatsecure/Argus-Security:6.0.0
docker pull ghcr.io/devatsecure/Argus-Security:6.0
docker pull ghcr.io/devatsecure/Argus-Security:6
docker pull ghcr.io/devatsecure/Argus-Security:latest

Supported Platforms

  • linux/amd64
  • linux/arm64

Quick Start

# Run security audit on current directory
docker run -v $(pwd):/workspace \
  -e ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY \
  ghcr.io/devatsecure/Argus-Security:6.0.0 \
  /workspace audit

GitHub Actions Usage

- name: Run Argus Security Review
  uses: devatsecure/argus-action@v6.0.0
  with:
    anthropic_api_key: 
    severity_threshold: high

📦 Installation

Using Docker (Recommended)

docker pull ghcr.io/devatsecure/Argus-Security:6.0.0

Using pip

pip install git+https://github.com/devatsecure/Argus-Security.git@v6.0.0

Using GitHub Actions

See README.md for complete setup instructions.

🔒 Security

This release includes:

  • ✅ Signed container images (Sigstore/cosign)
  • ✅ Software Bill of Materials (SBOM)
  • ✅ Provenance attestations
  • ✅ Vulnerability scanning (Trivy)

Verify Container Signature

cosign verify \
  --certificate-identity-regexp="https://github.com/devatsecure/Argus-Security" \
  --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
  ghcr.io/devatsecure/Argus-Security:6.0.0

📚 Documentation

🐛 Bug Reports

Found a bug? Please open an issue.

Full Changelog: v5.0.0...v6.0.0

Contributors

claude and devatsecure
Assets 2
Loading