Skip to content

Releases: thoughtworks/talisman

scanwithrc

12 Nov 12:34
@svishwanath-tw svishwanath-tw
scanwithrc
672c51c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
scanwithrc Pre-release
Pre-release 
Fix markdown syntax for link (#276)
Assets 7

Hacktoberfest contributions

02 Nov 05:54
@svishwanath-tw svishwanath-tw
v1.10.0
622f31e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Hacktoberfest contributions
  • A CLI flag to make talisman scan only HEAD (latest commit on branch), thanks to @louiedp3
  • A progress bar to display scanning progress, thanks to @dineshba
  • Changes to priority of some default search patterns, thanks to @tinamthomas
  • Clojure keyword additions, thanks to @ravik-karn
Assets 8

Some fixes

17 Sep 06:45
@svishwanath-tw svishwanath-tw
v1.9.0
f72e918
Compare
Choose a tag to compare
Some fixes
  • Disabled interactive mode for pre-push hook
  • Fix for issue where talismanrc ignore directives are not processed by talisman on git-bash for windows, thanks to @dcRUSTy
  • Fix to talisman hook script to process TALISMAN_INTERACTIVE and TALISMAN_DEBUG env flags only when set to true
Assets 8

Reduced binary sizes

31 Aug 09:54
@svishwanath-tw svishwanath-tw
v1.8.0
648e456
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Reduced binary sizes

Thanks to @dcRUSTy for setting up upx + lzma compression in CI

Assets 8

Disable interactive mode in windows temporarily

25 Aug 13:29
@svishwanath-tw svishwanath-tw
v1.7.0
7e0ea2e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Disable interactive mode in windows temporarily

Interactive mode for talisman will only work on non-windows machines.
This is till we figure out a way to make it work with gitbash and/or powershell.

Assets 8

Fix File Overwrite issue vulnerability in talisman scan report generation

15 Aug 00:58
@svishwanath-tw svishwanath-tw
v1.6.0
1fecebc
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix File Overwrite issue vulnerability in talisman scan report generation 
Fix Case of Arbitrary File Overwrite while scanning malicious repo (#…

…225)
Assets 8

Fix for DOS of CI via talisman by avoiding scan of symlinks

13 Aug 14:08
@svishwanath-tw svishwanath-tw
v1.5.0
0855689
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Fix for DOS of CI via talisman by avoiding scan of symlinks 
[Issue #220] - dcRUSTy - Fix DOS vulnerability related to scanning sy…

…mlinks.

* [Issue #220] - dcRUSTy - Fix bug that crashed test on Windows
* [Issue #220] - dcRUSTy - Implement utility function wrapper for ioutil.ReadFile which skips following symlink
Assets 8

Ignored patterns and RCE prevention

08 Aug 17:15
@svishwanath-tw svishwanath-tw
v1.4.0
b821169
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Ignored patterns and RCE prevention
  • Ability to set Base64Entropy threshold in .talismanrc, thanks to @michaellihs
  • Users now have a choice to install talisman hook in interactive mode (instead of having to set the mode manually before invocation), thanks to @harinee
  • Threshold values for various scan matches and ability to configure threshold in .talismanrc, thanks to @tinamthomas (@tt-official ?)
  • .talismanrc now supports allowed patterns at file and repo level to prevent false positives, thanks to @steeve85
  • Fix for an RCE exploit/vulnerability issue raised by @dcRUSTy on windows, thanks to @dineshba and @prabhu43
Assets 9

Wildcard support in talismanrc and other enhancements

12 Jun 10:11
@svishwanath-tw svishwanath-tw
v1.3.0
01d957c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Wildcard support in talismanrc and other enhancements
  • Code Refactorings: Grouped detectors using package (#197)
  • Add some spacing and filename in prompt in interactive mode (#194)
  • Allow usage of wildcards in talismarc file (#196)
  • Code cleanup (#193)
  • Issue #185:Changed the pattern checking for passwords to verify strings succeeding the password phrase. *
  • Detect more sensitive phrases (#188)
Assets 9

Adding support for custom patterns in filecontent detection

12 Mar 10:21
@svishwanath-tw svishwanath-tw
v1.2.0
6e6178b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Adding support for custom patterns in filecontent detection 
#183 Custom patterns  (#187)

* Rename TalismanRCIgnore to TalismanRC

* Code cleanup:
Rename NewtalismanRC to NewTalismanRC
Remove code and tests related to talismanignore

* Code cleanup: Make talismanRC receiver name consistent

* Introduce PatternString type
Omit empty fields when writing yaml

* #183 | Add ability to specify custom scan pattern via talismanrc

* Update Readme:
Update help text for CLI options (fix typo in -i message description)
Add custom_pattern section with example
Assets 9