v1.0.1

Tool Improvements

• Explicitly check for "mal" binary name when ignoring self by @egibs in #466

Full Changelog: v1.0.0...v1.0.1

v1.0.0

bincapz is now malcontent

Ensure that your fork is updated to reference the new remote: git remote set-url origin git@github.com:chainguard-dev/malcontent.git

---

Tool Improvements

• Add .xz archive support by @egibs in #433
• programkind: Add .bat, .cpp, .dll, pyc by @tstromberg in #439
• Overhaul CLI functionality with urfave/cli by @egibs in #436
• Add shorter output format for 'scan' mode by @tstromberg in #457
• Don't return after encountering a report with lower than minimum risk by @egibs in #461
• Check if frs Map is nil before ranging over it by @egibs in #462
• bincapz is now malcontent by @egibs in #464

Rule Improvements

• Update third party rules by @tstromberg in #437
• Integrate JPCERT & TTC-CERT third party YARA rules by @tstromberg in #444
• Improve detection of droppers, stealers & obfuscated scripts by @tstromberg in #443
• Update third party rules, tighten base64_php_functions rule by @tstromberg in #446
• hadooken: Improve shell, python, and powershell dropper detection by @tstromberg in #455
• Improve JS/Python malware detection based on NPM/PyPI samples by @tstromberg in #456

Developer Improvements

• Add nil checks when iterating over sync.Maps by @egibs in #435
• Bump golang.org/x/term from 0.23.0 to 0.24.0 by @dependabot in #441
• Replace live OCI image pull with crane export by @egibs in #438
• Cache bincapz-samples repository to speed up subsequent tests by @egibs in #448
• refresh-sample-testdata refactor by @tstromberg in #450
• Bump step-security/harden-runner from 2.9.1 to 2.10.1 in the all group by @dependabot in #459
• refresh testdata: include scan_archive testdata by @tstromberg in #463

Full Changelog: v0.19.0...v1.0.0

v0.19.0

Tool Improvements

• Improve diff performance by @egibs in #429
• Replace combined channel with slice by @egibs in #430

Rule Improvements

• Improve detection of Python attacks similar to 'yocolor' by @tstromberg in #427

Developer Improvements

• Use new samples repo for tests; keep data separate and update path references by @egibs in #431

Full Changelog: v0.18.2...v0.19.0

v0.18.2

Tool Improvements

• Make all map operations concurrency-safe; fix nested archive extraction by @egibs in #424

Full Changelog: v0.18.1...v0.18.2

v0.18.1

Tool Improvements

• Fix sort performance bug by @egibs in #418

Rule Improvements

• Address OpenSearch password frequency list false positives by @egibs in #416

Developer Improvements

• Remove GitHub user configuration from Workflows by @egibs in #411
• Update QuantityIncreasesRisk field name by @egibs in #417

Full Changelog: v0.18.0...v0.18.1

v0.18.0

Tool Improvements

• Scan file descriptors rather than files per go-yara docs by @egibs in #406
• Use concurrency for path scanning by @egibs in #405

Rule Improvements

• Address Spark false positives by @egibs in #397
• Address onepassword-sdk false positives by @egibs in #404

Developer Improvements

• Bump golang.org/x/term from 0.22.0 to 0.23.0 by @dependabot in #401
• Bump step-security/harden-runner from 2.9.0 to 2.9.1 in the all group by @dependabot in #398
• Bump github.com/google/go-containerregistry from 0.20.1 to 0.20.2 in the all group by @dependabot in #399
• Update bincapz to use go1.23 by @egibs in #403
• Add octo-sts identity to help with release automation by @egibs in #408
• Fix trust policy by @egibs in #409

New Contributors

• @octo-sts made their first contribution in #410

Full Changelog: v0.17.1...v0.18.0

v0.17.1

Rule Improvements

• Update third party rules by @tstromberg in #395

Developer Improvements

• Store samples in an archived format; add Makefile targets to archive/extract by @egibs in #396

Full Changelog: v0.17.0...v0.17.1

v0.17.0

Rule Improvements

• Address mlflow PyPI index JSON false positive by @egibs in #385
• Address false positives for mlflow and pytorch by @egibs in #387
• Address false positives with google-cloud-sdk by @egibs in #388
• Address more run-tests.php false positives by @egibs in #389
• Address Kibana false positives by @egibs in #391
• Address false positives with argo-workflows-ui by @egibs in #392

Developer Improvements

• Update go-yara to 4.3.3 by @egibs in #386
• [StepSecurity] ci: Harden GitHub Actions by @step-security-bot in #390
• Bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 in the all group by @dependabot in #393
• Add benchmarks for samples by @egibs in #380

Full Changelog: v0.16.2...v0.17.0

v0.16.2

Rule Improvements

• Address false positives for remaining public packages by @egibs in #378
  • Packages with false positive fixes:
    • caddy
    • datadog-agent
    • opa
    • php
    • rstudio
    • sonarqube
    • varnish

Full Changelog: v0.16.1...v0.16.2

v0.16.1

Rule Improvements

• More /dev/tcp rule tweaks for GitLab healthcheck script by @egibs in #372
• Address false positives for SQLPad and Lerna by @egibs in #375

Developer Improvements

• Bump github.com/google/go-containerregistry from 0.20.0 to 0.20.1 in the all group by @dependabot in #374
• Bump step-security/harden-runner from 2.8.1 to 2.9.0 in the all group by @dependabot in #373

Full Changelog: v0.16.0...v0.16.1