Record file write metadata and notify on analysis completion

What's Changed

• Metadata on file writes is new recorded during dynamic analysis of packages. This includes the number of writes to each file as well as how many bytes were written during each write. More data collection (including the actual bytes written) is planned for future releases
• A new pub/sub topic was added which notifies subscribers when dynamic analysis of a package completes successfully
• Improvements to dev tools

New Contributors

• @elainechien implemented the file write data collection enhancements
• @adaluong implemented the notification mechanism for analysis completion

Full Changelog: rel-14...rel-16

Rust crates.io support.

What's Changed

• Replace [^\s] with \S in regexes by @maxfisher-g in #350
• Add helper scripts for analysis workflows by @maxfisher-g in #359
• Chmod the sandbox logDir so that it can be read by non-root users. by @calebbrown in #361
• Adds the crates.io ecosystem by @another-rex in #366

New Contributors

• @another-rex made their first contribution in #366

Full Changelog: rel-13...rel-14

Bug fixes: unlinkat parsing and docker push tags

What's Changed

• Fix out of bounds error in strace.go by @maxfisher-g in #348
• Make sure all tags are pushed during docker push. by @calebbrown in #345

Other contributions

• Olivekl docs updates 1 by @olivekl in #317
• Improve README for deploying BigQuery loader function by @maxfisher-g in #341
• Re-allow PRs changing only .md files to trigger CI builds by @maxfisher-g in #343

New Contributors

• @olivekl made their first contribution in #317

Full Changelog: rel-12...rel-13

Unlink parsing, remove apt-key, update scorecard with v2 beta

Changes to Analysis:

• remove deprecated apt-key command from Dockerfile (#339)
• add unlink/unlinkat strace parsing (#338)
• don't push manually built images by default and bump Ubuntu to 22.04 in Dockerfile (#336)

Other changes

• updated scorecard with the v2 beta (#340)

Bump cloudbuild timeout

What's Changed

• Extend the cloud build timeout by @calebbrown in #308

Full Changelog: rel-10...rel-11

Packagist Support

Enable Packagist/PHP support

What's Changed

• Bump worker RAM to 2Gi by @calebbrown in #278
• Add a sandbox for running packages downloaded from Packagist. by @calebbrown in #305
• Add Packagist feed support for analyzing PHP packages. by @calebbrown in #307

New Contributors

• @case made their first contribution in #295

Full Changelog: rel-9...rel-10

Separate host traffic from sandbox traffic; fix blocking pcap.

What's Changed

• Separate sandbox traffic to avoid capturing host packets during analysis. by @calebbrown in #275

Full Changelog: rel-8...rel-9

Capture DNS Query, Bump GVisor version

What's Changed

• Collect and add DNS queries to the analysis results. by @calebbrown in #270
• Bump GVisor version. It now supports cgroups v2. by @calebbrown in #273

Full Changelog: rel-7...rel-8

rel-7: Better sandboxing

Key Changes

• Block access from the Sandbox to any Private IP address space. by @calebbrown in #248
• Add curl to the sandboxes to make them more representative. by @calebbrown in #251
• Remove the fixed box name to make it harder for sandbox detection. by @calebbrown in #253
• Add a case studies document by @calebbrown in #254

Full Changelog: rel-6...rel-7

Improve security and strace parsing

What's Changed

• Support unlimited line length parsing for strace logs. by @calebbrown in #243
• Set MaxBadRecords for BigQuery loader. by @oliverchang in #244
• Add the ability to filter network access. by @calebbrown in #245