What's Changed

• fix: Add /lib64 bind mount to nsjail for Python DSL rule loading by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/438

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.1.3...v1.1.4

What's Changed

• chore: remove playground directory and dependencies by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/433
• feat: add auto-execution support to Python DSL rules by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/435
• fix: remove hardcoded version in JSON/SARIF formatters by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/436

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.1.2...v1.1.3

What's Changed

• feat(scan): add JSON/SARIF/CSV output formats and file output support by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/432

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v1.1.1...v1.1.2

🐳 Code Pathfinder v1.1.1 - Container Security Edition

We're excited to announce Code Pathfinder v1.1.1, a massive release that introduces comprehensive Docker and container security analysis capabilities! This release adds 47 security rules, a powerful Python DSL for writing custom rules, and native Dockerfile/docker-compose parsing.

🚀 Major Features

Complete Docker Security Analysis

Code Pathfinder now supports deep security analysis of containerized applications with:

• Native Dockerfile Parsing - Full tree-sitter based parsing of all 18 Dockerfile instructions
• Docker Compose Support - Parse and analyze docker-compose.yml files with security-focused queries
• 47 Built-in Security Rules - Comprehensive coverage of OWASP Docker Security, CIS Docker Benchmark, and industry best practices

Python DSL for Container Rules

Write expressive security rules using our new Python DSL:

@rule(
    id="DOCKER-SEC-001",
    severity="high",
    message="Running container as root"
)
def check_root_user(dockerfile):
    return dockerfile.user == "root"

Features include:

• Fluent API for querying Dockerfile instructions
• Built-in helpers for common security patterns
• Support for complex multi-instruction analysis
• Easy integration with CI/CD pipelines

Security Rule Categories

The 47 rules cover critical security areas:

• Privilege Escalation - Detect containers running as root, excessive capabilities
• Secret Management - Find hardcoded credentials, API keys in images
• Network Security - Identify exposed ports, insecure protocols
• Supply Chain - Check for unverified base images, outdated dependencies
• Best Practices - Health checks, multi-stage builds, layer optimization

🎯 Use Cases

DevSecOps Teams: Integrate container security scanning into your CI/CD pipelines Security Auditors: Quickly identify security misconfigurations across hundreds of Dockerfiles Platform Engineers: Enforce organizational security policies for containerized workloads Developers: Get immediate feedback on container security issues during development

📊 By The Numbers

• 🔒 47 security rules covering Docker & docker-compose
• 📝 18 Dockerfile instructions fully supported
• 🐍 Python DSL for custom rule authoring
• 🎯 3 severity levels (high, medium, low) for risk prioritization

🔧 Getting Started

Scan Your Dockerfiles

Install

npm install -g codepathfinder

Scan a project

pathfinder scan --project ./my-app ----rules /path/to/rules

Check rules here https://github.com/shivasurya/code-pathfinder/tree/main/rules

What's Changed

• chore(python-dsl): Release v1.1.0 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/405
• chore: Remove nsjail testing scripts from root directory by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/406
• feat: Add Cloudflare R2 stdlib registry upload + bump to v1.0.0 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/407
• fix: Remove AWS credentials action, install AWS CLI directly for R2 by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/408
• fix: Allow msilib and nis modules to fail gracefully by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/409
• chore: Remove outdated docs/ and pathfinder-rules/ directories by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/410
• chore: Move R2_SETUP.md and SANDBOX.md to knowledge base by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/411
• chore: Remove GitHub Container Registry build to save CI time by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/412
• refactor: Migrate test fixtures to sourcecode-parser/test-fixtures by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/413
• refactor: Rename sourcecode-parser to sast-engine (v1.1.0) by @shivasurya in https://github.com/shivasurya/code-pathfinder/pull/414

Full Changelog: https://github.com/shivasurya/code-pathfinder/compare/v0.0.34...v1.1.0