@vulcn/engine 0.9.0 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +19 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,24 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.9.2
|
|
4
|
+
|
|
5
|
+
### Patch Changes
|
|
6
|
+
|
|
7
|
+
- 800f9db: Fix multi-session report aggregation and CLI exit code behavior.
|
|
8
|
+
- **`@vulcn/plugin-report`**: Added `onScanEnd` hook for aggregate report generation. Multi-session scans (`vulcn run <session-dir>`) now produce a single report containing all findings instead of overwriting per-session. Per-session `onRunEnd` reports are skipped during scans; single-session runs are unaffected. Extracted `writeReports()` helper shared by both hooks.
|
|
9
|
+
- **`vulcn` CLI**: `vulcn run` now exits with code `0` on successful completion regardless of whether findings were detected. Exit code indicates tool success, not vulnerability presence — consistent with standard security tooling (OWASP ZAP, Nuclei, etc.).
|
|
10
|
+
- **Benchmark runner**: Fixed report path to read from `<dir>/vulcn-report.json` (matching plugin output). Bumped per-command timeout from 2min to 5min for CI. Added `VULCN_KEY` env default for non-interactive credential encryption.
|
|
11
|
+
|
|
12
|
+
## 0.9.1
|
|
13
|
+
|
|
14
|
+
### Patch Changes
|
|
15
|
+
|
|
16
|
+
- b4030c8: Migrate `vulcn crawl` to v2 session directory format and add benchmark pipeline.
|
|
17
|
+
- **`vulcn crawl`**: Now uses `saveSessionDir()` to output v2 session directories (`manifest.yml` + `sessions/` + `auth/`) instead of individual `.vulcn.yml` files. `vulcn run <dir>` loads these directly via `loadSessionDir()`.
|
|
18
|
+
- **Benchmark runner** (`benchmarks/run.ts`): Automated pipeline that crawls + scans 5 benchmark targets (Acunetix test sites + DVWA + WebGoat), scores findings against ground truth (TPR/FPR/Youden), and publishes results to vulcn.dev.
|
|
19
|
+
- **Benchmark CI** (`.github/workflows/benchmark.yml`): GitHub Action triggered on release — spins up DVWA, runs benchmarks, uploads artifacts, and comments scorecard on the release.
|
|
20
|
+
- **www**: Added `POST /api/benchmarks` endpoint (API_SECRET auth) to receive benchmark results from CI, and `GET /api/benchmarks` for the upcoming `/benchmarks` page. New `BenchmarkRun` + `BenchmarkTarget` Prisma models.
|
|
21
|
+
|
|
3
22
|
## 0.9.0
|
|
4
23
|
|
|
5
24
|
### Minor Changes
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vulcn/engine",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.2",
|
|
4
4
|
"description": "Fast, modern security testing engine — record browser sessions, replay with attack payloads, and detect vulnerabilities automatically. Pluggable driver and detection system for web application penetration testing.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "./dist/index.cjs",
|