agent-security-scanner-mcp 4.2.0 → 4.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -0
- package/package.json +1 -1
- package/src/config.js +3 -2
package/README.md
CHANGED
|
@@ -63,6 +63,8 @@ Continue reading below for full version documentation →
|
|
|
63
63
|
|
|
64
64
|
---
|
|
65
65
|
|
|
66
|
+
> **New in v4.3.0 (2026-05-05):** Critical security and reliability fixes — GitHub Actions now **fail closed** instead of fail-open when scanner output is invalid (preventing security gate bypass), patched **8 Hono CVEs** (XSS, path traversal, authentication bypass), fixed confidence threshold filtering case sensitivity, and corrected SARIF generation for GitHub Code Scanning. All fixes include comprehensive regression tests. **Upgrade recommended for production use.** [See Full Changelog](CHANGELOG.md#430---2026-05-05).
|
|
67
|
+
>
|
|
66
68
|
> **New in v4.2.0:** Compliance evidence collection — evaluate projects against SOC2-Technical (8 controls) and GDPR-Technical (6 controls) frameworks. Collects evidence from code scans, SBOM, vulnerability checks, and hallucination detection, then evaluates controls with pass/partial/fail/not_evaluated status. Supports evidence persistence for audit trails. [See Compliance Evaluation](#-compliance-evaluation-new-in-v420).
|
|
67
69
|
>
|
|
68
70
|
> **New in v4.1.0:** SBOM generation and dependency vulnerability analysis — generates CycloneDX v1.5 SBOMs, scans against OSV.dev for CVEs, detects hallucinated packages, compares baselines, and generates HTML audit reports. Supports 8 lock file formats and 7 manifest formats across npm, Python, Go, Rust, Ruby, and Java ecosystems. [See SBOM Tools](#-sbom--supply-chain-analysis-new-in-v410).
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "agent-security-scanner-mcp",
|
|
3
|
-
"version": "4.
|
|
3
|
+
"version": "4.3.0",
|
|
4
4
|
"mcpName": "io.github.sinewaveai/agent-security-scanner-mcp",
|
|
5
5
|
"description": "Security scanner MCP server for AI coding agents. Prompt injection firewall, package hallucination detection (4.3M+ packages), 1700+ vulnerability rules with AST & taint analysis, LLM-powered semantic code review, auto-fix. For Claude Code, Cursor, Windsurf, Cline, OpenClaw.",
|
|
6
6
|
"main": "index.js",
|
package/src/config.js
CHANGED
|
@@ -172,8 +172,9 @@ export function meetsSeverityThreshold(severity, config) {
|
|
|
172
172
|
}
|
|
173
173
|
|
|
174
174
|
export function meetsConfidenceThreshold(confidence, config) {
|
|
175
|
-
const threshold = config.confidence_threshold || 'LOW';
|
|
176
|
-
const
|
|
175
|
+
const threshold = String(config.confidence_threshold || 'LOW').toUpperCase();
|
|
176
|
+
const normalizedConfidence = String(confidence || 'LOW').toUpperCase();
|
|
177
|
+
const confidenceLevel = CONFIDENCE_ORDER[normalizedConfidence] ?? 0;
|
|
177
178
|
const thresholdLevel = CONFIDENCE_ORDER[threshold] ?? 0;
|
|
178
179
|
return confidenceLevel >= thresholdLevel;
|
|
179
180
|
}
|