Skip to content

Releases: SSL-ACTX/argus

v1.0.0

04 Feb 16:21
@SSL-ACTX SSL-ACTX
v1.0.0
4c28b91

Choose a tag to compare

View all tags
v1.0.0 Latest
Latest

argus v1.0.0 Release Notes

Release date: 2026-02-05

argus v1.0.0 marks the first stable release of the high-performance, entropy-based secret scanner with deep contextual analysis and attack-surface mapping.

Highlights

  • Hybrid detection engine: fast multi-pattern keyword search + Shannon entropy scanning.
  • Deep contextual “Story” analysis for explainable findings and prioritization.
  • Traffic / attack-surface tracing for HTTP client usage and endpoint classification.
  • Smart suppression workflows (load, generate, and audit suppression rules).
  • CI-friendly output formats: single JSON, NDJSON streaming, per-file JSON, and Story report output.

What’s Included

Detection

  • Keyword search using Aho–Corasick for high-throughput literal matching.
  • Entropy scanning to surface unknown/random-looking secrets (tokens, keys, credentials) that are not covered by keyword lists.
  • Adaptive confidence scoring to reduce noise by using surrounding context (identifier naming, nearby signals, and file context).

Deep Analysis (--deep-scan)

Deep Scan enriches findings with security heuristics to help triage quickly:

  • Token-sink provenance: hints when secret-like values appear to flow into network/disk/log sinks.
  • Credential shadowing: detects placeholder → real-secret transitions in the same identifier lineage.
  • Lateral linkage: correlates repeated high-entropy tokens across sources.
  • Protocol drift: flags insecure protocol downgrades and mixed protocol usage.
  • Auth drift: detects request patterns that unexpectedly omit authentication markers when nearby requests include them.
  • API capability inference: elevates risk for destructive/privileged request patterns (e.g., DELETE).
  • Secrets-in-comments escalation: elevates findings when sensitive indicators appear in comments near public endpoints.

Flow Context (--flow-scan)

  • Adds lightweight control-flow/scope context around findings to improve reviewer comprehension without requiring a full language server.

Request Tracing (--request-trace)

  • Extracts and classifies endpoints referenced by common HTTP clients (fetch, axios, curl, etc.).
  • Helps map your attack surface from source code and tie findings to request context.

Suppression

  • Load rules: --suppress <PATH>
  • Generate suppression hints: --suppress-out <PATH>
  • Audit rules: --suppression-audit to flag stale or overly broad suppressions.

Git / Diff Scanning

  • --diff with --diff-base <REF> supports scanning only newly added lines for CI workflows.

Output & Reporting

  • Human-readable terminal output (default).
  • Machine-readable output with --json.
  • File outputs via --output <PATH> and --output-format:
    • single: one JSON file written at end.
    • ndjson: streaming JSON lines during scanning.
    • per-file: one JSON file per source (directory output).
    • story: grouped Story report written to the output path.

Upgrade Notes

Important

The project version is now 1.0.0. If you pin versions in CI, update your lock/pins accordingly.

  • Binary is argus (crate/package name: argus).
  • If you use JSON output in pipelines, prefer --output-format ndjson for large repositories.

Quick Start

# Entropy scan a repo
a rgus -t . --entropy

# Deep scan + flow + request tracing
argus -t . --entropy --deep-scan --flow-scan --request-trace

# CI-friendly NDJSON
argus -t . --entropy --json --output-format ndjson --output ./argus.ndjson

Note

For exact flags and defaults, run argus --help.

What's Changed

  • build(deps): bump ring from 0.17.9 to 0.17.14 by @dependabot[bot] in #1

New Contributors

Full Changelog: https://github.com/SSL-ACTX/argus/commits/v1.0.0

Contributors

dependabot
Assets 2
Loading