supamend/CHANGELOG.md

Pluggable DevSecOps Security Scanner with 10+ scanners and multiple reporting channels

# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.0.0-beta.1] - 2025-06-16

### Added
- 🔍 **10 Security Scanners**: Gitleaks, Bandit, Trivy, Semgrep, Checkov, Hadolint, Safety, ESLint Security, npm audit, Yarn audit
- 📊 **7 Reporter Plugins**: GitHub Issues, Slack, Email, Discord, Teams, JSON, Console
- 🖥️ **Cross-Platform CLI**: Windows, macOS, and Linux support
- 🎯 **Interactive Mode**: Guided workflows with smart project detection
- 🔧 **Programmable API**: TypeScript/JavaScript API for integration
- ⚡ **GitHub Actions Integration**: Automated security scanning in CI/CD
- 🏗️ **Extensible Architecture**: Plugin system for custom scanners and reporters
- 🛡️ **Robust Error Handling**: Comprehensive error recovery with retry mechanisms
- 📈 **Structured Logging**: Detailed logging with error statistics and recovery suggestions
- 🚀 **Parallel Execution**: Run multiple scanners simultaneously for faster results
- 🤖 **Smart Detection**: Auto-detect project type and suggest appropriate scanners
- 🔄 **Non-blocking**: Continue scanning with available tools if some fail
- ⏱️ **Scanner Timeouts**: Configurable timeouts prevent hanging scanners (5min default)
- 📈 **Progress Tracking**: Real-time progress updates during scanning

### Features by Category

#### Security Scanners
- **Gitleaks**: Detect secrets and credentials in code
- **Bandit**: Python security linter
- **Trivy**: Comprehensive vulnerability scanner
- **Semgrep**: Static analysis security testing
- **Checkov**: Infrastructure as Code security
- **Hadolint**: Dockerfile security linting
- **Safety**: Python dependency vulnerabilities
- **ESLint Security**: JavaScript/TypeScript security
- **npm audit**: Node.js dependency vulnerabilities
- **Yarn audit**: Yarn dependency vulnerabilities

#### Reporting Channels
- **GitHub Issues**: Automated issue creation with severity-based labeling
- **Slack**: Rich formatted messages with webhook and bot token support
- **Email**: HTML formatted reports via SMTP
- **Discord**: Rich embeds with severity-based colors
- **Microsoft Teams**: Adaptive cards with structured layout
- **JSON**: Structured output for programmatic processing
- **Console**: Colored terminal output with multiple formats

#### Integration Features
- **Interactive CLI**: Step-by-step guided scanning with project detection
- **Configuration Management**: JSON-based configuration with environment variable support
- **GitHub Actions**: Ready-to-use workflow templates
- **Error Recovery**: Automatic retries with exponential backoff
- **Multi-format Output**: Support for various output formats and destinations

### Technical Details
- **Language**: TypeScript with full type safety
- **Node.js**: Requires Node.js 18+ and npm 8+
- **Cross-platform**: Tested on Windows, macOS, and Linux
- **Architecture**: Plugin-based extensible design
- **Testing**: Comprehensive test suite with 90%+ coverage
- **Documentation**: Complete guides for all integrations

### Installation
```bash
npm install -g supamend
```

### Basic Usage
```bash
# Interactive mode (recommended)
supamend interactive

# Direct scanning
supamend scan --scanners gitleaks,bandit --reporters console,json

# Auto-detect project and scanners
supamend scan --reporters console
```

[1.0.0-beta.1]: https://github.com/zmelliti/supamend/releases/tag/v1.0.0-beta.1