Changes:

• 8505773673b588a6848dce0cea34872dbe642154 Package "rules" Folder with Library, Update Descriptions (#158)

This list of changes was auto generated.

Changes:

• d7edba04df2a7db2eb1273f5dc3eec63986d8eac Fix for identifying zip file processing and html GUI tag matching the same rule. (#156)

This list of changes was auto generated.

Changes:

• 353e06ff9e6ae7ed9ade48d0231ec541a12652dd Update projects for NuGet packaging, Add NBGitVersioning, Update pipeline (#154)
• 566d72a4a0dd7f32e466b8d90c8f1a46a9c066cd Improves project name clarity under restructure for Nuget/DLL support and code cleanup of spacing.
• 0559799f15342c616eb38e2e7a2368cce4a03f10 Solution change to split out CLI and core command functions as separate projects for improved NuGet support.
• a5f3a143323d09938bdb11c4ded5692a88a422ff Merge pull request #148 from PabloClon/master
• ee471a628d063adb77b361a9e67e86164384fd11 Merge pull request #149 from microsoft/Misc [ #146, #147 ]
• 7cf33ec0556402b8f324d25ed0b4fd3e1299e806 Fixes #146, #147
• 5e2884f08a79d8a6fede0516e8b75141a5f5127f Fixed typo in database rules
• c7114d2727a370beace24e9fc245314a49574a8f Merge branch 'master' into SupressBrowserOption
• 1af0ce490558d43115ca4059a3997ba0f85c29a3 Adds arg to supress auto opening of browser for html output. Issue for docker.

This list of changes was auto generated.

Fix for #139 Tagdiff command issue

• Minor repair to exclusion default list with spaces preventing it actually excluding properly
• Adds missing check on zip file exclusion if matches exclusion list
• Reduces exception to log warning if decompressed result has zero files which is valid for zip with no data or directories only.

Improvements & Fixes:

• Adds convenient code line number to html report FileListDialog improving ability to verify match #70
• Replaces restrictive built-in exclusion list with user customization list with prior defaults #122
• Fixes paths with spaces for launching output.html automatically #121
• Addresses an error detecting languages including when files are skipped for size or exclusion reasons #109
• Adds Dart language to allowed language file types to scan #95
• Removes breaking header from JSON output #125

Includes improvement suggested in #104 and is expected to be a resolution for items #103 #91 as well, related to processing [large] files partially including reading and out of memory exceptions before the file size checks preventing it.

Includes fix for security issue #108 for missing XSS output encoding in HTML report. Highly recommended to update to this release or later to avoid vulnerability impact.

Fixes #97 for TagDiff command including a related issue for TagTest
Additional patterns were added for detection of cloud storage services, and minor improvements to regex patterns for client based TLS auth, Kerberos and SAML. The newer Metadata tags checks against the file type scanned for avoiding elimination of subsequent checks for an unaccepted match was relocated to the rulesengine to ensure valid matches were not eliminated . We will continue to add and improve rules for detection while keeping false positives a low rate.

Addresses HTML report rendering issues when run outside of the application directory i.e. from a source folder using a path to the app installation folder vs running from the application folder with a path to source code. See #75 and #93 for issues submitted. With the change, either approach will work.

Adds app container detection like Docker etc. Improves name standardization / clarity on a few rules. Completes the effort begun in v1.0.20 to add the ability to distinguish features in executable code files from just information in build files by adding the 'Metadata' root to a few more solution rule tags. See wiki Tags section for more.

Minor fixes for bugs #75, #79 including issuing console message on use of -o argument when using the default or specified 'html' output format that generates an output.html file, which is application managed and not redirect-able. Both json and text formats do allow the output path to be specified.

Better separation of build metadata from executable features. Sets new scope limit to prevent "features" being detected in build files e.g. pom.xml, .yaml or package.json to reduce the possibility of false positive matches on features which should only be accepted from executable code e.g. cryptography code signing detection which applies to the package not the program execution. Features may only be detected in code files with these change. "Metadata" tags will continue to be identified in build or code files. Relabels a few rules with Metadata root nomenclature like code repos and adds a file type "code" or "build" to each language file.