v1.12.0

Changelog

• ad793a7 Merge pull request #137 from ashishkurmi/ak/chore/up-ver-1.12.0
• 26de0ee chore(release): update to 1.12.0
• a9b7e52 Merge pull request #136 from swarit-stepsecurity/swarit/fix/enable-rc-config-feature-gates
• 7037378 Merge branch 'main' into swarit/fix/enable-rc-config-feature-gates
• 784b15a Merge pull request #87 from swarit-stepsecurity/swarit/fix/brew-upstream-failure
• c3969fd Merge remote-tracking branch 'upstream/main' into swarit/fix/brew-upstream-failure
• 5235293 chore(rc-config): enable pnpm/bun/yarn audits by default
• 4850be6 Merge pull request #133 from raysubham/feat/test-build-intunewin
• 7856446 Merge branch 'main' into feat/test-build-intunewin
• b651811 Merge pull request #135 from ashishkurmi/feat/malicious-file-detection
• a53341b Merge branch 'main' into feat/malicious-file-detection
• 83b54f4 Merge pull request #128 from Prateek-stepsecurity/pn/pnpm-fix
• 0e820c2 Merge branch 'main' into pn/pnpm-fix
• 27ab2d1 perf(detector/rules): bound scan memory to one file at a time
• bd60bb4 Merge branch 'main' into feat/malicious-file-detection
• 6a77134 Merge pull request #134 from swarit-stepsecurity/swarit/feat/expand-rc-config-surface
• 62df38f Merge branch 'main' into swarit/feat/expand-rc-config-surface
• 3da82ff fix(configaudit): address PR review feedback
• fa6a922 Merge branch 'main' into feat/malicious-file-detection
• 3d4bb85 Merge branch 'main' into feat/test-build-intunewin
• bf92d13 Merge pull request #98 from shubham-stepsecurity/sm/feat/add-support
• 24cf448 Merge branch 'main' into sm/feat/add-support
• cb78c7e chore: go fmt
• aed4273 feat(detector): malicious-file detection rules engine + telemetry wiring
• 3b5cbf7 chore(configaudit): trim review comments + extra parser tests
• 7b35c60 feat(yarn): surface inventory of yarn classic and berry config
• b8d2047 feat(bun): surface inventory of bunfig.toml configuration
• 144e6b5 feat(pnpm): surface inventory of pnpm configuration
• b461343 refactor(configaudit): extract shared file-metadata helpers
• bbbe7cb Merge branch 'main' into feat/test-build-intunewin
• 6c06d77 Merge pull request #132 from swarit-stepsecurity/swarit/chore/enable-rc-config
• e1e2b7a Merge branch 'main' into swarit/chore/enable-rc-config
• 8e138b1 ci(test-build): pack an unsigned .intunewin + add correlation run-name
• 1f50488 fix: pnpm path fix for linux
• 9a2b0e6 fix: pnpm path fix for windows
• 91f943b Merge pull request #130 from shubham-stepsecurity/sm/fix-npm-launchagent-path
• 83851ef chore(rc-config): enable npm, pip rc config scan
• 8734ee2 fix(executor): ensure proper shell quoting for commands and arguments in RunAsUser
• fb62468 fix(scan): resolve package managers under the LaunchAgent's stripped PATH
• 745ef4d Merge pull request #129 from swarit-stepsecurity/swarit/fix/empty-payload
• 0bcaa64 chore: address comments
• 0044393 fix(windows): handle empty payloads when npn is not present
• 58b0230 fix(launchd): surface bootstrap/bootout failures instead of swallowing them
• 432bc2f chore(mdm): use launchctl bootstrap/bootout instead of load/unload
• a8aef8f fix(brew): synthesize raw scan output from rich data

v1.11.7

Changelog

• 7b56315 Merge pull request #126 from swarit-stepsecurity/swarit/fix/sccm-first-run
• c229a9e Merge branch 'main' into swarit/fix/sccm-first-run
• aadd5d1 Merge pull request #127 from ashishkurmi/main
• 689d277 chore(release): update to 1.11.7
• 3abab4d fix(windows): force first run as /ru interactive
• 2ee3faa Merge pull request #123 from shubham-stepsecurity/sm/fix
• eb61ae3 Merge branch 'main' into sm/fix
• db2b2bc fix(telemetry): capture log tail through upload
• 4adfd33 Merge pull request #125 from swarit-stepsecurity/swarit/fix/normalize-api-endpoint
• 838527d Merge branch 'main' into swarit/fix/normalize-api-endpoint
• 796a917 Merge branch 'main' into sm/fix
• 50b4796 fix(config): normalize api_endpoint to strip trailing slashes
• 35d0efa fix: ci test
• a583b8a Merge pull request #124 from ashishkurmi/verify-release-workflow
• a0af587 Merge branch 'main' into verify-release-workflow
• d40b3a7 Merge pull request #121 from raysubham/ci/intunewin-release-artifact
• 48518c1 feat(telemetry): bound scans with deadlines, ship log tail in heartbeat
• bc866e2 fix: deliver execution-watchdog limit via config.json
• 3cc7672 ci: pack .intunewin via install.cmd wrapper, not the raw MSI
• 64e93c4 fix: detect Antigravity
• 588c8e0 docs: soften Intune guide reference to plain prose
• 59f76bc ci: add Verify Release workflow to gate release artifacts
• c0b73b9 fix: harden macOS scans against IDE pop-ups and stuck processes
• d1c7fd4 ci: build signed .intunewin release artifact + registry version marker
• a44a190 Merge pull request #120 from raysubham/worktree-rename-api-endpoint
• e085bbf Merge branch 'main' into worktree-rename-api-endpoint
• 338fb9c Merge branch 'main' into worktree-rename-api-endpoint
• 3a604bc docs: update SCCM API endpoint to agent.api.stepsecurity.io

v1.11.6

Changelog

• fa5d3d2 Merge pull request #118 from shubham-stepsecurity/sm/fix
• b6f1379 Merge branch 'main' into sm/fix
• b07fc1d Merge pull request #119 from step-security/akurmi/chore/mdm-skip-library-wholesale
• b0bb6c4 Merge branch 'main' into sm/fix
• fc007a6 Merge branch 'main' into akurmi/chore/mdm-skip-library-wholesale
• 4b0fa4e chore(release): update to 1.11.6
• bfcc747 fix(pipconfig): guard pip detection from triggering CLT install dialog
• d0edb58 Merge pull request #117 from step-security/akurmi/chore/mdm-skip-library-wholesale
• c505c8c chore(mdm): skip ~/Library wholesale to fix Tahoe Media Library prompt

v1.11.5

Changelog

• 4e332cd Merge pull request #115 from swarit-stepsecurity/swarit/chore/up-ver-1.11.5
• 2ec0cd5 Merge branch 'main' into swarit/chore/up-ver-1.11.5
• 6ed54f0 chore(release): update to 1.11.5
• 2c625d3 Merge pull request #113 from swarit-stepsecurity/swarit/chore/launcher-exec-mode
• eee8652 Merge branch 'main' into swarit/chore/launcher-exec-mode
• e3615d5 Merge pull request #114 from shubham-stepsecurity/sm/test
• f1c82f3 chore(mdm): expand TCC skip to cover Photos, Media Library, App Management
• 5f0c4f9 chore(mdm): address review comments on macos-tcc-permissions doc
• 193bbe4 chore(mdm): always-skip TCC by default + add PPPC config guide
• 4f2f6c3 fix(launcher): preserve legacy exit-1-silent on default-mode failure
• faab363 feat(windows): add --exec mode to GUI launcher

v1.11.4

Changelog

• 3f3f74a Merge pull request #108 from shubham-stepsecurity/sm/test
• a5359b0 Merge branch 'main' into sm/test
• dcd8cc2 Merge pull request #109 from shubham-stepsecurity/sm/update
• a13a7ad Merge branch 'main' into sm/update
• bd071a1 fix(install-dir): reject empty --install-dir for install/uninstall
• 1580fa1 Merge pull request #111 from swarit-stepsecurity/swarit/chore/up-ver-1.11.4
• a0e3be1 Merge branch 'main' into swarit/chore/up-ver-1.11.4
• 9d0352d Merge pull request #112 from raysubham/subham/feat/msi-verify-script
• 7d487a3 scripts: add verify-msi.ps1 for client-side MSI integrity check
• e2a9209 chore(release): update to 1.11.4
• a719820 Merge pull request #97 from step-security/chore/GHA-212138-stepsecurity-remediation
• 40d782c chore(mdm): scope TCC skip to launchd, tighten prefix, dedupe helpers
• 839eb63 Merge branch 'main' into chore/GHA-212138-stepsecurity-remediation
• 392a3be fix(install-dir): make config field authoritative
• 8b0fdfe chore(mdm): log TCC skip hits encountered during walks
• 9351328 chore(mdm): skip macOS TCC-protected directories
• 1d3775e Merge pull request #107 from ashishkurmi/main
• 6a03fb4 ci: Authenticode-sign Windows binaries and MSIs via Azure Trusted Signing
• 8b92fa1 Merge pull request #106 from swarit-stepsecurity/swarit/chore/gate-features
• 11d6e9d Merge branch 'main' into swarit/chore/gate-features
• be0b7d3 chore: add feature gate to disable/enable features
• a518d6b Merge pull request #105 from ashishkurmi/main
• 81b876c ci: add workflow to build test binaries and MSIs on demand
• 85f35b8 Merge pull request #104 from ashishkurmi/swarit/fix/windows
• 94624db fix(windows): stop console window flashes during scheduled scans
• 0e007ef Merge pull request #99 from shubham-stepsecurity/sm/fix
• 11e2f91 Merge branch 'main' into sm/fix
• 567a4a3 Merge pull request #86 from shubham-stepsecurity/sm/update
• 7915016 Merge branch 'main' into sm/update
• 078df68 fix(telemetry): sandbox invocation test + make postPhase non-blocking
• 5a83651 fix(paths): canonicalise $HOME/~ expansion via filepath.Join
• dda8d0a fix(paths): add support for expanding $HOME
• 80526e0 chore(telemetry): track upload phase + per-phase sub-progress
• c666b5c [StepSecurity] Apply security best practices
• a24d4cf chore(info): Adding invocation_method and in-flight status_info

v1.11.3

Changelog

• cb9abe5 Merge pull request #95 from ashishkurmi/ak/chore/up-ver-1.11.3
• 9ebba3a Merge branch 'main' into ak/chore/up-ver-1.11.3
• 3a190b3 chore(release): bump version constant to 1.11.3
• ab88e52 Merge pull request #94 from ashishkurmi/ak/chore/up-ver-1.11.3
• cb62715 Merge branch 'main' into ak/chore/up-ver-1.11.3
• 72e9083 chore(release): update to v1.11.3
• 91a1b2b Merge pull request #88 from shubham-stepsecurity/sm/feat/add-support
• a839a7b feat(mdm): configurable install dir + persistent stderr logs
• 6dec9e3 Merge pull request #93 from swarit-stepsecurity/swarit/chore/up-ver-1.11.2
• 4d6bc03 Merge branch 'main' into swarit/chore/up-ver-1.11.2
• 873641a Merge pull request #92 from swarit-stepsecurity/swarit/feat/msi-integration
• 4c368c9 chore(release): update to v1.11.2
• 785d6b8 address remaining Copilot review comments on PR #92
• 40ca150 docs: tighten MSI deployment + packaging guides
• 5e82728 ci(msi-smoke): explicit exit 0 after uninstall cleanup checks
• b334bb6 ci: add MSI build/install/verify/uninstall smoke test on every PR
• fe8f42c ci: go fmt
• 860c018 address PR #92 review comments from Copilot
• 16f869a feat(install): add --ignore-telemetry-error opt-in for MSI/SCCM
• 900e7af fix(msi): use WixQuietExec from WixToolset.Util.wixext
• c5143c8 fix(msi): switch to Property-attribute custom actions (MSI Type 50)
• ea55aae fix(msi): bake [INSTALLFOLDER] into ExeCommand literally
• 9a3a90b fix(msi): switch custom actions to deferred + SetProperty CustomActionData pattern
• 1235415 ci: build MSIs on windows-latest (WiX 4 has Linux path-parsing bug)
• 343faf0 chore: bump version for MSI release pipeline test on fork
• 3e119c3 feat(windows): integrate msi based releases
• 09dc2a2 Merge pull request #91 from swarit-stepsecurity/swarit/fix/windows-sys-schedule
• 10f2422 fix(windows): grant Users modify ACL on ProgramData log dir; correct comment
• bb6266e Merge branch 'main' into swarit/fix/windows-sys-schedule
• c8b6d63 fix(windows): run scheduled task as logged-in user via /ru INTERACTIVE
• 30ed51d Merge pull request #82 from Prateek-stepsecurity/pn/fix/pnpm
• 35d905d fallback logic
• ce70bf6 fix(pnpm): resolve v11 global-scan regression
• 6b34f69 Merge pull request #74 from swarit-stepsecurity/swarit/feat/wt/ai-hooks-integration
• e2ccb01 Merge branch 'main' into swarit/feat/wt/ai-hooks-integration
• 19b4cb1 Merge pull request #70 from swarit-stepsecurity/swarit/fix/detect-intercepted-uploads
• 1ed02f2 feat(aiagents): poll backend for hook enable/disable state
• ce956bb Merge branch 'main' into swarit/fix/detect-intercepted-uploads
• 79cb3e4 Merge pull request #69 from swarit-stepsecurity/swarit/feat/wt/rc-info-npm-pip
• 80be25d Merge branch 'main' into swarit/fix/detect-intercepted-uploads
• 85ff613 chore(ci): fix lint (gofmt) and gosec findings
• cf73af5 Merge remote-tracking branch 'upstream/main' into swarit/feat/wt/rc-info-npm-pip
• e953fc2 Merge pull request #76 from shubham-stepsecurity/sm/update
• f915375 Merge branch 'main' into sm/update
• b6cd689 Merge pull request #68 from swarit-stepsecurity/swarit/feat/wt/machine-resource-info
• 1078555 Merge remote-tracking branch 'upstream/main' into swarit/feat/wt/machine-resource-info
• 554ce60 chore: address gosec int64->uint64 conversion warning
• c587219 Merge branch 'main' into sm/update
• f60b436 Merge pull request #77 from raysubham/fix/windows-hook-bash-path
• e118b2b Merge branch 'main' into fix/windows-hook-bash-path
• 9e5ab15 Merge pull request #65 from swarit-stepsecurity/swarit/fix/issue-62-63
• 27c08f8 fix(aiagents): write Windows hook command with forward-slash path
• a73c77d chore: gofmt blank-line and comment formatting
• 670b67c chore: address comments
• c805d0f feat(device): collect static machine resource info
• 98b42c4 fix(pnpm): resolve v11 global-scan regression
• ab70514 chore: gofmt struct alignment in telemetry payload
• 30b0e7c chore: address comments
• 4e76bb9 fix(linux/mac): lock contention race and console user edge case
• b71addd Merge pull request #75 from swarit-stepsecurity/swarit/chore/go-quality-checks-and-badges
• dc85270 Merge branch 'main' into swarit/chore/go-quality-checks-and-badges
• 217e00f Merge pull request #73 from raysubham/fix/claude-hooks-windows-idempotency
• d4f0ab5 ci: add gosec SAST workflow + README badge
• abb5b7e ci: add vet/fmt/tidy + cross-platform build; refresh README badges
• 4b6988d chore: apply gofmt across the tree
• 3378ca3 test(cli): cover --npmrc + --pipconfig mutual exclusion
• 7974381 chore: address comments
• 16d58c3 chore: address comments
• 66851e2 fix: handle Windows Codex hook paths
• 15b7cdc fix: handle Windows Claude hook paths
• 33b752f Merge pull request #61 from raysubham/feat/ai-agents-hook-events
• 0c965b3 Merge branch 'main' into feat/ai-agents-hook-events
• ef036bb Merge pull request #71 from shubham-stepsecurity/sm/fix
• 20bb53b fix: improve comments for Apple CLT stub detection and mock behavior
• f30602f fix: add support for detecting Apple Command Line Tools stubs in executors and detectors
• 7e2eadf Merge branch 'main' into swarit/feat/wt/rc-info-npm-pip
• 7e6c38f fix(telemetry): detect intercepted uploads on client side
• ad93d7e Merge remote-tracking branch 'upstream/main' into feat/ai-agents-hook-events
• e295fb8 feat: update events schema
• 8a66361 feat: improve redaction check
• 5227516 fix(pipconfig): handle pip 24.x effective output with no 'from ' suffix
• 006bdb6 test(configaudit): add tests/test_rc_audit.sh end-to-end harness
• 4dd1117 fix(pipconfig): redact effective.config + legacy-path detection by suffix
• 1aa1466 refactor(configaudit): split rc/pip audits into internal/detector/configaudit
• 18e6959 feat(pipconfig): surface inventory + finding catalog for pip configuration
• 41e17d7 feat(npmrc): surface inventory of every .npmrc on the host
• 35fcd13 feat: implement backup pruning logic
• 58f2635 chore: update backup file format
• 104af85 remove tests
• d25a3a9 update code comments
• bfc4c3e feat: phase 4
• b4afbe4 feat: phase 3
• 38fe9a8 feat: phase 2
• 902fad9 feat: phase 1

v1.11.1

Changelog

• 56cd419 Merge pull request #60 from swarit-stepsecurity/swarit/chore/up-ver-1.11.1
• c139c9a chore(release): update to v1.11.1
• 341b3ba Merge pull request #59 from swarit-stepsecurity/swarit/fix/agent-path
• 6184dd3 Merge branch 'main' into swarit/fix/agent-path
• f5d1983 Merge pull request #54 from swarit-stepsecurity/swarit/chore/update-docs-coverage
• da4ae52 fix(windows): relative path detection
• 0971d28 fix(detection): ide symlinked path detection
• c642ec9 Merge branch 'main' into swarit/chore/update-docs-coverage
• 33749f8 Merge pull request #56 from swarit-stepsecurity/swarit/chore/add-extensions-path
• b5dcc16 chore(ide): add extensions path
• 3604d3d merge: resolve SCAN_COVERAGE.md conflicts with upstream/main
• 1bf1e5c docs: complete cross-platform coverage and add missing scan categories
• 3c3d258 docs: update documentation to reflect cross-platform support and current codebase

v1.11.0

Changelog

• d0db5b4 Merge pull request #53 from ashishkurmi/sm/bump-1.11.0
• 150095d chore(release): bump version to 1.11.0 and update changelog
• 504b3f8 Merge pull request #51 from shubham-stepsecurity/sm/update
• aefac7d Merge branch 'main' into sm/update
• f8a08fc feat(aicli): add detection for Cursor Agent CLI and update documentation
• 325669c Merge pull request #50 from swarit-stepsecurity/swarit/fix/release-workflow
• 14ad84c fix(release): fix linux release workflow issues
• cfe51c8 Merge pull request #45 from swarit-stepsecurity/swarit/chore/linux-bin-release
• d9cf596 Merge branch 'main' into swarit/chore/linux-bin-release
• cbf40f9 Merge pull request #43 from swarit-stepsecurity/swarit/feat/sys-pkg-metadata
• 56b84b5 chore: address copilot reviews
• 02186f4 chore(linux): add packaged releases
• f6e6b55 chore(brew): add cask and formulae metadata collection
• fa0fc4f chore(macos): add brew pkg metadata
• d47f9ae chore: add security context for pkgs
• f8329bc chore(linux): add sys pkgs metadata
• 06ee45b Merge pull request #48 from shubham-stepsecurity/sm/feat/migrate
• 7e916d5 Merge branch 'main' into sm/feat/migrate
• b9b178e Merge pull request #44 from shubham-stepsecurity/sm/fix
• 62ecf52 fix(aicli): improve detection logic for GitHub Copilot CLI by rejecting non-zero exit codes
• 3803cc4 fix(aicli): handle detection for GitHub Copilot CLI version
• c740fec fix(python): update virtual environment paths and enhance project detection for venvs without pip
• e4ddcfa fix(python): improve Python project detection logic
• a4b4251 Merge pull request #39 from shubham-stepsecurity/sm/feat/add-support
• 70aecdd refactor(tests): improve assert_contains function to avoid SIGPIPE errors & update logging
• d4f9cc4 chore(telemetry): replace custom UUID generation with google/uuid dependency
• 4eafe9d feat(mdm): add telemetry run status reporting
• 0fba903 Merge pull request #38 from shubham-stepsecurity/sm/update
• aaae474 fix: update logger level to info in S3 upload test
• 35be6e2 refactor: remove gzip compression from stdout/stderr and update telemetry upload to use gzip compression
• 642891b feat: add gzip compression for stdout/stderr output and corresponding tests
• 22f15ad Merge pull request #47 from swarit-stepsecurity/swarit/chore/remove-shell-script
• 4fd3f86 Merge branch 'main' into swarit/chore/remove-shell-script
• 88b65f8 Merge pull request #37 from shubham-stepsecurity/sm/feat/config
• 63c3e2b Merge branch 'main' into sm/feat/config
• ce3a1ef chore: remove shell script references
• cee172a chore(dmg): remove shell script
• 21cb7cf Merge pull request #42 from swarit-stepsecurity/swarit/feat/linux-pkgs-support
• 6aa92ff chore(linux): wire up sys package support
• e5c3c65 feat: implement log level configuration and enhance logging throughout the application
• 201fb79 Merge pull request #36 from swarit-stepsecurity/swarit/feat/linux-support
• 8055c59 fix: address Copilot PR review feedback
• b2593a0 ci: retrigger checks
• 7a96bcf chore: go lint
• 22bec63 feat(linux): add support for snap and flatpak pkgs
• ce74969 feat(linux): add rpm package support
• 53c706a feat(linux): add jetbrains support
• 4b9882f fix: use bios serial number
• 0f76d54 chore: performance improvements
• ffb44e1 feat(linux): add sysd scheduling
• dfdc2aa feat: add linux support

v1.10.2

Changelog

• 94231e6 Merge pull request #35 from shubham-stepsecurity/sm/update
• 3896161 feat: default quiet=false, raise S3 upload timeout to 10m, gofmt cleanup
• 3d8003c Merge pull request #33 from swarit-stepsecurity/swarit/chore/up-ver-1.10.2
• bf92e4e chore: update changelog
• b35b044 chore(release): bump version to 1.10.2
• 8a029a0 Merge pull request #32 from swarit-stepsecurity/swarit/feat/windows-eclipse-plugins
• 79b1250 fix: address Copilot review comments on PR #32
• 5891fc7 fix(lint): remove unused eclipseExePatterns and resolveEclipseFeatureDirs
• ed292a6 feat(windows): eclipse plugin detection
• 6f3a22b fix: scope bundled plugin filter to Windows only
• 3cb22fd feat: filter bundled plugins by default, add --include-bundled-plugins flag
• 46ef8f5 feat(eclipse): use p2 director API for authoritative marketplace plugin detection
• eb751bb fix(eclipse): expand bundled prefix list to accurately identify marketplace plugins
• 9165fda feat(windows): robust multi-stage Eclipse plugin detection
• 16c90a1 fix(windows): Eclipse plugin detection uses detected IDE install paths
• 3429665 fix(windows): add Windows Eclipse plugin detection paths

v1.10.1

Changelog

• e001cf8 Merge pull request #31 from shubham-stepsecurity/sm/test
• 8417f66 feat: implement retry logic for signing artifacts with Sigstore
• f0d019d Merge pull request #30 from shubham-stepsecurity/sm/test
• ab72688 chore(release): bump version to 1.10.1 and update changelog
• 6d1593e Merge pull request #29 from swarit-stepsecurity/swarit/feat/windows-ide-support
• b7eef8d fix: size limit message visible in quiet/enterprise mode
• 2f8bf3a feat(windows): registry-based IDE discovery fallback
• 57a002f fix: address Copilot review comments
• 612eb90 merge: resolve conflicts with upstream/main (v1.10.0)
• eab8f68 Merge pull request #28 from shubham-stepsecurity/sm/test
• bd373c5 fix(windows): use RunInDir for project package scanning
• 76b4e51 feat(windows): ide plugin detection
• d407c15 feat(windows): ide support
• e87d384 fix(executor): source .zshrc in RunAsUser for full PATH and fix exit code propagation