This release adds 3 notable features for engineering teams evaluating rollout.
Published 26d
CLI & Terminal
✓ No known CVEs patched
✓ No known CVEs patched in this version
Topics
ast-analysis
cli
cve
dependency-scanner
security
go
+13 more
lockfile
malware-detection
npm-security
osv
python-security
sbom
sca
shai-hulud
supply-chain-attack
supply-chain-security
tree-sitter
typosquatting
vulnerability-scanning
Summary
AI summaryAdded Gleam/Hex ecosystem support.
Full changelog
0.14.0 (2026-05-08)
Added
- astscan: c#/.NET AST scanner via tree-sitter-c-sharp + nuget lockfile (0d1b927)
- diskcache: per-file usage cache + wire into AnalyzeUsage (e416400)
- gleam: add Gleam/Hex ecosystem support (4e17277)
- snapshot: [unused] marker, --used-only filter, opt-in risk downgrade (1201e30)
- snapshot: reachability layer via depusage (#25 phase 1) (5b0282b)
- snapshot: record UsedSymbols on each Used dep (3e5b7fa)
Fixed
- gleamscan: update fork to use relative include in scanner.c (1dbb33a)
- locksnap: persist Reachability across snapshot save/load (829b067)
- usage: prefix-match Go module roots when checking import paths (3502701)
Docs
- document reachability layer + detection-gap archive (932fb93)
- rewrite README, add VHS demo, fix gleamscan queries (6f26fab)
CI
- release-please: revert to GITHUB_TOKEN; document manual re-tag (5647435)
- release-please: use a PAT instead of GITHUB_TOKEN (#28) (bf38ec9)
Tests
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About qwexvf/aegis-cli
All releases →Related context
Beta — feedback welcome: [email protected]