qwexvf/aegis-cli

v0.16.0 Security

This release includes 4 security fixes for security teams reviewing exposed deployments.

Published 1mo CLI & Terminal

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 4 known CVEs

Topics

ast-analysis cli cve dependency-scanner security go

+13 more

lockfile malware-detection npm-security osv python-security sbom sca shai-hulud supply-chain-attack supply-chain-security tree-sitter typosquatting vulnerability-scanning

Affected surfaces

auth rbac rce_ssrf

ReleasePort's take

Light signal

editorial:auto 22d

v0.16.0 adds SARIF 2.1.0 output for GitHub Code Scanning integration, remote GitHub Actions scanning, and detections for OIDC npm publish worms and cache poisoning.

Why it matters: Test in dev if you use GitHub Actions for npm publishing or caching. OIDC npm worm and cache poisoning detections block supply chain attacks; HTTP 30s timeout hardens remote scanning.

Summary

AI summary

Added SARIF output support to the GitHub Actions Scanner.

Changes in this release

Type	Severity	Summary	CVE
Security
Security	Medium	Stripped ANSI escape sequences from Evidence output to prevent terminal injection. Stripped ANSI escape sequences from Evidence output to prevent terminal injection. Source: llm_adapter@2026-05-21 Confidence: high	—
Security	Medium	Added HTTP client timeout (30s) for remote scans to prevent slowloris hangs. Added HTTP client timeout (30s) for remote scans to prevent slowloris hangs. Source: llm_adapter@2026-05-21 Confidence: low	—
Security	Medium	Implemented GitHub owner/repo input validation to prevent URL manipulation. Implemented GitHub owner/repo input validation to prevent URL manipulation. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature
Feature	Medium	GitHub Actions Scanner introduces WorkflowCheck pipeline with extensible pattern. GitHub Actions Scanner introduces WorkflowCheck pipeline with extensible pattern. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	GitHub Actions Scanner enables remote scanning via `aegis actions scan --repo owner/repo` using GitHub Contents API. GitHub Actions Scanner enables remote scanning via `aegis actions scan --repo owner/repo` using GitHub Contents API. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	GitHub Actions Scanner outputs SARIF 2.1.0 with `--sarif` flag, compatible with GitHub Code Scanning upload-sarif action. GitHub Actions Scanner outputs SARIF 2.1.0 with `--sarif` flag, compatible with GitHub Code Scanning upload-sarif action. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	New detections: OIDC + npm publish worm vector (Mini Shai-Hulud), actions/cache poisoning in pull_request_target. New detections: OIDC + npm publish worm vector (Mini Shai-Hulud), actions/cache poisoning in pull_request_target. Source: llm_adapter@2026-05-21 Confidence: high	—
Feature	Medium	Ecosystem parser pipeline refactored to two-stage process (EcosystemParser → NormalizedPackage → []Check). Ecosystem parser pipeline refactored to two-stage process (EcosystemParser → NormalizedPackage → []Check). Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	Added 9 new ecosystem parsers: Go, Maven, Composer, NuGet, Gleam. Added 9 new ecosystem parsers: Go, Maven, Composer, NuGet, Gleam. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Medium	GitHub Actions Scanner adds allowlist `.aegis-actions-allowlist.yaml` to suppress findings per-file or globally. GitHub Actions Scanner adds allowlist `.aegis-actions-allowlist.yaml` to suppress findings per-file or globally. Source: llm_adapter@2026-05-21 Confidence: low	—
Feature	Low	New detections: CapVCSDependency for VCS URL dependencies across multiple ecosystems. New detections: CapVCSDependency for VCS URL dependencies across multiple ecosystems. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Feature	Low	New detection `FindingCachePoisoning` finds `actions/cache` poisoning in `pull_request_target`. New detection `FindingCachePoisoning` finds `actions/cache` poisoning in `pull_request_target`. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—
Refactor	Medium	Moved `domain.PackageSource` from `usecase` to `domain`; kept backward-compatible type alias in `usecase`. Moved `domain.PackageSource` from `usecase` to `domain`; kept backward-compatible type alias in `usecase`. Source: llm_adapter@2026-05-21 Confidence: high	—
Refactor	Low	Pass `context.Context` as function parameter instead of storing in struct. Pass `context.Context` as function parameter instead of storing in struct. Source: granite4.1:30b@2026-05-23-audit Confidence: low	—

Full changelog

What's New

Ecosystem Parser Pipeline

Refactored heuristics to a two-stage pipeline (EcosystemParser → NormalizedPackage → []Check). Adding a new ecosystem now requires only one new parser file — no check files change.

New parsers (9 ecosystems now covered):

Go — go.mod replace directives
Maven — exec-maven-plugin hooks, <systemPath> local deps
Composer — repositories[type=vcs], install scripts
NuGet — custom feeds, <HintPath> local refs
Gleam — gleam.toml git deps

GitHub Actions Scanner

WorkflowCheck pipeline — same extensible pattern as package heuristics
Remote scanning — aegis actions scan --repo owner/repo via GitHub Contents API
Allowlist — .aegis-actions-allowlist.yaml to suppress findings per-file or globally
SARIF 2.1.0 output — --sarif flag; compatible with GitHub Code Scanning upload-sarif action
New detections: OIDC + npm publish worm vector (Mini Shai-Hulud), actions/cache poisoning in pull_request_target

New Detections

CapVCSDependency — VCS URL dependencies across PyPI, Cargo, RubyGems, Go, Composer, Gleam
FindingOIDCNpmPublish — id-token:write + npm publish (Mini Shai-Hulud 2026-05-11 worm vector)
FindingCachePoisoning — actions/cache inside pull_request_target

Clean Architecture

domain.PackageSource moved from usecase to domain; type alias in usecase for backward compatibility

Security Fixes

HTTP client timeout (30s) for remote scans — prevents slowloris hangs
GitHub owner/repo input validation — prevents URL manipulation
ANSI escape stripping from Evidence output — prevents terminal injection
context.Context passed as function parameter, not stored in struct

Security Fixes

HTTP client timeout set to 30 seconds for remote scans — prevents slowloris hangs
GitHub owner/repo input validation — prevents URL manipulation
ANSI escape stripping from Evidence output — prevents terminal injection
`context.Context` passed as function parameter, not stored in struct

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track qwexvf/aegis-cli

Get notified when new releases ship.

About qwexvf/aegis-cli

All releases →

qwexvf/aegis-cli

ReleasePort's take

Summary

Changes in this release

What's New

Ecosystem Parser Pipeline

GitHub Actions Scanner

New Detections

Clean Architecture

Security Fixes

Security Fixes

Related context

Related tools