3.6.1 - 2024-09-09
3.6.1 is a patch release, but it features one exciting new,
still-experimental feature: support for plugins! Previously, if you wanted
to add a new source of data or a new form of analsis to Hipcheck, you needed
to modify Hipcheck itself. This placed some limitations on our ability to grow
Hipcheck, and more importantly it conflicted with a core design philosophy
of Hipcheck: that it should empower uses to express their policies about
using open source software (this is one of our Product Values, as expressed in
RFD #2).
With 3.6.1 users can now define custom plugins to provide new sources of
data and new analyses. There's a lot more for us to do with this, including
a lot of user experience polish, releasing our first SDK to make developing
plugins easier, creating and publishing documentation on how to create,
distribute, and use plugins, and more! For now though, this launch is our
official starting point where users can create, distribute, and run plugins.
For more details on the design of the new plugin system, check out
RFD #4. If you have questions
on how to work with plugins, you can always ask us in our GitHub Discussions
forum!
Completion of the Plugin Minimum Viable Product
- introduce plugin-based query infrastructure to scoring by @j-lanson in #327
- Adds structures and functions to parse policy files by @mchernicoff in #330
- implement PolicyFile --> AnalysisTree conversion, remove use of WeightTree in scoring by @j-lanson in #334
- Converts a provided config TOML file to a policy file struct if no policy file is provided by @mchernicoff in #336
- Fix formatting for Rust 1.81.0, rustfmt 1.7.1-stable by @cstepanian in #337
- Add JSON Pointer Preprocessor by @cstepanian in #315
- Deprecates the config arg by @mchernicoff in #339
- Implement large portion of the plugin system by @j-lanson in #349
- Fixup
cargo xtask checkissues by @alilleybrinker - Reduce dead code "allow"s by @alilleybrinker
- Impl PluginContext::explain_default_query by @alilleybrinker
- Cleanup and add comments to PluginContext by @alilleybrinker
- Group imports at crate level by @alilleybrinker
- Move "Context" under "error" module by @alilleybrinker in #351
- update report to use investigate policy expression by @j-lanson in #352
- Move "command_util" to "util/command" by @alilleybrinker
- Move "kdl_helper" to "util/kdl" by @alilleybrinker
- Fix warnings in plugin code by @alilleybrinker
- Add
Analysis::Pluginvariant by @alilleybrinker - Added TODOs in ReportBuilder by @alilleybrinker in #353
- implement suggesting investigation if certain analyses fail by @j-lanson in #355
- Add support for reporting plugin results by @alilleybrinker in #361
- Adds weight field to policy file categories by @mchernicoff in #333
- Update hardcoded policy expressions with new JSON pointer syntax by @cstepanian in #338
- make HcEngine plugin lookup use {publisher}/{plugin} as key by @j-lanson in #362
Automation Fixes & Improvements
- Install the protobuf compiler in release CI by @alilleybrinker in #328
- Copy plugins into containerfile build step by @alilleybrinker in #331
- More CI jobs by @alilleybrinker in #332
Dependency Version Bumps
- Bump prost from 0.13.1 to 0.13.2 by @dependabot[bot] in #323
- Bump tonic from 0.12.1 to 0.12.2 by @dependabot[bot] in #322
- Bump tokio from 1.39.3 to 1.40.0 by @dependabot[bot] in #321
- Bump ureq from 2.10.0 to 2.10.1 by @dependabot[bot] in #319
- Bump xml-rs from 0.8.21 to 0.8.22 by @dependabot[bot] in #356
- Bump dashmap from 6.0.1 to 6.1.0 by @dependabot[bot] in #357
- Bump tonic-build from 0.12.1 to 0.12.2 by @dependabot[bot] in #358
- Bump rustls-native-certs from 0.7.1 to 0.8.0 by @dependabot[bot] in #360
- Bump anyhow from 1.0.86 to 1.0.87 by @dependabot[bot] in #359
Full Changelog: hipcheck-v3.6.0...hipcheck-v3.6.1