0sec-labs/foxguard

A FAST universal code security scanner, written in Rust. Batteries included: TUI for triage, secrets, post-quantum audits, diff-aware scans and more 𓃥

19 Releases

Latest: 1w ago

v0.9.0Latest

github-actions[bot]·1w ago·June 15, 2026

GitHub

✨ New languages (tree-sitter grammars)

Solidity, YAML, Dockerfile, bash, OCaml, Scala, Elixir, JSON (plus HCL/Terraform)
`languages: [regex]` rules — `pattern-regex` matched over raw file text (no AST), unlocking ~190 registry rules

📦 Taint mode (`mode: taint`)

New engines + Semgrep bridges: Java, C, Kotlin, and a full Ruby dataflow engine
`patterns:` AND-blocks inside `pattern-sources` / `pattern-sinks` / `pattern-sanitizers`
`$METAVAR.method($X)` receiver sinks and `$EL.field = $X` member-assignment (DOM-XSS) sinks

📦 Metavariable operators

`metavariable-comparison`, `metavariable-pattern`, `focus-metavariable`, `metavariable-analysis` (Shannon-entropy analyzer)
`fix:` — emits Semgrep autofix templates as finding suggestions

📦 Tooling & hardening

New registry-coverage measurement harness + living report (`docs/parity/registry-coverage.md`)
Semgrep-parity CI extended to C / Kotlin / inverse suites
Loader fixes: `MEDIUM` severity, optional `metavariable:` in comparison, PCRE-lookahead + `\Z`-anchor regex normalization
Plus the github-app / scan-threshold / diff / OSV-version fixes carried over from the 0.8.x line

📦 Install

```sh
npm install -g foxguard # or: cargo install foxguard
```
Binaries for macOS (x64/arm64), Linux (x64/arm64 musl), and Windows (x64) are attached below.
Full Changelog: https://github.com/0sec-labs/foxguard/compare/v0.8.1...v0.9.0

v0.8.1

github-actions[bot]·1mo ago·May 16, 2026

GitHub

📋 What's Changed

refactor(tui): split tui module by @Darkroom4364 in https://github.com/0sec-labs/foxguard/pull/288
docs(blog): CNSA 2.0 deadlines postmortem — every date carries a citation now by @peaktwilight in https://github.com/0sec-labs/foxguard/pull/293
feat(plugin): add standalone foxguard skill by @peaktwilight in https://github.com/0sec-labs/foxguard/pull/294
feat(rules): Dirty Frag class — skb in-place crypto without cow gate by @peaktwilight in https://github.com/0sec-labs/foxguard/pull/297
docs: bump language count to 11 (C added in #297) by @peaktwilight in https://github.com/0sec-labs/foxguard/pull/303
docs(blog): Dirty Frag rule pack — C support + 3 rules shipped by @peaktwilight in https://github.com/0sec-labs/foxguard/pull/304
test(kernel/dirty-frag): expand fixtures + tighten negative-regex (Tier 1 + FP shapes) by @peaktwilight in https://github.com/0sec-labs/foxguard/pull/305
chore: rename PwnKit-Labs to 0sec-labs in URLs and refs by @peaktwilight in https://github.com/0sec-labs/foxguard/pull/331
+ 9 more

v0.8.0

github-actions[bot]·1mo ago·May 7, 2026

GitHub

📦 Highlights

`foxguard pqc .` — new top-level mode. PQ-vulnerable-crypto rules across Python / JavaScript-TypeScript / Go / Java / Rust, plus TLS configuration files (OpenSSL, nginx, Apache). Each finding annotated with its CNSA 2.0 migration deadline sourced from declarative rule metadata, not substring-matched on rule IDs.
CycloneDX 1.6 CBOM output — `foxguard --format cbom .` emits a cryptographic bill of materials where every component links back to a file, line, and severity. The scan and the inventory are one artifact.
Dependency-level PQ scanning — `pqc` walks `Cargo.lock` and `requirements.txt` (closes [#221](https://github.com/PwnKit-Labs/foxguard/issues/221)). BFS over Rust transitive graph; curated Python list. Each hit carries a `dep_name` field for downstream attribution.
CNSA 2.0 compliance module — every deadline constant carries an inline NSA citation (FAQ v2.1 transition-timeline + May 2025 CSA *CNSA 2.0 Algorithms*). Remediation splits cleanly: ML-KEM-1024 / ML-DSA-87 for NSS; ML-KEM-768 / ML-DSA-65 for commercial.
FN-DSA (FIPS 206) and HQC awareness in PQ-safe allowlists ([#243](https://github.com/PwnKit-Labs/foxguard/pull/243)).
Crypto agility scoring rules ([#229](https://github.com/PwnKit-Labs/foxguard/pull/229)) — measures how well a codebase can rotate crypto primitives.
Per-finding confidence scores ([#207](https://github.com/PwnKit-Labs/foxguard/issues/207) / [#215](https://github.com/PwnKit-Labs/foxguard/pull/215)) — every finding ships with a 0–1 confidence number; filterable in TUI.
Severity overrides and per-rule enable/disable in config ([#212](https://github.com/PwnKit-Labs/foxguard/pull/212), [#213](https://github.com/PwnKit-Labs/foxguard/pull/213)) — tune scan output without touching rule sources.
+ 3 more

📦 Quality

False-positive sweep on exec, SSRF, path-traversal, and hardcoded-secret rules ([#271](https://github.com/PwnKit-Labs/foxguard/pull/271)).
Hardcoded-secret regex deduplicated across detectors ([#274](https://github.com/PwnKit-Labs/foxguard/issues/274) / [#277](https://github.com/PwnKit-Labs/foxguard/pull/277)).
`.unwrap()` audit complete — no `unwrap()` in any non-test scan path ([#275](https://github.com/PwnKit-Labs/foxguard/issues/275), [#283](https://github.com/PwnKit-Labs/foxguard/pull/283), [#284](https://github.com/PwnKit-Labs/foxguard/pull/284)). Replaced with `.expect()` carrying contextual messages.
Taint engine refactor — shared types extracted to `taint_engine.rs`, deduplicating mechanics across language backends ([#276](https://github.com/PwnKit-Labs/foxguard/issues/276), [#278](https://github.com/PwnKit-Labs/foxguard/pull/278), [#287](https://github.com/PwnKit-Labs/foxguard/pull/287)).

📦 Install

```sh
npx foxguard@latest # one-shot, no install
curl -fsSL https://foxguard.dev/install.sh | sh
cargo install foxguard
```

📦 Upgrade notes

README has been rewritten around PQ crypto + CBOM + CNSA 2.0 ([#247](https://github.com/PwnKit-Labs/foxguard/issues/247) / [#255](https://github.com/PwnKit-Labs/foxguard/pull/255)). The four-mode story (scan / diff / secrets / pqc) is now the headline.
All v0.7.x scan / diff / secrets behavior is unchanged. `pqc` is additive.
Full Changelog: https://github.com/PwnKit-Labs/foxguard/compare/v0.7.1...v0.8.0

v0.7.1

github-actions[bot]·2mo ago·April 17, 2026

GitHub

📦 Benchmark (avg ms, 15 iterations, 3 warmups)

| Repo | v0.4.0 | v0.7.0 | v0.7.1 | v0.7.1 vs v0.7.0 | v0.7.1 vs v0.4.0 |
|------|-------:|-------:|-----------:|-----------------:|-----------------:|
| express | 128 | 183 | 145 | -21% | +13% |
| flask | 127 | 233 | 187 | -20% | +47% |
| gin | 111 | 364 | 166 | -55% | +50% |
Express now lands within 13% of the pre-taint v0.4.0 baseline while doing strictly more work (cross-file taint tracking, multi-hop propagation).

⚡ Performance — the taint trilogy

#199 — Share Go taint Pass 1 summaries across rules
#202 — Share Python taint Pass 1 summaries across rules
#203 — Share JavaScript taint Pass 1 summaries across rules

📦 Distribution

#205 — New one-line installer: `curl -fsSL https://foxguard.dev/install.sh | sh`
Detects OS + arch, hits GitHub API for latest release, drops the binary in `$HOME/.local/bin`. ~80 lines of POSIX sh, no maintenance.
#195 — Removed Homebrew tap automation. The `brew install peaktwilight/tap/foxguard` path still works at v0.6.3 for existing users; new users should use the installer, `npx`, or `cargo install`.

📝 Docs + infra polish

#194 — New `TriageShowcase` section on the landing page
#196 — Unified tagline: *"A security scanner as fast as a linter, written in Rust."* Matches the Astral positioning pattern and the HN-validated post title. Rule count standardized on `170+`.
#197 — `scripts/release.sh` now auto-bumps README install refs. CI guard asserts they match `Cargo.toml`.
#198 — Bumped `ratatui` `0.29` → `0.30` (pulls `lru` past GHSA-rhfx-m35p-ff5j).

📦 Correctness

All refactors verified with:
Byte-identical JSON diffs on express, flask, and gin between pre- and post-refactor binaries
Dogfood — foxguard scans its own Rust source and reports the same 1,082 findings with identical severity breakdown
Test suite — 415+ tests passing, clippy clean under `-D warnings`

📦 Upgrade

```sh
npx foxguard@latest .
curl -fsSL https://foxguard.dev/install.sh | sh
cargo install foxguard
```
v0.7.1 is a drop-in replacement for v0.7.0. Same rules, same findings, faster.

📦 Closed

#174 (perf regression v0.6.2 is 2-5× slower than v0.4.0) — closed
#200 (extend batched walks to Python) — delivered in #202
#191 (automate README version refs) — delivered in #197
#173 (Homebrew automation) — superseded by #205 installer

v0.7.0

github-actions[bot]·2mo ago·April 17, 2026

GitHub

📦 Highlights

New `tui` command as the first-class interactive surface (renamed from `ui`).
Launch picker with three modes: `Scan`, `Diff`, `Secrets`. Nothing runs until you choose.
Richer detail pane — source context, cleaner snippet section, dataflow path rendering.
Explicit Open targets — `finding` / `source` / `sink`, cycled with `Tab`, opened with `Enter`.
In-app triage actions (`i`): mark reviewed / todo / ignore, clear review state, add to baseline, ignore rules in config. Preview before apply.
Diff and Secrets share the same UX language as Scan: same launch flow, footer, key hints.

📦 Screenshots

<img src="https://raw.githubusercontent.com/PwnKit-Labs/foxguard/v0.7.0/assets/tui-launch.png" alt="foxguard TUI launch picker" width="720" />
<img src="https://raw.githubusercontent.com/PwnKit-Labs/foxguard/v0.7.0/assets/tui-findings.png" alt="foxguard TUI findings + detail split" width="720" />
<img src="https://raw.githubusercontent.com/PwnKit-Labs/foxguard/v0.7.0/assets/tui-triage.png" alt="foxguard TUI triage popup" width="720" />
+ 1 more

📦 Usage

```sh
npx foxguard tui . # full scan triage
npx foxguard tui --diff main . # only new findings vs target branch
npx foxguard tui --secrets . # credentials and token leaks
```
Keys: `h/l` move, `1-3` jump, `Tab` cycle open target, `Enter` open, `i` triage, `?` help, `q` quit.

📦 Upgrade notes

Use `tui` instead of `ui` — `ui` is reserved for future web experiences.
Non-interactive scan commands are unchanged.

📦 Also in this release

Multi-hop cross-file taint tracking (#188)
Cross-version benchmark harness for perf regressions (#187)
Taint extraction optimizations and code formatting (#186)

📦 Read more

[Introducing foxguard TUI in v0.7.0](https://foxguard.dev/blog/foxguard-0-7-0-tui-launch/)

v0.6.3

github-actions[bot]·2mo ago·April 13, 2026

GitHub

📋 What's Changed

feat: post findings as inline PR review comments with --github-pr (refs #164) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/166
feat: add `foxguard diff` subcommand to show new findings vs target branch (refs #165) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/167
Website redesign + README updates for v0.7 by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/169
Full Changelog: https://github.com/PwnKit-Labs/foxguard/compare/v0.6.2...v0.6.3

v0.6.2

github-actions[bot]·2mo ago·April 12, 2026

GitHub

📋 What's Changed

fix: UTF-8 boundary checks in redact_match by @Darkroom4364 in https://github.com/PwnKit-Labs/foxguard/pull/85
fix: pass 1 max-file-size check, disable symlink following, encode SARIF URIs (refs #152, #153, #154) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/155
fix: add --quiet flag, warn on unsupported files, fix summary format (refs #156, #157, #158) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/159
Full Changelog: https://github.com/PwnKit-Labs/foxguard/compare/v0.6.1...v0.6.2

v0.6.1

peaktwilight·2mo ago·April 12, 2026

GitHub

📦 Precision & quality release

25 commits since v0.6.0 focused on precision, quality, and developer experience.

✨ New rules & sources

Kotlin taint rules: `kt/taint-sql-injection`, `kt/taint-command-injection`, `kt/taint-ssrf` with Ktor + Spring Boot sources
NoSQL injection: `py/taint-nosql-injection`, `js/taint-nosql-injection`, `go/taint-nosql-injection` for MongoDB
XXE taint: `py/taint-xxe`, `js/taint-xxe` with defusedxml sanitizer support
Log injection: `py/taint-log-injection`, `js/taint-log-injection`, `go/taint-log-injection`
Deserialization: `js/no-unsafe-deserialization`, `go/no-unsafe-deserialization`
JWT: `py/jwt-no-verify`, `py/jwt-hardcoded-secret`, `go/jwt-no-verify`, `go/jwt-hardcoded-secret`
Java XSS, C# path traversal, Ruby SSRF + path traversal, Go path traversal taint
Framework sources: Koa, NestJS (JS), Echo/Fiber/Chi (Go), Tornado/Bottle (Python)

🐛 Taint engine fixes

Python walrus operator (`:=`) now tracked
JS `await` expressions no longer break taint chain
Go type assertions preserve taint
JS spread elements (`...arr`) propagate taint
Python comprehensions propagate taint
Ternary/conditional expressions propagate taint in Python + JS
JS `export default` functions now included in cross-file summaries

📦 Precision improvements (false positive reduction)

LDAP rules: `.search()`/`.bind()` no longer match `String.search()`/`Function.bind()`
NoSQL rules: `.find()` restricted to MongoDB collection patterns, not `Array.find()`
Log injection: `.error()`/`.log()` restricted to `console.*` to avoid generic method FPs
Ruby `system("literal")` no longer fires
NoSQL severity downgraded from Critical → High
Sanitizers now match fix suggestions: `shlex.quote`, `DOMPurify.sanitize`, `shellescape`, `html.escape`, `encodeURIComponent` all recognized
Fix suggestions always visible (not gated behind `--explain`)
Noise path exclusions: `/spec/`, `/__tests__/`, `/__snapshots__/`, `/generated/`, `/gen/`, `/stubs/`

♻️ Refactoring

`impl_rule!` macro eliminates 1,665 lines of boilerplate across 174 rules
Single-pass language partition in scanner (was 3 separate filter passes)
Integration tests organized into 12 language-grouped modules

📦 Totals

174 built-in rules across 10 languages
337 tests all passing
Cross-file taint for Python, JavaScript, Go

📦 Upgrading

```sh
npx foxguard@0.6.1 .
```

📋 What's Changed

feat(js): add Koa and NestJS taint sources (refs #95) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/99
feat: add log injection taint rules for Python, JS, Go (refs #91) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/101
feat: propagate taint through ternary/conditional expressions (refs #93) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/100
feat: add XXE taint rules for Python and JavaScript (refs #92) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/103
feat: add deserialization rules for JS/Go and JWT rules for Python/Go (refs #94, #98) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/106
feat(py): propagate taint through list/dict/set comprehensions (refs #96) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/107
feat: add NoSQL injection taint rules for Python, JS, Go (refs #97) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/108
fix: handle walrus operator, await expressions, and Go type assertions in taint engines (refs #109, #110, #113) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/115
+ 16 more

v0.6.0 — Cross-file taint analysisv0.6.0

peaktwilight·2mo ago·April 12, 2026

GitHub

📦 Cross-file taint analysis

foxguard now traces taint across file boundaries — the first open-source security scanner to do this at sub-second speed.
```python
from . import queries
def search(request):
name = request.GET["name"]
return queries.run_query(name) # ← py/taint-sql-injection fires here
def run_query(name):
cur.execute("SELECT * FROM users WHERE name = '" + name + "'")
+ 1 more

📦 How it works

Two-pass parallel scan: pass 1 builds function-level taint summaries for every file, pass 2 resolves imported calls against those summaries. The Django shop fixture scans in 0.03s.

📦 Supported patterns

Python: `from .module import func`, `from module import func`, sibling file resolution
JavaScript: `require('./services')`, `import { fn } from './services'` with extensionless path probing (.js/.ts/.mjs/.cjs/.jsx/.tsx)
Go: same-package resolution (all .go files in a directory share exported functions)

📦 Also in this release

Kotlin — 10th supported language with 10 security rules
9 new taint rules: SSTI, XPath injection, LDAP injection for Python, JS, and Go
Python taint improvements: `%` formatting, `.format()`, tuple/list propagation, `os.environ.get()` source
Fix suggestions on all taint findings with concrete code examples
`--explain` flag showing source-to-sink dataflow traces
`--max-file-size` flag for memory safety on large files
Lock-free parallel scanner (Mutex eliminated)
Iterative AST walker (stack overflow prevention)

📦 Totals

153 built-in rules across 10 languages
276 tests all passing
Cross-file taint for Python, JavaScript, and Go

📦 Upgrading

```sh
npx foxguard@0.6.0 .
```

v0.5.1

peaktwilight·2mo ago·April 12, 2026

GitHub

✨ 9 new taint rules: SSTI, XPath, LDAP injection

Every taint language (Python, JS, Go) now covers three additional sink categories:
Server-Side Template Injection — `py/taint-ssti`, `js/taint-ssti`, `go/taint-ssti` (CWE-1336)
XPath injection — `py/taint-xpath-injection`, `js/taint-xpath-injection`, `go/taint-xpath-injection` (CWE-643)
LDAP injection — `py/taint-ldap-injection`, `js/taint-ldap-injection`, `go/taint-ldap-injection` (CWE-90)

📦 Python taint improvements

`%` operator propagation: `"SELECT %s" % user_input` now detected
`.format()` propagation: `"SELECT {}".format(user_input)` now detected
Tuple/list literal propagation: `"... %s" % (clean, tainted)` now detected
`os.environ.get()` now recognized as a taint source

⚡ Performance

Lock-free parallel scanner: replaced `Mutex<Vec<Finding>>` with `par_iter().flat_map().collect()`, eliminating lock contention

📦 Totals

134 built-in rules across 10 languages
275 tests all passing

📦 Upgrading

```sh
npx foxguard@0.5.1 .
```

📋 What's Changed

feat(py): propagate taint through % formatting, .format(), and tuple/list literals by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/75
perf: lock-free parallel scanner via flat_map/collect by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/76
feat(go): add SSTI, XPath, LDAP taint rules by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/78
feat(js): add SSTI, XPath, LDAP taint rules by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/79
feat(py): add SSTI, XPath, LDAP taint rules and os.environ.get source by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/80
feat: add Kotlin as 10th supported language with 10 security rules by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/81
Full Changelog: https://github.com/PwnKit-Labs/foxguard/compare/v0.5.0...v0.5.1

v0.5.0

peaktwilight·2mo ago·April 12, 2026

GitHub

📦 `--explain` flag: source-to-sink dataflow traces

Taint findings now show exactly how data flows from source to sink. Pass `--explain` to see source and sink trace lines with file, line number, and description.
```
src/routes.py:42 CRITICAL py/taint-sql-injection (CWE-89)
source → line 38: flask.request.args (user-controlled input)
sink → line 42: cursor.execute (SQL execution)
Fix: use parameterized queries: cur.execute("SELECT * FROM users WHERE name = ?", (name,))
```

✨ New taint rules

js/taint-sql-injection — SQL injection via string-built queries in Express/Knex/Sequelize
js/taint-eval — eval/Function constructor with user input
js/taint-command-injection — child_process.exec with user input
js/taint-ssrf — fetch/axios/http.get with user-controlled URLs
go/taint-*: closure analysis for Gin handler patterns (`r.GET("/path", func(c *gin.Context) { ... })`)

📦 MCP server (`foxguard-mcp`)

AI coding agents can now invoke foxguard via Model Context Protocol. Ships as a separate binary.

📦 Claude Code hook integration

Run foxguard automatically on every file edit in Claude Code. See `docs/claude-code-integration.md`.

📦 Semgrep taint YAML bridge — JS & Go support

The `--semgrep-rules` flag now supports taint rules targeting JavaScript and Go, in addition to Python.

📦 Internal improvements

Shared `AliasTable` eliminates duplicate import alias logic across Python/JS/Go engines
`AnalysisContext` struct replaces ad-hoc parameter passing in taint engine signatures
Dead code cleanup across taint engines and scanner

📦 Upgrading

```sh
npx foxguard@0.5.0 .
cargo install foxguard
```
Update GitHub Actions:
```yaml
uses: PwnKit-Labs/foxguard/action@v0.5.0
```
+ 4 more

📋 What's Changed

ci: deploy foxguard.dev from GitHub Actions by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/49
refactor: extract duplicated rule helpers into common module by @Darkroom4364 in https://github.com/PwnKit-Labs/foxguard/pull/45
tests: multi-file Django fixture pinning cross-file taint limit (refs #48) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/50
tests: multi-file Express, Next.js, and Gin realistic fixtures (refs #48) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/51
feat(js): js/taint-sql-injection server-side taint rule by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/53
docs: adopt PwnKit Labs umbrella tagline by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/56
docs: reduce PwnKit Labs mentions and fix stale umbrella tagline by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/57
docs: add Claude Code hook integration guide by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/62
+ 9 more

✨ New Contributors

@Darkroom4364 made their first contribution in https://github.com/PwnKit-Labs/foxguard/pull/45
Full Changelog: https://github.com/PwnKit-Labs/foxguard/compare/v0.4.0...v0.5.0

📋 What's Changed

ci: deploy foxguard.dev from GitHub Actions by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/49
refactor: extract duplicated rule helpers into common module by @Darkroom4364 in https://github.com/PwnKit-Labs/foxguard/pull/45
tests: multi-file Django fixture pinning cross-file taint limit (refs #48) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/50
tests: multi-file Express, Next.js, and Gin realistic fixtures (refs #48) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/51
feat(js): js/taint-sql-injection server-side taint rule by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/53
docs: adopt PwnKit Labs umbrella tagline by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/56
docs: reduce PwnKit Labs mentions and fix stale umbrella tagline by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/57
docs: add Claude Code hook integration guide by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/62
+ 9 more

✨ New Contributors

@Darkroom4364 made their first contribution in https://github.com/PwnKit-Labs/foxguard/pull/45
Full Changelog: https://github.com/PwnKit-Labs/foxguard/compare/v0.4.0...v0.5.0

v0.4.0

github-actions[bot]·2mo ago·April 11, 2026

GitHub

📋 What's Changed

Add inline ignore comments for code findings by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/4
Bump vite from 7.3.1 to 7.3.2 in /www by @dependabot[bot] in https://github.com/PwnKit-Labs/foxguard/pull/6
Bump defu from 6.1.4 to 6.1.7 in /www by @dependabot[bot] in https://github.com/PwnKit-Labs/foxguard/pull/5
Resolve Python import aliases in sink-matching rules (#7) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/11
Add LoC metric and larger-corpus target to benchmarks (#8) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/12
Add intraprocedural taint engine and first Python taint rule (refs #10) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/13
Taint engine: wire up sanitizer support (refs #16) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/20
Taint engine: nested subscripts and tuple destructuring (refs #15) by @peaktwilight in https://github.com/PwnKit-Labs/foxguard/pull/21
+ 13 more

✨ New Contributors

@dependabot[bot] made their first contribution in https://github.com/PwnKit-Labs/foxguard/pull/6
Full Changelog: https://github.com/PwnKit-Labs/foxguard/compare/v0.3.3...v0.4.0

v0.3.3

github-actions[bot]·2mo ago·April 8, 2026

GitHub

**Full Changelog**: https://github.com/peaktwilight/foxguard/compare/v0.3.2...v0.3.3

v0.3.2