v0.8.0

v0.8.0 Release

🚀 Major Features

Enhanced Call Graph Construction and Visualization

• Call graph construction and visualization system - comprehensive analysis of function calls and references
• Unified calls and references system - integrated tracking of code relationships
• Tree-sitter query migration - replaced regex patterns with tree-sitter queries for better code analysis
• Pattern-based vulnerability analysis - streamlined detection with improved accuracy

Improved CLI Architecture

• Cobra-style CLI architecture - restructured command-line interface for better user experience
• Graph subcommand - separated call graph generation into dedicated subcommand
• TOML configuration file support - enhanced configuration management
• Debug mode enhancements - improved troubleshooting capabilities

Performance & Scalability Improvements

• Parallel processing capacity increases - significantly faster analysis for large repositories
• Comprehensive timeout handling - improved reliability for enterprise-scale analysis
• Benchmark validation system - extensive testing against real-world vulnerabilities
• Performance benchmark tests - Node.js, Django, and Spring Boot specific optimizations

Extended Language and Framework Support

• PHP language support - comprehensive PHP vulnerability detection
• Terraform support - Infrastructure as Code security analysis
• Custom API base URL support - flexible endpoint configuration
• Multi-architecture Docker builds - improved container deployment

🔧 Improvements

Developer Experience

• Comprehensive test suite - extensive unit and integration tests
• Benchmark feature flag - exclude API tests by default for faster local testing
• Real-world benchmark validation - tested against validation-benchmarks repository
• Improved error handling - better feedback and recovery mechanisms

Analysis Quality

• PAR model classification enhancements - improved Principal-Action-Resource detection
• Enhanced pattern detection - better capture of full definitions and references
• Built-in patterns updates - comprehensive patterns for all supported languages
• Prompt optimizations - refined LLM analysis prompts for better accuracy

Configuration & Customization

• Custom pattern loading - support for vuln-patterns.yml configuration
• Environment variable controls - PARSENTRY_DISABLE_V1_PATH for custom endpoints
• Flexible output processing - organized reports module structure
• API key authentication fixes - resolved custom URL authentication issues

🐛 Bug Fixes

• Fixed compiler warnings by properly handling unused fields
• Resolved Django benchmark test compilation errors
• Fixed edge count inconsistencies in call graph generation
• Improved call graph function call extraction
• Fixed tree-sitter predicate evaluation in pattern matching
• Resolved Rust definition query issues
• Fixed locale support and compilation errors
• Improved principal detection accuracy

📄 Migration Notes

Breaking Changes

• CLI structure has been reorganized to cobra-style architecture
• Graph functionality moved to dedicated subcommand
• Pattern format updated to tree-sitter queries

New Capabilities

• Call graph construction and visualization
• PHP language analysis
• Terraform Infrastructure as Code analysis
• Custom API endpoint configuration
• TOML configuration files

🛠️ Usage Examples

# Generate call graph with visualization
parsentry graph --root /path/to/project --output-dir ./graphs

# Analyze PHP project
parsentry --root /path/to/php/project --output-dir ./reports

# Use custom API endpoint
export PARSENTRY_DISABLE_V1_PATH=true
parsentry --root /path/to/project --api-base-url https://custom.api.com

# Load custom patterns
parsentry --root /path/to/project --patterns ./vuln-patterns.yml

# Run with comprehensive benchmarks
cargo test --features benchmark

🔍 Architecture Improvements

• Modular reports processing - organized output generation
• Pattern-based analysis - improved detection methodology
• Tree-sitter integration - enhanced parsing capabilities
• Unified reference tracking - comprehensive code relationship analysis

📊 Performance Benchmarks

This release includes comprehensive performance benchmarks against:

• Node.js applications
• Django applications
• Spring Boot applications
• Real-world vulnerable applications from validation-benchmarks

🎯 Focus Areas

• Code relationship analysis - enhanced understanding of function calls and references
• Multi-language support - expanded coverage including PHP and Terraform
• Performance optimization - faster analysis for large codebases
• Developer experience - improved CLI and configuration options

This release significantly enhances Parsentry's code analysis capabilities with comprehensive call graph construction, improved language support, and performance optimizations for enterprise-scale security analysis.

v0.7.0

v0.7.0 Release

🚀 Major Features

Enhanced PAR (Principal-Action-Resource) Security Framework

• Complete migration to PAR-based analysis patterns - restructured all security patterns to follow PAR methodology
• Bidirectional tracking for Action patterns - improved detection of security-critical operations
• Second-order principals support - enhanced analysis for complex permission chains
• MITRE ATT&CK framework integration - mapped security patterns to industry-standard attack techniques

SARIF (Static Analysis Results Interchange Format) Support

• Added comprehensive SARIF output format - industry-standard format for security tools integration
• Enhanced vulnerability mappings - detailed CWE and security standard mappings
• IDE and CI/CD integration ready - seamless integration with development workflows

Performance & Scalability Improvements

• Parallel pattern generation - significantly faster analysis for large repositories
• High-risk function filtering - optimized analysis focusing on security-critical code
• Comprehensive timeout handling - improved reliability for large-scale analysis
• Rate limit optimization - better handling of API rate limits

Extended Language Support

• YAML and Bash analysis capabilities - extended support for configuration and script files
• FileClassifier architecture - improved language detection and classification
• Enhanced Terraform support - refined IaC vulnerability detection

🔧 Improvements

Developer Experience

• Default SARIF and summary output - automatic generation of comprehensive reports
• Debug mode option - enhanced troubleshooting capabilities
• Improved CLI options - streamlined command-line interface
• Better error messaging - clearer feedback for analysis issues

Analysis Quality

• Refined prompts for LLM analysis - improved vulnerability detection accuracy
• Enhanced pattern detection - reduced false positives and negatives
• Comprehensive vulnerability reports - detailed analysis of multiple vulnerable applications
• Improved context handling - better understanding of code relationships

Documentation & Testing

• Standardized technical terminology - consistent English-Japanese mixed style
• Updated concept documentation - aligned with current implementation
• Enhanced test coverage - comprehensive unit and integration tests
• Real-world vulnerable application analysis - validated against multiple open-source projects

🐛 Bug Fixes

• Fixed JSON schema validation errors
• Resolved corrupted report entries
• Fixed test compilation issues
• Improved handling of large repositories
• Enhanced error recovery mechanisms

📄 Migration Notes

Breaking Changes

• PAR pattern format has been completely restructured - review custom patterns
• SARIF output is now default - update CI/CD pipelines if needed

New Capabilities

• SARIF format integration with IDEs and security dashboards
• Parallel processing for enterprise-scale repositories
• MITRE ATT&CK mapping for threat modeling

🛠️ Usage Examples

# Analyze with default SARIF output
parsentry --repo owner/repo

# Enable debug mode for troubleshooting
parsentry --repo owner/repo --debug

# Generate comprehensive reports with summary
parsentry --repo owner/repo --output-dir ./reports --summary

# Analyze local repository with parallel processing
parsentry --repo /path/to/large/project

🔍 Security Pattern Enhancements

• Principal patterns: Enhanced user and permission detection
• Action patterns: Comprehensive security-critical operation tracking
• Resource patterns: Improved sensitive data and system resource identification
• Policy patterns: Infrastructure and configuration security analysis

This release solidifies Parsentry's position as a comprehensive security analysis tool with enterprise-ready features, industry-standard output formats, and significantly improved performance for large-scale analysis.

v0.6.0

v0.6.0 Release

🚀 Major Features

Brand Transformation: Parsentry

• Complete rebrand from vulnhuntrs to Parsentry - evolved name reflecting PAR (Principal-Action-Resource) security analysis methodology
• Enhanced brand identity with updated documentation and messaging

Infrastructure as Code (IaC) Analysis

• Added comprehensive Terraform support with tree-sitter integration
• Implemented IaC-specific security patterns and vulnerability detection
• Added dedicated Terraform vulnerable application examples for testing
• Enhanced security analysis for infrastructure configuration files

PAR (Principal-Action-Resource) Security Model

• Implemented unified PAR analysis framework for both programming languages and IaC
• Integrated PAR model with existing Source-Sink-Sanitizer framework
• Added Policy as Code analysis capabilities
• Enhanced unified analysis for programming and infrastructure code

Enhanced Language Support

• Added complete C/C++ language support with tree-sitter integration
• Fixed git submodule configuration for tree-sitter-c and tree-sitter-cpp
• Comprehensive query definitions for C/C++ vulnerability detection
• Enhanced multi-language analysis capabilities

🔧 Improvements

Enterprise-Level Testing

• Added advanced JavaScript vulnerable application with enterprise-level patterns
• Implemented Clean Architecture patterns for comprehensive testing
• Enhanced vulnerability detection with real-world enterprise scenarios
• Improved test coverage with advanced security testing patterns

Code Quality & Architecture

• Major code quality improvements across the codebase
• Enhanced file structure following Clean Architecture principles
• Improved error handling and logging mechanisms
• Streamlined codebase organization

Documentation & Website

• Transformed website into stunning single-page landing experience
• Unified design with consistent light theme
• Enhanced documentation structure with Fumadocs best practices
• Added comprehensive vulnerability analysis reports
• Improved examples section with detailed security reports

🛠️ Development Experience

Testing & Quality Assurance

• Comprehensive vulnerability analysis reports for JavaScript applications
• Enhanced test coverage with enterprise-level scenarios
• Improved security patterns for advanced vulnerability detection
• Better integration testing with real-world applications

Licensing & Dependencies

• Resolved cargo-deny license issues
• Upgraded tree-sitter dependencies for better performance
• Fixed formatting issues across the codebase
• Enhanced dependency management

Internationalization

• Translated Japanese documentation sections to English
• Improved accessibility for global developer community
• Enhanced documentation clarity and consistency

🐛 Bug Fixes

• Fixed git submodule configuration issues
• Resolved cargo formatting problems
• Improved logging when no vulnerabilities are detected
• Enhanced error handling across modules

📄 Migration Notes

Breaking Changes

• Project renamed from vulnhuntrs to Parsentry - update any references, scripts, or integrations
• Repository structure changes - review any automation or CI/CD pipelines

New Capabilities

• IaC analysis now available alongside traditional code analysis
• Enhanced C/C++ support for embedded and systems programming
• PAR model integration for comprehensive security analysis

🛠️ Usage Examples

# Analyze with new Parsentry branding
cargo run -- -r /path/to/project

# Analyze Terraform infrastructure
cargo run -- -r /path/to/terraform --output-dir ./iac-reports

# Use PAR model for unified analysis
cargo run -- -r /path/to/mixed-project --model gpt-4.1-nano

This major release transforms vulnhuntrs into Parsentry, introducing Infrastructure as Code analysis, PAR security model, and comprehensive C/C++ support while maintaining all existing functionality with enhanced enterprise-level capabilities.

v0.5.0

v0.5.0 Release

🚀 Major Features

Custom Pattern Generation

• Added --generate-patterns flag for automatic security pattern detection
• Implemented LLM-based classification of functions into sources/sinks/validate patterns
• Automatic generation of vuln-patterns.yml files compatible with existing pattern system
• Multi-language support for pattern generation (Python, Rust, JavaScript, TypeScript, Go, Java, Ruby)

Enhanced Code Analysis

• Integrated tree-sitter for precise function definition extraction
• Added context-aware security pattern detection
• Automatic regex pattern generation for detected security functions

🔧 Improvements

Core Functionality

• Added new pattern_generator module for custom pattern generation
• Enhanced file discovery to analyze all source files
• Improved pattern classification with detailed descriptions and reasoning

Architecture

• Modular pattern generation system separated from main analysis logic
• Comprehensive error handling for pattern generation workflow
• Support for appending patterns to existing YAML files

Development Experience

• Added 6 comprehensive test cases for pattern generation functionality
• Improved gitignore configuration to exclude generated test patterns
• Enhanced code organization with dedicated pattern generation module

📚 Testing & Quality Assurance

• YAML format generation testing
• File discovery and definition extraction testing
• Pattern classification and filtering testing
• Empty pattern handling and language filtering testing
• Integration testing with real vulnerable applications

🛠️ Usage Examples

# Generate patterns for current directory
cargo run -- --generate-patterns -r .

# Generate patterns for specific project
cargo run -- --generate-patterns -r /path/to/project

# Use specific model for generation
cargo run -- --generate-patterns -r /path/to/project --model gpt-4.1-nano

📄 Generated Pattern Example

Python:
  sinks:
    - pattern: "\bsql_injection\s*\("
      description: "Vulnerable SQL query execution"
    - pattern: "\bcommand_injection\s*\("
      description: "Vulnerable command execution"

This release adds a powerful custom pattern generation capability that allows vulnhuntrs to automatically detect and classify project-specific security patterns, significantly enhancing its ability to analyze new codebases and custom functions.

v0.4.0

v0.4.0 Release

🚀 Major Features

Documentation Website

• Added comprehensive documentation website with Fumadocs
• Improved installation, usage, and development guides
• Enhanced GitHub Pages deployment with proper CSS loading

Enhanced Security Pattern System

• Implemented Source/Sink/Validate pattern classification system
• Major improvements to security_patterns/patterns.yml
• Added more SQL injection detection patterns
• Better pattern organization and classification

🔧 Improvements

Core Functionality

• Added configurable min_confidence parameter to analyze_file function
• Refactored confidence score normalization to reduce code duplication
• Added support for o4-mini model

Examples & Testing

• Added Go vulnerable application example for better testing
• Improved existing example applications

Infrastructure

• Enhanced Docker configuration with multi-architecture support
• Added ARM64 build support
• Fixed Docker run examples in documentation

📚 Documentation

• Simplified repository specification methods
• Removed duplicate execution examples
• Updated Docker examples to use --repo option
• Enhanced concept documentation in Japanese

🛠️ Development Experience

• Added comprehensive CLAUDE.md for better AI assistance
• Improved workflow configurations
• Better organization of documentation files

🐛 Bug Fixes

• Fixed GitHub Pages CSS loading issues
• Resolved workflow conflicts
• Cleaned up generated files

This release significantly improves the documentation, adds a classification system for security patterns, and enhances the overall development experience.

v0.3.1

What's Changed

• chore(deps): bump the cargo group across 2 directories with 2 updates by @dependabot in #22
• Fix duplicate security_patterns declarations by @devin-ai-integration in #25
• futures クレートの依存関係を追加 by @devin-ai-integration in #26
• feat: Add Ruby language support by @devin-ai-integration in #27
• Fix repository link in README by @HikaruEgashira in #28
• Add Ruby support by @HikaruEgashira in #30
• Improve gitignore matching by @HikaruEgashira in #31
• Fix logging messages by @HikaruEgashira in #32
• Refactor security pattern loading by @HikaruEgashira in #33
• Codex/security patterns rs custom query by @HikaruEgashira in #34

Full Changelog: v0.3.0...v0.3.1

v0.3.0

fix