Skip to content

feat: add OWASP-aware security metadata, trust-policy enforcement#10

Merged
alxxjohn merged 1 commit into
mainfrom
security
Jun 18, 2026
Merged

feat: add OWASP-aware security metadata, trust-policy enforcement#10
alxxjohn merged 1 commit into
mainfrom
security

Conversation

@alxxjohn

Copy link
Copy Markdown
Contributor

PR Summary

This PR expands CodeGuard’s security and reporting surface while tightening scan behavior and cleanup across the repo.

  • adds OWASP-aware rule metadata and coverage reporting, introduces trust-policy guards around config-driven commands and custom AI endpoints, and improves related CLI and SDK surfaces.
  • It also cleans up several quality issues by reducing declaration-heavy files, fixing allocation-heavy string building, and tightening CI test-quality handling around Go TestMain bootstrap files.

Highlights

  • Adds OWASP security metadata, coverage reporting, and related CLI/SDK support.
  • Introduces trust-policy enforcement for config-supplied commands and non-allowlisted AI endpoints.
  • Improves SARIF and reporting structure to carry richer security metadata.
  • Cleans up quality findings by splitting overloaded files and removing low-value narrative comments.
  • Fixes allocation-heavy string assembly in CLI rule output.
  • Refines CI/test-quality behavior and repo configuration to avoid false positives around TestMain.

Validation

  • Targeted Go tests passed for updated check behavior and touched packages.
  • codeguard scan -config .codeguard/codeguard.yaml now passes with 0 findings.

@alxxjohn
alxxjohn merged commit 358d4ba into main Jun 18, 2026
13 checks passed
@alxxjohn
alxxjohn deleted the security branch June 18, 2026 17:13
alxxjohn added a commit that referenced this pull request Jun 18, 2026
🤖 I have created a release *beep* *boop*
---


##
[0.4.0](v0.3.0...v0.4.0)
(2026-06-18)


### Features

* add OWASP-aware security metadata, trust-policy enforcement
([#10](#10))
([358d4ba](358d4ba))
* feat: add OWASP-aware security metadata, trust-policy enforcement, and
quality-check cleanup
([9111a58](9111a58))
* fix cd push security updates
([685a3ff](685a3ff))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant