reference
Changelog
What shipped, by date — derived from merged pull requests, not a hand-written narrative. PR numbers are noted so any line here traces back to the actual diff on GitHub.
Documentation hub
#121, #122- Launched /docs: a sidebar-navigated documentation section inside the product.
- Trust pages — security & data handling, scan limits, suppressions.
- Reference — detector overview and the 17-signal posture score.
Landing & comparison honesty
#118, #119, #120- One-click positioning hero and an honest /compare page (where TriageRook wins and where it doesn't).
- Marketing counts bound to the rule catalog at the source, so numbers can't drift.
Detection surface expansion
#107–#112- Container OS-package CVEs ingested from a committed Trivy SARIF report.
- Dedicated Helm values scanner and a hardcoded-secret-in-workflow-env rule.
- A round of detector gap-closing and false-positive fixes.
New detectors
#99–#101- AI-generated insecure-code detector (placeholder creds, deferred-security TODOs, swallowed exceptions).
- Business-logic / broken-access-control scanner (IDOR, mass assignment, privilege escalation).
- License scanning for PyPI / Go / RubyGems via deps.dev.
Major detector wave
#89–#95- Terraform and Kubernetes IaC misconfiguration scanners.
- Open-source license / compliance scanner.
- Cloud IAM-in-code scanner.
- Opt-in secret liveness validation.
- Context-aware (framework-gated) SAST.
- Blast-radius and attack-path correlation over findings.
Rebrand to TriageRook
#80, #84- RepoGuard became TriageRook.
- Production moved to www.triagerook.com.
Launch readiness
#75- Tunable rate limits and structured scan-event logging.
- Server-side GitHub token to lift the anonymous-scan API quota under load.
Earlier history (the initial detector set, secret patterns, SARIF export, and the public-scan path) predates this log — browse the full merged-PR history on GitHub for the complete record.