Changelog
This page tracks user-visible changes to HarborGuard. Release notes are also published on the project's GitHub Releases page.
The format follows Keep a Changelog, and HarborGuard adheres to Semantic Versioning for its public API.
Unreleased
Added
- (placeholder for the next release)
Changed
- (placeholder)
Fixed
- (placeholder)
Security
- (placeholder)
1.2.0 — 2026-03-15
Added
- Compliance Policy modal with per-framework SLA floors and section requirements.
- Background SLA breach worker emitting
sla_warningandsla_breachnotifications. - Report sharing endpoint (
POST /api/reports/{reportId}/share) with HMAC-signed URLs.
Changed
- Standardized API error envelope across all endpoints (
{ error: { code, message, issues? } }). GET /api/scansandGET /api/imagesnow share a common pagination contract withmetaandlinksfields.
Fixed
- Scan cancellation correctly releases plan-limit counters.
- Webhook signature verification rejects timestamps older than 5 minutes.
1.1.0 — 2026-01-22
Added
- Personal Access Tokens (PATs) for per-user API access alongside organization API keys.
- Registry sensor mode for air-gapped and on-prem image scanning.
- Triage attestations to suppress false positives at the org, tag, or historical scope.
Changed
- Vulnerability risk score now factors in EPSS percentile and CISA KEV inclusion.
1.0.0 — 2025-11-04
Initial public release.
Added
- Six-scanner pipeline: Trivy, Grype, Syft, Dockle, OSV-Scanner, Dive.
- Multi-registry support: Docker Hub, GHCR, ECR, GAR, ACR, GitLab, Harbor, JFrog, Quay, Nexus, and custom OCI registries.
- Compliance evidence packs for SOC 2, PCI-DSS, NIST 800-53, HIPAA, FedRAMP, ISO 27001, CMMC, and CIS Docker Benchmark.
- REST API with API-key and session authentication.