AikidoSec-safe-chain

mirror of https://github.com/AikidoSec/safe-chain.git synced 2026-05-26 12:10:49 +00:00

Author	SHA1	Message	Date
Ethan Setnik	e976d100f3	Add Homebrew tap for safe-chain (closes #372 ) Adds a publish-homebrew job to the release workflow that renders Formula/safe-chain.rb from a template (substituting the released version + per-platform SHA256s parsed from the install script asset) and pushes it to AikidoSec/homebrew-tap on every non-prerelease. Users can then install via: brew install AikidoSec/tap/safe-chain safe-chain setup The formula downloads the existing prebuilt single-file binaries from the GitHub release (the same ones the install script uses), so there is no extra build work in this pipeline. One-time maintainer setup (creating the AikidoSec/homebrew-tap repo and adding HOMEBREW_TAP_TOKEN as a secret on safe-chain) is documented in docs/homebrew.md. Tested locally on macOS arm64 with Homebrew 5.1.11: - brew style: 0 offenses - brew install --build-from-source: success - brew test: 2 assertions pass (--version + help) - brew audit --new: 0 offenses This PR addresses item 1 of #372 (Homebrew only). The integrity-check piece in item 2 has already shipped — install-safe-chain.sh already calls verify_checksum() against the baked-in SHA256s. winget and Chocolatey are not in scope here; see docs/homebrew.md for notes on why they belong in separate PRs.	2026-05-15 11:36:57 -04:00
Sander Declerck	65a8075b0e	Merge pull request #459 from AikidoSec/bug/execpath unset PKG_EXECPATH before invoking safe-chain binary	2026-05-15 09:11:32 +02:00
Reinier Criel	e0e06431d1	Fix tests	2026-05-13 20:28:58 -07:00
Reinier Criel	6cdad3df98	Fix tests	2026-05-13 20:27:27 -07:00
Reinier Criel	d9b7aefd34	unset PKG_EXECPATH before invoking safe-chain binary	2026-05-13 14:33:58 -07:00
Reinier Criel	0c8de1e606	Merge pull request #382 from mcmeeking/feature/add-rush-monorepo-support Add Rush support (for monorepos)	2026-05-12 10:03:34 -07:00
James McMeeking	fde0003a0a	Fix expected format to account for retries Count is apparently not deterministic	2026-05-12 17:33:31 +01:00
James McMeeking	c93f1920fb	Skip min safe age to allow brand new PNPM boostrap	2026-05-12 16:53:51 +01:00
James McMeeking	d812231b2f	Merge branch 'main' into feature/add-rush-monorepo-support	2026-05-12 16:43:38 +01:00
Sander Declerck	e5cd9eed91	Merge pull request #453 from AikidoSec/fix-e2e-pnpm E2E: Use pnpm 10 in node versions that don't support pnpm 11	2026-05-12 17:27:17 +02:00
James McMeeking	25d966bfa9	Switch to using the versions from the CI matrix Incorporates the actual Rush and PNPM versions instead of pinning an old known-good version of PNPM	2026-05-12 10:52:38 +01:00
James McMeeking	5f0ad7ecfd	Address e2e suite failures	2026-05-12 10:33:26 +01:00
Sander Declerck	6667e5d7b4	E2E: Use pnpm 10 in node versions that don't support pnpm 11	2026-05-11 16:04:27 +02:00
James McMeeking	e891d1a992	Update e2e suite to cover supported package managers	2026-05-08 13:13:37 +01:00
James McMeeking	26f1dfb81a	Use the standard install command for rush	2026-05-08 13:12:57 +01:00
James McMeeking	7ce44b4c62	Remove the unecessary proxy setting	2026-05-08 13:12:40 +01:00
James McMeeking	28132ba3fc	Merge branch 'main' into feature/add-rush-monorepo-support	2026-05-08 11:25:47 +01:00
James McMeeking	55f2123f5c	Remove the normalisation bits added in error	2026-05-08 11:25:07 +01:00
James McMeeking	5f56114185	Add e2e tests Note: rushx only dispatches package.json scripts, so it's probably not necessary to add it as a distinct manager at all.	2026-05-08 11:24:17 +01:00
James McMeeking	08ae1ef732	Pull parsing logic into distinct file and remove invalid continue	2026-05-08 11:08:58 +01:00
bitterpanda	2eb32d4297	Merge pull request #446 from AikidoSec/troubleshooting-guide moved troubleshooting from docs to repo	2026-05-06 16:53:43 +08:00
Samuel Vandamme	fbe094802e	reverted copy	2026-05-06 10:51:35 +02:00
Samuel Vandamme	bd876275b3	updated troubleshooting guide and linked from readme	2026-05-06 10:51:13 +02:00
Samuel Vandamme	cd5040c3be	moved troubleshooting from docs to here	2026-05-06 10:47:37 +02:00
Reinier Criel	7b39239b81	Merge pull request #444 from AikidoSec/feat/bump-endpoint-1-3-4 Bump Endpoint to 1.3.4	2026-05-01 15:20:07 -07:00
Reinier Criel	369a94948a	Bump Endpoint to 1.3.4	2026-05-01 14:34:35 -07:00
James McMeeking	98a1ba7d10	Add rushx support too Co-authored-by: Copilot <copilot@github.com>	2026-05-01 17:04:38 +01:00
James McMeeking	5cf2ffe201	Merge branch 'main' into feature/add-rush-monorepo-support	2026-05-01 16:49:49 +01:00
Reinier Criel	cb8db6c7a2	Merge pull request #443 from AikidoSec/vbump-v1.3.3 Bump Endpoint Protection to latest	2026-05-01 07:26:31 -07:00
Tudor Timcu	f4aa444cd8	Bump Endpoint Protection to latest	2026-05-01 14:43:41 +03:00
bitterpanda	da419a7785	Merge pull request #442 from AikidoSec/feat/readme-pypi-conf Add PIP_CONFIG_FILE section in readme	2026-05-01 11:53:16 +02:00
Sander Declerck	00be33aa10	Merge pull request #423 from xandervr/security/proxy-loopback-only Bind registry proxy to loopback only	2026-04-30 23:46:02 -07:00
Reinier Criel	a0f0372e15	Add PIP_CONFIG_FILE section in readme	2026-04-30 15:21:51 -07:00
Xander Van Raemdonck	19d2dee5c9	Bind registry proxy to loopback only Without an explicit host, `server.listen(0)` binds to every interface, turning safe-chain's unauthenticated forward proxy into an open relay while `aikido-*` commands are running. Anyone reachable on the network can use it to hit the victim's localhost, intranet, or cloud metadata endpoints. The advertised HTTPS_PROXY URL already used `localhost` (loopback), but the listener itself was wide open. Bind to 127.0.0.1 explicitly and update the advertised URL to match. Add a regression test that verifies the listener refuses connections on non-loopback interfaces.	2026-04-30 20:37:41 +02:00
Sander Declerck	cbf830a637	Merge pull request #441 from AikidoSec/vbump-v1.3.2 Bump Endpoint Protection to v1.3.2	2026-04-30 08:03:57 -07:00
Tudor Timcu	c8e25f3c21	Bump Endpoint Protection to v1.3.2	2026-04-30 18:02:18 +03:00
Sander Declerck	fe161ba8a4	Merge pull request #438 from AikidoSec/verify-sha256-in-intall-script-beta Add binary checksum validation in safe-chain install scripts	2026-04-29 17:58:41 +02:00
bitterpanda	8571fc6996	Merge pull request #440 from AikidoSec/endpoint-1-3 Update Aikido Endpoint version to 1.3.1	2026-04-29 15:30:05 +02:00
Sander Declerck	f3fd003303	Update Aikido Endpoint version to 1.3.1	2026-04-29 15:23:09 +02:00
Sander Declerck	d0fc643f23	Verify sha2356 checksum in install scripts	2026-04-29 12:50:17 +02:00
bitterpanda	bf2bf24343	Merge pull request #436 from AikidoSec/mirror-malware-list-in-e2e-tests Mirror malware list in e2e tests to mock malware in a harmless way	2026-04-28 15:14:08 +02:00
Sander Declerck	ebebe6d6c1	Mirror malware list in e2e tests to mock malware in a harmless way	2026-04-28 14:47:49 +02:00
bitterpanda	222216e22a	Merge pull request #435 from AikidoSec/bitterpanda63-patch-3 Enhance Aikido Endpoint link with UTM parameters	2026-04-28 09:03:55 +02:00
bitterpanda	4ef69d337f	Merge pull request #433 from AikidoSec/feat/update-github-actions-example Fix Bitbucket Pipelines Example	2026-04-28 08:51:35 +02:00
bitterpanda	6abad2d37f	Enhance Aikido Endpoint link with UTM parameters Updated the Aikido Endpoint link to include UTM parameters for tracking.	2026-04-28 08:50:54 +02:00
Reinier Criel	ae40140199	Fix Bitbucket Pipelines Example	2026-04-27 12:51:31 -07:00
bitterpanda	725f7c399d	Merge pull request #419 from AikidoSec/concurrency-in-malware-list-fetch	2026-04-27 10:48:31 +02:00
Sander Declerck	dcd926f9d9	Merge pull request #431 from AikidoSec/feat/bump-endpoint-1-2-23 Bump Endpoint Version to 1.2.23	2026-04-27 09:52:26 +02:00
Reinier Criel	d04db58a5e	Bump Endpoint Version to 1.2.23	2026-04-26 17:19:34 -07:00
Sander Declerck	9b42755502	Merge pull request #429 from AikidoSec/endpoint-1-2-22 Endpoint 1.2.22	2026-04-24 17:27:27 +02:00

1 2 3 4 5 ...

1203 commits