### Highlights - SARIF 2.1.0 reporting for GitHub Security integration - CI/CD pipeline with Docker multi-arch builds - Complete documentation overhaul with comparison matrix
### Added - SARIF 2.1.0 reporter (`sarif_reporter.py`) - Context Matrix framework (6 contexts + polyglot payloads, not yet integrated) - 5 How-to guides (quickstart, CI, SARIF, Docker, safe-mode) - Example user config (`~/.config/brs-xss/config.toml`) - Benchmark suite (performance + accuracy)
### Changed - Project description to "Context-aware async XSS scanner for CI" - Safe defaults in `config/default.yaml` - PyPI keywords and README for better positioning - Dockerfile with multi-stage, security hardened
### DevOps - GitHub Actions pipeline (ruff, mypy, pytest, codecov) - Multi-arch Docker builds (amd64/arm64) - Container registry GHCR with signed images - Performance monitoring via benchmark framework
### Documentation - README overhaul with comparison vs XSStrike/XSpear/dalfox - Integration guides: GitHub Actions, GitLab CI, Jenkins - SARIF integration guide (Security tab setup) - Docker deployment guide
### Fixed - *PayloadGenerator stability*: Fixed reset_statistics Counter type bug, unified detected_wafs types - *Statistics calculation*: Added proper success_rate updates with exponential smoothing - *Memory optimization*: Lazy Context Matrix loading for relevant contexts only - *Type safety*: Removed unused imports (Iterable, Tuple), consistent Optional[List[Any]] types - *Performance*: Reduced unnecessary allocations for unknown context types - *Configuration validation*: Added comprehensive config parameter validation with safe ranges - *Pool size control*: Hard cap on payload pool size to prevent memory issues (pool_cap setting) - *Final deduplication*: Added post-blind-XSS deduplication to eliminate all duplicates - *Security*: Safe logging without exposing raw payloads or WAF markers - *Payload safety*: Protection against empty/oversized payloads in evasion techniques - *Real success metrics*: Accurate success_rate calculation based on filtered vs total candidates - *Safe mode integration*: Blind XSS disabled in safe_mode for production safety - *Configurable weights*: Customizable effectiveness scores for different payload sources - *Code readability*: Explicit list comprehensions instead of generator expressions
### Highlights - SARIF 2.1.0 reporting for GitHub Security integration - CI/CD pipeline with Docker multi-arch builds - Complete documentation overhaul with comparison matrix
### Added - SARIF 2.1.0 reporter (`sarif_reporter.py`) - Context Matrix framework (6 contexts + polyglot payloads, not yet integrated) - 5 How-to guides (quickstart, CI, SARIF, Docker, safe-mode) - Example user config (`~/.config/brs-xss/config.toml`) - Benchmark suite (performance + accuracy)
### Changed - Project description to "Context-aware async XSS scanner for CI" - Safe defaults in `config/default.yaml` - PyPI keywords and README for better positioning - Dockerfile with multi-stage, security hardened
### DevOps - GitHub Actions pipeline (ruff, mypy, pytest, codecov) - Multi-arch Docker builds (amd64/arm64) - Container registry GHCR with signed images - Performance monitoring via benchmark framework
### Documentation - README overhaul with comparison vs XSStrike/XSpear/dalfox - Integration guides: GitHub Actions, GitLab CI, Jenkins - SARIF integration guide (Security tab setup) - Docker deployment guide
### Fixed - *PayloadGenerator stability*: Fixed reset_statistics Counter type bug, unified detected_wafs types - *Statistics calculation*: Added proper success_rate updates with exponential smoothing - *Memory optimization*: Lazy Context Matrix loading for relevant contexts only - *Type safety*: Removed unused imports (Iterable, Tuple), consistent Optional[List[Any]] types - *Performance*: Reduced unnecessary allocations for unknown context types - *Configuration validation*: Added comprehensive config parameter validation with safe ranges - *Pool size control*: Hard cap on payload pool size to prevent memory issues (pool_cap setting) - *Final deduplication*: Added post-blind-XSS deduplication to eliminate all duplicates - *Security*: Safe logging without exposing raw payloads or WAF markers - *Payload safety*: Protection against empty/oversized payloads in evasion techniques - *Real success metrics*: Accurate success_rate calculation based on filtered vs total candidates - *Safe mode integration*: Blind XSS disabled in safe_mode for production safety - *Configurable weights*: Customizable effectiveness scores for different payload sources - *Code readability*: Explicit list comprehensions instead of generator expressions