This release focuses on making scans easier to customize and easier to interpret. It also adds several new service validations and broadens detection across more project structures.
New Capabilities
Ignore specific services by ID in addition to individual checks. This helps you keep results focused when a service is present in the codebase but intentionally out of scope for a given project.
Scan a specific directory by passing a path to preflight scan. This is useful when your project lives in a subfolder or you only want to scan a particular workspace.
Updates and Fixes
More supported services are now validated. Newly added checks include: OpenAI, Auth0, Twilio, CookieConsent, Fullres Analytics, Postmark, Mailchimp, Bugsnag, RabbitMQ, PayPal, Algolia, and AWS S3.
Clearer scan output for skipped or disabled items now explains when a check passes because it is not enabled, not configured, skipped, or not declared. This reduces confusion when a result is OK but nothing was actually found.
Better detection across more project layouts improves pattern scanning for common directories, including monorepo structures. Structured data checks also look for Schema.org JSON-LD patterns directly in the codebase, making results more representative of what is actually present.
Fewer false positives in code scanning by skipping debug statements inside documentation code examples. Debug statement detection also now covers more template and HTML-like file types where inline scripts are common.