Releases: SignalCoding/signal-sentinel-scanner
Releases · SignalCoding/signal-sentinel-scanner
v2.3.0 - Suppressions, Triage, Non-MCP Detection, YAML Capabilities Authority
Signal Sentinel Scanner v2.3.0
Release date: 2026-04-18
Positioning: first-pass authoring aid for MCP operators and skill authors.
Headline features
.sentinel-suppressions.json— accept specific findings with a justification, approver and expiry; retained in every report format for audit trail.- Confidence-aware triage —
--min-confidence <f>hard filter and--triagedemotion mode (rubric). - Scan history +
sentinel-scan diff <baseline.json> <current.json>attributing grade changes to the rules that caused them. - Per-environment baselines and
--save-history,--environment,--complementary-toolsflags. SS-INFO-001non-MCP endpoint detection. When the target is a React SPA / Traefik catch-all / anything non-JSON-RPC, the scanner emits an informational finding instead of a misleading Grade A, and auto-suppresses every MCP-protocol rule (SS-001..010, SS-019..025) for that target so the report is internally consistent.- Case-insensitive, lemma-aware SS-012 with an extended synonym table (
disk,volume,mount,/proc,/sys,/dev,procfs,sysfs). - YAML
capabilities:block is authoritative for SS-012. Declarecapabilities: [read-filesystem, shell_command_execution, network]in skill frontmatter and SS-012 will trust it over prose heuristics. - Suppressed scans display a technical-debt exposure banner — "if these N suppression(s) were removed, your grade would be X (Y/100) instead of Z (W/100)" — in Markdown and HTML. Suppressions cannot be used to hide risk.
- Pre-commit hook integrations for pre-commit.com, lefthook and husky under
hooks/.
Quality bar
- 254 tests passing (up from 195 in v2.2.0).
- 0 warnings, 0 errors with
TreatWarningsAsErrors. dotnet formatclean.- SARIF v2.1.0 output validated against GitHub Code Scanning.
Backward compatibility
- v2.2 baselines load without conversion.
- Scoring rubric version remains
1.0; a v2.2 user's CI gate ongrade < Bdoes not flip on unchanged input. .sentinel-suppressions.jsonis opt-in; if absent, scan behaviour is unchanged from v2.2.0.
Upgrade
dotnet tool update -g SignalSentinel.Scanner
# or
docker pull ghcr.io/signalcoding/signal-sentinel-scanner:2.3.0Links
- BACKLOG_V2.3.0.md — full item list with acceptance criteria
- docs/confidence-rubric.md — how
--min-confidenceand--triageinteract with each rule - docs/owasp-ast-mapping.md — AST01-AST10 coverage table
- ROADMAP_V3.0.md — strategic pivot deferred to v3.0
Acknowledgements
Thanks to the CryptoTrader / OpenClaw operator team for two rounds of live scanning
and the comprehensive product feedback document that drove the four late-breaking
credibility fixes in this release.
Signal Sentinel v2.1.1
Security Hardening Release
Comprehensive security audit identified 44 findings (1 Critical, 7 High, 17 Medium, 12 Low). All have been addressed in this release.
Supply Chain Security
- All GitHub Actions pinned to SHA hashes (prevents tag-based supply chain attacks)
- Trivy vulnerability scan now blocks release on CRITICAL/HIGH CVEs
- CI vulnerability check now fails build on detected vulnerable packages
Application Security
- SSRF protection on --remote\ URL (blocks private IPs, loopback, cloud metadata endpoints)
- Symlink escape protection in skill parser (resolves symlinks before path containment checks)
- Environment variable denylist for stdio MCP transport (blocks PATH, LD_PRELOAD, etc.)
- TLS 1.2/1.3 enforcement on all HTTP connections
- Bounded stdio reads (10MB limit prevents memory exhaustion from malicious MCP servers)
- Proper JsonDocument and HttpResponseMessage disposal (prevents memory leaks)
- WebSocket dispose timeout (5 seconds, prevents hangs on unresponsive servers)
Consistency & Quality
- Regex timeouts (500ms) added to all 23 MCP rule patterns (matching skill rule convention)
- Markdown report hardening: escaping and truncation on all user-supplied values
- RegexOptions.Compiled removed from source-generated regex (ignored by generator)
- HashPinning handles duplicate tool names without crash
- Finding.Confidence validates 0.0-1.0 range
- Greedy regex quantifiers replaced with bounded lazy variants
Build
- 0 warnings, 0 errors (TreatWarningsAsErrors=true)
- 120 tests passing
- 27 files changed across Core, Scanner, CI/CD, and Docker
Installation
\\�ash
dotnet tool install -g SignalSentinel.Scanner --version 2.1.1
docker pull ghcr.io/signalcoding/signal-sentinel-scanner:2.1.1
\\
Full Changelog
Signal Sentinel v2.1.0
Signal Sentinel Scanner v2.1.0
MCP Security Audit Tool - OWASP Agentic AI Top 10 Compliant
Installation
.NET Tool (recommended)
dotnet tool install -g SignalSentinel.ScannerDocker
docker pull ghcr.io/signalcoding/signal-sentinel-scanner:2.1.0Quick Start
# Auto-discover and scan MCP configurations
sentinel-scan --discover
# Or with Docker
docker run --rm ghcr.io/signalcoding/signal-sentinel-scanner:2.1.0 --helpLinks
Signal Sentinel v1.1.0
Signal Sentinel Scanner v1.1.0
MCP Security Audit Tool - OWASP Agentic AI Top 10 Compliant
Installation
.NET Tool (recommended)
dotnet tool install -g SignalSentinel.ScannerDocker
docker pull ghcr.io/signalcoding/signal-sentinel:1.1.0Quick Start
# Auto-discover and scan MCP configurations
sentinel-scan --discover
# Or with Docker
docker run --rm ghcr.io/signalcoding/signal-sentinel:1.1.0 --helpLinks
Full Changelog: v1.0.1...v1.1.0
Signal Sentinel v1.0.1
Signal Sentinel Scanner v1.0.1
MCP Security Audit Tool - OWASP Agentic AI Top 10 Compliant
Installation
.NET Tool (recommended)
dotnet tool install -g SignalSentinel.ScannerDocker
docker pull ghcr.io/signalcoding/signal-sentinel:1.0.1Quick Start
# Auto-discover and scan MCP configurations
sentinel-scan --discover
# Or with Docker
docker run --rm ghcr.io/signalcoding/signal-sentinel:1.0.1 --helpLinks
Full Changelog: v1.0.0...v1.0.1