#4 — GitGuardian Ships AI Coding Tool Hooks, Semgrep and OpenGrep Diverge on Taint Analysis

46 releases across 8 categories this week.

The one I’d pay attention to first: GitGuardian shipped native secret scanning hooks for Claude Code, Cursor, and Copilot. First secret scanner to go after AI coding assistants directly.

In SAST, Semgrep and OpenGrep both shipped taint analysis improvements in the same week, heading in different directions. Semgrep also quietly moved npm lock analysis behind the Pro paywall.

This Week at a Glance

• AI Security (15) — Galileo AI v2.0, Garak v0.14.1 WebSocket LLM testing, Guardrails AI v0.10, Arthur AI 2.1.496, Akto 5 releases, Arize AI 5 releases
• SCA (12) — GitGuardian v1.49 AI hooks, Dependency-Track 4.14.1, FOSSA v3.16.7, SCANOSS v1.51.1, Renovate 5 releases, Chainguard, Dependabot
• IaC Security (6) — Conftest v0.68 nginx parser, Mondoo 3 releases, KubeArmor v1.6.16, Checkov 3.2.517
• SAST (6) — Semgrep v1.157, OpenGrep v1.17, TruffleHog v3.94.2, PHPStan 2.1.46, SonarLint 12.0.1, Corgea v1.8.5
• Mobile (4) — Ostorlab v1.17–v1.19
• IAST (1) — Datadog dd-trace-java v1.60.4 deadlock fix
• ASPM (1) — DefectDojo 2.57.0
• API Security (1) — Wallarm API Firewall v0.9.6

Quiet this week: DAST, RASP, Container Security

SAST

Six SAST tools shipped this week. Taint analysis was the shared thread — both Semgrep and OpenGrep improved it, in different directions.

TruffleHog is rotating its secret detector library — deprecating older detectors while adding newer OAuth patterns.

• Semgrep v1.157.0 — Taint tracking through lambda calls now works, and cross-file taint tracking for globals got better.

  You can now match a class name in patterns like $C.getInstance(...) and use metavariable-type on $C to check its type. I’ve wanted this for rule writing — it makes factory pattern detection much cleaner.

  Inter-file analysis serializes intermediate results to disk now, which cuts redundant recomputation.

  Heads up: npm package-lock analysis moved to a proprietary OCaml parser and is Pro-only now.

  Also — target file discovery errors (permission errors, git failures) surface as warnings now instead of being silently swallowed. If your CI scans suddenly got noisier, this is why.

• OpenGrep v1.17.0 — Per-arity signature extraction for taint analysis in Clojure and Elixir. Chained method calls on constructor results work with --taint-intrafile now. Better Dockerfile preprocessing for line continuations.

  Interesting to see side by side: Semgrep focused on cross-file globals and lambda calls, OpenGrep on per-arity signatures and Elixir/Clojure coverage. The fork is specializing.

• TruffleHog v3.94.2 — Deprecated the GoogleAPIKey detector, added a new Shopify OAuth detector.

  If you rely on TruffleHog for Google API key detection, check that the deprecation doesn’t break your existing workflows before upgrading.

• PHPStan 2.1.46 — Fixed union type handling for HasOffsetValueType. Niche but impactful if you write custom PHPStan rules with complex offset types.

• SonarLint 12.0.1 — First patch for the IntelliJ plugin after last week’s major 12.0 release.

• Corgea v1.8.5 — Better debugging for scan uploads. Helpful if you’ve been chasing failed scans in CI/CD.

SCA

The axios npm compromise was still the loudest topic in SCA this week, but the actual product updates shipped alongside it are more interesting.

• GitGuardian ggshield v1.49.0 — Added ggshield secret scan ai-hook for scanning AI coding tool payloads in real time. ggshield install now supports Claude Code, Cursor, and Copilot.

  First secret scanner to ship native hooks for AI coding assistants. You can catch secrets before they leave the IDE now — not after they land in a commit.

  Also dropped pre-receive hook support for GHES v3.9–3.13 (all EOL).

• Snyk — Three product updates this week.

  PR check reports moved from beta to GA. Full vulnerability summary directly in the PR check output now.

  New auto-close feature cleans up obsolete Fix Open Source PRs when the underlying vuln gets resolved elsewhere. If you use Snyk, you know how stale fix PRs pile up — this helps.

  Active Security Incident Assessment now helps prioritize vulns that are being actively exploited in the wild.

• Endor Labs — Published research showing OSS malware surged 14x as attackers hijack trusted packages. Given the axios compromise timing, worth reading.

• SCANOSS v1.51.1 — Fixed vulnerabilities not appearing in CycloneDX output for folder-scan.

  This was silently dropping vulnerability data from your SBOMs. Upgrade.

• FOSSA CLI v3.16.7 — Fixed git-backed Cargo locators. If you have Rust projects using git dependencies in Cargo.toml, your dependency resolution was probably off.

• OWASP Dependency-Track 4.14.1 — Patch release for the 4.14 series.

• GitHub Dependabot core v0.368.0 — Better package manager detection and error logging.

• Renovate 43.105–43.108.1 — Five releases, normal cadence.

AI Security

The pattern in AI Security this week: observability platforms (Arize, Galileo, Arthur) are shipping fast to become the default monitoring layer for LLM apps, while guardrail tools (Guardrails AI, Garak) are expanding what they can test.

• Garak v0.14.1 — WebSocket generator for real-time LLM security testing. Also added OpenAI Harmony format for audio inputs and bootstrap confidence intervals for attack success rates.

  The WebSocket addition is the interesting one — streaming LLM interfaces are everywhere now, and most red-teaming tools still only test request/response.

• Galileo AI v2.0.0 — Major version bump for the Python client, now Apache 2.0 licensed.

  The release itself is mostly cleanup. The licensing change is the real news — they want this SDK embedded everywhere.

• Arthur AI 2.1.496 — Shipped an embedded “Engine Chatbot” for searching API docs and managing resources conversationally. Also added auto-detection for Claude, OpenAI, and Google models.

  Interesting UX bet — configuring guardrails through chat instead of config files.

• Guardrails AI v0.10.0 — Replaced the generated API client with standard HTTP client and internal types. They’re decoupling from their hosted API to make the OSS library more standalone.

• Akto v1.96.0 — The guardrails-service got two patches this week (v1.88.3–1.88.4). AI guardrails is clearly where their R&D focus is right now.

• Arize AI Phoenix v13.23.0 — Steady iteration across the Phoenix platform and client library. Arize is building the observability layer that sits between your LLM and production — and they’re shipping like it.

IaC Security

A split week — half new capabilities, half critical fixes. Conftest expanded what you can write policies for, Sysdig shipped an MCP integration, and three tools patched bugs that could silently break your pipelines.

• Conftest v0.68.0 — Added an nginx config parser. If you already use Conftest for Terraform and Kubernetes policies, you can now cover your web server configs with the same OPA/Rego rules.

  Nice addition. Also bumped OPA to v1.15.1.

• Sysdig — Sysdig MCP server hit AWS Marketplace. If you use Sysdig for runtime security, AI assistants can query your Sysdig data directly now.

• Mondoo v13.3.2–v13.3.4 — Three bug fix releases. The one that matters: v13.3.3 fixed a deadlock when no assets can be scanned.

  If you run Mondoo in automated pipelines, a deadlock means a hung scan. Worth upgrading.

• KubeArmor v1.6.16 — Fixed ICMPv6 policy matching. Improved runtime socket mounting (directory instead of file now).

  Prevents stale socket issues when container runtimes restart.

• Checkov 3.2.517 — Domain allowlist validation for Prisma Cloud API URLs and hardened tar/zip extraction.

  The extraction hardening is a security fix. Upgrade if you process untrusted IaC bundles.

IAST

• Datadog dd-trace-java v1.60.4 — Fixes a profiler deadlock when a library intercepting SIGSEGV is present.

  If you run Datadog IAST in Java services, don’t skip this one. A profiler deadlock in production means degraded performance or frozen threads.

ASPM

• DefectDojo 2.57.0 — AWS Inspector 2 line number bug fix and async search index (was running sync before).

  If you use AWS Inspector 2 as a data source, finding accuracy should improve.

API Security

• Wallarm API Firewall v0.9.6 — Replaced ChanPool with lock-free PoolV2 using fasthttp’s internal pooling. Go upgraded to 1.25.8.

  Lock-free pooling cuts contention under high concurrent load. Relevant if you run Wallarm as a reverse proxy.

Mobile Security

• Ostorlab v1.17.0–v1.19.0 — Four releases. Risk CLI subcommands in v1.17.0, generic protobuf injection in v1.18.0, HAP asset support in v1.18.1 (continuing HarmonyOS work from last week).

Quiet This Week

No releases from DAST, RASP, or Container Security.

Wrapping Up

That’s issue #4 — 46 releases tracked across 8 categories.

Two stories to watch: GitGuardian moving secret scanning into AI coding assistants, and the Semgrep/OpenGrep taint analysis divergence showing the fork is producing real specialization.

A personal note: I recently left Invicti to focus on AppSec Santa full-time. Starting this week, the newsletter shifts from general AppSec news to focused changelog analysis — deeper coverage of what actually shipped and what it means for your stack. Fewer headlines, more substance.

I track 113 GitHub repos and 96 RSS feeds every week. If a tool ships a release, it shows up here — with context on what it means.

If I missed something or got something wrong, reply — I read every response. See you next Tuesday.

AppSec Santa Weekly — changelog analysis and category trends from 290+ AppSec tools. Browse all tools or subscribe for weekly updates.