Skip to Content
Changelog

Changelog

May 2026

Public Scan API (v1.2.0)

  • New endpoint POST /scan-repo-url — trigger a full repo scan from any HTTP client. No ZIP uploads.
  • New endpoint webhook callbacks — set callback_url + callback_secret and receive an HMAC-SHA256-signed POST when the scan completes.
  • New endpoint GET /scans/{scan_id} — poll for results.
  • 3-step GitHub token resolution: explicit PAT > Vouch GitHub App installation > anonymous (public repos).
  • SSRF hardening on callback_url — blocks localhost, RFC1918, link-local, and cloud metadata IPs.
  • Scan results now expose line and source fields per issue (source = static or ai_hunter), and github_repo is hydrated correctly.
  • New self-service API key generation in the Developer Portal.
  • Full spec: API Reference.

Scan Pipeline

  • New Endpoint Index layer extracts every HTTP route via regex (FastAPI/Flask/Django/Express/Next.js) and feeds it as pre-context to the AI Hunter — catches missing rate-limit / auth decorators in routes the LLM would otherwise miss.
  • Better path normalization in scan output — no more /tmp/tmp_XXX/extracted/... leaking into the file field.

April 2026

Dashboard & Performance

  • Introduced .glass-card CSS pattern — eliminates backdrop-filter on repeated elements, reducing GPU compositing load on the Pricing and Features pages.
  • Memoized FaqSection component on the Pricing page to prevent unnecessary re-renders during FAQ accordion interactions.
  • Replaced blur-3xl gradient divs (which forced full-page GPU repaints) with static radial gradient backgrounds using translateZ(0) compositing layers.

GitHub App

  • PR bot now posts inline code review comments pointing directly to vulnerable lines.
  • Improved branch protection integration — failed Vouch checks now block merges automatically when Branch Protection Rules are configured.

Billing

  • Added yearly billing toggle on the Pricing page (save 20% on Micro and Pro).
  • Expansion Credits (Pay-As-You-Go) launched: $10 = 30 Core Scans + 30 Deep Auto-Fixes, stackable on any tier.

Auto-Fix

  • Improved Supabase RLS fix generation — now produces complete CREATE POLICY statements for detected open tables.
  • Fixed edge case where .env template generation included existing non-secret variables.

More updates will be published here as features ship.

Last updated on
FAQ