v2.2.0 - Adoption roadmap, Azure integration, and Bicep support

Highlights

• Added DevSecOps adoption roadmap engine with prioritized 30/60/90-day actions and maturity/feasibility scoring.
• Integrated roadmap generation into local scan flow and Docker scanner image.
• Added MCP endpoint for roadmap retrieval (get_devsecops_adoption_roadmap).
• Added first-class Bicep support in IaC scanning (bicep.sarif) plus summary/report integration.
• Upgraded Azure DevOps template to run end-to-end FortressCI scanning, validate required secrets, and publish roadmap artifacts.
• Expanded GitHub IaC scan scope to repository root for broader IaC coverage.
• Updated README/roadmap/changelog documentation and added regression tests for roadmap and Bicep summary behavior.

v2.1.6 - quality gates and script tests

FortressCI v2.1.6

Added

• FortressCI doctor health checks for local readiness.
• Initial script tests with pytest (Python) and bats (Bash).
• Project yamllint baseline configuration.

Changed

• Added non-blocking doctor-check workflow artifact reporting.
• Added blocking quality-lint and script-tests CI jobs.
• Updated pre-commit, README, roadmap, and contributing guidance for quality/test workflows.

v2.1.5 - Cross-repo risk hotspot analysis

FortressCI v2.1.5

Fixed

• Resolved a syntax error in scripts/cross-repo-analyzer.py that prevented script execution.

Improved

• Rebuilt cross-repo analysis logic with deterministic output and stronger error handling.
• Added optional vulnerability correlation from sibling sca.json files.
• Added prioritized top_shared_risk_hotspots output for organization-wide remediation planning.

Documentation

• Added usage docs for cross-repo analysis in README.md.
• Updated ROADMAP.md, fortressci-roadmap.md, and added CHANGELOG.md.

v2.1.4

Full Changelog: v2.1.3...v2.1.4

v2.1.3

Full Changelog: v2.1.2...v2.1.3

v2.1.2

Full Changelog: v2.1.1...v2.1.2

v2.1.0

Full Changelog: v2.0.0...v2.1.0

FortressCI v1.1.0: Usability & Adoption

What's New in v1.1.0

This release completes the v1.1.x Usability & Adoption milestone from the roadmap, adding major features for local scanning, multi-platform CI, reporting, and policy gating.

Features

fortressci init CLI Wizard (1.1.1)

• Interactive setup that detects project type (Node.js, Python, Go, Java) and CI platform
• Generates tailored CI workflow, pre-commit hooks, waivers, and threshold config
• Supports --ci flag for non-interactive use

Multi-CI Platform Templates (1.1.2)

• 6 platforms supported: GitHub Actions, GitLab CI, Bitbucket Pipelines, Azure Pipelines, Jenkins, CircleCI
• Each template includes all 5 scan stages with SARIF output and artifact upload

Docker-Based Local Runner (1.1.3)

• All-in-one scanner image with TruffleHog, Semgrep, Snyk, Checkov, Trivy, and Cosign
• Single command: docker run --rm -v $(pwd):/workspace fortressci/scan /workspace

Unified Findings Dashboard (1.1.4)

• Interactive HTML report with severity charts, tool breakdown, and filterable findings table
• Dark mode, print-friendly layout

PR Comment Summary (1.1.5)

• Automatic security summary posted as PR comment with pass/fail per tool

Severity Threshold Gating & Waiver CLI (1.1.6)

• .fortressci.yml config with fail_on/warn_on severity thresholds
• check-thresholds.sh gates pipeline based on configured levels
• fortressci-waiver.sh CLI for managing security finding waivers (add/list/expire/remove)
• summarize.py now outputs structured summary.json with per-tool severity breakdowns

Improvements

• Added .gitignore for generated scan results
• Added CLAUDE.md for AI-assisted development onboarding

Full Changelog

v1.0.2...v1.1.0

FortressCI v1.0.2: Stability Fix

Makes Infracost and GHAS SARIF uploads optional to prevent failures on correctly configured (but license-restricted) environments.

FortressCI v1.0.1: CI/CD Hotfix

Patches the GitHub Actions workflow to use v4 artifact actions (v3 deprecation fix) and correct Infracost CLI syntax.