All notable changes to AppSecOne will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
1.0.0 — 2026-03-28
- Portfolio Dashboard — aggregated severity breakdown, readiness donut chart, repository cards with status indicators, and trend badges
- Findings Explorer — filterable, sortable, paginated table of all findings across the portfolio with severity badges and export to CSV/JSON
- Repository Detail — deep-dive into a single repository with findings table, policy evaluation, blocker panels, stacked severity bar, and trend chart
- Policy & Waivers — policy rules overview, active waivers with expiry tracking, and waiver creation form with audit trail
- Admin & Sync — system configuration summary, manual sync trigger with real-time SSE progress, sync history log
- Setup Wizard — guided 4-step setup: Fortify connection → project discovery → repository mapping → policy & sync configuration
- Fortify SSC integration — full sync with rate limiting, exponential backoff retry, pagination, and corporate SSL support
- Deterministic policy engine — configurable thresholds for critical/high/medium findings, issue age limits, waiver support
- Trend analytics — historical daily snapshots with 5% threshold direction classification (improving / stable / worsening)
- i18n support — English and Polish locales with pluralization, interpolation, and async-safe context management
- Security middleware stack — CSP with nonce, CSRF protection, rate limiting, API key auth, body size limits, correlation IDs
- CLI —
serve,sync,evaluate,validate,versioncommands via Typer - REST API — 15+ endpoints for overview, repositories, findings, readiness, policies, waivers, sync, trends, export, health, i18n
- 464 tests — unit, integration, security regression, i18n validation, UI regression