From 6a17a17d3030bc9f032b54f4db8d0d2e73e12d5b Mon Sep 17 00:00:00 2001 From: Andrew Lilley Brinker Date: Mon, 9 Dec 2024 09:52:32 -0800 Subject: [PATCH] chore: 3.8.0 announcement post Signed-off-by: Andrew Lilley Brinker --- .../blog/2024-11-04-hipcheck-3.8.0-release.md | 186 ++++++++++++++++++ .../templates/partials/prose-config.tera.html | 9 + 2 files changed, 195 insertions(+) create mode 100644 site/content/blog/2024-11-04-hipcheck-3.8.0-release.md diff --git a/site/content/blog/2024-11-04-hipcheck-3.8.0-release.md b/site/content/blog/2024-11-04-hipcheck-3.8.0-release.md new file mode 100644 index 00000000..49060b5d --- /dev/null +++ b/site/content/blog/2024-11-04-hipcheck-3.8.0-release.md @@ -0,0 +1,186 @@ +--- +title: Hipcheck 3.8.0 Release +authors: + - Andrew Lilley Brinker +extra: + author_img: "images/authors/andrew.jpg" +--- + +Introducing Hipcheck 3.8.0, with stable support for third-party plugins, a +suite of initial plugins, and a lot of polish for the plugin user experience. + + + +--- + +## 📦  Stable Support for Plugins + +In [Hipcheck 3.6.2][hc_3_6_2], we introduced experimental support for plugins, +which add support for new data sources and analyses to Hipcheck. The goals +of the plugin system are to enable _anyone_ to expand Hipcheck's analysis +capabilities themselves and to ensure it's the best tool for users to express +and enforce their own policies for third-party dependencies. + +Plugins in Hipcheck work by submitting queries to each other; when a plugin is +specified in a user's [policy file], Hipcheck runs that plugin's "default query," +sending information about the target source repository and any package the user +is analyzing. Those plugins can then make queries back to Hipcheck, +which Hipcheck dispatches out to the appropriate plugin. For every query, +Hipcheck also caches the result and can reuse it for any other plugins that +need it. Even better, plugins expose JSON schemas for all queries which +Hipcheck validates, and which dependent plugins can use to ensure compatibility. + +Since 3.6.2, we've been working on testing and improving the plugin system, +and on transitioning Hipcheck's existing data sources and analyses out from +the `hc` program itself and into plugins. + +This transition, to make all data sources and analyses run as plugins, ensures +we gain firsthand experience with the plugin system and with our Rust plugin +SDK. During this transition we identified bugs and deficiencies in the plugin +system which have been fixed or have spurred the creation of RFDs proposing +enhancements, including: + +- Chunked requests for plugin queries ([RFD #10][rfd_10]), to enable + sending queries with large keys, which can arise when analyzing large Git + repositories like the Linux kernel repository. +- Support for batch querying ([RFD #9][rfd_9]), to enable sending many + small queries which are cached independently but combined in a single query + to reduce gRPC overhead. + +We expect to implement these RFDs in future versions of Hipcheck. + +### Introducing the New Plugins + +The following table lists all of the plugins added, and links to the +documentation for each plugin: + +| Plugin Name | Top-Level? | Download Manifest Location | +|:----------------------|:-----------|:-------------------------------------------------------------| +| [`mitre/activity`] | Yes | | +| [`mitre/affiliation`] | Yes | | +| [`mitre/binary`] | Yes | | +| [`mitre/churn`] | Yes | | +| [`mitre/entropy`] | Yes | | +| [`mitre/fuzz`] | Yes | | +| [`mitre/git`] | - | | +| [`mitre/github`] | - | | +| [`mitre/identity`] | Yes | | +| [`mitre/linguist`] | - | | +| [`mitre/npm`] | - | | +| [`mitre/review`] | Yes | | +| [`mitre/typo`] | Yes | | + +The plugins listed as being "top-level" can be used directly in a policy file, +because they support a default query accepting a Hipcheck "target" to analyze. + +The "download manifest locations" specify the files Hipcheck uses to determine +what artifacts to download for a plugin based on your desired version and +current architecture. You specify a `plugin` in a `plugins` block in your +policy file, like so: + +```kdl +plugins { + plugin "mitre/activity" version="0.1.0" \ + manifest="https://hipcheck.mitre.org/dl/plugin/mitre/activity.kdl" +} +``` + +## 🦀  Rust SDK version 0.2.0 + +This release also includes improvements for the Hipcheck Rust SDK, including: + +- __New Features__ + - Plugins can now report "concerns," additional information to inform a + Hipcheck user what to inspect if they want to further investigate + a target ([#511](https://github.com/mitre/hipcheck/pull/511)) + - Reduced the size of compiled code from the SDK using non-generic inner + functions ([#488](https://github.com/mitre/hipcheck/pull/488)) + - Added ability for plugin test code to mock query + responses ([#476](https://github.com/mitre/hipcheck/pull/476)) + +- __Bugfixes__ + - Fixed bugs with query chunking which could result in errors when analyzing + large + repositories ([#630](https://github.com/mitre/hipcheck/pull/630)) + - Fixed bug that resulted in duplicate reporting of query explanations for + the default query of a + plugin ([#605](https://github.com/mitre/hipcheck/pull/605)) + - Fixed bug that caused failing queries to not send errors over gRPC back to + Hipcheck core ([#548](https://github.com/mitre/hipcheck/pull/548)) + +## 🗺️  How to Get Involved + +Hipcheck is an open source project, and we'd love to get more contributors +involved in building it. This doesn't just mean contributing to `hc` itself +or building plugins, but also contributing to the website, improving the +documentation, asking questions and sharing ideas in the issue tracker +and discussions forum, and writing about your own experiences and lessons +with Hipcheck for others to read. + +We have big plans for version 3.9.0 and beyond, including: + +- __Version 3.9.0__ + - Query Batching and Submit Chunking + - Integrating plugins with the `hc ready` command +- __Version 3.10.0__ + - Substantial plugin documentation improvements, especially for creating your + own plugins + - Refactoring target resolution to make it easier to add support for more + types of targets, like more SBOM formats or package hosts +- __Version 3.11.0__ + - Explainable policy expressions, improving reporting of failed analyses by + explaining policy expressions in plain language + - Overhaul result reporting to make it easier to improve in the future, and + improve parity between the human-readable and JSON formats + - Upgrade `salsa`, the Rust package we use internally for query caching, to + the latest major version + - Introduce new documentation on how to become a Hipcheck developer yourself + +You can [the full roadmap][roadmap] on GitHub. + +## ⭐️  Thank You to Our Contributors and Supporters + +I want to say a big "Thank you!" to everyone who supports the project here at +MITRE, to CISA for [sponsoring our current work on it][cisa_hipcheck], to our +prior government sponsors who have helped advance Hipcheck, and to everyone who +has contributed, given feedback, or encouraged us in building it. + +Thank you especially to the contributors for this release: + +- [Julian Lanson], Hipcheck Development Team Lead at MITRE +- [Patrick Casey], Hipcheck Developer at MITRE +- [Michael Chernicoff], Hipcheck Developer at MITRE +- [Cal Stepanian], Hipcheck Developer at MITRE +- [Nino Agrawal], Hipcheck Developer at MITRE +- [Aisha Mohammed], Hipcheck Developer at MITRE +- [Brian Marr], Hipcheck Developer at MITRE +- [Ashley Williams], Founder of Axo.dev + + +[hc_3_6_2]: https://github.com/mitre/hipcheck/releases/tag/hipcheck-v3.6.2 +[policy file]: @/docs/guide/config/policy-file.md +[rfd_10]: @/docs/rfds/0010-submit-chunking.md +[rfd_9]: @/docs/rfds/0009-batch-queries.md +[`mitre/activity`]: @/docs/guide/plugins/mitre-activity.md +[`mitre/affiliation`]: @/docs/guide/plugins/mitre-affiliation.md +[`mitre/binary`]: @/docs/guide/plugins/mitre-binary.md +[`mitre/churn`]: @/docs/guide/plugins/mitre-churn.md +[`mitre/entropy`]: @/docs/guide/plugins/mitre-entropy.md +[`mitre/fuzz`]: @/docs/guide/plugins/mitre-fuzz.md +[`mitre/git`]: @/docs/guide/plugins/mitre-git.md +[`mitre/github`]: @/docs/guide/plugins/mitre-github.md +[`mitre/identity`]: @/docs/guide/plugins/mitre-identity.md +[`mitre/linguist`]: @/docs/guide/plugins/mitre-linguist.md +[`mitre/npm`]: @/docs/guide/plugins/mitre-npm.md +[`mitre/review`]: @/docs/guide/plugins/mitre-review.md +[`mitre/typo`]: @/docs/guide/plugins/mitre-typo.md +[Julian Lanson]: https://github.com/j-lanson +[Patrick Casey]: https://github.com/patrickjcasey +[Michael Chernicoff]: https://github.com/mchernicoff +[Cal Stepanian]: https://github.com/cstepanian +[Nino Agrawal]: https://github.com/ninaagrawal +[Aisha Mohammed]: https://github.com/aamohd +[Brian Marr]: https://github.com/bmarr-mitre +[Ashley Williams]: https://github.com/ashleygwilliams +[cisa_hipcheck]: https://www.cisa.gov/news-events/news/continued-progress-towards-secure-open-source-ecosystem +[roadmap]: https://github.com/orgs/mitre/projects/33/views/15 diff --git a/site/templates/partials/prose-config.tera.html b/site/templates/partials/prose-config.tera.html index 01b8353c..80d62d0f 100644 --- a/site/templates/partials/prose-config.tera.html +++ b/site/templates/partials/prose-config.tera.html @@ -35,3 +35,12 @@ prose-h1:font-medium prose-h1:text-4xl + +prose-table:border +prose-table:border-neutral-300 +prose-table:dark:border-neutral-700 + +prose-td:p-3 +prose-th:p-3 +prose-th:bg-neutral-100 +prose-th:dark:bg-neutral-600