-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: 3.9.0 release announcement post
Signed-off-by: Andrew Lilley Brinker <[email protected]>
- Loading branch information
1 parent
4de12c1
commit e67cc96
Showing
1 changed file
with
126 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,126 @@ | ||
| --- | ||
| title: Hipcheck 3.9.0 Release | ||
| authors: | ||
| - Andrew Lilley Brinker | ||
| extra: | ||
| author_img: "images/authors/andrew.jpg" | ||
| --- | ||
|
|
||
| Introducing Hipcheck 3.9.0, with bugfixes for plugin downloading and a new Git | ||
| commit and diff parser. | ||
|
|
||
| <!-- more --> | ||
|
|
||
| --- | ||
|
|
||
| ## 💬 A New Git Commit and Diff Parser | ||
|
|
||
| One of the key jobs that the `mitre/git` plugin for Hipcheck needs to do is | ||
| parse Git commits and diffs. This plugin, which is a dependency of several | ||
| other plugins we ship today, previously used a hand-rolled parser built using | ||
| [`nom`], a popular Rust library for writing parser combinators. This had been | ||
| tested against a wide array of open source Git repositories to identify and | ||
| fix bugs, but of course for a parser working with something as flexible as the | ||
| Git commit and diff format, there were still more to find. Over time, we'd | ||
| identified this parser as a priority for replacement. It just didn't make sense | ||
| to continue investing effort toward improving our own parser when others, more | ||
| battle-tested, exist out in the world. | ||
|
|
||
| In this release, we've transitioned from our hand-rolled parser to the one | ||
| implemented by the [Gitoxide] project. Gitoxide is a project to reimplement Git | ||
| in Rust, and their [`gix`] crate includes a Git commit and diff parser that | ||
| works better than the one we'd written. In the short term, it's also slightly | ||
| slower, though we believe in prioritizing correctness first, and we can work on | ||
| improving its performance in the future. | ||
|
|
||
| With this new parser in place, we expect fewer Git parsing bugs in the future, | ||
| and therefore more successful analyses of Git repository histories! | ||
|
|
||
| ## 📦 Improved Plugin Downloading | ||
|
|
||
| One of the key tasks Hipcheck does before it starts analyses is to resolve the | ||
| set of plugins requested by the user in their policy file, and all the | ||
| dependencies of those plugins. To do this, it downloads the plugin artifacts | ||
| for the requested version and the current architecture based on each plugin's | ||
| download manifest, placing them in a local plugin cache. | ||
|
|
||
| In 3.9.0, we've made two improvements to this process. First, we ensure we | ||
| delete unused materials after copying out the stuff we need to run a plugin. | ||
| Second, we ensure that we skip downloading plugins which already exist in the | ||
| cache. This means less work over the network, and a faster plugin execution | ||
| time when you reuse a policy you've run before. | ||
|
|
||
| ## 👀 What's in the Release? | ||
|
|
||
| | Package | What is it? | New Version | | ||
| |:--------------------|:------------|:------------| | ||
| | `hc` | Hipcheck | 3.9.0 | | ||
| | `mitre/git` | Plugin | 0.2.0 | | ||
| | `mitre/activity` | Plugin | 0.2.0 | | ||
| | `mitre/affiliation` | Plugin | 0.2.0 | | ||
| | `mitre/churn` | Plugin | 0.2.0 | | ||
| | `mitre/entropy` | Plugin | 0.2.0 | | ||
| | `mitre/identity` | Plugin | 0.2.0 | | ||
|
|
||
| The non-`mitre/git` plugins were bumped because they depend on `mitre/git` and | ||
| are now using the new version. | ||
|
|
||
| ## 🫸 Things Pushed to Later Releases | ||
|
|
||
| We've hoped land the implementations for [RFD #9] and [RFD #10] in 3.9.0, but | ||
| they're not ready yet, and so we're pushing them to the 3.10.0 release. | ||
|
|
||
| We're also still working on integrating plugins into the `hc ready` command, to | ||
| ensure it provides clearer and more accurate feedback indicating when Hipcheck | ||
| is ready to run. | ||
|
|
||
| ## 🗺️ How to Get Involved | ||
|
|
||
| We're always looking for new contributors! If you'd like to learn more about | ||
| Hipcheck and get involved in contributing, please checkout our [Roadmap] and | ||
| feel free to get in touch with us through our [Discussions] board! | ||
|
|
||
| ## ⭐️ Thank You to Our Contributors and Supporters | ||
|
|
||
| As always, I want to say a big "Thank you!" to everyone who supports the | ||
| project at MITRE, to CISA for [sponsoring our current work on it][cisa_hipcheck], | ||
| to our prior government sponsors who have helped advance Hipcheck, and to | ||
| everyone who has contributed, given feedback, or encouraged us in building it. | ||
|
|
||
| Thank you especially to the contributors for this release: | ||
|
|
||
| - [Julian Lanson], Hipcheck Development Team Lead at MITRE | ||
| - [Patrick Casey], Hipcheck Developer at MITRE | ||
| - [Michael Chernicoff], Hipcheck Developer at MITRE | ||
| - [Devin Lake], Hipcheck Developer at MITRE | ||
|
|
||
| [hc_3_6_2]: https://github.com/mitre/hipcheck/releases/tag/hipcheck-v3.6.2 | ||
| [policy file]: @/docs/guide/config/policy-file.md | ||
| [RFD #10]: @/docs/rfds/0010-submit-chunking.md | ||
| [RFD #9]: @/docs/rfds/0009-batch-queries.md | ||
| [`mitre/activity`]: @/docs/guide/plugins/mitre-activity.md | ||
| [`mitre/affiliation`]: @/docs/guide/plugins/mitre-affiliation.md | ||
| [`mitre/binary`]: @/docs/guide/plugins/mitre-binary.md | ||
| [`mitre/churn`]: @/docs/guide/plugins/mitre-churn.md | ||
| [`mitre/entropy`]: @/docs/guide/plugins/mitre-entropy.md | ||
| [`mitre/fuzz`]: @/docs/guide/plugins/mitre-fuzz.md | ||
| [`mitre/git`]: @/docs/guide/plugins/mitre-git.md | ||
| [`mitre/github`]: @/docs/guide/plugins/mitre-github.md | ||
| [`mitre/identity`]: @/docs/guide/plugins/mitre-identity.md | ||
| [`mitre/linguist`]: @/docs/guide/plugins/mitre-linguist.md | ||
| [`mitre/npm`]: @/docs/guide/plugins/mitre-npm.md | ||
| [`mitre/review`]: @/docs/guide/plugins/mitre-review.md | ||
| [`mitre/typo`]: @/docs/guide/plugins/mitre-typo.md | ||
| [Julian Lanson]: https://github.com/j-lanson | ||
| [Patrick Casey]: https://github.com/patrickjcasey | ||
| [Michael Chernicoff]: https://github.com/mchernicoff | ||
| [Devin Lake]: https://github.com/devin-b-lake | ||
| [Cal Stepanian]: https://github.com/cstepanian | ||
| [Nino Agrawal]: https://github.com/ninaagrawal | ||
| [Aisha Mohammed]: https://github.com/aamohd | ||
| [cisa_hipcheck]: https://www.cisa.gov/news-events/news/continued-progress-towards-secure-open-source-ecosystem | ||
| [Roadmap]: https://github.com/orgs/mitre/projects/33/views/15 | ||
| [Discussions]: https://github.com/mitre/hipcheck/discussions | ||
| [Gitoxide]: https://github.com/GitoxideLabs/gitoxide | ||
| [`gix`]: https://crates.io/crates/gix | ||
| [`nom`]: https://crates.io/crates/nom |