Changelog

Head-to-head comparisons and Pro plan launch.

• AddedSide-by-side comparison pages: Sigil vs Snyk, Socket.dev, Semgrep, and CodeQL
• AddedPro plan with cloud threat intelligence, scan history, and web dashboard

Sigil comes to Claude Code. Scan repos, audit packages, and review quarantine without leaving your editor. Plus the full documentation site at sigilsec.ai/docs.

• AddedDocumentation site with guides for CLI, Claude Code Plugin, MCP, CI/CD, configuration, and troubleshooting
• AddedFour slash commands for Claude Code: /scan-repo, /scan-package, /scan-file, and /quarantine-review
• Added@security-auditor agent that explains scan findings and recommends fixes
• Added@quarantine-manager agent that guides you through approve/reject decisions
• AddedAuto-scan hooks — Sigil suggests a scan whenever you clone, install, or mention security
• AddedConfigurable auto-approve threshold so low-risk packages flow through without interruption

Install Sigil anywhere. Pre-built binaries for macOS, Linux, and Windows — plus Homebrew, npm, and Cargo.

• AddedPre-built binaries for macOS (Apple Silicon and Intel), Linux, and Windows — with SHA256 checksums
• AddedInstall your way: brew install, npm install -g, cargo install, or a one-line curl script
• ImprovedAutomated release pipeline publishes binaries to GitHub Releases on every tag
• FixedPackaging and installation fixes resolved across v1.0.1 through v1.0.4

Sigil is open source. Eight-phase scanning, quarantine-first workflow, threat intelligence, and MCP integration — all free under Apache 2.0.

• AddedOpen-source release of the Sigil CLI under the Apache 2.0 license
• AddedEight-phase scanner covering install hooks, code patterns, network exfiltration, credentials, obfuscation, provenance, prompt injection, and skill security
• AddedQuarantine-first workflow — nothing runs until you approve it
• AddedCloud threat intelligence with 55 detection signatures and 4,700+ known threats
• AddedMCP server so AI agents can scan dependencies before installing them
• AddedEarly VS Code and JetBrains plugin support
• SecurityAll scans run locally — your source code never leaves your machine

Know who published a package and whether it has been seen before. Cloud threat intelligence, publisher reputation, and per-project ignore rules.

• AddedCloud threat intelligence enriches every scan with data from the Sigil community
• AddedPublisher reputation scores based on aggregated community scan data
• AddedThreat signatures stay fresh with automatic background sync (24-hour cache)
• Addedsigil diff command lets you compare scans over time and catch regressions
• Added.sigilignore file support to exclude directories and files from scans
• ImprovedFewer false positives on common environment variable patterns
• FixedShell alias setup now works correctly with Zsh and Oh My Zsh

See your scan history, manage your team, and browse threat intelligence — all from a web dashboard.

• AddedWeb dashboard with scan history, team management, and account settings
• AddedDetailed scan views with findings grouped by phase and severity
• AddedThreat intelligence browser with known threats, community reports, and detection signatures
• AddedTeam features: invite members, assign roles, and manage access
• AddedAlert channels for Slack, email, and webhook notifications
• AddedBilling and subscription management with plan selection

Cloud backend for Sigil Pro and Team plans. Scan storage, threat intelligence lookups, team management, and usage-based billing.

• AddedCloud API powering the Pro and Team plan features
• AddedScan history stored in the cloud — review past results anytime
• AddedThreat intelligence lookups by file hash
• AddedTeam management with invites, roles, and member removal
• AddedScan policies: set auto-approve thresholds, allowlists, and blocklists for your team
• AddedReal-time alerts via Slack, email, or webhook when high-risk scans complete

Run Sigil in your CI/CD pipeline. GitHub Actions, GitLab CI, and Docker support with SARIF output for code scanning.

• AddedGitHub Actions integration — add Sigil to any workflow with a single step
• AddedGitLab CI template for drop-in pipeline scanning
• AddedSARIF output for GitHub Code Scanning and other SARIF-compatible tools
• AddedDocker support with multi-stage builds and Compose for local development
• ImprovedContainer runs as non-root user for better security defaults

Sigil meets your editor. VS Code extension, JetBrains plugin, and an MCP server for AI agents.

• AddedVS Code extension to scan your workspace, individual files, or packages from the editor
• AddedJetBrains plugin for IntelliJ, PyCharm, and WebStorm
• AddedMCP server with 6 tools so AI agents can scan before they install

Scan URLs, archives, and MCP server configs. Plus baseline diffing to catch new risks between scans.

• Addedsigil fetch command to download and scan files from any URL
• AddedAutomatic archive extraction for .tar.gz, .zip, and .tar.bz2 files
• Addedsigil diff to compare scans against a baseline and surface new findings
• AddedDetection of MCP-specific risky patterns like auto_approve and allow_dangerous
• ImprovedBroader network exfiltration detection: Discord webhooks, Telegram bots, ngrok tunnels

Layer in your existing tools. Sigil now runs semgrep, bandit, trufflehog, and npm audit alongside its own scanner.

• AddedRun semgrep, bandit, trufflehog, safety, and npm audit as part of every Sigil scan
• AddedCloud threat intelligence — look up file hashes against a shared threat database
• Addedsigil login to authenticate and access Pro features

Get set up in seconds. Interactive installer, 9 shell aliases, and pre-commit hooks.

• AddedInteractive installer that configures shell aliases and hooks in one step
• Added9 shortcut aliases: gclone, safepip, safenpm, safefetch, audit, and more
• AddedPre-commit hook that scans every commit before it lands
• Added.sigilignore support for excluding files from scans
• SecurityPath traversal and input validation protections on all quarantine operations

Where it all started. Eight-phase scanner, quarantine workflow, and four-tier verdicts from LOW RISK to CRITICAL RISK.

• AddedEight-phase security scanner that catches install hooks, dangerous code patterns, network exfiltration, credential access, obfuscation, provenance, prompt injection, and skill security issues
• AddedQuarantine-first workflow — clone, pip install, and npm install all go to quarantine first
• AddedFour-tier verdict system: LOW RISK, MEDIUM RISK, HIGH RISK, CRITICAL RISK
• AddedDetailed scan reports with file paths and line numbers
• SecurityFully offline — no network calls, no telemetry, no data collection