Development changelog - pre-release
Build notes
The Korthex development changelog: what has landed in each pre-release build, newest first, across the scanner engines, CBOM and migration output, compliance authority coverage, the SDK and CI/CD integration, and the documentation.
Documentation split into per-chapter pages
- web
- Every documentation chapter now has its own address under /docs, so CLI, engine, SDK and compliance topics are individually linkable and indexable.
- Added a documentation index that groups all chapters, and previous/next navigation between them.
- Comparison and compliance pages received an objective, dated legal note explaining why the comparisons are permitted.
- Every page now ships its own social preview card, and the full site content is published as one markdown file at /llms-full.txt for AI crawlers.
Authority and jurisdiction coverage
- compliance
- Compliance grading now spans the recognized authorities (NIST, BSI, ANSSI, CISA, IETF, OWASP) with per-finding framework tags.
- Jurisdiction overlays added for EU CRA readiness, EU payments, Germany, France, the United Kingdom, Australia and Canada.
- Baseline updates are delivered as signed patches on a 24-hour cycle; the OWASP channel tracks ASVS live.
Cross-engine correlation and offensive verification
- engine
- Findings from code, configuration, TLS/PKI, databases and git history merge into a single reachability-scored chain.
- Extracted cryptography is graded by emulation against NIST Known-Answer Tests, with a side-channel timing verdict, so weakness is proven rather than pattern-matched.
CBOM export and migration planning
- engine
- Cryptographic Bill of Materials export in CycloneDX, SARIF, JSON, PDF and the native .kxr format, each finding carrying a post-quantum readiness bucket.
- Topologically-ordered migration plan with per-item file and line, replacement algorithm, effort estimate and dependency order, plus an impact simulation.
SDK and CI/CD integration surface
- sdk
- Documented SDK covering the scanner, reports, inventory, policy, planner, dataflow, exploit and runtime modules.
- GitHub Actions step, GitLab CI template and a generic CLI exit code gate builds above a configurable risk threshold, with SARIF findings inline in pull requests.
Context engine and language coverage
- engine
- Two-pass context engine with dataflow tracking, taint analysis and cross-file union-find clustering, following values across import hops.
- Coverage across 18 languages spanning TypeScript through COBOL and Zig, plus binary and TLS/PKI analyzers.