KORTHEXChangelog

Development changelog - pre-release

Build notes

The Korthex development changelog: what has landed in each pre-release build, newest first, across the scanner engines, CBOM and migration output, compliance authority coverage, the SDK and CI/CD integration, and the documentation.

Documentation split into per-chapter pages

- web

  • Every documentation chapter now has its own address under /docs, so CLI, engine, SDK and compliance topics are individually linkable and indexable.
  • Added a documentation index that groups all chapters, and previous/next navigation between them.
  • Comparison and compliance pages received an objective, dated legal note explaining why the comparisons are permitted.
  • Every page now ships its own social preview card, and the full site content is published as one markdown file at /llms-full.txt for AI crawlers.

Authority and jurisdiction coverage

- compliance

  • Compliance grading now spans the recognized authorities (NIST, BSI, ANSSI, CISA, IETF, OWASP) with per-finding framework tags.
  • Jurisdiction overlays added for EU CRA readiness, EU payments, Germany, France, the United Kingdom, Australia and Canada.
  • Baseline updates are delivered as signed patches on a 24-hour cycle; the OWASP channel tracks ASVS live.

Cross-engine correlation and offensive verification

- engine

  • Findings from code, configuration, TLS/PKI, databases and git history merge into a single reachability-scored chain.
  • Extracted cryptography is graded by emulation against NIST Known-Answer Tests, with a side-channel timing verdict, so weakness is proven rather than pattern-matched.

CBOM export and migration planning

- engine

  • Cryptographic Bill of Materials export in CycloneDX, SARIF, JSON, PDF and the native .kxr format, each finding carrying a post-quantum readiness bucket.
  • Topologically-ordered migration plan with per-item file and line, replacement algorithm, effort estimate and dependency order, plus an impact simulation.

SDK and CI/CD integration surface

- sdk

  • Documented SDK covering the scanner, reports, inventory, policy, planner, dataflow, exploit and runtime modules.
  • GitHub Actions step, GitLab CI template and a generic CLI exit code gate builds above a configurable risk threshold, with SARIF findings inline in pull requests.

Context engine and language coverage

- engine

  • Two-pass context engine with dataflow tracking, taint analysis and cross-file union-find clustering, following values across import hops.
  • Coverage across 18 languages spanning TypeScript through COBOL and Zig, plus binary and TLS/PKI analyzers.