Josh Grossman (tghosth👻) May 20

🚀 Introducing aghast v0.7.1: Diff-scoped security scanning

When you're reviewing a PR, you don't want to be flooded with findings from code that didn't change. v0.7.1 adds automatic diff filtering so aghast focuses its analysis on what actually changed.
1/4

Show threadJosh Grossman (tghosth👻) May 20

How?

🎯 Pass --diff-ref, --diff-file, or AGHAST_DIFF_REF and aghast automatically narrows all discovery results (Semgrep, SARIF, OpenAnt) to findings that touch your diff.
2/4

Show threadJosh Grossman (tghosth👻) May 20
🕸️ When OpenAnt is available, filtering is call-graph-aware catching not just lines you changed, but functions that call or are called by the changed code. When OpenAnt isn't around, it gracefully falls back to file+line overlap with a clear warning.
3/4
Show threadJosh Grossman (tghosth👻) 

This makes aghast a much better fit for CI pipelines where you want fast, targeted feedback on every PR without sacrificing depth. 🔍

---
📦 npm install -g @bouncesecurity/[email protected]
4/4

May 20 at 12:34pmWeb