v1.4.0

Tool Improvements

• Modernize terminal output by @tstromberg in #564
• brief: highlight evidence by @tstromberg in #566
• fix over-indenting in diff mode by @tstromberg in #568
• Don't store an empty file report for err-first-hit/miss findings by @egibs in #579
• Fix inconsistent path behaviors when running diffs by @egibs in #581
• Fix 'none' severity findings breaking tests by @egibs in #586
• Allow --err-first-miss to continue for skipped files by @tstromberg in #591
• Improve --err-first-hit handling by @tstromberg in #596
• Log an error if an override rule has no underlying, overridden rule by @egibs in #597
• terminal: improve color matching, diff readability by @tstromberg in #600
• scan: fix missing newline, make less noisy by @tstromberg in #601
• showError: Remove unwrap for ErrMatchedCondition by @tstromberg in #604

Rule Improvements

• Add override rule for py3-hatch package by @egibs in #545
• Improve findings for Mirai, vncjew, alfa, custom RAT by @tstromberg in #541
• Reorganize rule filenames around the MalwareBehaviorCatalog standard by @tstromberg in #549
• Add compromised lottie-player test data by @egibs in #552
• Update YARAforge to 20241027 by @tstromberg in #556
• MalwareBehaviorCatalog follow-up: less naming stutter, less slashes by @tstromberg in #558
• Improve detection of Golang/Linux backdoors by @tstromberg in #567
• Update third-party rules as of 2024-11-03 by @octo-sts in #571
• Improve malicious Javascript detection by @tstromberg in #572
• Remove overriden behaviors that fall below minScore by @egibs in #580
• Improve Python detection based on the PyPI malregistry by @tstromberg in #584
• Update third-party rules as of 2024-11-06 by @octo-sts in #590
• Improve detection of "Beast" and other Linux ransomware by @tstromberg in #589
• Improve detection of malicious RubyGems by @tstromberg in #588
• Improve rule coverage for timb-machine/linux-malware by @tstromberg in #592
• Add Kibana overrides by @egibs in #594
• Rule tuning to decrease false-positives on Fedora by @tstromberg in #598
• Add Kibana security detection engine rule overrides by @egibs in #602
• Fedora: Address remaining false-positives within /usr by @tstromberg in #603
• Improve coverage for objective-see/Malware by @tstromberg in #605
• Add override rules for findings from latest full scan of Wolfi packages by @egibs in #606

Developer Improvements

• Format rule files with yara-x and add Workflow Check by @egibs in #546
• Add yara-x fmt to make lint by @egibs in #547
• Create scorecard.yml by @tstromberg in #551
• README: Clarify our focus on supply-chain and UNIX-like operating systems by @tstromberg in #550
• Address token and security policy OpenSSF findings by @egibs in #554
• Add Workflow to update third-party rules and PR the changes by @egibs in #557
• Install yara in third-party rule update Workflow by @egibs in #559
• Cleanly handle no-op third-party rule Workflow runs by @egibs in #560
• Simplify commit and PR steps for third-party Workflow by @egibs in #561
• remove reviewdog/woke style actions by @tstromberg in #562
• README: aim for subtleness, not paranoia by @tstromberg in #563
• README: updates screenshots, lean into what makes malcontent special by @tstromberg in #569
• Re-add GH_TOKEN to commit/PR step for third-party rule updates by @egibs in #570
• Makefile: Add Linux support for yara-x linter by @tstromberg in #583
• re-organize samples + integration tests to improve caching by @tstromberg in #593

Full Changelog: v1.3.0...v1.4.0