chore(release): bump to v6.0.0 — CAISS-readiness release with compliance, governance, CLI
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kjell Tore Guttormsen
parent
52d26ddb0b
commit
dea17a1c11
7 changed files with 76 additions and 15 deletions
|
|
@ -4,6 +4,26 @@ All notable changes to the LLM Security Plugin are documented in this file.
|
|||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/).
|
||||
|
||||
## [6.0.0] - 2026-04-10
|
||||
|
||||
### Added
|
||||
- **Compliance mapping** — `knowledge/compliance-mapping.md` maps plugin capabilities to EU AI Act (Art. 9, 15, 17), NIST AI RMF (Map, Measure, Manage, Govern), ISO 42001 (Annex A), and MITRE ATLAS techniques (AML.T IDs)
|
||||
- **Norwegian regulatory context** — `knowledge/norwegian-context.md` covers Datatilsynet (DPIA for AI), NSM (basic security principles), and Digitaliseringsdirektoratet guidance
|
||||
- **SARIF 2.1.0 output** — `scanners/lib/sarif-formatter.mjs` converts scan output to OASIS SARIF standard format. Use `--format sarif` with scan/deep-scan commands
|
||||
- **Structured audit trail** — `scanners/lib/audit-trail.mjs` writes JSONL audit events with ISO 8601 timestamps, OWASP category tags, and SIEM-ready schema. Configurable via `LLM_SECURITY_AUDIT_*` env vars
|
||||
- **AI-BOM generator** — `scanners/ai-bom-generator.mjs` + `scanners/lib/bom-builder.mjs` produce CycloneDX 1.6 Bills of Materials for AI components (models, MCP servers, plugins, knowledge, hooks)
|
||||
- **Policy-as-code** — `scanners/lib/policy-loader.mjs` reads `.llm-security/policy.json` for distributable hook configuration. Integrated into all 8 hooks. Env vars always take precedence
|
||||
- **Standalone CLI** — `bin/llm-security.mjs` provides `npx llm-security` entry point. Subcommands: `scan`, `deep-scan`, `posture`, `audit-bom`, `benchmark`
|
||||
- **Posture compliance categories** — 3 new posture categories (14: EU AI Act, 15: NIST AI RMF, 16: ISO 42001). Advisory only — do not affect Grade A threshold
|
||||
- **Attack simulator benchmark mode** — `--benchmark` flag outputs structured pass/fail metrics for CI integration
|
||||
|
||||
### Changed
|
||||
- Version bump: 5.1.0 → 6.0.0 across all files
|
||||
- Knowledge base expanded from 13 to 15 files
|
||||
- Scanner count: 15 → 16 (AI-BOM generator added)
|
||||
- Posture scanner: 13 → 16 categories
|
||||
- All hooks now read policy from `.llm-security/policy.json` (backward-compatible — defaults match hardcoded values)
|
||||
|
||||
## [5.1.0] - 2026-04-07
|
||||
|
||||
### Added
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue