Hipcheck 3.9.0 Release
Written by Andrew Lilley Brinker
Posted on December 20, 2024
Introducing Hipcheck 3.9.0, with bugfixes for plugin downloading and a new Git commit and diff parser.
💬 A New Git Commit and Diff Parser
One of the key jobs that the mitre/git plugin for Hipcheck needs to do is
parse Git commits and diffs. This plugin, which is a dependency of several
other plugins we ship today, previously used a hand-rolled parser built using
nom, a popular Rust library for writing parser combinators. This had been
tested against a wide array of open source Git repositories to identify and
fix bugs, but of course for a parser working with something as flexible as the
Git commit and diff format, there were still more to find. Over time, we'd
identified this parser as a priority for replacement. It just didn't make sense
to continue investing effort toward improving our own parser when others, more
battle-tested, exist out in the world.
In this release, we've transitioned from our hand-rolled parser to the one
implemented by the Gitoxide project. Gitoxide is a project to reimplement Git
in Rust, and their gix crate includes a Git commit and diff parser that
works better than the one we'd written. In the short term, it's also slightly
slower, though we believe in prioritizing correctness first, and we can work on
improving its performance in the future.
With this new parser in place, we expect fewer Git parsing bugs in the future, and therefore more successful analyses of Git repository histories!
📦 Improved Plugin Downloading
One of the key tasks Hipcheck does before it starts analyses is to resolve the set of plugins requested by the user in their policy file, and all the dependencies of those plugins. To do this, it downloads the plugin artifacts for the requested version and the current architecture based on each plugin's download manifest, placing them in a local plugin cache.
In 3.9.0, we've made two improvements to this process. First, we ensure we delete unused materials after copying out the stuff we need to run a plugin. Second, we ensure that we skip downloading plugins which already exist in the cache. This means less work over the network, and a faster plugin execution time when you reuse a policy you've run before.
👀 What's in the Release?
| Package | What is it? | New Version |
|---|---|---|
hc | Hipcheck | 3.9.0 |
mitre/git | Plugin | 0.2.0 |
mitre/activity | Plugin | 0.2.0 |
mitre/affiliation | Plugin | 0.2.0 |
mitre/churn | Plugin | 0.2.0 |
mitre/entropy | Plugin | 0.2.0 |
mitre/identity | Plugin | 0.2.0 |
The non-mitre/git plugins were bumped because they depend on mitre/git and
are now using the new version.
🫸 Things Pushed to Later Releases
We've hoped land the implementations for RFD #9 and RFD #10 in 3.9.0, but they're not ready yet, and so we're pushing them to the 3.10.0 release.
We're also still working on integrating plugins into the hc ready command, to
ensure it provides clearer and more accurate feedback indicating when Hipcheck
is ready to run.
🗺️ How to Get Involved
We're always looking for new contributors! If you'd like to learn more about Hipcheck and get involved in contributing, please checkout our Roadmap and feel free to get in touch with us through our Discussions board!
⭐️ Thank You to Our Contributors and Supporters
As always, I want to say a big "Thank you!" to everyone who supports the project at MITRE, to CISA for sponsoring our current work on it, to our prior government sponsors who have helped advance Hipcheck, and to everyone who has contributed, given feedback, or encouraged us in building it.
Thank you especially to the contributors for this release:
- Julian Lanson, Hipcheck Development Team Lead at MITRE
- Patrick Casey, Hipcheck Developer at MITRE
- Michael Chernicoff, Hipcheck Developer at MITRE
- Devin Lake, Hipcheck Developer at MITRE