v0.2.2-beta

Adoption

Security and CI adoption.

ngcompass fits private engineering workflows: local analysis, CI gates, SARIF or JSON output, and no requirement to expose private source code. Add it to each Angular project so CI runs the same package version as local development.

Audience

Private repos
Use ngcompass without exposing your application or source repository.
PR gates
Fail a build when new violations cross your severity threshold.
Security review
Surface unsafe Angular bindings, sanitizer bypasses, and SSR hazards.

Adoption checklist

  1. 01Runs inside your existing CI runner.
  2. 02Reads source code from the checked-out workspace.
  3. 03Can fail builds using severity thresholds.
  4. 04Can emit SARIF or JSON for existing security dashboards.
  5. 05Does not require public repository access.

Minimal CI command

bash
01# Recommended private-repo CI flow
02npm ci
03npx ngcompass analyze --profile ci --format sarif > ngcompass.sarif