Changelog

New endpoints, API changes, SDK releases, and security updates. Newest first.

v1.4.0AddedMay 28, 2026
Webhook delivery retries & signed payloads
- Added automatic retries (up to 5 attempts with exponential backoff) for failed webhook deliveries.
- Every webhook payload is now signed with an HMAC-SHA256 `CodeSec-Signature` header.
- New `usage.limit_reached` event fires when a plan quota is exhausted.
v1.3.0AddedMay 12, 2026
Incremental scan results endpoint
- Added `GET /v1/scans/{scan_id}/results` returning findings as they are discovered.
- Findings now include a `confidence` field (`low` | `medium` | `high`).
v1.2.1ChangedApril 30, 2026
Rate limit headers
- Responses now include `X-RateLimit-Limit`, `X-RateLimit-Remaining` and `X-RateLimit-Reset` headers.
- Improved 429 error body with a `retry_after` field (seconds).
v1.2.0SDKApril 15, 2026
Python SDK 1.0
- Released the official Python SDK (`pip install codesec`).
- JavaScript SDK updated to 1.1 with full TypeScript types and ESM support.
v1.1.2SecurityMarch 22, 2026
Hardened API key hashing
- API keys are now stored as SHA-256 hashes; raw keys are shown exactly once on creation.
- Added per-key `last_used_at` tracking for anomaly detection.
v1.1.0AddedMarch 4, 2026
Scan types & usage endpoint
- `POST /v1/scans` now accepts a `scan_type` parameter (`quick` | `full`).
- Added `GET /v1/usage` for programmatic quota inspection.
v1.0.0AddedFebruary 1, 2026
CodeSec API general availability
- Initial public release of the CodeSec REST API.
- Endpoints for creating scans, polling status and listing results.
- Bearer-token authentication with scoped API keys.

Webhook delivery retries & signed payloads

Incremental scan results endpoint

Rate limit headers

Python SDK 1.0

Hardened API key hashing

Scan types & usage endpoint

CodeSec API general availability