VersionGopher™ is moving from version inventory into analyst-grade software evidence. The 0.7.0 baseline adds assessment reports, Software Genomics guidance, actionable dashboard drilldowns, metadata-probe plumbing, CAB/MSU archive visibility, hash-cost controls, stronger CVE guardrails, hosted-preview identity controls, and production hardening.
This release is about making each scan more useful after the first import. Analysts get richer file evidence, operators get more collector choices, and the hosted preview has a stronger foundation for real beta users.
MAL-* supply-chain attack advisories..cursorrules and CLAUDE.md are visible as metadata-only prompt-risk evidence, including hidden Unicode and high-risk instruction markers without storing prompt bodies..cab, .diagcab, and .msu, are treated as archive follow-up evidence.OpenSSL >= 1.0.2 when a better product-local version signal exists.0.7.0 touches the collectors, importer, database, web dashboard, matching engine, hosted identity model, and deployment workflow. These are the changes analysts and operators will feel first.
The goal is not just to find more rows. It is to shorten the path from a raw filesystem scan to a defensible analyst decision.
Open the file card and inspect publisher strings, original filename, architecture, PE Rich Header clues, ELF runtime traits, hashes, and scan provenance before deciding whether the CVE match is credible.
Open dashboardPaste a SHA-256 from an EDR alert, malware note, supplier advisory, or case record and see whether that exact artifact appears in any scan you are allowed to view.
Search hashesFilter for archives, firmware images, install bundles, and compressed containers, then unpack them in a controlled workspace and rescan the extracted directory.
out="versiongopher-${HOSTNAME}-rescan-extracted-20260520-154233.jsonl"; version_gopher -d extracted-dir -J > "$out"Create narrow Groups for workstations, servers, kiosks, or golden images that are scanned on the same cadence with the same options. Use Software Genomics relatedness for everything else.
Read group guidanceThe detail view now carries more of the context analysts usually have to chase by hand: provenance, hashes, compiler/toolchain clues, publisher hints, and binary hardening data.
PE scans can surface original filename, internal name, product strings, publisher metadata, file size, architecture, checksum status, and likely Microsoft toolchain families.
ELF detail cards are prepared for interpreter paths, build IDs, needed libraries, architecture notes, and hardening indicators from the enhanced collector schema.
Paste a SHA-256 from another tool, provider, or incident note and quickly check whether the file or collector binary appears in your imported scans.
Collectors can emit structured evidence for binaries, archives, provenance, and identity while the importer normalizes older records into the current model.
The dashboard is being prepared to call attention to strange binary traits, weak evidence, and forensic context alongside vulnerability priority.
Analysts can drill into identity, build fingerprints, scan provenance, CVE rationale, nearby files, archive follow-up, and same-directory context from one place.
The 0.7.0 preview keeps emphasizing small, portable collectors for field systems, lab appliances, embedded Linux, and disconnected environments where network agents are not realistic.
VersionGopher still favors broad detection, but the matching layer now has stronger guardrails against common filename collisions and weak version evidence.
Windows component-store files, generic product names, toolchain helper binaries, and weak filename-only matches are handled through centralized matching policy instead of scattered patches.
ELF scanning now avoids turning local dependency requirement text into product versions when stronger product-local strings are present.
Large scans can take time to match. The dashboard now reports matching state more clearly and uses materialized results so CVE filters stay responsive after refresh.
When VersionGopher reports a CVE, the analyst can inspect the product, vendor, version rule, CPE, component, and evidence that drove the match.
The matcher avoids duplicate enqueue behavior and gives the UI clearer status while long-running materialization jobs complete.
ZIP, TAR, RAR, 7z, LHA/LZH, CAB/MSU, ISO, DMG, firmware images, and several embedded container formats can now show up as first-class scan results. The collector records the container and gives follow-up guidance without expanding archives on constrained targets.
The beta service now supports local accounts, MFA enrollment, approved Google sign-in, organization and group ownership, scoped scan visibility, and admin workflows that fit small pilot teams.
A lot of 0.7.0 work is not glamorous, but it matters: fewer manual deployment traps, better docs, clearer collector help, and a cleaner split between production, local testing, and embedded build environments.
Platform and group owners have a clearer path to manage users, groups, roles, MFA resets, and scan visibility inside the preview service.
Scan a target, import the JSONL, and see where VersionGopher finds versions, CVEs, archives, hashes, and binary evidence.