chore: 3.9.0 release announcement post

alilleybrinker · j-lanson · commit 64f24bbd0f17 · 2024-12-20T09:07:58.000-05:00
Signed-off-by: Andrew Lilley Brinker &lt;alilleybrinker@gmail.com&gt;
diff --git a/site/content/blog/2024-12-20-hipcheck-3.9.0-release.md b/site/content/blog/2024-12-20-hipcheck-3.9.0-release.md
@@ -0,0 +1,126 @@
+---
+title: Hipcheck 3.9.0 Release
+authors:
+  - Andrew Lilley Brinker
+extra:
+  author_img: "images/authors/andrew.jpg"
+---
+
+Introducing Hipcheck 3.9.0, with bugfixes for plugin downloading and a new Git
+commit and diff parser.
+
+<!-- more -->
+
+---
+
+## 💬&nbsp;&nbsp;A New Git Commit and Diff Parser
+
+One of the key jobs that the `mitre/git` plugin for Hipcheck needs to do is
+parse Git commits and diffs. This plugin, which is a dependency of several
+other plugins we ship today, previously used a hand-rolled parser built using
+[`nom`], a popular Rust library for writing parser combinators. This had been
+tested against a wide array of open source Git repositories to identify and
+fix bugs, but of course for a parser working with something as flexible as the
+Git commit and diff format, there were still more to find. Over time, we'd
+identified this parser as a priority for replacement. It just didn't make sense
+to continue investing effort toward improving our own parser when others, more
+battle-tested, exist out in the world.
+
+In this release, we've transitioned from our hand-rolled parser to the one
+implemented by the [Gitoxide] project. Gitoxide is a project to reimplement Git
+in Rust, and their [`gix`] crate includes a Git commit and diff parser that
+works better than the one we'd written. In the short term, it's also slightly
+slower, though we believe in prioritizing correctness first, and we can work on
+improving its performance in the future.
+
+With this new parser in place, we expect fewer Git parsing bugs in the future,
+and therefore more successful analyses of Git repository histories!
+
+## 📦&nbsp;&nbsp;Improved Plugin Downloading
+
+One of the key tasks Hipcheck does before it starts analyses is to resolve the
+set of plugins requested by the user in their policy file, and all the
+dependencies of those plugins. To do this, it downloads the plugin artifacts
+for the requested version and the current architecture based on each plugin's
+download manifest, placing them in a local plugin cache.
+
+In 3.9.0, we've made two improvements to this process. First, we ensure we
+delete unused materials after copying out the stuff we need to run a plugin.
+Second, we ensure that we skip downloading plugins which already exist in the
+cache. This means less work over the network, and a faster plugin execution
+time when you reuse a policy you've run before.
+
+## 👀&nbsp;&nbsp;What's in the Release?
+
+| Package             | What is it? | New Version |
+|:--------------------|:------------|:------------|
+| `hc`                | Hipcheck    | 3.9.0       |
+| `mitre/git`         | Plugin      | 0.2.0       |
+| `mitre/activity`    | Plugin      | 0.2.0       |
+| `mitre/affiliation` | Plugin      | 0.2.0       |
+| `mitre/churn`       | Plugin      | 0.2.0       |
+| `mitre/entropy`     | Plugin      | 0.2.0       |
+| `mitre/identity`    | Plugin      | 0.2.0       |
+
+The non-`mitre/git` plugins were bumped because they depend on `mitre/git` and
+are now using the new version.
+
+## 🫸&nbsp;&nbsp;Things Pushed to Later Releases
+
+We've hoped land the implementations for [RFD #9] and [RFD #10] in 3.9.0, but
+they're not ready yet, and so we're pushing them to the 3.10.0 release.
+
+We're also still working on integrating plugins into the `hc ready` command, to
+ensure it provides clearer and more accurate feedback indicating when Hipcheck
+is ready to&nbsp;run.
+
+## 🗺️&nbsp;&nbsp;How to Get Involved
+
+We're always looking for new contributors! If you'd like to learn more about
+Hipcheck and get involved in contributing, please checkout our [Roadmap] and
+feel free to get in touch with us through our [Discussions] board!
+
+## ⭐️&nbsp;&nbsp;Thank You to Our Contributors and Supporters
+
+As always, I want to say a big "Thank you!" to everyone who supports the
+project at MITRE, to CISA for [sponsoring our current work on it][cisa_hipcheck],
+to our prior government sponsors who have helped advance Hipcheck, and to
+everyone who has contributed, given feedback, or encouraged us in building it.
+
+Thank you especially to the contributors for this release:
+
+- [Julian Lanson], Hipcheck Development Team Lead at MITRE
+- [Patrick Casey], Hipcheck Developer at MITRE
+- [Michael Chernicoff], Hipcheck Developer at MITRE
+- [Devin Lake], Hipcheck Developer at MITRE
+
+[hc_3_6_2]: https://github.com/mitre/hipcheck/releases/tag/hipcheck-v3.6.2
+[policy file]: @/docs/guide/config/policy-file.md
+[RFD #10]: @/docs/rfds/0010-submit-chunking.md
+[RFD #9]: @/docs/rfds/0009-batch-queries.md
+[`mitre/activity`]: @/docs/guide/plugins/mitre-activity.md
+[`mitre/affiliation`]: @/docs/guide/plugins/mitre-affiliation.md
+[`mitre/binary`]: @/docs/guide/plugins/mitre-binary.md
+[`mitre/churn`]: @/docs/guide/plugins/mitre-churn.md
+[`mitre/entropy`]: @/docs/guide/plugins/mitre-entropy.md
+[`mitre/fuzz`]: @/docs/guide/plugins/mitre-fuzz.md
+[`mitre/git`]: @/docs/guide/plugins/mitre-git.md
+[`mitre/github`]: @/docs/guide/plugins/mitre-github.md
+[`mitre/identity`]: @/docs/guide/plugins/mitre-identity.md
+[`mitre/linguist`]: @/docs/guide/plugins/mitre-linguist.md
+[`mitre/npm`]: @/docs/guide/plugins/mitre-npm.md
+[`mitre/review`]: @/docs/guide/plugins/mitre-review.md
+[`mitre/typo`]: @/docs/guide/plugins/mitre-typo.md
+[Julian Lanson]: https://github.com/j-lanson
+[Patrick Casey]: https://github.com/patrickjcasey
+[Michael Chernicoff]: https://github.com/mchernicoff
+[Devin Lake]: https://github.com/devin-b-lake
+[Cal Stepanian]: https://github.com/cstepanian
+[Nino Agrawal]: https://github.com/ninaagrawal
+[Aisha Mohammed]: https://github.com/aamohd
+[cisa_hipcheck]: https://www.cisa.gov/news-events/news/continued-progress-towards-secure-open-source-ecosystem
+[Roadmap]: https://github.com/orgs/mitre/projects/33/views/15
+[Discussions]: https://github.com/mitre/hipcheck/discussions
+[Gitoxide]: https://github.com/GitoxideLabs/gitoxide
+[`gix`]: https://crates.io/crates/gix
+[`nom`]: https://crates.io/crates/nom
