v3.3.0

v3.3.0

This release introduces major enhancements to deployment infrastructure, data leak monitoring capabilities, and SSL certificate tracking. The update focuses on improving operational flexibility with a modern modular deployment system, adding regex pattern matching for keywords, migrating to the actively maintained SearxNG project, implementing comprehensive SSL certificate expiration monitoring, and introducing a local CertStream server for improved certificate transparency monitoring.

⚠️ Important - Breaking Changes

This is a major infrastructure update that requires manual configuration changes:

• ✅ New CertStream service must be added to docker-compose.yml
• ✅ SearxNG migration: Service renamed from searx to searxng
• ✅ Environment variables: Three variables must be updated in .env
• ✅ Configuration file: New certstream-config.yaml required
• ✅ Database migrations: New fields for regex keywords and SSL tracking

Update Procedure

For existing deployments:

Important: This release includes significant infrastructure changes. Please follow these steps carefully.

Step 1: Backup your data

Before proceeding, ensure you have a complete backup of your database and configuration files.

Step 2: Pull the latest version

docker compose pull

Step 3: Stop running containers

docker compose down

Step 4: Update docker-compose.yml

This release introduces a new CertStream service for local certificate transparency monitoring. Update your docker-compose.yml file with the following changes:

1. Add the CertStream service (add this section before the searxng service):

   certstream:
     container_name: certstream
     image: 0rickyy0/certstream-server-go:latest
     restart: always
     networks:
       default:
         ipv4_address: 10.10.10.7
     volumes:
       - ./certstream-config.yaml:/app/config.yaml:ro
     ports:
       - "8080:8080"
     healthcheck:
       test: ["CMD", "curl", "-f", "http://localhost:8080/"]
       interval: 10s
       timeout: 5s
       retries: 5
       start_period: 10s
     environment:
       - TZ=${TZ}

2. Rename the Searx service from searx to searxng:

   • Change container_name: searx to container_name: searxng
   • Change hostname: searx to hostname: searxng
   • Update image from searx/searx:1.1.0-69-75b859d2 to searxng/searxng:latest
   • Update volume mount from ./Searx/searx:/etc/searx:rw to ./Searx/searx:/etc/searxng:rw
   • Remove the command: ${SEARX_COMMAND:-} line (no longer needed)

3. Update the Watcher service dependencies:

   depends_on:
     db_watcher:
       condition: service_healthy
     searxng:
       condition: service_started
     certstream:
       condition: service_healthy

4. Add health check to db_watcher (if not already present):

   healthcheck:
     test: mysqladmin --user=${DB_USER} --password=${DB_PASSWORD} status
     interval: 2s
     timeout: 1s
     retries: 10
     start_period: 30s

5. Update the Watcher service environment to bypass proxy for internal services:

   environment:
     no_proxy: "10.10.10.3,10.10.10.5,10.10.10.6,10.10.10.7,certstream"

Step 5: Update your .env file

The following environment variables must be updated:

1. SearxNG URL (Required):

   DATA_LEAK_SEARX_URL=http://searxng:8080/

2. CertStream URL (Required - New variable):

   CERT_STREAM_URL=ws://certstream:8080

3. NO_PROXY configuration (Required for proper internal routing):

   NO_PROXY=certstream,10.10.10.7,localhost,127.0.0.1,10.10.10.3,10.10.10.5,10.10.10.6

4. Optional updates:

   • Review and update SEARX_HOSTNAME if needed (default: searxng:8080)
   • You can remove SEARX_COMMAND as it's no longer used

Step 6: Add CertStream configuration file

Create or update the certstream-config.yaml file in your project root directory:

# Configuration for certstream-server-go
# This file is mounted read-only in the Docker container

webserver:
  # Listen on all interfaces for Docker networking
  listen_addr: "0.0.0.0"
  listen_port: 8080
  
  # WebSocket endpoints
  lite_url: "/"                    # Recommended endpoint for Watcher
  full_url: "/full-stream"         # Full stream with all certificate data
  domains_only_url: "/domains-only" # Only domain names
  
  # Enable real IP detection for reverse proxy scenarios
  real_ip: true

# Prometheus metrics for monitoring
prometheus:
  enabled: true
  listen_addr: "0.0.0.0"
  listen_port: 9090
  metrics_url: "/metrics"

This configuration file is already included in the repository. If you've customized it, ensure your changes are preserved.

Step 7: Apply database migrations

docker compose run watcher bash
python manage.py migrate

Step 8: Rebuild and restart containers

docker compose up -d

Step 9: Verify the deployment

Check that all services are running correctly:

docker compose ps

For new modular deployment (recommended for production):

The new deployment system provides enhanced reliability and maintainability. To migrate:

1. Navigate to the new deployment directory:

   cd deployment

2. Initialize the environment:

   make init

3. Configure your environment:

   • Copy .env.example to .env and customize
   • Update domain and network settings
   • Configure database credentials

4. Deploy the stack:

   make deploy

For detailed migration instructions, see the deployment README.

What's Changed

Deployment Infrastructure Overhaul

Modern Modular Docker Deployment System

A complete redesign of the deployment architecture provides improved maintainability, reliability, and operational flexibility:

• Modular Compose Architecture

  • compose_apps.yaml: Application services (Watcher, SearxNG, CertStream)
  • compose_databases.yaml: Database services with optimized configurations
  • compose_reverse_proxy.yaml: Traefik reverse proxy with TLS termination
  • Main docker-compose.yml orchestrates all services with health checks

• Automated Deployment Scripts (deployment/scripts/)

  • init.sh: Complete environment initialization and validation
  • deploy.sh: One-command full stack deployment
  • migrate.sh: Database migration automation
  • backup-db.sh: Automated database backup utility
  • populate-db.sh: Sample data population
  • create-superuser.sh: Interactive superuser creation
  • check-network.sh: Docker network validation and creation
  • replace-tls.sh: Automatic TLS configuration updates
  • openssl-certificates-generator.sh: TLS certificate generation

• Makefile Integration

  • Simple commands: make up, make down, make deploy, make migrate
  • Automatic environment validation before operations
  • Integrated backup and initialization workflows

• Enhanced Configuration Management

  • Centralized .env file with comprehensive examples
  • Template-based configuration with validation
  • Automatic TLS certificate generation
  • Network isolation with custom subnet management

• Traefik Reverse Proxy

  • Automatic TLS termination with custom certificates
  • Dynamic routing configuration
  • Access logging and request tracing
  • Dashboard for monitoring (optional)

---

Data Leak Module Enhancements

Regex Pattern Matching for Keywords

Advanced keyword matching capabilities significantly improve data leak detection:

• Regex Support

  • New is_regex boolean field in Keyword model
  • Backend validation of regex patterns before saving
  • Compilation error handling with user-friendly messages
  • Performance optimization with compiled pattern caching

• Frontend UI Improvements

  • Checkbox to enable/disable regex mode per keyword
  • Visual badge indicators:
    • "RegEx" badge for regex patterns (blue)
    • "Exact" badge for literal matches (green)

• Use Cases

  • Email pattern matching: [a-zA-Z0-9._%+-]+@company\.com
  • Domain variations: (company|brand|product)\.(com|net|org)
  • Complex string patterns: API[_-]?KEY[:\s]+[A-Za-z0-9]+

---

Search Engine Infrastructure

Migration to SearxNG

Transition from deprecated Searx to actively maintained SearxNG ensures long-term reliability:

• Service Update

  • Container name: searx to searxng
  • Official SearxNG image with latest security patches
  • Optimized configuration for data leak detection

• Configuration Improvements

  • Simplified environment variables
  • JSON format enabled for API compatibility
  • Optimized for containerized environments
  • Enhanced engine configuration (GitHub, GitLab, Bitbucket, NPM, StackOverflow)
  • Disabled rate limiting for internal use

• Settings Synchronization

  • Unified configuration between settings.py and .env
  • Consistent URL handling across all modules

---

SSL Certificate Monitoring

Comprehensive SSL Expiration Tracking

New infrastructure for monitoring SSL certificate expiration across all domains:

• New SSL Fields

  • LegitimateDomain.ssl_expiry: Track certificate expiration dates
  • Site.ssl_expiry: Monitor site certificate validity
  • Site.domain_created_at: Track domain registration dates
  • Alert.new_ssl_expiry / Alert.old_ssl_expiry: Track certificate changes

• SSLCertificateChecker Utility

  • Automatic certificate fetching and parsing
  • Expiration date extraction and valida...

v3.2.2

v3.2.2

This release introduces a new threat intelligence source and focuses on improving the Threats Watcher module to better track emerging cybersecurity threats and industry buzz. Minor updates were made to support this new source type, improve data collection reliability, and refine source classification.

Update Procedure

No breaking change or configuration is required for this release. However, contributors must ensure they follow the updated test commands and conventions detailed in the updated documentation.

Since this release adds new sources and updates existing ones, you should repopulate your database to include the latest blocklist and RSS sources:

docker compose down
docker compose run watcher bash
python manage.py populate_db

What’s Changed

Threats Watcher Improvements

• Added Bluesky as a new source for monitoring cybersecurity threats and discussions.
• Enhanced the fetch_last_posts logic to support Bluesky-specific data formats and behaviors.
• Added a custom User-Agent to improve reliability when fetching external sources.
• Cleaned and normalized existing sources to improve consistency and relevance.

Source Management Updates

• Updated sources.csv with new Bluesky RSS feeds focused on cybersecurity threats and trends.
• Introduced and refined source confidence classification to better reflect reliability and trust levels.
• Removed outdated or redundant sources to improve signal-to-noise ratio.

Full Changelog: v3.2.0...v3.2.2

v3.2.1

v3.2.1

This release focuses on stability and robustness improvements across the Data Leak and DNS Finder modules, along with documentation updates. It addresses several minor bugs related to data validation, rendering safety, and edge-case handling, improving overall reliability without introducing breaking changes.

Update Procedure

No breaking change or configuration is required for this release. However, contributors must ensure they follow the updated test commands and conventions detailed in the updated documentation.

What’s Changed

Bug Fixes and Stability Improvements

Data Leak Module

• Improved overall stability when handling alerts with missing or incomplete data.
• More reliable filtering of archived and active alerts.
• Safer handling of URLs to prevent display issues and unexpected errors.
• Improved resilience when extracting domain names from alerts.

DNS Finder Module

• Improved robustness when displaying alert data.
• Safer handling of missing or incomplete domain information.
• Reduced risk of UI errors in alerts and archived alerts views.
• More consistent behavior when alert data is partially unavailable.

Documentation Updates

• Updated README.md to reflect recent changes and improvements.
• General documentation updates to improve clarity and consistency.

Full Changelog: v3.1.0...v3.2.1

v3.2.0

v3.2.0

This release delivers a major improvement to both performance and data integrity across Watcher modules. It introduces full back-end, enhanced validation logic, improved user experience. The update significantly increases application responsiveness and maintainability, especially for large datasets.

Update Procedure

No breaking change or configuration is required for this release. However, contributors must ensure they follow the updated test commands and conventions detailed in the updated documentation.

What’s Changed

Performance and Pagination

Backend

• API pagination added to 4 modules.

• Endpoints now support:

  ?page=<page>&page_size=<size>
  

• Default page_size: 100 (configurable from 1 to 1000).

• Backward-compatible with existing clients.

• Significant performance improvements:

  • Large dataset load time reduced from ~15 seconds to ~1–2 seconds.
  • Memory usage reduced by ~60% on large collections.
  • Query performance optimized using select_related().

• Modules now paginated:

  • Data Leak (keyword, alert)
  • Site Monitoring (site, alert)
  • DNS Finder (dns_monitored, keyword_monitored, dns_twisted, alert)
  • Legitimate Domains

• Progressive background loading:

  • First 100 items load instantly.
  • Remaining items fetched in background batches every 300ms.

Data Validation and Integrity

• Cross-module duplicate detection:

  • Prevents adding a domain to Legitimate Domains if it already exists in Website Monitoring and vice versa.
  • Clear validation messages indicating conflicts.

• Improved domain validation:

  • Wildcards (*.example.com) now cleaned and validated correctly.
  • Invalid domain formats rejected with improved error messages.

User Experience Improvements

• Authentication navigation: Login/logout now preserve current page instead of redirecting to home.

• Threats Watcher – Articles pagination: Word detail view supports pagination for large lists.

• Legitimate Domains: Full comment display with Show more / Show less toggle.

• Filter and state persistence: Date range and custom filters saved and restored from localStorage.

Full Changelog: v3.0.1...v3.2.0

v3.1.0

v3.1.0

This release introduces GitHub Container Registry (GHCR) support as the primary container distribution method, while maintaining backward compatibility with Docker Hub. This strategic shift ensures better integration with GitHub's ecosystem and improved reliability for container deployments.

Important: Docker Hub support will be discontinued on February 28, 2026. Please migrate to GitHub Container Registry before this date.

Update Procedure

Please follow this process:

For Docker Hub users (current method):

docker compose pull
docker compose down
docker compose up -d

For GitHub Container Registry users (mandatory):

1. Update your docker-compose.yml to use the new GHCR image:

services:
  watcher:
    image: ghcr.io/thalesgroup-cert/watcher:latest
    # ...rest of configuration

2. Pull and restart:

docker compose pull
docker compose down
docker compose up -d

What's Changed

Infrastructure & Distribution

GitHub Container Registry Integration

• Primary container distribution now via ghcr.io/thalesgroup-cert/watcher
• Native integration with GitHub releases and tags
• Better security with GitHub's package security scanning

Docker Hub Deprecation

• Docker Hub support continues until February 28, 2026
• All workflows now include deprecation warnings
• continue-on-error: true on Docker Hub steps to prevent build failures
• Both registries receive identical images during transition period

CI/CD Improvements

• Updated all GitHub Actions workflows to v5 for build-push-action
• Improved multi-platform build support with QEMU v3

Migration Timeline

• Now - February 28, 2026: Both Docker Hub and GHCR supported
• February 28, 2026: Docker Hub support ends
• After February 28, 2026: GHCR only

Available Images

GitHub Container Registry (Recommended):

• Latest: ghcr.io/thalesgroup-cert/watcher:latest
• Test: ghcr.io/thalesgroup-cert/watcher:test
• Versioned: ghcr.io/thalesgroup-cert/watcher:v3.1.0

Docker Hub (Deprecated):

• Latest: felix83000/watcher:latest
• Test: felix83000/watcher:test
• Versioned: felix83000/watcher:v3.1.0

Full Changelog: v3.0.1...v3.1.0

v3.0.1

v3.0.1

This update enhances the documentation and user experience while ensuring security and stability through dependency upgrades.

Update Procedure

Please follow this process.

What's Changed

Security & Dependencies

• Upgraded Django from 5.2.7 to 5.2.8 version - Ensures the latest security patches and performance improvements are applied to the framework by @ygalnezri

Documentation & User Experience

• Enhanced README.md - Added new sections and replaced static images with animated GIFs to provide a more dynamic and engaging documentation experience by @ygalnezri
• Introduced CONTRIBUTING.md - Created comprehensive contribution guidelines to encourage and facilitate community contributions to the Watcher project by @ygalnezri

Full Changelog: v3.0...v3.0.1

v3.0

v3.0

Watcher v3.0 marks a significant evolution of the platform, delivering fully modernized infrastructure, expanded threat intelligence capabilities, and a greatly improved user experience. This release introduces centralized data management, AI-driven threat analysis, advanced domain tracking, and a completely redesigned interface for faster, more intuitive operations.

Important: This release includes major database schema changes. Ensure you have a complete backup before upgrading to prevent any data loss.

Update Procedure

Please follow this process:

1. Pull the latest Docker image from the repository

   docker compose pull

2. Apply any database migrations:

   docker compose down
   docker compose run watcher bash
   python manage.py migrate

3. Update your .env file and review the new weekly summary and breaking news settings. By default, they are set as:

   WEEKLY_SUMMARY_DAY=Monday
   WEEKLY_SUMMARY_HOUR=9:30
   BREAKING_NEWS_THRESHOLD=15

   You can adjust these values to match your preferred schedule and thresholds.
4. Rebuild and restart containers:

   docker compose down
   docker compose up -d

What's New

Core Infrastructure & Database

Legitimate Domains Module

• New LegitimateDomain module for tracking company-approved domains
• Supports expiry dates, repurchase status, and contact information
• Dedicated API with search, ordering, and full CRUD operations

Enhanced Domain Tracking

• New fields on Website Monitoring module: registrar, legitimacy, domain_expiry, takedown_request, legal_team and blocking_request
• RDAP alert support for tracking registration changes

Threats Watcher Summary System

• New Summary model supporting weekly summaries and breaking news alerts
• AI-generated content with extracted CVEs, organizations, and threat actors

Centralized Logging System

• Introduction of a new Logger dependency providing a unified, application-wide logging layer
• Consistent log formatting and routing across all modules
• Contextual log levels (debug, info, warning, error, critical) with colorized output in development mode

RDAP & WHOIS Discovery

Comprehensive Discovery System

• RDAPDiscovery class with automatic TLD endpoint detection and fallback mechanisms and WhoisDiscovery class for cases where RDAP data is unavailable
• Scheduled automated lookups for domains lacking registrar information

Smart Domain Updates

• Automatic legitimacy status updates when domains transition between available, disabled, and registered states
• Real-time RDAP/WHOIS alert tracking with registrar and expiry date change notifications

Notification System Enhancements

Enhanced Platform Support

• Improved TheHive integration with intelligent alert/case creation
• Dedicated Slack and Citadel message handlers with application-specific formatting

Frontend & UI Improvements

Theme System

• 5 themes: Darkly, Flatly, Cyborg, Superhero, Brite
• Persistent localStorage for user preferences

Advanced Dashboard Features

• ResizableContainer: User-customizable panel widths across all dashboards
• TableManager: Advanced filtering, sorting, pagination, and saved filter sets
• Breaking News Popup: Real-time floating alerts for critical threats with auto-dismiss
• Weekly Summary Widget: Minimizable/draggable card with typewriter effect and CVE detection

Enhanced Visualizations

• New SiteStats and LegitimateStats components with icon-based metrics
• Domain expiry badges and monitoring status indicators
• Unified ExportModal for MISP and Legitimate Domain conversions

Filter Persistence

• Save and load custom filter configurations per module

Threats Watcher Enhancements

AI-Powered Intelligence

• Integration with Hugging Face transformers for NER and summarization
• Advanced Named Entity Recognition with noise filtering
• BART-based text summarization for threat reports
• Cached pipeline management for optimized performance

Automated Threat Detection

• Breaking news detection with threshold-based automatic alerts
• Weekly intelligence report generation with scheduled cron jobs
• Entity extraction for persons, organizations, locations, and products
• Real-time signal system for rapid threat trending

Breaking News & Weekly Reports

• Automatic detection of rapidly trending keywords
• AI-generated summaries with extracted threat indicators
• Scheduled weekly intelligence reports with threat actor identification

Site Monitoring Improvements

6-Level Legitimacy Classification

• Unknown → Suspicious, not harmful → Suspicious, likely harmful (registered) → Suspicious, likely harmful (available/disabled) → Malicious (registered) → Malicious (available/disabled)
• Automated classification updates based on domain registration status
• Historical legitimacy tracking

Enhanced Monitoring

• Dedicated RDAP/WHOIS alert types for registrar and expiry changes
• RDAP-specific modal views showing date differences
• Direct conversion of monitored sites to legitimate domain tracking
• Improved stats display with action badges

DNS Finder Updates

Smart Domain Handling

• Automatic cleaning of *. prefixes from certificate transparency domains
• Enhanced source tracking for cert transparency vs. dnstwist detection
• Better parent_domain and subdomain tagging in TheHive exports

Data Leak Enhancements

• Grouped notifications for multiple alerts on same keyword
• Improved paste content display with download functionality

Testing & Quality Assurance

Unit Tests (Back-End)

• Total of 109 Django unit tests across all core modules, ensuring coverage of existing and updated back-end functionality.

End-to-End Tests (Front-End)

• Total of 229 Cypress tests, covering all major front-end workflows and new features.
• New: LegitimateDomains.cy.js with 51 tests specifically validating the new Legitimate Domains module.

Bug Fixes

• Observable deduplication in TheHive alerts/cases
• Better comment and observable management in notification handlers
• Better formatting and organization in Data Leak module

Full Changelog: v2.4.1...v3.0

v2.4.1

v2.4.1

This release resolves the Searx port inconsistency issue #215 and improves the stability and maintainability of the Data Leak module. All relevant configuration files (Watcher/settings.py, .env, docker-compose.yml, and Searx/searx/settings.yml) now consistently use port 8080 for Searx.

This ensures that Watcher can correctly query Searx without encountering connection errors.

Update Procedure

Please follow this process :

1. Pull the latest Docker image from the repository.
2. Stop running containers:

   docker compose down

3. Update your .env file:
   • Check DATA_LEAK_SEARX_URL
4. Rebuild and restart containers with :

   docker compose down
   docker compose up

What’s Changed

Searx Port Standardization:

• Fixed inconsistent default ports (8080 vs 8888). Watcher now consistently uses http://searx:8080/.
• Watcher respects the DATA_LEAK_SEARX_URL environment variable if set, allowing custom Searx hosts/ports.

Data Leak Module

• Minor bug fixes and improvements in notification handling.

Full Changelog: v2.4...v2.4.1

v2.4

v2.4

This release brings major improvements to the Threat Watcher module, including a new word reliability scoring, state-of-the-art NER detection, reduced false positives, a smarter trending algorithm, and several bug fixes and optimizations.

Update Procedure for Docker

Please follow this process:

[WARNING] Manual Deletion Step:

This operation will permanently delete all existing data in the Source, BannedWord, and TrendyWord tables.
If you have custom sources, banned words, or other critical data, make sure to back them up or export them before proceeding.

Before anything else, clean existing data to avoid conflicts. Run the following commands in the Django shell in this order:

python manage.py shell -c "from threats_watcher.models import Source, BannedWord, TrendyWord; Source.objects.all().delete(); BannedWord.objects.all().delete(); TrendyWord.objects.all().delete()"

Then continue with the update procedure:

1. Pull the latest Docker image from the repository.

2. Stop all containers:

   docker compose down

3. Apply database migrations and Repopulate the database with the new blocklist and sources (new fields added):

   docker compose run watcher bash
   python manage.py migrate
   python manage.py populate_db

4. Restart the containers:

   docker compose up

If you run Watcher without Docker

1. Install all system dependencies

 sudo apt update && sudo apt install -y \
     build-essential \
     libsasl2-dev \
     libldap2-dev \
     libssl-dev \
     curl \
     git

2. Install Rust (required for tokenizers/transformers)

curl https://sh.rustup.rs -sSf | sh -s -- -y
source $HOME/.cargo/env

3. (Re)install Python dependencies

pip install --upgrade pip
pip install --no-cache-dir -r requirements.txt

4. Install torch, torchvision, torchaudio with CPU support

pip install --extra-index-url https://download.pytorch.org/whl/cpu torch==2.2.0 torchvision==0.17.0 torchaudio==2.2.0

5. Install NLTK dependencies

python ./nltk_dependencies.py

What’s Changed

ThreatWatcher – Major Improvements

• Reliability scoring for each trending word:

  • Each source in sources.csv now features a confident score (1 = 100%, 2 = 50%, 3 = 20%).
  • The reliability for each word is the average confidence of the sources where it appeared.
  • New field shown in UI (“Reliability %” column).

• Entity extraction now uses BERT-base-NER:

  • Improved word/entity detection in news titles.
  • 10× smaller blocklist needed; blocklist file reduced.
  • Vastly fewer false positives.
  • For more information on BERT-base-NER : https://huggingface.co/dslim/bert-base-NER

• Trending algorithm refactor:

  • Now only the last 30 days of news headlines are used for trending word calculation.
  • Old: Words could “dominate” from historic surges (e.g. 200 hits a year ago + 1 this month = trending).
  • New: Words must truly be trending this month to rank.
  • Minimum occurrences for trend detection reduced from 7 → 5.

• Improved testing coverage:

  • Three new unit tests added in the backend to validate recent changes.
  • Existing frontend tests adjusted to reflect UI updates (e.g. Reliability column).

• Improved Entity Detection, Reliability Scoring, and Trending Algorithm by @ygalnezri and @LeonNadot in #224

• v2.4 by @ygalnezri and @LeonNadot in #225

Breaking changes & warnings

• If you use custom code for word parsing/blocklist:
  • Review your blocklist (now much smaller).
  • Word detection logic has changed (BERT, NER).
• sources.csv structure:
  • Now requires a confident column.
  • Ensure your source feeds are updated to match the new format.
• Database migration required (new fields).
• Minimum word occurrence is now 5 (was 7), can be changed in settings.py.

Full Changelog: v2.3...v2.4

v2.3

v2.3

This release introduces a significant upgrade in automated testing coverage, improving both back-end and front-end reliability. The goal is to ensure that every new feature or modification in Watcher is backed by robust, automated unit tests. This update directly strengthens the stability and maintainability of the project across all modules.

Update Procedure

No breaking change or configuration is required for this release. However, contributors must ensure they follow the updated test commands and conventions detailed in the updated documentation.

What’s Changed

Test Coverage

Unit Tests (Back-End)

• 99 Django unit tests across the main back-end modules:

  • common/tests.py
  • watcher/tests.py
  • Individual tests.py files per module

End-to-End Tests (Front-End with Cypress)

• 4 full-featured Cypress suites covering the entire front-end application:
  • DataLeak.cy.js: 31 tests
  • DnsFinder.cy.js: 32 tests
  • SiteMonitoring.cy.js: 26 tests
  • ThreatsWatcher.cy.js: 31 tests
• Total: 120 Cypress tests successfully passed with no failures or pending cases.

CI/CD Integration

• All tests are automatically executed in our CI/CD pipeline using GitHub Actions:

  • Triggered on: Push, Pull Requests, and manual workflow dispatch
  • Execution: Both back-end and front-end tests run automatically
  • Coverage: Full test suite validation before code integration

• The CI/CD workflow ensures that:

  • No broken code reaches the main branch
  • All new features are properly tested

Developer Notes

All test commands must now be run from the Watcher/Watcher directory:

cd Watcher/Watcher

Back-End Tests

To run all Django unit tests:

python manage.py test

Front-End Tests

Before running front-end tests, you need to create a test superuser:

python manage.py shell -c "
from django.contrib.auth.models import User
User.objects.create_superuser('Watcher', 'cypress@watcher.com', 'Watcher', first_name='Unit-Test Cypress', last_name='Watcher')"

To run all Cypress Test Runner:

npm run test:e2e

If you want more information about the commands and other instructions, please refer to the documentation.

Why it matters

This update lays the foundation for a more robust and scalable Watcher ecosystem. By enforcing test-driven development and automated validation, we ensure faster releases, fewer regressions, and a cleaner development experience for contributors.

From now on: All Pull Requests must include tests for new functionality. PRs without adequate test coverage may be rejected

Full Changelog: v2.2.0...v2.3