cassiodeveloper
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 2 deletions b/‎.gitignore‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎.vscode/settings.json‎
Lines changed: 0 additions & 3 deletions b/‎.vscode/settings.json‎
Lines changed: 0 additions & 3 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 42 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 42 additions & 0 deletions
diff --git a/‎docs/CNAME‎
Lines changed: 1 addition & 0 deletions b/‎docs/CNAME‎
Lines changed: 1 addition & 0 deletions
@@ -19,5 +19,5 @@ jobs:
 
       - run: |
           python -m secscore.cli.main pr \
-            --sarif examples/example-checkmarx.sarif \
+            --sarif tests/fixtures/pass.sarif \
             --policy policy/policy-pr.yml
@@ -186,7 +186,7 @@ cython_debug/
 #  that can be found at https://github.com/github/gitignore/blob/main/Global/VisualStudioCode.gitignore
 #  and can be added to the global gitignore or merged into this file. However, if you prefer, 
 #  you could uncomment the following to ignore the entire vscode folder
-# .vscode/
+.vscode/
 
 # Ruff stuff:
 .ruff_cache/
@@ -210,6 +210,9 @@ __marimo__/
 
 # Security scan outputs
 *.sarif
+pr-comment.md
+secscore-result.json
 
 # Allow SARIF examples
-!examples/*.sarif
+!examples/*.sarif
+!tests/fixtures/*.sarif
@@ -0,0 +1,42 @@
+# Changelog
+
+All notable changes to SecScore will be documented in this file.
+
+The format is based on semantic versioning and follows a simple chronological release history.
+
+---
+
+## v0.2.0 — 2026-03
+
+### Added
+
+* Diff-aware filtering to evaluate only findings introduced in the Pull Request.
+* **Security Diff** section in PR comments showing vulnerability changes by severity.
+* Improved PR comment UX with clearer decision explanation.
+* CLI output rendering using Rich for better terminal readability.
+* SARIF fixtures for deterministic testing (`PASS`, `REVIEW`, `FAIL` scenarios).
+* CI workflow to validate engine behavior during development.
+
+### Improved
+
+* PR comment layout for better readability during code review.
+* Decision explanation to clarify why a PR was blocked or requires review.
+
+---
+
+## v0.1.0 — Initial Release
+
+### Added
+
+* Initial SecScore scoring engine.
+* SARIF normalization layer for scanner results.
+* Policy-based scoring system using YAML configuration.
+* PASS / REVIEW / FAIL decision model.
+* Pull Request comment generation with security findings summary.
+* GitHub CLI entrypoint for CI/CD usage.
+
+---
+
+## Notes
+
+SecScore aims to reduce **security scanner noise** and provide **objective merge decisions** in CI/CD pipelines by introducing a policy-driven security score between scanners and Pull Requests.
@@ -0,0 +1 @@
+secscore.dev