Releases: aquasecurity/defsec
Releases · aquasecurity/defsec
v0.90.0
What's Changed
- fix(rego): Use correct
id
for AVD-KSV-01010 by @oddsund in #1336 - fix(k8s): Ignore case when evaluating KSV106 by @simar7 in #1340
- Add new rule: Google IAM Workload Identity Pool Provider with no conditions by @MartinPetkov in #1338
- chore: bump helm version v3.12.1 by @chen-keinan in #1345
- support import block for tf 1.5.0+ by @nishigori in #1339
- support check block for tf 1.5.0+ by @nishigori in #1354
- fix(azure): Update
min_tls_version
for avd-azu-0011 by @simar7 in #1342 - added logic to pass config data setting to rego rule by @r-khurram in #1356
- Revert "fix: Revert AVD-AWS-0342 policy (#1309)" by @r-khurram in #1355
- chore(gke): Deprecate AVD-GCP-0047 by @simar7 in #1341
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudtrail from 1.24.4 to 1.27.1 by @dependabot in #1350
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/neptune from 1.17.12 to 1.20.7 by @dependabot in #1351
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.21.10 to 1.26.2 by @dependabot in #1353
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/mq from 1.13.15 to 1.15.0 by @dependabot in #1358
New Contributors
- @oddsund made their first contribution in #1336
- @MartinPetkov made their first contribution in #1338
- @nishigori made their first contribution in #1339
- @r-khurram made their first contribution in #1356
Full Changelog: v0.89.0...v0.90.0
v0.89.0
What's Changed
- feat(terraformplan): Support terraformplan types by @simar7 in #1320
- feat(rego): Retry if some policies are broken by @simar7 in #1317
- fix(docker): Support stages with dupe names by @simar7 in #1327
- bug fix : misspelling by @testwill in #1311
- Improve the command splitting by @tspearconquest in #1326
- Support checking for the last user as 'root' with a group specified, … by @tspearconquest in #1324
- chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #1323
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.18.20 to 1.19.11 by @dependabot in #1312
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/efs from 1.19.12 to 1.20.1 by @dependabot in #1314
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/iam from 1.19.10 to 1.19.12 by @dependabot in #1315
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/elasticsearchservice from 1.16.10 to 1.19.0 by @dependabot in #1321
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.18.5 to 1.19.0 by @dependabot in #1322
New Contributors
- @tspearconquest made their first contribution in #1326
Full Changelog: v0.88.1...v0.89.0
v0.88.1
What's Changed
- fix: Revert AVD-AWS-0342 policy by @simar7 in #1309
- chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 by @dependabot in #1288
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/kms from 1.20.8 to 1.21.1 by @dependabot in #1303
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sns from 1.18.1 to 1.20.10 by @dependabot in #1304
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/emr from 1.23.4 to 1.24.4 by @dependabot in #1305
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/apigatewayv2 from 1.12.18 to 1.13.11 by @dependabot in #1306
- bug fix : misspelling by @testwill in #1308
- import optimization by @testwill in #1307
New Contributors
Full Changelog: v0.88.0...v0.88.1
v0.88.0
What's Changed
- Revert "feat(scanner): Break out options for enabling libs and policies (#1280)" by @simar7 in #1298
- fix(adapters): Revert new adapters by @simar7 in #1302
- fix: kubelet policies --read-only-port and --anonymous-auth by @chen-keinan in #1295
Full Changelog: v0.87.0...v0.88.0
v0.87.0
What's Changed
- added in adapters of mq and msk by @SanaaYousaf in #1218
- Aws/s3 policies by @SanaaYousaf in #1168
- feat: GCP compute instance rule 'enable secure boot' by @aisha-als in #1285
- add: lambda adapter by @realwebdev in #1166
- feat(scanner): Break out options for enabling libs and policies by @simar7 in #1280
- added in adapters of codebuild by @SanaaYousaf in #1184
- Added logic to also check statement effect by @AkhtarAmir in #1287
- add: multiple adapters added(kendra, kinesis, kinesisvideo, proton, q… by @realwebdev in #1227
- added autoscaling adapter by @realwebdev in #1153
- feat(terraform): Support tfvars files during scans by @simar7 in #1294
- Added build in Makefile by @AkhtarAmir in #1293
- Aws/rds policies by @realwebdev in #1160
New Contributors
- @AkhtarAmir made their first contribution in #1287
Full Changelog: v0.86.0...v0.87.0
v0.86.0
What's Changed
- Remove exec-bit on .viminspector.json by @atombrella in #1267
- Check for
--no-install-recommends
in apt-get by @atombrella in #1270 - api_server_authorized_ip_ranges deprecated by @SanaaYousaf in #1254
- Minor fix: Rule tf examples by @aisha-als in #1260
- Fix:
AVD-KCV-0028
andAVD-KCV-0029
checks by @alex123012 in #1268 - Fix: correct search for control plane containers by @alex123012 in #1269
- fix(terraform): Use absolute path for filesystem to load tfvars by @simar7 in #1271
- filter iam pass role in policy document to prevent privilege escalations by @realwebdev in #1259
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/elasticache from 1.22.10 to 1.26.8 by @dependabot in #1281
- chore(deps): bump github.com/aws/aws-sdk-go from 1.44.212 to 1.44.245 by @dependabot in #1286
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/iam from 1.18.23 to 1.19.10 by @dependabot in #1283
- chore(deps): bump golang.org/x/tools from 0.6.0 to 0.8.0 by @dependabot in #1277
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/efs from 1.17.15 to 1.19.12 by @dependabot in #1284
New Contributors
- @aisha-als made their first contribution in #1260
- @alex123012 made their first contribution in #1268
Full Changelog: v0.85.0...v0.86.0
v0.85.0
What's Changed
- added in es adapters by @SanaaYousaf in #1177
- test: ensure SARIF doesn't print parent metadata by @vanesasejdiu in #1241
- fix(tests): Use UTC timestamps for testing by @simar7 in #1245
- fix(rules): Update list of outdated ELB TLS policies by @reedloden in #1239
- fix(rego): metadata for rego results by @lyoung-confluent in #1149
- Add check missing
microdnf clean all
by @atombrella in #1246 - fix the issue: outdated_tls_policy by @SanaaYousaf in #1244
- feat: Adding Support for a New Cloud Provider NIFCLOUD by @fuku2014 in #1242
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.19.10 to 1.20.6 by @dependabot in #1249
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/emr from 1.20.11 to 1.23.4 by @dependabot in #1250
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudtrail from 1.18.2 to 1.24.4 by @dependabot in #1251
- fix: azure-storage-use-secure-tls-policy minimum TLS version changed … by @realwebdev in #1240
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/redshift from 1.26.10 to 1.27.7 by @dependabot in #1252
- bump github.com/aws/aws-sdk-go-v2/service/kms from 1.18.15 to 1.20.8 by @dependabot in #1253
New Contributors
- @lyoung-confluent made their first contribution in #1149
- @fuku2014 made their first contribution in #1242
Full Changelog: v0.84.1...v0.85.0
v0.84.1
What's Changed
- fix(aws/sam): fix HttpApi access logging rule by @pjungermann in #1151
- added in redshift adapters by @SanaaYousaf in #1178
- add: accessanalyzer adapter by @realwebdev in #1179
- perf(detection): Improve file read logic by @simar7 in #1219
- added in docdb adapters by @SanaaYousaf in #1171
- chore(deps): Remove dependence on Trivy as an import. by @dependabot in #1228
- chore(policies): Update policy schema on all policies by @simar7 in #1237
New Contributors
- @pjungermann made their first contribution in #1151
- @realwebdev made their first contribution in #1179
Full Changelog: v0.84.0...v0.84.1
v0.84.0
v0.83.0
What's Changed
- feat(compliance): add special ids for summarizing vulnerabilities by @knqyf263 in #1190
- feat(policy): Enable selectors for providers by @simar7 in #1174
- feat(terraform) adding trivy:ignore for tf scans to align with trivy by @giorod3 in #1188
- fix: output correct path for nested terraform modules (SARIF) by @vanesasejdiu in #1202
- chore(deps): bump github.com/owenrumney/squealer from 1.0.1-0.20220510063705-c0be93f0edea to 1.1.1 by @dependabot in #1203
- chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.86.1 by @dependabot in #1204
- chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.17.8 to 1.18.15 by @dependabot in #1205
- bump github.com/aws/aws-sdk-go-v2/service/kafka from 1.17.19 to 1.19.4 by @dependabot in #1206
- chore(deps): bump github.com/aws/aws-sdk-go from 1.44.131 to 1.44.210 by @dependabot in #1209
Full Changelog: v0.82.10...v0.83.0