Skip to content

Releases: aquasecurity/defsec

v0.90.0

28 Jun 06:04
46eeeb0
Compare
Choose a tag to compare

What's Changed

  • fix(rego): Use correct id for AVD-KSV-01010 by @oddsund in #1336
  • fix(k8s): Ignore case when evaluating KSV106 by @simar7 in #1340
  • Add new rule: Google IAM Workload Identity Pool Provider with no conditions by @MartinPetkov in #1338
  • chore: bump helm version v3.12.1 by @chen-keinan in #1345
  • support import block for tf 1.5.0+ by @nishigori in #1339
  • support check block for tf 1.5.0+ by @nishigori in #1354
  • fix(azure): Update min_tls_version for avd-azu-0011 by @simar7 in #1342
  • added logic to pass config data setting to rego rule by @r-khurram in #1356
  • Revert "fix: Revert AVD-AWS-0342 policy (#1309)" by @r-khurram in #1355
  • chore(gke): Deprecate AVD-GCP-0047 by @simar7 in #1341
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudtrail from 1.24.4 to 1.27.1 by @dependabot in #1350
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/neptune from 1.17.12 to 1.20.7 by @dependabot in #1351
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudwatch from 1.21.10 to 1.26.2 by @dependabot in #1353
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/mq from 1.13.15 to 1.15.0 by @dependabot in #1358

New Contributors

Full Changelog: v0.89.0...v0.90.0

v0.89.0

26 May 04:24
c6404cb
Compare
Choose a tag to compare

What's Changed

  • feat(terraformplan): Support terraformplan types by @simar7 in #1320
  • feat(rego): Retry if some policies are broken by @simar7 in #1317
  • fix(docker): Support stages with dupe names by @simar7 in #1327
  • bug fix : misspelling by @testwill in #1311
  • Improve the command splitting by @tspearconquest in #1326
  • Support checking for the last user as 'root' with a group specified, … by @tspearconquest in #1324
  • chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #1323
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/elasticloadbalancingv2 from 1.18.20 to 1.19.11 by @dependabot in #1312
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/efs from 1.19.12 to 1.20.1 by @dependabot in #1314
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/iam from 1.19.10 to 1.19.12 by @dependabot in #1315
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/elasticsearchservice from 1.16.10 to 1.19.0 by @dependabot in #1321
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sts from 1.18.5 to 1.19.0 by @dependabot in #1322

New Contributors

Full Changelog: v0.88.1...v0.89.0

v0.88.1

07 May 07:21
98fde54
Compare
Choose a tag to compare

What's Changed

  • fix: Revert AVD-AWS-0342 policy by @simar7 in #1309
  • chore(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 by @dependabot in #1288
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/kms from 1.20.8 to 1.21.1 by @dependabot in #1303
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sns from 1.18.1 to 1.20.10 by @dependabot in #1304
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/emr from 1.23.4 to 1.24.4 by @dependabot in #1305
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/apigatewayv2 from 1.12.18 to 1.13.11 by @dependabot in #1306
  • bug fix : misspelling by @testwill in #1308
  • import optimization by @testwill in #1307

New Contributors

Full Changelog: v0.88.0...v0.88.1

v0.88.0

05 May 00:11
553d24c
Compare
Choose a tag to compare

What's Changed

  • Revert "feat(scanner): Break out options for enabling libs and policies (#1280)" by @simar7 in #1298
  • fix(adapters): Revert new adapters by @simar7 in #1302
  • fix: kubelet policies --read-only-port and --anonymous-auth by @chen-keinan in #1295

Full Changelog: v0.87.0...v0.88.0

v0.87.0

27 Apr 00:40
f26eb8e
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.86.0...v0.87.0

v0.86.0

17 Apr 22:33
50425c8
Compare
Choose a tag to compare

What's Changed

  • Remove exec-bit on .viminspector.json by @atombrella in #1267
  • Check for --no-install-recommends in apt-get by @atombrella in #1270
  • api_server_authorized_ip_ranges deprecated by @SanaaYousaf in #1254
  • Minor fix: Rule tf examples by @aisha-als in #1260
  • Fix: AVD-KCV-0028 and AVD-KCV-0029 checks by @alex123012 in #1268
  • Fix: correct search for control plane containers by @alex123012 in #1269
  • fix(terraform): Use absolute path for filesystem to load tfvars by @simar7 in #1271
  • filter iam pass role in policy document to prevent privilege escalations by @realwebdev in #1259
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/elasticache from 1.22.10 to 1.26.8 by @dependabot in #1281
  • chore(deps): bump github.com/aws/aws-sdk-go from 1.44.212 to 1.44.245 by @dependabot in #1286
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/iam from 1.18.23 to 1.19.10 by @dependabot in #1283
  • chore(deps): bump golang.org/x/tools from 0.6.0 to 0.8.0 by @dependabot in #1277
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/efs from 1.17.15 to 1.19.12 by @dependabot in #1284

New Contributors

Full Changelog: v0.85.0...v0.86.0

v0.85.0

31 Mar 04:09
829ffc1
Compare
Choose a tag to compare

What's Changed

  • added in es adapters by @SanaaYousaf in #1177
  • test: ensure SARIF doesn't print parent metadata by @vanesasejdiu in #1241
  • fix(tests): Use UTC timestamps for testing by @simar7 in #1245
  • fix(rules): Update list of outdated ELB TLS policies by @reedloden in #1239
  • fix(rego): metadata for rego results by @lyoung-confluent in #1149
  • Add check missing microdnf clean all by @atombrella in #1246
  • fix the issue: outdated_tls_policy by @SanaaYousaf in #1244
  • feat: Adding Support for a New Cloud Provider NIFCLOUD by @fuku2014 in #1242
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/sqs from 1.19.10 to 1.20.6 by @dependabot in #1249
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/emr from 1.20.11 to 1.23.4 by @dependabot in #1250
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/cloudtrail from 1.18.2 to 1.24.4 by @dependabot in #1251
  • fix: azure-storage-use-secure-tls-policy minimum TLS version changed … by @realwebdev in #1240
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/redshift from 1.26.10 to 1.27.7 by @dependabot in #1252
  • bump github.com/aws/aws-sdk-go-v2/service/kms from 1.18.15 to 1.20.8 by @dependabot in #1253

New Contributors

Full Changelog: v0.84.1...v0.85.0

v0.84.1

15 Mar 06:33
446d5f7
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v0.84.0...v0.84.1

v0.84.0

28 Feb 21:57
92d11ce
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.83.0...v0.84.0

v0.83.0

28 Feb 01:51
1b09557
Compare
Choose a tag to compare

What's Changed

  • feat(compliance): add special ids for summarizing vulnerabilities by @knqyf263 in #1190
  • feat(policy): Enable selectors for providers by @simar7 in #1174
  • feat(terraform) adding trivy:ignore for tf scans to align with trivy by @giorod3 in #1188
  • fix: output correct path for nested terraform modules (SARIF) by @vanesasejdiu in #1202
  • chore(deps): bump github.com/owenrumney/squealer from 1.0.1-0.20220510063705-c0be93f0edea to 1.1.1 by @dependabot in #1203
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.63.1 to 1.86.1 by @dependabot in #1204
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.17.8 to 1.18.15 by @dependabot in #1205
  • bump github.com/aws/aws-sdk-go-v2/service/kafka from 1.17.19 to 1.19.4 by @dependabot in #1206
  • chore(deps): bump github.com/aws/aws-sdk-go from 1.44.131 to 1.44.210 by @dependabot in #1209

Full Changelog: v0.82.10...v0.83.0