Releases: Checkmarx/kics
v1.7.2
🚀 New features and improvements
feat(query): Aurora With Disabled at Rest Encryption query for Terraform in #6392
feat(query): DynamoDB Table not Encrypted Query in #6400
Performance(Engine) - Increase Resolvers Performance by reutilizing resolved files in #6388
feat(query): EFS Volume With Disabled Transit Encryption in #6357
feat(query): Elasticsearch with HTTPS disabled for Ansible in #6393
feat(query): Elasticsearch with HTTPS disabled for CloudFormation in #6398
feat(query): Elasticsearch with HTTPS disabled for Pulumi in #6399
feat(query): Elasticsearch with HTTPS disabled for Terraform in #6394
feat(query): ec2 instance monitoring disabled for CloudFormation in #6401
feat(terraform/gcp): Add GKE Shielded Nodes is Disabled query for Terraform. by @bbergstrom in #6248
feat(query): Elasticsearch Log Disabled in #6410
feat(query): Elasticsearch with HTTPS disabled for CloudFormation in #6412
feat(query): Publicly Accessible Amazon DMS in #6352
Feature(Engine) Resolve internal/external section references in #6405
🐛 Bug fixes
Bug(query) - Fix not correct line for query RDS Storage Encryption Disabled in #6372
Bug(query) - Add query specificity for php composer in #6374
fix(query): KMS Key With Full Permissions in #6389
Bug(query) - Add support for v1 to query API Gateway V2 Stage Access Logging Settings Not Defined in #6371
bug(docs): Changed Light Scheme Name in #6415
fix(regex) - Fix generic password regex rule in #6461
fix(analyzer): Removed void Symlinks in #6452
📦 Dependency updates bumps
build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in #6375
build(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 in #6271
build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 in #6280
ci(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 in #6424
ci(deps): bump golang from 1.20.2-alpine to 1.20.4-alpine in #6337
ci(deps): bump golang from 1.20.4-alpine to 1.20.5-alpine in #6431
👻 Maintenance
Github Action tag update in #6368
Change severity of CloudTrail Log Files Not Encrypted With KMS to Medium and add edge case in #6369
Update kics-gh-action.yaml in #6382
remove unused allowRule in #6439
docs(secrets): add entropy info in #6421
chore(-): update gitlab sast schema to 15.0.6 by @stegojulia in #6426
fix(tests): update incomplete positive expected results in #6300
Dockerfile: upgrade alphine to 3.18.0 in #6428
docs(queries): update queries catalog in #6378
New Contributors
- @bbergstrom made their first contribution in #6248
- @stegojulia made their first contribution in #6426
Contributors
Assets 3
v1.7.1
🚀 New features and improvements
feat(secrets): add secrets mask to preview lines by @roy-yablonka in #6349
feat(documentation): add query page generator by @cx-ruiaraujo in #6313
🐛 Bug fixes
fix(bug): fix ignore lines with comments only at the end by @YosefNaftali in #6351
fix(analyser) Fix to ignore files (pnpm-lock.yaml) in #6297
fix(method): Added regex to calculate Levenshtein distance correctly in #6353
fix(query): Added SearchValue to diferentiate missing response codes in #6355
fix(query): add rule for generic access_key in #6360
👻 Maintenance
Deprecated doc update in #6358
docs(queries): update queries catalog in #6364
Contributors
Assets 3
v1.7.0
v1.6.14
🚀 New features and improvements
feat(query): enable security_group_rules_without_description on security_group_rule resources by @paulrob-100 in #6270
feat(flag) add exclude-type flag in #6266
🐛 Bug fixes
fix(query): added issue.solution var to differentiate issue types in #6261
fix(regex_rules): align aws secretmanager arn pattern with vendor spec by @julienbonastre in #6260
📦 Dependency updates bumps
ci(deps): bump alpine from 3.17.2 to 3.17.3 in #6263
build(deps): bump github.com/getsentry/sentry-go from 0.18.0 to 0.20.0 in #6268
build(deps): bump github.com/hashicorp/hcl/v2 from 2.16.1 to 2.16.2 in #6254
build(deps): bump github.com/tdewolff/minify/v2 from 2.12.4 to 2.12.5 in #6250
build(deps): bump github.com/johnfercher/maroto from 0.39.0 to 0.40.0 in #6249
ci(deps): bump actions/setup-go from 3 to 4 in #6237
build(deps): bump golang.org/x/tools from 0.6.0 to 0.7.0 in #6220
build(deps): bump helm.sh/helm/v3 from 3.11.1 to 3.11.2 in #6275
build(deps): bump github.com/mackerelio/go-osstat from 0.2.3 to 0.2.4 in #6274
build(deps): bump github.com/open-policy-agent/opa from 0.49.2 to 0.51.0 in #6273
build(deps): bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 in #6272
build(deps): bump github.com/docker/docker from 20.10.21+incompatible to 20.10.24+incompatible in #6276
👻 Maintenance
docs(queries): update queries catalog in #6257
New Contributors
@julienbonastre made their first contribution in #6260
@paulrob-100 made their first contribution in #6270
Contributors
Assets 3
v1.6.13
🚀 New features and improvements
refactor(tf-gcp): Legacy Stackdriver was Decomissioned 21/03/31 by @meldaravaniel in #6204
Policy effect should be case insensitive by @Tohar-orca in #6241
feat(analyzer): add expected lines of code in analyzer in #6222
🐛 Bug fixes
fix(query): add exception for Github id-token Default Values rule in #6252
fix(query): Effect 'Allow' conditions added in #6255
📦 Dependency updates bumps
bump(go): update to go 1.20 in #6231
ci(deps): bump dev-drprasad/delete-tag-and-release from 0.2.0 to 0.2.1 in #6238
build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 in #6219
build(deps): bump k8s.io/api from 0.26.2 to 0.26.3 in #6242
build(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 in #6247
build(deps): bump github.com/aws/aws-sdk-go from 1.44.215 to 1.44.227 in #6246
build(deps): bump github.com/zclconf/go-cty from 1.13.0 to 1.13.1 in #6245
build(deps): bump k8s.io/client-go from 0.26.1 to 0.26.3 in #6251
build(deps): bump github.com/rs/zerolog from 1.26.1 to 1.29.0 in #6112
👻 Maintenance
kics github action version update in #6236
Contributors
Assets 3
v1.6.12
🚀 New features and improvements
feat(tf-gcp-auth): check for legacy authentication enabled by @meldaravaniel in #6205
refactor(tf-gcp-auth): Remove obsolete GKE Auth queries for TF by @meldaravaniel in #6153
azure-public-storage-account by @Tohar-orca in #6187
azure-instance-using-default-auth-tf-and-ansible-support TF&Ansible support by @Tohar-orca in #6145
📦 Dependency updates bumps
build(deps): bump github.com/open-policy-agent/opa from 0.49.1 to 0.49.2 in #6194
build(deps): bump github.com/zclconf/go-cty from 1.12.1 to 1.13.0 in #6195
build(deps): bump github.com/aws/aws-sdk-go from 1.44.207 to 1.44.210 in #6199
build(deps): bump github.com/aws/aws-sdk-go from 1.44.210 to 1.44.214 in #6210
build(deps): bump k8s.io/api from 0.26.1 to 0.26.2 in #6207
build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2 in #6203
build(deps): bump golang.org/x/text from 0.7.0 to 0.8.0 in #6213
build(deps): bump github.com/aws/aws-sdk-go from 1.44.214 to 1.44.215 in #6214
build(deps): bump github.com/cheggaaa/pb/v3 from 3.1.0 to 3.1.2 in #6198
build(deps): bump sigs.k8s.io/controller-runtime from 0.14.4 to 0.14.5 in #6215
ci(deps): bump golang from 1.20.1-alpine to 1.20.2-alpine in #6223
👻 Maintenance
docs(queries): Fix Privileged Containers Enabled link. by @miguelluiscorreia in #6212
docs(queries): update queries catalog in #6230
docs(queries): update queries catalog in #6208
New Contributors
@meldaravaniel made their first contribution in #6153
@miguelluiscorreia made their first contribution in #6212
Contributors
Assets 3
v1.6.11
🚀 New features and improvements
feat(query): add outdated gke version terraform gcp security query in #6193
extract categories, frameworks and queries in #6149
terraform version update in #6197
🐛 Bug fixes
fix(query): add missing check for stack tags in serverlessfw security query in #6175
fix(query): fix missing detection of used security_group on eks_cluster by @Meroje in #6190
fix(query): fix hardcoded aws access key in lambda line detection bug in #6170
fix(query): fix tf gcp "IP Forwarding Enabled" query to use resource by @pauly4it in #6167
fix(query): fixed incorrect metadatas by @rafaela-soares in #5179
📦 Dependency updates bumps
build(deps): bump github.com/open-policy-agent/opa from 0.48.0 to 0.49.0 in #6147
build(deps): bump github.com/getsentry/sentry-go from 0.17.0 to 0.18.0 in #6148
build(deps): bump helm.sh/helm/v3 from 3.11.0 to 3.11.1 in #6151
ci(deps): bump alpine from 3.17.1 to 3.17.2 in #6156
ci(deps): bump golang from 1.20.0-alpine to 1.20.1-alpine by in #6164
build(deps): bump github.com/hashicorp/go-getter from 1.6.2 to 1.7.0 in #6171
build(deps): bump golang.org/x/text from 0.6.0 to 0.7.0 in #6172
build(deps): bump github.com/aws/aws-sdk-go from 1.44.195 to 1.44.203 in #6174
build(deps): bump golang.org/x/tools from 0.5.0 to 0.6.0 in #6173
build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 in #6176
build(deps): bump github.com/hashicorp/hcl/v2 from 2.16.0 to 2.16.1 in #6177
build(deps): bump github.com/hashicorp/terraform-json from 0.14.0 to 0.15.0 in #6178
build(deps): bump github.com/aws/aws-sdk-go from 1.44.203 to 1.44.206 in #6186
build(deps): bump github.com/open-policy-agent/opa from 0.49.0 to 0.49.1 in #6189
build(deps): bump github.com/aws/aws-sdk-go from 1.44.206 to 1.44.207 in #6188
👻 Maintenance
docs(queries): update queries catalog in #6200
Fix spelling of "below" in docs by @maxolasersquad in #6180
New Contributors
Contributors
Assets 3
v1.6.10
🚀 New features and improvements
feature(resolver): add resolver for serverless file reference in #6141
🐛 Bug fixes
fix(docs): fix docs gh action platform template in #6159
fix(query): fix missing results and same line detection in arm query in #6140
fix(query): fix false positive in serverles fw security query in #6136
fix(go_sec): add error checking in deferring in io.close() in #6144
fix(query): fix and align queries by @roi-orca in #6154
📦 Dependency updates bumps
build(deps): bump golang.org/x/tools from 0.4.0 to 0.5.0 in #6093
build(deps): bump github.com/open-policy-agent/opa from 0.47.3 to 0.48.0 in #6100
build(deps): bump k8s.io/api from 0.26.0 to 0.26.1 in #6101
ci(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 in #6105
ci(deps): bump tj-actions/verify-changed-files from 12.0 to 13.1 in #6115
ci(deps): bump docker/build-push-action from 3.3.0 to 4.0.0 in #6121
ci(deps): bump goreleaser/goreleaser-action from 4.1.0 to 4.2.0 in #6122
build(deps): bump github.com/aws/aws-sdk-go from 1.44.121 to 1.44.191 in #6126
build(deps): bump k8s.io/client-go from 0.26.0 to 0.26.1 in #6128
build(deps): bump github.com/spf13/viper from 1.14.0 to 1.15.0 in #6129
build(deps): bump github.com/hashicorp/hcl/v2 from 2.15.0 to 2.16.0 in #6131
build(deps): bump sigs.k8s.io/controller-runtime from 0.14.1 to 0.14.2 in #6133
ci(deps): bump golang from 1.19.5-alpine to 1.20.0-alpine in #6132
build(deps): bump github.com/aws/aws-sdk-go from 1.44.191 to 1.44.194 in #6139
ci(deps): bump checkmarx/kics-github-action from 1.6.1 to 1.6.2 in #6138
build(deps): bump sigs.k8s.io/controller-runtime from 0.14.2 to 0.14.4 in #6143
build(deps): bump github.com/aws/aws-sdk-go from 1.44.194 to 1.44.195 in #6142
👻 Maintenance
docs(queries): update queries catalog in #6160
v1.6.9
🚀 New features and improvements
feat(query): add aws sso security queries support in #6096
feat(query): add password and secrets detection for sendgrid api key in #6118
🐛 Bug fixes
fix(e2e): update e2e test 44 description in #6114
fix(query): update query searchline to avoid duplicate similarity id in #6111
fix(dep): fix git version on dockerfile in #6092
📦 Dependency updates bumps
build(deps): bump helm.sh/helm/v3 from 3.10.3 to 3.11.0 in #6094
build(deps): bump github.com/getsentry/sentry-go from 0.14.0 to 0.17.0 in #6082
build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 in #6073
build(deps): bump github.com/emicklei/proto from 1.11.0 to 1.11.1 in #6074
ci(deps): bump golang from 1.19.4-alpine to 1.19.5-alpine in #6080
ci(deps): bump docker/build-push-action from 3.2.0 to 3.3.0 in #6089
👻 Maintenance
docs(queries): update queries catalog in #6120
Update community meetings in #6117
community dates update in #6119
v1.6.8
🚀 New features and improvements
feat(terraform/aws): ingress ipv6 security group by @dim-ops in #6079
🐛 Bug fixes
fix(prepareAndAnalyzePaths): add query and library extracted paths to scan extracted paths by @cosmicgirl97 in #6085
fix(terraform/aws): sse query failing on bucket with count by @gforien in #6070
fix(passwords_and_secrets): add allow rules to fp results in #6051
📦 Dependency updates bumps
ci(deps): bump alpine from 3.16.3 to 3.17.0 in #6012
build(deps): bump k8s.io/api from 0.25.4 to 0.26.0 in #6048
build(deps): bump sigs.k8s.io/controller-runtime from 0.12.3 to 0.14.1 in #6060
build(deps): bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0 in #6069
build(deps): bump github.com/open-policy-agent/opa from 0.45.0 to 0.47.3 in #6049
build(deps): bump github.com/tidwall/gjson from 1.14.3 to 1.14.4 in #6067
ci(deps): bump alpine from 3.17.0 to 3.17.1 in #6071
👻 Maintenance
docs(queries): update queries catalog in #6087
