Releases: Checkmarx/kics
Releases · Checkmarx/kics
v2.1.19
What's Changed
- fix(Bicep): Remove existing resources from bicep payload by @cx-rui-araujo in #7915
- fix(query): adding support for CloudFormation queries missing ingress/egress resources - Part 3 by @cx-andre-pereira in #7760
- chore(query): changed unconfigured to not configured on query name by @cx-ricardo-jesus in #7924
- feat(query): new query that ensures that container instances are using private virtual networks for terraform/azure by @cx-ricardo-jesus in #7877
- feat(engine): fixed parsing for tfplan files and update for "Encryption On Managed Disk Disabled" query by @cx-andre-pereira in #7866
- fix(query): missing "parent‑child" behavior handling for server-level auditing for "SQL Server Database Without Auditing" by @cx-andre-pereira in #7893
- fix(query): passwords and secrets improvements to "Avoiding TF resource access" allow rules by @cx-andre-pereira in #7905
- fix(query): fix regex to account for 'counted resources' for "Security Group Not Used" - Terraform/aws by @cx-andre-pereira in #7903
- fix(vulnerabilities): upgrade containerd to v1.7.30, helm to v3.19.4 and buildkit to v0.26.3 by @cx-rui-araujo in #7930
- fix(vulnerabilities): upgrade qs and express in /.github/scripts/server-mock by @cx-rui-araujo in #7934
- feat(query): 6 new Beta queries and fixes for "Azure Instance Using Basic Authentication" - terraform/azure by @cx-andre-pereira in #7868
- docs(queries): update queries catalog by @kicsbot in #7925
- docs(kicsbot): preparing for release 2.1.19 by @kicsbot in #7935
Full Changelog: v2.1.18...v2.1.19
Contributors
kicsbot, cx-rui-araujo, and 2 other contributors
Assets 3
v2.1.18
What's Changed
- feat(query): implements "Beta - Activity Log Alert For Create Policy Assignment Not Configured" by @cx-andre-pereira in #7805
- feat(query): implements "Beta - Activity Log Alert For Delete Policy Assignment Not Configured" by @cx-andre-pereira in #7806
- feat(query): implemented 'ensure critical contacts is configured for organization' query for terraform/gcp by @cx-ricardo-jesus in #7841
- perf(engine): optimize Terraform parser with directory caching and LOC-based memory calculation by @cx-artur-ribeiro in #7864
- feat(query): implements "Beta - Activity Log Alert For Create Or Update Network Security Group Not Configured" by @cx-andre-pereira in #7808
- feat(query): implements "Beta - Activity Log Alert For Delete Network Security Group Not Configured" by @cx-andre-pereira in #7810
- feat(query): implements "Beta - Activity Log Alert For Create or Update Security Solution Not Configured" by @cx-andre-pereira in #7811
- feat(query): implements "Beta - Activity Log Alert For Delete Security Solution Not Configured" by @cx-andre-pereira in #7812
- feat(query): implements "Beta - Activity Log Alert For Create or Update SQL Server Firewall Rule Not Configured" by @cx-andre-pereira in #7813
- feat(query): implements "Beta - Activity Log Alert For Delete SQL Server Firewall Rule Not Configured" by @cx-andre-pereira in #7814
- feat(query): implements "Beta - Activity Log Alert For Create or Update Public IP Address Rule Not Configured" by @cx-andre-pereira in #7819
- chore(ci): add CES CI workflows by @cx-rafael-carvalho in #7869
- feat(query): implements "Beta - Activity Log Alert For Delete Public IP Address Rule Not Configured" by @cx-andre-pereira in #7815
- feat(query): implements "Beta - File Share Without Soft Delete" by @cx-andre-pereira in #7827
- feat(query): implements "Beta - Storage Account Not Using Latest SMB Protocol Version" by @cx-andre-pereira in #7828
- feat(query): implements "Beta - Storage Account Using Unsafe SMB Channel Encryption" by @cx-andre-pereira in #7830
- feat(query): implements "Beta - Blob Storage Without Soft Delete" by @cx-andre-pereira in #7831
- feat(query): implements "Beta - Storage Account With Shared Access Key" by @cx-andre-pereira in #7832
- feat(query): implements "Beta - Containers Without Soft Delete" by @cx-andre-pereira in #7834
- feat(query): implements "Beta - Storage Account With Cross Tenant Replication Enabled" by @cx-andre-pereira in #7835
- feat(query): implements "Beta - Storage Account Without Delete Lock" by @cx-andre-pereira in #7836
- feat(query): implements "Beta - Activity Log Alert For Service Health Not Configured" by @cx-andre-pereira in #7821
- feat(query): implements "Beta - Service Without Resource Logging" by @cx-andre-pereira in #7837
- feat(query): new query "Beta - Databricks Workspace Without CMK" - Terraform/azure by @cx-andre-pereira in #7770
- feat(query): implements "Beta - Logs And Alerts Missing Project Ownership Assignment And Changes" by @cx-andre-pereira in #7804
- feat(query): implements "Beta - Logs And Alerts Missing Audit Configuration Changes" by @cx-andre-pereira in #7801
- feat(query): implements "Beta - Logs And Alerts Missing Custom Role Changes" - Terraform/gcp by @cx-andre-pereira in #7772
- feat(query): implements "Beta - Resource Without Diagnostic Settings" by @cx-andre-pereira in #7793
- feat(query): implements "Beta - Diagnostic Settings Without Appropriate Logging" by @cx-andre-pereira in #7794
- feat(query): implements "Beta - Databricks Diagnostic Logging Unconfigured" - Terraform/azure by @cx-andre-pereira in #7769
- feat(query): implements "Beta - Cloud Asset Inventory Disabled" - Terraform/gcp by @cx-andre-pereira in #7775
- feat(query): implemented query to cover "Ensure Legacy Networks Do Not Exist For Older Project" for terraform/gcp by @cx-ricardo-jesus in #7822
- feat(query): implements "Beta - Backup Vault Without Soft Delete" by @cx-andre-pereira in #7845
- feat(query): implements "Beta - Backup Vault Without Immutability" by @cx-andre-pereira in #7848
- feat(query): implements "Beta - Recovery Services Vault Without Soft Delete" by @cx-andre-pereira in #7849
- feat(query): implemented query that checks if the use of user access administrator is not restricted for terraform/azure by @cx-ricardo-jesus in #7842
- fix(action): bump grype anchore action by @cx-miguel-silva in #7909
- feat(query): implements "Beta - Recovery Services Vault Without Immutability" by @cx-andre-pereira in #7850
- feat(query): implements "Beta - Recovery Services Vault With Public Network Access" by @cx-andre-pereira in #7851
- feat(query): implemented query Beta - Key Vault Purge Protection Is Enabled for terraform/azure and fixed remediation problems by @cx-ricardo-jesus in #7838
- feat(query): implements "Beta - VM Without Managed Disk" by @cx-andre-pereira in #7856
- feat(query): implements "Beta - SQL Database Without Data Encryption" by @cx-andre-pereira in #7858
- docs(queries): update queries catalog by @kicsbot in #7894
- docs(kicsbot): preparing for release 2.1.18 by @kicsbot in #7914
New Contributors
- @cx-rafael-carvalho made their first contribution in #7869
Full Changelog: v2.1.17...v2.1.18
Contributors
kicsbot, cx-miguel-dasilva, and 4 other contributors
Assets 3
v2.1.17
What's Changed
- feat(query): implements "Beta - SQL DB Instance With Unrecommended Logging Threshold" by @cx-andre-pereira in #7782
- feat(query): implements "Beta - SQL DB Instance With Unrecommended Error Logging Threshold" by @cx-andre-pereira in #7783
- build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0 by @dependabot[bot] in #7867
- fix(vulnerabilities): update dockerfile images to the latest version by @cx-artur-ribeiro in #7873
- feat(query): new query "Beta - Databricks Workspace Using Default Virtual Network" - Terraform/azure by @cx-andre-pereira in #7767
- fix(engine): update yaml parsing to support a wider variety of integer representations by @cx-eduardo-semanas in #7875
- fix(vulnerabilities): update helm to v3.19.2 and buildkit to v0.26.2 by @cx-rui-araujo in #7882
- docs(queries): update queries catalog by @kicsbot in #7865
- docs(kicsbot): preparing for release 2.1.17 by @kicsbot in #7889
Full Changelog: v2.1.16...v2.1.17
Contributors
dependabot, kicsbot, and 4 other contributors
Assets 3
v2.1.16
What's Changed
- feat(query): implements "Beta - Google DNS Policy Logging Disabled" by @cx-andre-pereira in #7773
- docs(missingfields): add cwe and risk score to results documentation page by @cx-artur-ribeiro in #7796
- fix(queries): fixed fp for sns topic is publicly accesible query for Terraform/AWS, Ansible/AWS and CloudFormation/aws by @cx-ricardo-jesus in #7758
- fix(vulnerabilities): update dockerfile images to fix trivy vulnerabilities by @cx-artur-ribeiro in #7803
- feat(query): implements "Beta - SQL DB Instance With Exposed Show Privileges" by @cx-andre-pereira in #7776
- feat(query): implements "Beta - SQL DB Instance With Local Data Loading Enabled" by @cx-andre-pereira in #7777
- fix(query): added support for database resources to 2 queries - terraform/azure by @cx-andre-pereira in #7746
- fix(query): added cases for Azure App Service resources:
azurerm_linux_web_appandazurerm_windows_web_app(Issue #7719) by @tplisson in #7722 - fix(transition): experimental queries get NonGraceffulyTransition transition type by @cx-ricardo-jesus in #7809
- fix(cfquery): remove usage of rego built in walk function by @cx-artur-ribeiro in #7823
- feat(query): implements "Beta - SQL DB Instance Without Connections Logging" by @cx-andre-pereira in #7779
- feat(query): implements "Beta - SQL DB Instance Without Disconnections Logging" by @cx-andre-pereira in #7780
- feat(query): implements "Beta - SQL DB Instance With Minimum Log Duration" by @cx-andre-pereira in #7784
- feat(query): implements "Beta - SQL DB Instance Without Centralized Logging" by @cx-andre-pereira in #7785
- feat(query): implements "Beta - SQL DB Instance With External Scripts Enabled" by @cx-andre-pereira in #7786
- fix(yaml): prevent panic when parsing recursive anchors or aliases by @cx-artur-ribeiro in #7816
- feat(query): implements "Beta - SQL DB Instance With Ownership Chaining Enabled" by @cx-andre-pereira in #7787
- feat(query): implements "Beta - SQL DB Instance With Limited User Connections" by @cx-andre-pereira in #7788
- feat(query): implements "Beta - SQL DB Instance With Global User Options" by @cx-andre-pereira in #7789
- feat(query): implements "Beta - SQL DB Instance With Remote Access Enabled" by @cx-andre-pereira in #7790
- feat(query): implements "Beta - SQL DB Instance With Exposed Trace Logs" by @cx-andre-pereira in #7791
- feat(query): implements "Beta - SQL DB Instance With Contained Database Authentication" by @cx-andre-pereira in #7792
- fix(analyzer): handle encoded files extracted from zip archives on windows by @cx-artur-ribeiro in #7820
- fix(vulnerabilities): remove containerd from direct import by @cx-rui-araujo in #7839
- docs(contribution): added extra information on the contributing page from the KICS documentation by @cx-ricardo-jesus in #7749
- fix(query): support for array's and some minor fixes by @cx-andre-pereira in #7844
- fix(vulnerabilities): update crypto from v0.41.0 to v0.43.0 to fix vulnerabilities by @cx-artur-ribeiro in #7853
- fix(vulnerabilities): update buildkit pkg from v0.22.0 to v0.26.0 by @cx-rui-araujo in #7854
- build(images): update base images by @cx-miguel-silva in #7857
- docs(queries): update queries catalog by @kicsbot in #7799
- docs(kicsbot): preparing for release 2.1.16 by @kicsbot in #7860
New Contributors
Full Changelog: v2.1.15...v2.1.16
Contributors
tplisson, kicsbot, and 5 other contributors
Assets 3
v2.1.15
What's Changed
- fix(ghaction): update update-docs-release.yaml by @cx-bruno-silva in #7736
- fix(ghaction): update update-docs-release.yaml by @cx-bruno-silva in #7737
- fix(query): added two new allowRules on "Generic Secret" and "Generic Token" queries from Passwords and Secrets by @cx-ricardo-jesus in #7698
- fix(query): fixed allowRule's on Generic Token and Generic Secret from Passwords and Secrets query by @cx-ricardo-jesus in #7739
- fix(query): passwords and secrets fp for run after triggers by @cx-andre-pereira in #7713
- fix(query): added support for azurerm_mssql_firewall_rule resources to 2 queries - terraform/azure by @cx-andre-pereira in #7716
- fix(query): fn for API Gateway With CloudWatch Logging Disabled - terraform/aws by @cx-andre-pereira in #7694
- fix(query): fp for operation without successful http status code when valid codes are present by @cx-artur-ribeiro in #7604
- fix(vuln): update gogetter to version 1.8.1 by @cx-artur-ribeiro in #7743
- fix(vulnerabilities): update dockerfile images to fix vulnerabilities by @cx-artur-ribeiro in #7757
- fix(queries): update queries severities by @cx-artur-ribeiro in #7733
- fix(query): support for new app_service resources - terraform/azure by @cx-andre-pereira in #7742
- fix(queries): add missing transitions & improve query flow by @cx-miguel-silva in #7759
- feat(riskscore): add risk score to all queries by @cx-artur-ribeiro in #7728
- fix(makefile): update CONSTANTS_PATH in Makefile for v2 by @zackchadwick in #7764
- fix(riskscore): add risk score to query-page-generator, query page template and extract info by @cx-artur-ribeiro in #7766
- fix(query): adding missing function_app resources to terraform/azure queries by @cx-andre-pereira in #7744
- fix(typeflag): fix bicep wrong behavior with type and excludeType flags by @cx-artur-ribeiro in #7765
- feat(log): add results and queries summaries to log by @cx-laura-rodrigues in #7606
- fix(queries): BETA queries naming removed for Tencent Cloud & Databricks by @cx-miguel-silva in #7771
- test(query): improved testing for Azure App Service Client Certificate Disabled query by @cx-andre-pereira in #7768
- fix(query): fix beta naming in similarityID transition docs by @cx-miguel-silva in #7774
- fix(query): added missing support for "aws_launch_template" resource to "Instance Uses Metadata Service IMDSv1" by @cx-andre-pereira in #7778
- docs(queries): update queries catalog by @kicsbot in #7738
- docs(kicsbot): preparing for release 2.1.15 by @kicsbot in #7795
New Contributors
- @cx-bruno-silva made their first contribution in #7736
- @zackchadwick made their first contribution in #7764
- @cx-laura-rodrigues made their first contribution in #7606
Full Changelog: v2.1.14...v2.1.15
Contributors
zackchadwick, cx-bruno-silva, and 6 other contributors
Assets 3
v2.1.14
What's Changed
- fix(query): fixed false negative for "App Service Authentication Disabled" query missing resources by @cx-ricardo-jesus in #7591
- fix(query): fn for security_group_with_unrestricted_access_to_ssh - terraform/aws by @cx-andre-pereira in #7568
- fix(bicep): remove references to Bicep as a platform by @cx-artur-ribeiro in #7637
- fix(query): fixed FN for the missing resources on "App Service HTTP2 Disabled" query by @cx-ricardo-jesus in #7592
- feat(query): added new query: ElasticSearch Without Audit Logs - cloudFormation/aws by @cx-andre-pereira in #7565
- test(query): added extra tests to "Security Group Not Used" query for terraform/aws by @cx-ricardo-jesus in #7641
- test(query): new test for cloudwatch metrics disabled by @cx-andre-pereira in #7640
- feat(query): implements "iam policy allows for data exfiltration" - terraform/aws & cloudformation/aws by @cx-andre-pereira in #7631
- fix(query): fp for Media Type Object Without Schema -- OpenAPI/3.0 by @cx-andre-pereira in #7621
- feat(query): implements ecr_repository_not_encrypted_with_CMK for cloudformation by @cx-andre-pereira in #7633
- feat(query): implements Redshift_Cluster_Without_VPC--cloudformation/aws by @cx-andre-pereira in #7617
- feat(query): new query - "EKS Cluster Encryption Disabled" query implemented for CloudFormation platform by @cx-ricardo-jesus in #7616
- feat(query): lambda function without dead letter queue query implemented for Terraform/aws by @cx-ricardo-jesus in #7620
- fix(query): fn for S3 Bucket Allows Public Policy by @cx-ricardo-jesus in #7603
- feat(queries): new queries ECS Services assigned with public IP address for Ansible/aws, Terraform/aws and CloudFormation/AWS by @cx-ricardo-jesus in #7619
- feat(queries): new queries "Instance Uses Metadata Service IMDSv1" for Terraform/aws, Ansible/aws and CloudFormation/AWS by @cx-ricardo-jesus in #7624
- feat(query): elasticsearch domain encryption should be enabled node to node query implementation for CloudFormation/AWS by @cx-ricardo-jesus in #7627
- fix(query): web app not using TLS last version query requires minimum TLS version 1.3 by @cx-ricardo-jesus in #7628
- fix(githubaction): adds git pull to docs release action by @cx-monica-casanova in #7650
- feat(query): implementation of DAX_Cluster_Not_Encrypted for CloudFormation/aws by @cx-andre-pereira in #7599
- fix(query): fn for Trusted Microsoft Services Not Enabled - ARM by @cx-andre-pereira in #7587
- fix(query): fn for SQL Server Database With Alerts Disabled - ARM - terraform/azure by @cx-andre-pereira in #7584
- feat(query): implements "aws eip not attached to any ec2 instance" for terraform/aws by @cx-andre-pereira in #7596
- fix(query): fn for IAM_Policies_With_Full_Privileges -- terraform/aws by @cx-andre-pereira in #7601
- feat(query): new query - S3_Bucket_Notifications_Disabled for terraform/aws by @cx-andre-pereira in #7602
- fix(query): fp for Storage Share File Allows All ACL Permissions by @cx-andre-pereira in #7612
- feat(query): implements Neptune_Logging_Is_Disabled--cloudformation/aws by @cx-andre-pereira in #7614
- feat(test): add support for folder-based query test cases by @cx-romeu-silva in #7647
- fix(query): fp for passwords and secrets generic password by @cx-andre-pereira in #7625
- fix(docs): exclude folder-based query test cases from the query documentation by @cx-romeu-silva in #7657
- feat(query): implements ELBv2_LB_Access_Log_Disabled--terraform/aws by @cx-andre-pereira in #7594
- fix(vuln): update go-getter to fix vulnerability by @cx-artur-ribeiro in #7659
- fix(query): fn for passwords and secrets json files by @cx-andre-pereira in #7632
- feat(queries): tags not copied to rds cluster snapshot query implementation for terraform/aws and CloudFormation/aws by @cx-ricardo-jesus in #7655
- feat(query): implements Postgres_RDS_Logging_Disabled--terraform/aws by @cx-andre-pereira in #7615
- fix(queries): launch configuration is not encrypted resources missing support by @cx-ricardo-jesus in #7649
- fix(query): fp for passwords and secrets - generic secret by @cx-ricardo-jesus in #7656
- fix(query): fixed query "s3 bucket with public policy" by @cx-ricardo-jesus in #7661
- feat(query): new "ElasticSearch Without Es Application Logs" query to replace old logs query--cloudformation/aws by @cx-andre-pereira in #7645
- test(query): add missing test case for S3 Bucket Allows Public Policy by @cx-romeu-silva in #7664
- feat(query): new query - Secretmanager Secret Without KMS for CloudFormation/aws by @cx-ricardo-jesus in #7607
- test(query): new tests for Redshift Cluster Without VPC by @cx-andre-pereira in #7665
- test(query): fixed negative tests for "Storage Share File Allows All ACL Permissions" - terraform/azure by @cx-andre-pereira in #7660
- fix(mapstructure): update mapstructure from version 2.3.0 to 2.4.0 to fix vulnerabilities by @cx-artur-ribeiro in #7671
- fix(query): fixed fn for "SQL Server Database With Unrecommended Retention Days" query by @cx-ricardo-jesus in #7670
- feat(queries): query IAM DB Cluster Auth Not Enabled implemented for terraform/aws and cloudFormation/aws by @cx-ricardo-jesus in #7667
- test(query): missing tests for s3_bucket_notifications_disabled by @cx-andre-pereira in #7672
- fix(query): fn for EFS volume with disabled transit encryption--cloudformation/aws by @cx-andre-pereira in #7586
- test(query): tests and typo fix for ELBv2_LB_Access_Log_Disabled--terraform/aws by @cx-andre-pereira in #7674
- fix(query): media type object without schema -- OpenAPI 3.0 by @cx-andre-pereira in #7668
- fix(query): added module support for "iam_db_cluster_auth_not_enabled" query by @cx-ricardo-jesus in #7675
- fix(test): changed iam_database_authentication_field value from true to false on the sample negative5.tf by @cx-ricardo-jesus in #7677
- fix(query): added support for a new case in "elasticsearch domain not encrypted" query by @cx-ricardo-jesus in #7680
- test(query): mini fix for negative7 test on query elastic_search_without_audit_logs - coudformation/aws by @cx-andre-pereira in #7689
- fix(query): used isCloudFormationTrue helper function on elasticsearch domain not encrypted node to node by @cx-ricardo-jesus in #7695
- test(query): two missing tests for postgres rds logging disabled -- terraform/aws by @cx-andre-pereira in #7685
- test(query): added two more samples to "App Service HTTP2 Disabled" query by @cx-ricardo-jesus in #7681
- fix(queries): added samples and searchLines on ecs services assigned with public ip address query for Terraform, Ansible and CloudFormation by @cx-ricardo-jesus in #7693
- fix(query): fixed query block device is not encrypted to support changes on the last version of the modules by @cx-ricardo-jesus in #7686
- fix(query): fixed searchLine and added new test case for web app not using tls last version query for azureResourceManager by @cx-ricardo-jesus in #7690
- fix(query): added suport for modules and more test samples for tags not copied to rds cluster snapshot query for terraform by @cx-ricardo-jesus in #7691
- fix(query): trusted microsoft services not enabled and new tests - ARM by @cx-andre-pereira in #7703
- test(query): new tests and minor fixes for IAM_Policies_With_Full_Privileges -- terraform/aws by @cx-andre-pereira in #7702
- fix(query): removed unnecessary else on get_children helper function from sql server database with unrecommended retention days query by @cx-ricardo-jesus in #7705
- update(query): update description text for dockerfi...
Contributors
kicsbot, cx-miguel-dasilva, and 6 other contributors
Assets 3
v2.1.13
What's Changed
- fix(query): fixed false positive for website with client certificate auth disabled and azure app service client certificate disabled by @cx-ricardo-jesus in #7537
- fix(apkmissing): add alpine image build and dockerfile related file by @cx-artur-ribeiro in #7581
- fix(query): fix fp for s3_bucket_access_to_any_principal by @cx-andre-pereira in #7564
- fix(query): fix fp in password and secrets Generic Token by @cx-andre-pereira in #7555
- fix(query): added one extra verification on the ECS Cluster Not Encrypted At Rest query by @cx-ricardo-jesus in #7563
- fix(unmarshaller): panic while unmarshalling yaml foot comments edge cases by @cx-eduardo-semanas in #7613
- fix(query): fp for security_groups_not_used - terraform/aws by @cx-andre-pereira in #7566
- fix(query): added one more allow rule on Generic Password query to allow passwords retrieved from ARM parameters by @cx-ricardo-jesus in #7569
- fix(query): fn for SQL Server Database Without Auditing - ARM by @cx-andre-pereira in #7590
- fix(query): fn for Cloudformation queries - complete boolean logic update by @cx-andre-pereira in #7585
- fix(query): small fixes on the query "Azure App Service Client Certificate Disabled" for Terraform by @cx-ricardo-jesus in #7634
- fix(query): fixed cases not supported on "ecs cluster not encrypted at rest query" query by @cx-ricardo-jesus in #7638
- fix(ubi): update ubi dockerfile go version to 1.24.6 by @cx-artur-ribeiro in #7639
- docs(queries): update queries catalog by @kicsbot in #7605
- docs(kicsbot): preparing for release 2.1.13 by @kicsbot in #7643
New Contributors
- @cx-ricardo-jesus made their first contribution in #7537
Full Changelog: v2.1.12...v2.1.13
Contributors
kicsbot, cx-eduardo-semanas, and 3 other contributors
Assets 3
v2.1.12
What's Changed
- ci(deps): bump the all group across 1 directory with 7 updates by @dependabot[bot] in #7505
- build(deps): bump helm.sh/helm/v3 from 3.18.2 to 3.18.4 by @dependabot[bot] in #7528
- fix(parser): add type assertion verification to certificate elements process by @cx-artur-ribeiro in #7526
- fix(dockerfile): update debian dockerfile image with stable-slim version by @cx-artur-ribeiro in #7540
- fix(query): fix fn for s3_bucket_without_restriction_of_public_bucket by @cx-romeu-silva in #7506
- fix(query): fix fp for web app not using tls last version by @cx-andre-pereira in #7556
- fix(query): fix fp for api_gateway_method_does_not_contains_an_api_key by @cx-andre-pereira in #7557
- fix(symlink): add return statements for early exit in checkSymLink by @cx-artur-ribeiro in #7532
- fix(query): fix fp for image_version_not_explicit by @cx-andre-pereira in #7561
- fix(query): fix fn for cloudTrail_multi_region_disabled by @cx-andre-pereira in #7558
- fix(query): fix fn for ssh_is_exposed_to_the_internet and rdp_is_exposed_to_the_internet by @cx-andre-pereira in #7560
- fix(query): fix fp for s3_bucket_logging_disabled by @cx-andre-pereira in #7559
- fix(progressbar): fix flaky TestCounter_Start unit test by @cx-artur-ribeiro in #7573
- fix(vulnerabilities): update go version to fix grype vulnerabilities by @cx-artur-ribeiro in #7589
- docs(queries): update queries catalog by @kicsbot in #7553
- docs(kicsbot): preparing for release 2.1.12 by @kicsbot in #7593
New Contributors
- @cx-andre-pereira made their first contribution in #7556
Full Changelog: v2.1.11...v2.1.12
Contributors
dependabot, kicsbot, and 3 other contributors
Assets 3
v2.1.11
What's Changed
- docs(kicsbot): preparing for release 2.1.10 by @kicsbot in #7486
- update(deps): fix vulnerabilities and upgrade to GOv1.24.4 by @cx-rui-araujo in #7493
- fix(query): fix fp for missing_flag_from_dnf_install by @cx-romeu-silva in #7497
- fix(query): support deprecated enable_https_traffic_only and https_traffic_only_enabled fields by @cx-artur-ribeiro in #7461
- docs(platforms): add documentation to Analyzer Blacklist for Unsupported File Types by @cx-artur-ribeiro in #7509
- fix(query): improving Volume Mount With OS Directory Write Permissions k8s query by @cx-artur-ribeiro in #7508
- fix(query): fix fp for ecs_cluster_not_encrypted_at_rest by @cx-romeu-silva in #7510
- fix(query): fix fn in password and secrets Dockerfile ENV variable cases by @cx-eduardo-semanas in #7503
- fix(query): fix fp for mssql_server_auditing_disabled by @cx-romeu-silva in #7492
- fix(query): fix fp for iam_group_without_users by @cx-romeu-silva in #7502
- fix(query): fix fn for iam_policy_grants_full_permissions by @cx-romeu-silva in #7500
- fix(query): fix fp in password and secrets Generic Passwords by @cx-romeu-silva in #7512
- fix(query): fix fp in password and secrets Generic Private Key by @cx-romeu-silva in #7514
- docs(queries): update queries catalog by @kicsbot in #7507
- docs(kicsbot): preparing for release 2.1.11 by @kicsbot in #7520
New Contributors
- @cx-romeu-silva made their first contribution in #7497
Full Changelog: v2.1.10...v2.1.11
Contributors
kicsbot, cx-eduardo-semanas, and 3 other contributors
Assets 3
v2.1.10
What's Changed
- fix(engine): fix line counter for JSON Minified files by @cx-rui-araujo in #7473
- fix(analyzer): exclude azure-pipelines-vscode schema JSON file by @cx-rui-araujo in #7482
- update(deps): update helm to v3.18.2 and buildkit to v0.22.0 by @cx-rui-araujo in #7484
Full Changelog: v2.1.9...v2.1.10
Contributors
cx-rui-araujo