What's Changed

Note: This is planned to be the last planned feature release before secureCodeBox v5.0.0.
In case of important bugs, we will still publish bug fix releases under 4.16.x :)

🚓 Security Scanner

• Upgraded gitleaks from v8.24.2 to v8.24.3 @secureCodeBoxBot (#2981)
• Upgraded kubeaudit from 0.22.1 to 0.22.2 @secureCodeBoxBot (#3001)
• Upgraded semgrep from 1.117.0 to 1.120.0 @secureCodeBoxBot (#2974, #2985, #2994)
• Upgraded trivy from 0.61.0 to 0.61.1 @secureCodeBoxBot (#2988)
• Upgraded trivy-sbom from 0.61.0 to 0.61.1 @secureCodeBoxBot (#2987)
• Add ARM support to Ncrack by @J12934 in #2996

⛩️ DefectDojo

• Use native DefectDojo Importer for SSH Audit results by @J12934 in #3004

🐛 Bug Fixes

• Fix Issue with nested Kubernetes Native Objects not being properly configurable in the Kubernetes AutoDiscovery Config by @BorisShek in #2982
• Fix Invalid ARM Image for DefectDojo hook by @J12934 in #2993

📚 Documentation

• Reorder sections in upgrading.md to list the newest first by @BorisShek in #3000
• Update supported Kubernetes versions by @J12934 in #3003
• Add Link to OWASP Stammtisch Hamburg Talk by @J12934 in #3005
• Fix ncrack config in network scanning how-to by @J12934 in #2995

🔧 Maintenance

• Update Gradle Version used for DefectDojo Hook by @Weltraumschaf in #2975

📌 Dependencies

• Update to Go to 1.24 & Update Go Libraries by @Weltraumschaf in #2978
• Bump golang.org/x/net from 0.37.0 to 0.38.0 in /auto-discovery/cloud-aws by @dependabot in #2986
• Bump http-proxy-middleware from 2.0.7 to 2.0.9 in /documentation in the npm-security-updates group by @dependabot in #2992

Full Changelog: v4.15.0...v4.16.0

What's Changed

🚓 Security Scanner

• Upgraded gitleaks from v8.24.0 to v8.24.2 @secureCodeBoxBot (#2951)
• Upgraded nuclei from v3.3.8 to v3.4.2 @secureCodeBoxBot (#2972)
• Upgraded semgrep from 1.113.0 to 1.117.0 @secureCodeBoxBot (#2950, #2960, #2967)
• Upgraded trivy from 0.60.0 to 0.61.0 @secureCodeBoxBot (#2957)
• Upgraded trivy-sbom from 0.60.0 to 0.61.0 @secureCodeBoxBot (#2959)

📌 Dependencies

• Bump @types/node from 22.13.8 to 22.13.10 in /documentation in the npm-version-updates group by @dependabot in #2934
• Bump the npm-version-updates group in /documentation with 3 updates by @dependabot in #2952
• Bump the npm-version-updates group in /documentation with 3 updates by @dependabot in #2962
• Bump image-size from 1.2.0 to 1.2.1 in /documentation in the npm-security-updates group by @dependabot in #2966
• Bump the npm-version-updates group in /documentation with 4 updates by @dependabot in #2969
• Bump estree-util-value-to-estree from 3.2.1 to 3.3.3 in /documentation in the npm-security-updates group by @dependabot in #2971

📚 Documentation

• #2964 Update findings for example scans of 'zap-automation-framework' by @BorisShek in #2968

Full Changelog: v4.14.0...v4.15.0

What's Changed

🚀 Features

• Added Scan Metadata to Findings by @Ilyesbdlala in #2909

🚓 Security Scanner

• Upgraded gitleaks from v8.23.3 to v8.24.0 @secureCodeBoxBot (#2914)
• Upgraded semgrep from 1.106.0 to 1.113.0 @secureCodeBoxBot (#2889, #2902, #2913, #2923, #2928, #2948)
• Upgraded trivy from 0.59.0 to 0.60.0 @secureCodeBoxBot (#2888, #2930)
• Upgraded trivy-sbom from 0.59.0 to 0.60.0 @secureCodeBoxBot (#2887, #2931)
• Upgraded wpscan from v3.8.27 to v3.8.28 @secureCodeBoxBot (#2922)

⚓️ Hooks

• Improve Error Handling in DefectDojo Persistence Provider by @Weltraumschaf in #2833

🐛 Bug Fixes

• Fix http-webhook chart by @muffl0n in #2878
• Remove vagrant by @Weltraumschaf in #2894
• Handle conflict errors when updating Scan status by @Ilyesbdlala in #2901
• Remove underscore in container name by @Reet00 in #2903
• Allow configuration of imagePullSecret for all trivy components by @K4iM4k3r in #2929
• Adjust logs for Container AutoDiscovery by @BorisShek in #2932

📚 Documentation

• Clarify Container AutoDiscovery being disable by default @BorisShek in #2924

🔧 Maintenance

• Insert missing link in hook documentation by @Ilyesbdlala in #2911
• Handle conflict with ScheduledScan status updates with retry logic by @Ilyesbdlala in #2910
• Moved Upgrading.md to the documentation website by @Ilyesbdlala in #2915

📌 Dependencies

• Update version of minio chart used by default operator install by @J12934 in #2891
• Bump the gradle-version-updates group across 1 directory with 3 updates by @dependabot in #2868
• Update operators to latest kubebuilder versions by @J12934 in #2890
• Bump the npm-version-updates group in /documentation with 2 updates by @dependabot in #2899
• Bump io.freefair.lombok from 8.12 to 8.12.1 in /hooks/persistence-defectdojo/hook in the gradle-version-updates group by @dependabot in #2898
• Bump the npm-version-updates group in /documentation with 4 updates by @dependabot in #2907
• Bump org.springframework:spring-web from 6.2.2 to 6.2.3 in /hooks/persistence-defectdojo/hook in the gradle-version-updates group by @dependabot in #2906
• Bump serialize-javascript from 6.0.1 to 6.0.2 in /documentation in the npm-security-updates group by @dependabot in #2908
• Bump jsonpath-plus from 10.2.0 to 10.3.0 in /hooks by @dependabot in #2912
• Bump @types/node from 22.13.4 to 22.13.5 in /documentation in the npm-version-updates group by @dependabot in #2917
• Bump the npm-version-updates group in /documentation with 3 updates by @dependabot in #2925
• Bump prismjs from 1.29.0 to 1.30.0 in /documentation in the npm-security-updates group by @dependabot in #2937
• Bump golang.org/x/net from 0.30.0 to 0.36.0 in /lurker by @dependabot in #2941
• Bump @babel/helpers from 7.26.0 to 7.26.10 in /hooks by @dependabot in #2943
• Bump the npm-security-updates group in /documentation with 2 updates by @dependabot in #2944

New Contributors

• @muffl0n made their first contribution in #2878
• @K4iM4k3r made their first contribution in #2929

Full Changelog: v4.13.0...v4.14.0

🚀 Features

• Add ARM support for SSH-Audit and SSLyze by @J12934 in #2884

🐛 Bug Fixes

• Grant delete permissions for ScheduledScans in AutoDiscovery by @BorisShek in #2871

🚓 Security Scanner

• Upgraded gitleaks from v8.22.1 to v8.23.3 @secureCodeBoxBot (#2846, #2855, #2865, #2872)
• Upgraded semgrep from 1.101.0 to 1.106.0 @secureCodeBoxBot (#2835, #2854, #2863, #2873)
• Upgraded sslyze from 6.0.0 to 6.1.0 @secureCodeBoxBot (#2829)
• Upgraded trivy from 0.58.1 to 0.59.0 @secureCodeBoxBot (#2847, #2875)
• Upgraded trivy-sbom from 0.58.1 to 0.59.0 @secureCodeBoxBot (#2845, #2876)
• Upgraded zap from 2.15.0 to 2.16.0 @secureCodeBoxBot (#2840)
• Upgraded zap-advanced from 2.15.0 to 2.16.0 @secureCodeBoxBot (#2839)
• Upgraded zap-automation-framework from 2.15.0 to 2.16.0 @secureCodeBoxBot (#2838)

📚 Documentation

• Improve cascading scans docs by @J12934 in #2837

📌 Dependencies

• Bump mikefarah/yq from 4.44.6 to 4.45.1 in /.github/workflows in the github-actions-version-updates group across 1 directory by @dependabot in #2841
• Bump the npm-version-updates group across 1 directory with 12 updates by @dependabot in #2842
• Bump the npm-version-updates group across 1 directory with 3 updates by @dependabot in #2880
• Bump golang.org/x/net from 0.25.0 to 0.33.0 in /auto-discovery/cloud-aws by @dependabot in #2879
• Bump @types/node from 22.12.0 to 22.13.0 in /documentation in the npm-version-updates group by @dependabot in #2881
• Bump golang.org/x/net from 0.23.0 to 0.33.0 in /auto-discovery/kubernetes by @dependabot in #2883

🔧 Maintanance

• Revert "Replace SCB-token with github token" by @Reet00 in #2856

Full Changelog: v4.12.0...v4.13.0

🚓 Security Scanner

• Upgraded gitleaks from v8.21.2 to v8.22.1 by @secureCodeBoxBot in #2813, #2826
• Upgraded nuclei from v3.3.6 to v3.3.8 by @secureCodeBoxBot in #2834
• Upgraded semgrep from 1.95.0 to 1.101.0 by @Reet00 in #2828
• Upgraded ssh-audit from v3.2.0 to v3.3.0 by @Reet00 in #2802
• Upgraded trivy from 0.58.0 to 0.58.1 by @secureCodeBoxBot in #2816
• Upgraded trivy-sbom from 0.58.0 to 0.58.1 by @secureCodeBoxBot in #2817

📚 Documentation

• Add Talk From Bulat Gafurov from Ufadevconf #2810
• Add Sergios talk at Ekoparty 2024 #2818
• Add Blog Post announcing OWASP secureCodeBox and Friends Assembly at 38C3 by @Weltraumschaf in #2820
• Restructure and Cleanup DefectDojo Hook Docs by @J12934 in #2822
• Fix Markdown Causing a Broken Link On The Nmap Docs Page by @Weltraumschaf in #2821

🔧 Maintenance

• Adjust release note grouper for release notes generated by the native github feature by @J12934 in #2795
• Fix Docker Build Warnings by @J12934 in #2824
• Remove Comment to Prevent REUSE Check Failing to interpret License Tags by @Weltraumschaf in #2812
• Bugfix Corrected branches keyword trigger workflow correctly by @Reet00 in #2794
• Avoid run fail for dependabot PRs by @Reet00 in #2827

📌 Dependencies

• Bump the npm-security-updates group in /documentation with 2 updates by @dependabot in #2796
• Bump the npm-version-updates group in /documentation with 5 updates by @dependabot in #2807
• Bump the npm-version-updates group across 5 directories with 3 updates by @dependabot in #2806
• Bump golang.org/x/crypto from 0.21.0 to 0.31.0 in /auto-discovery/cloud-aws by @dependabot in #2808
• Bump nanoid from 3.3.7 to 3.3.8 in /documentation in the npm-security-updates group by @dependabot in #2803
• Bump org.springframework:spring-web from 6.2.0 to 6.2.1 in /hooks/persistence-defectdojo/hook in the gradle-version-updates group by @dependabot in #2805
• Bump org.junit:junit-bom from 5.11.3 to 5.11.4 in /hooks/persistence-defectdojo/hook in the gradle-version-updates group by @dependabot in #2814
• Bump the github-actions-version-updates group across 1 directory with 2 updates by @dependabot in #2800
• Use Latest Temurin 17.0.13 in SDKMAN Config by @Weltraumschaf in #2823
• Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 2 updates by @dependabot in #2832

Full Changelog: v4.11.0...v4.12.0

What's Changed

🚓 Security Scanner

• Upgraded nuclei from v3.3.5 to v3.3.6 @secureCodeBoxBot (#2778)
• Upgraded trivy from 0.57.0 to 0.58.0 @secureCodeBoxBot (#2765, #2791)
• Upgraded trivy-sbom from 0.57.0 to 0.58.0 @secureCodeBoxBot (#2764, #2790)

🐛 Bug Fixes

• Handle 'Packages' attribute in Trivy parser by @BorisShek in #2727
• Fix Duplicate Env Vars Added To Hook Kubernetes Job by @J12934 in #2779

📚 Documentation

• Adapt 'location' attribute in Trivy parser to match a URL format by @BorisShek in https://github.com/secureCodeBox/
  /pull/2725

🔧 Maintenance

• Replace release drafter config with build in github config by @J12934 in #2792
• Added workflow that adds bot PRs directly into To Review column by @Reet00 in #2758

📌 Dependencies

Full Changelog: v4.10.0...v4.11.0

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Add --follow flag to scbctl to scans command @Freedisch & @J12934 (#2668)

🚓 Security Scanner

• Upgraded doggo from v1.0.4 to v1.0.5 @secureCodeBoxBot (#2688)
• Upgraded nuclei from v3.3.3 to v3.3.4 @secureCodeBoxBot (#2684)
• Upgraded trivy from 0.55.2 to 0.56.1 @secureCodeBoxBot (#2693)

🐛 Bug Fixes

• Add appProtocol to the mertrics service @Michael-Kruggel (#2690)
• Fix Issues with DefectDojo Hook being unable to upload findings @Weltraumschaf (#2745)

📚 Documentation

• Added documentation for labels of CascadingRules @Weltraumschaf (#2675)
• Added notes to operator documentation @Reet00 (#2674)

⚙️ Maintanance

• Slight refactor of scbctl @ddddddO (#2682)
• Workaround Nikto Test Failures @J12934 (#2685)

📌 Dependencies

• Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 4 updates @dependabot (#2696)
• Bump jest-runner-eslint from 2.2.0 to 2.2.1 in the npm-version-updates group @dependabot (#2697)
• Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 8 updates @dependabot (#2686)
• Bump @types/node from 22.5.5 to 22.7.4 in the npm-version-updates group @dependabot (#2687)

Distribution

Contributors

Thank you to all our contributors supporting this project 🤗
@Freedisch, @J12934, @Michael-Kruggel, @Reet00, @Weltraumschaf, @ddddddO and Vanessa Hermann

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Add env for istio sidecar injection annotation closes #2652 @Michael-Kruggel (#2665)

🚓 Security Scanner

• Upgraded semgrep from 1.86.0 to 1.90.0 @secureCodeBoxBot (#2655, #2667, #2669, #2679)
• Upgraded gitleaks from v8.18.4 to v8.19.3 @secureCodeBoxBot (#2660, #2681)
• Upgraded trivy from 0.54.1 to 0.55.2 @secureCodeBoxBot (#2644, #2654, #2662)
• Upgraded trivy-sbom from 0.54.1 to 0.55.2 @secureCodeBoxBot (#2653, #2661)
• Upgraded semgrep from 1.85.0 to 1.86.0 @secureCodeBoxBot (#2646)
• Upgraded wpscan from v3.8.25 to v3.8.27 @secureCodeBoxBot (#2647)
• Upgraded nuclei from v3.3.1 to v3.3.3 @secureCodeBoxBot (#2645, #2678)

🐛 Bug Fixes

• Fix Issue MS Teams Notification Hook Not Being Able To Deliver Messages @J12934 (#2666)

📚 Documentation

• Add link to secureCodeBox Talk at the ContainerDays 2024 @J12934 (#2663)

📌 Dependencies

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗
@J12934 and @Michael-Kruggel

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

⚠️ Upgrade Notes

This release contains a fix in the Custom Resource Definitions (CRDs), Helm does not update CRDs after the initial installation.
To upgrade the CRDs you can run the following script or grab the latest CRDs from the git repo at the v4.8.0 tag:

kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/cascading.securecodebox.io_cascadingrules.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_clusterscancompletionhooks.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_clusterscantypes.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_parsedefinitions.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_scans.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_scantypes.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.8.0/operator/crds/execution.securecodebox.io_scheduledscans.yaml

🚀 Features

• Add a optional ttlSecondsAfterFinished field to scans to cleanup finished scans #2293 @Reet00 (#2631)
• Support setting env variables for Scans generated by the Kubernetes AutoDiscovery @J12934 (#2628)
• Add cascade CLI Command To Visualize Cascaded Scans Hierarchy @Freedisch (#2608)
• Add option to disable tls connection between the operator and the s3 endpoint @Michael-Kruggel (#2637)

🚓 Security Scanner

• Upgraded nuclei from v3.3.0 to v3.3.1 @secureCodeBoxBot (#2622)
• Upgraded semgrep from 1.82.0 to 1.85.0 @secureCodeBoxBot (#2620, #2613, #2609)
• Upgraded trivy from 0.54.0 to 0.54.1 @secureCodeBoxBot (#2606)
• Upgraded ZAP Automation Framework Version to 2.15.0 @J12934 (#2626)

🐛 Bug Fixes

• Add a custom entry script for ZAP Automation Framework to ensure that scans are compelting even when they have warning @J12934 (#2627)

📚 Documentation

• Fix Minor Typo in Install Docs @J12934 (#2642)
• Add google summer of code blog post @Freedisch (#2629)

📌 Dependencies

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗
@Freedisch, @J12934, @Michael-Kruggel and @Reet00

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Add / Document secureCodeBox Operator Prometheus Metrics @J12934 (#2581)
• Add new trigger command for scbctl @Freedisch (#2570)

🚓 Security Scanner

• Add podSecurityContext to zap-scan-type template @eliihen (#2576)
• Upgraded nuclei from v3.2.9 to v3.3.0 @secureCodeBoxBot (#2579)
• Upgraded semgrep from 1.78.0 to 1.82.0 @secureCodeBoxBot (#2604, #2594, #2585, #2569)
• Upgraded trivy from 0.52.2 to 0.54.0 @secureCodeBoxBot (#2602, #2552)
• Upgraded trivy-sbom from 0.52.2 to 0.54.0 @secureCodeBoxBot (#2603, #2554)
• Upgraded typo3scan from v1.1.4 to v1.2-final @secureCodeBoxBot (#2558)

🐛 Bug Fixes

• Fixed Scan not marked as Errored when exceeding the Job BackoffLimit @Ilyesbdlala (#2568)
• Fix nodeSelectors not working properly @J12934 (#2582)
• Fix Health/Readyness Check Issues with Kubernetes AutoDiscovery @J12934 (#2578)

📚 Documentation

• Add docs and cli completion for trigger and scan command @Freedisch (#2587)

🔧 Maintenance

• Add Stargazers Over Time @Weltraumschaf (#2563)
• Switch pipeline to use the same user / variable everywhere @J12934 (#2562)

📌 Dependencies

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗
@Freedisch, @Ilyesbdlala, @J12934, @Weltraumschaf, and @eliihen