You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
added 30 new queries (Kubernetes, and Docker Compose)
feat(analyzer): added Docker Compose initial support (#4851)
feat(report): added CSV report (#5046)
feat(logs): added lines scanned and lines parsed (#5050)
feat(analyzer & parser): added Kubeblet Configuration support (#5001) (#5013)
🐛 Bug fixes
fix(secrets regex): added "Avoiding Secrets Manager arn" (#5048)
fix(pre-commit): pre-commit hook fix and integration update (#5031) (#5069)
fix(query): updated ebs not optimized queries (#5020) by @lipeavelar
fix(query): defined NET_BIND_SERVICE as exception in containers_with_added_capabilities k8s rule (#4888) by @Churro
fix(query): extended containers_running_as_root k8s rule to work if no securityContext is defined (#4886) by @Churro
fix(query): refined missing_app_armor_config k8s rule to operate on specific containers (#4895) by @Churro
fix(query): fixed "S3 Static Website Host Enabled" for CF (#5060)
fix(query): added kubelet config file to Kubelet Read Only Port is Not Set To Zero query (#5010)
fix(query): added kubelet config to Anonymous Auth Is Not Set To False query (#5014)
fix(query): added kubelet config to Authorization Mode Set To Always Allow query (#5017)
fix(query): update validCertificate.pem for "Certificate Has Expired" query (#5059) (#5061)
fix(query): fixed Client Certificate Authentication Not Setup Properly (#5091)
delete(query): removed query lambda_function_without_tags (#5036) by @jycamier
delete(query): removed redundant default_service_account_in_use k8s rule (#5078) by @Churro
delete(query): removed redundant resource_with_allow_privilege_escalation k8s rule (#5076) by @Churro
📦 Dependency updates bumps
build(deps): bump github.com/aws/aws-sdk-go from 1.43.19 to 1.43.28 (#5004) (#5019) (#5033) (#5041) (#5047) (#5079) (#5083)
build(deps): bump github.com/johnfercher/maroto from 0.34.0 to 0.35.0 (#5040)
ci(deps): bump golang from 1.17.8-alpine to 1.18.0-alpine (#5003)
ci(deps): bump alpine from 3.15.1 to 3.15.3 (#5015) (#5039) (#5082)
ci(deps): bump peter-evans/create-pull-request from 3.14.0 to 4 (#5038)
ci(deps): bump actions/cache from 2.1.7 to 3 (#5025)
ci(deps): bump peter-evans/repository-dispatch from 1 to 2 (#5032)
👻 Maintenance
update(common lib): improved performance of get_nested_values_info (#5075) by @Churro
update(docs): gitlab integration: clarify that SAST report requires an ultimate license (#5086) by @floh96
update(printer): moved printer package from internal to use KICS as a module (#5066)
update(query): updated "Kubelet Server Periodic Certificate Switch Disabled" to "Rotate Kubelet Server Certificate Not Active" (#5030)
update(query): updated AWS IAM Policy Grants Full Permissions for Terraform (#5064)
update(BoM): updated BoM queries and BoM docs (#5074)
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
🚀 New features and improvements
added 30 new queries (Kubernetes, and Docker Compose)
feat(analyzer): added Docker Compose initial support (#4851)
feat(report): added CSV report (#5046)
feat(logs): added lines scanned and lines parsed (#5050)
feat(analyzer & parser): added Kubeblet Configuration support (#5001) (#5013)
🐛 Bug fixes
fix(secrets regex): added "Avoiding Secrets Manager arn" (#5048)
fix(pre-commit): pre-commit hook fix and integration update (#5031) (#5069)
fix(query): updated ebs not optimized queries (#5020) by @lipeavelar
fix(query): defined NET_BIND_SERVICE as exception in containers_with_added_capabilities k8s rule (#4888) by @Churro
fix(query): extended containers_running_as_root k8s rule to work if no securityContext is defined (#4886) by @Churro
fix(query): refined missing_app_armor_config k8s rule to operate on specific containers (#4895) by @Churro
fix(query): fixed "S3 Static Website Host Enabled" for CF (#5060)
fix(query): added kubelet config file to Kubelet Read Only Port is Not Set To Zero query (#5010)
fix(query): added kubelet config to Anonymous Auth Is Not Set To False query (#5014)
fix(query): added kubelet config to Authorization Mode Set To Always Allow query (#5017)
fix(query): update validCertificate.pem for "Certificate Has Expired" query (#5059) (#5061)
fix(query): fixed Client Certificate Authentication Not Setup Properly (#5091)
delete(query): removed query lambda_function_without_tags (#5036) by @jycamier
delete(query): removed redundant default_service_account_in_use k8s rule (#5078) by @Churro
delete(query): removed redundant resource_with_allow_privilege_escalation k8s rule (#5076) by @Churro
📦 Dependency updates bumps
build(deps): bump github.com/aws/aws-sdk-go from 1.43.19 to 1.43.28 (#5004) (#5019) (#5033) (#5041) (#5047) (#5079) (#5083)
build(deps): bump github.com/johnfercher/maroto from 0.34.0 to 0.35.0 (#5040)
ci(deps): bump golang from 1.17.8-alpine to 1.18.0-alpine (#5003)
ci(deps): bump alpine from 3.15.1 to 3.15.3 (#5015) (#5039) (#5082)
ci(deps): bump peter-evans/create-pull-request from 3.14.0 to 4 (#5038)
ci(deps): bump actions/cache from 2.1.7 to 3 (#5025)
ci(deps): bump peter-evans/repository-dispatch from 1 to 2 (#5032)
👻 Maintenance
update(common lib): improved performance of get_nested_values_info (#5075) by @Churro
update(docs): gitlab integration: clarify that SAST report requires an ultimate license (#5086) by @floh96
update(printer): moved printer package from internal to use KICS as a module (#5066)
update(query): updated "Kubelet Server Periodic Certificate Switch Disabled" to "Rotate Kubelet Server Certificate Not Active" (#5030)
update(query): updated AWS IAM Policy Grants Full Permissions for Terraform (#5064)
update(BoM): updated BoM queries and BoM docs (#5074)
Beta Was this translation helpful? Give feedback.
All reactions