Skip to content

Releases: aquasecurity/defsec

v0.94.1

17 Jan 02:48
87a2031
Compare
Choose a tag to compare

What's Changed

  • chore(deps): Update to conform for checks/ project structure by @simar7 in #1523

Full Changelog: v0.94.0...v0.94.1

v0.94.0

16 Jan 01:10
06bc6ac
Compare
Choose a tag to compare

What's Changed

  • refactor(defsec): Refactor defsec into components by @simar7 in #1460
  • fix(terraform): fix merging of context variables by @nikpivkin in #1475
  • chore(deps): bump github.com/liamg/memoryfs from 1.4.3 to 1.6.0 by @dependabot in #1477
  • chore(deps): bump golang.org/x/text from 0.11.0 to 0.13.0 by @dependabot in #1478
  • chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 by @dependabot in #1480
  • feat(rule): add a method for evaluation by @nikpivkin in #1482
  • fix(terraform): check if module is local by @nikpivkin in #1483
  • chore(docs): Update docs by @simar7 in #1489
  • fix: remove PodSecurityPolicy field by @nikpivkin in #1492
  • feat(aws): support for CloudFrontDefaultCertificate and SSLSupportMethod by @nikpivkin in #1495
  • feat(google): support for purpose field of a compute subnetwork by @nikpivkin in #1494
  • feat(terraform): add support for AWS provider block by @nikpivkin in #1493
  • refactor(google): update DNSManagedZone resource structure by @nikpivkin in #1496
  • refactor: rename providers to meta by @nikpivkin in #1498
  • refactor(pkg/iac): Bring back some trivy-iac pkgs by @simar7 in #1499
  • chore(deps): bump github.com/hashicorp/hcl/v2 from 2.17.0 to 2.19.1 by @dependabot in #1484
  • chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in #1487
  • chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 by @dependabot in #1491
  • feat: k8s policy subtype support by @chen-keinan in #1502
  • feat(terraform): add a method to replace the value in the context by @nikpivkin in #1504
  • feat(gke): datapath provider support for the cluster by @nikpivkin in #1505
  • feat(terraform): fill in the arn attribute for bucket by @nikpivkin in #1506
  • feat(digitalocean): support for redirect_http_to_https for load balancer by @nikpivkin in #1507
  • feat(ec2): name support for the launch template by @nikpivkin in #1509
  • chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in #1508
  • fix(terraform): fix reference extraction from TupleConsExpr by @nikpivkin in #1510
  • feat(rego): Add aliasing support by @simar7 in #1515
  • feat: generate allowed actions by @nikpivkin in #1488
  • chore: generate schema by @nikpivkin in #1517
  • fix(rego): Ignore case when scanning k8s subtype by @simar7 in #1516
  • chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 by @dependabot in #1511
  • chore(deps): bump github.com/aquasecurity/trivy-policies from 0.6.1-0.20231120231532-f6f2330bf842 to 0.7.0 by @dependabot in #1501
  • chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.11.0 by @dependabot in #1518
  • chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #1519
  • chore(deps): bump golang.org/x/sync from 0.4.0 to 0.6.0 by @dependabot in #1521
  • chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 by @dependabot in #1522

Full Changelog: v0.93.1...v0.94.0

v0.93.1

07 Oct 03:51
78aed65
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.93.0...v0.93.1

v0.93.0

26 Sep 20:09
5f42dcd
Compare
Choose a tag to compare

What's Changed

  • feat(cloud): add the DeletionProtection attribute to the RDS Cluster by @dorayakikun in #1443
  • chore(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 by @dependabot in #1451
  • chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #1452
  • fix(terraform): convert input variables to expected type by @nikpivkin in #1453
  • fix(terraform): detect recursive modules by @nikpivkin in #1454
  • fix: Fix rendering of map slices in Terraform resource block by @dorayakikun in #1450
  • fix(terraform): check if SSE configuration block is nil by @nikpivkin in #1457
  • feat: Add support for skip_final_snapshot by @dorayakikun in #1449
  • fix(azure): Bump up min_tls_value for storage adapters by @simar7 in #1458

New Contributors

Full Changelog: v0.92.0...v0.93.0

v0.92.0

30 Aug 16:23
601dd69
Compare
Choose a tag to compare

What's Changed

  • fix(terraform): improve VPC adapt by @nikpivkin in #1422
  • ci(test): add trivy tests by @nikpivkin in #1400
  • Incorporated the recently added Regos from the commercial into the oss by @mjshastha in #1418
  • fix(terraform): improve detection of terraform files by @nikpivkin in #1426
  • fix(terraform): do not check network policy if enable_autopilot is true by @nikpivkin in #1420
  • chore(github): Remove test-trivy integration test by @simar7 in #1430
  • feat(cloud): AVD-AWS-0057 does not detect cases where the log stream is a wildcard by @int-tt in #1429
  • feat(cloud): add availability zone filed for rds cluster by @int-tt in #1424
  • Anonymous user access binding to RoleBinding and ClusterRoleBinding by @KiranBodipi in #1433
  • Modified the Rego policies within Defsec to incorporate subtype selectors. by @mjshastha in #1434
  • chore(deps): bump github.com/hashicorp/hcl/v2 from 2.14.1 to 2.17.0 by @dependabot in #1407
  • Revise the description and other relevant elements in the defsec to align with the commercial. by @mjshastha in #1432
  • chore(deps): bump github.com/zclconf/go-cty-yaml from 1.0.2 to 1.0.3 by @dependabot in #1408
  • fix: make operations with reference key safe by @nikpivkin in #1425
  • test(bundle): Add bundle integration testing by @simar7 in #1421
  • fix(aws): remove duplicate bucket logging rule by @nikpivkin in #1423
  • ci: make the OPA installation more reliable by @nikpivkin in #1439
  • chore: remove deprecated dead code linters from the rules by @nikpivkin in #1442

New Contributors

Full Changelog: v0.91.1...v0.92.0

v0.91.1

09 Aug 05:49
a89cc84
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.91.0...v0.91.1

v0.91.0

28 Jul 17:58
0d4c4b5
Compare
Choose a tag to compare

What's Changed

  • feat(terraform): support for multiple instances of the same resource by @nikpivkin in #1374
  • fix(doc): update the links to authorized_ip_ranges by @nikpivkin in #1381
  • Support define api-versions for helm scanner by @jkroepke in #1361
  • test(terraform): add a test for the skip downloaded option by @nikpivkin in #1384
  • Revert "Revert "feat(scanner): Break out options for enabling libs and policies (#1280)" (#1298)" by @simar7 in #1357
  • fix(terraform): check that the expiration_date is string by @nikpivkin in #1387
  • fix(docker): check the -y flag after packages by @nikpivkin in #1388
  • fix(cloudformation): evaluate the value for a property when comparing by @nikpivkin in #1393
  • fix(cloudformation): set context for conditions by @nikpivkin in #1389
  • feat: add the occurrences field by @nikpivkin in #1383
  • fix(cloudformation): resolve property depending on conditions by @nikpivkin in #1396
  • fix(cloudformation): fix panic when use pseudo-parameters NoValue or NotificationARNs by @nikpivkin in #1395
  • fix(arm): use correct type casting for ints in azure scan by @nikpivkin in #1376
  • fix(docker): check the --no-install-recommends flag after packages by @nikpivkin in #1375
  • feat(cloudformation): add support for the condition function by @nikpivkin in #1394
  • feat(cloudformation): add support for the length function by @nikpivkin in #1397
  • chore(github): Enable merge-queues for defsec PRs by @simar7 in #1403
  • chore(github): Bypass CLA check by @simar7 in #1404
  • chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 by @dependabot in #1378
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecs from 1.18.26 to 1.28.1 by @dependabot in #1390
  • bump github.com/aws/aws-sdk-go-v2/service/iam from 1.19.12 to 1.21.1 by @dependabot in #1392
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/athena from 1.18.10 to 1.30.4 by @dependabot in #1391
  • fix(cloudformation): s3 object_lock_configuration sets versioning to true by @nikpivkin in #1398
  • Our objective is to align the titles and logic with the commercial version. by @mjshastha in #1382
  • Update rego title in OSS defsec Part2 by @mjshastha in #1386

New Contributors

Full Changelog: v0.90.3...v0.91.0

v0.90.3

07 Jul 07:22
988b9e9
Compare
Choose a tag to compare

What's Changed

  • fix(windows): Use homedrive if available by @simar7 in #1373

Full Changelog: v0.90.2...v0.90.3

v0.90.2

07 Jul 04:43
e6b020b
Compare
Choose a tag to compare

What's Changed

  • perf(detection): use strings.Builder by @nikpivkin in #1366
  • docs: fix the path to policies by @nikpivkin in #1367
  • fix(windows): Use correct homedir on Windows by @simar7 in #1368
  • fix(terraform): allow nullable value for default values of vars by @nikpivkin in #1370
  • fix(opa): Continue upon filter fs errors by @simar7 in #1369
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/efs from 1.20.1 to 1.20.3 by @dependabot in #1362
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/eks from 1.22.1 to 1.27.14 by @dependabot in #1363
  • chore(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.6 by @dependabot in #1364
  • chore(deps): bump github.com/aws/aws-sdk-go-v2/service/kms from 1.21.1 to 1.23.0 by @dependabot in #1371

New Contributors

Full Changelog: v0.90.1...v0.90.2

v0.90.1

30 Jun 05:22
c3d4a38
Compare
Choose a tag to compare

What's Changed

Full Changelog: v0.90.0...v0.90.1