Releases: Checkmarx/kics
v1.6.7
🚀 New features and improvements
Refactor: analyzer.go enhancements by @ohaval in #6052
feat(arm): add checks for parametes with default values in #6053
added check for RDS backup_retention_period default in #6057
🐛 Bug fixes
fix(merge_conflicts): fix merge conflicts in queries catalog in #6046
fix(bug): update metrics for get statistics github workflow in #6045
fix(query): update arm aks dashboard enabled security query default behavior in #6058
fix(query): fix fp in azure instance using basic authentication in #6047
📦 Dependency updates bumps
bump(go) go version 1.19 in #6062
ci(deps): bump goreleaser/goreleaser-action from 3.2.0 to 4.1.0 in #6050
bump(deps) in #6063
update versions in #6059
build(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 in #6029
build(deps): bump golang.org/x/tools from 0.1.12 to 0.4.0 in #6041
ci(deps): bump golang from 1.19.3-alpine to 1.19.4-alpine by in #6040
ci(deps): bump fkirc/skip-duplicate-actions from 5.0.0 to 5.3.0 in #6031
👻 Maintenance
docs(queries): update queries catalog in #6026
docs: preparing for release 1.6.7 in #6065
Place documentation link higher in README file in #6064
update dates in #6056
update(docs): update docs logo size in #6061
Update reference to KICS github action in #6044
New Contributors
Contributors
Assets 2
v1.6.6
🚀 New features and improvements
feat(bom): add gcp bill of materials for dataflow job in terraform in #6037
feat(bom): add gcp redis bill of matterials support for terraform in #6036
feat(bom): add gcp filestore instance bill of materials for terraform in #6033
feat(bom): add bill of materials for gcp storage bucket in #6032
feat(bom): add bill of materials for gcp pubsub topic in terraform and gdm in #6027
feat(bom): add gcp bill of matterials support in #6021
🐛 Bug fixes
fix(query): update tf azure aks disk encryption set id undefined security query in #6023
Fix ssh/rdp access is not restricted by @Tohar-orca in #6020
fix(query): add search line to array without maximum number items open api query in #6039
fix(query): fix false positive in sqs with sse disabled for aws cloudformation in #6038
fix(helm_resolver): fix help parser trim left in #6024
fix(query): update terraform aws query ecs service without running tasks in #6042
📦 Dependency updates bumps
build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 in #6010
ci(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 in #5998
build(deps): bump github.com/hashicorp/hcl/v2 from 2.14.1 to 2.15.0 in #5996
build(deps): bump k8s.io/client-go from 0.25.3 to 0.25.4 in #6017
👻 Maintenance
update(kics-gh): updated KICS GH Action in #6034
docs(update): logo with only text added in #6018
docs(update): Update December community meeting in #6019
update documentation in #6035
docs(update): Fix headers in Terraform documentation by @williamscs in #6030
docs: update copyright date in #6025
New Contributors
- @williamscs made their first contribution in #6030
- @Tohar-orca made their first contribution in #6020
Contributors
Assets 2
v1.6.5
🐛 Bug fixes
fix(query): align queries by @roi-orca in #5999
fix(query): exclude custom resources in "Permissive Access to Create Pods" in #5980
fix: scanner panics when ctx timeout by @joelboim in #5994
fix(query): update with version regex for unpinned package version in apk add security query in #6006
fix(query): adapt k8s hpa targets invalid object security query in #6007
📦 Dependency updates bumps
ci(deps): bump golang from 1.19.2-alpine to 1.19.3-alpine in #5978
build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 in #5976
build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 in #5975
ci(deps): bump al-cheb/configure-pagefile-action from 1.2 to 1.3 by in #5974
build(deps): bump github.com/johnfercher/maroto from 0.38.0 to 0.39.0 by in #5995
ci(deps): bump alpine from 3.16.2 to 3.16.3 in #6002
👻 Maintenance
docs(update): docs update in #6014
docs(queries): update queries catalog in #6013
docs(queries): update queries catalog in #6001
docs(update): kics logo in documentation in #5997
docs(update): file svg added in #6003
Contributors
Assets 2
v1.6.4
🚀 New features and improvements
feat(query): added "Vulnerable OpenSSL Version" for Dockerfile #5973
feat(bom): added Cassandra for CloudFormation #5988
feat(bom): added Kinesis support for CloudFormation and Terraform #5983
🐛 Bug fixes
fix(analyzer): improved regexes #5979
fix(query): improved regex of "Asymmetric private key" #5984
fix: changing directory name of viewer_protocol_policy_allows_http by @jycamier in #5981
fix(query): fix queries expected value by @liorj-orca in #5970
📦 Dependency updates bumps
ci(deps): bump goreleaser/goreleaser-action from 3.1.0 to 3.2.0 #5945
ci(deps): bump tj-actions/verify-changed-files from 11.1 to 12.0 #5946
build(deps): bump github.com/zclconf/go-cty from 1.11.0 to 1.11.1 #5948
build(deps): bump github.com/aws/aws-sdk-go from 1.44.116 to 1.44.121 #5959
ci(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 by #5958
build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 by #5971
build(deps): bump github.com/zclconf/go-cty from 1.11.1 to 1.12.0 #5972
👻 Maintenance
docs(queries): update queries catalog #5942
update(docs): certification documentation #5992
update(docs): added required go version + how to build kics binary #5982
Contributors
Assets 2
v1.6.3
🚀 New features and improvements
- update(query): fixed typos in query folder name and query name in #5954
🐛 Bug fixes
- fix(query): Update Password And Secrets Security Query Documentation in #5938
- fix(ExpToString): fixed TraverseIndex evaluation in #5939
- fix(query): update CloudWatch Log Group Without KMS Security Query MetaData in #5943
- fix(query): readjusted "Memcached Disabled" to "Redis Disabled" in #5952
- fix(query): improved regex to find AWS Access Key in assets/queries/terraform/aws/hardcoded_aws_access_key_in_lambda in #5951
- fix(masked_secrets): Mask Secrets in All Vulnerability Preview in #5949
📦 Dependency updates bumps
- bump(deps): bump express, debug, and sentry-go in #5957
- bump(deps): express dependencies in #5962
- bump(deps): reverted debug and updated dependencies in #5963
- build(deps): bump github.com/tdewolff/minify/v2 from 2.12.3 to 2.12.4 in #5904
- docs(kicsbot): update images digest in #5906
- ci(deps): bump golang from 1.19.1-alpine to 1.19.2-alpine in #5909
- build(deps): bump github.com/aws/aws-sdk-go from 1.44.109 to 1.44.114 in #5914
- ci(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 in #5924
- ci(deps): bump styfle/cancel-workflow-action from 0.10.1 to 0.11.0 in #5925
- ci(deps): bump docker/login-action from 2.0.0 to 2.1.0 in #5926
- build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 in #5928
- build(deps): bump github.com/open-policy-agent/opa from 0.44.0 to 0.45.0 in #5929
- build(deps): bump k8s.io/apimachinery from 0.25.2 to 0.25.3 in #5933
- bump: updating software versions in #5918
- build(deps): bump github.com/aws/aws-sdk-go from 1.44.114 to 1.44.116 in #5936
- build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 in #5930
- build(deps): bump k8s.io/api from 0.25.2 to 0.25.3 in #5937
- build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 in #5940
- build(deps): bump k8s.io/client-go from 0.25.2 to 0.25.3 in #5941
👻 Maintenance
v1.6.2
🚀 New features and improvements
feat(bom): bill of materials for rds in aws cloudformation #5856
feat(bom): bill of material rds for terraform #5843
feat(bom): bill of materials for aws dynamodb #5861
🐛 Bug fixes
fix(query): correct GCP KMS crypto key rotation period queries + descriptions by @Churro in #5863
fix(query): terraform/aws/iam_access_key_is_exposed by @jycamier in #5846
fix(query): fix false positive in aws_instance by @patrickpichler in #5903
fix(query): remove redundant and flawed GCP KMS key rotation query by @Churro in #5864
fix(query): fix false positive for rds backup_retention_period not set by @patrickpichler in #5902
fix community link for contribution #5854
fix(query): drop Configuration Aggregator to All Regions Disabled Security severity to MEDIUM by @patrickpichler in #5901
fix(query): reduce NET_RAW capability not being dropped severity to MEDIUM by @patrickpichler in #5900
fix(query): cover additional deprecated API versions in k8s rule by @Churro in #5867
📦 Dependency updates bumps
build(deps): bump github.com/tdewolff/minify/v2 from 2.12.1 to 2.12.2 #5857
build(deps): bump k8s.io/client-go from 0.25.1 to 0.25.2 #5827
build(deps): bump github.com/aws/aws-sdk-go from 1.44.101 to 1.44.107 #5840
build(deps): bump github.com/aws/aws-sdk-go from 1.44.107 to 1.44.109 #5866
build(deps): bump github.com/tdewolff/minify/v2 from 2.12.2 to 2.12.3 #5868
ci(deps): bump checkmarx/kics-action from 1.5 to 1.6 #5852
ci(deps): bump styfle/cancel-workflow-action from 0.10.0 to 0.10.1 #5865
👻 Maintenance
Add community meetings schedule & link #5912
docs(queries): update queries catalog #5869
docs(kicsbot): update images digest #5853
New Contributors
@patrickpichler made their first contribution in #5901
Contributors
Assets 2
v1.6.1
🚀 New features and improvements
added 2 queries for CloudFormation and Terraform
update(coverage): code coverage improvements (#5744)
feat(workflows): add workflow to check latest software versions (#5823)
🐛 Bug fixes
fix(query): fix query descriptionText for s3 logging disabled kms rotation and iam policies (#5810) by @tomk-orca
fix(query): fix queries expected value to 'should be...' (#5816) by @liorj-orca
fix(query): fix dockerfile security query regex (#5826)
fix(query): change s3 bucket acl grants write acp security query (#5780)
fix(query): remove string check in open api security query (#5831)
fix(query): change s3 bucket with all permissions security query (#5781)
fix(query): update s3 bucket policy accepts http requests security query (#5832)
fix(query): updated lambda_function_with_privileged_role (#5833)
fix(query): fix responses with wrong http status code security query (#5834)
fix(query): fixed Docker queries related to issues 5115, 5116, and 5118 (#5295)
fix(bug): bug in get metrics script (#5796)
fix(bug): add support for certificate body process from tfvar (#5837)
fix(terraform data source): added data resources resolver (#5839)
📦 Dependency updates bumps
build(deps): bump github.com/GoogleCloudPlatform/terraformer from 0.8.21 to 0.8.22 (#5817) by @tomk-orca
build(deps): bump github.com/spf13/viper from 1.12.0 to 1.13.0 (#5766)
build(deps): bump k8s.io/client-go from 0.24.3 to 0.25.1 (#5804)
build(deps): bump github.com/aws/aws-sdk-go from 1.44.91 to 1.44.101 (#5809)
build(deps): bump github.com/open-policy-agent/opa from 0.43.0 to 0.44.0 (#5777)
ci(deps): bump actions/upload-artifact from 2 to 3 (#5764)
ci(deps): bump golang from 1.19.0-alpine to 1.19.1-alpine (#5767)
ci(deps): bump docker/setup-buildx-action from 1 to 2 (#5770)
👻 Maintenance
chore(gitlab-ci): add --ci flag to gitlab examples (#5682) by @sluetze
update(docs): correct the GH action name (#5818) by @konstruktoid
update(docs): improve information in the configuration docs (#5829) by @VladMasarik
update(docs): update remediate docs (#5794)
update(docs): docker hub docs information update (#5800)
update(docs): community tab added into the docs.kics.io website (#5806)
update(docs): update information about github action versions (#5842)
update(workflows): gh action tag update for 1.6 kics version (#5841)
update(workflows): delete branching process for major versions (#5812)
Contributors
Assets 2
v1.6.0
🚀 New features and improvements
feat(knative&crossplane): add support to knative and crossplane (#5634)
feat(report): hide secrets in report results (#5504)
feat(scan): consider .gitignore to automatically exclude paths by default (#5506)
feat(pulumi): add support to Pulumi yaml parsing (#5648)
queries(pulumi): add pulumi gcp security queries (#5654)
queries(pulumi): add pulumi aws security queries (#5653)
queries(pulumi): add pulumi azure security queries (#5658)
feat(serverlessfw): add support to serverless fw yml file parsing (#5670)
feat(knative): add knative security query and k8's pod queries interoperability (#5692)
feat(queires): add serverless framework queries (#5679)
feat(serverless): initial cloudformation security queries refactoring (#5697)
feat(engine): Kubernetes API support for runtime k8s clusters scan (#5651)
🐛 Bug fixes
fix(resolver): exclude resolve path call for the same path reference (#5511) (#5514)
📦 Dependency updates bumps
build(deps): bump github.com/zclconf/go-cty from 1.10.0 to 1.11.0
build(deps): bump github.com/aws/aws-sdk-go from 1.44.78 to 1.44.82
build(deps): bump github.com/moby/buildkit from 0.10.3 to 0.10.4
build(deps): bump helm.sh/helm/v3 from 3.9.3 to 3.9.4
ci(deps): bump goreleaser/goreleaser-action from 3.0.0 to 3.1.0
build(deps): bump github.com/mackerelio/go-osstat from 0.2.2 to 0.2.3
build(deps): bump github.com/hashicorp/hcl/v2 from 2.13.0 to 2.14.0
build(deps): bump github.com/tdewolff/minify/v2 from 2.12.0 to 2.12.1
build(deps): bump github.com/gookit/color from 1.5.1 to 1.5.2
build(deps): bump github.com/aws/aws-sdk-go from 1.44.82 to 1.44.90
build(deps): bump github.com/aws/aws-sdk-go from 1.44.90 to 1.44.91
👻 Maintenance
docs(kicsbot): update images digest
Contributors:
v1.5.15
🚀 New features and improvements
feat(queries): add new aws iam privilege escalation queries (#5423) by @gafnit-lightspin
feat(query): added App Service Without Latest Python Version query for Terraform
🐛 Bug fixes
fix(queries): add missing check in ec2 instance has public ip (#5720)
fix(queries): add additional check in iam database auth not enabled (#5719)
fix(keyExpectedValue): cloudformation-aws queries convert to a recomm… (#5646) by @liorj-orca
fix(keyExpectedValue): cloudformation-aws queries convert to a recommendation rather than a current status - stage 2 (#5647) by @liorj-orca
fix(queries): align queries cross different platforms (#5539) by @roi-orca
fix(terraform): remove resource reference in dependent policies (#5684)
fix(memory consumption): improved SplitLines function calls (#5680)
fix(resolver): consider comments in YAML resolver (#5735)
📦 Dependency updates bumps
ci(deps): bump golang from 1.18.4-alpine to 1.19.0-alpine (#5665)
ci(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 (#5676)
build(deps): bump helm.sh/helm/v3 from 3.9.2 to 3.9.3 (#5691)
build(deps): bump github.com/johnfercher/maroto from 0.37.0 to 0.38.0 (#5701)
build(deps): bump github.com/tidwall/gjson from 1.14.1 to 1.14.3 (#5704)
build(deps): bump github.com/aws/aws-sdk-go from 1.44.70 to 1.44.78 (#5705)
ci(deps): bump alpine from 3.16.1 to 3.16.2 (#5687)
Contributors: @gafnit-lightspin, @liorj-orca, @roi-orca
v1.5.14
🐛 Bug fixes
fix(query): change approach in api_gateway_with_cloudwatch_logging_disabled security query for terraform aws (#5693)
fix(queries): change queries metadata to remove the inconsistency (#5702)
fix(query): improve RegEx rule in curl_or_wget_instead_of_add (#5706)
fix(query): update_instruction_alone (#5707)
fix(docker parser): added resolver for args (#5696)
fix(tf parser): added parentheses expr to convertStringPart (#5695)
fix(query): reduced complexity of 'lambda_function_with_privileged_role' query (#5686)
📦 Dependency updates bumps
build(deps): bump golang.org/x/tools from 0.1.11 to 0.1.12 (#5640)
build(deps): bump github.com/aws/aws-sdk-go from 1.44.59 to 1.44.70 (#5672)
build(deps): bump github.com/open-policy-agent/opa from 0.42.2 to 0.43.0 (#5655)
build(deps): bump helm.sh/helm/v3 from 3.9.1 to 3.9.2 (#5632)
👻 Maintenance
update(docs): update integrations_auto_scanning_visual_studio.md (#5673)