Bot releases are hidden (Show)
Published by liamg almost 4 years ago
- Upgrade to HCL 2.7.0
- Ignore HCL errors when parsing
Published by liamg almost 4 years ago
- Add run statistics in default output
- Add option to override the custom check directory (
--custom-check-dir) - Add functionality for wildcard labels and regexMatches
Published by liamg almost 4 years ago
- Fix for check generation
Published by liamg almost 4 years ago
Published by liamg almost 4 years ago
- Parsing time has been greatly reduced (estimated 10x faster).
- Documentation has been added for all checks.
- Documentation is now built into check code and deployed to https://tfsec.dev instead of the wiki.
- Added custom check functionality.
- Added a guide for contributing checks.
- Added a snazzy new logo.
- Checks are always run in the same order to ensure consistent behaviour.
- Terraform files are now only parsed in the given directory - files are no longer parsed recursively.
- Modules are now fully supported (a
terraform initis required.) - Fixed various panics across multiple checks/parsing functions.
- All example code in documentation is now automatically tested.
- Fixed AWS046 issue with IAM policy wildcards when
Denyis used. - Fixed IPv6 CIDR message in AWS006.
- Fixed issue with severity sometimes showing as blank in all output formats.
Published by liamg about 4 years ago
- Fixed output error
Published by owenrumney about 4 years ago
- add check for wildcard policy actions
- add check for hard coded creds in aws provider
- add check for WAF when using Cloud front
Published by liamg about 4 years ago
- More AWS IAM password policy checks
Published by liamg about 4 years ago
- Fix image publishing
Published by liamg about 4 years ago
- Check for AWS IAM password reuse prevention
Published by liamg about 4 years ago
- Check CloudFront security policy version >= TLSv1.2_2019
- Add check for encryption at rest for Elasticsearch domains
- Add checks for encryption at rest and in transit for Elasticache
- Add GCP IAM user grant check
Published by liamg about 4 years ago
- Add plain text output
Published by liamg about 4 years ago
- Option to output to file (
--out) - New check: API Gateway domain name uses outdated SSL/TLS protocols.
Published by liamg over 4 years ago
- Fixes detection of open security group rules in AWS, specifically for IPv6 CIDRs
Published by liamg over 4 years ago
- Added multiple GKE checks
Published by liamg over 4 years ago
- Fixes docker push issue
Published by liamg over 4 years ago
- Publish images to docker hub
Published by liamg over 4 years ago
- Add support for Terraform function evaluation, e.g.
concatetc. - Add support for
.tfvarsfiles. - Allow gcp bucket without default key
- Whitelist
aws_instance.get_password_datato avoid GEN003 false positives
Published by liamg over 4 years ago
- Add whitelisting to avoid false positives for generic sensitive attributes
- Add parse caching to avoid hanging during scans
- Improve JUnit output for better Bitbucket integration
- Moved warnings about skipped checks to stderr to prevent malformed Junit etc. output
- Added support for dynamic blocks utilising
for_each - Checks are now done for multiple egress/ingress blocks in security groups
- Added
--exclude-dir [directory]flag to exclude directories from scans - Check access param of azure sg rules
Published by liamg over 4 years ago
- New: AWS023: Ensure ECR repository image scans are enabled
- New: AWS024: Ensure Kinesis streams have encryption enabled
