Bot releases are visible (Hide)
Published by owenrumney over 2 years ago
What's Changed
- feat: Combine AWS IAM wildcards in same statement by @liamg in https://github.com/aquasecurity/tfsec/pull/1461
- fix: Allow multiple database flags in Google SQL Instance by @liamg in https://github.com/aquasecurity/tfsec/pull/1459
- fix: check that the rotation value is set before casting to string" by @owenrumney in https://github.com/aquasecurity/tfsec/pull/1462
Full Changelog: https://github.com/aquasecurity/tfsec/compare/v1.0.6...v1.0.7
Published by liamg over 2 years ago
What's Changed
- fix: use gobinary go1.17 with goreleaser by @liamg in https://github.com/aquasecurity/tfsec/pull/1457
Full Changelog: https://github.com/aquasecurity/tfsec/compare/v1.0.5...v1.0.6
Published by liamg over 2 years ago
What's Changed
- chore: Add stale issue/pr automation action by @liamg in https://github.com/aquasecurity/tfsec/pull/1451
- fix: gke adapter panic and dependency issue by @liamg in https://github.com/aquasecurity/tfsec/pull/1456
Full Changelog: https://github.com/aquasecurity/tfsec/compare/v1.0.4...v1.0.5
Published by liamg over 2 years ago
What's Changed
- fix: check that expiration date is a valid string by @owenrumney in https://github.com/aquasecurity/tfsec/pull/1447
- fix: Downgrade zclconf/go-cty to match hcl package version and fix panic by @liamg in https://github.com/aquasecurity/tfsec/pull/1448
Full Changelog: https://github.com/aquasecurity/tfsec/compare/v1.0.3...v1.0.4
Published by liamg over 2 years ago
What's Changed
- fix: Handle output when terraform metadata is missing from rule by @liamg in https://github.com/aquasecurity/tfsec/pull/1441
- fix: correct autoscaling duplication for instances by @owenrumney in https://github.com/aquasecurity/tfsec/pull/1442
- fix: S3 adapter can now check references without requiring resolvable values by @liamg in https://github.com/aquasecurity/tfsec/pull/1443
- fix: Fix ignores not being parsed correctly without spaces by @liamg in https://github.com/aquasecurity/tfsec/pull/1444
Full Changelog: https://github.com/aquasecurity/tfsec/compare/v1.0.2...v1.0.3
Published by owenrumney over 2 years ago
Changelog
- 20fca5ab fix: Fix binary name for the checkgen binary (#1435)
- 14cf06df fix: Fix the version at build time using Tag (#1434)
Published by owenrumney over 2 years ago
Changelog
- 20fca5ab fix: Fix binary name for the checkgen binary (#1435)
- 14cf06df fix: Fix the version at build time using Tag (#1434)
Published by liamg over 2 years ago
What's Changed
tfsec now uses rules which are defined as part of the defsec project. This means the same rules you're used to from tfsec can now be applied to other technologies (such as CloudFormation via cfsec). The main responsibility of tfsec is now to translate Terraform code into a format that defsec understands in order to apply it's own rules.
The v1 version is largely the summit of a mountain of refactoring efforts. From this point forward we don't expect huge changes to the general architecture of the project, or the way it is used, but instead hope to focus on adding lots more rules and driving up the quality and intelligence of existing rules.
Breaking Changes
- The
--detailed-exit-codeflag has been removed. The detailed exit code is now provided by default. - As before, tfsec indicates a failure with a non-zero exit code, but not necessarily 1.
- The deprecated
--include,ignore-warnings, and--ignore-infoflags have been removed. - The behaviour of
--outand--formathave changed slightly - please read the usage help for more information. - The
--sort-severityflag has been removed - results are now sorted by severity by default.
Notable Changes
New Features
- Add
--migrate-ignoreswhich will replace all legacy ignore rules with up-to-date IDs by @owenrumney in https://github.com/aquasecurity/tfsec/pull/1259 - Add support for grouping of results when they originate in the same module, the same
for_eachor the samecount(disable with-G) by @liamg in https://github.com/aquasecurity/tfsec/pull/1410 - Add arm docker images by @owenrumney in https://github.com/aquasecurity/tfsec/pull/1375
- Terraform v1.1 Support: Add support for moved blocks tf 1.1.0+ by @martijnvdp in https://github.com/aquasecurity/tfsec/pull/1204
- Terraform v1.1 Support: Init module sources by @martijnvdp in https://github.com/aquasecurity/tfsec/pull/1206
Custom Checks
- Add recursive loading of child directories for custom checks by @japan-p in https://github.com/aquasecurity/tfsec/pull/1071
- Only load custom checks once by @owenrumney in https://github.com/aquasecurity/tfsec/pull/1305
- Custom checks: requiresPresence's subMatches now get processed too by @gabrielleecredera in https://github.com/aquasecurity/tfsec/pull/1340
- Fix issue where custom check regexMatches action wasn't being handled correctly by @gabrielleecredera in https://github.com/aquasecurity/tfsec/pull/1343
- Add optional "assignVariable" attribute to "matchSpec" by @gabrielleecredera in https://github.com/aquasecurity/tfsec/pull/1338
Rule Changes
- Add support for unlimited retention policy for azurerm_sql_server by @atombrella in https://github.com/aquasecurity/tfsec/pull/1243
- Remove false positive in vault pki by @liamg in https://github.com/aquasecurity/tfsec/pull/1254
- Fix elastic search domain logging by @liamg in https://github.com/aquasecurity/tfsec/pull/1400
- Whitelist kubernetes_service_account token by @liamg in https://github.com/aquasecurity/tfsec/pull/1317
Other Changes
- Ignores can now be specified at any level - attribute, block or module definition by @liamg in https://github.com/aquasecurity/tfsec/pull/1409
New Contributors
Thanks to all of our awesome new contributors!
- @arbourd made their first contribution in https://github.com/aquasecurity/tfsec/pull/1183
- @zyellowhorse made their first contribution in https://github.com/aquasecurity/tfsec/pull/1181
- @vanesasejdiu made their first contribution in https://github.com/aquasecurity/tfsec/pull/1197
- @m00lecule made their first contribution in https://github.com/aquasecurity/tfsec/pull/1180
- @martijnvdp made their first contribution in https://github.com/aquasecurity/tfsec/pull/1204
- @chaspy made their first contribution in https://github.com/aquasecurity/tfsec/pull/1223
- @japan-p made their first contribution in https://github.com/aquasecurity/tfsec/pull/1071
- @gabrielchl made their first contribution in https://github.com/aquasecurity/tfsec/pull/1263
- @ewelch16 made their first contribution in https://github.com/aquasecurity/tfsec/pull/1292
- @kaitoii11 made their first contribution in https://github.com/aquasecurity/tfsec/pull/1344
- @gabrielleecredera made their first contribution in https://github.com/aquasecurity/tfsec/pull/1340
- @Yajo made their first contribution in https://github.com/aquasecurity/tfsec/pull/1389
Special Thanks
- @vanesasejdiu for all of their hard work on the defsec rule transition.
- @gabrielleecredera for their massive contribution to custom checks.
- @martijnvdp for their quick reaction in getting support added for Terraform v1.1.
- @atombrella For various changes and suggestions.
Full Changelog: https://github.com/aquasecurity/tfsec/compare/v0.63.1...v1.0.0
Published by liamg over 2 years ago
⛰️ Release Candidate 8
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by liamg over 2 years ago
⛰️ Release Candidate 7
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by liamg over 2 years ago
⛰️ Release Candidate 6
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by liamg over 2 years ago
⛰️ Release Candidate 5
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by liamg over 2 years ago
⛰️ Release Candidate 4
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by liamg over 2 years ago
⛰️ Release Candidate 3
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by liamg over 2 years ago
⛰️ Release Candidate 2
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by liamg over 2 years ago
⛰️ Release Candidate 1
Please use the linked discussion for questions or raise issues directly for regressions/bugs.
Thanks for helping us to reach v1!
⚠️ Warning
Only use this if you want cutting-edge changes and know what you're doing - please use the latest stable release otherwise.
Published by github-actions[bot] almost 3 years ago
Changelog
- 62a63d8e Update the docs
- cfb1230c Update the usage parameters
Docker images
docker pull aquasec/tfsec-ci:v0.63.1docker pull aquasec/tfsec-ci:v0.63.1docker pull aquasec/tfsec-ci:v0.63docker pull aquasec/tfsec:v0.63.1docker pull aquasec/tfsec-alpine:v0.63.1docker pull aquasec/tfsec-scratch:v0.63.1docker pull aquasec/tfsec-scratch:v0.63docker pull aquasec/tfsec:v0.63.1docker pull aquasec/tfsec:v0.63docker pull aquasec/tfsec-alpine:v0.63.1docker pull aquasec/tfsec-alpine:v0.63docker pull aquasec/tfsec-scratch:v0.63.1
Published by github-actions[bot] almost 3 years ago
Changelog
- 1331a6d5 Add support for --exclude-path (#1173)
- 061ab53a Bump github.com/hashicorp/hcl/v2 from 2.10.1 to 2.11.1 (#1169)
- 0ef7e90b Fix the gcp enable flow logs check (#1174)
- 9645e6e4 add debug option (#1172)
Docker images
docker pull aquasec/tfsec-ci:v0.63.0docker pull aquasec/tfsec-ci:v0.63.0docker pull aquasec/tfsec-ci:v0.63docker pull aquasec/tfsec:v0.63.0docker pull aquasec/tfsec-alpine:v0.63.0docker pull aquasec/tfsec-scratch:v0.63.0docker pull aquasec/tfsec-scratch:v0.63docker pull aquasec/tfsec:v0.63.0docker pull aquasec/tfsec:v0.63docker pull aquasec/tfsec-alpine:v0.63.0docker pull aquasec/tfsec-alpine:v0.63docker pull aquasec/tfsec-scratch:v0.63.0
Published by github-actions[bot] almost 3 years ago
Changelog
- 0a1997e4 Add provider to passed checks
- 1afc0f32 Add support for custom checks via trivy etc. in external scanner (#1171)
- 3dc662ab Use KMS ARN in the ECR encryption good example (#1165)
- 75298e2c update ignore documentation
Docker images
docker pull aquasec/tfsec-ci:v0.62.0docker pull aquasec/tfsec-ci:v0.62.0docker pull aquasec/tfsec-ci:v0.62docker pull aquasec/tfsec-scratch:v0.62.0docker pull aquasec/tfsec-scratch:v0.62docker pull aquasec/tfsec-scratch:v0.62.0docker pull aquasec/tfsec:v0.62.0docker pull aquasec/tfsec:v0.62docker pull aquasec/tfsec-alpine:v0.62.0docker pull aquasec/tfsec-alpine:v0.62docker pull aquasec/tfsec:v0.62.0docker pull aquasec/tfsec-alpine:v0.62.0
Published by github-actions[bot] almost 3 years ago
Changelog
- 6dcfe98a Add Result Service
- 07dcc9a5 disable twitter announcer
- 6d567101 remove dupe method
Docker images
docker pull aquasec/tfsec-ci:v0.61.3docker pull aquasec/tfsec-ci:v0.61.3docker pull aquasec/tfsec-ci:v0.61docker pull aquasec/tfsec-scratch:v0.61.3docker pull aquasec/tfsec-scratch:v0.61docker pull aquasec/tfsec-scratch:v0.61.3docker pull aquasec/tfsec:v0.61.3docker pull aquasec/tfsec:v0.61docker pull aquasec/tfsec-alpine:v0.61.3docker pull aquasec/tfsec-alpine:v0.61docker pull aquasec/tfsec:v0.61.3docker pull aquasec/tfsec-alpine:v0.61.3
