Skip to content
This repository has been archived by the owner on Jun 25, 2021. It is now read-only.

Latest commit

 

History

History
90 lines (79 loc) · 4.29 KB

CHANGELOG.md

File metadata and controls

90 lines (79 loc) · 4.29 KB

This is the current, previous and future development milestones and contains the features backlog.

0.1.0

  • Initial prototype supporting a terraform.tfstate from the AWS provider and tagged profiles
  • Produces a dynamic set of AWS generated controls

0.2.0

0.3.0

  • CloudFormation support through the stack-name entry
  • Wrap control in a full profile for upload
  • document Linux Omnibus installer usage
  • More profile options to fill out the inspec.yml from the CLI
  • .rubocop.yml synced to InSpec v2.2.79 and Rubocop 0.55
  • Switch to Inspec::BaseCLI for the helper methods
  • use new plugin include path (for old v1 plugins) @chris-rock
  • allowing for multiple modules to be included in generate output @devoptimist

0.4.0

  • Primarily @clintoncwolfe, refactoring and modifying for Plugin API
  • Overhaul to match InSpec Plugin API2/InSpec v3.0
  • Place code under InspecPlugins::Iggy namespace
  • Re-Organize tests
  • Add tests for testing plugin interface
  • Add tests for testing user functionality
  • Expand Rakefile

0.5.0

  • provide DESIGN.md explaining the organization of the code
  • disabled the inspec terraform extract subcommand until a more sustainable solution is determined
  • moved back to https://github.com/mattray/inspec-iggy as a community plugin
  • Sync and upgrade InSpec's .rubocop.yml and associated code cleanups
  • rename lib/inspec-iggy/profile.rb to profile_helper.rb
  • refactor out JSON parsing into file_helper.rb
  • switch from 'eq' to 'cmp' comparators #23
  • enable minimal Azure support. This needs to be refactored.
  • add support for remote .tfstate and .cfn files via Iggy::FileHelper.fetch #3

0.6.0

  • InSpec 4.0 support added
  • enable AWS, Azure, and GCP platform and resource pack support
  • inspec terraform negative was added, providing negative coverage testing
  • unit tests were broken by updates in InSpec and fixed. Functional and integration tests were disabled for now.
  • switch to Chefstyle like InSpec and Chefstyle the generated controls

0.7.0 (The SysAdvent demo Release)

  • added 'inspec iggy' subcommand for displaying help and version
  • Terraform 0.12 support
  • Restored initial AWS support, minimal testing
  • aws_ec2_instance, aws_elb, aws_security_group, aws_subnet, aws_vpc
  • Terraform AWS Provider Two Tier demo

0.8.0 (Terraform AWS demos release)

  • make platform and resourcepack required
  • aws_alb, aws_cloudformation_stack, aws_cloudtrail_trail, aws_route_table added without testing, expect issues
  • Terraform AWS Provider ELB demo
  • create new InSpec tests to validate the generated reports to look for regressions as we change out the property mapping. It's too manual and fragile.

0.8.1

  • look into refactoring discovery of resources and properties instead of hard-coded technique
  • clean up deprecation warnings by using the Inspec::Object classes from the inspec-objects rubygem

NEXT

  • Restore and re-test AWS, Azure, GCP from resource packs using their Terraform plans
  • Verify CloudFormation support
  • Implement ARM templates
  • document inspec with a reporter to push the reports into Automate
  • document uploading profiles to Automate and creating scan jobs via API
  • document/specify inspec-aws https://github.com/inspec/inspec-aws/releases
  • add negative testing for CloudFormation

BACKLOG

  • CloudFormation can be JSON or YAML
  • allow disabling of individual negative tests from CLI?
  • additional attributes (ie. vpc_id) passed via inputs?
  • allow passing alternate source of depends profiles
  • document Windows Omnibus installer usage
  • Habitat packaging
  • Terraform
  • restore extract functionality
    • create a Terraform Provisioner for attaching InSpec profiles to a resource
    • Tie tagged compliance profiles back to machines and non-machines where applicable (ie. AWS Hong Kong)