Skip to content

Latest commit

 

History

History
1200 lines (930 loc) · 109 KB

CHANGELOG.md

File metadata and controls

1200 lines (930 loc) · 109 KB

Changelog

v1.18.3 (2023-08-03)

Full Changelog

Merged pull requests:

Changelog

v1.18.2 (2023-07-26)

Full Changelog

Merged pull requests:

Changelog

v1.18.1 (2023-04-13)

Full Changelog

Merged pull requests:

Changelog

v1.18.0 (2023-02-06)

Full Changelog

Closed issues:

  • AC_DOCKER_0041 Issues #1522
  • accurics.gcp.IAM.145 triggers for GitHub repos #1295
  • imageVersionnotusinglatest and AC_DOCKER_0041 Issue #1099
  • Inconsistent notation for severity in output (sometimes uppercase, sometimes not) #955

Merged pull requests:

  • Bump github.com/aws/aws-sdk-go from 1.43.16 to 1.44.193 #1534 (dependabot[bot])
  • Bump google.golang.org/api from 0.103.0 to 0.109.0 #1530 (dependabot[bot])
  • Fix description and version rule #1523 (kylewintaur)
  • APE-11967 : error due to new attribute in terraform cause all other working module and resources to be ignored #1517 (nitumore)
  • Consolidate spelling of severity levels to all uppercase LOW/MEDIUM/HIGH #1516 (hoexter)
  • Remove wrongly placed github_repository policy from gcp folder #1515 (hoexter)
  • APE-8064 - Support one or more values.yaml file as an input to helm scan #1501 (nitumore)

Changelog

v1.17.1 (2022-12-16)

Full Changelog

Merged pull requests:

Changelog

v1.17.0 (2022-11-17)

Full Changelog

Implemented enhancements:

Merged pull requests:

Changelog

v1.16.0 (2022-10-19)

Full Changelog

Implemented enhancements:

Closed issues:

  • installation error #1403
  • Calling attention to your documentation... #1384
  • Docs don't mention pre-requirements #1345
  • resource ID has an invalid format Dockerfile #1344
  • Error message scanning IaC Types #1259
  • False positive with AWS provider >=4.x style bucket resources #1219

Merged pull requests:

Changelog

v1.15.2 (2022-06-13)

Full Changelog

Closed issues:

  • Export Windows files in release using zip extension #1280

Merged pull requests:

Changelog

v1.15.2 (2022-06-13)

Full Changelog

Closed issues:

  • Export Windows files in release using zip extension #1280

Merged pull requests:

  • fixes: panic in case of zap logger init on windows os #1283 (Rchanger)

Changelog

v1.15.1 (2022-05-20)

Full Changelog

Merged pull requests:

Changelog

v1.15.0 (2022-05-10)

Full Changelog

Fixed bugs:

  • Issue with Terrascan and CloudFormation #1235

Closed issues:

  • Terrascan 1.13.2 version uses go 1.16.14 version which has High vulnerability. When can we expect the release with go version 1.17? #1190

Merged pull requests:

Changelog

v1.14.0 (2022-04-01)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Terrascan creates ~/.terrascan even though policy directory is supplied #1209
  • Terrascan 1.13.2 version uses go 1.16.14 which has High vulnerability. When is the release with go 1.17 version expected? #1183
  • Blocks of type "moved" not supported #1182
  • Intermittent error running terrascan - rego_parse_error: unexpected assign token: non-terminated set #1180
  • cli/run.go:110 scan run failed{error 26 0 failed to initialize OPA policy engine} #1178
  • Can't parse Terraform variable field: nullable #1176
  • AC_AWS_0214 not backward compatible #1172
  • azurerm_key_vault_secret error not in line with tests #1163
  • Support AWS Terraform provider v4 for S3 buckets #1162

Merged pull requests:

Changelog

v1.13.2 (2022-02-22)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Is it possible to use terrascan in an offline environment #1154
  • Support AWS provider version 4.0.0 #1152
  • False positives and false negatives - AC_AWS_0215 / AWS.S3Bucket.DS.High.1043 #1139
  • False positive: AWS.RDS.DataSecurity.High.0414 / AC_AWS_0058 #1135
  • AC_GCP_0014 (dnsStateIsNotOn) false positive #1033

Merged pull requests:

Changelog

v1.13.1 (2022-02-10)

Full Changelog

Implemented enhancements:

Closed issues:

  • Issue with skipped violations using CircleCI and JUnit output format #1122

Merged pull requests:

Changelog

v1.13.0 (2022-01-05)

Full Changelog

Closed issues:

  • AC_DOCKER_0001 Trigger for no reason #1103
  • Rule ID mismatch for #ts:skip annotation #1097

Merged pull requests:

Changelog

v1.12.0 (2021-10-21)

Full Changelog

Fixed bugs:

  • A scan should NOT crash if the notification doesn't work as expected #1044
  • Rotation period for KMS keys not correctly interpreted (GCP) #699

Closed issues:

  • pre-commit hook reporting error with terrascan #1053
  • Terrascan: Not working in a Repository referencing other repository #1030
  • vulnerabilities found in accurics/terrascan_atlantis image #1029

Merged pull requests:

Changelog

v1.11.0 (2021-10-07)

Full Changelog

Implemented enhancements:

  • How to ignore rules onto whole module included into HCL file #983
  • Adds: support for harbor registry vulnerability fetching #1015 (Rchanger)

Fixed bugs:

  • panic: value is null #1019

Closed issues:

  • helm chart breaking due to invalid configfile name extension #1046

Merged pull requests:

Changelog

v1.10.0 (2021-08-24)

Full Changelog

Implemented enhancements:

  • Add capability to extract references to container images in K8s ecosystem IaC #881

Fixed bugs:

  • Terrascan does not exit with error code in pipeline or CLI #950

Closed issues:

  • Links are Not formatted Properly in Contributor Doc #969
  • Enabling dependabot or renovate for automatic dependency update #959
  • AC_K8S_0131 triggers on a Namespace resource #957
  • Integrity issue with Kustomize v4 support #956
  • Add Support For ECR #927
  • Add capability to extract references to container images in terraform #898
  • Kustomize support says v3 but is actually v4 #891

Merged pull requests:

v1.9.0 (2021-08-06)

Full Changelog

Implemented enhancements:

  • Dockerfile Support #798
  • pre-commit hook #311
  • Add support for CFT nested stacks #949
  • Adds support for using Terraform modules cached locally #940

Fixed bugs:

  • Helm chart scans use only 4 policies #946

Closed issues:

  • Link to docks in README #944
  • Ensure remote modules are downloaded only once #936
  • Rule suppression for specific resources #868

Merged pull requests:

v1.8.1 (2021-07-22)

Full Changelog

Closed issues:

  • terrascan init should not be triggered if the user only wants to generate normalised json. #926
  • No rules are processed in GitlabCI #925
  • Scanning remote modules doesn't have same results as for scanning Terraform plan itself #923
  • Module AWS.KMS.Logging.High.0400 seems to serve no purpose #917
  • Secure ciphers are not used in CloudFront distribution #875
  • Correct point in time recovery for DynamoDB still leads to violation #838

Merged pull requests:

v1.8.0 (2021-07-02)

Full Changelog

Implemented enhancements:

  • Add Support for new reference id field #786

Fixed bugs:

  • Sarif output has wrong file path value for file scans #861
  • 'k8s' key updated multiple times in policy package #439

Closed issues:

  • Terrascan is failing in scan #887
  • Refactor to Disable CGO #884
  • Issue on Azure Pipelines: failed to initialize terrascan 1.7.0 #864
  • Can't skip rules with underscore #856
  • Recursive Loop Scanning Terraform #851
  • Improve filenames in remote modules #841
  • Issues running terrascan in azure pipelines #835

Merged pull requests:

v1.7.0 (2021-06-09)

Full Changelog

Implemented enhancements:

  • Enhancement: Support sarif as output format #775
  • Admission Controller e2e tests #749
  • Enhance terrascan docker to support all terrascan run modes #748
  • Config file changes for server and admission controller #747
  • Create Helm charts for the terrascan admission webhook setup. #685
  • Enhancement: Use module instance name for download directory #672

Fixed bugs:

  • Azure AKS failing to check the network policy status. #789
  • Scan for terraform doesn't error out if a module definition refers to a directory with no tf files #782
  • Wrong detection of MemoryRequestsCheck,CpuRequestsCheck,noReadinessProbe and nolivenessProbe policy in k8s Job spec #767
  • Update Docker build for terrascan to use numeric UID #766
  • Wrong detection of AllowPrivilegeEscalation (policy AC-K8-CA-PO-H-0165) in K8s pod spec #721
  • Failed to run prepared query error in opa/engine.go #709
  • tfplan should use resource address for id field #702
  • Rule IDs with spaces cannot be skipped #610
  • AWS.CloudFront.Network Security.Low.0568 Doesn't allow skipping due to space in filename #549
  • Error parsing syntax if using complex query for dynamic ip_restriction in azurerm_function_app or azurerm_app_service resource #433

Closed issues:

  • Add support for YAML format for terrascan config file #807
  • Add ID field #805
  • Add a middleware to log incoming http(s) requests on terrascan server #784
  • terrascan server: validation missing for --cert-path and --key-path #769
  • show-passed should report passes only for the existing resources #757
  • Out of the box handling of certificates in helm charts for terrascan in Server mode #756
  • In-file Instrumentation #755
  • Release 1.5.2 or 1.6.0 #745
  • Issue in GCP Policyfile unrestrictedRdpAccess.rego #735
  • accurics.azure.AKS.3 is defective #711
  • Rule lambdaNotEncryptedWithKms should not check for KMS when env vars are not being used #682
  • Terrascan does not resolve env var for aws_rds_cluster attribute storage_encrypted #678
  • Valid Terraform configuration fails with s3EnforceUserAcl #659
  • kmsKeyExposedPolicy:22: eval_builtin_error: json.unmarshal: invalid character '$' looking for beginning of value} #627
  • Terrascan not able to find terraform config files in a sub directory, but it works in case of k8s infrastructure type #622
  • Potential nil-dereference found while fuzzing #611
  • terrascan should have a category-list command #597
  • Improved Documentation #416
  • Improve test coverage for k8s #400

Merged pull requests:

v1.6.0 (2021-05-10)

Full Changelog

Implemented enhancements:

  • Atlantis Integration #686
  • Enhancement: support for all iac scan for cli #673
  • Feature request: scan sub-folders too #411

Fixed bugs:

  • Admission Controller Doesn't display feedback for kubectl "create" and "apply" #731

Closed issues:

  • GKE Control Plane is exposed to few public IP addresses #743
  • Error with finding Enable AWS CloudWatch Logs for APIs #730
  • Task: Add to github actions ability to build/push terrascan_atlantis image #728
  • accurics.azure.NS.161 does not work with tfplan #725
  • terrascan "latest" docker image broken for tfplan #718
  • Local expansion recursive infinite loop #690

Merged pull requests:

v1.5.0 (2021-04-23)

Full Changelog

Fixed bugs:

  • Recursive loop expanding variables in included module #675
  • Terrascan doesn't resolve terraform complex variables #656
  • Panic while resolving floating point variable #652
  • Terrascan using absolute path for "source" value of resource #642
  • Failed to initialize terrascan. error : failed to install policies #614
  • Terrascan not able to read modules within a subdirectory #600
  • Terrascan init command doesn't work with -c flag #550

Closed issues:

  • Not able to scan repo when google terraform module defined #681
  • The link referencing the documentation to integrate Terrascan into CI/CD is broken #669
  • Make saving of "admission request" configurable via an option in the config file for the validating admission webhook #664
  • Add API_KEY to the /logs endpoint for the validating admission webhook #662
  • Panic: not a string #647
  • unit tests and e2e tests failing on windows #639
  • Add support for private terraform repos #631
  • policy not evaluating #629
  • Terrascan does not support to download modules via SSH #621
  • terrascan scan fails if path and rego_subdir are not provided together in the toml configfile #619
  • Getting error while running scan on our terraform repo #607
  • Terrascan not found policy id #601
  • Policies Violated and Violated Policies are confusing. #598
  • Invalid categories not being validated from config file #594
  • Terrascan API server's file scan doesn't work for k8s yaml files #584
  • Add /go/bin to the PATH variable in Docker image #577
  • terrascan scan command doesn't work with TERRASCAN_CONFIG env variable #570
  • Format junit-xml need to have passed test results, not only failed test #563
  • optimize policy download process in terrascan init #535

Merged pull requests:

v1.4.0 (2021-03-05)

Full Changelog

Implemented enhancements:

  • Scanning terraform plan files #407
  • Adds support for junit xml output #527
  • Adds e2e test scenarios for help and scan command #564
  • Adds e2e tests for api server #585
  • Please checkout our new GitHub Action!

Fixed bugs:

  • Fixed a few bugs in the init command and downloading of fresh policies, including #561
  • Difference in violated policies for the same terraform file #519
  • false positive for AWS.Instance.NetworkSecurity.Medium.0506 #404
  • accurics.gcp.IAM.122 needs to take into account the new name for Uniform bucket-level access flag #329
  • fix the 'repo already exist' bug and improve error logging for terrascan init #552 (dev-gaur)

Closed issues:

  • terrascan API server's file scan always returns the resource config #578
  • Issue on Azure DevOps Agents since 1.3.2 : failed to initialize terrascan #561
  • Could not get terrascan init to work - would not download policy documents #551

Merged pull requests:

v1.3.2 (2021-02-03)

Full Changelog

Fixed bugs:

  • terrascan init should download new policies #521

Closed issues:

  • How to get rid of "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary." #405
  • False Positive for accurics.azure.NS.161 when Security Groups Association and Subnets are defined independently from VNet #391
  • Calico is not supported as a valid Network Security for azurerm_kubernetes_cluster #376

Merged pull requests:

v1.3.1 (2021-01-22)

Full Changelog

Implemented enhancements:

  • Support for remote modules
  • Tag container image with release version #504

Fixed bugs:

  • Build error on ARM MacOS
  • terrascan consider source = "terraform-aws-modules/vpc/aws" as local path #418
  • Failed to read module directory #332

Closed issues:

  • Custom Variable Validation no longer experimental in 0.13 #500

Merged pull requests:

v1.3.0 (2021-01-19)

Full Changelog

Implemented enhancements:

  • Prints output in human friendly format #168
  • Support for rule suppression using terraform comments,kubernetes annotations, cli arguments, and config file.
  • New Policies for Kubernetes #480
  • Tag released Docker images #398
  • Add policy for checking insecure_ssl configuration for github_repository_webhook in GitHub provider #355
  • Introduced support for terraform .14 and .13. Note: This will introduce some breaking changes for terraform v.12 files, even if using --iac-version v.12 flag. Notably we will no longer support multiple providers blocks, and certain references inside provisioner blocks (objects other than self, count or each, where when = destroy) . For more details see: https://github.com/hashicorp/terraform/releases/tag/v0.13.0

Fixed bugs:

  • terrascan doesn't allow registering multiple versions for an iac-type #471
  • Debug resource lock #432
  • terrascan panic: not a string #412
  • False positive for aws rule vpcFlowLogsNotEnabled #408
  • accurics.GCP.EKM.132 and accurics.GCP.EKM.131 wrong violation using disk_encryption_key #382
  • s3EnforceUserACL - False Positive #359
  • How to fix accurics.azure.EKM.20 #331
  • Why accurics.gcp.IAM.104 suggests enabling a client certificate? #330

Closed issues:

  • terraform can't detect violations in terraform modules #468
  • uniformBucketEnabled.rego referencing deprecated config #453
  • Unable to run terrascan scan #446
  • Terrascan doesn't exit with error on CLI or Parsing errors. #442
  • Terrascan Failure When Using Terraform 13 + Variable Validation #426
  • Update policy example in documentation to use latest GitHub implementation #422
  • Fix link to repo playground in policies documentation #421
  • terrascan scan crashes with runtime: goroutine stack exceeds 1000000000-byte limit #406
  • Typo error in the terrascan Architecture page #403
  • accurics.gcp.OPS.114 should also check for cos_containerd image #395
  • accurics.gcp.NS.112 suggest basic auth is enabled when is not #394
  • Test coverage missing for kustomize iac-provider #379
  • Why is vpcFlowLogsNotEnabled determined to be a violation? #352

Merged pull requests:

v1.2.0 (2020-11-16)

Full Changelog

Implemented enhancements:

  • Add support for Helm #353
  • Add 'git' to container image, or run container as 'root' user by default #349
  • Add policy for checking insecure_ssl configuration for github_organization_webhook in GitHub provider #339
  • Rule for github_repository seems to be wrongly placed under gcp #325

Fixed bugs:

  • Fail to validate when there are multiple properties with the same name in a resource #1

Closed issues:

  • Deep modules location mis-processed. #365
  • 20MB binary file included in repo now #364
  • Private GitHub repositories are not recognized with version 3.0.0+ of GitHub provider #326
  • Terrascan -var-file=../another dir #144
  • Error in test_aws_security_group_inline_rule_open and test_aws_security_group_rule_open #138
  • Initial setup after installation #136
  • Add support for data sources #3
  • Support from modules #2

Merged pull requests:

v1.1.0 (2020-09-16)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Terrascan wrongly reports a accurics.gcp.NS.130 (checkIpForward) violation #320
  • Allow structure output (Json) #252
  • Throwing Errors when parsing nested brackets in HCL #233
  • Be able to generate xml/html reports #119

Merged pull requests:

1.0.0 (2020-08-16)

Major updates to Terrascan and the underlying architecture including:

  • Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling.
  • Server mode. This allows Terrascan to be executed as a server and use it's API to perform static code analysis
  • Notifications hooks. Will be able to integrate for notifications to external systems (e.g. email, slack, etc.)
  • Uses OPA policy engine and policies written in Rego.

0.2.3 (2020-07-23)

  • Introduces the '-f' flag for passing a list of ".tf" files for linting and the '--version' flag.

0.2.2 (2020-07-21)

  • Adds Docker image and pipeline to push to DockerHub

0.2.1 (2020-06-19)

  • Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the ">=" operator.

0.2.0 (2020-01-11)

  • Adds support for terraform 0.12+

0.1.2 (2020-01-05)

  • Adds ability to setup terrascan as a pre-commit hook

0.1.1 (2020-01-01)

  • Updates dependent packages to latest versions
  • Migrates CI to GitHub Actions from travis

0.1.0 (2017-11-26)

  • First release on PyPI.

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator