Releases: Checkmarx/kics
v1.7.7
🚀 New features and improvements
feat(panic): add panic handler to possible panic places in #6527
🐛 Bug fixes
fix(query): query search_key now contains correct value of resource in #6655
fix(workflow): skip apache license workflow if user is a bot in #6657
fix(parser): added condition in convertExpression in #6635
fix(engine): skip broken symlink/eloop by @liorj-orca in #6665
fix(parser): support nameless tf resources by @liorj-orca in #6510
fix(query): support GCP IAM policy members as lists by @Tohar-orca in #6548
👻 Maintenance
update(doc): kics github action version update in #6667
docs(queries): update queries catalog in #6662
Contributors
Assets 3
v1.7.6
🚀 New features and improvements
feat(query): docdb logging is disabled for pulumi in #6556
feat(query): docdb logging is disabled for crossplane in #6557
feat(query): docdb logging is disabled for cloudformation in #6555
feat(parser): ansible inventory in #6516
feat(query): amazon rds db instance publicly accessible query for pulumi in #6562
feat(query): rds DB Instance Publicly Accessible for Crossplane in #6615
feat(parser): ansible configuration support in #6595
feat(engine): add kics analyze command in #6582
feat(workflow): github workflow to check for apache license in #6606
feat(workflow): new github workflow that checks the PR's Go coverage in #6656
🐛 Bug fixes
fix(query): db instance publicly accessible ansible query refactor in #6558
fix(query): amazon db instance publicly accessible for terraform query refactor in #6560
fix(query): alicloud rds instance address publicly accessible terraform query refactor in #6559
fix(query): amazon rds db instance publicly accessible query refactor in #6561
fix(workflow): fix Pwn Request Vulnerability by @AdnaneKhan in #6638
fix(query): fixed terraform azure query where min_tls_version was not accepting string in #6622
fix(workflows): fixed community label being added to bots prs and pr titles in other workflows in #6597
fix(coverage): add test for analyze command in #6654
fix(test): kics go coverage in #6658
📦 Dependency updates bumps
build(deps): bump github.com/emicklei/proto from 1.11.1 to 1.11.2 in #6380
build(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 in #6502
ci(deps): bump lots0logs/gh-action-get-changed-files from 2.1.4 to 2.2.2 in #6406
build(deps): bump github.com/hashicorp/terraform-json from 0.15.0 to 0.16.0 in #6279
ci(deps): bump golang from 1.20.6-alpine to 1.20.7-alpine in #6588
👻 Maintenance
docs(main): add discord invite to readme by @baruchiro in #6570
docs(queries): update queries catalog in #6612
New Contributors
- @baruchiro made their first contribution in #6570
- @AdnaneKhan made their first contribution in #6638
Contributors
Assets 3
v1.7.5
🚀 New features and improvements
feature(engine): upgrade engine error handling for self ref in yaml/json files in #6532
feat(workflow): added github workflow to validate pr title in #6537
feat(workflow): added github workflow to add labels to issues according to its title in #6551
🐛 Bug fixes
fix(secrets): improve oAuthSecret secret to detect more valid characters in #6522
fix(regex): add Quotation mark in #6529
fix(query): non detection of . in vars for Terraform in #6534
fix(summary): add SearchLine Key to qItem in #6494
fix(query): transit_encryption attribute changed in #6477
fix(query): split One Query Policy in #6540
fix(query): add CidrIp Comparision in #6542
fix(query): add Allow Rule to Generic Private Key in #6538
fix(inspector): change regex special mask in #6535
fix(query): change ExpectedValue and ActualValue in #6543
fix(analyzer): remove optional dockercompose regex in #6539
📦 Dependency updates bumps
ci(deps): bump golang from 1.20.5-alpine to 1.20.6-alpine in #6512
👻 Maintenance
docs(queries): update queries catalog in #6546
update(docker): drop patch version from alpine docker tag in #6463
v1.7.4
🚀 New features and improvements
Remove searching for vuls in resolved files in #6500
🐛 Bug fixes
iam_access_analyzer_not_enabled Query Changed in #6490
fix(comment): Changed comment count in #6472
Fix FN in string due to bad allowRule matches in #6497
fix(query): ddd missing search value in response code missing query for open api in #6508
fix(regex): added regex into allow rule list in #6506
Fix(Extracted-Info) - Fix metadata.json from template being used in #6515
Fix(Regex) - fix putty file key query regex in #6517
Fix(Engine) - Fix resolver panic in #6519
fix(resolver): recover panic during resolve in #6511
Fix(Engine) - Json non ref being ref in #6518
fix(Tracker): Add Resolved File Lines' counter in #6501
fix missing queries in #6526
fix(regex): update regex allow rule in #6523
📦 Dependency updates bumps
build(deps): bump github.com/aws/aws-sdk-go from 1.44.227 to 1.44.295 in #6495
👻 Maintenance
Add assets to extractedinfo.zip in #6507
v1.7.3
🚀 New features and improvements
Add terraform vars path feature in #6456
feature(logs): Add Ignored Lines in #6447
🐛 Bug fixes
fix(sink): Added regex to subs "\r" (line break) in #6469
Bug(Engine) - Remove counting comments as references in Yaml in #6482
fix(query): Add SearchLine in #6487
fix(query): adding fuzzy version in #6492
👻 Maintenance
Update README.md in #6471
Add Terraform variables path docs in #6467
docs(update): terraform vars path in #6476
v1.7.2
🚀 New features and improvements
feat(query): Aurora With Disabled at Rest Encryption query for Terraform in #6392
feat(query): DynamoDB Table not Encrypted Query in #6400
Performance(Engine) - Increase Resolvers Performance by reutilizing resolved files in #6388
feat(query): EFS Volume With Disabled Transit Encryption in #6357
feat(query): Elasticsearch with HTTPS disabled for Ansible in #6393
feat(query): Elasticsearch with HTTPS disabled for CloudFormation in #6398
feat(query): Elasticsearch with HTTPS disabled for Pulumi in #6399
feat(query): Elasticsearch with HTTPS disabled for Terraform in #6394
feat(query): ec2 instance monitoring disabled for CloudFormation in #6401
feat(terraform/gcp): Add GKE Shielded Nodes is Disabled query for Terraform. by @bbergstrom in #6248
feat(query): Elasticsearch Log Disabled in #6410
feat(query): Elasticsearch with HTTPS disabled for CloudFormation in #6412
feat(query): Publicly Accessible Amazon DMS in #6352
Feature(Engine) Resolve internal/external section references in #6405
🐛 Bug fixes
Bug(query) - Fix not correct line for query RDS Storage Encryption Disabled in #6372
Bug(query) - Add query specificity for php composer in #6374
fix(query): KMS Key With Full Permissions in #6389
Bug(query) - Add support for v1 to query API Gateway V2 Stage Access Logging Settings Not Defined in #6371
bug(docs): Changed Light Scheme Name in #6415
fix(regex) - Fix generic password regex rule in #6461
fix(analyzer): Removed void Symlinks in #6452
📦 Dependency updates bumps
build(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible in #6375
build(deps): bump github.com/gookit/color from 1.5.2 to 1.5.3 in #6271
build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0 in #6280
ci(deps): bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 in #6424
ci(deps): bump golang from 1.20.2-alpine to 1.20.4-alpine in #6337
ci(deps): bump golang from 1.20.4-alpine to 1.20.5-alpine in #6431
👻 Maintenance
Github Action tag update in #6368
Change severity of CloudTrail Log Files Not Encrypted With KMS to Medium and add edge case in #6369
Update kics-gh-action.yaml in #6382
remove unused allowRule in #6439
docs(secrets): add entropy info in #6421
chore(-): update gitlab sast schema to 15.0.6 by @stegojulia in #6426
fix(tests): update incomplete positive expected results in #6300
Dockerfile: upgrade alphine to 3.18.0 in #6428
docs(queries): update queries catalog in #6378
New Contributors
- @bbergstrom made their first contribution in #6248
- @stegojulia made their first contribution in #6426
Contributors
Assets 3
v1.7.1
🚀 New features and improvements
feat(secrets): add secrets mask to preview lines by @roy-yablonka in #6349
feat(documentation): add query page generator by @cx-ruiaraujo in #6313
🐛 Bug fixes
fix(bug): fix ignore lines with comments only at the end by @YosefNaftali in #6351
fix(analyser) Fix to ignore files (pnpm-lock.yaml) in #6297
fix(method): Added regex to calculate Levenshtein distance correctly in #6353
fix(query): Added SearchValue to diferentiate missing response codes in #6355
fix(query): add rule for generic access_key in #6360
👻 Maintenance
Deprecated doc update in #6358
docs(queries): update queries catalog in #6364
Contributors
Assets 3
v1.7.0
v1.6.14
🚀 New features and improvements
feat(query): enable security_group_rules_without_description on security_group_rule resources by @paulrob-100 in #6270
feat(flag) add exclude-type flag in #6266
🐛 Bug fixes
fix(query): added issue.solution var to differentiate issue types in #6261
fix(regex_rules): align aws secretmanager arn pattern with vendor spec by @julienbonastre in #6260
📦 Dependency updates bumps
ci(deps): bump alpine from 3.17.2 to 3.17.3 in #6263
build(deps): bump github.com/getsentry/sentry-go from 0.18.0 to 0.20.0 in #6268
build(deps): bump github.com/hashicorp/hcl/v2 from 2.16.1 to 2.16.2 in #6254
build(deps): bump github.com/tdewolff/minify/v2 from 2.12.4 to 2.12.5 in #6250
build(deps): bump github.com/johnfercher/maroto from 0.39.0 to 0.40.0 in #6249
ci(deps): bump actions/setup-go from 3 to 4 in #6237
build(deps): bump golang.org/x/tools from 0.6.0 to 0.7.0 in #6220
build(deps): bump helm.sh/helm/v3 from 3.11.1 to 3.11.2 in #6275
build(deps): bump github.com/mackerelio/go-osstat from 0.2.3 to 0.2.4 in #6274
build(deps): bump github.com/open-policy-agent/opa from 0.49.2 to 0.51.0 in #6273
build(deps): bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 in #6272
build(deps): bump github.com/docker/docker from 20.10.21+incompatible to 20.10.24+incompatible in #6276
👻 Maintenance
docs(queries): update queries catalog in #6257
New Contributors
@julienbonastre made their first contribution in #6260
@paulrob-100 made their first contribution in #6270
Contributors
Assets 3
v1.6.13
🚀 New features and improvements
refactor(tf-gcp): Legacy Stackdriver was Decomissioned 21/03/31 by @meldaravaniel in #6204
Policy effect should be case insensitive by @Tohar-orca in #6241
feat(analyzer): add expected lines of code in analyzer in #6222
🐛 Bug fixes
fix(query): add exception for Github id-token Default Values rule in #6252
fix(query): Effect 'Allow' conditions added in #6255
📦 Dependency updates bumps
bump(go): update to go 1.20 in #6231
ci(deps): bump dev-drprasad/delete-tag-and-release from 0.2.0 to 0.2.1 in #6238
build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0 in #6219
build(deps): bump k8s.io/api from 0.26.2 to 0.26.3 in #6242
build(deps): bump github.com/hashicorp/go-getter from 1.7.0 to 1.7.1 in #6247
build(deps): bump github.com/aws/aws-sdk-go from 1.44.215 to 1.44.227 in #6246
build(deps): bump github.com/zclconf/go-cty from 1.13.0 to 1.13.1 in #6245
build(deps): bump k8s.io/client-go from 0.26.1 to 0.26.3 in #6251
build(deps): bump github.com/rs/zerolog from 1.26.1 to 1.29.0 in #6112
👻 Maintenance
kics github action version update in #6236
