Skip to content

Releases: aquasecurity/trivy-checks

v0.11.0

28 May 04:35
Compare
Choose a tag to compare

What's Changed

  • chore(deps): bump github.com/aquasecurity/trivy from 0.50.2-0.20240412195250-183eaafb4e42 to 0.50.2 by @dependabot in #116
  • chore(deps): Fix testcontainers import by @simar7 in #120
  • chore(deps): bump github.com/aquasecurity/trivy from 0.50.2-0.20240426104424-3d66cb8d887e to 0.51.1 by @dependabot in #125
  • fix(rego): improve commands parsing by @nikpivkin in #113
  • chore(checks): Add CSPM ID for AVD-AWS-0089 by @simar7 in #129
  • Cleanup AWS CloudFormation checks examples by @StevenSmiley in #118
  • Update docker-cis benchmark to v1.6.0 by @lyoung-confluent in #134
  • fix(rego): improve AVD-DS-0015 by @nikpivkin in #135
  • chore(deps): bump github.com/docker/docker from 26.0.2+incompatible to 26.1.3+incompatible by @dependabot in #133
  • chore(deps): bump the go_modules group across 1 directory with 2 updates by @dependabot in #138
  • chore(deps): Bump trivy to v0.51.4 by @simar7 in #139

New Contributors

Full Changelog: v0.10.4...v0.11.0

v0.10.4

17 Apr 14:41
f36a5b7
Compare
Choose a tag to compare

What's Changed

  • fix(rego): handle multiple install cmds in DS017 by @nikpivkin in #112

Full Changelog: v0.10.3...v0.10.4

v0.10.3

17 Apr 06:18
d673b86
Compare
Choose a tag to compare

What's Changed

  • chore(checks): Rename repo to trivy-checks by @simar7 in #109

Full Changelog: v0.10.2...v0.10.3

v0.10.2

17 Apr 06:15
Compare
Choose a tag to compare

What's Changed

  • fix(azure): update remediation for AVD-AZU-0027 by @nikpivkin in #90
  • feat: add DeploymentConfig support by @szubersk in #87
  • fix(aws): fix AVD-AWS-0123 examples by @nikpivkin in #93
  • ci: add workflow to verify docs by @nikpivkin in #91
  • feat: AWS EKS CIS v 1.4 Compliance Spec by @AnaisUrlichs in #92
  • feat(checks): check the package manager in AVD-DS-0017 by @nikpivkin in #97
  • checks(aws): change the wording of AVD-AWS-0015 by @nikpivkin in #103
  • chore(deps): bump the go_modules group group with 2 updates by @dependabot in #101
  • chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by @dependabot in #102
  • checks: don't skip advanced checks by @nikpivkin in #107
  • bug: update manual vs automate label in k8s-eks-1.4 cis benchmarks by @AnaisUrlichs in #106
  • fix: cis checks validate (api-server, controller-manager, scheduler and etcd) args by @chen-keinan in #110

New Contributors

Full Changelog: v0.10.0...v0.10.2

v0.10.1

09 Apr 23:51
bbb1941
Compare
Choose a tag to compare
v0.10.1 Pre-release
Pre-release

What's Changed

  • fix(azure): update remediation for AVD-AZU-0027 by @nikpivkin in #90
  • feat: add DeploymentConfig support by @szubersk in #87
  • fix(aws): fix AVD-AWS-0123 examples by @nikpivkin in #93
  • ci: add workflow to verify docs by @nikpivkin in #91
  • feat: AWS EKS CIS v 1.4 Compliance Spec by @AnaisUrlichs in #92
  • feat(checks): check the package manager in AVD-DS-0017 by @nikpivkin in #97
  • checks(aws): change the wording of AVD-AWS-0015 by @nikpivkin in #103
  • chore(deps): bump the go_modules group group with 2 updates by @dependabot in #101
  • chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by @dependabot in #102
  • checks: don't skip advanced checks by @nikpivkin in #107
  • bug: update manual vs automate label in k8s-eks-1.4 cis benchmarks by @AnaisUrlichs in #106

New Contributors

Full Changelog: v0.10.0...v0.10.1

v0.10.0

01 Mar 22:11
b3452f5
Compare
Choose a tag to compare

What's Changed

  • chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 by @dependabot in #75
  • fix(checks): add missing ID field by @nikpivkin in #81
  • fix: apply policy for gke provider only by @chen-keinan in #82
  • refactor(deps): Add id and docGen cmds by @simar7 in #80
  • fix(aws): don't check SSLSupportMethod in AVD-AWS-0013 by @nikpivkin in #85
  • chore(tests): Add policy based tests by @simar7 in #70
  • chore(deps): bump github.com/docker/docker from 25.0.2+incompatible to 25.0.3+incompatible by @dependabot in #76
  • chore(deps): bump github.com/owenrumney/squealer from 1.2.1 to 1.2.2 by @dependabot in #84
  • fix(kubernetes): fix the KSV001 check by @nikpivkin in #86
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.27.0 to 0.28.0 by @dependabot in #83

Full Changelog: v0.9.0...v0.10.0

v0.9.0

09 Feb 23:54
c487b82
Compare
Choose a tag to compare

What's Changed

  • feat(aws): improve wildcard checking in policies by @nikpivkin in #61
  • fix: Makefile: rules/ moved to checks/ by @candrews in #59
  • fix: remove test-rego from Makefile by @candrews in #58
  • chore(deps): bump github.com/aquasecurity/defsec from 0.93.2-0.20240112041815-f53aebc35cb9 to 0.94.1 by @dependabot in #63
  • chore(deps): bump github.com/docker/docker from 24.0.7+incompatible to 25.0.0+incompatible by @dependabot in #64
  • fix: add system authenticate bind protection policy by @chen-keinan in #65
  • chore: add a command to run OPA with custom functions by @nikpivkin in #69
  • fix(checks): handle file: and multi: in AVD-DS-005 by @candrews in #60
  • fix(checks): handle file: and multi: in AVD-DS-0011 by @candrews in #56
  • fix(checks): check the Seccomp of the controllers by @nikpivkin in #71
  • fix: change system authenticate bind severity to low by @chen-keinan in #74
  • feat(checks): Add check to detect Leaky Vessels exploit by @simar7 in #72
  • chore: restore the OPA installation by @nikpivkin in #73
  • chore(deps): bump github.com/docker/docker from 25.0.0+incompatible to 25.0.2+incompatible by @dependabot in #68

New Contributors

Full Changelog: v0.8.0...v0.9.0

v0.8.0

16 Jan 00:43
3f16e8a
Compare
Choose a tag to compare

What's Changed

  • refactor(deps): Restructure into checks/ by @simar7 in #41
  • feat(gke): improve AVD-GCP-0056 rule by @nikpivkin in #42
  • fix: csi is an allowed volume type by @joebowbeer in #44
  • Configmap with sensitive data lacks iban and passport patterns. by @mjshastha in #49
  • chore(deps): bump actions/setup-go from 4 to 5 by @dependabot in #50
  • chore(checks): Bump AVD-KSV-0014 to HIGH by @simar7 in #51
  • fix: update paths to checks by @nikpivkin in #52
  • feat(aws): improve AVD-AWS-0057 rule by @nikpivkin in #46
  • feat(digitalocean): improve AVD-AWS-0012 rule by @nikpivkin in #45
  • fix: fail for irrelevant resources by @itaysk in #53
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.26.0 to 0.27.0 by @dependabot in #48
  • fix(checks): Use correct input for AVD-KSV-01010 by @simar7 in #54

New Contributors

Full Changelog: v0.7.0...v0.8.0

v0.7.0

23 Nov 23:02
6338827
Compare
Choose a tag to compare

What's Changed

  • fix(google): do not check flow logs on proxy-only subnets by @nikpivkin in #34
  • feat(aws): improve AVD-AWS-0013 rule by @nikpivkin in #35
  • fix(google): update AVD-GCP-0012 rule by @nikpivkin in #36
  • remove package replacements by @nikpivkin in #40
  • refactor(deps): Replace trivy-iac/pkg with defsec/pkg by @simar7 in #39

Full Changelog: v0.5.0...v0.7.0

v0.6.0

17 Nov 02:04
275c474
Compare
Choose a tag to compare

What's Changed

  • chore(deps): bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible by @dependabot in #31
  • chore(deps): bump github.com/testcontainers/testcontainers-go from 0.25.0 to 0.26.0 by @dependabot in #32
  • chore(docs): Update docs by @simar7 in #33

Full Changelog: v0.4.0...v0.6.0