v1.3.2 (2021-02-03)
Fixed bugs:
- terrascan init should download new policies #521
Closed issues:
- How to get rid of "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary." #405
- False Positive for accurics.azure.NS.161 when Security Groups Association and Subnets are defined indepently from VNet #391
- Calico is not supported as a valid Network Security for azurerm_kubernetes_cluster #376
Merged pull requests:
- Update readme for v1.3.2 #534 (dev-gaur)
- bump terrascan version to v1.3.2 #533 (dev-gaur)
- refactor init command for robust policy download checks #531 (dev-gaur)
- terrascan init will download new policies. #529 (dev-gaur)
- bugfix: Checks for security group association defined independently from vnet #526 (harkirat22)
- Update mkdocs-material to 6.2.7 #524 (pyup-bot)
- Fixed typos in docs #523 (gauravgahlot)
- Enhancement: new set of policies for AWS EC2 instance. #522 (harkirat22)
- Harkirat22/bug fix #520 (harkirat22)
- fixes #376 #518 (gaurav-gogia)
- fixes #405 #517 (gaurav-gogia)
- Policy/aws launch config #516 (harkirat22)
- add support for pod container #515 (harkirat22)
- Update mkdocs-material to 6.2.6 #514 (pyup-bot)
- Update README.md and changelog for 1.3.1 #509 (amirbenv)
v1.3.1 (2021-01-22)
Implemented enhancements:
- Support for remote modules
- Tag container image with release version #504
Fixed bugs:
- Build error on ARM MacOS
- terrascan consider source = "terraform-aws-modules/vpc/aws" as local path #418
- Failed to read module directory #332
Closed issues:
- Custom Variable Validation no longer experiemental in 0.13 #500
Merged pull requests:
- release v1.3.1 #508 (kanchwala-yusuf)
- fix dependencies that were breaking the darwin/arm64 build #507 (williepaul)
- support for terraform registry remote modules #505 (patilpankaj212)
- Readme rule supression #503 (amirbenv)
- Bump github.com/hashicorp/go-retryablehttp from 0.6.6 to 0.6.8 #496 (dependabot[bot])
- Bump github.com/hashicorp/go-getter from 1.5.1 to 1.5.2 #495 (dependabot[bot])
v1.3.0 (2021-01-19)
Implemented enhancements:
- Prints output in human friendly format #168
- Support for rule suppression using terraform comments,kubernetes annotations, cli arguments, and config file.
- New Policies for Kubernetes #480
- Tag released Docker images #398
- Add policy for checking insecure_ssl configuration for github_repository_webhook in GitHub provider #355
- Introduced support for terraform .14 and .13. Note: This will introduce some breaking changes for terraform v.12 files, even if using --iac-version v.12 flag. Notably we will no longer support multiple providers blocks, and certain references inside provisioner blocks (objects other than self, count or each, where when = destroy) . For more details see: https://github.com/hashicorp/terraform/releases/tag/v0.13.0
Fixed bugs:
- terrascan doesn't allow registering multiple versions for an iac-type #471
- Debug resource lock #432
- terrascan panic: not a string #412
- False positive for aws rule vpcFlowLogsNotEnabled #408
- accurics.GCP.EKM.132 and accurics.GCP.EKM.131 wrong violation using disk_encryption_key #382
- s3EnforceUserACL - False Positive #359
- How to fix accurics.azure.EKM.20 #331
- Why accurics.gcp.IAM.104 suggests enabling a client certificate? #330
Closed issues:
- terraform can't detect violations in terraform modules #468
- uniformBucketEnabled.rego referencing deprecated config #453
- Unable to run terrascan scan #446
- Terrascan doesn't exit with error on CLI or Parsing errors. #442
- Terrascan Failure When Using Terraform 13 + Variable Validation #426
- Update policy example in documentation to use latest GitHub implementation #422
- Fix link to repo playground in policies documentation #421
- terrascan scan crashes with runtime: goroutine stack exceeds 1000000000-byte limit #406
- Typo error in the terrascan Architecture page #403
- accurics.gcp.OPS.114 should also check for cos_containerd image #395
- accurics.gcp.NS.112 suggest basic auth is enabled when is not #394
- Test coverage missing for kustomize iac-provider #379
- Why is vpcFlowLogsNotEnabled determined to be a violation? #352
Merged pull requests:
- update version to v1.3.0 #502 (kanchwala-yusuf)
- Add v13 flag option for terraform iac #499 (dev-gaur)
- Fix: potential bug added in PR #470 #497 (dev-gaur)
- Bump sigs.k8s.io/kustomize/api from 0.7.1 to 0.7.2 #494 (dependabot[bot])
- Bump github.com/mattn/go-isatty from 0.0.8 to 0.0.12 #492 (dependabot[bot])
- solves issue #382, and improved policy to relate disk with the instance #490 (harkirat22)
- solves issue #331 #489 (harkirat22)
- Update mkdocs-material to 6.2.5 #488 (pyup-bot)
- Bump go.uber.org/zap from 1.13.0 to 1.16.0 #486 (dependabot[bot])
- Bump github.com/spf13/afero from 1.3.4 to 1.5.1 #485 (dependabot[bot])
- Bump github.com/iancoleman/strcase from 0.1.1 to 0.1.3 #484 (dependabot[bot])
- Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 #482 (dependabot[bot])
- Bump github.com/pelletier/go-toml from 1.8.0 to 1.8.1 #481 (dependabot[bot])
- Policy update 2021 01 14 #480 (williepaul)
- fix panic for list variables #479 (patilpankaj212)
- adding an else condition to relate management lock with resource group #476 (harkirat22)
- adding an else condition to relate the flow log with vpc #475 (harkirat22)
- including a check for verifying in-line policy is included #474 (harkirat22)
- adding rule to check if waf is enabled at cloud front distribution #473 (harkirat22)
- Added terraform v14 support besides v12. #470 (dev-gaur)
- support comment with rule skipping for resource and scan summary modifications #466 (patilpankaj212)
- recognize metadata.generateName #465 (acc-jon)
- Update mkdocs-material to 6.2.4 #464 (pyup-bot)
- Update README.md #463 (amirbenv)
- Deprecated gcs bucket #462 (jdyke)
- changed the description to include the vulnerable versions #460 (harkirat22)
- Fix exit code on error #458 (patilpankaj212)
- policy for CVE-2020-8555 #457 (harkirat22)
- Update README.md #456 (amirbenv)
- rule skipping for resources in k8s #455 (patilpankaj212)
- terrascan argo-cd instructions #454 (storebot)
- Adds CI/CD integration docs #452 (cesar-rodriguez)
- Bump github.com/zclconf/go-cty from 1.2.1 to 1.7.1 #449 (dependabot[bot])
- Bump sigs.k8s.io/kustomize/api from 0.6.5 to 0.7.1 #448 (dependabot[bot])
- Bump github.com/gorilla/mux from 1.7.4 to 1.8.0 #447 (dependabot[bot])
- Update mkdocs-material to 6.2.3 #445 (pyup-bot)
- deps: add dependabot support #444 (chenrui333)
- bump go to 1.15 #443 (chenrui333)
- implement scan and skip rules #441 (patilpankaj212)
- scan command refactor #436 (patilpankaj212)
- Fixes dead link to old getting started page #435 (cesar-rodriguez)
- Add support to extract rules to skip from terraform comments #434 (kanchwala-yusuf)
- bash output improvements #431 (patilpankaj212)
- APE-1319: Revamped Getting Started Section #430 (acc-jon)
- Add policy AC-K8-NS-SE-M-0188 for CVE-2020-8554 #428 (gauravgogia-accurics)
- set console mode on windows so colors render #427 (acc-jon)
- Update mkdocs-material to 6.1.7 #425 (pyup-bot)
- Update policy example in the documentation #424 (HorizonNet)
- Fix link to rego playground in policies documentation #423 (HorizonNet)
- hopefully remove test failures due to non-deterministic comparisons #420 (acc-jon)
- IMDSv1 policy: update category, description #419 (acc-jon)
- IMDSv1 check policy #417 (harkirat22)
- Add Docker image release tagging on release #410 (HorizonNet)
- Fix typo in architecture documentation #409 (HorizonNet)
- accurics.gcp.IAM.104 Fire rule when client certificate is enabled #402 (lucas-giaco)
- Update mkdocs-material to 6.1.6 #401 (pyup-bot)
- Added Unit test coverage for Kustomize V3 Iac-provider #399 (dev-gaur)
- Fixes GCP cos node image policy #397 (cesar-rodriguez)
- #394: recognize that empty values for username and password in master… #396 (acc-jon)
- Fix infinite loop on variable resolution #393 (dinedal)
- Remove demo badge #389 (kklin)
- Update mkdocs-material to 6.1.5 #387 (pyup-bot)
v1.2.0 (2020-11-16)
Implemented enhancements:
- Add support for Helm #353
- Add 'git' to container image, or run container as 'root' user by default #349
- Add policy for checking insecure_ssl configuration for github_organization_webhook in GitHub provider #339
- Rule for github_repository seems to be wrongly placed under gcp #325
Fixed bugs:
- Fail to validate when there are multiple properties with the same name in a resource #1
Closed issues:
- Deep modules location mis-proccessed. #365
- 20MB binary file included in repo now #364
- Private GitHub repositories are not recognized with version 3.0.0+ of GitHub provider #326
- Terrascan -var-file=../another dir #144
- Error in test_aws_security_group_inline_rule_open and test_aws_security_group_rule_open #138
- Intial setup after installation #136
- Add support for data sources #3
- Support from modules #2
Merged pull requests:
- Bring Go to 1.15 in Github Actions #384 (gliptak)
- Bring Go to 1.15 in Github Actions #383 (gliptak)
- fix a bug when rendering subcharts #381 (williepaul)
- Added kustomize support #378 (dev-gaur)
- Adds support for Helm v3 #377 (williepaul)
- Update mkdocs-material to 6.1.4 #374 (pyup-bot)
- properly handle nested submodules (#365) #373 (acc-jon)
- Address #365 by properly handling submodule path #372 (acc-jon)
- Update mkdocs-material to 6.1.3 #371 (pyup-bot)
- Update mkdocs-material to 6.1.2 #370 (pyup-bot)
- Allow use of multiple policy types (scan -t x,y or scan -t x -t y) #368 (acc-jon)
- Remove large binary that was included in the repo #366 (cesar-rodriguez)
- fix send request method, previously hardcoded #361 (kanchwala-yusuf)
- Add git binary to terrascan docker image, required by downloader #360 (kanchwala-yusuf)
- Adds new policies/regos for AWS serverless services #357 (cesar-rodriguez)
- Update mkdocs-material to 6.1.0 #356 (pyup-bot)
- Allow configuration of global policy config, fix some typos #354 (acc-jon)
- Feature/support resolve variable references #351 (kanchwala-yusuf)
- Add new policy for checking insecure_ssl on github_organization_webhook #350 (HorizonNet)
- Update mkdocs-material to 6.0.2 #348 (pyup-bot)
- Add support for colorized output #347 (acc-jon)
- Update mkdocs-material to 6.0.1 #346 (pyup-bot)
- Adds support for remote Terraform modules and scanning remotely for other IaC tools #345 (kanchwala-yusuf)
- fix supported providers unit test, sort the wanted result #344 (kanchwala-yusuf)
- Fix typo on AWS IAM account password policy rego name #343 (kmonticolo)
- Update mkdocs-material to 5.5.14 #340 (pyup-bot)
- Adds docs section for GitHub policies #337 (cesar-rodriguez)
- Automatically populate usage with supported IaC providers, versions, and policies #336 (kanchwala-yusuf)
- Add line about kubernetes YAML/JSON support #335 (williepaul)
- Add policy set for GitHub provider #334 (HorizonNet)
- Add check for visibility for github_repository #333 (HorizonNet)
- Add instructions for booting terrascan demo #319 (kklin)
v1.1.0 (2020-09-16)
Implemented enhancements:
- Initial kubernetes support #313 (williepaul)
- Adds different exit code when issues are found #299 (cesar-rodriguez)
- Adding terrascan to Homebrew #293
Fixed bugs:
- Oudated Docker image #294
- Error with XML output #290
- Fixed checkIpForward rule (gcp) #323 (williepaul)
Closed issues:
- Terrascan wrongly reports a accurics.gcp.NS.130 (checkIpForward) violation #320
- Allow structure output (Json) #252
- Throwing Errors when parsing nested brackets in HCL #233
- Be able to generate xml/html reports #119
Merged pull requests:
- Revert "fixed a bug in checkIpForward" #322 (cesar-rodriguez)
- Fixed a bug in checkIpForward #321 (williepaul)
- Move server command out of ENTRYPOINT and into CMD #318 (williepaul)
- Send logs to stderr instead of stdout #317 (williepaul)
- Fix template rendering bug #316 (williepaul)
- chore(docs): add homebrew installation #315 (chenrui333)
- Update badges in readme #314 (acc-jon)
- Update mkdocs-diagrams to 1.0.0 #312 (pyup-bot)
- Add support to print resource config as an output #309 (kanchwala-yusuf)
- Manage relative module path #308 (guilhem)
- Update mkdocs-material to 5.5.12 #307 (pyup-bot)
- chore(docs): fix indent of tar extraction #306 (zmarouf)
- Fixes issue template and rego capitalization #301 (cesar-rodriguez)
- Update mkdocs-material to 5.5.8 #300 (pyup-bot)
- Update about.md #298 (Upa-acc)
- Updated policies to the latest set #297 (williepaul)
- Fixes docker latest tag #296 (cesar-rodriguez)
- Typo fixes #295 (erichs)
- Update mkdocs-material to 5.5.7 #292 (pyup-bot)
- Fix xml output #291 (kanchwala-yusuf)
Major updates to Terrascan and the underlying architecture including:
- Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling.
- Server mode. This allows Terrascan to be executed as a server and use it's API to perform static code analysis
- Notifications hooks. Will be able to integrate for notifications to external systems (e.g. email, slack, etc.)
- Uses OPA policy engine and policies written in Rego.
- Introduces the '-f' flag for passing a list of ".tf" files for linting and the '--version' flag.
- Adds Docker image and pipeline to push to DockerHub
- Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the ">=" operator.
- Adds support for terraform 0.12+
- Adds ability to setup terrascan as a pre-commit hook
- Updates dependent packages to latest versions
- Migrates CI to GitHub Actions from travis
- First release on PyPI.
* This Changelog was automatically generated by github_changelog_generator