v1.4.7

Added

added 11 terraform queries
feat(engine): added data source policy to terraform (#4409)
feat(parser): enabled parsers ignore comment by line (#4491) (#4420) (#4480) (#4486) (#4489) (#4497)
feat(passwords and secrets): validation of query ids in custom secrets regexes (#4478)
feat(docs): added MegaLinter in the list of integrations (#4488)

Changed

refactor(passwords and secrets mechanism): changed flags include-query, exclude-query mechanism for query password and secrets (#4444)
refactor(query): updated query Chown Flag Exists description (#3768) (#4466)
build(deps): bump github.com/tidwall/gjson from 1.10.2 to 1.11.0 (#4453)
build(deps): bump github.com/moby/buildkit from 0.9.1 to 0.9.2 (#4458)
build(deps): bump github.com/rs/zerolog from 1.25.0 to 1.26.0 (#4459)
build(deps): bump github.com/zclconf/go-cty from 1.9.1 to 1.10.0 (#4460)

Fixed

increased accuracy
fix(race): fix kics Golang data races (#4448)
fix(detector): fix panic with interpolated brackets in detector (#4415)
fix(source): fixed KICS panic when reading invalid metadata (#4413) (#4465)
fix(report): fixed bug with invalid startLine on sarif report (#4483)
fix(passwords and secrets): excluded TF file function reference in results (#4433)

v1.4.6-1

Fixed

fix(engine): fixed --bom flag not working (#4432)

v1.4.6

Added

added 2 new queries
feat(e2e): added E2E Test for BoM (#4404)
feat(parser): removed resources with count set to 0 in payload (#4395)
feat(kics): add version checking (#4414)
feat(integration): added Terraform Cloud integration (#4427)

Changed

fix(query): correcting severity and category for 'Default Azure Storage Account Network Access Is Too Permissive' (#4401)
build(deps): bump goreleaser/goreleaser-action from 2.7.0 to 2.8.0 (#4400)
build(deps): bump github.com/gookit/color from 1.4.2 to 1.5.0 (#4406)
build(deps): bump github.com/tidwall/gjson from 1.9.4 to 1.10.2 (#4425)
refactor(scan & printer): implementation of a new approach (#4322)
refactor(report): if no files to scan are found kics will no longer create report files (#4322)

Fixed

increased accuracy
fix(ci): fixed wrong path to common.json (#4407)
fix(helm): fixed helm only excluding template files (#4393)
fix(inspector): KICS panicking when using KICS repo with -q flag (#4397) (#4394)
fix(parser): parsers now stringify the original content in a formatted way (#4396)

v1.4.5

Added

9 new queries
feat(engine): support Azure Blueprint (#4386) (#4358) (#4356)
query(bom): add mvp queries storage, queue, in-memory data structure (#4381)
feat(bom): add new flag --bom to enable Bill of Materials in results.json (#4375)
feat(parser): added support to parse and scan terraform plans (#4362)
feat(parser): added terraform ternary parser resolution (#4370)
feat(docker): add ubi7 based image for redhat's openshift (#4326)

Changed

feat(query): refactored arm queries to use walk (#4354)
build(deps): bump github.com/tidwall/gjson from 1.9.1 to 1.9.4 (#4374)
build(deps): bump helm.sh/helm/v3 from 3.7.0 to 3.7.1 (#4383)
build(deps): bump containerd to v1.5.7 to solve depandabot warning (#4341)
build(deps): bump github.com/hashicorp/go-getter from 1.5.8 to 1.5.9 (#4337)
build(deps): bump github.com/open-policy-agent/opa from 0.28.0 to 0.33.0 (#4332)
build(deps): bump github.com/moby/buildkit from 0.8.3 to 0.9.1 (#4334)

Fixed

increased accuracy
fix(helm): failed to parse invalid yaml for helm (#4380)
fix(helm): fixed helms payload should only print payload lines when the flag is activated (#4382)
fix(parser): fixed json parser with incorrect kics_line (#4327) (#4328)
fix(engine): handle regexp compilation errors (#4347)
fix(analyzer): fixed k8s overriding analyzer match for arm sample (#4353)
fix(report): fixed missing/cut off descriptions (#4344)

v1.4.4

Added

17 new queries
add support to AWS JSON filter pattern expressions for CIS benchmark rules related with alarms (#4204)
add support to terraform verified modules (62 queries updated) (#4203)
add teamcity integration example (#4259)
add E2E tests to cover new flags (#4313)

Changed

removing progress bar when --log-level=debug (#4246)
passwords and secrets detection now looks into .tfvars (#4291)

Fixed

improved queries accuracy (#4254) (#4317) (#4319) (#4318)
improved passwords and secrets accuracy (#4207) (#4209)
fix respect http_proxy environment variable (#4283)
fix issue with parser returning panic #4223 (#4224)
fix yaml parser not returning invalid yaml error (#4226)
fix terraform parser returning null instead of empty array (#4248)
fix secrets inspector to remove queries (#4309)

v1.4.3

Changelog

New
20 new queries
Rewrite passwords and secrets query to use regex based strategy (#4166)
Add flag --disable-secrets to disable passwords and secrets query (#4166)
Add flag --secrets-regexes-path to override password and secrets query configuration rules (#4166)
--libraries-path supports git repositories and compressed files​ (#4156)
Add TravisCI example and docs (#4186)
Using docker image for bitbucket pipelines (#4169)

Fixed
Moving custom library not provided warning to debug level (#4182)
Fixed getLibraries to execute once, instead of multiple times for every query (#4155)
Fix cloudwatch_metrics_disabled check correct resource and field (#4184)

v1.4.2

Changelog

New
11 new queries
Add line information to the payload increasing detect line precision (#3977)
Add flag --exclude-severities to filter by severities (#4114)
Integrated --queries-path flag with go-getter enabling to get queries from archived files and git repos (#4119)
Rego libraries are now embedded in the binary, --libraries-path can be provided to override them (#4115)
Refactored flags definition and added flags validation (#4091)

Fixed
Broken PDF report style #4129 (#4135)
Bug in finding libraries path in Windows (#4082)
Treated unhandled errors in printer.go, detector/helper.go (#4102)
KICS integrations docs and examples (#4087)
Improved several queries (accuracy, samples and metadata)
Fixed documentation typos

v1.4.1

Changelog

New
Add 12 New queries
Added a ignore/disable/enable feature on commented files (#4003)
Deprecated --disable-cis-descriptions flag in favor of --disable-full-descriptions
Refactored queries that used object.get to verify key existence
Refactored scan to use JSON file to create flags (#4006)
Refactored query to use walk (#4067)

Fixed
Removed counters from the progress bar (#3989) (#4046)
Removing ENTRYPOINT from debian images fixes #4066 (#4068)
Fixing bug related to flag -q and adding new cli flag related to library path (-b) (#3900)
Spelling mistake in scan.go (#4015)
Incorrect descriptionUrl in 'HTTP Port Open' query for CloudFormation (#4050)

apispec-70a78b3a

fix release apispec (#4026)

v1.4.0

New
Add support for Azure Resource Manager
Add support for Terraform functions (#3887) (Improves queries accuracy)
Add Center for Internet Security (CIS) descriptions (#3839)
Add flag for filtering by cloud provider (#3897)

Fixed
Renamed crash report variable (#3883)
fix: kics go-getter integration not working inside docker container #3878 (#3880)
fix(cli): correcting wrong path when printing result from remote repository #3982
fix(query): Fix Passwords query FN (#3886)
fix(parser): Fixed issue when trying to parse invalid variable (#3908)
fix(docs): Fixed CSV export on queries page (#3890)
fix(docs): fix missing scan integrations_jenkins.md (#3917)