Releases: Checkmarx/kics
v2.1.3
What's Changed
- fix(password): fix missing positive results from Password and Secrets query by @ArturRibeiro-CX in #7223
- build(makefile): update makefile to add podman commands by @ArturRibeiro-CX in #7243
- update(go): update go version to 1.23.1 by @ArturRibeiro-CX in #7251
- update(cwe): add CWE infos file and logic to sarif reports by @ArturRibeiro-CX in #7178
- update(query): add CWE infos to terraform queries by @ArturRibeiro-CX in #7187
- update(query): add CWE infos to openAPI queries by @ArturRibeiro-CX in #7181
- update(query): add CWE infos to ansible queries by @ArturRibeiro-CX in #7184
- update(query): add CWE infos to cloudFormation queries by @ArturRibeiro-CX in #7180
- update(query): add CWE infos to K8s queries by @ArturRibeiro-CX in #7177
- update(query): add CWE infos to gRPC, Knative and Buildah queries by @ArturRibeiro-CX in #7172
- update(query): add CWE infos to Pulumi queries by @ArturRibeiro-CX in #7171
- update(query): add cwe infos to crossplane queries by @ArturRibeiro-CX in #7170
- update(query): add cwe infos to CICD queries by @ArturRibeiro-CX in #7166
- update(query): add cwe infos to Google Deployment Manager queries by @ArturRibeiro-CX in #7167
- update(query): add CWE information to volume_has_sensitive_host_directory by @julianthome in #7153
- update(query): add cwe infos to serverlessFW queries by @ArturRibeiro-CX in #7165
- update(query): add cwe infos to Azure Resource Manager queries by @ArturRibeiro-CX in #7169
- update(query): add cwe infos to dockerCompose queries by @ArturRibeiro-CX in #7164
- docs(update): update getting started documentation with installation guidance by @ArturRibeiro-CX in #7245
- update(nifcloud): update nifcloud queries metadata and functionality by @ArturRibeiro-CX in #7206
- fix(gcp): rename test files resources to fix parsing errors on gcp queries by @ArturRibeiro-CX in #7253
- docs(queries): update queries catalog by @kicsbot in #7237
New Contributors
- @julianthome made their first contribution in #7153
Full Changelog: v2.1.2...v2.1.3
Contributors
Assets 3
v2.1.2
What's Changed
- update(dockerfile): update go version and golden images by @cx-ruiaraujo in #7186
- update(githubaction): update github action version by @cx-monicac in #7185
- update(certifi): update python certifi version on queries_validator requirements by @ArturRibeiro-CX in #7188
- build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #7190
- fix(resolver): max resolver depth considered while searching for cyclic references by @EduardoSemanas in #7199
- fix(query): fix unexpected behaviour in parameter-checking function for ARM queries by @JulioSCX in #7205
- update(fedramp): tackle IaC and SAST vulnerabilities by @cx-ruiaraujo in #7200
- docs(queries): update queries catalog by @kicsbot in #7210
- fix(query): fix CWE field not appearing in KICS CLI and sarif reports by @ArturRibeiro-CX in #7207
- update(workflow): add pattern validation for query name and description by @JulioSCX in #7208
- fix(packages): upgrade packages by @cx-ruiaraujo in #7226
- docs(queries): update queries catalog by @kicsbot in #7220
- docs(kicsbot): preparing for release 2.1.2 by @kicsbot in #7232
New Contributors
- @cx-monicac made their first contribution in #7185
Full Changelog: v2.1.1...v2.1.2
Contributors
Assets 3
v2.1.1
🚀 New features and improvements
feat(query): add new query for tencentcloud CVM resource by @SevenEarth in #7136
feat(query): add new query for tencentcloud VPC resource by @SevenEarth in #7133
feat(query): add new query for tencentcloud TKE resource by @SevenEarth in #7138
feat(query): add new query for tencentcloud CDB resource by @SevenEarth in #7134
feat(query): add new query for tencentcloud CVM resource by @SevenEarth in #7122
feat(query): add new query for tencentcloud CLB resource by @SevenEarth in #7135
🐛 Bug fixes
fix(dockerfiles): update dockerfiles constant mapping in #7124
fix(version): bump urllib3 version from queries-validator requirements in #7140
fix(query): policy without principal query with false positive for IAM role used as an inline policy in #7097
fix(query): security groups not used query with false positive in aws_elasticache_instance resources in #7098
fix(query): add positive expected results for "secretId" and "secretKey" for Tencentcloud by @SevenEarth in #7146
📦 Dependency updates bumps
build(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in #7155
👻 Maintenance
update(linting): update contribuition guide and remove deprecated linting methods in #7159
update(chainguard): update chainguard image for libcrypto3 and libssl3 versions update in #7173
docs(queries): update queries catalog in #7130
fix(docs): add urls to all queries download in #7154
update(query): change query name to maintain the same logic in #7141
update(ghaction): update kics-gh-action.yaml in #7127
New Contributors
@SevenEarth made their first contribution in #7122
Contributors
Assets 3
v2.1.0
🚀 New features and improvements
feat(bicep): adding bicep support in #6980
update(queries): databricks, nifcloud and tencentcloud queries run by default when kics scans terraform files in #7072
feat(engine): add --max-resolver-depth flag in #7043
feat(engine): similarity id improve in #6970
🐛 Bug fixes
fix(query): added missing case to storage blob query in #7030
fix(flow): save flow in #7083
fix(query): passwords and secrets - generic secrets with fp results in #7087
fix(query): apt-get Missing '-y' To Avoid Manual Input in #7060
fix(query): implicit flow in oauth2 queries duplicated in #7057
fix(query): revert changes in the 'platform_flag_with_from' query in #7117
fix(githubactions): add max length in #7063
fix(query): vcp peering route table should restrict cidr query with fp results in #7067
fix(query): fix bugs and small improvements to TF queries in #7052
fix(query): tf mfa delete doing checks out of its scope in #7051
fix(query): lower properties protocol in #6640
fix(query): slight refactor to actually filter the correct/wanted codes in #7035
📦 Dependency updates bumps
ci(deps): bump peter-evans/repository-dispatch from 2 to 3 in #7049
ci(deps): bump goreleaser/goreleaser-action from 4.2.0 to 5.1.0 in #7070
ci(deps): bump docker/setup-buildx-action from 2 to 3 in #7048
ci(deps): bump styfle/cancel-workflow-action from 0.11.0 to 0.12.1 in #7050
ci(deps): bump golangci/golangci-lint-action from 3.5.0 to 4.0.0 in #6878
ci(deps): bump dev-drprasad/delete-tag-and-release from 0.2.1 to 1.0.1 in #6419
ci(deps): bump peter-evans/create-pull-request from 4 to 6 in #6864
👻 Maintenance
chore(databricks): add new spark LTS runtime by @dim-ops in #7079
chore(databricks): remove deprecated spark lts version by @dim-ops in #7080
update(script): requests version upgrade to 2.32.0 in #7066
update(query): removing special chars from query name in #7061
docs(queries): update queries catalog in #7041
update(docs): experimental queries docs update in #7076
update(deps): dependencies update in #7101
update(deps): update dependencies in #7108
update(readme): readme improvements in #7084
update(prtemplate): update pull request template in #7088
update(codeowners): update CODEOWNERS in #7119
update(roadmap): roadmap is updated in #7082
update(queries): prefix "(beta)" added to queries that are still under review in #7085
update(repo): create CODEOWNERS in #7046
update(gopkg): update package path for v2 in #7042
Contributors
Assets 3
v2.0.1
🐛 Bug fixes
fix(githubactions): github actions relative path detected as not pinned by @cw-alexcroteau in #6958
fix(query): removed redundant import by @frasan15 in #7027
fix(query): fix typos in #7017
fix(query): fix typo on storage blob service container query description in #7024
fix(dockerfile): remove user root and add platform in #7031
fix(query): fix query Bind Address Not Properly Set in #7034
fix(query): fixed network access too permissive query and tests in #7033
fix(query): fix rwd arm query in #7037
📦 Dependency updates bumps
update(dependency): upgrade go-getter to v1.7.4 in #7016
ci(deps): bump chainguard/git from f8fd9ab to f20defb in #7015
👻 Maintenance
update(ghaction): using kics gh action new version in #7013
feat(githubactions): adding govulncheck and grype in #7001
docs(queries): update queries catalog in #7021
docs(queries): update queries catalog in #7036
New Contributors
@cw-alexcroteau made their first contribution in #6958
@frasan15 made their first contribution in #7027
Contributors
Assets 3
v2.0.0
Kindly check here the v2.0.0 added features, breaking changes and deprecated queries.
🚀 New features and improvements
feat(kics): critical severity added into KICS in #6966
feat(engine): add new severity metadata field support in #6893
feat(critical): add critical severity to KICS CLI in #6857
feat(critical): add critical severity to all report formats in #6866
feat(warning): updated warnings for line detection failure in #6906
feat(kics): add cloudProvider to request queries in #6939
feat(kics): change all tests and appearances of new severity to old severity in #6959
feat(engine): improve the possible dockerfile detection in #6981
🐛 Bug fixes
fix(query): sensitive_port_is_exposed_to_entire_network by @Tohar-orca in #6916
fix(query): clarify description for openapi exposed api keys by @Tohar-orca in #6993
fix(openapi): functions must not produce multiple output for same inputs in #6901
fix(kics): support v1.5 of cyclone dx report format in #6928
fix(workflow): remove parallel scan from race test using tag in #6933
fix(action): update coverage action in #6940
fix(engine): fixing compare e2e in #6919
fix(community): common/password_and_secrets new allow rule added to permit the ansible playbook update_password field in #6938
fix(query): fix query detecting issues with schemas of type different to object in #6676
fix(query): add 2xx as possible response code in #6681
fix(terraform): api gateway access logging disabled terraform query updated to mimic cloudformation behaviour in #6910
fix(query): improve query to detect results with tuple in #6952
fix(query): deprecate query Container Requests Not Equal To It's Limits in #6890
fix(query): improve queries Container Memory Requests Not Equal To It's Limits and Container CPU Requests Not Equal To It's Limits in #6889
fix(docs): fix capitalization and docs template in #6947
fix(query): improve query platform_flag_with_from in #6955
fix(docs): typo in Google Cloud Storage acronym by @brucearctor in #6962
fix(dependencies): removing deprecated dockerfiles in #6972
fix(queries): removing deprecated queries in #6974
fix(query): tokens at NPM Install Command Without Pinned Version in #6639
fix(tests): severity check tests in #6975
fix(folders): unused folder removed in #6978
fix(kics): change order of split ; should come before && in dockerfile in #6951
fix(docswebsite): fix invalid query page urls and add critical severity in #6983
fix(docswebsite): fix sorting and invalid chars in #6989
fix(parser): easyjson replaced by enconding json in #6990
fix(queries): queries categories updated in #6994
fix(kics): fix max file size using directories in check KICS-0000 in #6967
fix(dependencies): dependencies upgrade in #6977
fix(docs): fix results documentation in #7005
📦 Dependency updates bumps
update(go): updating go to 1.22.1 and updating to chainguard images by @fjsnogueira in #6969
build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in #6949
build(deps): github.com/docker/docker v24.0.9+incompatible in #6968
ci(deps): bump chainguard/git from 1b0095b to f8fd9ab in #7003
ci(deps): bump chainguard/go from bc4b9e9 to a06a462 in #7002
👻 Maintenance
revert(terraformer): remove terraformer in #6937
update(debian): install jq on debian by @ncook-hxgn in #6998
update(coverage): go coverage metrics update by @cx-andrep in #6964
update(queries): queries severity updates in #6984
update(query): s3 bucket without enabled mfa delete query severity update in #6945
feat(kics): automatic kics-queries-repo tag change (KICS-1337) in #6911
update(docs): documentation cleanup + links fix in #6918
update(uts): kics scan coverage improved in #6923
update(uts): kics unit tests ramp in #6929
update(query): s3 bucket sse bucket disabled queries deprecated in #6932
update(coverage): go coverage metrics update in #6943
docs(community): add blog post by Firefly in #6946
update(query): description update to better address the intention of the query in #6941
update(docs): docs and workflows maintenance in #6920
update(workflow): kics github action version 2.0 upgrade in #6976
docs(queries): update queries catalog in #6942
docs(queries): update queries catalog in #6988
docs(queries): update queries catalog in #6991
docs(queries): update queries catalog in #6996
docs(queries): update queries catalog in #6999
update(docs): update dockerfiles docs in #7008
update(docs): v2.0.0 docs update in #7009
New Contributors
@brucearctor made their first contribution in #6962
@cx-andrep made their first contribution in #6964
@fjsnogueira made their first contribution in #6969
@ncook-hxgn made their first contribution in #6998
Contributors
Assets 3
v1.7.13
🚀 New features and improvements
feat(scanner): parallel scanning by @liorj-orca in #6833
feat(nifcloud): add terraform nifcloud queries by @tunakyonn in #6897
feat(tencentcloud): add cbs disk without encrypted for tencentcloud by @hellertang in #6904
feat(query): added CWE infos to common and dockerfile queries #6373 by @Jeeppler in #6839
feat(engine): ignore terraform cache folders by @dim-ops in #6240
feat(cli): lead with similarity id question in #6840
feat(results): update cyclonedx reports to support v1.5 in #6841
feat(engine): improve similarity id in #6851
feat(engine): add a timeout to decode results in #6846
feat(tests): add new test workflows in #6861
feat(cwe): add cwe into sarif report and KICS CLI results in #6845
feat(query): cloudformation DynamoDB Table Not Encrypted in #6619
feat(cli): control the information in #6854
feat(query): docker compose Shared Volumes Between Containers in #6714
feat(query): cloudformation ECS Cluster with Container Insights Disabled in #6673
feat(query): crossplane ECS Cluster with Container Insights Disabled in #6675
feat(query): pulumi ECS Cluster with Container Insights Disabled in #6678
feat(cwe): adding CWE results into all reports in #6876
feat(query): cloud formation api gateway access logging disabled in #6863
🐛 Bug fixes
fix(query): lambda_iam_invokefunction_misconfigured by @Tohar-orca in #6822
fix(test): sort paths related to the e2e in #6848
fix(engine): improve ansible detection in #6880
fix(query): unnecessary private information in #6716
fix(query): terraform descriptionURLs Changed in #6486
fix(query): fixed false positive when no pid namespace is defined in #6860
fix(query): docker compose deprecated network not set in #6715
fix(query): improve query Key Vault Not Recoverable in #6862
fix(query): terraform DynamoDB Table Point In Time Recovery Disabled in #6617
fix(query): pulumi DynamoDB Table Point In Time Recovery Disabled in #6624
fix(query): deprecated Memcached disabled query in #6642
fix(query): checkFollowedBy query refactor in #6545
fix(query): iam_access_analyzer_not_enabled skipping files in #6873
fix(query): cloudformation cloudFront_without_waf in #6641
fix(query): countLines, IgnoreLines and fileCommands in #6611
fix(flag): validating if output path is valid in #6877
fix(tests): uncommon testing in #6898
fix(dependencies): replace directive order update in #6903
fix(query): openapi Maximum Length Undefined in #6717
fix(analyzer): gitignore only being used to exclude files from the project itself in #6896
📦 Dependency updates bumps
build(deps): bump helm.sh/helm/v3 from 3.13.1 to 3.14.1 in #6884
update(buildkit): buildkit upgrade to v0.12.5 in #6912
build(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 in #6900
👻 Maintenance
docs(guides): remove ZWSPs & align column separators by @katrinleinweber in #6852
update(docs): docs website upgrade in #6879
feat(docs): add community section in #6838
update(action): tj-actions/verify-changed-files version upgrade in #6842
docs(community): add Bedrock Streaming to users list in #6843
update(docs): update info how to scan zip files in #6855
update(readme): all rights reserved year updated in #6872
docs(queries): update queries catalog in #6856
docs(community): add Keptn Lifecycle Toolkit in #6894
update(repo): repo code cleaning removing unnecessary files in #6895
update(docs): results documentation update in #6885
update(docs): running kics documentation update in #6886
update(docs): add documentation for parallel flag in #6907
update(metadata): description texts are updated in #6908
update(docs): tencent cloud logo added in #6909
New Contributors
@katrinleinweber made their first contribution in #6852
@JulioSCX made their first contribution in #6860
@Jeeppler made their first contribution in #6839
@EduardoSemanas made their first contribution in #6898
@hellertang made their first contribution in #6904
Contributors
Assets 3
v1.7.12
🚀 New features and improvements
feat(engine): improve detection of Ansible host files in #6816
feat(databricks): init terraform databricks rules by @dim-ops in #6086
feat(nifcloud): add nifcloud engine support by @tunakyonn in #6314
feat(engine): resolve references between files as flag in #6789
feat(engine): improve experimental signal on the results and cli in #6798
feat(cli): add new flag --max-file-size to control the max file size by @tomk-orca in #6670
feat(kics): add platform field to sarif format by @Dstklr in #6809
🐛 Bug fixes
fix(parser): reduce complexity of initializeJSONLine by @leadpogrommer in #6807
fix(parser): tf function evaluation - uknown type by @liorj-orca in #6801
fix(deps): update go version version in debian image in #6794
fix(metrics): add buildah and cicd to queries count in #6830
fix(query): fix ssl reference in queryname for cloud sql by @bbbbbrie in #6818
fix(converter): improve check dynamic known types by @liorj-orca in #6815
📦 Dependency updates bumps
ci(deps): bump golang from 1.21.0-alpine to 1.21.5-alpine in #6823
update(deps): security improvements in #6810
👻 Maintenance
update(metadata): queries validator schema updated in #6803
update(action): go-ci-metrics.yaml master to v4 in #6834
update(metadata): cwe item added into queries metadata.json in #6829
docs(queries): update queries catalog in #6835
docs(queries): update queries catalog in #6804
update(docs): remove discord badge in #6817
update(docs): fix typo 'postitive' and update makefile in #6813
update(docs): nifcloud and opentofu logos added in #6808
update(readme): add information regarding beta features in #6805
New Contributors
@tunakyonn made their first contribution in #6314
@bbbbbrie made their first contribution in #6818
@leadpogrommer made their first contribution in #6807
@Dstklr made their first contribution in #6809
@ArturRibeiro-CX made their first contribution in #6830
Contributors
Assets 3
v1.7.11
🚀 New features and improvements
feat(engine): improve detection of Ansible files in #6773
feat(engine): experimental queries as feature flag in #6769
feat(kics): create a kics-queries-repo branch for all queries each release in #6788
feat(panic): add recover for query evaluation process by @liorj-orca in #6770
🐛 Bug fixes
fix(query): dockerfile image_version_not_explicit in #6713
fix(query): added new way of setting extended_auditing_policy in tf azure to the query in #6727
fix(package): fixed version packages in #6679
fix(deps): improve security in #6784
fix(workflow): update release-kics-queries-repo-branch.yaml in #6792
fix(query): iam_access_analyzer_not_enabled in #6553
fix(query): meaningful "Value" and "Expected Value" in multiple queries in #6780
fix(query): false positive detections in "api_key_exposed" function by @Tohar-orca in #6757
👻 Maintenance
docs(queries): fix typo in #6778
docs(queries): update queries catalog in #6775
Contributors
Assets 3
v1.7.10
🐛 Bug fixes
fix(docker): experimental-queries.json: no such file or directory in #6755
fix(query): terraform alb_is_not_integrated_with_waf in #6636
fix(query): dockerfile unpinned_package_version_in_pip_install in #6637
👻 Maintenance
docs(experimentalfeature): update docs for experimental queries by @asofsilva in #6748
New Contributors
@asofsilva made their first contribution in #6748
