integrations v1.5.12 updated #5631

rafaela-soares · 2022-07-21T09:26:43Z

Proposed Changes

integrations v1.5.12 updated

I submit this contribution under the Apache-2.0 license.

* Update README.md * Update README.md * fixed GetExcludePaths * correcting log msg

* docs: preparing for release 1.5.7 * updated version Co-authored-by: rafaela-soares <[email protected]> Co-authored-by: rafaela-soares <[email protected]>

) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.4 to 1.44.5. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.4...v1.44.5) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.5 to 1.44.6. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.5...v1.44.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…20 (#5292) * Queries severity and category change * update SNS Topic is Publicly Accessible ansible * update SNS Topic is Publicly Accessible for cF * update SNS Topic is Publicly Accessible ansible * update description * change any principal check * update CloudTrail Log Files Not Encrypted With CMK * update yaml sample * change yaml sample * update line * fix issues * fixing e2e errors

This change is possible as core team members mostly create PRs instead of opening issues.

) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.6 to 1.44.7. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.6...v1.44.7) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: rogeriopeixotocx <[email protected]>

…rs (RBAC) (#5266)

…5267)

…(RBAC) (#5268)

* update installation options and notes Signed-off-by: Thomas Sjögren <[email protected]> * fix links Signed-off-by: Thomas Sjögren <[email protected]> * another broken link Signed-off-by: Thomas Sjögren <[email protected]> * add deprecated Homebrew instructions Signed-off-by: Thomas Sjögren <[email protected]>

Signed-off-by: joaorufi <[email protected]>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 3.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v2.10.0...v3.0.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@v1.14.1...v2.0.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.7 to 1.44.8. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.7...v1.44.8) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update check for matching labels * update label checking method & queries description * update keyExpectedValue * update description

…n To Internet (#5307) * docs(kicsbot): update images digest (#5302) Co-authored-by: rogeriopeixotocx <[email protected]> * update open port aws queries name * add fileName Co-authored-by: rogeriopeixotocx <[email protected]>

broken markdown syntax without line before list

Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](docker/setup-qemu-action@v1...v2) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.8 to 1.44.9. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.8...v1.44.9) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.10.2 to 0.10.3. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](moby/buildkit@v0.10.2...v0.10.3) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…dcard_in_rule k8s rule (#5264) * fix(query): adjusted severity rating and added searchLine in rbac_wildcard_in_rule k8s rule * updated severity to HIGH

…netes (#5326) * add audit policy check * empty commit

…ome providers (#5313) * add check for inbound direction * add check for inbound direction * update alicloud queries to check for ingress * change function Name * empty commit

* (kics auto remediation): first approach * adding tests * replacement approach change * added E2E tests * fixing unit test + improving * fix errors * fix * correcting f.Close * improving * improving * fixing E2E * test * adding more tests * fixing codacy issue * improving tests * improving writeRemediation * requested changes * correcting cli_test.go * fixing E2E file permissions * changing permissions * improving * improving * correcting * correcting * restricting to .tf

) * add check for ALB's * remove valid_key * change code samples

#5584) * (kics auto remediation): first approach * adding tests * replacement approach change * QUERIES THAT VERIFY A FIELD SET TO FALSE * added E2E tests * fixing unit test + improving * fix errors * fix * correcting f.Close * FIELD SET TO AN UNRECOMMENDED VALUE * improving * VERIFY A FIELD SET TO TRUE * c * improving * fixing E2E * test * adding more tests * fixing codacy issue * correcting E2E_CLI_033_RESULT.json * correcting E2E * improving tests * improving writeRemediation * requested changes * correcting cli_test.go * fixing E2E file permissions * changing permissions * improving * improving * correcting * correcting * restricting to .tf Co-authored-by: rafaela-soares <[email protected]>

#5600) * (kics auto remediation): first approach * adding tests * replacement approach change * alicloud * QUERIES THAT VERIFY A FIELD SET TO FALSE * UNRECOMMENDED VALUE * added E2E tests * fixing unit test + improving * fix errors * fix * correcting f.Close * improving * improving * fixing E2E * test * adding more tests * fixing codacy issue * improving tests * testing permissions on Dockerfile.ubi8 * Merge branch 'kics_auto_remediation/terraform_alic * remove changes * delete newline at file end Co-authored-by: rafaela-soares <[email protected]>

…ries (#5601) * (kics auto remediation): first approach * adding tests * replacement approach change * added E2E tests * fixing unit test + improving * fix errors * fix * correcting f.Close * improving * improving * fixing E2E * test * AZure remediation * adding more tests * fixing codacy issue * improving tests * testing permissions on Dockerfile.ubi8 * update mutex * update * improving queries + tests * improving * correcting golint issues * improving * correcting GetRemediationSets * improving * removing go routines from testRemediationQuery Co-authored-by: rafaela-soares <[email protected]>

…5603) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.54 to 1.44.55. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.54...v1.44.55) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: rafaela-soares <[email protected]>

…ueries (#5602) * (kics auto remediation): first approach * adding tests * replacement approach change * added E2E tests * fixing unit test + improving * fix errors * fix * correcting f.Close * improving * improving * fixing E2E * test * adding more tests * queries remediation * fixing codacy issue * improving tests * testing permissions on Dockerfile.ubi8 * update * update * update * update tests Co-authored-by: rafaela-soares <[email protected]>

…urity queries (#5606) * (kics auto remediation): first approach * adding tests * replacement approach change * added E2E tests * fixing unit test + improving * fix errors * fix * correcting f.Close * improving * improving * fixing E2E * test * adding more tests * fixing codacy issue * stage * improving tests * stage * testing permissions on Dockerfile.ubi8 * stage * fix merge * deleting * adding another check to getPayload * improving * change policies * update query to support value as string Co-authored-by: rafaela-soares <[email protected]>

fix(kics_ar): reverting go routine

* docs: preparing for release 1.5.12 * change version Co-authored-by: cxMiguelSilva <[email protected]> Co-authored-by: cxMiguelSilva <[email protected]>

…5613) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.55 to 1.44.56. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.55...v1.44.56) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…5617) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.56 to 1.44.57. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.56...v1.44.57) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps alpine from 3.16.0 to 3.16.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: nunoocx <[email protected]>

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v3.0.0...v3.1.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…5624) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.57 to 1.44.58. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.57...v1.44.58) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [github.com/BurntSushi/toml](https://github.com/BurntSushi/toml) from 1.1.0 to 1.2.0. - [Release notes](https://github.com/BurntSushi/toml/releases) - [Commits](BurntSushi/toml@v1.1.0...v1.2.0) --- updated-dependencies: - dependency-name: github.com/BurntSushi/toml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…5628) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.58 to 1.44.59. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](aws/aws-sdk-go@v1.44.58...v1.44.59) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: João Reigota <[email protected]> Co-authored-by: Rafaela Soares <[email protected]>

rafaela-soares and others added 30 commits May 2, 2022 11:05

fix(filesystem): GetExcludedPaths (#5288)

3478587

* Update README.md * Update README.md * fixed GetExcludePaths * correcting log msg

docs: preparing for release 1.5.7 (#5289)

1b5a6b9

* docs: preparing for release 1.5.7 * updated version Co-authored-by: rafaela-soares <[email protected]> Co-authored-by: rafaela-soares <[email protected]>

docs(kicsbot): update images digest (#5300)

d332f8b

update Network ACL With Unrestricted Access To RDP (#5296)

6b42599

Add community tag to new issues by default

c2993ec

This change is possible as core team members mostly create PRs instead of opening issues.

docs(kicsbot): update images digest (#5302)

72ad390

Co-authored-by: rogeriopeixotocx <[email protected]>

feat(query): add new k8s rule to detect port-forwarding into containe…

3e358e6

…rs (RBAC) (#5266)

feat(query): add new k8s rule to detect account impersonation (RBAC) (#…

cfba9a8

…5267)

feat(query): add new k8s rule to detect bind or escalate permissions …

9baf524

…(RBAC) (#5268)

feat(query): add new k8s rule to detect exec permissions (RBAC) (#5286)

8fa646c

update Missing Flag From Dnf Install (#5310)

ea1d7dd

removed results report formats list from docs (#5308)

cabd053

Signed-off-by: joaorufi <[email protected]>

update(query): StatefulSet Without Service Name for Kubernetes (#5303)

d5a2d15

* update check for matching labels * update label checking method & queries description * update keyExpectedValue * update description

delete check for incorrect default (#5314)

3955d59

doc: fix syntax (#5309)

c7a6473

broken markdown syntax without line before list

fix(query): adjusted severity rating and added searchLine in rbac_wil…

5a85316

…dcard_in_rule k8s rule (#5264) * fix(query): adjusted severity rating and added searchLine in rbac_wildcard_in_rule k8s rule * updated severity to HIGH

update(query): Audit Policy Not Cover Key Security Concerns for Kuber…

440baab

…netes (#5326) * add audit policy check * empty commit

update(queries): Add check for traffic direction in port queries in s…

8dbe997

…ome providers (#5313) * add check for inbound direction * add check for inbound direction * update alicloud queries to check for ingress * change function Name * empty commit

rafaela-soares and others added 27 commits July 14, 2022 14:19

fix(query): add check for ALB use in Terraform AWS Security Query (#5593

55aefaa

) * add check for ALB's * remove valid_key * change code samples

docs(kicsbot): update images digest (#5604)

1d591b0

reverting go routine

eb8abf1

Merge pull request #5608 from Checkmarx/fix/kics_ar

cf023ce

fix(kics_ar): reverting go routine

docs: preparing for release 1.5.12 (#5610)

902fa7b

* docs: preparing for release 1.5.12 * change version Co-authored-by: cxMiguelSilva <[email protected]> Co-authored-by: cxMiguelSilva <[email protected]>

docs(kicsbot): update images digest (#5614)

7e8b65d

docs(kicsbot): update images digest (#5619)

5364536

docs(kicsbot): update github-action image digest (#5620)

a8e7a61

Co-authored-by: nunoocx <[email protected]>

docs(kicsbot): update images digest (#5625)

278acb1

docs(kicsbot): update images digest (#5629)

20c1b63

fix(detector): fixed memory leak (#5626)

0ac33a5

Co-authored-by: João Reigota <[email protected]> Co-authored-by: Rafaela Soares <[email protected]>

Merge branch 'master' into integrations_v1.5.12_updated

16f8b86

correcting dockercompose-queries.md

87a5fa9

cx-joao-reigota approved these changes Jul 21, 2022

View reviewed changes

rafaela-soares merged commit 56de0f0 into integrations Jul 21, 2022

rafaela-soares deleted the integrations_v1.5.12_updated branch July 21, 2022 09:59

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

integrations v1.5.12 updated #5631

integrations v1.5.12 updated #5631

rafaela-soares commented Jul 21, 2022

integrations v1.5.12 updated #5631

integrations v1.5.12 updated #5631

Conversation

rafaela-soares commented Jul 21, 2022