Releases: Checkmarx/kics
v1.4.4
Added
17 new queries
add support to AWS JSON filter pattern expressions for CIS benchmark rules related with alarms (#4204)
add support to terraform verified modules (62 queries updated) (#4203)
add teamcity integration example (#4259)
add E2E tests to cover new flags (#4313)
Changed
removing progress bar when --log-level=debug (#4246)
passwords and secrets detection now looks into .tfvars (#4291)
Fixed
improved queries accuracy (#4254) (#4317) (#4319) (#4318)
improved passwords and secrets accuracy (#4207) (#4209)
fix respect http_proxy environment variable (#4283)
fix issue with parser returning panic #4223 (#4224)
fix yaml parser not returning invalid yaml error (#4226)
fix terraform parser returning null instead of empty array (#4248)
fix secrets inspector to remove queries (#4309)
v1.4.3
Changelog
New
20 new queries
Rewrite passwords and secrets query to use regex based strategy (#4166)
Add flag --disable-secrets to disable passwords and secrets query (#4166)
Add flag --secrets-regexes-path to override password and secrets query configuration rules (#4166)
--libraries-path supports git repositories and compressed files (#4156)
Add TravisCI example and docs (#4186)
Using docker image for bitbucket pipelines (#4169)
Fixed
Moving custom library not provided warning to debug level (#4182)
Fixed getLibraries to execute once, instead of multiple times for every query (#4155)
Fix cloudwatch_metrics_disabled check correct resource and field (#4184)
v1.4.2
Changelog
New
11 new queries
Add line information to the payload increasing detect line precision (#3977)
Add flag --exclude-severities to filter by severities (#4114)
Integrated --queries-path flag with go-getter enabling to get queries from archived files and git repos (#4119)
Rego libraries are now embedded in the binary, --libraries-path can be provided to override them (#4115)
Refactored flags definition and added flags validation (#4091)
Fixed
Broken PDF report style #4129 (#4135)
Bug in finding libraries path in Windows (#4082)
Treated unhandled errors in printer.go, detector/helper.go (#4102)
KICS integrations docs and examples (#4087)
Improved several queries (accuracy, samples and metadata)
Fixed documentation typos
v1.4.1
Changelog
New
Add 12 New queries
Added a ignore/disable/enable feature on commented files (#4003)
Deprecated --disable-cis-descriptions flag in favor of --disable-full-descriptions
Refactored queries that used object.get to verify key existence
Refactored scan to use JSON file to create flags (#4006)
Refactored query to use walk (#4067)
Fixed
Removed counters from the progress bar (#3989) (#4046)
Removing ENTRYPOINT from debian images fixes #4066 (#4068)
Fixing bug related to flag -q and adding new cli flag related to library path (-b) (#3900)
Spelling mistake in scan.go (#4015)
Incorrect descriptionUrl in 'HTTP Port Open' query for CloudFormation (#4050)
apispec-70a78b3a
fix release apispec (#4026)
v1.4.0
New
Add support for Azure Resource Manager
Add support for Terraform functions (#3887) (Improves queries accuracy)
Add Center for Internet Security (CIS) descriptions (#3839)
Add flag for filtering by cloud provider (#3897)
Fixed
Renamed crash report variable (#3883)
fix: kics go-getter integration not working inside docker container #3878 (#3880)
fix(cli): correcting wrong path when printing result from remote repository #3982
fix(query): Fix Passwords query FN (#3886)
fix(parser): Fixed issue when trying to parse invalid variable (#3908)
fix(docs): Fixed CSV export on queries page (#3890)
fix(docs): fix missing scan integrations_jenkins.md (#3917)
v1.3.5
Added
+11 new queries
feat(engine): integrate go-getter with KICS to download samples before scan (#3745)
feat(engine): add --input-data option (#3808)
Changed
docs(catalog): split query list per subplatform (#3855)
ci(deps): bump actions/setup-node from 2.1.5 to 2.2.0 (#3797)
ci(deps): bump docker/build-push-action from 2.5.0 to 2.6.1 (#3800)
build(deps): bump helm.sh/helm/v3 from 3.6.1 to 3.6.2 (#3780)
build(deps): bump github.com/tdewolff/minify/v2 from 2.9.18 to 2.9.19 (#3832)
build(deps): bump github.com/zclconf/go-cty from 1.8.4 to 1.9.0 (#3831)
build(deps): bump github.com/google/uuid from 1.2.0 to 1.3.0 (#3851)
Fixed
fix(core): corrected detect line to check first term when multiple terms (#3834)
fix(query): changed search key from Using Default Namespace query to be more accurate (#3828)
fix(query): corrected npm query to skip flag parameters (#3835)
fix(general): fixed some sonar issues (#3825)
fix: wrong version github aciton workflow example (#3812)
fix: examples and docs (#3863)
v1.3.4
Added
+38 Queries (33 openapi + 4 terraform + 1 cloudformation)
Improved queries accuracy - Fixed FP and FN
feat(engine): extract zip files passed as scan --path (#3737)
Changed
file paths are now always relative in stdout and reports
docs(guides): expanded 'Query Development Tutorial' (#3747)
build(deps): bump github.com/spf13/viper from 1.8.0 to 1.8.1 (#3761)
build(deps): bump github.com/tdewolff/minify/v2 from 2.9.17 to 2.9.18 (#3756)
build(deps): bump github.com/johnfercher/maroto from 0.31.0 to 0.33.0 (#3757)
build(deps): bump github.com/zclconf/go-cty from 1.8.3 to 1.8.4 (#3727)
build(deps): bump helm.sh/helm/v3 from 3.6.0 to 3.6.1 (#3687)
Fixed
fix(detector): panic with docker detector multilineSpliter #3784 (#3786)
fix(core): accept folders names with dots (#3775)
fix(cli): display PDF file creation report in stdout (#3740)
ci: fixing assets installation with install script (#3732)
v1.3.3
Added
+89 new queries
feat(report): pdf report #3488 (#3556)
feature(docs): using mkdocs-material theme (#3521)
feat(query): support OpenAPI 2.0/swagger with shared queries (#3492)
Changed
tests: increased unit testing to 85% (#3623)
docs(catalog): support override in query catalog generation (#3555)
chore(deps): bump github.com/open-policy-agent/opa from 0.28.0 to 0.29.4 (#3503)
chore(deps): bump github.com/rs/zerolog from 1.22.0 to 1.23.0 (#3634)
chore(deps): bump github.com/spf13/viper from 1.7.1 to 1.8.0 (#3671)
chore(deps): bump github.com/golang/mock from 1.5.0 to 1.6.0 (#3635)
Fixed
fix(parser): yaml parser panics on templated files (#3531) #3529
fix(report): relative filepaths in report.json #3676 (#3678)
fix(query): generate different similarity id for each unpinned package (#3673)
fix(ci): install script not adjusting arch from amd64 to x64 (#3632)
fix(metrics): fix get-metrics.py for openapi (#3525)
fix(ci): release dkr image debian digest (#3522)
v1.3.2
Added
+27 new queries
feat(report): add Gitlab SAST report #3432
feat(cli): include queries filter #3431
feat(report): add path, platform, start and end times to HTML report #3455
feat(cli): add flag to define default name #3441
feat(query): add Passwords And Secrets In URL common query #2785 #3459
Changed
removed dup queries #3394 #3424 #3490
docs(integrations): fixing github actions docs closes #3393 #3400
feat(metrics): metrics default to 'ms' and 'b' for 'ci' flag #3477 #3476 #3504
refactor(query): containers_run_with_low_uid rewrite #3430
chore(deps): bump github.com/agnivade/levenshtein from 1.1.0 to 1.1.1 #3404
chore(deps): bump ref nats-server 2.1.9 to 2.2.5 #3410
chore(deps): bump github.com/getsentry/sentry-go from 0.10.0 to 0.11.0 #3416
chore(deps): bump helm.sh/helm/v3 from 3.5.4 to 3.6.0 #3483
Fixed
fix: FP queries #3463 #3486 #3496 #3466
fix(parser): fixed MarshalJSON Error on YAML Extend #3414 #3423
fix(report): update gitlab report fields to match proper formatting #3460
fix(detector): fixed bug with dectector getting the wrong line #2010 #3471
fix(detector): fixed bug with Detect line does not work for OpenAPI template path #3386 #3397
fix(query): issue with '/' on absolute path query from dockerfile
fix(query): fixed issue containers_running_as_root #3412 #3422
fix(issueType): fixing issueTypes for multiple queries and adding test #3399
fix(analyzer): Removed spec property from K8s file Analyzer #3461 #3462
fix(quality): sonarcloud code smells (#3418)