v0.94.1

What's Changed

• chore(deps): Update to conform for checks/ project structure by @simar7 in #1523

Full Changelog: v0.94.0...v0.94.1

v0.94.0

What's Changed

• refactor(defsec): Refactor defsec into components by @simar7 in #1460
• fix(terraform): fix merging of context variables by @nikpivkin in #1475
• chore(deps): bump github.com/liamg/memoryfs from 1.4.3 to 1.6.0 by @dependabot in #1477
• chore(deps): bump golang.org/x/text from 0.11.0 to 0.13.0 by @dependabot in #1478
• chore(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1 by @dependabot in #1480
• feat(rule): add a method for evaluation by @nikpivkin in #1482
• fix(terraform): check if module is local by @nikpivkin in #1483
• chore(docs): Update docs by @simar7 in #1489
• fix: remove PodSecurityPolicy field by @nikpivkin in #1492
• feat(aws): support for CloudFrontDefaultCertificate and SSLSupportMethod by @nikpivkin in #1495
• feat(google): support for purpose field of a compute subnetwork by @nikpivkin in #1494
• feat(terraform): add support for AWS provider block by @nikpivkin in #1493
• refactor(google): update DNSManagedZone resource structure by @nikpivkin in #1496
• refactor: rename providers to meta by @nikpivkin in #1498
• refactor(pkg/iac): Bring back some trivy-iac pkgs by @simar7 in #1499
• chore(deps): bump github.com/hashicorp/hcl/v2 from 2.17.0 to 2.19.1 by @dependabot in #1484
• chore(deps): bump github.com/google/uuid from 1.3.1 to 1.4.0 by @dependabot in #1487
• chore(deps): bump golang.org/x/text from 0.13.0 to 0.14.0 by @dependabot in #1491
• feat: k8s policy subtype support by @chen-keinan in #1502
• feat(terraform): add a method to replace the value in the context by @nikpivkin in #1504
• feat(gke): datapath provider support for the cluster by @nikpivkin in #1505
• feat(terraform): fill in the arn attribute for bucket by @nikpivkin in #1506
• feat(digitalocean): support for redirect_http_to_https for load balancer by @nikpivkin in #1507
• feat(ec2): name support for the launch template by @nikpivkin in #1509
• chore(deps): bump github.com/google/uuid from 1.4.0 to 1.5.0 by @dependabot in #1508
• fix(terraform): fix reference extraction from TupleConsExpr by @nikpivkin in #1510
• feat(rego): Add aliasing support by @simar7 in #1515
• feat: generate allowed actions by @nikpivkin in #1488
• chore: generate schema by @nikpivkin in #1517
• fix(rego): Ignore case when scanning k8s subtype by @simar7 in #1516
• chore(deps): bump github.com/open-policy-agent/opa from 0.58.0 to 0.60.0 by @dependabot in #1511
• chore(deps): bump github.com/aquasecurity/trivy-policies from 0.6.1-0.20231120231532-f6f2330bf842 to 0.7.0 by @dependabot in #1501
• chore(deps): bump github.com/go-git/go-git/v5 from 5.8.1 to 5.11.0 by @dependabot in #1518
• chore(deps): bump github.com/cloudflare/circl from 1.3.3 to 1.3.7 by @dependabot in #1519
• chore(deps): bump golang.org/x/sync from 0.4.0 to 0.6.0 by @dependabot in #1521
• chore(deps): bump golang.org/x/net from 0.19.0 to 0.20.0 by @dependabot in #1522

Full Changelog: v0.93.1...v0.94.0

v0.93.1

What's Changed

• chore: bump Go to 1.20 by @nikpivkin in #1468
• fix(terraform): do not scan local modules as root modules by @nikpivkin in #1467

Full Changelog: v0.93.0...v0.93.1

v0.93.0

What's Changed

• feat(cloud): add the DeletionProtection attribute to the RDS Cluster by @dorayakikun in #1443
• chore(deps): bump github.com/cyphar/filepath-securejoin from 0.2.3 to 0.2.4 by @dependabot in #1451
• chore(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3 by @dependabot in #1452
• fix(terraform): convert input variables to expected type by @nikpivkin in #1453
• fix(terraform): detect recursive modules by @nikpivkin in #1454
• fix: Fix rendering of map slices in Terraform resource block by @dorayakikun in #1450
• fix(terraform): check if SSE configuration block is nil by @nikpivkin in #1457
• feat: Add support for skip_final_snapshot by @dorayakikun in #1449
• fix(azure): Bump up min_tls_value for storage adapters by @simar7 in #1458

New Contributors

• @dorayakikun made their first contribution in #1443

Full Changelog: v0.92.0...v0.93.0

v0.92.0

What's Changed

• fix(terraform): improve VPC adapt by @nikpivkin in #1422
• ci(test): add trivy tests by @nikpivkin in #1400
• Incorporated the recently added Regos from the commercial into the oss by @mjshastha in #1418
• fix(terraform): improve detection of terraform files by @nikpivkin in #1426
• fix(terraform): do not check network policy if enable_autopilot is true by @nikpivkin in #1420
• chore(github): Remove test-trivy integration test by @simar7 in #1430
• feat(cloud): AVD-AWS-0057 does not detect cases where the log stream is a wildcard by @int-tt in #1429
• feat(cloud): add availability zone filed for rds cluster by @int-tt in #1424
• Anonymous user access binding to RoleBinding and ClusterRoleBinding by @KiranBodipi in #1433
• Modified the Rego policies within Defsec to incorporate subtype selectors. by @mjshastha in #1434
• chore(deps): bump github.com/hashicorp/hcl/v2 from 2.14.1 to 2.17.0 by @dependabot in #1407
• Revise the description and other relevant elements in the defsec to align with the commercial. by @mjshastha in #1432
• chore(deps): bump github.com/zclconf/go-cty-yaml from 1.0.2 to 1.0.3 by @dependabot in #1408
• fix: make operations with reference key safe by @nikpivkin in #1425
• test(bundle): Add bundle integration testing by @simar7 in #1421
• fix(aws): remove duplicate bucket logging rule by @nikpivkin in #1423
• ci: make the OPA installation more reliable by @nikpivkin in #1439
• chore: remove deprecated dead code linters from the rules by @nikpivkin in #1442

New Contributors

• @KiranBodipi made their first contribution in #1433

Full Changelog: v0.91.1...v0.92.0

v0.91.1

What's Changed

• fix: Typo by @testwill in #1413
• chore(k8s): Fix a flaky test by @simar7 in #1415
• chore(policies): Move s3 policies to rules dir by @simar7 in #1416
• feat(rego): Skip dotfiles by @simar7 in #1414
• fix(aws): use correct signing region by @nikpivkin in #1411

Full Changelog: v0.91.0...v0.91.1

v0.91.0

What's Changed

• feat(terraform): support for multiple instances of the same resource by @nikpivkin in #1374
• fix(doc): update the links to authorized_ip_ranges by @nikpivkin in #1381
• Support define api-versions for helm scanner by @jkroepke in #1361
• test(terraform): add a test for the skip downloaded option by @nikpivkin in #1384
• Revert "Revert "feat(scanner): Break out options for enabling libs and policies (#1280)" (#1298)" by @simar7 in #1357
• fix(terraform): check that the expiration_date is string by @nikpivkin in #1387
• fix(docker): check the -y flag after packages by @nikpivkin in #1388
• fix(cloudformation): evaluate the value for a property when comparing by @nikpivkin in #1393
• fix(cloudformation): set context for conditions by @nikpivkin in #1389
• feat: add the occurrences field by @nikpivkin in #1383
• fix(cloudformation): resolve property depending on conditions by @nikpivkin in #1396
• fix(cloudformation): fix panic when use pseudo-parameters NoValue or NotificationARNs by @nikpivkin in #1395
• fix(arm): use correct type casting for ints in azure scan by @nikpivkin in #1376
• fix(docker): check the --no-install-recommends flag after packages by @nikpivkin in #1375
• feat(cloudformation): add support for the condition function by @nikpivkin in #1394
• feat(cloudformation): add support for the length function by @nikpivkin in #1397
• chore(github): Enable merge-queues for defsec PRs by @simar7 in #1403
• chore(github): Bypass CLA check by @simar7 in #1404
• chore(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 by @dependabot in #1378
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/ecs from 1.18.26 to 1.28.1 by @dependabot in #1390
• bump github.com/aws/aws-sdk-go-v2/service/iam from 1.19.12 to 1.21.1 by @dependabot in #1392
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/athena from 1.18.10 to 1.30.4 by @dependabot in #1391
• fix(cloudformation): s3 object_lock_configuration sets versioning to true by @nikpivkin in #1398
• Our objective is to align the titles and logic with the commercial version. by @mjshastha in #1382
• Update rego title in OSS defsec Part2 by @mjshastha in #1386

New Contributors

• @jkroepke made their first contribution in #1361
• @mjshastha made their first contribution in #1382

Full Changelog: v0.90.3...v0.91.0

v0.90.3

What's Changed

• fix(windows): Use homedrive if available by @simar7 in #1373

Full Changelog: v0.90.2...v0.90.3

v0.90.2

What's Changed

• perf(detection): use strings.Builder by @nikpivkin in #1366
• docs: fix the path to policies by @nikpivkin in #1367
• fix(windows): Use correct homedir on Windows by @simar7 in #1368
• fix(terraform): allow nullable value for default values of vars by @nikpivkin in #1370
• fix(opa): Continue upon filter fs errors by @simar7 in #1369
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/efs from 1.20.1 to 1.20.3 by @dependabot in #1362
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/eks from 1.22.1 to 1.27.14 by @dependabot in #1363
• chore(deps): bump github.com/moby/buildkit from 0.11.4 to 0.11.6 by @dependabot in #1364
• chore(deps): bump github.com/aws/aws-sdk-go-v2/service/kms from 1.21.1 to 1.23.0 by @dependabot in #1371

New Contributors

• @nikpivkin made their first contribution in #1366

Full Changelog: v0.90.1...v0.90.2

v0.90.1

What's Changed

• Update CONTRIBUTING.md by @simar7 in #1360
• fix(cloud): Fix KMSKeyID check by @simar7 in #1359

Full Changelog: v0.90.0...v0.90.1