v1.11.2

What's Changed

• fix: skip images without registry in KSV0125 by @nikpivkin in #428

Full Changelog: v1.11.1...v1.11.2

v1.11.1

What's Changed

• Revert "docs: add example check for Terraform Raw Format (#411)" by @simar7 in #427

Full Changelog: v1.11.0...v1.11.1

v1.11.0

What's Changed

• fix: detect unspecified securityContext in KSV118 by @nikpivkin in #402
• Fix unreachable URL of AVD-AWS-0320 metadata by @nekketsuuu in #406
• Fix filename in CONTRIBUTING.md by @nekketsuuu in #407
• chore(deps): bump the go_modules group with 2 updates by @dependabot in #405
• chore(deps): bump the common group across 1 directory with 2 updates by @dependabot in #408
• chore(deps): bump oras-project/setup-oras from 1.2.2 to 1.2.3 in the github-actions group by @dependabot in #403
• chore: update azure examples by @nikpivkin in #412
• fix: correctly detect empty objects in KSV118 by @nikpivkin in #410
• fix: make wildcard match in IAM policy checks case-insensitive by @nikpivkin in #413
• refactor(checks): Flatten all kubernetes checks by @simar7 in #414
• chore(docs): Improve code clarity and consistency through minor refinements by @arpitjain099 in #417
• Fix misconfigurations in code especially in yaml files by @arpitjain099 in #418
• lint: enable 'duplicate-rule' rule by @nikpivkin in #420
• chore: remove unnecessary regal lint arguments by @nikpivkin in #419
• feat: combine multiple image registry checks into one by @nikpivkin in #391
• chore: pass schemas to opa test by @nikpivkin in #386
• lint: enable some rules from bugs category by @nikpivkin in #422
• chore: update aws emr, iam, kinesis, kms, lambda examples by @nikpivkin in #423
• lint: add regal rule to check data import prefix by @nikpivkin in #415
• refactor(test): use testcontainers-go for running Trivy by @nikpivkin in #424
• refactor(test): use metadata package to validate uniqueness of AVD IDs by @nikpivkin in #426
• refactor(test): use custom types for Trivy report parsing by @nikpivkin in #425
• fix(checks): Separate out unrestricted S3 checks by @simar7 in #409
• docs: Add a note for cost consideration for AVD-AWS-0090 aws-s3-enable-versioning by @nekketsuuu in #421
• docs: add example check for Terraform Raw Format by @nikpivkin in #411

New Contributors

• @nekketsuuu made their first contribution in #406
• @arpitjain099 made their first contribution in #417

Full Changelog: v1.10.0...v1.11.0

v1.10.0

What's Changed

• feat(checks): Improve AVD-AWS-0345 by @simar7 in #398

Full Changelog: v1.9.0...v1.10.0

v1.9.0

What's Changed

• fix: add kind to input selector in KSV039 and KSV040 by @nikpivkin in #377
• fix: do not check default security group in AVD-AWS-0099 by @nikpivkin in #379
• chore: update aws elasticache, elasticsearch and elb examples by @nikpivkin in #368
• chore: update aws/eks examples by @nikpivkin in #365
• chore: update aws codebuild, config, dynamodb, documentdb examples by @nikpivkin in #359
• chore: update neptune, redshift, sam examples by @nikpivkin in #382
• chore: update aws sns, sqs, ssm, workspace examples by @nikpivkin in #381
• fix: check only managed load balancers by @nikpivkin in #369
• fix: skip GKE Autopilot clusters in AVD-GCP-0048 by @nikpivkin in #384
• fix(checks): Update description of KSV037 by @simar7 in #380
• chore(deps): bump the common group across 1 directory with 6 updates by @dependabot in #383
• feat(checks): Restrict s3 from wild card access by @simar7 in #373
• ci: use Skitionek/notify-microsoft-teams instead of aquasecurity fork by @DmitriyLewen in #389
• feat: add support for new allowed sysctls in AVD-KSV-0026 by @nikpivkin in #388
• feat: consider k8s version in sysctls checks in KSV026 by @nikpivkin in #390
• chore: update kubernetes, openstack and oracle examples by @nikpivkin in #392
• chore: update cloudstack, digitalocean and github examples by @nikpivkin in #393
• chore: update nifcloud examples by @nikpivkin in #395
• chore: update google bigquery, compute, dns, kms examples by @nikpivkin in #396
• chore: update google gke, iam, sql, storage examples by @nikpivkin in #397
• chore: update aws mq, msk, rds, s3 examples by @nikpivkin in #400
• chore(deps): bump the common group across 1 directory with 4 updates by @dependabot in #401

New Contributors

• @DmitriyLewen made their first contribution in #389

Full Changelog: v1.8.1...v1.9.0

v1.8.1

What's Changed

• fix(bundle): Correctly add compliance checks into the bundle by @simar7 in #376

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

• test: run integration tests across multiple Trivy versions by @nikpivkin in #343
• refactor(repo): Simplify structure by @simar7 in #308
• chore: use examples field by @nikpivkin in #351
• chore: update aws apigateway, anthena, cloudfront, cloudtrail examples by @nikpivkin in #356
• refactor: specify metadata in annotations instead of rule in KSV107 by @nikpivkin in #355
• refactor(deps): Use OPA v1 by @simar7 in #358
• feat(aws): Add check for malicious AMI detection by @simar7 in #352
• fix: not to check DB instances in AVD-AWS-0022 by @nikpivkin in #360
• feat: support Policy-Min-TLS-1-2-PFS-2023-10 in AVD-AWS-0126 by @nikpivkin in #367
• chore(deps): bump the common group across 1 directory with 2 updates by @dependabot in #361
• ci: bump Go to 1.24 by @nikpivkin in #363
• refactor: use OPA to retrieve checks metadata by @nikpivkin in #354
• refactor: simplify AVD-AWS-0038 by @nikpivkin in #364
• chore: update aws ec2, ecr, ecs, efs examples by @nikpivkin in #362
• feat(checks): Add checks for IngressNightmare by @simar7 in #374
• chore(deps): bump the common group with 2 updates by @dependabot in #370
• chore(deps): bump the go_modules group with 2 updates by @dependabot in #372
• chore(deps): bump the go_modules group with 2 updates by @dependabot in #375

Full Changelog: v1.7.1...v1.8.0

v1.7.1

What's Changed

• ci: grant permission to release workflow by @nikpivkin in #347

Full Changelog: v1.7.0...v1.7.1

v1.7.0

What's Changed

• lint: validate avd_id by @nikpivkin in #331
• chore: remove unused pkg by @nikpivkin in #335
• chore: Fix title on s3 acl check by @owenrumney in #334
• chore(deps): bump the common group with 2 updates by @dependabot in #333
• fix: avoid reference to input.metadata.namespace by @nikpivkin in #338
• docs: clean up documentation before generation by @nikpivkin in #337
• chore: fix metadata for AVD-KSV-0123 by @toVersus in #336
• fix: DS001 should not trigger for an empty image by @nikpivkin in #339
• fix(misconf): make protocol checks case-insensitive and convert numeric protocols to strings by @nikpivkin in #345
• chore(deps): bump github.com/owenrumney/squealer from 1.2.10 to 1.2.11 in the common group by @dependabot in #340
• chore(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5 in the go_modules group by @dependabot in #341
• refactor: move k8s cloud checks to checks/cloud by @nikpivkin in #344
• refactor: move builtin functions to internal package by @nikpivkin in #346
• ci: add nightly release workflow for automated builds by @nikpivkin in #342

New Contributors

• @owenrumney made their first contribution in #334
• @toVersus made their first contribution in #336

Full Changelog: v1.6.1...v1.7.0

v1.6.1

What's Changed

• lint: require input field of Rego metadata by @nikpivkin in #330

Full Changelog: v1.6.0...v1.6.1