Releases: Checkmarx/kics
Releases · Checkmarx/kics
v2.1.13
What's Changed
- fix(query): fixed false positive for website with client certificate auth disabled and azure app service client certificate disabled by @cx-ricardo-jesus in #7537
- fix(apkmissing): add alpine image build and dockerfile related file by @cx-artur-ribeiro in #7581
- fix(query): fix fp for s3_bucket_access_to_any_principal by @cx-andre-pereira in #7564
- fix(query): fix fp in password and secrets Generic Token by @cx-andre-pereira in #7555
- fix(query): added one extra verification on the ECS Cluster Not Encrypted At Rest query by @cx-ricardo-jesus in #7563
- fix(unmarshaller): panic while unmarshalling yaml foot comments edge cases by @cx-eduardo-semanas in #7613
- fix(query): fp for security_groups_not_used - terraform/aws by @cx-andre-pereira in #7566
- fix(query): added one more allow rule on Generic Password query to allow passwords retrieved from ARM parameters by @cx-ricardo-jesus in #7569
- fix(query): fn for SQL Server Database Without Auditing - ARM by @cx-andre-pereira in #7590
- fix(query): fn for Cloudformation queries - complete boolean logic update by @cx-andre-pereira in #7585
- fix(query): small fixes on the query "Azure App Service Client Certificate Disabled" for Terraform by @cx-ricardo-jesus in #7634
- fix(query): fixed cases not supported on "ecs cluster not encrypted at rest query" query by @cx-ricardo-jesus in #7638
- fix(ubi): update ubi dockerfile go version to 1.24.6 by @cx-artur-ribeiro in #7639
- docs(queries): update queries catalog by @kicsbot in #7605
- docs(kicsbot): preparing for release 2.1.13 by @kicsbot in #7643
New Contributors
- @cx-ricardo-jesus made their first contribution in #7537
Full Changelog: v2.1.12...v2.1.13
Contributors
kicsbot, cx-eduardo-semanas, and 3 other contributors
Assets 3
v2.1.12
What's Changed
- ci(deps): bump the all group across 1 directory with 7 updates by @dependabot[bot] in #7505
- build(deps): bump helm.sh/helm/v3 from 3.18.2 to 3.18.4 by @dependabot[bot] in #7528
- fix(parser): add type assertion verification to certificate elements process by @cx-artur-ribeiro in #7526
- fix(dockerfile): update debian dockerfile image with stable-slim version by @cx-artur-ribeiro in #7540
- fix(query): fix fn for s3_bucket_without_restriction_of_public_bucket by @cx-romeu-silva in #7506
- fix(query): fix fp for web app not using tls last version by @cx-andre-pereira in #7556
- fix(query): fix fp for api_gateway_method_does_not_contains_an_api_key by @cx-andre-pereira in #7557
- fix(symlink): add return statements for early exit in checkSymLink by @cx-artur-ribeiro in #7532
- fix(query): fix fp for image_version_not_explicit by @cx-andre-pereira in #7561
- fix(query): fix fn for cloudTrail_multi_region_disabled by @cx-andre-pereira in #7558
- fix(query): fix fn for ssh_is_exposed_to_the_internet and rdp_is_exposed_to_the_internet by @cx-andre-pereira in #7560
- fix(query): fix fp for s3_bucket_logging_disabled by @cx-andre-pereira in #7559
- fix(progressbar): fix flaky TestCounter_Start unit test by @cx-artur-ribeiro in #7573
- fix(vulnerabilities): update go version to fix grype vulnerabilities by @cx-artur-ribeiro in #7589
- docs(queries): update queries catalog by @kicsbot in #7553
- docs(kicsbot): preparing for release 2.1.12 by @kicsbot in #7593
New Contributors
- @cx-andre-pereira made their first contribution in #7556
Full Changelog: v2.1.11...v2.1.12
Contributors
dependabot, kicsbot, and 3 other contributors
Assets 3
v2.1.11
What's Changed
- docs(kicsbot): preparing for release 2.1.10 by @kicsbot in #7486
- update(deps): fix vulnerabilities and upgrade to GOv1.24.4 by @cx-rui-araujo in #7493
- fix(query): fix fp for missing_flag_from_dnf_install by @cx-romeu-silva in #7497
- fix(query): support deprecated enable_https_traffic_only and https_traffic_only_enabled fields by @cx-artur-ribeiro in #7461
- docs(platforms): add documentation to Analyzer Blacklist for Unsupported File Types by @cx-artur-ribeiro in #7509
- fix(query): improving Volume Mount With OS Directory Write Permissions k8s query by @cx-artur-ribeiro in #7508
- fix(query): fix fp for ecs_cluster_not_encrypted_at_rest by @cx-romeu-silva in #7510
- fix(query): fix fn in password and secrets Dockerfile ENV variable cases by @cx-eduardo-semanas in #7503
- fix(query): fix fp for mssql_server_auditing_disabled by @cx-romeu-silva in #7492
- fix(query): fix fp for iam_group_without_users by @cx-romeu-silva in #7502
- fix(query): fix fn for iam_policy_grants_full_permissions by @cx-romeu-silva in #7500
- fix(query): fix fp in password and secrets Generic Passwords by @cx-romeu-silva in #7512
- fix(query): fix fp in password and secrets Generic Private Key by @cx-romeu-silva in #7514
- docs(queries): update queries catalog by @kicsbot in #7507
- docs(kicsbot): preparing for release 2.1.11 by @kicsbot in #7520
New Contributors
- @cx-romeu-silva made their first contribution in #7497
Full Changelog: v2.1.10...v2.1.11
Contributors
kicsbot, cx-eduardo-semanas, and 3 other contributors
Assets 3
v2.1.10
What's Changed
- fix(engine): fix line counter for JSON Minified files by @cx-rui-araujo in #7473
- fix(analyzer): exclude azure-pipelines-vscode schema JSON file by @cx-rui-araujo in #7482
- update(deps): update helm to v3.18.2 and buildkit to v0.22.0 by @cx-rui-araujo in #7484
Full Changelog: v2.1.9...v2.1.10
Contributors
cx-rui-araujo
Assets 3
v2.1.9
What's Changed
- fix(perms): revert permissions change to fix results export error by @cx-artur-ribeiro in #7477
- fix(perms): revert file permission changes on reports by @cx-artur-ribeiro in #7479
- feat(analyzer): add a blacklist to the Analyzer to exclude FHIR files by @cx-artur-ribeiro in #7470
- fix(query): fix fn for S3_Bucket_Allows_Public_Policy query by @cx-artur-ribeiro in #7456
- docs(queries): update queries catalog by @kicsbot in #7480
- docs(kicsbot): preparing for release 2.1.9 by @kicsbot in #7481
Full Changelog: v2.1.8...v2.1.9
Contributors
kicsbot and cx-artur-ribeiro
Assets 3
v2.1.8
What's Changed
- ci(deps): bump the all group across 1 directory with 2 updates by @dependabot in #7446
- fix(queries): support all valid CloudWatch Logs retention periods by @jamesbascle in #7450
- ci(deps): bump the all group across 1 directory with 2 updates by @dependabot in #7453
- docs(queries): update universal JSON creation to docker command by @dmeiser in #7454
- update(deps): update OPA package to version 1.4.2 by @cx-rui-araujo in #7460
- fix(query): fn for s3_bucket_allows_delete_action_from_all_principals query by @cx-artur-ribeiro in #7455
- ci(deps): bump securego/gosec from 2.22.3 to 2.22.4 in the all group by @dependabot in #7463
- feat(resolver): kubernetes circular dependency is causing resource exhaustion by @cx-miguel-silva in #7421
- fix(lint): update lint version by @cx-artur-ribeiro in #7445
- docs(queries): update queries catalog by @kicsbot in #7462
- docs(kicsbot): preparing for release 2.1.8 by @kicsbot in #7471
New Contributors
- @jamesbascle made their first contribution in #7450
- @dmeiser made their first contribution in #7454
As part of PR #7423, we significantly optimized the OpenAPI payload generation by resolving a direct circular dependency that previously caused excessive and redundant schema expansion (due to direct references between openAPI files).
This fix has substantially reduced the size of OpenAPI payloads (.yaml or .json files), which in turn may have decreased the number of results produced by KICS OpenAPI queries.
Full Changelog: v2.1.7...v2.1.8
Contributors
dmeiser, jamesbascle, and 5 other contributors
Assets 3
v2.1.7
What's Changed
- update(dependabot): add groups to dependabot.yml github action by @cx-artur-ribeiro in #7344
- fix(query): fix FP in openAPI Invalid Media Type Value query by @cx-artur-ribeiro in #7350
- fix(documentation): update descriptionText metadata field for invalid media type openAPI query by @cx-artur-ribeiro in #7361
- docs(queries): add missing platforms to KICS docs website sidebar by @cx-artur-ribeiro in #7376
- ci(deps): bump the all group across 1 directory with 17 updates by @dependabot in #7373
- update(query): change amazonaws.cn links to aws.amazon.com by @connorg in #7288
- fix(password): fix Password and Secrets FP results by @cx-artur-ribeiro in #7353
- update(deps): update docker images to latest versions by @cx-rui-araujo in #7401
- fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile by @smtan-gl in #7397
- docs(queries): update queries catalog by @kicsbot in #7356
- docs(kicsbot): preparing for release 2.1.6 by @kicsbot in #7402
- docs(ansible): remove outdated Ansible limitation and update copyright year by @cx-monica-casanova in #7409
- fix(engine): direct circular dependency is causing resource exhaustion by @cx-miguel-silva in #7423
- docs(typo): fix creating queries documentation page by @cx-artur-ribeiro in #7420
- build(deps): bump the all group across 1 directory with 28 updates by @dependabot in #7413
- ci(deps): bump the all group across 1 directory with 10 updates by @dependabot in #7427
- build(deps): bump the all group with 4 updates by @dependabot in #7426
- ci(deps): bump github/codeql-action from 362ef4ce205154842cd1d34794abd82bb8f12cd5 to d26c46acea4065b13fc57703621e0a7c8b9e836b in the all group by @dependabot in #7430
- build(deps): bump the all group with 3 updates by @dependabot in #7432
- feat(terraform): support nested HCL identifier parsing by grouping variable paths and preserving relative subpaths by @cx-artur-ribeiro in #7428
- docs(queries): update queries catalog by @kicsbot in #7440
- docs(kicsbot): preparing for release 2.1.7 by @kicsbot in #7444
New Contributors
Full Changelog: 2.1.5...v2.1.7
Contributors
connorg, dependabot, and 6 other contributors
Assets 3
v2.1.6
v2.1.6
This tag was signed with the committer’s verified signature.
What's Changed
- update(dependabot): add groups to dependabot.yml github action by @ArturRibeiro-CX in #7344
- fix(query): fix FP in openAPI Invalid Media Type Value query by @ArturRibeiro-CX in #7350
- fix(documentation): update descriptionText metadata field for invalid media type openAPI query by @ArturRibeiro-CX in #7361
- docs(queries): add missing platforms to KICS docs website sidebar by @ArturRibeiro-CX in #7376
- ci(deps): bump the all group across 1 directory with 17 updates by @dependabot in #7373
- update(query): change amazonaws.cn links to aws.amazon.com by @connorg in #7288
- fix(password): fix Password and Secrets FP results by @ArturRibeiro-CX in #7353
- update(deps): update docker images to latest versions by @cx-ruiaraujo in #7401
- fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile by @smtan-gl in #7397
- docs(queries): update queries catalog by @kicsbot in #7356
- docs(kicsbot): preparing for release 2.1.6 by @kicsbot in #7402
New Contributors
Full Changelog: 2.1.5...v2.1.6
Contributors
connorg, dependabot, and 4 other contributors
Assets 3
v2.1.5
What's Changed
- update(dockerfile): revert KICS user change from 65532 back to root by @cx-ruiaraujo in #7322
- update(deps): bump path-to-regexp and express in /.github/scripts/server-mock by @dependabot in #7324
- fix(query): correct keyActualValue and keyExpectedValue for maxItems validation by @ArturRibeiro-CX in #7328
- fix(query): openapi maximum_length_undefined query enum and format sanitizers by @EduardoSemanas in #7327
- fix(query): openapi pattern undefined fp enum and format sanitizers by @EduardoSemanas in #7323
- docs(queries): update queries catalog by @kicsbot in #7329
- docs(kicsbot): preparing for release 2.1.5 by @kicsbot in #7332
Full Changelog: v2.1.4...v2.1.5
Contributors
dependabot, kicsbot, and 3 other contributors
Assets 3
docs(kicsbot): preparing for release 2.1.5 (#7332)
* docs(kicsbot): preparing for release 2.1.5 * bumps kics version --------- Co-authored-by: cx-monicac <109349080+cx-monicac@users.noreply.github.com> Co-authored-by: cx-monicac <monica.casanova@checkmarx.com>