Releases: Checkmarx/kics
v2.0.1
🐛 Bug fixes
fix(githubactions): github actions relative path detected as not pinned by @cw-alexcroteau in #6958
fix(query): removed redundant import by @frasan15 in #7027
fix(query): fix typos in #7017
fix(query): fix typo on storage blob service container query description in #7024
fix(dockerfile): remove user root and add platform in #7031
fix(query): fix query Bind Address Not Properly Set in #7034
fix(query): fixed network access too permissive query and tests in #7033
fix(query): fix rwd arm query in #7037
📦 Dependency updates bumps
update(dependency): upgrade go-getter to v1.7.4 in #7016
ci(deps): bump chainguard/git from f8fd9ab to f20defb in #7015
👻 Maintenance
update(ghaction): using kics gh action new version in #7013
feat(githubactions): adding govulncheck and grype in #7001
docs(queries): update queries catalog in #7021
docs(queries): update queries catalog in #7036
New Contributors
@cw-alexcroteau made their first contribution in #6958
@frasan15 made their first contribution in #7027
Contributors
Assets 3
v2.0.0
Kindly check here the v2.0.0 added features, breaking changes and deprecated queries.
🚀 New features and improvements
feat(kics): critical severity added into KICS in #6966
feat(engine): add new severity metadata field support in #6893
feat(critical): add critical severity to KICS CLI in #6857
feat(critical): add critical severity to all report formats in #6866
feat(warning): updated warnings for line detection failure in #6906
feat(kics): add cloudProvider to request queries in #6939
feat(kics): change all tests and appearances of new severity to old severity in #6959
feat(engine): improve the possible dockerfile detection in #6981
🐛 Bug fixes
fix(query): sensitive_port_is_exposed_to_entire_network by @Tohar-orca in #6916
fix(query): clarify description for openapi exposed api keys by @Tohar-orca in #6993
fix(openapi): functions must not produce multiple output for same inputs in #6901
fix(kics): support v1.5 of cyclone dx report format in #6928
fix(workflow): remove parallel scan from race test using tag in #6933
fix(action): update coverage action in #6940
fix(engine): fixing compare e2e in #6919
fix(community): common/password_and_secrets new allow rule added to permit the ansible playbook update_password field in #6938
fix(query): fix query detecting issues with schemas of type different to object in #6676
fix(query): add 2xx as possible response code in #6681
fix(terraform): api gateway access logging disabled terraform query updated to mimic cloudformation behaviour in #6910
fix(query): improve query to detect results with tuple in #6952
fix(query): deprecate query Container Requests Not Equal To It's Limits in #6890
fix(query): improve queries Container Memory Requests Not Equal To It's Limits and Container CPU Requests Not Equal To It's Limits in #6889
fix(docs): fix capitalization and docs template in #6947
fix(query): improve query platform_flag_with_from in #6955
fix(docs): typo in Google Cloud Storage acronym by @brucearctor in #6962
fix(dependencies): removing deprecated dockerfiles in #6972
fix(queries): removing deprecated queries in #6974
fix(query): tokens at NPM Install Command Without Pinned Version in #6639
fix(tests): severity check tests in #6975
fix(folders): unused folder removed in #6978
fix(kics): change order of split ; should come before && in dockerfile in #6951
fix(docswebsite): fix invalid query page urls and add critical severity in #6983
fix(docswebsite): fix sorting and invalid chars in #6989
fix(parser): easyjson replaced by enconding json in #6990
fix(queries): queries categories updated in #6994
fix(kics): fix max file size using directories in check KICS-0000 in #6967
fix(dependencies): dependencies upgrade in #6977
fix(docs): fix results documentation in #7005
📦 Dependency updates bumps
update(go): updating go to 1.22.1 and updating to chainguard images by @fjsnogueira in #6969
build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in #6949
build(deps): github.com/docker/docker v24.0.9+incompatible in #6968
ci(deps): bump chainguard/git from 1b0095b to f8fd9ab in #7003
ci(deps): bump chainguard/go from bc4b9e9 to a06a462 in #7002
👻 Maintenance
revert(terraformer): remove terraformer in #6937
update(debian): install jq on debian by @ncook-hxgn in #6998
update(coverage): go coverage metrics update by @cx-andrep in #6964
update(queries): queries severity updates in #6984
update(query): s3 bucket without enabled mfa delete query severity update in #6945
feat(kics): automatic kics-queries-repo tag change (KICS-1337) in #6911
update(docs): documentation cleanup + links fix in #6918
update(uts): kics scan coverage improved in #6923
update(uts): kics unit tests ramp in #6929
update(query): s3 bucket sse bucket disabled queries deprecated in #6932
update(coverage): go coverage metrics update in #6943
docs(community): add blog post by Firefly in #6946
update(query): description update to better address the intention of the query in #6941
update(docs): docs and workflows maintenance in #6920
update(workflow): kics github action version 2.0 upgrade in #6976
docs(queries): update queries catalog in #6942
docs(queries): update queries catalog in #6988
docs(queries): update queries catalog in #6991
docs(queries): update queries catalog in #6996
docs(queries): update queries catalog in #6999
update(docs): update dockerfiles docs in #7008
update(docs): v2.0.0 docs update in #7009
New Contributors
@brucearctor made their first contribution in #6962
@cx-andrep made their first contribution in #6964
@fjsnogueira made their first contribution in #6969
@ncook-hxgn made their first contribution in #6998
Contributors
Assets 3
v1.7.13
🚀 New features and improvements
feat(scanner): parallel scanning by @liorj-orca in #6833
feat(nifcloud): add terraform nifcloud queries by @tunakyonn in #6897
feat(tencentcloud): add cbs disk without encrypted for tencentcloud by @hellertang in #6904
feat(query): added CWE infos to common and dockerfile queries #6373 by @Jeeppler in #6839
feat(engine): ignore terraform cache folders by @dim-ops in #6240
feat(cli): lead with similarity id question in #6840
feat(results): update cyclonedx reports to support v1.5 in #6841
feat(engine): improve similarity id in #6851
feat(engine): add a timeout to decode results in #6846
feat(tests): add new test workflows in #6861
feat(cwe): add cwe into sarif report and KICS CLI results in #6845
feat(query): cloudformation DynamoDB Table Not Encrypted in #6619
feat(cli): control the information in #6854
feat(query): docker compose Shared Volumes Between Containers in #6714
feat(query): cloudformation ECS Cluster with Container Insights Disabled in #6673
feat(query): crossplane ECS Cluster with Container Insights Disabled in #6675
feat(query): pulumi ECS Cluster with Container Insights Disabled in #6678
feat(cwe): adding CWE results into all reports in #6876
feat(query): cloud formation api gateway access logging disabled in #6863
🐛 Bug fixes
fix(query): lambda_iam_invokefunction_misconfigured by @Tohar-orca in #6822
fix(test): sort paths related to the e2e in #6848
fix(engine): improve ansible detection in #6880
fix(query): unnecessary private information in #6716
fix(query): terraform descriptionURLs Changed in #6486
fix(query): fixed false positive when no pid namespace is defined in #6860
fix(query): docker compose deprecated network not set in #6715
fix(query): improve query Key Vault Not Recoverable in #6862
fix(query): terraform DynamoDB Table Point In Time Recovery Disabled in #6617
fix(query): pulumi DynamoDB Table Point In Time Recovery Disabled in #6624
fix(query): deprecated Memcached disabled query in #6642
fix(query): checkFollowedBy query refactor in #6545
fix(query): iam_access_analyzer_not_enabled skipping files in #6873
fix(query): cloudformation cloudFront_without_waf in #6641
fix(query): countLines, IgnoreLines and fileCommands in #6611
fix(flag): validating if output path is valid in #6877
fix(tests): uncommon testing in #6898
fix(dependencies): replace directive order update in #6903
fix(query): openapi Maximum Length Undefined in #6717
fix(analyzer): gitignore only being used to exclude files from the project itself in #6896
📦 Dependency updates bumps
build(deps): bump helm.sh/helm/v3 from 3.13.1 to 3.14.1 in #6884
update(buildkit): buildkit upgrade to v0.12.5 in #6912
build(deps): bump helm.sh/helm/v3 from 3.14.1 to 3.14.2 in #6900
👻 Maintenance
docs(guides): remove ZWSPs & align column separators by @katrinleinweber in #6852
update(docs): docs website upgrade in #6879
feat(docs): add community section in #6838
update(action): tj-actions/verify-changed-files version upgrade in #6842
docs(community): add Bedrock Streaming to users list in #6843
update(docs): update info how to scan zip files in #6855
update(readme): all rights reserved year updated in #6872
docs(queries): update queries catalog in #6856
docs(community): add Keptn Lifecycle Toolkit in #6894
update(repo): repo code cleaning removing unnecessary files in #6895
update(docs): results documentation update in #6885
update(docs): running kics documentation update in #6886
update(docs): add documentation for parallel flag in #6907
update(metadata): description texts are updated in #6908
update(docs): tencent cloud logo added in #6909
New Contributors
@katrinleinweber made their first contribution in #6852
@JulioSCX made their first contribution in #6860
@Jeeppler made their first contribution in #6839
@EduardoSemanas made their first contribution in #6898
@hellertang made their first contribution in #6904
Contributors
Assets 3
v1.7.12
🚀 New features and improvements
feat(engine): improve detection of Ansible host files in #6816
feat(databricks): init terraform databricks rules by @dim-ops in #6086
feat(nifcloud): add nifcloud engine support by @tunakyonn in #6314
feat(engine): resolve references between files as flag in #6789
feat(engine): improve experimental signal on the results and cli in #6798
feat(cli): add new flag --max-file-size to control the max file size by @tomk-orca in #6670
feat(kics): add platform field to sarif format by @Dstklr in #6809
🐛 Bug fixes
fix(parser): reduce complexity of initializeJSONLine by @leadpogrommer in #6807
fix(parser): tf function evaluation - uknown type by @liorj-orca in #6801
fix(deps): update go version version in debian image in #6794
fix(metrics): add buildah and cicd to queries count in #6830
fix(query): fix ssl reference in queryname for cloud sql by @bbbbbrie in #6818
fix(converter): improve check dynamic known types by @liorj-orca in #6815
📦 Dependency updates bumps
ci(deps): bump golang from 1.21.0-alpine to 1.21.5-alpine in #6823
update(deps): security improvements in #6810
👻 Maintenance
update(metadata): queries validator schema updated in #6803
update(action): go-ci-metrics.yaml master to v4 in #6834
update(metadata): cwe item added into queries metadata.json in #6829
docs(queries): update queries catalog in #6835
docs(queries): update queries catalog in #6804
update(docs): remove discord badge in #6817
update(docs): fix typo 'postitive' and update makefile in #6813
update(docs): nifcloud and opentofu logos added in #6808
update(readme): add information regarding beta features in #6805
New Contributors
@tunakyonn made their first contribution in #6314
@bbbbbrie made their first contribution in #6818
@leadpogrommer made their first contribution in #6807
@Dstklr made their first contribution in #6809
@ArturRibeiro-CX made their first contribution in #6830
Contributors
Assets 3
v1.7.11
🚀 New features and improvements
feat(engine): improve detection of Ansible files in #6773
feat(engine): experimental queries as feature flag in #6769
feat(kics): create a kics-queries-repo branch for all queries each release in #6788
feat(panic): add recover for query evaluation process by @liorj-orca in #6770
🐛 Bug fixes
fix(query): dockerfile image_version_not_explicit in #6713
fix(query): added new way of setting extended_auditing_policy in tf azure to the query in #6727
fix(package): fixed version packages in #6679
fix(deps): improve security in #6784
fix(workflow): update release-kics-queries-repo-branch.yaml in #6792
fix(query): iam_access_analyzer_not_enabled in #6553
fix(query): meaningful "Value" and "Expected Value" in multiple queries in #6780
fix(query): false positive detections in "api_key_exposed" function by @Tohar-orca in #6757
👻 Maintenance
docs(queries): fix typo in #6778
docs(queries): update queries catalog in #6775
Contributors
Assets 3
v1.7.10
🐛 Bug fixes
fix(docker): experimental-queries.json: no such file or directory in #6755
fix(query): terraform alb_is_not_integrated_with_waf in #6636
fix(query): dockerfile unpinned_package_version_in_pip_install in #6637
👻 Maintenance
docs(experimentalfeature): update docs for experimental queries by @asofsilva in #6748
New Contributors
@asofsilva made their first contribution in #6748
Contributors
Assets 3
v1.7.9
🚀 New features and improvements
feat(query): ansible config communication_over_http in #6627
feat(query): ansible config privilege_escalation_using_become_plugin in #6628
feat(query): ansible config logging_of_sensitive_data in #6697
feat(query): ansible playbooks privilege escalation using become plugin in #6695
feat(query): ansible playbooks Unpinned Package Version in #6693
feat(query): ansible playbooks Insecure Relative Path Resolution in #6705
feat(query): ansible playbooks Logging of Sensitive Data in #6700
feat(query): ansible playbooks risky file permissions in #6694
feat(engine): experimental features queries scan in #6614
feat(query): github workflows script injection query in #6744
feat(query): added cicd github query unsecured commands in #6720
feat(query): github workflows run injection query in #6742
🐛 Bug fixes
fix(security): critical CVEs in terraform and terraform-provider-azurerm by @jeremypetit-grtgaz in #6701
👻 Maintenance
docs(guides): changed code-ql action to v2 due to v1 depecration by @LuisVentuzelos in #6750
docs(queries): update queries catalog in #6732
update(doc): adding aws cdk integration in #6740
New Contributors
@jeremypetit-grtgaz made their first contribution in #6701
@LuisVentuzelos made their first contribution in #6750
Contributors
Assets 3
v1.7.8
🚀 New features and improvements
feat(engine): added github workflows scan in #6664
feat(query): unpinned actions full length commit sha in #6698
feat(query): ansible hosts ansible tower exposed to internet in #6691
feat(query): ansible config allow unsafe lookups in #6626
feat(query): ansible playbooks communication over http in #6687
feat(panic): add panic handler to terraform parser by @liorj-orca in #6726
🐛 Bug fixes
fix(workflows): fixed action's pin in #6689
fix(query): ca certificate identifier is outdated tf aws in #6683
fix(engine): added condition to check if gitignore is not empty to fix unit tests in #6706
fix(query): dockercompose Host Namespace is Shared in #6719
fix(test): e2e name in #6685
📦 Dependency updates bumps
ci(deps): bump golang from 1.20.7-alpine to 1.21.0-alpine in #6623
👻 Maintenance
update(docs): adding github icon into readme and docs website in #6722
update(comments): comments related to files extensions updated in #6696
docs(queries): update queries catalog in #6699
Contributors
Assets 3
v1.7.7
🚀 New features and improvements
feat(panic): add panic handler to possible panic places in #6527
🐛 Bug fixes
fix(query): query search_key now contains correct value of resource in #6655
fix(workflow): skip apache license workflow if user is a bot in #6657
fix(parser): added condition in convertExpression in #6635
fix(engine): skip broken symlink/eloop by @liorj-orca in #6665
fix(parser): support nameless tf resources by @liorj-orca in #6510
fix(query): support GCP IAM policy members as lists by @Tohar-orca in #6548
👻 Maintenance
update(doc): kics github action version update in #6667
docs(queries): update queries catalog in #6662
Contributors
Assets 3
v1.7.6
🚀 New features and improvements
feat(query): docdb logging is disabled for pulumi in #6556
feat(query): docdb logging is disabled for crossplane in #6557
feat(query): docdb logging is disabled for cloudformation in #6555
feat(parser): ansible inventory in #6516
feat(query): amazon rds db instance publicly accessible query for pulumi in #6562
feat(query): rds DB Instance Publicly Accessible for Crossplane in #6615
feat(parser): ansible configuration support in #6595
feat(engine): add kics analyze command in #6582
feat(workflow): github workflow to check for apache license in #6606
feat(workflow): new github workflow that checks the PR's Go coverage in #6656
🐛 Bug fixes
fix(query): db instance publicly accessible ansible query refactor in #6558
fix(query): amazon db instance publicly accessible for terraform query refactor in #6560
fix(query): alicloud rds instance address publicly accessible terraform query refactor in #6559
fix(query): amazon rds db instance publicly accessible query refactor in #6561
fix(workflow): fix Pwn Request Vulnerability by @AdnaneKhan in #6638
fix(query): fixed terraform azure query where min_tls_version was not accepting string in #6622
fix(workflows): fixed community label being added to bots prs and pr titles in other workflows in #6597
fix(coverage): add test for analyze command in #6654
fix(test): kics go coverage in #6658
📦 Dependency updates bumps
build(deps): bump github.com/emicklei/proto from 1.11.1 to 1.11.2 in #6380
build(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 in #6502
ci(deps): bump lots0logs/gh-action-get-changed-files from 2.1.4 to 2.2.2 in #6406
build(deps): bump github.com/hashicorp/terraform-json from 0.15.0 to 0.16.0 in #6279
ci(deps): bump golang from 1.20.6-alpine to 1.20.7-alpine in #6588
👻 Maintenance
docs(main): add discord invite to readme by @baruchiro in #6570
docs(queries): update queries catalog in #6612
New Contributors
- @baruchiro made their first contribution in #6570
- @AdnaneKhan made their first contribution in #6638
