v1.18.3 (2023-08-03)
Merged pull requests:
v1.18.2 (2023-07-26)
Merged pull requests:
- fix openssl-libcrypto1.1@1.1.1u-r1 library vulnerability #1592 (nitumore)
- Increased timeout for webhook test #1591 (nitumore)
- only high vulns detected by docker scan fixed #1588 (nitumore)
- remove k8s admission log UI #1556 (nasir-rabbani)
- Spelling #1496 (jsoref)
v1.18.1 (2023-04-13)
Merged pull requests:
- bugfix: provider version coming as 0.0.0 or empty #1553 (nasir-rabbani)
- Bump github.com/docker/docker from 20.10.21+incompatible to 20.10.24+incompatible #1552 (dependabot[bot])
- deprecate k8s admission log UI (Snyk test) #1550 (mandibles232)
- added sonar-properties file to skip tests from sonar analysis #1544 (nasir-rabbani)
v1.18.0 (2023-02-06)
Closed issues:
- AC_DOCKER_0041 Issues #1522
- accurics.gcp.IAM.145 triggers for GitHub repos #1295
- imageVersionnotusinglatest and AC_DOCKER_0041 Issue #1099
- Inconsistent notation for severity in output (sometimes uppercase, sometimes not) #955
Merged pull requests:
- Bump github.com/aws/aws-sdk-go from 1.43.16 to 1.44.193 #1534 (dependabot[bot])
- Bump google.golang.org/api from 0.103.0 to 0.109.0 #1530 (dependabot[bot])
- Fix description and version rule #1523 (kylewintaur)
- APE-11967 : error due to new attribute in terraform cause all other working module and resources to be ignored #1517 (nitumore)
- Consolidate spelling of severity levels to all uppercase LOW/MEDIUM/HIGH #1516 (hoexter)
- Remove wrongly placed github_repository policy from gcp folder #1515 (hoexter)
- APE-8064 - Support one or more values.yaml file as an input to helm scan #1501 (nitumore)
v1.17.1 (2022-12-16)
Merged pull requests:
- [fix] Resolve Vulnerable packages #1486 (rahulchheda)
- added tar.gz archive for windows #1474 (nasir-rabbani)
- Update opa and cobra version #1472 (nasir-rabbani)
- ignored matching provider version in tests #1470 (nasir-rabbani)
- added terraform and provider version in resource config #1469 (nasir-rabbani)
- Bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.2 #1298 (dependabot[bot])
v1.17.0 (2022-11-17)
Implemented enhancements:
- refs resolution #1445 (gaurav-gogia)
- bump goformation from v6 to v7 #1440 (gaurav-gogia)
- update cft map for elb and s3 bucket #1434 (gaurav-gogia)
- Include DirScanErrors info in SARIF file #1398 (shaopeng-gh)
Merged pull requests:
- fix remote source url #1437 (Rchanger)
- Update object.get first parameter #1433 (Matt2212)
- Update/release command #1430 (gaurav-gogia)
- updated terrascan version in deployment scripts #1429 (nasir-rabbani)
v1.16.0 (2022-10-19)
Implemented enhancements:
- JSON Output has Logs for Standard Error #1378
- Malformed output after a parsing error #1326
- update rds instance cft map #1422 (gaurav-gogia)
- update libraries #1385 (gaurav-gogia)
Closed issues:
- installation error #1403
- Calling attention to your documentation... #1384
- Docs don't mention pre-requirements #1345
- resource ID has an invalid format Dockerfile #1344
- Error message scanning IaC Types #1259
- False positive with AWS provider >=4.x style bucket resources #1219
Merged pull requests:
- Update RDS Policies #1424 (gaurav-gogia)
- Add Terrascan Sandbox link to README #1409 (khasty720)
- allow host policy update #1400 (DEVANSHUSHARMA1)
- Policy IDs update #1396 (gaurav-gogia)
- vuln tests #1394 (gaurav-gogia)
- Mention pre-requirements in the README #1375 (VeraBE)
- fixed typo of the function name #1373 (Antsaniaina)
- Add github-actions to dependabot #1365 (gliptak)
- adding PITR attribute mapping config for dyanmodb #1340 (harkirat22)
- container funcs to return dev friendly warnings #1319 (gaurav-gogia)
- [Snyk] Security upgrade alpine from 3.15.4 to 3.16 #1315 (bkizer-tenable)
- Add iac providers endpoint #1307 (khasty720)
- updated policy for kubernetes #1288 (harkirat22)
- Update README.md #1265 (sangam14)
v1.15.2 (2022-06-13)
Closed issues:
- Export Windows files in release using zip extension #1280
Merged pull requests:
- Adding CFT support for new resources #1293 (shreyas-phansalkar-189)
- fixes: panic in case of zap logger init on windows os #1283 (Rchanger)
v1.15.2 (2022-06-13)
Closed issues:
- Export Windows files in release using zip extension #1280
Merged pull requests:
v1.15.1 (2022-05-20)
Merged pull requests:
- Support reading .terraformrc file from env var #1264 (Rchanger)
- CFT lambda conversion nil pointer check to avoid panic #1260 (Rchanger)
- Fix descriptions to install terrascan #1254 (yu-iskw)
- Rebranding repository to Tenable brand #1253 (cesar-rodriguez)
- Rebranding to Tenable #1246 (cesar-rodriguez)
- Update README.md #1245 (sangam14)
- fix: remove master ref check from release docker push job #1244 (Rchanger)
v1.15.0 (2022-05-10)
Fixed bugs:
- Issue with Terrascan and CloudFormation #1235
Closed issues:
- Terrascan 1.13.2 version uses go 1.16.14 version which has High vulnerability. When can we expect the release with go version 1.17? #1190
Merged pull requests:
- Update Docker #1242 (cesar-rodriguez)
- Update mkdocs-material to 8.2.14 #1240 (pyup-bot)
- Fix panic while scanning cloudformation templates #1238 (patilpankaj212)
- Bump alpine from 3.14.6 to 3.15.4 in /build #1237 (dependabot[bot])
- Removing workflow file #1236 (bkizer-tenable)
- Bump github.com/hashicorp/go-getter from 1.5.7 to 1.5.11 #1233 (dependabot[bot])
- file out writer implementation #1229 (nasir-rabbani)
- mark ecr e2e test pending #1224 (Rchanger)
- Add dep scan #1223 (bkizer-tenable)
- Update alpine version #1222 (bkizer-tenable)
- support for new flag to define custom temp directory #1217 (Rchanger)
- Use Docker buildx for multi-platform support #1062 (rnsc)
v1.14.0 (2022-04-01)
Implemented enhancements:
- [Feature]Option to provide temp directory path for download #1214 (Rchanger)
- Feature/endpoint policy download #1200 (gaurav-gogia)
- Feature/best effort cft file load #1168 (gaurav-gogia)
Fixed bugs:
- update lambda function mapper #1199 (gaurav-gogia)
- remove undefined template variable #1179 (gaurav-gogia)
Closed issues:
- Terrascan creates ~/.terrascan even though policy directory is supplied #1209
- Terrascan 1.13.2 version uses go 1.16.14 which has High vulnerability. When is the release with go 1.17 version expected? #1183
- Blocks of type "moved" not supported #1182
- Intermittent error running terrascan - rego_parse_error: unexpected assign token: non-terminated set #1180
- cli/run.go:110 scan run failed{error 26 0 failed to initialize OPA policy engine} #1178
- Can't parse Terraform variable field:
nullable
#1176 - AC_AWS_0214 not backward compatible #1172
- azurerm_key_vault_secret error not in line with tests #1163
- Support AWS Terraform provider v4 for S3 buckets #1162
Merged pull requests:
- terraform iac provider should proceed with static analysis when rootMod is not
nil
#1211 (patilpankaj212) - skip policy download if -p flag used #1210 (Rchanger)
- Update README.md #1206 (sangam14)
- Update mkdocs to 1.3.0 #1203 (pyup-bot)
- remove source_code_hash mapping #1197 (patilpankaj212)
- Adds: dir scan errors in human readable output format #1196 (Rchanger)
- Update mkdocs-material to 8.2.6 #1195 (pyup-bot)
- add CODEOWNERS for terrascan #1194 (patilpankaj212)
- Adds: git in container which is required for go build #1193 (Rchanger)
- typo: Change "desitnation" to "destination". #1192 (adyavanapalli)
- Add security policy #1189 (bkizer-tenable)
- skip vuln test for dependabot #1185 (Rchanger)
- Perform: go mod tidy #1184 (Rchanger)
- updating s3 bucket policies for v4 aws provider #1175 (harkirat22)
- Add backward compatible implementation of AC_AWS_0214 #1173 (HorizonNet)
- fix: reworded error to explain tests performed #1164 (beararmy)
- Bump go 1.17 #1026 (Rchanger)
v1.13.2 (2022-02-22)
Implemented enhancements:
- Feature/s3 policy update #1153 (gaurav-gogia)
Fixed bugs:
- Bugfix/coginto pool #1159 (gaurav-gogia)
Closed issues:
- Is it possible to use terrascan in an offline environment #1154
- Support AWS provider version 4.0.0 #1152
- False positives and false negatives - AC_AWS_0215 / AWS.S3Bucket.DS.High.1043 #1139
- False positive: AWS.RDS.DataSecurity.High.0414 / AC_AWS_0058 #1135
- AC_GCP_0014 (dnsStateIsNotOn) false positive #1033
Merged pull requests:
- skip terrascan init for --config-with-error flag #1160 (nasir-rabbani)
- Bugfix/s3 user policy #1157 (gaurav-gogia)
- fix rds encryption check policy #1156 (gaurav-gogia)
- Update mkdocs-material to 8.2.1 #1155 (pyup-bot)
- Adds: missing release tag push step #1151 (Rchanger)
- Adding CFT scanning support for the resources: #1149 (shreyas-phansalkar-189)
v1.13.1 (2022-02-10)
Implemented enhancements:
- update cft mapper #1148 (gaurav-gogia)
- update cft mapper #1143 (gaurav-gogia)
- Feature/eks msk vpc version #1140 (gaurav-gogia)
- Feature/rds sage dms load emr msk #1133 (gaurav-gogia)
- Feature/ec2 cog lambda acm cft #1129 (gaurav-gogia)
- Updates CloudFormation mapper to support additional resources #1120 (gaurav-gogia)
Closed issues:
- Issue with skipped violations using CircleCI and JUnit output format #1122
Merged pull requests:
- Add Policy AC_GCP_0296 - Service Attachment with ACCEPT_AUTOMATIC #1147 (hoexter)
- fix panic in cft #1146 (patilpankaj212)
- Fixes failing docker IaC provider test #1145 (Rchanger)
- [Snyk] Security upgrade alpine from 3.12.0 to 3.14 #1144 (snyk-bot)
- Update mkdocs-material to 8.1.10 #1141 (pyup-bot)
- Fix typos in docs and release_checklist #1138 (myersg86)
- add rule id to docs #1136 (jrobison-sb)
- add ability to output normalized resource config with errors #1134 (nasir-rabbani)
- Update mkdocs-material to 8.1.9 #1132 (pyup-bot)
- Allow internal github repos to pass AC_GCP_0231 & AC_GITHUB_0002 #1131 (briankanya)
- Update mkdocs-material to 8.1.8 #1124 (pyup-bot)
- Prevent adding both skipped and failure elements #1123 (gchappel)
- Updated discord link in readme #1118 (sangam14)
- Adds: logger in case of flag parsing fails #1115 (Rchanger)
- Update README.md #1109 (sangam14)
- Fix gcp policy AC_GCP_0014 - dnsStateIsNotOn (#1033) #1107 (hoexter)
- Allow tfplan format version 0.2 #1074 (mtranter)
v1.13.0 (2022-01-05)
Closed issues:
Merged pull requests:
- Update mkdocs-material to 8.1.4 #1106 (pyup-bot)
- fix input CFT templates based on goformation structs #1105 (patilpankaj212)
- Update mkdocs-material to 8.1.3 #1101 (pyup-bot)
- Update mkdocs-material to 8.0.5 #1095 (pyup-bot)
- fix: update go mod to add missing dependencies #1094 (Rchanger)
- Update mkdocs-material to 8.0.3 #1092 (pyup-bot)
- fix: handles nil pointer while extracting container images #1076 (Rchanger)
- Update mkdocs-material to 7.3.6 #1075 (pyup-bot)
- updating policies to detect cve-2021-25742 #1071 (harkirat22)
- Fix Sarif file uri path invalid in Windows and update go-sarif to latest #1070 (shaopeng-gh)
- New k8s policy to detect CVE-2021-25742 #1069 (harkirat22)
- making change in imageVersionnotusinglatest.rego #1068 (shreyas-phansalkar-189)
v1.12.0 (2021-10-21)
Fixed bugs:
- A scan should NOT crash if the notification doesn't work as expected #1044
- Rotation period for KMS keys not correctly interpreted (GCP) #699
Closed issues:
- pre-commit hook reporting error with terrascan #1053
- Terrascan: Not working in a Repository referencing other repository #1030
- vulnerabilities found in accurics/terrascan_atlantis image #1029
Merged pull requests:
- Update mkdocs-material to 7.3.4 #1060 (pyup-bot)
- Add support for repo-url and branch name in CLI flags and scan output #1059 (nasir-rabbani)
- Update mkdocs to 1.2.3 #1058 (pyup-bot)
- Update mkdocs-material to 7.3.3 #1057 (pyup-bot)
- Add support for getting line numbers for all attributes #1055 (kanchwala-yusuf)
- Update atlantis base image #1054 (cesar-rodriguez)
- Fix notification webhook flow #1051 (nasir-rabbani)
- update container image version in helm and kustomize sources #1050 (dev-gaur)
- Accept notification webhook configs as CLI args #1042 (nasir-rabbani)
v1.11.0 (2021-10-07)
Implemented enhancements:
- How to ignore rules onto whole module included into HCL file #983
- Adds: support for harbor registry vulnerability fetching #1015 (Rchanger)
Fixed bugs:
- panic: value is null #1019
Closed issues:
- helm chart breaking due to invalid configfile name extension #1046
Merged pull requests:
- Fix #1046: helm chart breaking due to invalid configfile name extension #1047 (dev-gaur)
- fix permission issues in creating webhook mode logs file persistence #1045 (dev-gaur)
- Update mkdocs-material to 7.3.2 #1043 (pyup-bot)
- accepted 2xx in response code as success #1040 (nasir-rabbani)
- Optimized disk encryption check code on the azurerm_managed_disk resource #1037 (IrinaRaza)
- Update docs for AWS.LambdaFunction.Logging.Low.0472 policy #1027 (brandysnaps)
- fix: added null check before value conversion to avoid panic #1020 (Rchanger)
- Update mkdocs-material to 7.2.6 #1012 (pyup-bot)
- Update README.md #1011 (enmanuelmoreira)
- Adds: e2e tests for vulnerability #1009 (Rchanger)
- Adds additional dockerfile policies #984 (rishidhamija)
v1.10.0 (2021-08-24)
Implemented enhancements:
- Add capability to extract references to container images in K8s ecosystem IaC #881
Fixed bugs:
- Terrascan does not exit with error code in pipeline or CLI #950
Closed issues:
- Links are Not formatted Properly in Contributor Doc #969
- Enabling dependabot or renovate for automatic dependency update #959
- AC_K8S_0131 triggers on a Namespace resource #957
- Integrity issue with Kustomize v4 support #956
- Add Support For ECR #927
- Add capability to extract references to container images in terraform #898
- Kustomize support says v3 but is actually v4 #891
Merged pull requests:
- Extract images from Dockerfiles #1002 (nasir-rabbani)
- Revert "update resource type to map[string]bool" #1001 (cesar-rodriguez)
- Upgrade helm.sh/helm/v3 to version 3.6.1 #1000 (patilpankaj212)
- Bump github.com/pelletier/go-toml from 1.8.1 to 1.9.3 #999 (dependabot[bot])
- Adds additional policies for dockerfile #996 (pavniii)
- terrascan should exit with non zero exit code when scan error are present #994 (patilpankaj212)
- Bump github.com/hashicorp/go-getter from 1.5.2 to 1.5.7 #993 (dependabot[bot])
- update resource type to map[string]bool #992 (patilpankaj212)
- docs: fixes links in contributing documentation #990 (cesar-rodriguez)
- Initial support for image scanning #989 (Rchanger)
- added binary based support for kustomize v2 and v3 #988 (nasir-rabbani)
- Docs: adds brew instructions to release checklist #987 (cesar-rodriguez)
- Update mkdocs-material to 7.2.4 #985 (pyup-bot)
- modify wait logic for service account creation in e2e validating webhook test #979 (patilpankaj212)
- Update mkdocs-material to 7.2.3 #978 (pyup-bot)
- Bump github.com/hashicorp/hcl/v2 from 2.10.0 to 2.10.1 #972 (dependabot[bot])
- Bump github.com/spf13/afero from 1.5.1 to 1.6.0 #970 (dependabot[bot])
- Adds: e2e test for docker IaC provider #968 (Rchanger)
- Fix dependency issue that caused dependabot to fail #966 (patilpankaj212)
- fix(policies): removing false-positive for K8s namespaces #961 (danmx)
- Extract Docker images from Terraform templates #937 (dev-gaur)
- Fixes supported Kustomize version (should be v4) #932 (dev-gaur)
- Extract Docker images from k8s YAML files #905 (dev-gaur)
v1.9.0 (2021-08-06)
Implemented enhancements:
- Dockerfile Support #798
- pre-commit hook #311
- Add support for CFT nested stacks #949
- Adds support for using Terraform modules cached locally #940
Fixed bugs:
- Helm chart scans use only 4 policies #946
Closed issues:
- Link to docks in README #944
- Ensure remote modules are downloaded only once #936
- Rule suppression for specific resources #868
Merged pull requests:
- Fixes k8s policy filtering #963 (patilpankaj212)
- Update mkdocs-material to 7.2.2 #954 (pyup-bot)
- Adds Terrascan pre-commit #953 (mihirhasan)
- Add support for CFT nested stacks #949 (sigmabaryon)
- fix - remote repo scan with config only option generates panic #948 (patilpankaj212)
- Update mkdocs-material to 7.2.1 #947 (pyup-bot)
- Update README.md #945 (sangam14)
- Update helm chart progress checklist #943 (dev-gaur)
- Adds support for using Terraform modules cached locally #940 (Rchanger)
- Update mkdocs-material to 7.2.0 #939 (pyup-bot)
- Dockerfile support #849 (Rchanger)
v1.8.1 (2021-07-22)
Closed issues:
- terrascan init should not be triggered if the user only wants to generate normalised json. #926
- No rules are processed in GitlabCI #925
- Scanning remote modules doesn't have same results as for scanning Terraform plan itself #923
- Module AWS.KMS.Logging.High.0400 seems to serve no purpose #917
- Secure ciphers are not used in CloudFront distribution #875
- Correct point in time recovery for DynamoDB still leads to violation #838
Merged pull requests:
- fix go mod files #941 (kanchwala-yusuf)
- Update mkdocs-material to 7.1.11 #938 (pyup-bot)
- Update mkdocs to 1.2.2 #935 (pyup-bot)
- K8s Policy to detect a service type Loadbalancer without a selector #931 (harkirat22)
- Fix #926: Do not initiate policy engine incase of --config-only flag #930 (dev-gaur)
- Update mkdocs-material to 7.1.10 #929 (pyup-bot)
- fix(sws/cloudfront): wrong check tls version #928 (frediana)
- fixes: broken doc links #921 (Rchanger)
- update getting started and Usage, fix links #920 (amirbenv)
- Update overview.md #919 (sangam14)
- Remove unnecessary KMS deletion window code #918 (matt-slalom)
- minor-doc-fix #916 (amirbenv)
- fix confusing error log message #914 (dev-gaur)
- add integrations overview and minor fixes #913 (amirbenv)
- Updating the dax cluster policy #909 (shreyas-phansalkar-189)
- add github-sarif writer for github suited sarif output #907 (dev-gaur)
- Add support for arm linked templates #903 (sigmabaryon)
- terraform 0.15 support #860 (dev-gaur)
v1.8.0 (2021-07-02)
Implemented enhancements:
- Add Support for new reference id field #786
Fixed bugs:
- Sarif output has wrong file path value for file scans #861
- 'k8s' key updated multiple times in policy package #439
Closed issues:
- Terrascan is failing in scan #887
- Refactor to Disable CGO #884
- Issue on Azure Pipelines: failed to initialize terrascan 1.7.0 #864
- Can't skip rules with underscore #856
- Recursive Loop Scanning Terraform #851
- Improve filenames in remote modules #841
- Issues running terrascan in azure pipelines #835
Merged pull requests:
- fix error messages reported from hcl diags #911 (kanchwala-yusuf)
- add in-file instrumentation segment #910 (amirbenv)
- Minor documentation fixes #908 (brandysnaps)
- Use CGO independent package for sqlite #906 (kanchwala-yusuf)
- GH action doc - fix code block #902 (amirbenv)
- Update cicd-fix code block.md #901 (amirbenv)
- fixes: recursive loop when parent and child module has same local block #900 (Rchanger)
- Update mkdocs-material to 7.1.9 #895 (pyup-bot)
- Updates documentation on Terrascan github action #894 (cesar-rodriguez)
- fix usage overview links.md #893 (amirbenv)
- Split usage docs #890 (amirbenv)
- add proper values via metadata #888 (gaurav-gogia)
- Update mkdocs to 1.2.1 #886 (pyup-bot)
- Update Integration Docs.md #885 (amirbenv)
- k8s policies refactor #879 (gaurav-gogia)
- mod azure policies to improve parity with siac #878 (gaurav-gogia)
- Fix authorization header for http request #877 (kanchwala-yusuf)
- Adding Id fix for github policies #874 (shreyas-phansalkar-189)
- Bugfix/k8s id field #873 (gaurav-gogia)
- Add ID Field in Azure Policies #872 (gaurav-gogia)
- adding ID field for aws policies #871 (harkirat22)
- Adding missing Id field for GCP policies #870 (shreyas-phansalkar-189)
- Updating network security policies for GCP #869 (shreyas-phansalkar-189)
- improves: filename in remote module #867 (Rchanger)
- Adding AWS Network Security Policies #866 (shreyas-phansalkar-189)
- Change api, Add support for s3 bucket resource and better cft loader #865 (sigmabaryon)
- Fixes incorrect filepath reporting in sarif output & added e2e tests for sarif output #863 (dev-gaur)
- Bugfix/az nw sec policies #862 (gaurav-gogia)
- Update mkdocs-material to 7.1.8 #859 (pyup-bot)
- Fix AC_AZURE_0185 policy #858 (maxgio92)
- fixed sarif unit tests hardcoding code smell #857 (dev-gaur)
- fix broken link to
usage.md
#855 (dan-hill2802) - Added "id" field support & policy validation tests #843 (nasir-rabbani)
- Add Microsoft Azure ARM as an IaC Provider #736 (gauravgahlot)
v1.7.0 (2021-06-09)
Implemented enhancements:
- Enhancement: Support sarif as output format #775
- Admission Controller e2e tests #749
- Enhance terrascan docker to support all terrascan run modes #748
- Config file changes for server and admission controller #747
- Create Helm charts for the terrascan admission webhook setup. #685
- Enhancement: Use module instance name for download directory #672
Fixed bugs:
- Azure AKS failing to check the network policy status. #789
- Scan for terraform doesn't error out if a module definition refers to a directory with no tf files #782
- Wrong detection of MemoryRequestsCheck,CpuRequestsCheck,noReadinessProbe and nolivenessProbe policy in k8s Job spec #767
- Update Docker build for terrascan to use numeric UID #766
- Wrong detection of AllowPrivilegeEscalation (policy AC-K8-CA-PO-H-0165) in K8s pod spec #721
- Failed to run prepared query error in opa/engine.go #709
- tfplan should use resource address for id field #702
- Rule IDs with spaces cannot be skipped #610
- AWS.CloudFront.Network Security.Low.0568 Doesn't allow skipping due to space in filename #549
- Error parsing syntax if using complex query for dynamic ip_restriction in azurerm_function_app or azurerm_app_service resource #433
Closed issues:
- Add support for YAML format for terrascan config file #807
- Add ID field #805
- Add a middleware to log incoming http(s) requests on terrascan server #784
- terrascan server: validation missing for --cert-path and --key-path #769
- show-passed should report passes only for the existing resources #757
- Out of the box handling of certificates in helm charts for terrascan in Server mode #756
- In-file Instrumentation #755
- Release 1.5.2 or 1.6.0 #745
- Issue in GCP Policyfile unrestrictedRdpAccess.rego #735
- accurics.azure.AKS.3 is defective #711
- Rule
lambdaNotEncryptedWithKms
should not check for KMS when env vars are not being used #682 - Terrascan does not resolve env var for aws_rds_cluster attribute storage_encrypted #678
- Valid Terraform configuration fails with
s3EnforceUserAcl
#659 - kmsKeyExposedPolicy:22: eval_builtin_error: json.unmarshal: invalid character '$' looking for beginning of value} #627
- Terrascan not able to find terraform config files in a sub directory, but it works in case of k8s infrastructure type #622
- Potential nil-dereference found while fuzzing #611
- terrascan should have a
category-list
command #597 - Improved Documentation #416
- Improve test coverage for k8s #400
Merged pull requests:
- Fixing the bug for google_kms_crypto_key policies #848 (shreyas-phansalkar-189)
- Fix AWS dynamo Db policy for point in time recovery #847 (harkirat22)
- Bugfix/use ref id old format #846 (gaurav-gogia)
- reference ids with & and <space> fixed #845 (gaurav-gogia)
- fixes: Terraform inner block reference resolution #844 (Rchanger)
- Bump up to Go/1.16 #836 (kanchwala-yusuf)
- [fix] Add Alternate names for k8s services #834 (rahulchheda)
- Support for spaces in policy reference_id #833 (nasir-rabbani)
- fix - type assertion check for hcl.Body in terraform iac provider #832 (patilpankaj212)
- Add ID Field for AWS Policies' Metadata #831 (gaurav-gogia)
- Policy to check CVE-2021-25737 #830 (harkirat22)
- Enhancing AWS policies #829 (harkirat22)
- aws s3 policy
s3EnforceUserAcl
update #828 (gaurav-gogia) - add check for env vars and kms #827 (gaurav-gogia)
- Add ID Field for K8s Policies' Metadata #826 (Avanti19)
- Do not trim resource id from tfplan json #825 (kanchwala-yusuf)
- Add ID Field for GCP Policies' Metadata #824 (gaurav-gogia)
- fix - source path for k8s file scan is absolute #821 (patilpankaj212)
- added pending test changes for config reader #820 (patilpankaj212)
- fix: moves the pending test to running #819 (Rchanger)
- fix multierror variable issue #818 (patilpankaj212)
- [feat.] Merge Webhook and Server Helm Chart #817 (rahulchheda)
- add support for YAML format for terrascan config file #816 (kanchwala-yusuf)
- Add AWS CFT as an IaC Provider #815 (mahendrabagul)
- fix failing e2e test #812 (patilpankaj212)
- Adding Aws new policies cloudTrail #810 (Avanti19)
- Feature/az id field #808 (gaurav-gogia)
- added support for sarif formatted violation reports #806 (dev-gaur)
- Adds support to scan config resources with applicable policies & Refactors filtration #803 (patilpankaj212)
- Adds: in-file instrumentation for resource prioritizing #802 (Rchanger)
- shifted opa engine warning message to debug log level #800 (dev-gaur)
- fix: added validation for module local source dir #793 (Rchanger)
- policy metadata changes to include
policy\_type
andresource\_type
#792 (patilpankaj212) - Fix pod level securityContext support #790 (harkirat22)
- Fix policy code for securityContext and Probes #787 (harkirat22)
- add logging middleware for server #785 (dev-gaur)
- config file changes for terrascan server #780 (patilpankaj212)
- Automate generation of TLS Certs using Helm #779 (rahulchheda)
- Add webhook setup capability and remote repo scan capability in the helm charts #778 (dev-gaur)
- Changed description of policy file to match port. #777 (menzbua)
- Added source_range 0.0.0.0/0 (any) to avoid rule violations #776 (menzbua)
- support for
module name
in violation summary #774 (patilpankaj212) - Modified the Dockerfile to use numeric UID #773 (Rchanger)
- adds e2e tests for validating webhook #772 (patilpankaj212)
- add validation for tls private key and cert file values #771 (dev-gaur)
- Documentation #768 (lalchand12)
- change docs to include docker subcommands.md #765 (amirbenv)
- shifted custom atlantis container source under integrations/ directory #758 (dev-gaur)
- Update mkdocs-material to 7.1.4 #746 (pyup-bot)
- Add a kustomize based guide for setting up terrascan server and validating webhook in kubernetes #739 (dev-gaur)
- Fix accurics.azure.AKS.3 #712 (xortim)
- Update mkdocs-redirects to 1.0.3 #710 (pyup-bot)
- Initial addition of terrascan helm chart #688 (jlk)
v1.6.0 (2021-05-10)
Implemented enhancements:
- Atlantis Integration #686
- Enhancement: support for all iac scan for cli #673
- Feature request: scan sub-folders too #411
Fixed bugs:
- Admission Controller Doesn't display feedback for kubectl "create" and "apply" #731
Closed issues:
- GKE Control Plane is exposed to few public IP addresses #743
- Error with finding Enable AWS CloudWatch Logs for APIs #730
- Task: Add to github actions ability to build/push terrascan_atlantis image #728
- accurics.azure.NS.161 does not work with tfplan #725
- terrascan "latest" docker image broken for tfplan #718
- Local expansion recursive infinite loop #690
Merged pull requests:
- Feature/aws new policies sp #751 (shreyas-phansalkar-189)
- Argocd doc volume field modification #742 (Rchanger)
- Update mkdocs.yml #741 (amirbenv)
- fix failing test #740 (patilpankaj212)
- AWS policy pack update #737 (harkirat22)
- Adding release checklist #734 (jlk)
- Gh action terrascan_atlantis release #733 (dev-gaur)
- adds argocd integration dockerfile, scripts, doc and examples #732 (Rchanger)
- Fix NSG associations #727 (xortim)
- changes for argocd integration #724 (patilpankaj212)
- Update admission-controller-webhooks-usage.md #722 (amirbenv)
- fix - #718 #720 (patilpankaj212)
- doc: add homebrew badge #714 (chenrui333)
- update version #713 (chenrui333)
- adds skipped tests for server file scan when file is k8s yaml #706 (Rchanger)
- fixes infinite loop while local variable resolution #700 (patilpankaj212)
- add terrascan atlantis container files, scripts and doc. #684 (dev-gaur)
- adds support to scan directory with all iac providers in cli mode #674 (patilpankaj212)
- adds support to scan sub folders for terraform iac provider #640 (patilpankaj212)
v1.5.0 (2021-04-23)
Fixed bugs:
- Recursive loop expanding variables in included module #675
- Terrascan doesn't resolve terraform complex variables #656
- Panic while resolving floating point variable #652
- Terrascan using absolute path for "source" value of resource #642
- Failed to initialize terrascan. error : failed to install policies #614
- Terrascan not able to read modules within a subdirectory #600
- Terrascan init command doesn't work with -c flag #550
Closed issues:
- Not able to scan repo when google terraform module defined #681
- The link referencing the documentation to integrate Terrascan into CI/CD is broken #669
- Make saving of "admission request" configurable via an option in the config file for the validating admission webhook #664
- Add API_KEY to the /logs endpoint for the validating admission webhook #662
- Panic: not a string #647
- unit tests and e2e tests failing on windows #639
- Add support for private terraform repos #631
- policy not evaluating #629
- Terrascan does not support to download modules via SSH #621
- terrascan scan fails if path and rego_subdir are not provided together in the toml configfile #619
- Getting error while running scan on our terraform repo #607
- Terrascan not found policy id #601
Policies Violated
andViolated Policies
are confusing. #598- Invalid categories not being validated from config file #594
- Terrascan API server's file scan doesn't work for k8s yaml files #584
- Add
/go/bin
to the PATH variable in Docker image #577 - terrascan scan command doesn't work with TERRASCAN_CONFIG env variable #570
- Format junit-xml need to have passed test results, not only failed test #563
- optimize policy download process in
terrascan init
#535
Merged pull requests:
- Release v1.5.0 #689 (kanchwala-yusuf)
- Adds support to configure dashboard mode in k8s validating webhook #683 (patilpankaj212)
- Updating documentation for k8s admission control #679 (kanchwala-yusuf)
- Fix recursive variable reference resolution #677 (patilpankaj212)
- Update mkdocs-material to 7.1.2 #676 (pyup-bot)
- Fixes broken link in README #671 (cesar-rodriguez)
- Docs- fix argo image path.md #667 (amirbenv)
- Makes saving of admission requests configurable via a config file option #665 (kanchwala-yusuf)
- Add authentication with API key for the /logs endpoint #663 (kanchwala-yusuf)
- Fixes docs format #661 (cesar-rodriguez)
- Update mkdocs.yml #660 (amirbenv)
- Support for authenticated tf module download #658 (jlk)
- Fix - terraform complex variables are not getting resolved #657 (patilpankaj212)
- Reorganized and Updated docs #655 (amirbenv)
- Fix- panic when terraform list variable doesn't have a type #654 (patilpankaj212)
- Fix panic for floating point variables #653 (patilpankaj212)
- Adding support to scan IAC from atlantis workflow #648 (jlk)
- Fix - k8s resources config data has absolute source paths for resources #644 (patilpankaj212)
- Fix - terrascan not able to read modules within a subdirectory #641 (patilpankaj212)
- Add /go/bin to PATH. #637 (seancallaway)
- Update mkdocs-material to 7.1.0 #636 (pyup-bot)
- Fix windows tests #635 (patilpankaj212)
- Fix kustomize scan breakage on windows #630 (dev-gaur)
- Update route53LoggingDisabled.rego to ignore private zones #626 (matt-slalom)
- Adding openssh for downloading modules via ssh #625 (sachinar)
- Fix - init behavior change #624 (patilpankaj212)
- Add support for validating admission webhook in terrascan #620 (kanchwala-yusuf)
- Policy download refactor #618 (dev-gaur)
- Update mkdocs-material to 7.0.6 #615 (pyup-bot)
- Log error in LoadIacDir before continuing #613 (jlk)
- K8S Risk Category Changes #608 (Avanti19)
- GCP Risk Category Changes #606 (shreyas-phansalkar-189)
- Category flag e2e tests #605 (gaurav-gogia)
- Azure Risk Category Changes #604 (gaurav-gogia)
- AWS Risk Category Changes #603 (harkirat22)
- Bugfix/revert policies #602 (kanchwala-yusuf)
- Server mode: take file extension from uploaded file #593 (jlk)
- filepath fixes in e2e tests #591 (patilpankaj212)
- Update mkdocs-material to 7.0.5 #590 (pyup-bot)
- update helm default chart name and namespace values #589 (williepaul)
- v1.4.0 doc updates #588 (cesar-rodriguez)
- Terrascan K8s New categories and ruleRef ID changes #583 (Avanti19)
- GCP Category Changes #582 (shreyas-phansalkar-189)
- AWS new Categories #581 (harkirat22)
- New Policies for Azure & Category Updates. #580 (gaurav-gogia)
- Terrascan init and config handling refactor #576 (dev-gaur)
- Feature: add options to specify desired categories of violations to be reported #547 (gaurav-gogia)
v1.4.0 (2021-03-05)
Implemented enhancements:
- Scanning terraform plan files #407
- Adds support for junit xml output #527
- Adds e2e test scenarios for help and scan command #564
- Adds e2e tests for api server #585
- Please checkout our new GitHub Action!
Fixed bugs:
- Fixed a few bugs in the init command and downloading of fresh policies, including #561
- Difference in violated policies for the same terraform file #519
- false positive for AWS.Instance.NetworkSecurity.Medium.0506 #404
- accurics.gcp.IAM.122 needs to take into account the new name for Uniform bucket-level access flag #329
- fix the 'repo already exist' bug and improve error logging for terrascan init #552 (dev-gaur)
Closed issues:
- terrascan API server's file scan always returns the resource config #578
- Issue on Azure DevOps Agents since 1.3.2 : failed to initialize terrascan #561
- Could not get terrascan init to work - would not download policy documents #551
Merged pull requests:
- release 1.4.0 #586 (kanchwala-yusuf)
- adds e2e tests for api server #585 (patilpankaj212)
- adds support to use 'config_only' attribute in api server's file scan #579 (patilpankaj212)
- adds support to display passed rules #572 (patilpankaj212)
- Update mkdocs-material to 7.0.1 #567 (pyup-bot)
- fix filepaths and home directory lookup #566 (dev-gaur)
- adds e2e test scenarios for help and scan command #564 (patilpankaj212)
- Adds support for scanning tfplan json file #562 (kanchwala-yusuf)
- fix: renamed the json file to remove spaces #560 (harkirat22)
- fix: Changed the description message to handle the violation correctly #559 (harkirat22)
- bump versions to v1.3.3 #558 (dev-gaur)
- updated go module files #557 (dev-gaur)
- Initial changes for e2e testing framework #553 (patilpankaj212)
- Add code of conduct #545 (jlk)
- Fixes incorrect description of RDS encryption policy #542 (alex-petrov-vt)
- changes in log level and messages for load iac functions #541 (patilpankaj212)
- Update mkdocs-material to 6.2.8 #539 (pyup-bot)
- Updates docs for v1.3.2 #537 (cesar-rodriguez)
- update readme for v1.3.2 #534 (dev-gaur)
- fix - improved description for init command in help #532 (nathannaveen)
- Adds support for junit xml output #527 (patilpankaj212)
- enhancement: scan terraform registry modules as remote type #513 (patilpankaj212)
- support for terraform registry remote modules #505 (patilpankaj212)
- feature: add options to specify desired severity level of violations to be reported #501 (dev-gaur)
- Bump github.com/spf13/cobra from 1.0.0 to 1.1.1 #493 (dependabot[bot])
v1.3.2 (2021-02-03)
Fixed bugs:
- terrascan init should download new policies #521
Closed issues:
- How to get rid of "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary." #405
- False Positive for accurics.azure.NS.161 when Security Groups Association and Subnets are defined independently from VNet #391
- Calico is not supported as a valid Network Security for azurerm_kubernetes_cluster #376
Merged pull requests:
- Update readme for v1.3.2 #534 (dev-gaur)
- bump terrascan version to v1.3.2 #533 (dev-gaur)
- refactor init command for robust policy download checks #531 (dev-gaur)
- terrascan init will download new policies. #529 (dev-gaur)
- bugfix: Checks for security group association defined independently from vnet #526 (harkirat22)
- Update mkdocs-material to 6.2.7 #524 (pyup-bot)
- Fixed typos in docs #523 (gauravgahlot)
- Enhancement: new set of policies for AWS EC2 instance. #522 (harkirat22)
- Harkirat22/bug fix #520 (harkirat22)
- fixes #376 #518 (gaurav-gogia)
- fixes #405 #517 (gaurav-gogia)
- Policy/aws launch config #516 (harkirat22)
- add support for pod container #515 (harkirat22)
- Update mkdocs-material to 6.2.6 #514 (pyup-bot)
- Update README.md and changelog for 1.3.1 #509 (amirbenv)
v1.3.1 (2021-01-22)
Implemented enhancements:
- Support for remote modules
- Tag container image with release version #504
Fixed bugs:
- Build error on ARM MacOS
- terrascan consider source = "terraform-aws-modules/vpc/aws" as local path #418
- Failed to read module directory #332
Closed issues:
- Custom Variable Validation no longer experimental in 0.13 #500
Merged pull requests:
- release v1.3.1 #508 (kanchwala-yusuf)
- fix dependencies that were breaking the darwin/arm64 build #507 (williepaul)
- support for terraform registry remote modules #505 (patilpankaj212)
- Readme rule suppression #503 (amirbenv)
- Bump github.com/hashicorp/go-retryablehttp from 0.6.6 to 0.6.8 #496 (dependabot[bot])
- Bump github.com/hashicorp/go-getter from 1.5.1 to 1.5.2 #495 (dependabot[bot])
v1.3.0 (2021-01-19)
Implemented enhancements:
- Prints output in human friendly format #168
- Support for rule suppression using terraform comments,kubernetes annotations, cli arguments, and config file.
- New Policies for Kubernetes #480
- Tag released Docker images #398
- Add policy for checking insecure_ssl configuration for github_repository_webhook in GitHub provider #355
- Introduced support for terraform .14 and .13. Note: This will introduce some breaking changes for terraform v.12 files, even if using --iac-version v.12 flag. Notably we will no longer support multiple providers blocks, and certain references inside provisioner blocks (objects other than self, count or each, where when = destroy) . For more details see: https://github.com/hashicorp/terraform/releases/tag/v0.13.0
Fixed bugs:
- terrascan doesn't allow registering multiple versions for an iac-type #471
- Debug resource lock #432
- terrascan panic: not a string #412
- False positive for aws rule vpcFlowLogsNotEnabled #408
- accurics.GCP.EKM.132 and accurics.GCP.EKM.131 wrong violation using disk_encryption_key #382
- s3EnforceUserACL - False Positive #359
- How to fix accurics.azure.EKM.20 #331
- Why accurics.gcp.IAM.104 suggests enabling a client certificate? #330
Closed issues:
- terraform can't detect violations in terraform modules #468
- uniformBucketEnabled.rego referencing deprecated config #453
- Unable to run terrascan scan #446
- Terrascan doesn't exit with error on CLI or Parsing errors. #442
- Terrascan Failure When Using Terraform 13 + Variable Validation #426
- Update policy example in documentation to use latest GitHub implementation #422
- Fix link to repo playground in policies documentation #421
- terrascan scan crashes with runtime: goroutine stack exceeds 1000000000-byte limit #406
- Typo error in the terrascan Architecture page #403
- accurics.gcp.OPS.114 should also check for cos_containerd image #395
- accurics.gcp.NS.112 suggest basic auth is enabled when is not #394
- Test coverage missing for kustomize iac-provider #379
- Why is vpcFlowLogsNotEnabled determined to be a violation? #352
Merged pull requests:
- update version to v1.3.0 #502 (kanchwala-yusuf)
- Add v13 flag option for terraform iac #499 (dev-gaur)
- Fix: potential bug added in PR #470 #497 (dev-gaur)
- Bump sigs.k8s.io/kustomize/api from 0.7.1 to 0.7.2 #494 (dependabot[bot])
- Bump github.com/mattn/go-isatty from 0.0.8 to 0.0.12 #492 (dependabot[bot])
- solves issue #382, and improved policy to relate disk with the instance #490 (harkirat22)
- solves issue #331 #489 (harkirat22)
- Update mkdocs-material to 6.2.5 #488 (pyup-bot)
- Bump go.uber.org/zap from 1.13.0 to 1.16.0 #486 (dependabot[bot])
- Bump github.com/spf13/afero from 1.3.4 to 1.5.1 #485 (dependabot[bot])
- Bump github.com/iancoleman/strcase from 0.1.1 to 0.1.3 #484 (dependabot[bot])
- Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 #482 (dependabot[bot])
- Bump github.com/pelletier/go-toml from 1.8.0 to 1.8.1 #481 (dependabot[bot])
- Policy update 2021 01 14 #480 (williepaul)
- fix panic for list variables #479 (patilpankaj212)
- adding an else condition to relate management lock with resource group #476 (harkirat22)
- adding an else condition to relate the flow log with vpc #475 (harkirat22)
- including a check for verifying in-line policy is included #474 (harkirat22)
- adding rule to check if waf is enabled at cloud front distribution #473 (harkirat22)
- Added terraform v14 support besides v12. #470 (dev-gaur)
- support comment with rule skipping for resource and scan summary modifications #466 (patilpankaj212)
- recognize metadata.generateName #465 (acc-jon)
- Update mkdocs-material to 6.2.4 #464 (pyup-bot)
- Update README.md #463 (amirbenv)
- Deprecated gcs bucket #462 (jdyke)
- changed the description to include the vulnerable versions #460 (harkirat22)
- Fix exit code on error #458 (patilpankaj212)
- policy for CVE-2020-8555 #457 (harkirat22)
- Update README.md #456 (amirbenv)
- rule skipping for resources in k8s #455 (patilpankaj212)
- terrascan argo-cd instructions #454 (storebot)
- Adds CI/CD integration docs #452 (cesar-rodriguez)
- Bump github.com/zclconf/go-cty from 1.2.1 to 1.7.1 #449 (dependabot[bot])
- Bump sigs.k8s.io/kustomize/api from 0.6.5 to 0.7.1 #448 (dependabot[bot])
- Bump github.com/gorilla/mux from 1.7.4 to 1.8.0 #447 (dependabot[bot])
- Update mkdocs-material to 6.2.3 #445 (pyup-bot)
- deps: add dependabot support #444 (chenrui333)
- bump go to 1.15 #443 (chenrui333)
- implement scan and skip rules #441 (patilpankaj212)
- scan command refactor #436 (patilpankaj212)
- Fixes dead link to old getting started page #435 (cesar-rodriguez)
- Add support to extract rules to skip from terraform comments #434 (kanchwala-yusuf)
- bash output improvements #431 (patilpankaj212)
- APE-1319: Revamped Getting Started Section #430 (acc-jon)
- Add policy AC-K8-NS-SE-M-0188 for CVE-2020-8554 #428 (gauravgogia-accurics)
- set console mode on windows so colors render #427 (acc-jon)
- Update mkdocs-material to 6.1.7 #425 (pyup-bot)
- Update policy example in the documentation #424 (HorizonNet)
- Fix link to rego playground in policies documentation #423 (HorizonNet)
- hopefully remove test failures due to non-deterministic comparisons #420 (acc-jon)
- IMDSv1 policy: update category, description #419 (acc-jon)
- IMDSv1 check policy #417 (harkirat22)
- Add Docker image release tagging on release #410 (HorizonNet)
- Fix typo in architecture documentation #409 (HorizonNet)
- accurics.gcp.IAM.104 Fire rule when client certificate is enabled #402 (lucas-giaco)
- Update mkdocs-material to 6.1.6 #401 (pyup-bot)
- Added Unit test coverage for Kustomize V3 Iac-provider #399 (dev-gaur)
- Fixes GCP cos node image policy #397 (cesar-rodriguez)
- #394: recognize that empty values for username and password in master… #396 (acc-jon)
- Fix infinite loop on variable resolution #393 (dinedal)
- Remove demo badge #389 (kklin)
- Update mkdocs-material to 6.1.5 #387 (pyup-bot)
v1.2.0 (2020-11-16)
Implemented enhancements:
- Add support for Helm #353
- Add 'git' to container image, or run container as 'root' user by default #349
- Add policy for checking insecure_ssl configuration for github_organization_webhook in GitHub provider #339
- Rule for github_repository seems to be wrongly placed under gcp #325
Fixed bugs:
- Fail to validate when there are multiple properties with the same name in a resource #1
Closed issues:
- Deep modules location mis-processed. #365
- 20MB binary file included in repo now #364
- Private GitHub repositories are not recognized with version 3.0.0+ of GitHub provider #326
- Terrascan -var-file=../another dir #144
- Error in test_aws_security_group_inline_rule_open and test_aws_security_group_rule_open #138
- Initial setup after installation #136
- Add support for data sources #3
- Support from modules #2
Merged pull requests:
- Bring Go to 1.15 in GitHub Actions #384 (gliptak)
- Bring Go to 1.15 in GitHub Actions #383 (gliptak)
- fix a bug when rendering subcharts #381 (williepaul)
- Added kustomize support #378 (dev-gaur)
- Adds support for Helm v3 #377 (williepaul)
- Update mkdocs-material to 6.1.4 #374 (pyup-bot)
- properly handle nested submodules (#365) #373 (acc-jon)
- Address #365 by properly handling submodule path #372 (acc-jon)
- Update mkdocs-material to 6.1.3 #371 (pyup-bot)
- Update mkdocs-material to 6.1.2 #370 (pyup-bot)
- Allow use of multiple policy types (scan -t x,y or scan -t x -t y) #368 (acc-jon)
- Remove large binary that was included in the repo #366 (cesar-rodriguez)
- fix send request method, previously hardcoded #361 (kanchwala-yusuf)
- Add git binary to terrascan docker image, required by downloader #360 (kanchwala-yusuf)
- Adds new policies/regos for AWS serverless services #357 (cesar-rodriguez)
- Update mkdocs-material to 6.1.0 #356 (pyup-bot)
- Allow configuration of global policy config, fix some typos #354 (acc-jon)
- Feature/support resolve variable references #351 (kanchwala-yusuf)
- Add new policy for checking insecure_ssl on github_organization_webhook #350 (HorizonNet)
- Update mkdocs-material to 6.0.2 #348 (pyup-bot)
- Add support for colorized output #347 (acc-jon)
- Update mkdocs-material to 6.0.1 #346 (pyup-bot)
- Adds support for remote Terraform modules and scanning remotely for other IaC tools #345 (kanchwala-yusuf)
- fix supported providers unit test, sort the wanted result #344 (kanchwala-yusuf)
- Fix typo on AWS IAM account password policy rego name #343 (kmonticolo)
- Update mkdocs-material to 5.5.14 #340 (pyup-bot)
- Adds docs section for GitHub policies #337 (cesar-rodriguez)
- Automatically populate usage with supported IaC providers, versions, and policies #336 (kanchwala-yusuf)
- Add line about kubernetes YAML/JSON support #335 (williepaul)
- Add policy set for GitHub provider #334 (HorizonNet)
- Add check for visibility for github_repository #333 (HorizonNet)
- Add instructions for booting terrascan demo #319 (kklin)
v1.1.0 (2020-09-16)
Implemented enhancements:
- Initial kubernetes support #313 (williepaul)
- Adds different exit code when issues are found #299 (cesar-rodriguez)
- Adding terrascan to Homebrew #293
Fixed bugs:
- Outdated Docker image #294
- Error with XML output #290
- Fixed checkIpForward rule (gcp) #323 (williepaul)
Closed issues:
- Terrascan wrongly reports a accurics.gcp.NS.130 (checkIpForward) violation #320
- Allow structure output (Json) #252
- Throwing Errors when parsing nested brackets in HCL #233
- Be able to generate xml/html reports #119
Merged pull requests:
- Revert "fixed a bug in checkIpForward" #322 (cesar-rodriguez)
- Fixed a bug in checkIpForward #321 (williepaul)
- Move server command out of ENTRYPOINT and into CMD #318 (williepaul)
- Send logs to stderr instead of stdout #317 (williepaul)
- Fix template rendering bug #316 (williepaul)
- chore(docs): add homebrew installation #315 (chenrui333)
- Update badges in readme #314 (acc-jon)
- Update mkdocs-diagrams to 1.0.0 #312 (pyup-bot)
- Add support to print resource config as an output #309 (kanchwala-yusuf)
- Manage relative module path #308 (guilhem)
- Update mkdocs-material to 5.5.12 #307 (pyup-bot)
- chore(docs): fix indent of tar extraction #306 (zmarouf)
- Fixes issue template and rego capitalization #301 (cesar-rodriguez)
- Update mkdocs-material to 5.5.8 #300 (pyup-bot)
- Update about.md #298 (Upa-acc)
- Updated policies to the latest set #297 (williepaul)
- Fixes docker latest tag #296 (cesar-rodriguez)
- Typo fixes #295 (erichs)
- Update mkdocs-material to 5.5.7 #292 (pyup-bot)
- Fix xml output #291 (kanchwala-yusuf)
Major updates to Terrascan and the underlying architecture including:
- Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling.
- Server mode. This allows Terrascan to be executed as a server and use it's API to perform static code analysis
- Notifications hooks. Will be able to integrate for notifications to external systems (e.g. email, slack, etc.)
- Uses OPA policy engine and policies written in Rego.
- Introduces the '-f' flag for passing a list of ".tf" files for linting and the '--version' flag.
- Adds Docker image and pipeline to push to DockerHub
- Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the ">=" operator.
- Adds support for terraform 0.12+
- Adds ability to setup terrascan as a pre-commit hook
- Updates dependent packages to latest versions
- Migrates CI to GitHub Actions from travis
- First release on PyPI.
* This Changelog was automatically generated by github_changelog_generator
* This Changelog was automatically generated by github_changelog_generator
* This Changelog was automatically generated by github_changelog_generator
* This Changelog was automatically generated by github_changelog_generator
* This Changelog was automatically generated by github_changelog_generator
* This Changelog was automatically generated by github_changelog_generator