Changes
This is our next major release Version 3 and it contains the following changes ๐.
Help us to spread the word or leave a GitHub star if you like it ๐
โจโจโจ Highlights
This major release v3 contains a lot of stuff and tremendous cool new features like our new AutoDiscovery Operator for Kubernetes ๐ . Special thx to @J12934 who takes the major part on this.
- More details about the new AutoDiscovery Operator can be found here. Added a new AutoDiscovery Operator for automated Scans in Kubernetes Clusters @J12934 (#461)
- We also added a full Support for all secureCodeBox Scanners in the DefectDojo Hook @JohannesZahn (#487)
๐ฃ Breaking
Please be aware of a lot of breaking changes in this major release v3. Most of them shouldn't be much disturbing but please read our UPGRADING.md hints to get the full details about what changed and how to migrate from v2 to v3.
- Migrated DefectDojo Hook to SCB v3 Findings Format @JohannesZahn (#572)
- Removed Old Teams Webhook @JohannesZahn (#570)
- Renamed
lurchertolurker@twwd (#537) - Removed unused
slack-webhookDirectory due to the new Notification Hook @fuhrmeistery (#524) - Renamed
demo-appstodemo-targets@twwd (#515) - Upgraded Kubebuilder Version to v3 @J12934 (#512)
- Refactored
hookHelmCharts to introduce consistency in HelmChart Values @EndPositive (#484) - Refactored
scannerHelmCharts to introduce consistency in HelmChart Values @EndPositive (#483) - Renamed
cascadingScanshook directory & docker containers @EndPositive (#481) - Added scanner.appendName to chart values @EndPositive (#469)
- Trivy Scanner no longer produces invalid Severities "UNKNOWN" and "CRITICAL" @JohannesZahn (#566)
๐ Features
- Added Ability to Configure ZAP Advanced API Scans with Configs without Hardcoded URLs @J12934 (#569)
- Added Alert Filters Config to ZAP Advanced @J12934 (#562)
- Inherit environment variables, volumes, and volume mounts from parent in cascading scans @EndPositive (#538)
- Added a new AutoDiscovery Operator for automated Scans in Kubernetes Clusters @J12934 (#461)
- Environment Variables can now be set for Parsers @JohannesZahn (#532)
- Added matched-finding id to cascading scan annotations @EndPositive (#514)
๐ Security Scanner
- Added Ability to Configure ZAP Advanced API Scans with Configs without Hardcoded URLs @J12934 (#569)
- Added Alert Filters Config to ZAP Advanced @J12934 (#562)
- Added Dedicated Container User For ncrack @fuhrmeistery (#560)
- Added Makefile For Amass @fuhrmeistery (#551)
- Updated kube-hunter from 0.4.1 -> 0.6.1 @fuhrmeistery (#561)
- Added Dedicated User For Screenshooter @fuhrmeistery (#559)
- Environment Variables can now be set for Parsers @JohannesZahn (#532)
- Added matched-finding id to cascading scan annotations @EndPositive (#514)
- Run git-repo-scanner As User instead of root in docker @fuhrmeistery (#527)
- Run gitleaks As User As User instead of root in docker @fuhrmeistery (#526)
โ๏ธ Hooks
- Removed Old Teams Webhook @JohannesZahn (#570)
- Fixed inconsistent casing in findings created in DefectDojo Hooks
syncFindingsBackMode @J12934 (#556) - Added
hookDirectory For Each Hook @fuhrmeistery (#550) - Added MS Teams Notifier To Notification Hook @fuhrmeistery (#513)
- Fixed Bug in DefectDojo Hook where Findings with Null fields caused Runtime Exceptions @JohannesZahn (#529)
- Added DefectDojo Hook Support for all secureCodeBox Scanners @JohannesZahn (#487)
๐ Bug Fixes
- Trivy Scanner no longer produces invalid Severities "UNKNOWN" and "CRITICAL" @JohannesZahn (#566)
- Fixed inconsistent casing in findings created in DefectDojo Hooks
syncFindingsBackMode @J12934 (#556) - Fixed typo in Artifact Hub annotations @cynthia-sg (#552)
- Self-close HTML Img Tags @twwd (#541)
- Use filtered findings for check instead of the original @J12934 (#531)
- Fixed Bug in DefectDojo Hook where Findings with Null fields caused Runtime Exceptions @JohannesZahn (#529)
๐งช Test
- Validate SCB Findings in Unit Tests @JohannesZahn (#520)
๐ Documentation
- Added a sponsors section in the main readme @rseedorff (#580)
- Updated the Upgrading hints for the upcoming SCB V3 release @rseedorff (#577)
- Added a breaking category to the generated release notes @rseedorff (#576)
- Added ADR 8 @Weltraumschaf (#565)
- Propose ADR to drop documentation versioning @Weltraumschaf (#542)
- Fixed another typo in helm docs template @J12934 (#553)
- Self-close HTML Img Tags @twwd (#541)
- Added Upgrading Notes for Cleanup @twwd (#540)
- Added a Readme and License Notice to all secureCodeBox related DockerHub Repos @rseedorff (#523)
๐ง Maintenance
- Updated demo-target BodgeIt Docker Image Source @rseedorff (#579)
- Fixed and updated all licenses headers @SebieF (#575)
- Made Scanner and Hook Titles more uniform @JohannesZahn (#571)
- Removed Old Teams Webhook @JohannesZahn (#570)
- Added Dedicated Container User For ncrack @fuhrmeistery (#560)
- Updated WS, JEST and @kubernetes/client-node @fuhrmeistery (#564)
- Added Makefile For Amass @fuhrmeistery (#551)
- Name, Severity and Category are now required Findings attributes @JohannesZahn (#557)
- Updated kube-hunter from 0.4.1 -> 0.6.1 @fuhrmeistery (#561)
- Added Dedicated User For Screenshooter @fuhrmeistery (#559)
- Upgraded
wsAnd@kubernetes/client-node@fuhrmeistery (#555) - Added
hookDirectory For Each Hook @fuhrmeistery (#550) - Updated NPM Dependencies @fuhrmeistery (#548)
- Renamed lurcher to lurker @twwd (#537)
- Run git-repo-scanner As User instead of root in docker @fuhrmeistery (#527)
- Run gitleaks As User As User instead of root in docker @fuhrmeistery (#526)
- Removed unused
slack-webhookDirectory due to the new Notification Hook @fuhrmeistery (#524) - Improved install/uninstall script to respect namespaces @rseedorff (#425)
๐ Dependencies
- Update WS, JEST and @kubernetes/client-node @fuhrmeistery (#564)
- Update kube-hunter from 0.4.1 -> 0.6.1 @fuhrmeistery (#561)
- Upgrade
wsAnd@kubernetes/client-node@fuhrmeistery (#555) - Update NPM Dependencies @fuhrmeistery (#548)
Distribution
Contributers
Thx to all our contributers supporting this project ๐ค
@J12934, @JohannesZahn, @SebieF, @Weltraumschaf, @fuhrmeistery, @rseedorff, @twwd and @EndPositive, @cynthia-sg