Changes
This release contains the following changes ๐. Help spread the word or leave a GitHub star if you like it ๐
๐ Features
- Allow Volumes & VolumeMounts Config for AutoDiscovery Scans @J12934 (#1038)
- AutoDiscovery for Container Images @the-simmon (#932)
โ ๏ธ Potential Breaking Scanner Upgrades
Important: please be aware that this release contains some potential breaking scanner updates. As discussed in ADR 0011 we accept potentially breaking changes delivered by security scanner projects within our minor updates. In the future, minor releases can contain changes that are breaking to some users. These changes will be highlighted in the release notes. Major releases will be used to indicate larger compatibility-breaking changes.
- Upgraded
nucleifrom v2.6.2 to v2.6.5 @secureCodeBoxBot (#1014)- New: Nuclei Findings with severity "unkown" will be mapped to "low" in the generic secureCodeBox finding format
- Upgraded
trivyfrom 0.22.0 to 0.24.2 @secureCodeBoxBot (#948)- We splitted up the existing trivy scanType
trivyinto three new ones due to trivy changes:triviy-image,triviy-filesystem,triviy-repo
- We splitted up the existing trivy scanType
- Upgraded
sslyzefrom v4.1.0 to v5.0.2 @secureCodeBoxBot (#844)- SSLyze removed or replaced a number of parameters. In particular:
--regular was replaced with --mozilla_config {modern,intermediate,old}
--resum_rate was replaced with --resum_attempts - New commmand-line options:
--elliptic_curves Test a server for supported elliptic curves. - Public-Key-Pins headers are no longer checked by SSLyze, as the pinning feature has been removed from most browsers
- SSLyze removed or replaced a number of parameters. In particular:
- Upgrade
gitleaksfrom v7.6.1 to v8.3.0 @secureCodeBoxBot (#830)- Gitleaks no longer supports cloning natively. To clone a repository, use an
init containeras described in the updated documentation.
- Gitleaks no longer supports cloning natively. To clone a repository, use an
๐ Security Scanner
- [SCB-Bot] Upgraded
amassfrom v3.17.0 to v3.17.1 @secureCodeBoxBot (#1013) - [SCB-Bot] Upgraded
nucleifrom v2.6.2 to v2.6.5 @secureCodeBoxBot (#1014) - [SCB-Bot] Upgraded
trivyfrom 0.22.0 to 0.24.4 @secureCodeBoxBot (#1049)(#948) - [SCB-Bot] Upgraded
gitleaksfrom v7.6.1 to v8.3.0 @secureCodeBoxBot (#830) - [SCB-Bot] Upgraded
gitleaksfrom v8.3.0 to v8.4.0 @secureCodeBoxBot (#1042) - [SCB-Bot] Upgraded
gitleaksfrom v8.4.0 to v8.5.1 @secureCodeBoxBot (#1059) - [SCB-Bot] Upgraded
amassfrom v3.17.1 to v3.18.2 @secureCodeBoxBot (#1056) - [SCB-Bot] Upgraded
semgrepfrom 0.83.0 to 0.84.0 @secureCodeBoxBot (#1029) - [SCB-Bot] Upgraded
semgrepfrom 0.84.0 to 0.85.0 @secureCodeBoxBot (#1048)(#1041) - [SCB-Bot] Upgraded
sslyzefrom v4.1.0 to v5.0.2 @secureCodeBoxBot (#844) - [SCB-Bot] Upgraded
sslyzefrom 5.0.2 to 5.0.3 @secureCodeBoxBot (#1039)
๐ Bug Fixes
- Fixes semgrep's integration test error @Ilyesbdlala (#1034)
๐งช Test
- Added MakeFile to run all hook and scanner tests @RamiSouai (#1032)
- Autodiscovery is now built within the CI pipeline and no longer pushes to Dockerhub @Ilyesbdlala (#1063)
- Use matrix in CI for hook integration-test @RamiSouai (#1035)
- Inherit Makefile Integration Tests command for hooks @RamiSouai (#1028)
- Improves the integration-tests makefile process for scanners @Ilyesbdlala (#1033)
- Removed dependency on Dockerhub for Test-Scan scantypes in integration tests @Ilyesbdlala (#1022)
๐ Documentation
- Add New Contributor @johannawalker (#1060)
- Add frontmatter w/ sidebar config to ADRs @Weltraumschaf (#1046)
- ADR-0011: Version Numbers @malexmave (#936)
๐ง Maintenance
- Added MakeFile to run all hook and scanner tests @RamiSouai (#1032)
- Demo-target build process moved to release pipeline @Ilyesbdlala (#1062)
- Autodiscovery is now built within the CI pipeline and no longer pushes to Dockerhub @Ilyesbdlala (#1063)
- Minor makefile improvements for the test-all target @rseedorff (#1053)
- Use matrix in ci for hook integration-test @RamiSouai (#1035)
- Adding kind cluster name variable to common.mk makefile config (closes #1037) @SebieF (#1050)
- Improves the integration-tests makefile process for scanners @Ilyesbdlala (#1033)
๐ Dependencies
- Fixed Dependabot alerts @Ilyesbdlala (#1064)
- [SCB-Bot] Upgraded
nucleifrom v2.6.2 to v2.6.5 @secureCodeBoxBot (#1014) - [SCB-Bot] Upgraded
trivyfrom 0.22.0 to 0.24.4 @secureCodeBoxBot (#1049) - [SCB-Bot] Upgraded
trivyfrom 0.22.0 to 0.24.2 @secureCodeBoxBot (#948) - [SCB-Bot] Upgraded
gitleaksfrom v7.6.1 to v8.3.0 @secureCodeBoxBot (#830) - [SCB-Bot] Upgraded
gitleaksfrom v8.3.0 to v8.4.0 @secureCodeBoxBot (#1042) - [SCB-Bot] Upgraded
gitleaksfrom v8.4.0 to v8.5.1 @secureCodeBoxBot (#1059) - [SCB-Bot] Upgraded
amassfrom v3.17.1 to v3.18.2 @secureCodeBoxBot (#1056) - [SCB-Bot] Upgraded
semgrepfrom 0.83.0 to 0.84.0 @secureCodeBoxBot (#1029) - [SCB-Bot] Upgraded
semgrepfrom 0.84.0 to 0.85.0 @secureCodeBoxBot (#1048) - [SCB-Bot] Upgraded
semgrepfrom 0.84.0 to 0.85.0 @secureCodeBoxBot (#1041) - [SCB-Bot] Upgraded
sslyzefrom 5.0.2 to 5.0.3 @secureCodeBoxBot (#1039) - [SCB-Bot] Upgraded
sslyzefrom v4.1.0 to v5.0.2 @secureCodeBoxBot (#844) - [SCB-Bot] Upgraded
amassfrom v3.17.0 to v3.17.1 @secureCodeBoxBot (#1013) - [Snyk] Upgrade axios from 0.22.0 to 0.26.0 @snyk-bot (#1016)
- [Snyk] Upgrade axios from 0.25.0 to 0.26.0 @snyk-bot (#1017)
- [Snyk] Upgrade axios from 0.25.0 to 0.26.0 @snyk-bot (#1018)
Distribution
Contributors
Thanks to all our contributors supporting this project ๐ค
@Ilyesbdlala, @J12934, @RamiSouai, @SebieF, @Weltraumschaf, @johannawalker, @malexmave, @rseedorff, @secureCodeBoxBot, @snyk-bot and @the-simmon