Changes
This is the very first release candidate for the upcoming v4 release. All of the features should already be in it but we are still working on some documentation improvements. Any feedback or bugs found are as always very much appreciated 🙌
This release contains breaking changes. The changes are listed in the "💣 Breaking Changes" section below and in the Upgrading from 3.x - 4.x notes.
🚀 Features
- Add Cluster Wide Custom Resources (ClusterScanType, ClusterParseDefinition & ClusterScanCompletionHook) @J12934 (#1662): See more in ADR-12
- Enable Container AutoDiscovery to scan images from private repos @the-simmon (#1374, #1557): See more in ADR-17
- Allow multiple
scanTypes
to be used in the Service and Container AutoDiscovery @Ilyesbdlala (#1447) - Added new
references
attribute to the finding format with unified references to CVEs, CWEs and other external references @Ilyesbdlala (#1676) - Added optional
identified at
parameter to findings (for all scanners which include this info in their results) @Ilyesbdlala (#1434) - Added new DNS Scanner: Doggo @rseedorff (#1446)
💣 Breaking Changes
You can find detailed upgrade notes on these braking changes in the upgrading documentation: Upgrading from 3.x - 4.x
Note some breaking changes are missing here and are only referenced in the linked upgrading notes.
- Improve Nmap Parser to handle multiple / ipv6 addresses and verbose output @J12934 (#1679)
- Allow multiple
scanTypes
to be used in the Service and Container AutoDiscovery @Ilyesbdlala (#1447) - Added optional
mitigation
attribute to findings @Ilyesbdlala (#1639) - Remove AngularCSTI Integration @J12934 (#1649)
- Renamed Amass
attributes.name
toattributes.hostname
@Ilyesbdlala (#1605)
🚓 Security Scanner
- Added new DNS Scanner: Doggo @rseedorff (#1446)
- Remove AngularCSTI Scanner Integration @J12934 (#1649)
- Added optional
identified at
parameter to findings @Ilyesbdlala (#1434) - Added
zap-advanced
configuration option to change reportType @rseedorff (#1632) - Upgraded amass from v3.21.2 to v3.22.2 @secureCodeBoxBot (#1634, #1641, #1652)
- Upgraded ffuf from v1.5.0 to v2.0.0 @secureCodeBoxBot (#1579)
- Upgraded gitleaks from v8.15.2 to v8.16.2 @secureCodeBoxBot (#1559, #1614, #1615, #1643, #1665)
- Upgraded kubeaudit from 0.21.0 to 0.22.0 @secureCodeBoxBot (#1654)
- Upgraded nuclei from v2.8.3 to v2.9.1 @secureCodeBoxBot (#1527, #1544, #1561, #1590, #1648, #1671)
- Upgraded semgrep from 1.1.0 to 1.17.1 @secureCodeBoxBot (#1517, #1591, #1596, #1602, #1612, #1616, #1646, #1667, #1675, #1677, #1518, #1545, #1558, #1565, #1569, #1578, #1583)
- Upgraded sslyze from 5.0.6 to 5.1.3 @secureCodeBoxBot (#1555, #1637, #1670)
- Upgraded trivy from 0.35.0 to 0.39.1 @secureCodeBoxBot (#1546, #1572, #1587, #1599, #1617, #1622, #1636, #1644, #1668, #1681)
- Upgraded typo3scan from v1.1.1 to v1.1.2 @secureCodeBoxBot (#1653)
⚓️ Hooks
- Add Apikey in generic webhook @srburton (#1526)
- Make userid optional for defectdojo @the-simmon (#1412)
🐛 Bug Fixes
- Renames the hook.image.repository of update-field hook @Ilyesbdlala (#1685)
- Improve Nmap Parser to handle multiple / ipv6 addresses and verbose output @J12934 (#1679)
- Fixed Generic WebHook API Key not working correctly @Ilyesbdlala (#1673)
- Updated snapshot of typo3scan after upgrade @Ilyesbdlala (#1655)
- Added a check for empty Trivy
.Results
@Ilyesbdlala (#1640) - Fix the link in ADR-0017 in order to fix the Netlify build @Ilyesbdlala (#1631)
- Includes minio authentication in operator makefile @Ilyesbdlala (#1577)
- Adds error handling to remote version fetching for the scb-bot @Ilyesbdlala (#1509)
📚 Documentation
- Add Upgrading Notes for Nuclei Findings @J12934 (#1502)
- Added/fixed missing scantypes @rseedorff (#1628)
- Change ADR-0007 State to DRAFT @Weltraumschaf (#1548)
- Enforced the use of the node version in .nvmrc @Ilyesbdlala (#1645)
- Fix that ADR 17 Breaks Documentation @Weltraumschaf (#1580)
- One failing matrix job no longer stops other version compare jobs @Ilyesbdlala (#1570)
- Remove codeclimate from contributing docs @Weltraumschaf (#1464)
- Removed unnecessary dependencies @Ilyesbdlala (#1690)
- Removed unnecessary intializing of scannerVersions in scanner Dockerfiles @Ilyesbdlala (#1625)
- The DRAFT status does not have a link, only the SUPERSEDES does @Weltraumschaf (#1638)
- Multiple minor fixes @rseedorff (#1627)
📌 Dependencies
- Bump cacheable-request and @kubernetes/client-node in /hooks/cascading-scans/hook @dependabot (#1593, #1594, #1595, #1592)
- Bump github.com/emicklei/go-restful to 2.16.0+incompatible @dependabot (#1584, #1585, #1586)
- Bump golang.org/x/crypto to 0.1.0 @dependabot (#1620)
- Bump golang.org/x/net 0.7.0 @dependabot (#1618, #1621, #1619)
- Bump golang.org/x/text 0.3.8 @dependabot (#1609, #1608, #1611)
- Bump http-cache-semantics from 4.1.0 to 4.1.1 @dependabot (#1575, #1576, #1573, #1574)
- Bump json5 to 2.2.3 @dependabot (#1531, #1533, #1535, #1534, #1536, #1537, #1538, #1532, #1530, #1539, #1540, #1543)
- Bump luxon from 2.0.2 to 2.5.2 in /hooks/persistence-elastic/hook @dependabot (#1542, #1688, #1686, #1682)
- Upgrade @kubernetes/client-node from 0.17.1 to 0.18.1 @snyk-bot (#1550, #1529, #1547, #1597, #1589, #1604)
- Upgrade ajv from 8.11.2 to 8.12.0 @snyk-bot (#1560)
- Upgrade axios from 1.1.2 to 1.3.4 @snyk-bot (#1524)
- Upgrade axios from 1.1.2 to 1.2.0 @snyk-bot (#1523, #1508, #1556, #1562, #1564, #1582, #1588, #1606, #1601, #1603, #1610, #1635, #1623, #1624, #1630, #1633, #1650, #1647, #1651)
- Upgrade ws from 8.11.0 to 8.13.0 @snyk-bot (#1566, #1568, #1669, #1672)
- Upgrading jest to 29.3.1 @Ilyesbdlala (#1567)
Distribution
Contributors
Thanks to all our contributors supporting this project 🤗
@Ilyesbdlala, @J12934, @Weltraumschaf, @fphoer, @malexmave, @srburton, @the-simmon and @rseedorff