v4.1.0-alpha.4
This release contains is a alpha release for the upcoming 4.1.0 release. ๐
If everything goes well, the actual 4.1.0 will follow a couple of hours later.
Help spread the word or leave a GitHub star if you like it ๐
๐ Features
- Add trivy-k8s scan support (closes #1411) @fbelter-iteratec (#1694)
- Added a concurrency policy option for scheduledScan CRD @Ilyesbdlala (#1749)
- Added a crontab configuration option to scheduledScans @Ilyesbdlala (#1722)
- Allow to configure env and volumes in hooks @Zero3141 (#1881)
- Allowed Specifying Labels for Pods of Scans @Ilyesbdlala (#1899)
- DefectDojo Hook: Allow setting minimum severity on Import (closes #1700 ) @ManuelNeuer (#1775)
- Enable client/server mode for trivy by default to cache the vulnerability DB (closes #911) @o1oo11oo (#1760)
- Hardcode debian version in screenshooter Dockerfile @Zero3141 (#1829)
- Remove deprecated userId attribute for DefectDojo Hook @Zero3141 (#1861)
- Update JuiceShop Helm chart to use modern Ingress resource @maze88 (#1882)
๐ Security Scanner
- Upgraded amass from v3.23.2 to v4.2.0 @Ilyesbdlala, @secureCodeBoxBot (#1773, #1821, #1825)
- Upgraded doggo from v0.5.5 to v0.5.7 @secureCodeBoxBot (#1824, #1955)
- Upgraded ffuf from v2.0.0 to v2.1.0 @secureCodeBoxBot (#1968)
- Upgraded gitleaks from v8.16.3 to v8.18.0 @secureCodeBoxBot (#1753, #1768, #1873)
- Upgraded nmap from 7.92-r2 to 7.93-r1 @Zero3141 (#1960)
- Upgraded nuclei from v2.9.6 to v2.9.14 @secureCodeBoxBot (#1865, #1872, #1880, #1898, #1778, #1788, #1823, #1843)
- Upgraded semgrep from 1.24.1 to 1.41.0 @secureCodeBoxBot (#1761, #1764, #1777, #1784, #1794, #1822, #1840, #1844, #1863, #1879, #1890, #1940, #1962)
- Upgraded ssh-audit from v2.9.0 to v3.0.0 @secureCodeBoxBot (#1939)
- Upgraded sslyze from 5.1.3 to 5.2.0 @secureCodeBoxBot (#1983)
- Upgraded trivy from 0.42.0 to 0.45.1 @secureCodeBoxBot (#1757, #1785, #1793, #1846, #1859, #1888, #1966)
- Upgraded typo3scan from v1.1.2 to v1.1.3 @secureCodeBoxBot (#1771)
- Upgraded wpscan from v3.8.22 to v3.8.24 @secureCodeBoxBot (#1762)
- Upgraded zap from 2.12.0 to 2.13.0 @secureCodeBoxBot (#1810)
- Upgraded zap-advanced from 2.12.0 to 2.13.0 @secureCodeBoxBot (#1809)
๐ Bug Fixes
- Added sslyze parser check for successful ASN1 certificate parsing @Ilyesbdlala (#1856)
- Fix typo in trivy-rbac RoleBinding name @o1oo11oo (#1765)
- Fixed Bug ErrImagePull in SSH-audit parser @Reet00 (#1801)
- Implemented the failIfFoundUrlsLessThan and warnIfFoundUrlsLessthan settings in ZAP Advanced @Ilyesbdlala (#1791)
๐งช Test
- Remove skipped test against securecodebox.io @Zero3141 (#1875)
- Fixed the kind image used in zap-advanced tests @Ilyesbdlala (#1792)
- Fixes the tests of Trivy and adds a check for empty scanResults @Ilyesbdlala (#1787)
๐ Documentation
- Add Heiko Kiesel to contributors @Zero3141 (#1795)
- Add logo to helm docs and README @Zero3141 (#1866)
- Add recurring documentation issue @Zero3141 (#1956)
- Capitalize "Kubernetes" in scanner documentations @Zero3141 (#1831)
- Clarify documentation that scans and hooks/scanners must be deleted before the operator @Zero3141 (#1900)
- Clean up docs dir as prerequiste for monorepo @Weltraumschaf (#1892)
- Fix documentation findings @Zero3141 (#1878)
- Fix screenshooter documentation @Zero3141 (#1827)
- Fixed markdown typo for heading in ZAP documentation @sofi0071 (#1819)
- Improve issue templates @Zero3141 (#1874)
- Improve Kubeaudit documentation @Zero3141 (#1867)
- Improve ncrack documentation @Zero3141 (#1836)
- Improve Nikto examples @Zero3141 (#1868)
- Improve SSH examples @Zero3141 (#1869)
- Improve SSLyze examples @Zero3141 (#1870)
- Improve wpscan documentation @Zero3141 (#1871)
- Link ffuf GitHub repo in README @Zero3141 (#1876)
- Move documentation to main repository @Zero3141 (#1893)
- Publish SBOM blogpost part two @o1oo11oo (#1954)
- Replace sponsor image paths to documentation path @Zero3141 (#1950)
- Update filename and image of second SBOM blogpost @o1oo11oo (#1935)
- Warn about rate limits in trivy-k8s docs @o1oo11oo (#1855)
๐ง Maintenance
- Add note about resource limits for persistence-defectdojo hook @Ilyesbdlala (#1889)
- Added warning about amass enum not exiting correctly @Ilyesbdlala (#1895)
- Changed SCB-Bot to check all PRs for exisiting upgrade PRs @Ilyesbdlala (#1832)
- Explicitly install the tools kubectl/helm/kind in the CI @Ilyesbdlala (#1842)
- Fix failing build of DefectDojo persistance hook @Weltraumschaf (#1820)
- Improve issue templates @Zero3141 (#1874)
- Move dependabot configuration file to correct location @Zero3141 (#1937)
- Refresh Helm Docs Update CI @Zero3141 (#1862)
- Remove GitHub Actions warnings @Zero3141 (#1951)
- Remove skipped test against securecodebox.io @Zero3141 (#1875)
- Remove unused language versions (fixes #1945) @o1oo11oo (#1946)
- Removed Jest/npm/node Versions from Makefiles @Ilyesbdlala (#1789)
- Rename leftover lurcher to lurker @o1oo11oo (#1897)
- Rename leftover lurcher to lurker @o1oo11oo (#1897)
- Updated Elastic Stack from 7.9.2 to 7.17.3 @Ilyesbdlala (#1816)
- Updated megalinter and gpg import actions to avoid the use of
save-state
andset-output
@Ilyesbdlala (#1802) - Updated the templates/rbac of the operator @Ilyesbdlala (#1811)
- Upgrade node to latest LTS in templates @o1oo11oo (#1896)
- Upgrade node version to current LTS @o1oo11oo (#1853)
- Upgrade CI base images to latest LTS version i.e 22.04 @Ilyesbdlala (#1841)
- Used pinned versions instead of latest for all ci images @Ilyesbdlala (#1948)
๐ Dependencies
- Upgrade node version to current LTS @o1oo11oo (#1853)
- Upgrade node to latest LTS in templates @o1oo11oo (#1896)
- Upgrade to latest version of DefectDojo Client lib @Weltraumschaf (#1857)
- Upgrade eslint from 8.47.0 to 8.49.0 in /documentation @dependabot (#1941)
- Upgrade eslint-plugin-prettier from 3.4.1 to 5.0.0 in /documentation @dependabot (#1942)
- Upgrade gopkg.in/yaml.v3 from 3.0.0-20220512140231-539c8e751b99 to 3.0.0 @dependabot (#1885, #1883, #1884)
- Upgrade certifi from 2022.12.7 to 2023.7.22 in /auto-discovery/kubernetes/pull-secret-extractor @dependabot (#1834)
- Upgrade word-wrap from 1.2.3 to 1.2.4 @dependabot (#1817)
- Upgrade semver from 6.3.0 to 6.3.1 @Zero3141 & @dependabot (#1808, #1796, #1807)
- Upgrade ts-jest from 29.0.5 to 29.1.0 @rseedorff (#1782)
Distribution
Contributors
Thanks to all our contributors supporting this project ๐ค
@Ilyesbdlala, @J12934, @ManuelNeuer, @Reet00, @Weltraumschaf, @Zero3141, @fbelter-iteratec, @maze88, @o1oo11oo, @rseedorff, @secureCodeBoxBot, @snyk-bot, @sofi0071, Frank Belter and Vanessa Hermann