Changes
This is the first alpha release for secureCodeBox 4.6.0.
If everything goes smoothly the proper 4.6.0 release should follow this soon.
This release contains the following changes ๐. Help spread the word or leave a GitHub star if you like it ๐
๐ Deprecations
- Deprecated
zapandzap-advancedScanTypes in favor of the now standalonezap-automation-frameworkScanType.
The Zap Automation Framework has now been around for a while and supports all features of the zap advanced tool.
This drastically reduces the amount of maintenance we have to do to support zap-advanced while allowing users to the official ZAP documentation regarding the ZAP Automation Framework.
zapandzap-advancedwill still be around for future 4.x releases but will be removed with the 5.x release.
For more information and guidance on how to migrate to thezap-automation-frameworksee: Migration to ZAP Automation Framework
@Ilyesbdlala (#2387) - With 4.6.0, the recommended installation method of the secureCodeBox Helm Charts is by using the OCI registry charts.
These charts are published to the GitHub Container registry, which will allow us to decommission our self-hostedcharts.securecodebox.ioregistry in the future. With 4.6.0, the installation instructions for all components in the secureCodeBox documentation have been changed to use the OCI helm registry.
The oldcharts.securecodebox.ioregistry will be shut down at the end of the year.
All remaining 4.x releases will be published to both the old and new registry.
Users are advised to migrate to the OCI helm charts right away.
For more information and guidance on how to migrate see Blog Post: Migrating our Helm Charts to OCI registries
@Ilyesbdlala & @J12934 (#2108, #2541, #2543)
๐ Features
- Added an experimental Command Line Client
scbctl. Currently, thescbctlsupports easily starting a new scan via a single command. @Freedisch (#2514) - Added new standalone zap-automation-framework scan. See the related point in the deprecations section. @Ilyesbdlala (#2387)
๐ Security Scanner
- Upgraded gitleaks from v8.18.2 to v8.18.4 @secureCodeBoxBot (#2522, #2502)
- Upgraded nuclei from v3.1.10 to v3.2.9 @secureCodeBoxBot (#2526, #2497, #2477, #2472, #2425, #2378, #2367)
- Upgraded semgrep from 1.65.0 to 1.77.0 @secureCodeBoxBot (#2537, #2529, #2506, #2496, #2488, #2482, #2474, #2470, #2453, #2424, #2408, #2405, #2400, #2388)
- Upgraded trivy from 0.49.1 to 0.52.2 @secureCodeBoxBot (#2518, #2510, #2469, #2464, #2406, #2385)
- Upgraded zap from 2.14.0 to 2.15.0 @secureCodeBoxBot (#2481)
- Changed ZAP Documentation from OWASP to Software Security Project @Reet00 (#2447)
- Upgraded nmap from 7.93-r1 to 7.95-r0 @J12934 (#2544)
๐ Bug Fixes
- Fixed mapping of Trivy ScanTypes to DefectDojo to use native DefectDojo Trivy imports for findings @Ilyesbdlala (#2390)
๐งช Test
- Slightly refactored
scbctlcode setup to avoid issues with flags during testing @J12934 (#2533) - Moved helpers.js to tests/integration @Ilyesbdlala (#2452)
๐ Documentation
- Changed ZAP documentation from OWASP to Software Security Project @Reet00 (#2447)
- Replaced Helm install instructions to use our OCI-based Helm Charts @J12934 (#2541)
- Added blog post from ลukasz Mieczkowski @Weltraumschaf (#2467)
- Added an old talk from Sven held at VKSI @Weltraumschaf (#2519)
- Added interview w/ RadioTux @Weltraumschaf (#2473)
- Removed mega outdated screenshot @Weltraumschaf (#2458)
- Minor documentation enhancements @tbrixen (#2399)
- Added an overview picture of our contributors to the README @Weltraumschaf (#2418)
- Fixed some links @Weltraumschaf (#2468)
๐ง Maintenance
- Upgraded to latest Kubebuilder (v4) and Go (1.22) @J12934 (#2542)
- Upgraded Node.js versions to 22 @J12934 (#2539)
- Dependabot bundles PRs @Ilyesbdlala (#2448)
- Fixed Kubernetes client-java being upgraded to legacy version @Ilyesbdlala (#2456)
- Pinned setup-envtest version @Ilyesbdlala (#2401)
- Removed ESLint and related packages as dependencies @Ilyesbdlala (#2454)
๐ Dependencies
Minor dependency updates (50 pull requests). Click to expand.
- Update NPM Deps @Ilyesbdlala (#2449)
- Bump docker/build-push-action from 5 to 6 in /.github/workflows in the github-actions-version-updates group @dependabot (#2534)
- Bump the npm-version-updates group with 2 updates @dependabot (#2535)
- Bump ws from 8.14.2 to 8.17.1 in the npm-security-updates group @dependabot (#2531)
- Bump ws from 7.5.9 to 7.5.10 in /documentation @dependabot (#2532)
- Bump urllib3 from 1.26.18 to 1.26.19 in /auto-discovery/kubernetes/pull-secret-extractor @dependabot (#2528)
- Bump mikefarah/yq from 4.44.1 to 4.44.2 in /.github/workflows in the github-actions-version-updates group @dependabot (#2524)
- Bump the npm-version-updates group with 2 updates @dependabot (#2525)
- Bump braces from 3.0.2 to 3.0.3 in /hooks @dependabot (#2515)
- Bump requests from 2.31.0 to 2.32.0 in /auto-discovery/kubernetes/pull-secret-extractor @dependabot (#2493)
- Bump braces from 3.0.2 to 3.0.3 in /documentation @dependabot (#2513)
- Bump braces from 3.0.2 to 3.0.3 in /auto-discovery/kubernetes/pull-secret-extractor/integration-test @dependabot (#2512)
- Bump braces from 3.0.2 to 3.0.3 in the npm-security-updates group @dependabot (#2511)
- Bump the npm-version-updates group with 2 updates @dependabot (#2507)
- Bump the npm-version-updates group with 3 updates @dependabot (#2505)
- Bump ts-jest from 29.1.2 to 29.1.3 in the npm-version-updates group @dependabot (#2495)
- Bump @types/node from 20.12.11 to 20.12.12 in the npm-version-updates group @dependabot (#2492)
- Bump @types/node from 20.12.8 to 20.12.11 in the npm-version-updates group @dependabot (#2486)
- Bump mikefarah/yq from 4.43.1 to 4.44.1 in /.github/workflows in the github-actions-version-updates group @dependabot (#2484)
- Bump the npm-version-updates group with 2 updates @dependabot (#2478)
- Bump golang.org/x/net from 0.17.0 to 0.23.0 in /operator @dependabot (#2463)
- Bump golang.org/x/net from 0.17.0 to 0.23.0 in /auto-discovery/cloud-aws @dependabot (#2461)
- Bump golang.org/x/net from 0.17.0 to 0.23.0 in /auto-discovery/kubernetes @dependabot (#2460)
- Bump the npm-version-updates group with 8 updates @dependabot (#2457)
- Bump the gradle-version-updates group in /hooks/persistence-defectdojo/hook with 4 updates @dependabot (#2450)
- Bump idna from 3.4 to 3.7 in /auto-discovery/kubernetes/pull-secret-extractor @dependabot (#2435)
- Update docusaurus @Weltraumschaf (#2416)
- Bump @types/node from 20.12.2 to 20.12.5 in /documentation @dependabot (#2421)
- Bump org.sonarqube from 4.4.1.3373 to 5.0.0.4638 in /hooks/persistence-defectdojo/hook @dependabot (#2410)
- Bump @docusaurus/types from 3.1.1 to 3.2.0 in /documentation @dependabot (#2413)
- Bump @types/node from 20.11.30 to 20.12.2 in /documentation @dependabot (#2414)
- Bump express from 4.18.2 to 4.19.2 in /documentation @dependabot (#2404)
- Bump @types/react from 18.2.66 to 18.2.71 in /documentation @dependabot (#2403)
- Bump typescript from 5.4.2 to 5.4.3 in /documentation @dependabot (#2395)
- Bump @types/node from 20.11.28 to 20.11.30 in /documentation @dependabot (#2397)
- Bump mikefarah/yq from 4.42.1 to 4.43.1 in /.github/workflows @dependabot (#2398)
- Bump webpack-dev-middleware from 5.3.3 to 5.3.4 in /documentation @dependabot (#2392)
- Bump follow-redirects from 1.15.5 to 1.15.6 in /documentation @dependabot (#2373)
- Bump com.fasterxml.jackson.core:jackson-core from 2.16.2 to 2.17.0 in /hooks/persistence-defectdojo/hook @dependabot (#2381)
- Bump com.fasterxml.jackson.core:jackson-databind from 2.16.2 to 2.17.0 in /hooks/persistence-defectdojo/hook @dependabot (#2383)
- Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.16.2 to 2.17.0 in /hooks/persistence-defectdojo/hook @dependabot (#2379)
- Bump com.fasterxml.jackson.core:jackson-annotations from 2.16.2 to 2.17.0 in /hooks/persistence-defectdojo/hook @dependabot (#2382)
- Bump @types/react from 18.2.64 to 18.2.66 in /documentation @dependabot (#2376)
- Bump @types/node from 20.11.24 to 20.11.28 in /documentation @dependabot (#2377)
- Bump eslint-plugin-react from 7.34.0 to 7.34.1 in /documentation @dependabot (#2374)
- Bump sass from 1.71.1 to 1.72.0 in /documentation @dependabot (#2375)
- Bump follow-redirects from 1.15.5 to 1.15.6 in /hooks/generic-webhook/hook @dependabot (#2372)
- Bump follow-redirects from 1.15.5 to 1.15.6 in /hooks @dependabot (#2371)
- Bump follow-redirects from 1.15.5 to 1.15.6 in /hooks/notification/hook @dependabot (#2370)
- Bump follow-redirects from 1.15.5 to 1.15.6 in /parser-sdk/nodejs @dependabot (#2369)
- Bump follow-redirects from 1.15.5 to 1.15.6 in /hook-sdk/nodejs @dependabot (#2368)
Distribution
Contributors
Thanks to all our contributors supporting this project ๐ค
@Freedisch, @Ilyesbdlala, @J12934, @Reet00, @Weltraumschaf and @tbrixen