🚀 New features and improvements
feat(terraformer): added terraformer integration (#4686)
added 10 AWS SAM queries for CloudFormation
added 31 new queries (AWS SAM, Ansible, Cloudformation, Terraform, Google Deployment Manager)
feat(SAM): added support to AWS Serverless Application Model
feat(report): added ASFF report (#4684)
feat(parser): support of YAML alias (#4659)
feat(secrets inspector): consideration of kics-scan enable/disabled comment commands (#4654)
feat(cli): added chars limit on vulnerable line display (#4668)
feat(cli): added contribution appeal when the user includes external queries (#4669)
feat(bom): added SQS Queue Policy (#4619)
feat(bom): split encryption from accessibility (#4632)
🐛 Bug fixes
fix(yaml): ignore lines by comments (#4662)
fix(core): Fixed bug when trying to read encrypted zip file (#4639)
fix(parser): fixed KICS panic in getLastElementLine (#4651)
fix(detector): fixed KICS panic in getKeyWithCurlyBrackets (#4673)
fix(parser): fixed KICS panic in empty fifo value access (#4658)
fix: deleted extraction folder after KICS scan (#4638)
fix(bom): corrected get_accessibility for aws_bucket (#4664)
fix(query): deleting searchLine in "Resource Not Using Tags" for Terraform (#4618)
fix(query): updated "S3 Bucket Without Enabled MFA Delete" for Terraform (#4635)
fix(query): updated "CloudFront Without Minimum Protocol TLS 1.2" for Ansible, CloudFormation, and Terraform (#4636)
fix(query): refactored "DB Security Group Has Public IP" for Ansible, CloudFormation, and Terraform (#4665)
fix(report): added space between description and results in pdf report (#4637)
📦 Dependency updates bumps
ci(deps): bump golang from 1.17.5-alpine to 1.18beta1-alpine (#4670)
ci(deps): bump golang from 1.17.5-alpine to 1.17.6-alpine (#4674)
ci(deps): bump goreleaser/goreleaser-action from 2.8.0 to 2.8.1 (#4687)
ci(deps): bump docker/login-action from 1.10.0 to 1.12.0 (#4621)
ci(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#4702)
build(deps): bump github.com/rs/zerolog from 1.26.0 to 1.26.1 (#4681)
build(deps): bump github.com/tidwall/gjson from 1.11.0 to 1.13.0 (#4696)
build(deps): bump helm.sh/helm/v3 from 3.7.1 to 3.7.2 (#4680)
build(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.1 (#4679)
build(deps): forced 'github.com/containerd/containerd' version to v1.5.9 (#4671)
build(deps): bump github.com/getsentry/sentry-go from 0.11.0 to 0.12.0 (#4677)
build(deps): bump github.com/tdewolff/minify/v2 from 2.9.22 to 2.9.29 (#4678) (#4703)
build(deps): forced github.com/docker/cli version to v20.10.12+incompatible (#4666)
👻 Maintenance
update(docs): add example in docs for config setting exclude paths (#4624)
feat(queries): update terraform registry data on commons.json (#4629)
feat(docs): updated docs of azure pipelines integrations for old KICS versions (#4683)
update(secrets & passwords): add allow rule for mysql password hashes (#4627)
💔 Deprecation
Please be notified that KICS is deprecating the availability of binaries in the GitHub releases assets as of 1.5.0.
We intend to stop publishing the binaries along with KICS 1.5.2 (scheduled for Mid of February).
It is advised to update all systems (pipelines, integrations, etc.) to use KICS Docker Images.