github Checkmarx/kics v2.1.14
on GitHub

14 hours ago

What's Changed

  • fix(query): fixed false negative for "App Service Authentication Disabled" query missing resources by @cx-ricardo-jesus in #7591
  • fix(query): fn for security_group_with_unrestricted_access_to_ssh - terraform/aws by @cx-andre-pereira in #7568
  • fix(bicep): remove references to Bicep as a platform by @cx-artur-ribeiro in #7637
  • fix(query): fixed FN for the missing resources on "App Service HTTP2 Disabled" query by @cx-ricardo-jesus in #7592
  • feat(query): added new query: ElasticSearch Without Audit Logs - cloudFormation/aws by @cx-andre-pereira in #7565
  • test(query): added extra tests to "Security Group Not Used" query for terraform/aws by @cx-ricardo-jesus in #7641
  • test(query): new test for cloudwatch metrics disabled by @cx-andre-pereira in #7640
  • feat(query): implements "iam policy allows for data exfiltration" - terraform/aws & cloudformation/aws by @cx-andre-pereira in #7631
  • fix(query): fp for Media Type Object Without Schema -- OpenAPI/3.0 by @cx-andre-pereira in #7621
  • feat(query): implements ecr_repository_not_encrypted_with_CMK for cloudformation by @cx-andre-pereira in #7633
  • feat(query): implements Redshift_Cluster_Without_VPC--cloudformation/aws by @cx-andre-pereira in #7617
  • feat(query): new query - "EKS Cluster Encryption Disabled" query implemented for CloudFormation platform by @cx-ricardo-jesus in #7616
  • feat(query): lambda function without dead letter queue query implemented for Terraform/aws by @cx-ricardo-jesus in #7620
  • fix(query): fn for S3 Bucket Allows Public Policy by @cx-ricardo-jesus in #7603
  • feat(queries): new queries ECS Services assigned with public IP address for Ansible/aws, Terraform/aws and CloudFormation/AWS by @cx-ricardo-jesus in #7619
  • feat(queries): new queries "Instance Uses Metadata Service IMDSv1" for Terraform/aws, Ansible/aws and CloudFormation/AWS by @cx-ricardo-jesus in #7624
  • feat(query): elasticsearch domain encryption should be enabled node to node query implementation for CloudFormation/AWS by @cx-ricardo-jesus in #7627
  • fix(query): web app not using TLS last version query requires minimum TLS version 1.3 by @cx-ricardo-jesus in #7628
  • fix(githubaction): adds git pull to docs release action by @cx-monica-casanova in #7650
  • feat(query): implementation of DAX_Cluster_Not_Encrypted for CloudFormation/aws by @cx-andre-pereira in #7599
  • fix(query): fn for Trusted Microsoft Services Not Enabled - ARM by @cx-andre-pereira in #7587
  • fix(query): fn for SQL Server Database With Alerts Disabled - ARM - terraform/azure by @cx-andre-pereira in #7584
  • feat(query): implements "aws eip not attached to any ec2 instance" for terraform/aws by @cx-andre-pereira in #7596
  • fix(query): fn for IAM_Policies_With_Full_Privileges -- terraform/aws by @cx-andre-pereira in #7601
  • feat(query): new query - S3_Bucket_Notifications_Disabled for terraform/aws by @cx-andre-pereira in #7602
  • fix(query): fp for Storage Share File Allows All ACL Permissions by @cx-andre-pereira in #7612
  • feat(query): implements Neptune_Logging_Is_Disabled--cloudformation/aws by @cx-andre-pereira in #7614
  • feat(test): add support for folder-based query test cases by @cx-romeu-silva in #7647
  • fix(query): fp for passwords and secrets generic password by @cx-andre-pereira in #7625
  • fix(docs): exclude folder-based query test cases from the query documentation by @cx-romeu-silva in #7657
  • feat(query): implements ELBv2_LB_Access_Log_Disabled--terraform/aws by @cx-andre-pereira in #7594
  • fix(vuln): update go-getter to fix vulnerability by @cx-artur-ribeiro in #7659
  • fix(query): fn for passwords and secrets json files by @cx-andre-pereira in #7632
  • feat(queries): tags not copied to rds cluster snapshot query implementation for terraform/aws and CloudFormation/aws by @cx-ricardo-jesus in #7655
  • feat(query): implements Postgres_RDS_Logging_Disabled--terraform/aws by @cx-andre-pereira in #7615
  • fix(queries): launch configuration is not encrypted resources missing support by @cx-ricardo-jesus in #7649
  • fix(query): fp for passwords and secrets - generic secret by @cx-ricardo-jesus in #7656
  • fix(query): fixed query "s3 bucket with public policy" by @cx-ricardo-jesus in #7661
  • feat(query): new "ElasticSearch Without Es Application Logs" query to replace old logs query--cloudformation/aws by @cx-andre-pereira in #7645
  • test(query): add missing test case for S3 Bucket Allows Public Policy by @cx-romeu-silva in #7664
  • feat(query): new query - Secretmanager Secret Without KMS for CloudFormation/aws by @cx-ricardo-jesus in #7607
  • test(query): new tests for Redshift Cluster Without VPC by @cx-andre-pereira in #7665
  • test(query): fixed negative tests for "Storage Share File Allows All ACL Permissions" - terraform/azure by @cx-andre-pereira in #7660
  • fix(mapstructure): update mapstructure from version 2.3.0 to 2.4.0 to fix vulnerabilities by @cx-artur-ribeiro in #7671
  • fix(query): fixed fn for "SQL Server Database With Unrecommended Retention Days" query by @cx-ricardo-jesus in #7670
  • feat(queries): query IAM DB Cluster Auth Not Enabled implemented for terraform/aws and cloudFormation/aws by @cx-ricardo-jesus in #7667
  • test(query): missing tests for s3_bucket_notifications_disabled by @cx-andre-pereira in #7672
  • fix(query): fn for EFS volume with disabled transit encryption--cloudformation/aws by @cx-andre-pereira in #7586
  • test(query): tests and typo fix for ELBv2_LB_Access_Log_Disabled--terraform/aws by @cx-andre-pereira in #7674
  • fix(query): media type object without schema -- OpenAPI 3.0 by @cx-andre-pereira in #7668
  • fix(query): added module support for "iam_db_cluster_auth_not_enabled" query by @cx-ricardo-jesus in #7675
  • fix(test): changed iam_database_authentication_field value from true to false on the sample negative5.tf by @cx-ricardo-jesus in #7677
  • fix(query): added support for a new case in "elasticsearch domain not encrypted" query by @cx-ricardo-jesus in #7680
  • test(query): mini fix for negative7 test on query elastic_search_without_audit_logs - coudformation/aws by @cx-andre-pereira in #7689
  • fix(query): used isCloudFormationTrue helper function on elasticsearch domain not encrypted node to node by @cx-ricardo-jesus in #7695
  • test(query): two missing tests for postgres rds logging disabled -- terraform/aws by @cx-andre-pereira in #7685
  • test(query): added two more samples to "App Service HTTP2 Disabled" query by @cx-ricardo-jesus in #7681
  • fix(queries): added samples and searchLines on ecs services assigned with public ip address query for Terraform, Ansible and CloudFormation by @cx-ricardo-jesus in #7693
  • fix(query): fixed query block device is not encrypted to support changes on the last version of the modules by @cx-ricardo-jesus in #7686
  • fix(query): fixed searchLine and added new test case for web app not using tls last version query for azureResourceManager by @cx-ricardo-jesus in #7690
  • fix(query): added suport for modules and more test samples for tags not copied to rds cluster snapshot query for terraform by @cx-ricardo-jesus in #7691
  • fix(query): trusted microsoft services not enabled and new tests - ARM by @cx-andre-pereira in #7703
  • test(query): new tests and minor fixes for IAM_Policies_With_Full_Privileges -- terraform/aws by @cx-andre-pereira in #7702
  • fix(query): removed unnecessary else on get_children helper function from sql server database with unrecommended retention days query by @cx-ricardo-jesus in #7705
  • update(query): update description text for dockerfile missing user instruction query by @cx-artur-ribeiro in #7704
  • fix(query): fixed typo and added the field assign_public_ip to ecs services assigned with public ip address by @cx-ricardo-jesus in #7707
  • fix(queries): added suport modules/resources on instance uses metadata service IMDSv1 query for Terraform, CloudFormation and Ansible implementations by @cx-ricardo-jesus in #7688
  • fix(test): fixed indentation on a test case for instance uses metadata service imdsv1 query for CloudFormation platform by @cx-ricardo-jesus in #7711
  • fix(query): removed "slowquery" from Neptune Logging is Disabled - Cloudformation/aws by @cx-andre-pereira in #7700
  • fix(query): extra check for ecr_repository_not_encrypted_with_CMK - cloudformation/aws by @cx-andre-pereira in #7701
  • test(query): new negative tests for Media Type Object Without Schema by @cx-andre-pereira in #7709
  • fix(query): added support for modules and added searchLine for lambda functions without letter queue for Terraform/aws by @cx-ricardo-jesus in #7712
  • fix(query): missing support for resource in SQL Server Database With Alerts Disabled - ARM by @cx-andre-pereira in #7714
  • test(query): added test cases and simplified the query app service authentication disabled for terraform/azure by @cx-ricardo-jesus in #7715
  • fix(vulnerability): update helm from v3.18.5 to v3.19.0 by @cx-rui-araujo in #7718
  • fix(query): fn for remote desktop port open to internet and other "security group" associated queries --terraform/aws--cloudformation/aws by @cx-andre-pereira in #7646
  • test(query): better negative testing for "Unknown Port Exposed To Internet" - terraform/aws by @cx-andre-pereira in #7725
  • test(query): fix for positive4 test to "Unknown Port Exposed To Internet" query by @cx-andre-pereira in #7726
  • test(query): couple new tests for "AWS EIP not attached to any instance" - terraform/aws by @cx-andre-pereira in #7717
  • test(query): better testing for security group rules without description by @cx-andre-pereira in #7729
  • fix(vulnerability): update viper version to 1.21.0 by @cx-artur-ribeiro in #7730
  • test(query): test improvement for the "sensitive port" terraform queries by @cx-andre-pereira in #7731
  • test(query): added new case for the several resources covered on the queries for terraform/aws by @cx-ricardo-jesus in #7734
  • refactor(similarityId): adapt engine similarity ID transition mechanism and fix known kubernetes problematic queries by @cx-miguel-silva in #7583
  • fix(query): added support for 'data' aws_iam_policy_document and module by @cx-andre-pereira in #7727
  • docs(queries): update queries catalog by @kicsbot in #7644
  • docs(kicsbot): preparing for release 2.1.14 by @kicsbot in #7735

Full Changelog: v2.1.13...v2.1.14

Check out latest releases or
releases around Checkmarx/kics v2.1.14

Don't miss a new kics release

NewReleases is sending notifications on new releases.

Get notifications