github cartography-cncf/cartography 0.137.0
on GitHub

5 hours ago

What's Changed

  • fix(gcp): persist Artifact Registry image platform by @kunaals in #2740
  • fix(gcp): retry transient Vertex AI GAPIC errors by @kunaals in #2741
  • fix(gcp): retry transient Cloud Run list failures by @kunaals in #2742
  • fix(ci): poll PyPI install path before docker build by @jychp in #2746
  • perf(sync): defer provider SDK loading until a stage runs by @jychp in #2747
  • fix(azure): skip transient data factory failures by @kunaals in #2748
  • fix(gcp): Refactor GCP Artifact Registry image modeling by @kunaals in #2743
  • feat(ontology): add AIModel semantic label across AI/ML model nodes by @jychp in #2750
  • fix(gcp): resolve Cloud Run service image digests by @kunaals in #2751
  • fix(kubernetes): skip unsupported EKS access entries by @kunaals in #2753
  • docs(github): clarify image provenance relationship by @kunaals in #2754
  • feat(ontology): enforce ontology relationship constraints by @jychp in #2738
  • feat(azure): add Application Gateway intel module by @jychp in #2749
  • refactor: enforce naming and sub_resource conventions in graph models by @jychp in #2737
  • feat(azure): model VM NSG rules and SQL Server firewall rules by @jychp in #2756
  • fix(gitlab): ingest dependency artifacts by job id by @kunaals in #2757
  • feat(rules): expand CIS benchmark coverage for GCP, Google Workspace, and Kubernetes by @jychp in #2755
  • feat(semgrep): Support for OSS Semgrep SAST Findings by @shyammukund in #2716
  • docs(tests): add local agent guidance by @kunaals in #2769
  • fix(gcp): preserve current GAR images during cleanup by @kunaals in #2767
  • feat(ontology): add device ownership links and graph indexes by @jychp in #2759
  • feat(gcp): derive Artifact Registry provenance from SBOMs by @kunaals in #2745
  • feat(rules): close AWS / GCP / Azure coverage gap on standalone rules by @jychp in #2761
  • fix(gcp): reduce policy binding write pressure by @kunaals in #2773
  • feat(gcp): derive GAR parent image lineage by @kunaals in #2774
  • fix(docs): pull request template linter command by @achantavy in #2771
  • Dependabot alerts by @ryan-lane in #2768
  • docs: Add test structure guidelines to AGENTS.md by @achantavy in #2775
  • chore: bump the minor-and-patch group with 7 updates by @dependabot[bot] in #2779
  • chore: bump microsoft-kiota-http from 1.9.8 to 1.9.9 by @dependabot[bot] in #2778
  • chore: bump github/codeql-action from 4.35.2 to 4.35.3 in the minor-and-patch group by @dependabot[bot] in #2777
  • fix: bump docker-compose Neo4j image to 5-community by @jychp in #2781
  • feat(rules): add serverless_workload_exposed multi-cloud rule by @jychp in #2782
  • docs(skills): add audit-frameworks skill for rules audits by @jychp in #2787
  • feat(ontology): add blockstorage, identityproviders, cicdpipelines categories by @jychp in #2776
  • fix(gcp): scope inherited policy binding writes by @kunaals in #2784
  • chore: bump urllib3 from 2.6.3 to 2.7.0 by @dependabot[bot] in #2792
  • feat(semgrep): link findings and dependencies to GitLabProject by @jychp in #2796
  • fix(analysis): MERGE before DELETE-stale to remove read window in 10 analysis jobs by @jychp in #2797
  • feat(aws): add ALB mTLS properties to ELBV2Listener by @jychp in #2793
  • feat(gitlab): map GitLabDependency to packages ontology by @jychp in #2795
  • feat(guardduty): Persist Service Action API fields on AWSGuardDutyFindings by @shyammukund in #2788
  • feat(rules): add Mini Shai-Hulud (May 2026) wave to npm dependency rule by @jychp in #2800
  • perf: index frequently filtered model properties, map GCPServiceAccountKey to apikeys ontology by @jychp in #2803
  • feat(rules): expand ISO 27001 coverage by @jychp in #2786
  • fix(rules): correct invalid Cypher syntax in CIS GCP rules by @jychp in #2807
  • feat(gcp): migrate HttpError handling in compute and init to canonical classifier by @Denyme24 in #2530
  • feat(GitHub): Add support for GitHub repository rulesets by @deidaraiorek in #2163
  • feat(gcp): add Workload Identity Federation pool and provider nodes by @jychp in #2799
  • fix(rules): reduce false positives in top-volume security rules by @jychp in #2802
  • chore: bump github/codeql-action from 4.35.3 to 4.35.4 in the minor-and-patch group by @dependabot[bot] in #2815
  • feat(github): ingest personal access token metadata by @kunaals in #2811
  • chore: bump the minor-and-patch group with 12 updates by @dependabot[bot] in #2816
  • chore: bump types-requests from 2.33.0.20260408 to 2.33.0.20260508 by @dependabot[bot] in #2818
  • feat(github): map GitHubContainerImage into Image ontology and wire HAS_IMAGE from workloads by @jychp in #2809
  • chore: bump types-pyyaml from 6.0.12.20260408 to 6.0.12.20260508 by @dependabot[bot] in #2817
  • chore: bump python from a0779d7 to dc1546e by @dependabot[bot] in #2814
  • feat(rules): normalize Kubernetes control-plane exposure and add multi-cloud rule by @jychp in #2794
  • fix(rules): five false-positive filters across rules by @jychp in #2808
  • fix(entra): skip deleted service principals during appRoleAssignedTo fetch by @jychp in #2812
  • feat: downgrade noisy log lines and extend ontology / rule coverage by @jychp in #2813
  • feat(ontology): project _ont_has_mfa and _ont_active on AWSUser by @jychp in #2819
  • Add ingress-nginx retirement coverage to EOL software rule by @kunaals in #2820
  • chore: bump idna from 3.11 to 3.15 by @dependabot[bot] in #2824
  • feat(AWS): Add AWS Organizations support by @kunaals in #2780
  • fix(rules): skip archived GitHub repos + reorder Finding fields for display name by @jychp in #2827
  • fix(aws): skip org cleanup when account state is unavailable by @kunaals in #2828
  • feat(guardduty): link AccessKey findings to affected IAM principals by @jychp in #2835
  • feat(ontology): project _ont_enabled on EntraApplication by @jychp in #2821
  • feat(gcp): close ontology projection gaps for GCP by @jychp in #2822
  • feat(aws): add CAN_PASSROLE permission relationship by @jychp in #2833
  • chore: bump python from 3.13-slim to 3.13.13-slim by @dependabot[bot] in #2832
  • chore: bump the minor-and-patch group with 2 updates by @dependabot[bot] in #2834
  • fix(rules): reduce k8s service account token noise by @kunaals in #2801
  • fix(gcp): attempt CAI policy bindings directly by @kunaals in #2805
  • feat(aibom): Support AIBOM 1.0.0rc4 ingestion by @shyammukund in #2825
  • fix(cve): standardize CVE-labeled node properties by @ryan-lane in #2837
  • fix: index hot transition properties, k8s verb fact types, and GitHub PAT ontology mapping by @jychp in #2841
  • perf(graph): add MatchLink Cartesian product loader by @kunaals in #2838
  • perf(gcp): bulk load BigQuery table permissions by @kunaals in #2840
  • feat(tailscale): authenticate via OAuth client by @rajsinghtech in #2764
  • chore: bump the minor-and-patch group with 13 updates by @dependabot[bot] in #2847
  • fix(ontology): skip RANGE index on unbounded semantic-label fields by @jychp in #2845
  • chore: bump types-pyyaml from 6.0.12.20260508 to 6.0.12.20260518 by @dependabot[bot] in #2851
  • chore: bump types-requests from 2.33.0.20260508 to 2.33.0.20260518 by @dependabot[bot] in #2849
  • chore: bump the minor-and-patch group with 6 updates by @dependabot[bot] in #2846
  • fix(rules): coerce S3 mfa_delete to bool in cis_aws_3_1_2 to avoid Pydantic crash by @jychp in #2852
  • fix(microsoft): restart expired Graph pagination by @kunaals in #2853
  • fix(ontology): drop deprecated ont indexes from pre-opt-out graphs by @jychp in #2855
  • fix(okta): retry non-json group member errors by @kunaals in #2854
  • feat(sentinelone): ingest agent IP addresses by @kunaals in #2858

New Contributors

Full Changelog: 0.136.0...0.137.0

Check out latest releases or
releases around cartography-cncf/cartography 0.137.0

Don't miss a new cartography release

NewReleases is sending notifications on new releases.

Get notifications