Changes:
- Core
- Moved unit tests from nose to pytest & improved unit test coverage
- Migrated formatting from the 2.7+ versions to more native 3.x styles
- Bug fixes and improved error handling
- AWS
- Created a ruleset for AWS CIS version 1.2 (https://www.cisecurity.org/benchmark/amazon_web_services/)
- Can be run with the
--ruleset cis-1.2.0.jsonparameter - This included the addition of 23 new rules, most of which where added to the default ruleset
- Can be run with the
- Added support for
- CloudWatch Metric Filters
- DynamoDB
- VPC Peering Connections & Flow Logs (Subnet & VPC)
- Improved the report and processing for AWS resources
- Created a ruleset for AWS CIS version 1.2 (https://www.cisecurity.org/benchmark/amazon_web_services/)
- Azure
- Improved support for App Services web apps, including 5 new rules
- Improved NSG implementation, decreasing the report size by multiple orders of magnitude
- Added Azure Tags and Resource Groups to all resources
- GCP
- Added support for GKE, including 19 new rules
- Improved reporting for Compute Engine instances, networks, subnetworks and firewall rules
- Implemented exponential backoff to handle API quotas
Breaking change: support for Python 3.5 has been removed.