secureCodeBox/secureCodeBox v2.7.0

on GitHub

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

We have added a complete new ZAP-Advanced scanType which allows you to configure WebApplication Scans based on OWASP ZAP in deep with YAML files. This is useful for more complex authentication scenarios. Thx to our new first time contributers @luckolen @EndPositive for improving the CascadingRules a lot!

🚀 Features

• Make deduplicateOnEngagement configurable @J12934 (#436)
• Allow to Configure DefectDojo Test Titles via Scan Annotations @J12934 (#423)
• Added Email Notifier and Email Template To Notification Hook @fuhrmeistery (#386)
• Added a ⛑ HelmChart configuration value to disable the cascadingRules installation @twwd (#402)
• Allow wildcards in CascadingRules (closes #357) @luckolen (#374)
• Added the tunnel variable from the NMAP results to be used in CascadingRules. @luckolen (#369)

🚓 Security Scanner

• Added a new ZAP Advanced ScanType useful for more complex authentication scenarios @rseedorff (#371)
• Added the tunnel variable from the NMAP results to be used in CascadingRules. @luckolen (#369)
• Add "tcp://" prefix to kubehunter node locations @JohannesZahn (#433)
• Updating kubeaudit scanner to version v0.14.1 @rseedorff (#427)
• Updated trivy scanner to version v0.18.1 @rseedorff (#426)
• Updated trivy scanner to version v.0.18.2 @rseedorff (#435)
• Updated gitleaks scanner to version v7.5.0 @rseedorff (#428)

⚓️ Hooks

• Extend the Cascading-Scans Hook to generate custom labels or annotations for subsequent scans @EndPositive (#430)
• Allow wildcards in CascadingRules (closes #357) @luckolen (#374)
• Support DefectDojo Parsers that rely on file endings (e.g. Nikto JSON Parser and Generic JSON Parser) @JohannesZahn (#437)
• Bugfixed customTemplate Config of the new Notification Hook @J12934 (#387)
• Added a new template based notification hook (e.g for Slack) @fuhrmeistery (#338)

🐛 Bug Fixes

• Rename matchExpression to matchExpressions in cascading scans @EndPositive (#440)
• Add "tcp://" prefix to kubehunter node locations @JohannesZahn (#433)
• Bugfixed Crash in WPScan Parser When No Wordpress Version Got Identified @J12934 (#424)
• Removed Invalid CRD Fields from ScanTypes and ParseDefinitions @J12934 (#410)
• Bugfixed Angularjs Csti Scanner ⛑ HelmChart @SebieF (#401)
• Bugfixed customTemplate Config of the new Notification Hook @J12934 (#387)
• Bugfixing operator generated code @rseedorff (#442)

🧪 Test

• Bugfixed Crash in WPSCan Parser When No Wordpress Version Got Identified @J12934 (#424)
• Add unit test for wildcards in cascading rules @J12934 (#380)
• Retry Failing Integration Tests up to 3 times @J12934 (#389)

📚 Documentation

• Place Request For Signed Commits More Prominently @fuhrmeistery (#431)
• Converted ADRs to Markdown @Weltraumschaf (#397)
• Added Notice On Signing Commits @fuhrmeistery (#379)

🔧 Maintenance

• Add SPDX License headers to all files @rseedorff (#420)
• Sign Helm docs commits @twwd (#421)

📌 Dependencies

• Updated trivy scanner to version v0.18.1 @rseedorff (#426)
• Updated trivy scanner to version v.0.18.2 @rseedorff (#435)
• Updated Base Image To Newer Version @fuhrmeistery (#434)
• Updated kubeaudit scanner to version v0.14.1 @rseedorff (#427)
• Updated gitleaks scanner to version v7.5.0 @rseedorff (#428)
• [Snyk] Upgrade ws from 7.4.4 to 7.4.5 @snyk-bot (#419)
• [Snyk] Upgrade ws from 7.4.4 to 7.4.5 @snyk-bot (#418)
• Bump hosted-git-info from 2.8.8 to 2.8.9 in /hooks/persistence-elastic @dependabot (#411)
• Bump lodash from 4.17.20 to 4.17.21 in /hook-sdk/nodejs @dependabot (#409)
• Bump hosted-git-info from 2.8.8 to 2.8.9 in /hooks/declarative-subsequent-scans @dependabot (#414)
• Bump lodash from 4.17.20 to 4.17.21 in /parser-sdk/nodejs @dependabot (#408)
• Bump hosted-git-info from 2.8.8 to 2.8.9 in /hook-sdk/nodejs @dependabot (#413)
• Bump hosted-git-info from 2.8.8 to 2.8.9 in /hooks/generic-webhook @dependabot (#412)
• Bump hosted-git-info from 2.8.8 to 2.8.9 in /parser-sdk/nodejs @dependabot (#416)
• Bump hosted-git-info from 2.8.8 to 2.8.9 in /hooks/update-field @dependabot (#415)
• Bump lodash from 4.17.20 to 4.17.21 in /hooks/update-field @dependabot (#406)
• Bump lodash from 4.17.20 to 4.17.21 in /hooks/generic-webhook @dependabot (#407)
• Bump lodash from 4.17.20 to 4.17.21 in /hooks/persistence-elastic @dependabot (#405)
• Updated npm dependencies @twwd (#404)
• Updated Node.js version to latest LTS (14) @twwd (#400)
• [Snyk] Upgrade @kubernetes/client-node from 0.14.1 to 0.14.3 @snyk-bot (#398)
• [Snyk] Upgrade @kubernetes/client-node from 0.14.1 to 0.14.3 @snyk-bot (#396)
• [Snyk] Upgrade @kubernetes/client-node from 0.14.1 to 0.14.3 @snyk-bot (#395)
• [Snyk] Upgrade @kubernetes/client-node from 0.14.0 to 0.14.1 @snyk-bot (#392)
• [Snyk] Upgrade @kubernetes/client-node from 0.14.0 to 0.14.1 @snyk-bot (#391)
• [Snyk] Upgrade @kubernetes/client-node from 0.14.0 to 0.14.1 @snyk-bot (#390)
• Bump jose from 2.0.4 to 2.0.5 in /hooks/declarative-subsequent-scans @dependabot (#384)
• Bump jose from 2.0.4 to 2.0.5 in /parser-sdk/nodejs @dependabot (#383)
• Bump jose from 2.0.2 to 2.0.5 in /tests/integration @dependabot (#382)
• Bump jose from 2.0.4 to 2.0.5 in /hook-sdk/nodejs @dependabot (#381)
• [Snyk] Upgrade mustache from 4.1.0 to 4.2.0 @snyk-bot (#385)

Distribution

Contributers

Thx to all our contributers supporting this project 🤗
@EndPositive, @J12934, @JohannesZahn, @SebieF, @Weltraumschaf, @dependabot, @dependabot[bot], @fuhrmeistery, @luckolen, @rseedorff, @snyk-bot and @twwd