threatcl/threatcl dev

Development Build

on GitHub

Features

• #67 go-getter for accessing including attributes #69 (xntrik)
• #67 go-getter used for imports now as well. Plus some chore #69 (xntrik)
• #3 - we now have a constraint system that allows graceful #69 (xntrik)
• #3 rejigged the constraint versioning #69 (xntrik)
• #41 Most of the new expanded_control logic is in place now #69 (xntrik)
• Parse for legacy DFDs and shift into the new format #78 (xntrik)
• Adding contraint checks for old dfd blocks #29 #78 (xntrik)
• list command now handles number of DFD in output #29 #78 (xntrik)
• Multiple DFDs per TM are now supported #29 #78 (xntrik)
• TMs now support additiona_attribute blocks #71 #78 (xntrik)
• Addressing shortcomings of go-getter #83 #88 (xntrik)
• preparing for 0.2.0 release of hcltm - now threatcl #92 (xntrik)

Bug Fixes

• Dockerfile to reduce vulnerabilities #46 (snyk-bot)
• updated gopkg.in/yaml.v3 to address CVE-2022-28948 #57 (cfrichot)
• Fixes a minor issue with boilerplate generation #100 #101 (xntrik)
• Minor spec example fix #00 #102 (xntrik)

Documentation

• Updated release steps in CONTRIBUTING file (xntrik)
• Updating contributing (xntrik)
• updating documentation for 0.1.5 #69 (xntrik)
• updated example dashboard #78 (xntrik)
• Updated CHANGELOG #78 (xntrik)
• Updated CONTRIBUTING.md with some rough notes for managing docker #88 (xntrik)
• Updating docs to 0.2.0 #92 (xntrik)
• Adjusting docs and Makefile slightly (xntrik)
• Minor update to README with link to docs #99 (xntrik)
• Minor update to README #103 (xntrik)

Tests

• updated tests for DOT output #78 (xntrik)
• for the multi dfd contstraint check #29 #78 (xntrik)
• for the multi dfd contstraint check - forgot to add the test file #29 #78 (xntrik)
• Forgot to add the test file for #29 #78 (xntrik)
• added test for #83 #88 (xntrik)

Continuous Integration

• Adjusting the semgrep action #57 (cfrichot)
• Updating semgrep action again #57 (cfrichot)
• working on getting docker built on gh actions #78 (xntrik)
• adding qemu #78 (xntrik)
• Updating release to include docker building for GHCR #78 (xntrik)
• updating golang #78 (xntrik)
• Updated pre-release to test-build docker build #78 (xntrik)
• Tweaking pre-release action #79 (xntrik)
• Adding env flags to pre-release action #80 (xntrik)
• bumping some codeql actions #88 (xntrik)
• Updating out of date actions and bumping CI to Go 1.20 #88 (xntrik)
• bumping gh checkout action #90 #91 (xntrik)
• bumping codeql action #91 (xntrik)
• removing codeql yaml #92 (xntrik)
• Adjustment to pre-release job (xntrik)
• adjusting ci again (xntrik)
• Trying to get releasing working (xntrik)
• dev release tag is there now (xntrik)
• added clang to macos build (xntrik)
• attempt again (xntrik)
• nit pick fix (xntrik)
• Updated mac job to a mac worker (xntrik)
• another nit pick (xntrik)
• trying again on the macos builder (xntrik)
• more nitpicks (xntrik)
• Are we almost there? (xntrik)
• omg i typod the download-artifact action (xntrik)
• artifact name adjustments (xntrik)
• adjusting releae to latest (xntrik)
• adjusted perms (xntrik)
• adding docker process back to pre-release (xntrik)
• adjusted pre-release. Updated tagged release (xntrik)

Chores

• #68 - tidying up the parser tests to cater for some upcoming work #69 (xntrik)
• preparing for 0.1.5 release #69 (xntrik)
• After a go mod tidy #78 (xntrik)
• updating vulnerable aws-sdk-go https://github.com/xntrik/hcltm/security/dependabot/2 #78 (xntrik)
• bumping version in prep for 0.1.6 - still need to tidy other ver #78 (xntrik)
• go mod tidy #78 (xntrik)
• go mod tidy #78 (xntrik)
• Updated 0.1.5 refs to 0.1.6 #81 (xntrik)
• Bumping Golang, go deps, and docker deps #88 (xntrik)
• bump to 0.1.8 #91 (xntrik)
• bump ver refs to 0.2.0 #92 (xntrik)
• bump spec dep and update threatcl cli to 0.2.1 #96 (xntrik)
• deps: bump google.golang.org/protobuf from 1.32.0 to 1.33.0 #98 (dependabot[bot])
• deps: bump golang.org/x/net from 0.21.0 to 0.23.0 #104 (dependabot[bot])
• deps: bump github.com/hashicorp/go-getter from 1.7.3 to 1.7.4 #105 (dependabot[bot])

Commits

• 8d92f43: add missing Repudiation to STRIDE (Marc Loney) #32
• c703e20: Create codeql-analysis.yml (Christian Frichot)
• c6753e6: Create semgrep-analysis.yml (Christian Frichot)
• fa5bb09: Update semgrep-analysis.yml (Christian Frichot)
• 9847f42: Update semgrep-analysis.yml (Christian Frichot)
• a6e2b97: Create snyk-container-analysis.yml (Christian Frichot)
• adf59bc: Update link to the OWASP Proactive Controlsin README.md (John Doe) #42
• 14cbe0a: Merging in 0.1.2 (#60) (Christian Frichot) #60
• 6b3e522: Merging Dev 0.1.3 into main (#64) (Christian Frichot) #64
• e506f63: merging dev 0.1.4 into main (#66) (Christian Frichot) #66
• addressing some issues with expanded_control see #70 #78 (xntrik)
• 7b62cc1: very much work in progress on 0.1.6 (xntrik) #78
• 1b958c2: Added new export command relates to #84 (xntrik) #88
• 474a2f3: Added export sub-command info into README (xntrik) #88
• 3b9bb04: Updated CHANGELOG and other versions to 0.1.7 (xntrik) #88
• cb97bc4: Updated README (xntrik)
• e2c39f5: #89 update go-otm dep (xntrik) #91
• d4b0f53: updating main branch gh action (xntrik)