Changelog
v1.9.0 (2021-08-06)
Implemented enhancements:
- Dockerfile Support #798
- pre-commit hook #311
- Add support for CFT nested stacks #949
- Adds support for using Terraform modules cached locally #940
Fixed bugs:
- Helm chart scans use only 4 policies #946
Closed issues:
- Link to docks in README #944
- Ensure remote modules are downloaded only once #936
- Rule supression for specific resources #868
Merged pull requests:
- Fixes k8s policy filtering #963 (patilpankaj212)
- Update mkdocs-material to 7.2.2 #954 (pyup-bot)
- Adds Terrascan pre-commit #953 (mihirhasan)
- Add support for CFT nested stacks #949 (sigmabaryon)
- fix - remote repo scan with config only option generates panic #948 (patilpankaj212)
- Update mkdocs-material to 7.2.1 #947 (pyup-bot)
- Update README.md #945 (sangam14)
- Update helm chart progress checklist #943 (dev-gaur)
- Adds support for using Terraform modules cached locally #940 (Rchanger)
- Update mkdocs-material to 7.2.0 #939 (pyup-bot)
- Dockerfile support #849 (Rchanger)
v1.8.0 (2021-07-02)
Implemented enhancements:
- Add Support for new reference id field #786
Fixed bugs:
- Sarif output has wrong file path value for file scans #861
- ‘k8s’ key updated multiple times in policy package #439
Closed issues:
- Terrascan is failing in scan #887
- Refactor to Disable CGO #884
- Issue on Azure Pipelines: failed to initialize terrascan 1.7.0 #864
- Can’t skip rules with underscore #856
- Recursive Loop Scanning Terraform #851
- Improve filenames in remote modules #841
- Issues running terrascan in azure pipelines #835
Merged pull requests:
- fix error messages reported from hcl diags #911 (kanchwala-yusuf)
- add in-file instrumentation segment #910 (amirbenv)
- Minor documentation fixes #908 (brandysnaps)
- Use CGO independent package for sqlite #906 (kanchwala-yusuf)
- GH action doc - fix code block #902 (amirbenv)
- Update cicd-fix code block.md #901 (amirbenv)
- fixes: recursive loop when parent and child module has same local block #900 (Rchanger)
- Update mkdocs-material to 7.1.9 #895 (pyup-bot)
- Updates documentation on Terrascan github action #894 (cesar-rodriguez)
- fix usage overview links.md #893 (amirbenv)
- Split usage docs #890 (amirbenv)
- add proper values via metadata #888 (gaurav-gogia)
- Update mkdocs to 1.2.1 #886 (pyup-bot)
- Update Integration Docs.md #885 (amirbenv)
- k8s policies refactor #879 (gaurav-gogia)
- mod azure policies to improve parity with siac #878 (gaurav-gogia)
- Fix authorization header for http request #877 (kanchwala-yusuf)
- Adding Id fix for github policies #874 (shreyas-phansalkar-189)
- Bugfix/k8s id field #873 (gaurav-gogia)
- Add ID Field in Azure Policies #872 (gaurav-gogia)
- adding ID field for aws policies #871 (harkirat22)
- Adding missing Id field for GCP policies #870 (shreyas-phansalkar-189)
- Updating network security policies for GCP #869 (shreyas-phansalkar-189)
- improves: filename in remote module #867 (Rchanger)
- Adding AWS Network Security Policies #866 (shreyas-phansalkar-189)
- Change api, Add support for s3 bucket resource and better cft loader #865 (sigmabaryon)
- Fixes incorrect filepath reporting in sarif output & added e2e tests for sarif output #863 (dev-gaur)
- Bugfix/az nw sec policies #862 (gaurav-gogia)
- Update mkdocs-material to 7.1.8 #859 (pyup-bot)
- Fix AC_AZURE_0185 policy #858 (maxgio92)
- fixed sarif unit tests hardcoding code smell #857 (dev-gaur)
- fix broken link to
usage.md
#855 (dan-hill2802) - Added “id” field support & policy validation tests #843 (nasir-rabbani)
- Add Microsoft Azure ARM as an IaC Provider #736 (gauravgahlot)
Changelog
v1.7.0 (2021-06-09)
Implemented enhancements:
- Enhancement: Support sarif as output format #775
- Admission Controller e2e tests #749
- Enhance terrascan docker to support all terrascan run modes #748
- Config file changes for server and admission controller #747
- Create Helm charts for the terrascan admission webhook setup. #685
- Enhancement: Use module instance name for download directory #672
Fixed bugs:
- Azure AKS failling to check the network policy status. #789
- Scan for terraform doesn’t error out if a module definition refers to a directory with no tf files #782
- Wrong detection of MemoryRequestsCheck,CpuRequestsCheck,noReadinessProbe and nolivenessProbe policy in k8s Job spec #767
- Update Docker build for terrascan to use numeric UID #766
- Wrong detection of AllowPrivilegeEscalation (policy AC-K8-CA-PO-H-0165) in K8s pod spec #721
- Failed to run prepared query error in opa/engine.go #709
- tfplan should use resource address for id field #702
- Rule IDs with spaces cannot be skipped #610
- AWS.CloudFront.Network Security.Low.0568 Doesn’t allow skipping due to space in filename #549
- Error parsing syntax if using complex query for dynamic ip_restriction in azurerm_function_app or azurerm_app_service ressource #433
Closed issues:
- Add support for YAML format for terrascan config file #807
- Add ID field #805
- Add a middleware to log incoming http(s) requests on terrascan server #784
- terrascan server: validation missing for –cert-path and –key-path #769
- show-passed should report passes only for the existing resources #757
- Out of the box handling of certificates in helm charts for terrascan in Server mode #756
- In-file Instrumentation #755
- Release 1.5.2 or 1.6.0 #745
- Issue in GCP Policyfile unrestrictedRdpAccess.rego #735
- accurics.azure.AKS.3 is defective #711
- Rule
lambdaNotEncryptedWithKms
should not check for KMS when env vars are not being used #682 - Terrascan does not resolve env var for aws_rds_cluster attribute storage_encrypted #678
- Valid Terraform configuration fails with
s3EnforceUserAcl
#659 - kmsKeyExposedPolicy:22: eval_builtin_error: json.unmarshal: invalid character ‘$’ looking for beginning of value} #627
- Terrascan not able to find terraform config files in a sub directory, but it works in case of k8s infrastructure type #622
- Potential nil-dereference found while fuzzing #611
- terrascan should have a
category-list
command #597 - Improved Documentation #416
- Improve test coverage for k8s #400
Merged pull requests:
- Fixing the bug for google_kms_crypto_key policies #848 (shreyas-phansalkar-189)
- Fix AWS dynamo Db policy for point in time recovery #847 (harkirat22)
- Bugfix/use ref id old format #846 (gaurav-gogia)
- reference ids with & and <space> fixed #845 (gaurav-gogia)
- fixes: Terraform inner block reference resolution #844 (Rchanger)
- Bump up to Go/1.16 #836 (kanchwala-yusuf)
- [fix] Add Alternate names for k8s services #834 (rahulchheda)
- Support for spaces in policy reference_id #833 (nasir-rabbani)
- fix - type assertion check for hcl.Body in terraform iac provider #832 (patilpankaj212)
- Add ID Field for AWS Policies' Metadata #831 (gaurav-gogia)
- Policy to check CVE-2021-25737 #830 (harkirat22)
- Enhancing AWS policies #829 (harkirat22)
- aws s3 policy
s3EnforceUserAcl
update #828 (gaurav-gogia) - add check for env vars and kms #827 (gaurav-gogia)
- Add ID Field for K8s Policies' Metadata #826 (Avanti19)
- Do not trim resource id from tfplan json #825 (kanchwala-yusuf)
- Add ID Field for GCP Policies' Metadata #824 (gaurav-gogia)
- fix - source path for k8s file scan is absolute #821 (patilpankaj212)
- added pending test changes for config reader #820 (patilpankaj212)
- fix: moves the pending test to running #819 (Rchanger)
- fix multierror variable issue #818 (patilpankaj212)
- [feat.] Merge Webhook and Server Helm Chart #817 (rahulchheda)
- add support for YAML format for terrascan config file #816 (kanchwala-yusuf)
- Add AWS CFT as an IaC Provider #815 (mahendrabagul)
- fix failing e2e test #812 (patilpankaj212)
- Adding Aws new policies cloudTrail #810 (Avanti19)
- Feature/az id field #808 (gaurav-gogia)
- added support for sarif formatted violation reports #806 (dev-gaur)
- Adds support to scan config resources with applicable policies & Refactors filteration #803 (patilpankaj212)
- Adds: in-file instrumentation for resource prioritizing #802 (Rchanger)
- shifted opa engine warning message to debug log level #800 (dev-gaur)
- fix: added validation for module local source dir #793 (Rchanger)
- policy metadata changes to include
policy\_type
andresource\_type
#792 (patilpankaj212) - Fix pod level securityContext support #790 (harkirat22)
- Fix policy code for securityContext and Probes #787 (harkirat22)
- add logging middleware for server #785 (dev-gaur)
- config file changes for terrascan server #780 (patilpankaj212)
- Automate generation of TLS Certs using Helm #779 (rahulchheda)
- Add webhook setup capability and remote repo scan capability in the helm charts #778 (dev-gaur)
- Changed description of policy file to match port. #777 (menzbua)
- Added source_range 0.0.0.0/0 (any) to avoid rule violations #776 (menzbua)
- support for
module name
in violation summary #774 (patilpankaj212) - Modified the Dockerfile to use numeric UID #773 (Rchanger)
- adds e2e tests for validating webhook #772 (patilpankaj212)
- add validation for tls private key and cert file values #771 (dev-gaur)
- Documentation #768 (lalchand12)
- change docs to include docker subcommands.md #765 (amirbenv)
- shifted custom atlantis container source under integrations/ directory #758 (dev-gaur)
- Update mkdocs-material to 7.1.4 #746 (pyup-bot)
- Add a kustomize based guide for setting up terrascan server and validating webhook in kubernetes #739 (dev-gaur)
- Fix accurics.azure.AKS.3 #712 (xortim)
- Update mkdocs-redirects to 1.0.3 #710 (pyup-bot)
- Initial addition of terrascan helm chart #688 (jlk)
Changelog
v1.6.0 (2021-05-10)
Implemented enhancements:
- Atlantis Integration #686
- Enhancement: support for all iac scan for cli #673
- Feature request: scan sub-folders too #411
Fixed bugs:
- Admission Controller Doesn’t display feedback for kubectl “create” and “apply” #731
Closed issues:
- GKE Control Plane is exposed to few public IP addresses #743
- Error with finding Enable AWS CloudWatch Logs for APIs #730
- Task: Add to github actions ability to build/push terrascan_atlantis image #728
- accurics.azure.NS.161 does not work with tfplan #725
- terrascan “latest” docker image broken for tfplan #718
- Local expansion recursive infinite loop #690
Merged pull requests:
- Feature/aws new policies sp #751 (shreyas-phansalkar-189)
- Argocd doc volume field modification #742 (Rchanger)
- Update mkdocs.yml #741 (amirbenv)
- fix failing test #740 (patilpankaj212)
- AWS policy pack update #737 (harkirat22)
- Adding release checklist #734 (jlk)
- Gh action terrscan_atlantis release #733 (dev-gaur)
- adds agrocd integration dockerfile, scripts, doc and examples #732 (Rchanger)
- Fix NSG associations #727 (xortim)
- changes for argocd integration #724 (patilpankaj212)
- Update admission-controller-webhooks-usage.md #722 (amirbenv)
- fix - #718 #720 (patilpankaj212)
- doc: add homebrew badge #714 (chenrui333)
- update version #713 (chenrui333)
- adds skipped tests for server file scan when file is k8s yaml #706 (Rchanger)
- fixes infinte loop while local variable resolution #700 (patilpankaj212)
- add terrascan atlantis container files, scripts and doc. #684 (dev-gaur)
- adds support to scan directory with all iac providers in cli mode #674 (patilpankaj212)
- adds support to scan sub folders for terraform iac provider #640 (patilpankaj212)
Changelog
v1.5.0 (2021-04-23)
Fixed bugs:
- Recursive loop expanding variables in included module #675
- Terrascan doesn’t resolve terraform complex variables #656
- Panic while resolving floating point variable #652
- Terrascan using absolute path for “source” value of resource #642
- Failed to initialize terrascan. error : failed to install policies #614
- Terrascan not able to read modules within a subdirectory #600
- Terrascan init command doesn’t work with -c flag #550
Closed issues:
- Not able to scan repo when google terraform module defined #681
- The link referencing the documentation to integrate Terrascan into CI/CD is broken #669
- Make saving of “admission request” configurable via an option in the config file for the validating admission webhook #664
- Add API_KEY to the /logs endpoint for the validating admission webhook #662
- Panic: not a string #647
- unit tests and e2e tests failing on windows #639
- Add support for private terraform repos #631
- policy not evaluating #629
- Terrascan does not support to download modules via SSH #621
- terrascan scan fails if path and rego_subdir are not provided together in the toml configfile #619
- Getting error while running scan on our terraform repo #607
- Terrascan not found policy id #601
Policies Violated
andViolated Policies
are confusing. #598- Invalid categories not being validated from config file #594
- Terrascan API server’s file scan doesn’t work for k8s yaml files #584
- Add
/go/bin
to the PATH variable in Docker image #577 - terrascan scan command doesn’t work with TERRASCAN_CONFIG env variable #570
- Format junit-xml need to have passed test results, not only failed test #563
- optimize policy download process in
terrascan init
#535
Merged pull requests:
- Release v1.5.0 #689 (kanchwala-yusuf)
- Adds support to configure dashboard mode in k8s validating webhook #683 (patilpankaj212)
- Updating documentation for k8s admission control #679 (kanchwala-yusuf)
- Fix recursive variable reference resolution #677 (patilpankaj212)
- Update mkdocs-material to 7.1.2 #676 (pyup-bot)
- Fixes broken link in README #671 (cesar-rodriguez)
- Docs- fix argo image path.md #667 (amirbenv)
- Makes saving of admission requests configurable via a config file option #665 (kanchwala-yusuf)
- Add authentication with API key for the /logs endpoint #663 (kanchwala-yusuf)
- Fixes docs format #661 (cesar-rodriguez)
- Update mkdocs.yml #660 (amirbenv)
- Support for authenticated tf module download #658 (jlk)
- Fix - terraform complex variables are not getting resolved #657 (patilpankaj212)
- Reorganized and Updated docs #655 (amirbenv)
- Fix- panic when terraform list variable doesn’t have a type #654 (patilpankaj212)
- Fix panic for floating point variables #653 (patilpankaj212)
- Adding support to scan IAC from atlantis workflow #648 (jlk)
- Fix - k8s resources config data has absolute source paths for resources #644 (patilpankaj212)
- Fix - terrascan not able to read modules within a subdirectory #641 (patilpankaj212)
- Add /go/bin to PATH. #637 (seancallaway)
- Update mkdocs-material to 7.1.0 #636 (pyup-bot)
- Fix windows tests #635 (patilpankaj212)
- Fix kustomize scan breakage on windows #630 (dev-gaur)
- Update route53LoggingDisabled.rego to ignore private zones #626 (matt-slalom)
- Adding openssh for downloading modules via ssh #625 (sachinar)
- Fix - init behavior change #624 (patilpankaj212)
- Add support for validating admission webhook in terrascan #620 (kanchwala-yusuf)
- Policy download refactor #618 (dev-gaur)
- Update mkdocs-material to 7.0.6 #615 (pyup-bot)
- Log error in LoadIacDir before continuing #613 (jlk)
- K8S Risk Category Changes #608 (Avanti19)
- GCP Risk Category Changes #606 (shreyas-phansalkar-189)
- Category flag e2e tests #605 (gaurav-gogia)
- Azure Risk Category Changes #604 (gaurav-gogia)
- AWS Risk Category Changes #603 (harkirat22)
- Bugfix/revert policies #602 (kanchwala-yusuf)
- Server mode: take file extension from uploaded file #593 (jlk)
- filepath fixes in e2e tests #591 (patilpankaj212)
- Update mkdocs-material to 7.0.5 #590 (pyup-bot)
- update helm default chart name and namespace values #589 (williepaul)
- v1.4.0 doc updates #588 (cesar-rodriguez)
- Terrascan K8s New categories and ruleRef ID changes #583 (Avanti19)
- GCP Category Changes #582 (shreyas-phansalkar-189)
- AWS new Categories #581 (harkirat22)
- New Policies for Azure & Category Updates. #580 (gaurav-gogia)
- Terrascan init and config handling refactor #576 (dev-gaur)
- Feature: add options to specify desired categories of violations to be reported #547 (gaurav-gogia)
v1.4.0 (2021-03-05)
Implemented enhancements:
- Scanning terraform plan files #407
- Adds support for junit xml output #527
- Adds e2e test scenarios for help and scan command #564
- Adds e2e tests for api server #585
- Please checkout our new Github Action!
Fixed bugs:
- Fixed a few bugs in the init command and downloading of fresh policies, including #561
- Difference in violated policies for the same terraform file #519
- false positive for AWS.Instance.NetworkSecurity.Medium.0506 #404
- accurics.gcp.IAM.122 needs to take into account the new name for Uniform bucket-level access flag #329
- fix the ‘repo already exist’ bug and improve error logging for terrascan init #552 (dev-gaur)
Closed issues:
- terrascan API server’s file scan always returns the resource config #578
- Issue on Azure DevOps Agents since 1.3.2 : failed to initialize terrascan #561
- Could not get terrascan init to work - would not download policy documents #551
Merged pull requests:
- release 1.4.0 #586 (kanchwala-yusuf)
- adds e2e tests for api server #585 (patilpankaj212)
- adds support to use ‘config_only’ attribute in api server’s file scan #579 (patilpankaj212)
- adds support to display passed rules #572 (patilpankaj212)
- Update mkdocs-material to 7.0.1 #567 (pyup-bot)
- fix filepaths and home directory lookup #566 (dev-gaur)
- adds e2e test scenarios for help and scan command #564 (patilpankaj212)
- Adds support for scanning tfplan json file #562 (kanchwala-yusuf)
- fix: renamed the json file to remove spaces #560 (harkirat22)
- fix: Changed the description message to handle the violation correctly #559 (harkirat22)
- bump versions to v1.3.3 #558 (dev-gaur)
- updated go module files #557 (dev-gaur)
- Initial changes for e2e testing framework #553 (patilpankaj212)
- Add code of conduct #545 (jlk)
- Fixes incorrect description of RDS encryption policy #542 (alex-petrov-vt)
- changes in log level and messages for load iac functions #541 (patilpankaj212)
- Update mkdocs-material to 6.2.8 #539 (pyup-bot)
- Updates docs for v1.3.2 #537 (cesar-rodriguez)
- update readme for v1.3.2 #534 (dev-gaur)
- fix - improved description for init command in help #532 (nathannaveen)
- Adds support for junit xml output #527 (patilpankaj212)
- enhancement: scan terraform registry modules as remote type #513 (patilpankaj212)
- support for terraform registry remote modules #505 (patilpankaj212)
- feature: add options to specify desired severity level of violations to be reported #501 (dev-gaur)
- Bump github.com/spf13/cobra from 1.0.0 to 1.1.1 #493 (dependabot[bot])
v1.3.2 (2021-02-03)
Fixed bugs:
- terrascan init should download new policies #521
Closed issues:
- How to get rid of “Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary.” #405
- False Positive for accurics.azure.NS.161 when Security Groups Association and Subnets are defined indepently from VNet #391
- Calico is not supported as a valid Network Security for azurerm_kubernetes_cluster #376
Merged pull requests:
- Update readme for v1.3.2 #534 (dev-gaur)
- bump terrascan version to v1.3.2 #533 (dev-gaur)
- refactor init command for robust policy download checks #531 (dev-gaur)
- terrascan init will download new policies. #529 (dev-gaur)
- bugfix: Checks for security group association defined independently from vnet #526 (harkirat22)
- Update mkdocs-material to 6.2.7 #524 (pyup-bot)
- Fixed typos in docs #523 (gauravgahlot)
- Enhancement: new set of policies for AWS EC2 instance. #522 (harkirat22)
- Harkirat22/bug fix #520 (harkirat22)
- fixes #376 #518 (gaurav-gogia)
- fixes #405 #517 (gaurav-gogia)
- Policy/aws launch config #516 (harkirat22)
- add support for pod container #515 (harkirat22)
- Update mkdocs-material to 6.2.6 #514 (pyup-bot)
- Update README.md and changelog for 1.3.1 #509 (amirbenv)
v1.3.1 (2021-01-22)
Implemented enhancements:
- Support for remote modules
- Tag container image with release version #504
Fixed bugs:
- Build error on ARM MacOS
- terrascan consider source = “terraform-aws-modules/vpc/aws” as local path #418
- Failed to read module directory #332
Closed issues:
- Custom Variable Validation no longer experiemental in 0.13 #500
Merged pull requests:
- release v1.3.1 #508 (kanchwala-yusuf)
- fix dependencies that were breaking the darwin/arm64 build #507 (williepaul)
- support for terraform registry remote modules #505 (patilpankaj212)
- Readme rule supression #503 (amirbenv)
- Bump github.com/hashicorp/go-retryablehttp from 0.6.6 to 0.6.8 #496 (dependabot[bot])
- Bump github.com/hashicorp/go-getter from 1.5.1 to 1.5.2 #495 (dependabot[bot])
v1.3.0 (2021-01-19)
Implemented enhancements:
- Prints output in human friendly format #168
- Support for rule suppression using terraform comments,kubernetes annotations, cli arguments, and config file.
- New Policies for Kubernetes #480
- Tag released Docker images #398
- Add policy for checking insecure_ssl configuration for github_repository_webhook in GitHub provider #355
- Introduced support for terraform .14 and .13. Note: This will introduce some breaking changes for terraform v.12 files, even if using –iac-version v.12 flag. Notably we will no longer support multiple providers blocks, and certain references inside provisioner blocks (objects other than self, count or each, where when = destroy) . For more details see: https://github.com/hashicorp/terraform/releases/tag/v0.13.0
Fixed bugs:
- terrascan doesn’t allow registering multiple versions for an iac-type #471
- Debug resource lock #432
- terrascan panic: not a string #412
- False positive for aws rule vpcFlowLogsNotEnabled #408
- accurics.GCP.EKM.132 and accurics.GCP.EKM.131 wrong violation using disk_encryption_key #382
- s3EnforceUserACL - False Positive #359
- How to fix accurics.azure.EKM.20 #331
- Why accurics.gcp.IAM.104 suggests enabling a client certificate? #330
Closed issues:
- terraform can’t detect violations in terraform modules #468
- uniformBucketEnabled.rego referencing deprecated config #453
- Unable to run terrascan scan #446
- Terrascan doesn’t exit with error on CLI or Parsing errors. #442
- Terrascan Failure When Using Terraform 13 + Variable Validation #426
- Update policy example in documentation to use latest GitHub implementation #422
- Fix link to repo playground in policies documentation #421
- terrascan scan crashes with runtime: goroutine stack exceeds 1000000000-byte limit #406
- Typo error in the terrascan Architecture page #403
- accurics.gcp.OPS.114 should also check for cos_containerd image #395
- accurics.gcp.NS.112 suggest basic auth is enabled when is not #394
- Test coverage missing for kustomize iac-provider #379
- Why is vpcFlowLogsNotEnabled determined to be a violation? #352
Merged pull requests:
- update version to v1.3.0 #502 (kanchwala-yusuf)
- Add v13 flag option for terraform iac #499 (dev-gaur)
- Fix: potential bug added in PR #470 #497 (dev-gaur)
- Bump sigs.k8s.io/kustomize/api from 0.7.1 to 0.7.2 #494 (dependabot[bot])
- Bump github.com/mattn/go-isatty from 0.0.8 to 0.0.12 #492 (dependabot[bot])
- solves issue #382, and improved policy to relate disk with the instance #490 (harkirat22)
- solves issue #331 #489 (harkirat22)
- Update mkdocs-material to 6.2.5 #488 (pyup-bot)
- Bump go.uber.org/zap from 1.13.0 to 1.16.0 #486 (dependabot[bot])
- Bump github.com/spf13/afero from 1.3.4 to 1.5.1 #485 (dependabot[bot])
- Bump github.com/iancoleman/strcase from 0.1.1 to 0.1.3 #484 (dependabot[bot])
- Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 #482 (dependabot[bot])
- Bump github.com/pelletier/go-toml from 1.8.0 to 1.8.1 #481 (dependabot[bot])
- Policy update 2021 01 14 #480 (williepaul)
- fix panic for list variables #479 (patilpankaj212)
- adding an else condition to relate management lock with resource group #476 (harkirat22)
- adding an else condition to relate the flow log with vpc #475 (harkirat22)
- including a check for verifying in-line policy is included #474 (harkirat22)
- adding rule to check if waf is enabled at cloud front distribution #473 (harkirat22)
- Added terraform v14 support besides v12. #470 (dev-gaur)
- support comment with rule skipping for resource and scan summary modifications #466 (patilpankaj212)
- recognize metadata.generateName #465 (acc-jon)
- Update mkdocs-material to 6.2.4 #464 (pyup-bot)
- Update README.md #463 (amirbenv)
- Deprecated gcs bucket #462 (jdyke)
- changed the description to include the vulnerable versions #460 (harkirat22)
- Fix exit code on error #458 (patilpankaj212)
- policy for CVE-2020-8555 #457 (harkirat22)
- Update README.md #456 (amirbenv)
- rule skipping for resources in k8s #455 (patilpankaj212)
- terrascan argo-cd instructions #454 (storebot)
- Adds CI/CD integration docs #452 (cesar-rodriguez)
- Bump github.com/zclconf/go-cty from 1.2.1 to 1.7.1 #449 (dependabot[bot])
- Bump sigs.k8s.io/kustomize/api from 0.6.5 to 0.7.1 #448 (dependabot[bot])
- Bump github.com/gorilla/mux from 1.7.4 to 1.8.0 #447 (dependabot[bot])
- Update mkdocs-material to 6.2.3 #445 (pyup-bot)
- deps: add dependabot support #444 (chenrui333)
- bump go to 1.15 #443 (chenrui333)
- implement scan and skip rules #441 (patilpankaj212)
- scan command refactor #436 (patilpankaj212)
- Fixes dead link to old getting started page #435 (cesar-rodriguez)
- Add support to extract rules to skip from terraform comments #434 (kanchwala-yusuf)
- bash output improvements #431 (patilpankaj212)
- APE-1319: Revamped Getting Started Section #430 (acc-jon)
- Add policy AC-K8-NS-SE-M-0188 for CVE-2020-8554 #428 (gauravgogia-accurics)
- set console mode on windows so colors render #427 (acc-jon)
- Update mkdocs-material to 6.1.7 #425 (pyup-bot)
- Update policy example in the documentation #424 (HorizonNet)
- Fix link to rego playground in policies documentation #423 (HorizonNet)
- hopefully remove test failures due to non-deterministic comparisons #420 (acc-jon)
- IMDSv1 policy: update category, description #419 (acc-jon)
- IMDSv1 check policy #417 (harkirat22)
- Add Docker image release tagging on release #410 (HorizonNet)
- Fix typo in architecture documentation #409 (HorizonNet)
- accurics.gcp.IAM.104 Fire rule when client certificate is enabled #402 (lucas-giaco)
- Update mkdocs-material to 6.1.6 #401 (pyup-bot)
- Added Unit test coverage for Kustomize V3 Iac-provider #399 (dev-gaur)
- Fixes GCP cos node image policy #397 (cesar-rodriguez)
- #394: recognize that empty values for username and password in master… #396 (acc-jon)
- Fix infinite loop on variable resolution #393 (dinedal)
- Remove demo badge #389 (kklin)
- Update mkdocs-material to 6.1.5 #387 (pyup-bot)
v1.2.0 (2020-11-16)
Implemented enhancements:
- Add support for Helm #353
- Add ‘git’ to container image, or run container as ‘root’ user by default #349
- Add policy for checking insecure_ssl configuration for github_organization_webhook in GitHub provider #339
- Rule for github_repository seems to be wrongly placed under gcp #325
Fixed bugs:
- Fail to validate when there are multiple properties with the same name in a resource #1
Closed issues:
- Deep modules location mis-proccessed. #365
- 20MB binary file included in repo now #364
- Private GitHub repositories are not recognized with version 3.0.0+ of GitHub provider #326
- Terrascan -var-file=../another dir #144
- Error in test_aws_security_group_inline_rule_open and test_aws_security_group_rule_open #138
- Intial setup after installation #136
- Add support for data sources #3
- Support from modules #2
Merged pull requests:
- Bring Go to 1.15 in Github Actions #384 (gliptak)
- Bring Go to 1.15 in Github Actions #383 (gliptak)
- fix a bug when rendering subcharts #381 (williepaul)
- Added kustomize support #378 (dev-gaur)
- Adds support for Helm v3 #377 (williepaul)
- Update mkdocs-material to 6.1.4 #374 (pyup-bot)
- properly handle nested submodules (#365) #373 (acc-jon)
- Address #365 by properly handling submodule path #372 (acc-jon)
- Update mkdocs-material to 6.1.3 #371 (pyup-bot)
- Update mkdocs-material to 6.1.2 #370 (pyup-bot)
- Allow use of multiple policy types (scan -t x,y or scan -t x -t y) #368 (acc-jon)
- Remove large binary that was included in the repo #366 (cesar-rodriguez)
- fix send request method, previously hardcoded #361 (kanchwala-yusuf)
- Add git binary to terrascan docker image, required by downloader #360 (kanchwala-yusuf)
- Adds new policies/regos for AWS serverless services #357 (cesar-rodriguez)
- Update mkdocs-material to 6.1.0 #356 (pyup-bot)
- Allow configuration of global policy config, fix some typos #354 (acc-jon)
- Feature/support resolve variable references #351 (kanchwala-yusuf)
- Add new policy for checking insecure_ssl on github_organization_webhook #350 (HorizonNet)
- Update mkdocs-material to 6.0.2 #348 (pyup-bot)
- Add support for colorized output #347 (acc-jon)
- Update mkdocs-material to 6.0.1 #346 (pyup-bot)
- Adds support for remote Terraform modules and scanning remotely for other IaC tools #345 (kanchwala-yusuf)
- fix supported providers unit test, sort the wanted result #344 (kanchwala-yusuf)
- Fix typo on AWS IAM account password policy rego name #343 (kmonticolo)
- Update mkdocs-material to 5.5.14 #340 (pyup-bot)
- Adds docs section for GitHub policies #337 (cesar-rodriguez)
- Automatically populate usage with supported IaC providers, versions, and policies #336 (kanchwala-yusuf)
- Add line about kubernetes YAML/JSON support #335 (williepaul)
- Add policy set for GitHub provider #334 (HorizonNet)
- Add check for visibility for github_repository #333 (HorizonNet)
- Add instructions for booting terrascan demo #319 (kklin)
v1.1.0 (2020-09-16)
Implemented enhancements:
- Initial kubernetes support #313 (williepaul)
- Adds different exit code when issues are found #299 (cesar-rodriguez)
- Adding terrascan to Homebrew #293
Fixed bugs:
- Oudated Docker image #294
- Error with XML output #290
- Fixed checkIpForward rule (gcp) #323 (williepaul)
Closed issues:
- Terrascan wrongly reports a accurics.gcp.NS.130 (checkIpForward) violation #320
- Allow structure output (Json) #252
- Throwing Errors when parsing nested brackets in HCL #233
- Be able to generate xml/html reports #119
Merged pull requests:
- Revert “fixed a bug in checkIpForward” #322 (cesar-rodriguez)
- Fixed a bug in checkIpForward #321 (williepaul)
- Move server command out of ENTRYPOINT and into CMD #318 (williepaul)
- Send logs to stderr instead of stdout #317 (williepaul)
- Fix template rendering bug #316 (williepaul)
- chore(docs): add homebrew installation #315 (chenrui333)
- Update badges in readme #314 (acc-jon)
- Update mkdocs-diagrams to 1.0.0 #312 (pyup-bot)
- Add support to print resource config as an output #309 (kanchwala-yusuf)
- Manage relative module path #308 (guilhem)
- Update mkdocs-material to 5.5.12 #307 (pyup-bot)
- chore(docs): fix indent of tar extraction #306 (zmarouf)
- Fixes issue template and rego capitalization #301 (cesar-rodriguez)
- Update mkdocs-material to 5.5.8 #300 (pyup-bot)
- Update about.md #298 (Upa-acc)
- Updated policies to the latest set #297 (williepaul)
- Fixes docker latest tag #296 (cesar-rodriguez)
- Typo fixes #295 (erichs)
- Update mkdocs-material to 5.5.7 #292 (pyup-bot)
- Fix xml output #291 (kanchwala-yusuf)
1.0.0 (2020-08-16)
Major updates to Terrascan and the underlying architecture including:
- Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling.
- Server mode. This allows Terrascan to be executed as a server and use it’s API to perform static code analysis
- Notifications hooks. Will be able to integrate for notifications to external systems (e.g. email, slack, etc.)
- Uses OPA policy engine and policies written in Rego.
0.2.3 (2020-07-23)
- Introduces the ‘-f’ flag for passing a list of “.tf” files for linting and the ‘–version’ flag.
0.2.2 (2020-07-21)
- Adds Docker image and pipeline to push to DockerHub
0.2.1 (2020-06-19)
- Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the “>=” operator.
0.2.0 (2020-01-11)
- Adds support for terraform 0.12+
0.1.2 (2020-01-05)
- Adds ability to setup terrascan as a pre-commit hook
0.1.1 (2020-01-01)
- Updates dependent packages to latest versions
- Migrates CI to GitHub Actions from travis
0.1.0 (2017-11-26)
- First release on PyPI.
* This Changelog was automatically generated by github_changelog_generator
* This Changelog was automatically generated by github_changelog_generator
* This Changelog was automatically generated by github_changelog_generator
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.