Releases: Checkmarx/kics
v2.1.8
What's Changed
- ci(deps): bump the all group across 1 directory with 2 updates by @dependabot in #7446
- fix(queries): support all valid CloudWatch Logs retention periods by @jamesbascle in #7450
- ci(deps): bump the all group across 1 directory with 2 updates by @dependabot in #7453
- docs(queries): update universal JSON creation to docker command by @dmeiser in #7454
- update(deps): update OPA package to version 1.4.2 by @cx-rui-araujo in #7460
- fix(query): fn for s3_bucket_allows_delete_action_from_all_principals query by @cx-artur-ribeiro in #7455
- ci(deps): bump securego/gosec from 2.22.3 to 2.22.4 in the all group by @dependabot in #7463
- feat(resolver): kubernetes circular dependency is causing resource exhaustion by @cx-miguel-silva in #7421
- fix(lint): update lint version by @cx-artur-ribeiro in #7445
- docs(queries): update queries catalog by @kicsbot in #7462
- docs(kicsbot): preparing for release 2.1.8 by @kicsbot in #7471
New Contributors
- @jamesbascle made their first contribution in #7450
- @dmeiser made their first contribution in #7454
As part of PR #7423, we significantly optimized the OpenAPI payload generation by resolving a direct circular dependency that previously caused excessive and redundant schema expansion (due to direct references between openAPI files).
This fix has substantially reduced the size of OpenAPI payloads (.yaml or .json files), which in turn may have decreased the number of results produced by KICS OpenAPI queries.
Full Changelog: v2.1.7...v2.1.8
Contributors
Assets 3
v2.1.7
What's Changed
- update(dependabot): add groups to dependabot.yml github action by @cx-artur-ribeiro in #7344
- fix(query): fix FP in openAPI Invalid Media Type Value query by @cx-artur-ribeiro in #7350
- fix(documentation): update descriptionText metadata field for invalid media type openAPI query by @cx-artur-ribeiro in #7361
- docs(queries): add missing platforms to KICS docs website sidebar by @cx-artur-ribeiro in #7376
- ci(deps): bump the all group across 1 directory with 17 updates by @dependabot in #7373
- update(query): change amazonaws.cn links to aws.amazon.com by @connorg in #7288
- fix(password): fix Password and Secrets FP results by @cx-artur-ribeiro in #7353
- update(deps): update docker images to latest versions by @cx-rui-araujo in #7401
- fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile by @smtan-gl in #7397
- docs(queries): update queries catalog by @kicsbot in #7356
- docs(kicsbot): preparing for release 2.1.6 by @kicsbot in #7402
- docs(ansible): remove outdated Ansible limitation and update copyright year by @cx-monica-casanova in #7409
- fix(engine): direct circular dependency is causing resource exhaustion by @cx-miguel-silva in #7423
- docs(typo): fix creating queries documentation page by @cx-artur-ribeiro in #7420
- build(deps): bump the all group across 1 directory with 28 updates by @dependabot in #7413
- ci(deps): bump the all group across 1 directory with 10 updates by @dependabot in #7427
- build(deps): bump the all group with 4 updates by @dependabot in #7426
- ci(deps): bump github/codeql-action from 362ef4ce205154842cd1d34794abd82bb8f12cd5 to d26c46acea4065b13fc57703621e0a7c8b9e836b in the all group by @dependabot in #7430
- build(deps): bump the all group with 3 updates by @dependabot in #7432
- feat(terraform): support nested HCL identifier parsing by grouping variable paths and preserving relative subpaths by @cx-artur-ribeiro in #7428
- docs(queries): update queries catalog by @kicsbot in #7440
- docs(kicsbot): preparing for release 2.1.7 by @kicsbot in #7444
New Contributors
Full Changelog: 2.1.5...v2.1.7
Contributors
Assets 3
v2.1.6
What's Changed
- update(dependabot): add groups to dependabot.yml github action by @ArturRibeiro-CX in #7344
- fix(query): fix FP in openAPI Invalid Media Type Value query by @ArturRibeiro-CX in #7350
- fix(documentation): update descriptionText metadata field for invalid media type openAPI query by @ArturRibeiro-CX in #7361
- docs(queries): add missing platforms to KICS docs website sidebar by @ArturRibeiro-CX in #7376
- ci(deps): bump the all group across 1 directory with 17 updates by @dependabot in #7373
- update(query): change amazonaws.cn links to aws.amazon.com by @connorg in #7288
- fix(password): fix Password and Secrets FP results by @ArturRibeiro-CX in #7353
- update(deps): update docker images to latest versions by @cx-ruiaraujo in #7401
- fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile by @smtan-gl in #7397
- docs(queries): update queries catalog by @kicsbot in #7356
- docs(kicsbot): preparing for release 2.1.6 by @kicsbot in #7402
New Contributors
Full Changelog: 2.1.5...v2.1.6
Contributors
Assets 3
v2.1.5
What's Changed
- update(dockerfile): revert KICS user change from 65532 back to root by @cx-ruiaraujo in #7322
- update(deps): bump path-to-regexp and express in /.github/scripts/server-mock by @dependabot in #7324
- fix(query): correct keyActualValue and keyExpectedValue for maxItems validation by @ArturRibeiro-CX in #7328
- fix(query): openapi maximum_length_undefined query enum and format sanitizers by @EduardoSemanas in #7327
- fix(query): openapi pattern undefined fp enum and format sanitizers by @EduardoSemanas in #7323
- docs(queries): update queries catalog by @kicsbot in #7329
- docs(kicsbot): preparing for release 2.1.5 by @kicsbot in #7332
Full Changelog: v2.1.4...v2.1.5
Contributors
Assets 3
docs(kicsbot): preparing for release 2.1.5 (#7332)
* docs(kicsbot): preparing for release 2.1.5 * bumps kics version --------- Co-authored-by: cx-monicac <109349080+cx-monicac@users.noreply.github.com> Co-authored-by: cx-monicac <monica.casanova@checkmarx.com>
v2.1.4
What's Changed
- docs(kicsbot): preparing for release 2.1.3 by @kicsbot in #7264
- ci(deps): fix npm vulnerability by @cxMiguelSilva in #7278
- fix(query): improve query name security_group_without_description by @aristosvo in #6867
- docs(queries): update queries catalog by @kicsbot in #7281
- update(dockerfile): update Dockerfile USER and add OCI labels to all releases by @cx-ruiaraujo in #7292
- update(ghaction): update kics-gh-action.yaml by @Gabriel28840 in #7286
- update(dockerfile): add new cx images by @cx-ruiaraujo in #7294
- update(deps): vulnerabilities cleanup by @cx-ruiaraujo in #7315
- fix(docs): remove NIFCloud from Beta by @cx-ruiaraujo in #7316
- update(query): update App Service Not Using Latest TLS Encryption Version query to the latest version by @anterosilva1985 in #7302
- fix(queries): add suffix In Defaults for Ansible config queries by @cx-ruiaraujo in #7314
- docs(queries): update queries catalog by @kicsbot in #7317
- update(readme): fix date. by @cx-andrep in #7318
- feat(engine): add new QueryID pattern by @cx-ruiaraujo in #7313
- docs(kicsbot): preparing for release 2.1.4 by @kicsbot in #7320
New Contributors
- @aristosvo made their first contribution in #6867
- @Gabriel28840 made their first contribution in #7286
Full Changelog: v2.1.3...v2.1.4
Contributors
Assets 3
v2.1.3
What's Changed
- fix(password): fix missing positive results from Password and Secrets query by @ArturRibeiro-CX in #7223
- build(makefile): update makefile to add podman commands by @ArturRibeiro-CX in #7243
- update(go): update go version to 1.23.1 by @ArturRibeiro-CX in #7251
- update(cwe): add CWE infos file and logic to sarif reports by @ArturRibeiro-CX in #7178
- update(query): add CWE infos to terraform queries by @ArturRibeiro-CX in #7187
- update(query): add CWE infos to openAPI queries by @ArturRibeiro-CX in #7181
- update(query): add CWE infos to ansible queries by @ArturRibeiro-CX in #7184
- update(query): add CWE infos to cloudFormation queries by @ArturRibeiro-CX in #7180
- update(query): add CWE infos to K8s queries by @ArturRibeiro-CX in #7177
- update(query): add CWE infos to gRPC, Knative and Buildah queries by @ArturRibeiro-CX in #7172
- update(query): add CWE infos to Pulumi queries by @ArturRibeiro-CX in #7171
- update(query): add cwe infos to crossplane queries by @ArturRibeiro-CX in #7170
- update(query): add cwe infos to CICD queries by @ArturRibeiro-CX in #7166
- update(query): add cwe infos to Google Deployment Manager queries by @ArturRibeiro-CX in #7167
- update(query): add CWE information to volume_has_sensitive_host_directory by @julianthome in #7153
- update(query): add cwe infos to serverlessFW queries by @ArturRibeiro-CX in #7165
- update(query): add cwe infos to Azure Resource Manager queries by @ArturRibeiro-CX in #7169
- update(query): add cwe infos to dockerCompose queries by @ArturRibeiro-CX in #7164
- docs(update): update getting started documentation with installation guidance by @ArturRibeiro-CX in #7245
- update(nifcloud): update nifcloud queries metadata and functionality by @ArturRibeiro-CX in #7206
- fix(gcp): rename test files resources to fix parsing errors on gcp queries by @ArturRibeiro-CX in #7253
- docs(queries): update queries catalog by @kicsbot in #7237
New Contributors
- @julianthome made their first contribution in #7153
Full Changelog: v2.1.2...v2.1.3
Contributors
Assets 3
v2.1.2
What's Changed
- update(dockerfile): update go version and golden images by @cx-ruiaraujo in #7186
- update(githubaction): update github action version by @cx-monicac in #7185
- update(certifi): update python certifi version on queries_validator requirements by @ArturRibeiro-CX in #7188
- build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #7190
- fix(resolver): max resolver depth considered while searching for cyclic references by @EduardoSemanas in #7199
- fix(query): fix unexpected behaviour in parameter-checking function for ARM queries by @JulioSCX in #7205
- update(fedramp): tackle IaC and SAST vulnerabilities by @cx-ruiaraujo in #7200
- docs(queries): update queries catalog by @kicsbot in #7210
- fix(query): fix CWE field not appearing in KICS CLI and sarif reports by @ArturRibeiro-CX in #7207
- update(workflow): add pattern validation for query name and description by @JulioSCX in #7208
- fix(packages): upgrade packages by @cx-ruiaraujo in #7226
- docs(queries): update queries catalog by @kicsbot in #7220
- docs(kicsbot): preparing for release 2.1.2 by @kicsbot in #7232
New Contributors
- @cx-monicac made their first contribution in #7185
Full Changelog: v2.1.1...v2.1.2
Contributors
Assets 3
v2.1.1
🚀 New features and improvements
feat(query): add new query for tencentcloud CVM resource by @SevenEarth in #7136
feat(query): add new query for tencentcloud VPC resource by @SevenEarth in #7133
feat(query): add new query for tencentcloud TKE resource by @SevenEarth in #7138
feat(query): add new query for tencentcloud CDB resource by @SevenEarth in #7134
feat(query): add new query for tencentcloud CVM resource by @SevenEarth in #7122
feat(query): add new query for tencentcloud CLB resource by @SevenEarth in #7135
🐛 Bug fixes
fix(dockerfiles): update dockerfiles constant mapping in #7124
fix(version): bump urllib3 version from queries-validator requirements in #7140
fix(query): policy without principal query with false positive for IAM role used as an inline policy in #7097
fix(query): security groups not used query with false positive in aws_elasticache_instance resources in #7098
fix(query): add positive expected results for "secretId" and "secretKey" for Tencentcloud by @SevenEarth in #7146
📦 Dependency updates bumps
build(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in #7155
👻 Maintenance
update(linting): update contribuition guide and remove deprecated linting methods in #7159
update(chainguard): update chainguard image for libcrypto3 and libssl3 versions update in #7173
docs(queries): update queries catalog in #7130
fix(docs): add urls to all queries download in #7154
update(query): change query name to maintain the same logic in #7141
update(ghaction): update kics-gh-action.yaml in #7127
New Contributors
@SevenEarth made their first contribution in #7122
Contributors
Assets 3
v2.1.0
🚀 New features and improvements
feat(bicep): adding bicep support in #6980
update(queries): databricks, nifcloud and tencentcloud queries run by default when kics scans terraform files in #7072
feat(engine): add --max-resolver-depth flag in #7043
feat(engine): similarity id improve in #6970
🐛 Bug fixes
fix(query): added missing case to storage blob query in #7030
fix(flow): save flow in #7083
fix(query): passwords and secrets - generic secrets with fp results in #7087
fix(query): apt-get Missing '-y' To Avoid Manual Input in #7060
fix(query): implicit flow in oauth2 queries duplicated in #7057
fix(query): revert changes in the 'platform_flag_with_from' query in #7117
fix(githubactions): add max length in #7063
fix(query): vcp peering route table should restrict cidr query with fp results in #7067
fix(query): fix bugs and small improvements to TF queries in #7052
fix(query): tf mfa delete doing checks out of its scope in #7051
fix(query): lower properties protocol in #6640
fix(query): slight refactor to actually filter the correct/wanted codes in #7035
📦 Dependency updates bumps
ci(deps): bump peter-evans/repository-dispatch from 2 to 3 in #7049
ci(deps): bump goreleaser/goreleaser-action from 4.2.0 to 5.1.0 in #7070
ci(deps): bump docker/setup-buildx-action from 2 to 3 in #7048
ci(deps): bump styfle/cancel-workflow-action from 0.11.0 to 0.12.1 in #7050
ci(deps): bump golangci/golangci-lint-action from 3.5.0 to 4.0.0 in #6878
ci(deps): bump dev-drprasad/delete-tag-and-release from 0.2.1 to 1.0.1 in #6419
ci(deps): bump peter-evans/create-pull-request from 4 to 6 in #6864
👻 Maintenance
chore(databricks): add new spark LTS runtime by @dim-ops in #7079
chore(databricks): remove deprecated spark lts version by @dim-ops in #7080
update(script): requests version upgrade to 2.32.0 in #7066
update(query): removing special chars from query name in #7061
docs(queries): update queries catalog in #7041
update(docs): experimental queries docs update in #7076
update(deps): dependencies update in #7101
update(deps): update dependencies in #7108
update(readme): readme improvements in #7084
update(prtemplate): update pull request template in #7088
update(codeowners): update CODEOWNERS in #7119
update(roadmap): roadmap is updated in #7082
update(queries): prefix "(beta)" added to queries that are still under review in #7085
update(repo): create CODEOWNERS in #7046
update(gopkg): update package path for v2 in #7042