Releases: aquasecurity/trivy-checks
Releases · aquasecurity/trivy-checks
v1.0.1
v1.0.0
What's Changed
We've transitioned all of the checks from Go to Rego. Therefore we're releasing this early release of the trivy-checks bundle as a new Major version starting as v1.
This bundle will be the default checks bundle starting from the next release of Trivy (v0.56+) to allow for any improvements to be baked in prior to the use in Trivy. See the announcement here.
Commits in this change
- fix(checks): correctly check the protocol in the AVD-AWS-0102 rule by @nikpivkin in #161
- fix(docs): generate multiple examples from Rego by @nikpivkin in #169
- test(bundle): Verify bundle usage by @simar7 in #173
- test: exclude deprecated checks when detecting duplicates by @nikpivkin in #181
- ci: bump OPA to v0.65.0 by @nikpivkin in #186
- feat: add CIDR and squealer built-in Rego functions by @nikpivkin in #174
- chore(deps): bump github.com/open-policy-agent/opa from 0.65.0 to 0.67.0 by @dependabot in #206
- ci: pin Go version by @nikpivkin in #214
- refactor(checks): migrate of some AWS services to Rego by @nikpivkin in #197
- test: reorganize the structure of functional tests by @nikpivkin in #215
- Ignore casing in CIDR wildcards by @InverseIntegral in #210
- refactor(checks): migrate Nifcloud network, dns, sslcertificate to Rego by @nikpivkin in #184
- refactor(checks): migrate GitHub checks to Rego by @nikpivkin in #187
- refactor(checks): migrate Google dns, kms, bigquery to Rego by @nikpivkin in #194
- refactor(checks): migrate Azure appservice, authorization, container to Rego by @nikpivkin in #198
- refactor(checks): migrate Azure datafactory, datalake, keyvault to Rego by @nikpivkin in #201
- ci: add groups for dependabot by @nikpivkin in #213
- chore: init separate package for bundle scripts by @nikpivkin in #218
- refactor(checks): migrate AWS S3 to Rego by @nikpivkin in #204
- refactor(checks): migrate Oracle to Rego by @nikpivkin in #182
- chore(deps): bump trivy by @nikpivkin in #216
- ci: use OPA with custom built-in functions by @nikpivkin in #225
- refactor(checks): migrate Azure monitor, network, synapse, securitycenter to Rego by @nikpivkin in #202
- refactor(checks): migrate DigitalOcean spaces to Rego by @nikpivkin in #188
- refactor(checks): migrate Azure database, compute to Rego by @nikpivkin in #200
- test: initialise tests in each test file by @nikpivkin in #234
- test(bundle): use only canary Trivy by @nikpivkin in #236
- Fix typo in enforce_immutable_repository by @evankanderson in #232
- refactor(checks): migrate Openstack checks to Rego by @nikpivkin in #183
- refactor(checks): migrate Nifcloud computing, rdb, nas to Rego by @nikpivkin in #185
- refactor(checks): migrate Google sql and storage to Rego by @nikpivkin in #189
- refactor(checks): migrate Google IAM to Rego by @nikpivkin in #193
- refactor(checks): migrate Google GKE to Rego by @nikpivkin in #195
- refactor(checks): migrate Google Compute to Rego by @nikpivkin in #196
- refactor(checks): migrate AWS elasticache, elasticsearch, elb to Rego by @nikpivkin in #227
- refactor(checks): migrate AWS emr, kinesis, kms, lambda to Rego by @nikpivkin in #228
- refactor(checks): migrate AWS ecr, efs and eks to Rego by @nikpivkin in #229
- refactor(checks): migrate AWS workspaces, ssm and sqs to Rego by @nikpivkin in #230
- refactor(checks): migrate AWS redshift, sam and sns to Rego by @nikpivkin in #231
- refactor(checks): migrate AWS rds, neptune, mq, ecs to Rego by @nikpivkin in #239
- refactor(checks): migrate AWS IAM to Rego by @nikpivkin in #235
- chore: always pull trivy images by @nikpivkin in #238
- chore(deps): bump github.com/docker/docker from 26.1.3+incompatible to 26.1.5+incompatible in /scripts in the go_modules group across 1 directory by @dependabot in #223
- refactor(checks): migrate CloudStack to Rego by @nikpivkin in #222
- refactor: update Rego libs by @nikpivkin in #240
- refactor(checks): migrate AWS apigateway, cloudfront, cloudwatch to Rego by @nikpivkin in #241
- refactor(checks): migrate DigitalOcean compute to Rego by @nikpivkin in #243
- refactor(checks): migrate Azure storage to Rego by @nikpivkin in #244
- refactor(checks): migrate AWS ec2 to Rego by @nikpivkin in #226
- chore: remove unnecessary test files by @nikpivkin in #242
- chore(checks): deprecate some checks by @nikpivkin in #245
- checks: add default framework to some Rego checks by @nikpivkin in #247
- chore(deps): Bump trivy version by @simar7 in #246
- chore: mark Rego libs as libs by @nikpivkin in #250
New Contributors
- @InverseIntegral made their first contribution in #210
- @evankanderson made their first contribution in #232
Full Changelog: v0.13.0...v1.0.0
v0.13.0
What's Changed
- feat: cis eks spec update by @chen-keinan in #145
- feat: update k8s specs id by @chen-keinan in #149
- chore(deps): Update trivy pkg to latest by @simar7 in #157
- feat: add compliance additional fields by @chen-keinan in #151
- feat: rke2 cis spec support by @chen-keinan in #148
- feat(specs): Expose specs as a pkg by @simar7 in #158
- fix(specs): Relocate rke2-cis by @simar7 in #159
- docs: add compliance contribution docs by @chen-keinan in #152
- fix: update rke2 spec title by @chen-keinan in #160
Full Changelog: v0.12.0...v0.13.0
v0.12.0
What's Changed
- Fix page title for AVD-AWS-0342 in vulnerability database documentation by @thaim in #140
- feat: support node-collector commands and NodeInfo by @chen-keinan in #136
- Add OCI image annotations by @candrews in #141
- chore(deps): bump github.com/open-policy-agent/opa from 0.64.1 to 0.65.0 by @dependabot in #142
- fix: use regex to split command by @nikpivkin in #144
New Contributors
Full Changelog: v0.11.0...v0.12.0
v0.11.0
What's Changed
- chore(deps): bump github.com/aquasecurity/trivy from 0.50.2-0.20240412195250-183eaafb4e42 to 0.50.2 by @dependabot in #116
- chore(deps): Fix testcontainers import by @simar7 in #120
- chore(deps): bump github.com/aquasecurity/trivy from 0.50.2-0.20240426104424-3d66cb8d887e to 0.51.1 by @dependabot in #125
- fix(rego): improve commands parsing by @nikpivkin in #113
- chore(checks): Add CSPM ID for AVD-AWS-0089 by @simar7 in #129
- Cleanup AWS CloudFormation checks examples by @StevenSmiley in #118
- Update docker-cis benchmark to v1.6.0 by @lyoung-confluent in #134
- fix(rego): improve AVD-DS-0015 by @nikpivkin in #135
- chore(deps): bump github.com/docker/docker from 26.0.2+incompatible to 26.1.3+incompatible by @dependabot in #133
- chore(deps): bump the go_modules group across 1 directory with 2 updates by @dependabot in #138
- chore(deps): Bump trivy to v0.51.4 by @simar7 in #139
New Contributors
- @StevenSmiley made their first contribution in #118
- @lyoung-confluent made their first contribution in #134
Full Changelog: v0.10.4...v0.11.0
v0.10.4
What's Changed
- fix(rego): handle multiple install cmds in DS017 by @nikpivkin in #112
Full Changelog: v0.10.3...v0.10.4
v0.10.3
v0.10.2
What's Changed
- fix(azure): update remediation for AVD-AZU-0027 by @nikpivkin in #90
- feat: add DeploymentConfig support by @szubersk in #87
- fix(aws): fix AVD-AWS-0123 examples by @nikpivkin in #93
- ci: add workflow to verify docs by @nikpivkin in #91
- feat: AWS EKS CIS v 1.4 Compliance Spec by @AnaisUrlichs in #92
- feat(checks): check the package manager in AVD-DS-0017 by @nikpivkin in #97
- checks(aws): change the wording of AVD-AWS-0015 by @nikpivkin in #103
- chore(deps): bump the go_modules group group with 2 updates by @dependabot in #101
- chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by @dependabot in #102
- checks: don't skip advanced checks by @nikpivkin in #107
- bug: update manual vs automate label in k8s-eks-1.4 cis benchmarks by @AnaisUrlichs in #106
- fix: cis checks validate (api-server, controller-manager, scheduler and etcd) args by @chen-keinan in #110
New Contributors
- @szubersk made their first contribution in #87
- @AnaisUrlichs made their first contribution in #92
Full Changelog: v0.10.0...v0.10.2
v0.10.1
What's Changed
- fix(azure): update remediation for AVD-AZU-0027 by @nikpivkin in #90
- feat: add DeploymentConfig support by @szubersk in #87
- fix(aws): fix AVD-AWS-0123 examples by @nikpivkin in #93
- ci: add workflow to verify docs by @nikpivkin in #91
- feat: AWS EKS CIS v 1.4 Compliance Spec by @AnaisUrlichs in #92
- feat(checks): check the package manager in AVD-DS-0017 by @nikpivkin in #97
- checks(aws): change the wording of AVD-AWS-0015 by @nikpivkin in #103
- chore(deps): bump the go_modules group group with 2 updates by @dependabot in #101
- chore(deps): bump github.com/docker/docker from 25.0.3+incompatible to 26.0.0+incompatible by @dependabot in #102
- checks: don't skip advanced checks by @nikpivkin in #107
- bug: update manual vs automate label in k8s-eks-1.4 cis benchmarks by @AnaisUrlichs in #106
New Contributors
- @szubersk made their first contribution in #87
- @AnaisUrlichs made their first contribution in #92
Full Changelog: v0.10.0...v0.10.1
v0.10.0
What's Changed
- chore(deps): bump github.com/open-policy-agent/opa from 0.60.0 to 0.61.0 by @dependabot in #75
- fix(checks): add missing ID field by @nikpivkin in #81
- fix: apply policy for gke provider only by @chen-keinan in #82
- refactor(deps): Add id and docGen cmds by @simar7 in #80
- fix(aws): don't check SSLSupportMethod in AVD-AWS-0013 by @nikpivkin in #85
- chore(tests): Add policy based tests by @simar7 in #70
- chore(deps): bump github.com/docker/docker from 25.0.2+incompatible to 25.0.3+incompatible by @dependabot in #76
- chore(deps): bump github.com/owenrumney/squealer from 1.2.1 to 1.2.2 by @dependabot in #84
- fix(kubernetes): fix the KSV001 check by @nikpivkin in #86
- chore(deps): bump github.com/testcontainers/testcontainers-go from 0.27.0 to 0.28.0 by @dependabot in #83
Full Changelog: v0.9.0...v0.10.0