Releases: Checkmarx/kics
v1.4.1
Changelog
New
Add 12 New queries
Added a ignore/disable/enable feature on commented files (#4003)
Deprecated --disable-cis-descriptions flag in favor of --disable-full-descriptions
Refactored queries that used object.get to verify key existence
Refactored scan to use JSON file to create flags (#4006)
Refactored query to use walk (#4067)
Fixed
Removed counters from the progress bar (#3989) (#4046)
Removing ENTRYPOINT from debian images fixes #4066 (#4068)
Fixing bug related to flag -q and adding new cli flag related to library path (-b) (#3900)
Spelling mistake in scan.go (#4015)
Incorrect descriptionUrl in 'HTTP Port Open' query for CloudFormation (#4050)
apispec-70a78b3a
fix release apispec (#4026)
v1.4.0
New
Add support for Azure Resource Manager
Add support for Terraform functions (#3887) (Improves queries accuracy)
Add Center for Internet Security (CIS) descriptions (#3839)
Add flag for filtering by cloud provider (#3897)
Fixed
Renamed crash report variable (#3883)
fix: kics go-getter integration not working inside docker container #3878 (#3880)
fix(cli): correcting wrong path when printing result from remote repository #3982
fix(query): Fix Passwords query FN (#3886)
fix(parser): Fixed issue when trying to parse invalid variable (#3908)
fix(docs): Fixed CSV export on queries page (#3890)
fix(docs): fix missing scan integrations_jenkins.md (#3917)
v1.3.5
Added
+11 new queries
feat(engine): integrate go-getter with KICS to download samples before scan (#3745)
feat(engine): add --input-data option (#3808)
Changed
docs(catalog): split query list per subplatform (#3855)
ci(deps): bump actions/setup-node from 2.1.5 to 2.2.0 (#3797)
ci(deps): bump docker/build-push-action from 2.5.0 to 2.6.1 (#3800)
build(deps): bump helm.sh/helm/v3 from 3.6.1 to 3.6.2 (#3780)
build(deps): bump github.com/tdewolff/minify/v2 from 2.9.18 to 2.9.19 (#3832)
build(deps): bump github.com/zclconf/go-cty from 1.8.4 to 1.9.0 (#3831)
build(deps): bump github.com/google/uuid from 1.2.0 to 1.3.0 (#3851)
Fixed
fix(core): corrected detect line to check first term when multiple terms (#3834)
fix(query): changed search key from Using Default Namespace query to be more accurate (#3828)
fix(query): corrected npm query to skip flag parameters (#3835)
fix(general): fixed some sonar issues (#3825)
fix: wrong version github aciton workflow example (#3812)
fix: examples and docs (#3863)
v1.3.4
Added
+38 Queries (33 openapi + 4 terraform + 1 cloudformation)
Improved queries accuracy - Fixed FP and FN
feat(engine): extract zip files passed as scan --path (#3737)
Changed
file paths are now always relative in stdout and reports
docs(guides): expanded 'Query Development Tutorial' (#3747)
build(deps): bump github.com/spf13/viper from 1.8.0 to 1.8.1 (#3761)
build(deps): bump github.com/tdewolff/minify/v2 from 2.9.17 to 2.9.18 (#3756)
build(deps): bump github.com/johnfercher/maroto from 0.31.0 to 0.33.0 (#3757)
build(deps): bump github.com/zclconf/go-cty from 1.8.3 to 1.8.4 (#3727)
build(deps): bump helm.sh/helm/v3 from 3.6.0 to 3.6.1 (#3687)
Fixed
fix(detector): panic with docker detector multilineSpliter #3784 (#3786)
fix(core): accept folders names with dots (#3775)
fix(cli): display PDF file creation report in stdout (#3740)
ci: fixing assets installation with install script (#3732)
v1.3.3
Added
+89 new queries
feat(report): pdf report #3488 (#3556)
feature(docs): using mkdocs-material theme (#3521)
feat(query): support OpenAPI 2.0/swagger with shared queries (#3492)
Changed
tests: increased unit testing to 85% (#3623)
docs(catalog): support override in query catalog generation (#3555)
chore(deps): bump github.com/open-policy-agent/opa from 0.28.0 to 0.29.4 (#3503)
chore(deps): bump github.com/rs/zerolog from 1.22.0 to 1.23.0 (#3634)
chore(deps): bump github.com/spf13/viper from 1.7.1 to 1.8.0 (#3671)
chore(deps): bump github.com/golang/mock from 1.5.0 to 1.6.0 (#3635)
Fixed
fix(parser): yaml parser panics on templated files (#3531) #3529
fix(report): relative filepaths in report.json #3676 (#3678)
fix(query): generate different similarity id for each unpinned package (#3673)
fix(ci): install script not adjusting arch from amd64 to x64 (#3632)
fix(metrics): fix get-metrics.py for openapi (#3525)
fix(ci): release dkr image debian digest (#3522)
v1.3.2
Added
+27 new queries
feat(report): add Gitlab SAST report #3432
feat(cli): include queries filter #3431
feat(report): add path, platform, start and end times to HTML report #3455
feat(cli): add flag to define default name #3441
feat(query): add Passwords And Secrets In URL common query #2785 #3459
Changed
removed dup queries #3394 #3424 #3490
docs(integrations): fixing github actions docs closes #3393 #3400
feat(metrics): metrics default to 'ms' and 'b' for 'ci' flag #3477 #3476 #3504
refactor(query): containers_run_with_low_uid rewrite #3430
chore(deps): bump github.com/agnivade/levenshtein from 1.1.0 to 1.1.1 #3404
chore(deps): bump ref nats-server 2.1.9 to 2.2.5 #3410
chore(deps): bump github.com/getsentry/sentry-go from 0.10.0 to 0.11.0 #3416
chore(deps): bump helm.sh/helm/v3 from 3.5.4 to 3.6.0 #3483
Fixed
fix: FP queries #3463 #3486 #3496 #3466
fix(parser): fixed MarshalJSON Error on YAML Extend #3414 #3423
fix(report): update gitlab report fields to match proper formatting #3460
fix(detector): fixed bug with dectector getting the wrong line #2010 #3471
fix(detector): fixed bug with Detect line does not work for OpenAPI template path #3386 #3397
fix(query): issue with '/' on absolute path query from dockerfile
fix(query): fixed issue containers_running_as_root #3412 #3422
fix(issueType): fixing issueTypes for multiple queries and adding test #3399
fix(analyzer): Removed spec property from K8s file Analyzer #3461 #3462
fix(quality): sonarcloud code smells (#3418)
v1.3.1
Added
+112 new queries
+33 unit tests
+11 E2E tests
Changed
chore(deps): bump github.com/rs/zerolog from 1.21.0 to 1.22.0 (#3311)
docs(integrations): update integrations docs (#3252)
Fixed
fix 8 FN queries
fix(parser): Fixed Bug with invalid terraform returning panic #3304 #3305
fix(report): corrected report directory generation (#3201)
fix(logs): log-format JSON printing to console without 'verbose' flag (#3208)
fix(logs): Fix invalid log path not returning error #3155 #3290
fix(docs): Update architecture documentation image #3254 (#3308)
v1.3.0
Added
+46 new queries
feat(engine): multiple paths on --path flag (#3017)
feat(telemetry): opt-out telemetry and fix sentry dsn provisioning (#3041)
feat(cli): parametrizing query execution timeout (#3047) (#3048)
feat(metrics) print CPU and Memory usage in logs (#2379) (#2961)
feat(parser): support ssl certificates and swagger files set as attributes for Ansible and Terraform (#2958) (#2960)
docs(integrations): Jenkinsfile documentation and examples (#3038)
docs(integrations): add CircleCI integration example (#3086)
Changed
BREAKING CHANGE: feat(cli): KICS does not execute scan command as default anymore (#3030)
BREAKING CHANGE: feat(engine): semantic exit code based on results (#2400) (#1721) (#2726)
refactor(query): optimized passwords and secrets query (#3059)
feat(engine): Add file checking to filter unwanted files to be parsed (#2506) (#3045)
feat(performance): concurrent engine scans by parser (#3085) (#3061)
chore(deps): bump github.com/moby/buildkit from 0.8.2 to 0.8.3 (#3051)
chore(deps): bump github.com/open-policy-agent/opa from 0.27.1 to 0.28.0 (#3028)
Fixed
fix(similarity-id): scan is not computing the Similarity ID for file path (#3087)
fix(sast): unhandled errors flagged by cxSAST (#3095)
fix(log): should not print, if printer is not ready
fix(log): unwanted json log when using unknown flag/command (#2967) (#2983)
v1.2.4
Changelog
Added
- Added Open API 3.0 support and query example (#2796) (#2810) +37 queries
- Added +6 new queries
- Generate Homebrew tap with goreleaser (#2667)
- Added
--log-formatand json logs (#2776) - Setup E2E tests (#2848) (#2849)
- Added linters for OpenAPI samples (#2831) (#2832)
- Added Darwin and Linux arm64 binaries to release assets
Changed
- Updated queries catalog with OpenAPI 3.0
- Bumping external dependencies (#2794) (#2781) (#2792)
- CI/CD refactoring and improvements.
Fixes
- Fixed GoReport card issues (#2298)
- Fixed detect line bug with ExtractLineFragment (#2933) (#2934)
- Fixed query with the wrong platform in metadata, adding a unit test for it (#2902) (#2903)
- Fixed Kubernetes query 'Service Does Not Target Pod' (#2793) (#2881)
- Printing issues from INFO to HIGH on stdout (#2787)
- CxSAST: Added log when
terraform.tfvarsnot found (#2782) - Fix bugs with tracker counters (#2767)
- Fix new line missing in 'generate-id' command output (#2941)