Skip to content

Latest commit

 

History

History
491 lines (405 loc) · 48.1 KB

CHANGELOG.md

File metadata and controls

491 lines (405 loc) · 48.1 KB

Changelog

v1.6.0 (2021-05-10)

Full Changelog

Implemented enhancements:

  • Atlantis Integration #686
  • Enhancement: support for all iac scan for cli #673
  • Feature request: scan sub-folders too #411

Fixed bugs:

  • Admission Controller Doesn't display feedback for kubectl "create" and "apply" #731

Closed issues:

  • GKE Control Plane is exposed to few public IP addresses #743
  • Error with finding Enable AWS CloudWatch Logs for APIs #730
  • Task: Add to github actions ability to build/push terrascan_atlantis image #728
  • accurics.azure.NS.161 does not work with tfplan #725
  • terrascan "latest" docker image broken for tfplan #718
  • Local expansion recursive infinite loop #690

Merged pull requests:

Changelog

v1.5.0 (2021-04-23)

Full Changelog

Fixed bugs:

  • Recursive loop expanding variables in included module #675
  • Terrascan doesn't resolve terraform complex variables #656
  • Panic while resolving floating point variable #652
  • Terrascan using absolute path for "source" value of resource #642
  • Failed to initialize terrascan. error : failed to install policies #614
  • Terrascan not able to read modules within a subdirectory #600
  • Terrascan init command doesn't work with -c flag #550

Closed issues:

  • Not able to scan repo when google terraform module defined #681
  • The link referencing the documentation to integrate Terrascan into CI/CD is broken #669
  • Make saving of "admission request" configurable via an option in the config file for the validating admission webhook #664
  • Add API_KEY to the /logs endpoint for the validating admission webhook #662
  • Panic: not a string #647
  • unit tests and e2e tests failing on windows #639
  • Add support for private terraform repos #631
  • policy not evaluating #629
  • Terrascan does not support to download modules via SSH #621
  • terrascan scan fails if path and rego_subdir are not provided together in the toml configfile #619
  • Getting error while running scan on our terraform repo #607
  • Terrascan not found policy id #601
  • Policies Violated and Violated Policies are confusing. #598
  • Invalid categories not being validated from config file #594
  • Terrascan API server's file scan doesn't work for k8s yaml files #584
  • Add /go/bin to the PATH variable in Docker image #577
  • terrascan scan command doesn't work with TERRASCAN_CONFIG env variable #570
  • Format junit-xml need to have passed test results, not only failed test #563
  • optimize policy download process in terrascan init #535

Merged pull requests:

v1.4.0 (2021-03-05)

Full Changelog

Implemented enhancements:

  • Scanning terraform plan files #407
  • Adds support for junit xml output #527
  • Adds e2e test scenarios for help and scan command #564
  • Adds e2e tests for api server #585
  • Please checkout our new Github Action!

Fixed bugs:

  • Fixed a few bugs in the init command and downloading of fresh policies, including #561
  • Difference in violated policies for the same terraform file #519
  • false positive for AWS.Instance.NetworkSecurity.Medium.0506 #404
  • accurics.gcp.IAM.122 needs to take into account the new name for Uniform bucket-level access flag #329
  • fix the 'repo already exist' bug and improve error logging for terrascan init #552 (dev-gaur)

Closed issues:

  • terrascan API server's file scan always returns the resource config #578
  • Issue on Azure DevOps Agents since 1.3.2 : failed to initialize terrascan #561
  • Could not get terrascan init to work - would not download policy documents #551

Merged pull requests:

v1.3.2 (2021-02-03)

Full Changelog

Fixed bugs:

  • terrascan init should download new policies #521

Closed issues:

  • How to get rid of "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary." #405
  • False Positive for accurics.azure.NS.161 when Security Groups Association and Subnets are defined indepently from VNet #391
  • Calico is not supported as a valid Network Security for azurerm_kubernetes_cluster #376

Merged pull requests:

v1.3.1 (2021-01-22)

Full Changelog

Implemented enhancements:

  • Support for remote modules
  • Tag container image with release version #504

Fixed bugs:

  • Build error on ARM MacOS
  • terrascan consider source = "terraform-aws-modules/vpc/aws" as local path #418
  • Failed to read module directory #332

Closed issues:

  • Custom Variable Validation no longer experiemental in 0.13 #500

Merged pull requests:

v1.3.0 (2021-01-19)

Full Changelog

Implemented enhancements:

  • Prints output in human friendly format #168
  • Support for rule suppression using terraform comments,kubernetes annotations, cli arguments, and config file.
  • New Policies for Kubernetes #480
  • Tag released Docker images #398
  • Add policy for checking insecure_ssl configuration for github_repository_webhook in GitHub provider #355
  • Introduced support for terraform .14 and .13. Note: This will introduce some breaking changes for terraform v.12 files, even if using --iac-version v.12 flag. Notably we will no longer support multiple providers blocks, and certain references inside provisioner blocks (objects other than self, count or each, where when = destroy) . For more details see: https://github.com/hashicorp/terraform/releases/tag/v0.13.0

Fixed bugs:

  • terrascan doesn't allow registering multiple versions for an iac-type #471
  • Debug resource lock #432
  • terrascan panic: not a string #412
  • False positive for aws rule vpcFlowLogsNotEnabled #408
  • accurics.GCP.EKM.132 and accurics.GCP.EKM.131 wrong violation using disk_encryption_key #382
  • s3EnforceUserACL - False Positive #359
  • How to fix accurics.azure.EKM.20 #331
  • Why accurics.gcp.IAM.104 suggests enabling a client certificate? #330

Closed issues:

  • terraform can't detect violations in terraform modules #468
  • uniformBucketEnabled.rego referencing deprecated config #453
  • Unable to run terrascan scan #446
  • Terrascan doesn't exit with error on CLI or Parsing errors. #442
  • Terrascan Failure When Using Terraform 13 + Variable Validation #426
  • Update policy example in documentation to use latest GitHub implementation #422
  • Fix link to repo playground in policies documentation #421
  • terrascan scan crashes with runtime: goroutine stack exceeds 1000000000-byte limit #406
  • Typo error in the terrascan Architecture page #403
  • accurics.gcp.OPS.114 should also check for cos_containerd image #395
  • accurics.gcp.NS.112 suggest basic auth is enabled when is not #394
  • Test coverage missing for kustomize iac-provider #379
  • Why is vpcFlowLogsNotEnabled determined to be a violation? #352

Merged pull requests:

v1.2.0 (2020-11-16)

Full Changelog

Implemented enhancements:

  • Add support for Helm #353
  • Add 'git' to container image, or run container as 'root' user by default #349
  • Add policy for checking insecure_ssl configuration for github_organization_webhook in GitHub provider #339
  • Rule for github_repository seems to be wrongly placed under gcp #325

Fixed bugs:

  • Fail to validate when there are multiple properties with the same name in a resource #1

Closed issues:

  • Deep modules location mis-proccessed. #365
  • 20MB binary file included in repo now #364
  • Private GitHub repositories are not recognized with version 3.0.0+ of GitHub provider #326
  • Terrascan -var-file=../another dir #144
  • Error in test_aws_security_group_inline_rule_open and test_aws_security_group_rule_open #138
  • Intial setup after installation #136
  • Add support for data sources #3
  • Support from modules #2

Merged pull requests:

v1.1.0 (2020-09-16)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Terrascan wrongly reports a accurics.gcp.NS.130 (checkIpForward) violation #320
  • Allow structure output (Json) #252
  • Throwing Errors when parsing nested brackets in HCL #233
  • Be able to generate xml/html reports #119

Merged pull requests:

1.0.0 (2020-08-16)

Major updates to Terrascan and the underlying architecture including:

  • Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling.
  • Server mode. This allows Terrascan to be executed as a server and use it's API to perform static code analysis
  • Notifications hooks. Will be able to integrate for notifications to external systems (e.g. email, slack, etc.)
  • Uses OPA policy engine and policies written in Rego.

0.2.3 (2020-07-23)

  • Introduces the '-f' flag for passing a list of ".tf" files for linting and the '--version' flag.

0.2.2 (2020-07-21)

  • Adds Docker image and pipeline to push to DockerHub

0.2.1 (2020-06-19)

  • Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the ">=" operator.

0.2.0 (2020-01-11)

  • Adds support for terraform 0.12+

0.1.2 (2020-01-05)

  • Adds ability to setup terrascan as a pre-commit hook

0.1.1 (2020-01-01)

  • Updates dependent packages to latest versions
  • Migrates CI to GitHub Actions from travis

0.1.0 (2017-11-26)

  • First release on PyPI.

* This Changelog was automatically generated by github_changelog_generator