Releases: Checkmarx/kics
v1.7.12
🚀 New features and improvements
feat(engine): improve detection of Ansible host files in #6816
feat(databricks): init terraform databricks rules by @dim-ops in #6086
feat(nifcloud): add nifcloud engine support by @tunakyonn in #6314
feat(engine): resolve references between files as flag in #6789
feat(engine): improve experimental signal on the results and cli in #6798
feat(cli): add new flag --max-file-size to control the max file size by @tomk-orca in #6670
feat(kics): add platform field to sarif format by @Dstklr in #6809
🐛 Bug fixes
fix(parser): reduce complexity of initializeJSONLine by @leadpogrommer in #6807
fix(parser): tf function evaluation - uknown type by @liorj-orca in #6801
fix(deps): update go version version in debian image in #6794
fix(metrics): add buildah and cicd to queries count in #6830
fix(query): fix ssl reference in queryname for cloud sql by @bbbbbrie in #6818
fix(converter): improve check dynamic known types by @liorj-orca in #6815
📦 Dependency updates bumps
ci(deps): bump golang from 1.21.0-alpine to 1.21.5-alpine in #6823
update(deps): security improvements in #6810
👻 Maintenance
update(metadata): queries validator schema updated in #6803
update(action): go-ci-metrics.yaml master to v4 in #6834
update(metadata): cwe item added into queries metadata.json in #6829
docs(queries): update queries catalog in #6835
docs(queries): update queries catalog in #6804
update(docs): remove discord badge in #6817
update(docs): fix typo 'postitive' and update makefile in #6813
update(docs): nifcloud and opentofu logos added in #6808
update(readme): add information regarding beta features in #6805
New Contributors
@tunakyonn made their first contribution in #6314
@bbbbbrie made their first contribution in #6818
@leadpogrommer made their first contribution in #6807
@Dstklr made their first contribution in #6809
@ArturRibeiro-CX made their first contribution in #6830
Contributors
Assets 3
v1.7.11
🚀 New features and improvements
feat(engine): improve detection of Ansible files in #6773
feat(engine): experimental queries as feature flag in #6769
feat(kics): create a kics-queries-repo branch for all queries each release in #6788
feat(panic): add recover for query evaluation process by @liorj-orca in #6770
🐛 Bug fixes
fix(query): dockerfile image_version_not_explicit in #6713
fix(query): added new way of setting extended_auditing_policy in tf azure to the query in #6727
fix(package): fixed version packages in #6679
fix(deps): improve security in #6784
fix(workflow): update release-kics-queries-repo-branch.yaml in #6792
fix(query): iam_access_analyzer_not_enabled in #6553
fix(query): meaningful "Value" and "Expected Value" in multiple queries in #6780
fix(query): false positive detections in "api_key_exposed" function by @Tohar-orca in #6757
👻 Maintenance
docs(queries): fix typo in #6778
docs(queries): update queries catalog in #6775
Contributors
Assets 3
v1.7.10
🐛 Bug fixes
fix(docker): experimental-queries.json: no such file or directory in #6755
fix(query): terraform alb_is_not_integrated_with_waf in #6636
fix(query): dockerfile unpinned_package_version_in_pip_install in #6637
👻 Maintenance
docs(experimentalfeature): update docs for experimental queries by @asofsilva in #6748
New Contributors
@asofsilva made their first contribution in #6748
Contributors
Assets 3
v1.7.9
🚀 New features and improvements
feat(query): ansible config communication_over_http in #6627
feat(query): ansible config privilege_escalation_using_become_plugin in #6628
feat(query): ansible config logging_of_sensitive_data in #6697
feat(query): ansible playbooks privilege escalation using become plugin in #6695
feat(query): ansible playbooks Unpinned Package Version in #6693
feat(query): ansible playbooks Insecure Relative Path Resolution in #6705
feat(query): ansible playbooks Logging of Sensitive Data in #6700
feat(query): ansible playbooks risky file permissions in #6694
feat(engine): experimental features queries scan in #6614
feat(query): github workflows script injection query in #6744
feat(query): added cicd github query unsecured commands in #6720
feat(query): github workflows run injection query in #6742
🐛 Bug fixes
fix(security): critical CVEs in terraform and terraform-provider-azurerm by @jeremypetit-grtgaz in #6701
👻 Maintenance
docs(guides): changed code-ql action to v2 due to v1 depecration by @LuisVentuzelos in #6750
docs(queries): update queries catalog in #6732
update(doc): adding aws cdk integration in #6740
New Contributors
@jeremypetit-grtgaz made their first contribution in #6701
@LuisVentuzelos made their first contribution in #6750
Contributors
Assets 3
v1.7.8
🚀 New features and improvements
feat(engine): added github workflows scan in #6664
feat(query): unpinned actions full length commit sha in #6698
feat(query): ansible hosts ansible tower exposed to internet in #6691
feat(query): ansible config allow unsafe lookups in #6626
feat(query): ansible playbooks communication over http in #6687
feat(panic): add panic handler to terraform parser by @liorj-orca in #6726
🐛 Bug fixes
fix(workflows): fixed action's pin in #6689
fix(query): ca certificate identifier is outdated tf aws in #6683
fix(engine): added condition to check if gitignore is not empty to fix unit tests in #6706
fix(query): dockercompose Host Namespace is Shared in #6719
fix(test): e2e name in #6685
📦 Dependency updates bumps
ci(deps): bump golang from 1.20.7-alpine to 1.21.0-alpine in #6623
👻 Maintenance
update(docs): adding github icon into readme and docs website in #6722
update(comments): comments related to files extensions updated in #6696
docs(queries): update queries catalog in #6699
Contributors
Assets 3
v1.7.7
🚀 New features and improvements
feat(panic): add panic handler to possible panic places in #6527
🐛 Bug fixes
fix(query): query search_key now contains correct value of resource in #6655
fix(workflow): skip apache license workflow if user is a bot in #6657
fix(parser): added condition in convertExpression in #6635
fix(engine): skip broken symlink/eloop by @liorj-orca in #6665
fix(parser): support nameless tf resources by @liorj-orca in #6510
fix(query): support GCP IAM policy members as lists by @Tohar-orca in #6548
👻 Maintenance
update(doc): kics github action version update in #6667
docs(queries): update queries catalog in #6662
Contributors
Assets 3
v1.7.6
🚀 New features and improvements
feat(query): docdb logging is disabled for pulumi in #6556
feat(query): docdb logging is disabled for crossplane in #6557
feat(query): docdb logging is disabled for cloudformation in #6555
feat(parser): ansible inventory in #6516
feat(query): amazon rds db instance publicly accessible query for pulumi in #6562
feat(query): rds DB Instance Publicly Accessible for Crossplane in #6615
feat(parser): ansible configuration support in #6595
feat(engine): add kics analyze command in #6582
feat(workflow): github workflow to check for apache license in #6606
feat(workflow): new github workflow that checks the PR's Go coverage in #6656
🐛 Bug fixes
fix(query): db instance publicly accessible ansible query refactor in #6558
fix(query): amazon db instance publicly accessible for terraform query refactor in #6560
fix(query): alicloud rds instance address publicly accessible terraform query refactor in #6559
fix(query): amazon rds db instance publicly accessible query refactor in #6561
fix(workflow): fix Pwn Request Vulnerability by @AdnaneKhan in #6638
fix(query): fixed terraform azure query where min_tls_version was not accepting string in #6622
fix(workflows): fixed community label being added to bots prs and pr titles in other workflows in #6597
fix(coverage): add test for analyze command in #6654
fix(test): kics go coverage in #6658
📦 Dependency updates bumps
build(deps): bump github.com/emicklei/proto from 1.11.1 to 1.11.2 in #6380
build(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.2 in #6502
ci(deps): bump lots0logs/gh-action-get-changed-files from 2.1.4 to 2.2.2 in #6406
build(deps): bump github.com/hashicorp/terraform-json from 0.15.0 to 0.16.0 in #6279
ci(deps): bump golang from 1.20.6-alpine to 1.20.7-alpine in #6588
👻 Maintenance
docs(main): add discord invite to readme by @baruchiro in #6570
docs(queries): update queries catalog in #6612
New Contributors
- @baruchiro made their first contribution in #6570
- @AdnaneKhan made their first contribution in #6638
Contributors
Assets 3
v1.7.5
🚀 New features and improvements
feature(engine): upgrade engine error handling for self ref in yaml/json files in #6532
feat(workflow): added github workflow to validate pr title in #6537
feat(workflow): added github workflow to add labels to issues according to its title in #6551
🐛 Bug fixes
fix(secrets): improve oAuthSecret secret to detect more valid characters in #6522
fix(regex): add Quotation mark in #6529
fix(query): non detection of . in vars for Terraform in #6534
fix(summary): add SearchLine Key to qItem in #6494
fix(query): transit_encryption attribute changed in #6477
fix(query): split One Query Policy in #6540
fix(query): add CidrIp Comparision in #6542
fix(query): add Allow Rule to Generic Private Key in #6538
fix(inspector): change regex special mask in #6535
fix(query): change ExpectedValue and ActualValue in #6543
fix(analyzer): remove optional dockercompose regex in #6539
📦 Dependency updates bumps
ci(deps): bump golang from 1.20.5-alpine to 1.20.6-alpine in #6512
👻 Maintenance
docs(queries): update queries catalog in #6546
update(docker): drop patch version from alpine docker tag in #6463
v1.7.4
🚀 New features and improvements
Remove searching for vuls in resolved files in #6500
🐛 Bug fixes
iam_access_analyzer_not_enabled Query Changed in #6490
fix(comment): Changed comment count in #6472
Fix FN in string due to bad allowRule matches in #6497
fix(query): ddd missing search value in response code missing query for open api in #6508
fix(regex): added regex into allow rule list in #6506
Fix(Extracted-Info) - Fix metadata.json from template being used in #6515
Fix(Regex) - fix putty file key query regex in #6517
Fix(Engine) - Fix resolver panic in #6519
fix(resolver): recover panic during resolve in #6511
Fix(Engine) - Json non ref being ref in #6518
fix(Tracker): Add Resolved File Lines' counter in #6501
fix missing queries in #6526
fix(regex): update regex allow rule in #6523
📦 Dependency updates bumps
build(deps): bump github.com/aws/aws-sdk-go from 1.44.227 to 1.44.295 in #6495
👻 Maintenance
Add assets to extractedinfo.zip in #6507
v1.7.3
🚀 New features and improvements
Add terraform vars path feature in #6456
feature(logs): Add Ignored Lines in #6447
🐛 Bug fixes
fix(sink): Added regex to subs "\r" (line break) in #6469
Bug(Engine) - Remove counting comments as references in Yaml in #6482
fix(query): Add SearchLine in #6487
fix(query): adding fuzzy version in #6492
👻 Maintenance
Update README.md in #6471
Add Terraform variables path docs in #6467
docs(update): terraform vars path in #6476