v1.3.2

Added

+27 new queries
feat(report): add Gitlab SAST report #3432
feat(cli): include queries filter #3431
feat(report): add path, platform, start and end times to HTML report #3455
feat(cli): add flag to define default name #3441
feat(query): add Passwords And Secrets In URL common query #2785 #3459

Changed

removed dup queries #3394 #3424 #3490
docs(integrations): fixing github actions docs closes #3393 #3400
feat(metrics): metrics default to 'ms' and 'b' for 'ci' flag #3477 #3476 #3504
refactor(query): containers_run_with_low_uid rewrite #3430
chore(deps): bump github.com/agnivade/levenshtein from 1.1.0 to 1.1.1 #3404
chore(deps): bump ref nats-server 2.1.9 to 2.2.5 #3410
chore(deps): bump github.com/getsentry/sentry-go from 0.10.0 to 0.11.0 #3416
chore(deps): bump helm.sh/helm/v3 from 3.5.4 to 3.6.0 #3483

Fixed

fix: FP queries #3463 #3486 #3496 #3466
fix(parser): fixed MarshalJSON Error on YAML Extend #3414 #3423
fix(report): update gitlab report fields to match proper formatting #3460
fix(detector): fixed bug with dectector getting the wrong line #2010 #3471
fix(detector): fixed bug with Detect line does not work for OpenAPI template path #3386 #3397
fix(query): issue with '/' on absolute path query from dockerfile
fix(query): fixed issue containers_running_as_root #3412 #3422
fix(issueType): fixing issueTypes for multiple queries and adding test #3399
fix(analyzer): Removed spec property from K8s file Analyzer #3461 #3462
fix(quality): sonarcloud code smells (#3418)

v1.3.1

Added

+112 new queries
+33 unit tests
+11 E2E tests

Changed

chore(deps): bump github.com/rs/zerolog from 1.21.0 to 1.22.0 (#3311)
docs(integrations): update integrations docs (#3252)

Fixed

fix 8 FN queries
fix(parser): Fixed Bug with invalid terraform returning panic #3304 #3305
fix(report): corrected report directory generation (#3201)
fix(logs): log-format JSON printing to console without 'verbose' flag (#3208)
fix(logs): Fix invalid log path not returning error #3155 #3290
fix(docs): Update architecture documentation image #3254 (#3308)

v1.3.0

Added

+46 new queries
feat(engine): multiple paths on --path flag (#3017)
feat(telemetry): opt-out telemetry and fix sentry dsn provisioning (#3041)
feat(cli): parametrizing query execution timeout (#3047) (#3048)
feat(metrics) print CPU and Memory usage in logs (#2379) (#2961)
feat(parser): support ssl certificates and swagger files set as attributes for Ansible and Terraform (#2958) (#2960)
docs(integrations): Jenkinsfile documentation and examples (#3038)
docs(integrations): add CircleCI integration example (#3086)

Changed

BREAKING CHANGE: feat(cli): KICS does not execute scan command as default anymore (#3030)
BREAKING CHANGE: feat(engine): semantic exit code based on results (#2400) (#1721) (#2726)

refactor(query): optimized passwords and secrets query (#3059)
feat(engine): Add file checking to filter unwanted files to be parsed (#2506) (#3045)
feat(performance): concurrent engine scans by parser (#3085) (#3061)
chore(deps): bump github.com/moby/buildkit from 0.8.2 to 0.8.3 (#3051)
chore(deps): bump github.com/open-policy-agent/opa from 0.27.1 to 0.28.0 (#3028)

Fixed

fix(similarity-id): scan is not computing the Similarity ID for file path (#3087)
fix(sast): unhandled errors flagged by cxSAST (#3095)
fix(log): should not print, if printer is not ready
fix(log): unwanted json log when using unknown flag/command (#2967) (#2983)

v1.2.4

Changelog

Added

• Added Open API 3.0 support and query example (#2796) (#2810) +37 queries
• Added +6 new queries
• Generate Homebrew tap with goreleaser (#2667)
• Added --log-format and json logs (#2776)
• Setup E2E tests (#2848) (#2849)
• Added linters for OpenAPI samples (#2831) (#2832)
• Added Darwin and Linux arm64 binaries to release assets

Changed

• Updated queries catalog with OpenAPI 3.0
• Bumping external dependencies (#2794) (#2781) (#2792)
• CI/CD refactoring and improvements.

Fixes

• Fixed GoReport card issues (#2298)
• Fixed detect line bug with ExtractLineFragment (#2933) (#2934)
• Fixed query with the wrong platform in metadata, adding a unit test for it (#2902) (#2903)
• Fixed Kubernetes query 'Service Does Not Target Pod' (#2793) (#2881)
• Printing issues from INFO to HIGH on stdout (#2787)
• CxSAST: Added log when terraform.tfvars not found (#2782)
• Fix bugs with tracker counters (#2767)
• Fix new line missing in 'generate-id' command output (#2941)

v1.2.3

Changelog

maintenance version

Added

• Versioned documentation in https://docs.kics.io/

Fixes

• Fix KICS not rendering Helm chart bug #2761 (#2762)
• Fix malformed files not reporting error #1930 (#2754)

v1.2.2

Changelog

Added

• Add support to terraform vars (#2675)
• Added --log-level flag that determines log verbosity
• Added --log-path flag that determines the log file location
• Added --ci flag that print only logs in stdout (no CLI UI output)

Changed

• Updated documentation
• Bumping external dependencies (#2722)

Fixes

• Fixing gosec issues (#2694)
• Missing log on fail to parse invalid YAML (#2698)
• The flag --no-color should remove color from log messages to console (#2692)
• Fixed bug that panics KICS when --queries-path not exists (#2732)

v1.2.1

Changelog

Added

Helm Support
HTML results output format
One-line install script​
New functions to queries' library
New queries

Changed

Queries improved to reduce FPs
Removed unused 'value' field in queries result

Fixed

Filesystem couldn't close file #2270

v1.2.0

Changelog

Added

SARIF results output format
Flag --exclude-queries to enable to exclude specific queries from the results
Flag --no-color to specify if CLI should have color codes enabled
Flag --minimal-ui to revert to minimal results output
Flag --report-formats to specify in which format to output the results (json, sarif)
Command list-platforms to list all supported platforms (names to use when filtering with --type flag)

Changed

CLI UI major revamp
Updated Go version to v1.16
All queries categories revised
Updated queries to remove FPs and improve accuracy

Fixed

Flag --type passed as empty #2137
KICS config file arrays #2140

v1.1.4

Changelog

Added

Support JSON files for AWS CloudFormation
Configuration file to handle all KICS flags
Query category and description to result output
Flag exclude-results to enable excluding unwanted results from the output

Changed

Improved several queries across all platforms to improve accuracy

Fixed

Type flag is now case insensitive #2092

v1.1.3

Changelog

Added

MacOS binaries in the release
Common query - Password and Secrets in Infrastructure as Code
Platform field to query in metadata.json and results JSON
Progress bar in CLI
Type flag to select type to scan (e.g. Terraform, Dockerfile, etc.)
Exclude-paths flag to enable excluding unwanted folders/files from being scanned
Config flag added to enable passing a .json/yaml config file that contains all flags configured
Added support for multiple unit tests samples in queries
Printing location of generated output file

Fixed

SimilarityID bug when computing with absolute file path (#1977)
KICS failing to scan when queries path is not in same context as kics execution (#1964)