v1.12.1

What's Changed

• fix: check only managed account in AVD-AZU-0012 by @nikpivkin in #494

Full Changelog: v1.12.0...v1.12.1

v1.12.0

What's Changed

• fix: add support for workload_metadata_config.mode values in AVD-GCP-0057 by @nikpivkin in #429
• docs: improve documentation and examples for AVD-AWS-0132 by @nikpivkin in #431
• feat: support 'from to' command format in AVD-DS-0005 by @nikpivkin in #433
• chore(deps): bump github.com/open-policy-agent/opa from 1.4.2 to 1.5.0 in the common group by @dependabot[bot] in #432
• BREAKING: refactor(checks): Remove deprecated ID field from checks by @simar7 in #430
• fix: check if queue properties is managed in AVD-AZU-0009 by @nikpivkin in #435
• feat: improve detecting logging bucket in AVD-AWS-0132 by @nikpivkin in #434
• feat: detect default SA usage in GKE Autopilot/NAP in AVD-GCP-0050 by @nikpivkin in #439
• chore(deps): bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 in the go_modules group by @dependabot[bot] in #438
• Revert "BREAKING: Remove deprecated ID field from checks (#430)" by @simar7 in #444
• refactor(misconf): Use id and long_id for misconfig checks by @simar7 in #441
• fix: ignore values with interpolation in AVD-KSV-0109 by @nikpivkin in #442
• chore: store additional info in metadata by @nikpivkin in #451
• feat: Added check no open RDP access by @yagreut in #447
• feat: add no personal email check for GCP by @yagreut in #445
• feat: added 3 access checks to gcp by @yagreut in #448
• test: validate test_* rule inputs against schema by @nikpivkin in #452
• chore(deps): bump github.com/go-viper/mapstructure/v2 from 2.2.1 to 2.3.0 in the go_modules group by @dependabot[bot] in #443
• chore(deps): bump the common group across 1 directory with 7 updates by @dependabot[bot] in #454
• test: disallow extra fields in cloud schema validation by @nikpivkin in #458
• refactor: rename kubernetes check files based on subsystem by @simar7 in #456
• lint: add minimum_trivy_version to schema by @nikpivkin in #460
• fix(gcp): support default ports for compute firewall by @nikpivkin in #461
• feat: add 3 compute checks by @yagreut in #455
• feat: Add 2 storage checks by @yagreut in #459
• test: skip checks by minimum_trivy_version by @nikpivkin in #462
• fix(gcp): properly check if bucket has logging by @nikpivkin in #464
• test: skip unsupported checks for test bundles by @nikpivkin in #467
• feat: add iam check by @yagreut in #465
• chore(deps): bump github.com/open-policy-agent/opa from 1.6.0 to 1.7.1 in the common group by @dependabot[bot] in #466
• chore: deprecate AWS-0088 check due to default SSE by @nikpivkin in #469
• fix: handle image registry and port correctly in KSV-0013 by @nikpivkin in #470
• feat: add check for default network rules in AVD-AZU-0012 by @nikpivkin in #284
• chore: rewrite bundle build script from bash to Go by @nikpivkin in #468
• refactor: improve shell command splitting via sh.parse_commands by @nikpivkin in #473
• build: don’t fail on missing GitHub ref prefix by @nikpivkin in #474
• feat: add prevent-custom-role-creation check by @yagreut in #471
• chore: fix examples for GCP-0079 by @nikpivkin in #481
• test: use ORAS image from GHCR by @nikpivkin in #488
• Revert "refactor(misconf): Use id and long_id for misconfig checks (#441)" by @nikpivkin in #490
• chore(misconf): clarify messages for service account impersonation checks by @nikpivkin in #480
• chore: fix message for example check USR-TFPLAN-0001 by @nikpivkin in #482
• ci: add 3-day cooldown for dependabot by @nikpivkin in #483
• feat: add example for custom check on raw Terraform config by @nikpivkin in #487

New Contributors

• @yagreut made their first contribution in #447

Full Changelog: v1.11.2...v1.12.0

Full Changelog: v1.12.0...v1.12.0

v1.11.2

What's Changed

• fix: skip images without registry in KSV0125 by @nikpivkin in #428

Full Changelog: v1.11.1...v1.11.2

v1.11.1

What's Changed

• Revert "docs: add example check for Terraform Raw Format (#411)" by @simar7 in #427

Full Changelog: v1.11.0...v1.11.1

v1.11.0

What's Changed

• fix: detect unspecified securityContext in KSV118 by @nikpivkin in #402
• Fix unreachable URL of AVD-AWS-0320 metadata by @nekketsuuu in #406
• Fix filename in CONTRIBUTING.md by @nekketsuuu in #407
• chore(deps): bump the go_modules group with 2 updates by @dependabot in #405
• chore(deps): bump the common group across 1 directory with 2 updates by @dependabot in #408
• chore(deps): bump oras-project/setup-oras from 1.2.2 to 1.2.3 in the github-actions group by @dependabot in #403
• chore: update azure examples by @nikpivkin in #412
• fix: correctly detect empty objects in KSV118 by @nikpivkin in #410
• fix: make wildcard match in IAM policy checks case-insensitive by @nikpivkin in #413
• refactor(checks): Flatten all kubernetes checks by @simar7 in #414
• chore(docs): Improve code clarity and consistency through minor refinements by @arpitjain099 in #417
• Fix misconfigurations in code especially in yaml files by @arpitjain099 in #418
• lint: enable 'duplicate-rule' rule by @nikpivkin in #420
• chore: remove unnecessary regal lint arguments by @nikpivkin in #419
• feat: combine multiple image registry checks into one by @nikpivkin in #391
• chore: pass schemas to opa test by @nikpivkin in #386
• lint: enable some rules from bugs category by @nikpivkin in #422
• chore: update aws emr, iam, kinesis, kms, lambda examples by @nikpivkin in #423
• lint: add regal rule to check data import prefix by @nikpivkin in #415
• refactor(test): use testcontainers-go for running Trivy by @nikpivkin in #424
• refactor(test): use metadata package to validate uniqueness of AVD IDs by @nikpivkin in #426
• refactor(test): use custom types for Trivy report parsing by @nikpivkin in #425
• fix(checks): Separate out unrestricted S3 checks by @simar7 in #409
• docs: Add a note for cost consideration for AVD-AWS-0090 aws-s3-enable-versioning by @nekketsuuu in #421
• docs: add example check for Terraform Raw Format by @nikpivkin in #411

New Contributors

• @nekketsuuu made their first contribution in #406
• @arpitjain099 made their first contribution in #417

Full Changelog: v1.10.0...v1.11.0

v1.10.0

What's Changed

• feat(checks): Improve AVD-AWS-0345 by @simar7 in #398

Full Changelog: v1.9.0...v1.10.0

v1.9.0

What's Changed

• fix: add kind to input selector in KSV039 and KSV040 by @nikpivkin in #377
• fix: do not check default security group in AVD-AWS-0099 by @nikpivkin in #379
• chore: update aws elasticache, elasticsearch and elb examples by @nikpivkin in #368
• chore: update aws/eks examples by @nikpivkin in #365
• chore: update aws codebuild, config, dynamodb, documentdb examples by @nikpivkin in #359
• chore: update neptune, redshift, sam examples by @nikpivkin in #382
• chore: update aws sns, sqs, ssm, workspace examples by @nikpivkin in #381
• fix: check only managed load balancers by @nikpivkin in #369
• fix: skip GKE Autopilot clusters in AVD-GCP-0048 by @nikpivkin in #384
• fix(checks): Update description of KSV037 by @simar7 in #380
• chore(deps): bump the common group across 1 directory with 6 updates by @dependabot in #383
• feat(checks): Restrict s3 from wild card access by @simar7 in #373
• ci: use Skitionek/notify-microsoft-teams instead of aquasecurity fork by @DmitriyLewen in #389
• feat: add support for new allowed sysctls in AVD-KSV-0026 by @nikpivkin in #388
• feat: consider k8s version in sysctls checks in KSV026 by @nikpivkin in #390
• chore: update kubernetes, openstack and oracle examples by @nikpivkin in #392
• chore: update cloudstack, digitalocean and github examples by @nikpivkin in #393
• chore: update nifcloud examples by @nikpivkin in #395
• chore: update google bigquery, compute, dns, kms examples by @nikpivkin in #396
• chore: update google gke, iam, sql, storage examples by @nikpivkin in #397
• chore: update aws mq, msk, rds, s3 examples by @nikpivkin in #400
• chore(deps): bump the common group across 1 directory with 4 updates by @dependabot in #401

New Contributors

• @DmitriyLewen made their first contribution in #389

Full Changelog: v1.8.1...v1.9.0

v1.8.1

What's Changed

• fix(bundle): Correctly add compliance checks into the bundle by @simar7 in #376

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

• test: run integration tests across multiple Trivy versions by @nikpivkin in #343
• refactor(repo): Simplify structure by @simar7 in #308
• chore: use examples field by @nikpivkin in #351
• chore: update aws apigateway, anthena, cloudfront, cloudtrail examples by @nikpivkin in #356
• refactor: specify metadata in annotations instead of rule in KSV107 by @nikpivkin in #355
• refactor(deps): Use OPA v1 by @simar7 in #358
• feat(aws): Add check for malicious AMI detection by @simar7 in #352
• fix: not to check DB instances in AVD-AWS-0022 by @nikpivkin in #360
• feat: support Policy-Min-TLS-1-2-PFS-2023-10 in AVD-AWS-0126 by @nikpivkin in #367
• chore(deps): bump the common group across 1 directory with 2 updates by @dependabot in #361
• ci: bump Go to 1.24 by @nikpivkin in #363
• refactor: use OPA to retrieve checks metadata by @nikpivkin in #354
• refactor: simplify AVD-AWS-0038 by @nikpivkin in #364
• chore: update aws ec2, ecr, ecs, efs examples by @nikpivkin in #362
• feat(checks): Add checks for IngressNightmare by @simar7 in #374
• chore(deps): bump the common group with 2 updates by @dependabot in #370
• chore(deps): bump the go_modules group with 2 updates by @dependabot in #372
• chore(deps): bump the go_modules group with 2 updates by @dependabot in #375

Full Changelog: v1.7.1...v1.8.0

v1.7.1

What's Changed

• ci: grant permission to release workflow by @nikpivkin in #347

Full Changelog: v1.7.0...v1.7.1