v2.1.6

What's Changed

• update(dependabot): add groups to dependabot.yml github action by @ArturRibeiro-CX in #7344
• fix(query): fix FP in openAPI Invalid Media Type Value query by @ArturRibeiro-CX in #7350
• fix(documentation): update descriptionText metadata field for invalid media type openAPI query by @ArturRibeiro-CX in #7361
• docs(queries): add missing platforms to KICS docs website sidebar by @ArturRibeiro-CX in #7376
• ci(deps): bump the all group across 1 directory with 17 updates by @dependabot in #7373
• update(query): change amazonaws.cn links to aws.amazon.com by @connorg in #7288
• fix(password): fix Password and Secrets FP results by @ArturRibeiro-CX in #7353
• update(deps): update docker images to latest versions by @cx-ruiaraujo in #7401
• fix(dockerfile): restore CGO_ENABLED=0 for static linking in Dockerfile by @smtan-gl in #7397
• docs(queries): update queries catalog by @kicsbot in #7356
• docs(kicsbot): preparing for release 2.1.6 by @kicsbot in #7402

New Contributors

• @connorg made their first contribution in #7288
• @smtan-gl made their first contribution in #7397

Full Changelog: 2.1.5...v2.1.6

v2.1.5

What's Changed

• update(dockerfile): revert KICS user change from 65532 back to root by @cx-ruiaraujo in #7322
• update(deps): bump path-to-regexp and express in /.github/scripts/server-mock by @dependabot in #7324
• fix(query): correct keyActualValue and keyExpectedValue for maxItems validation by @ArturRibeiro-CX in #7328
• fix(query): openapi maximum_length_undefined query enum and format sanitizers by @EduardoSemanas in #7327
• fix(query): openapi pattern undefined fp enum and format sanitizers by @EduardoSemanas in #7323
• docs(queries): update queries catalog by @kicsbot in #7329
• docs(kicsbot): preparing for release 2.1.5 by @kicsbot in #7332

Full Changelog: v2.1.4...v2.1.5

docs(kicsbot): preparing for release 2.1.5 (#7332)

* docs(kicsbot): preparing for release 2.1.5

* bumps kics version

---------

Co-authored-by: cx-monicac <[email protected]>
Co-authored-by: cx-monicac <[email protected]>

v2.1.4

What's Changed

• docs(kicsbot): preparing for release 2.1.3 by @kicsbot in #7264
• ci(deps): fix npm vulnerability by @cxMiguelSilva in #7278
• fix(query): improve query name security_group_without_description by @aristosvo in #6867
• docs(queries): update queries catalog by @kicsbot in #7281
• update(dockerfile): update Dockerfile USER and add OCI labels to all releases by @cx-ruiaraujo in #7292
• update(ghaction): update kics-gh-action.yaml by @Gabriel28840 in #7286
• update(dockerfile): add new cx images by @cx-ruiaraujo in #7294
• update(deps): vulnerabilities cleanup by @cx-ruiaraujo in #7315
• fix(docs): remove NIFCloud from Beta by @cx-ruiaraujo in #7316
• update(query): update App Service Not Using Latest TLS Encryption Version query to the latest version by @anterosilva1985 in #7302
• fix(queries): add suffix In Defaults for Ansible config queries by @cx-ruiaraujo in #7314
• docs(queries): update queries catalog by @kicsbot in #7317
• update(readme): fix date. by @cx-andrep in #7318
• feat(engine): add new QueryID pattern by @cx-ruiaraujo in #7313
• docs(kicsbot): preparing for release 2.1.4 by @kicsbot in #7320

New Contributors

• @aristosvo made their first contribution in #6867
• @Gabriel28840 made their first contribution in #7286

Full Changelog: v2.1.3...v2.1.4

v2.1.3

What's Changed

• fix(password): fix missing positive results from Password and Secrets query by @ArturRibeiro-CX in #7223
• build(makefile): update makefile to add podman commands by @ArturRibeiro-CX in #7243
• update(go): update go version to 1.23.1 by @ArturRibeiro-CX in #7251
• update(cwe): add CWE infos file and logic to sarif reports by @ArturRibeiro-CX in #7178
• update(query): add CWE infos to terraform queries by @ArturRibeiro-CX in #7187
• update(query): add CWE infos to openAPI queries by @ArturRibeiro-CX in #7181
• update(query): add CWE infos to ansible queries by @ArturRibeiro-CX in #7184
• update(query): add CWE infos to cloudFormation queries by @ArturRibeiro-CX in #7180
• update(query): add CWE infos to K8s queries by @ArturRibeiro-CX in #7177
• update(query): add CWE infos to gRPC, Knative and Buildah queries by @ArturRibeiro-CX in #7172
• update(query): add CWE infos to Pulumi queries by @ArturRibeiro-CX in #7171
• update(query): add cwe infos to crossplane queries by @ArturRibeiro-CX in #7170
• update(query): add cwe infos to CICD queries by @ArturRibeiro-CX in #7166
• update(query): add cwe infos to Google Deployment Manager queries by @ArturRibeiro-CX in #7167
• update(query): add CWE information to volume_has_sensitive_host_directory by @julianthome in #7153
• update(query): add cwe infos to serverlessFW queries by @ArturRibeiro-CX in #7165
• update(query): add cwe infos to Azure Resource Manager queries by @ArturRibeiro-CX in #7169
• update(query): add cwe infos to dockerCompose queries by @ArturRibeiro-CX in #7164
• docs(update): update getting started documentation with installation guidance by @ArturRibeiro-CX in #7245
• update(nifcloud): update nifcloud queries metadata and functionality by @ArturRibeiro-CX in #7206
• fix(gcp): rename test files resources to fix parsing errors on gcp queries by @ArturRibeiro-CX in #7253
• docs(queries): update queries catalog by @kicsbot in #7237

New Contributors

• @julianthome made their first contribution in #7153

Full Changelog: v2.1.2...v2.1.3

v2.1.2

What's Changed

• update(dockerfile): update go version and golden images by @cx-ruiaraujo in #7186
• update(githubaction): update github action version by @cx-monicac in #7185
• update(certifi): update python certifi version on queries_validator requirements by @ArturRibeiro-CX in #7188
• build(deps): bump google.golang.org/grpc from 1.64.0 to 1.64.1 by @dependabot in #7190
• fix(resolver): max resolver depth considered while searching for cyclic references by @EduardoSemanas in #7199
• fix(query): fix unexpected behaviour in parameter-checking function for ARM queries by @JulioSCX in #7205
• update(fedramp): tackle IaC and SAST vulnerabilities by @cx-ruiaraujo in #7200
• docs(queries): update queries catalog by @kicsbot in #7210
• fix(query): fix CWE field not appearing in KICS CLI and sarif reports by @ArturRibeiro-CX in #7207
• update(workflow): add pattern validation for query name and description by @JulioSCX in #7208
• fix(packages): upgrade packages by @cx-ruiaraujo in #7226
• docs(queries): update queries catalog by @kicsbot in #7220
• docs(kicsbot): preparing for release 2.1.2 by @kicsbot in #7232

New Contributors

• @cx-monicac made their first contribution in #7185

Full Changelog: v2.1.1...v2.1.2

v2.1.1

🚀 New features and improvements

feat(query): add new query for tencentcloud CVM resource by @SevenEarth in #7136
feat(query): add new query for tencentcloud VPC resource by @SevenEarth in #7133
feat(query): add new query for tencentcloud TKE resource by @SevenEarth in #7138
feat(query): add new query for tencentcloud CDB resource by @SevenEarth in #7134
feat(query): add new query for tencentcloud CVM resource by @SevenEarth in #7122
feat(query): add new query for tencentcloud CLB resource by @SevenEarth in #7135

🐛 Bug fixes

fix(dockerfiles): update dockerfiles constant mapping in #7124
fix(version): bump urllib3 version from queries-validator requirements in #7140
fix(query): policy without principal query with false positive for IAM role used as an inline policy in #7097
fix(query): security groups not used query with false positive in aws_elasticache_instance resources in #7098
fix(query): add positive expected results for "secretId" and "secretKey" for Tencentcloud by @SevenEarth in #7146

📦 Dependency updates bumps

build(deps): bump github.com/hashicorp/go-getter from 1.7.4 to 1.7.5 in #7155

👻 Maintenance

update(linting): update contribuition guide and remove deprecated linting methods in #7159
update(chainguard): update chainguard image for libcrypto3 and libssl3 versions update in #7173
docs(queries): update queries catalog in #7130
fix(docs): add urls to all queries download in #7154
update(query): change query name to maintain the same logic in #7141
update(ghaction): update kics-gh-action.yaml in #7127

New Contributors

@SevenEarth made their first contribution in #7122

v2.1.0

🚀 New features and improvements

feat(bicep): adding bicep support in #6980
update(queries): databricks, nifcloud and tencentcloud queries run by default when kics scans terraform files in #7072
feat(engine): add --max-resolver-depth flag in #7043
feat(engine): similarity id improve in #6970

🐛 Bug fixes

fix(query): added missing case to storage blob query in #7030
fix(flow): save flow in #7083
fix(query): passwords and secrets - generic secrets with fp results in #7087
fix(query): apt-get Missing '-y' To Avoid Manual Input in #7060
fix(query): implicit flow in oauth2 queries duplicated in #7057
fix(query): revert changes in the 'platform_flag_with_from' query in #7117
fix(githubactions): add max length in #7063
fix(query): vcp peering route table should restrict cidr query with fp results in #7067
fix(query): fix bugs and small improvements to TF queries in #7052
fix(query): tf mfa delete doing checks out of its scope in #7051
fix(query): lower properties protocol in #6640
fix(query): slight refactor to actually filter the correct/wanted codes in #7035

📦 Dependency updates bumps

ci(deps): bump peter-evans/repository-dispatch from 2 to 3 in #7049
ci(deps): bump goreleaser/goreleaser-action from 4.2.0 to 5.1.0 in #7070
ci(deps): bump docker/setup-buildx-action from 2 to 3 in #7048
ci(deps): bump styfle/cancel-workflow-action from 0.11.0 to 0.12.1 in #7050
ci(deps): bump golangci/golangci-lint-action from 3.5.0 to 4.0.0 in #6878
ci(deps): bump dev-drprasad/delete-tag-and-release from 0.2.1 to 1.0.1 in #6419
ci(deps): bump peter-evans/create-pull-request from 4 to 6 in #6864

👻 Maintenance

chore(databricks): add new spark LTS runtime by @dim-ops in #7079
chore(databricks): remove deprecated spark lts version by @dim-ops in #7080
update(script): requests version upgrade to 2.32.0 in #7066
update(query): removing special chars from query name in #7061
docs(queries): update queries catalog in #7041
update(docs): experimental queries docs update in #7076
update(deps): dependencies update in #7101
update(deps): update dependencies in #7108
update(readme): readme improvements in #7084
update(prtemplate): update pull request template in #7088
update(codeowners): update CODEOWNERS in #7119
update(roadmap): roadmap is updated in #7082
update(queries): prefix "(beta)" added to queries that are still under review in #7085
update(repo): create CODEOWNERS in #7046
update(gopkg): update package path for v2 in #7042

v2.0.1

🐛 Bug fixes

fix(githubactions): github actions relative path detected as not pinned by @cw-alexcroteau in #6958
fix(query): removed redundant import by @frasan15 in #7027
fix(query): fix typos in #7017
fix(query): fix typo on storage blob service container query description in #7024
fix(dockerfile): remove user root and add platform in #7031
fix(query): fix query Bind Address Not Properly Set in #7034
fix(query): fixed network access too permissive query and tests in #7033
fix(query): fix rwd arm query in #7037

📦 Dependency updates bumps

update(dependency): upgrade go-getter to v1.7.4 in #7016
ci(deps): bump chainguard/git from f8fd9ab to f20defb in #7015

👻 Maintenance

update(ghaction): using kics gh action new version in #7013
feat(githubactions): adding govulncheck and grype in #7001
docs(queries): update queries catalog in #7021
docs(queries): update queries catalog in #7036

New Contributors

@cw-alexcroteau made their first contribution in #6958
@frasan15 made their first contribution in #7027

v2.0.0

Kindly check here the v2.0.0 added features, breaking changes and deprecated queries.

🚀 New features and improvements

feat(kics): critical severity added into KICS in #6966
feat(engine): add new severity metadata field support in #6893
feat(critical): add critical severity to KICS CLI in #6857
feat(critical): add critical severity to all report formats in #6866
feat(warning): updated warnings for line detection failure in #6906
feat(kics): add cloudProvider to request queries in #6939
feat(kics): change all tests and appearances of new severity to old severity in #6959
feat(engine): improve the possible dockerfile detection in #6981

🐛 Bug fixes

fix(query): sensitive_port_is_exposed_to_entire_network by @Tohar-orca in #6916
fix(query): clarify description for openapi exposed api keys by @Tohar-orca in #6993
fix(openapi): functions must not produce multiple output for same inputs in #6901
fix(kics): support v1.5 of cyclone dx report format in #6928
fix(workflow): remove parallel scan from race test using tag in #6933
fix(action): update coverage action in #6940
fix(engine): fixing compare e2e in #6919
fix(community): common/password_and_secrets new allow rule added to permit the ansible playbook update_password field in #6938
fix(query): fix query detecting issues with schemas of type different to object in #6676
fix(query): add 2xx as possible response code in #6681
fix(terraform): api gateway access logging disabled terraform query updated to mimic cloudformation behaviour in #6910
fix(query): improve query to detect results with tuple in #6952
fix(query): deprecate query Container Requests Not Equal To It's Limits in #6890
fix(query): improve queries Container Memory Requests Not Equal To It's Limits and Container CPU Requests Not Equal To It's Limits in #6889
fix(docs): fix capitalization and docs template in #6947
fix(query): improve query platform_flag_with_from in #6955
fix(docs): typo in Google Cloud Storage acronym by @brucearctor in #6962
fix(dependencies): removing deprecated dockerfiles in #6972
fix(queries): removing deprecated queries in #6974
fix(query): tokens at NPM Install Command Without Pinned Version in #6639
fix(tests): severity check tests in #6975
fix(folders): unused folder removed in #6978
fix(kics): change order of split ; should come before && in dockerfile in #6951
fix(docswebsite): fix invalid query page urls and add critical severity in #6983
fix(docswebsite): fix sorting and invalid chars in #6989
fix(parser): easyjson replaced by enconding json in #6990
fix(queries): queries categories updated in #6994
fix(kics): fix max file size using directories in check KICS-0000 in #6967
fix(dependencies): dependencies upgrade in #6977
fix(docs): fix results documentation in #7005

📦 Dependency updates bumps

update(go): updating go to 1.22.1 and updating to chainguard images by @fjsnogueira in #6969
build(deps): bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in #6949
build(deps): github.com/docker/docker v24.0.9+incompatible in #6968
ci(deps): bump chainguard/git from 1b0095b to f8fd9ab in #7003
ci(deps): bump chainguard/go from bc4b9e9 to a06a462 in #7002

👻 Maintenance

revert(terraformer): remove terraformer in #6937
update(debian): install jq on debian by @ncook-hxgn in #6998
update(coverage): go coverage metrics update by @cx-andrep in #6964
update(queries): queries severity updates in #6984
update(query): s3 bucket without enabled mfa delete query severity update in #6945
feat(kics): automatic kics-queries-repo tag change (KICS-1337) in #6911
update(docs): documentation cleanup + links fix in #6918
update(uts): kics scan coverage improved in #6923
update(uts): kics unit tests ramp in #6929
update(query): s3 bucket sse bucket disabled queries deprecated in #6932
update(coverage): go coverage metrics update in #6943
docs(community): add blog post by Firefly in #6946
update(query): description update to better address the intention of the query in #6941
update(docs): docs and workflows maintenance in #6920
update(workflow): kics github action version 2.0 upgrade in #6976
docs(queries): update queries catalog in #6942
docs(queries): update queries catalog in #6988
docs(queries): update queries catalog in #6991
docs(queries): update queries catalog in #6996
docs(queries): update queries catalog in #6999
update(docs): update dockerfiles docs in #7008
update(docs): v2.0.0 docs update in #7009

New Contributors

@brucearctor made their first contribution in #6962
@cx-andrep made their first contribution in #6964
@fjsnogueira made their first contribution in #6969
@ncook-hxgn made their first contribution in #6998