Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* ci(deps): bump checkmarx/kics-action from 1.4 to 1.5 (#5207) Bumps [checkmarx/kics-action](https://github.com/checkmarx/kics-action) from 1.4 to 1.5. - [Release notes](https://github.com/checkmarx/kics-action/releases) - [Commits](https://github.com/checkmarx/kics-action/compare/v1.4...v1.5) --- updated-dependencies: - dependency-name: checkmarx/kics-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.43.39 to 1.43.41 (#5200) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.39 to 1.43.41. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.39...v1.43.41) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.43.41 to 1.43.42 (#5218) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.41 to 1.43.42. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.41...v1.43.42) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/tidwall/gjson from 1.14.0 to 1.14.1 (#5217) Bumps [github.com/tidwall/gjson](https://github.com/tidwall/gjson) from 1.14.0 to 1.14.1. - [Release notes](https://github.com/tidwall/gjson/releases) - [Commits](https://github.com/tidwall/gjson/compare/v1.14.0...v1.14.1) --- updated-dependencies: - dependency-name: github.com/tidwall/gjson dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * bug: Remove viewer from list of improper privileges (#5211) * added possibility of sec group being a var (#5208) * fix(query): extended scope of MissingAttribute rule in seccomp k8s rule (#5201) * fix(query): fixed searchKey and resource kind in pod_or_container_without_resource_quota k8s rule (#5199) * fix(query): fixed searchKey and resource kind in pod_or_container_without_resource_quota k8s rule * capitalization * fix(query): fixed searchKey and resource kind in pod_or_container_without_limit_range k8s rule (#5198) * fix(query): added support for aws_iam_policy_document.Principals to policy_without_principal tf rule (#5196) * update/fix(query): SNS Topic is Publicly Accessible (#5210) * delete duplicated queries #5191 * remove redundant check for SSEType #5189 * add support for topic ref in SNS::Subscription cf * add support to yaml files in query * fix query (#5215) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * build(deps): bump github.com/emicklei/proto from 1.9.2 to 1.10.0 (#5216) Bumps [github.com/emicklei/proto](https://github.com/emicklei/proto) from 1.9.2 to 1.10.0. - [Release notes](https://github.com/emicklei/proto/releases) - [Changelog](https://github.com/emicklei/proto/blob/master/CHANGES.md) - [Commits](https://github.com/emicklei/proto/compare/v1.9.2...v1.10.0) --- updated-dependencies: - dependency-name: github.com/emicklei/proto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.43.42 to 1.43.43 (#5224) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.42 to 1.43.43. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.42...v1.43.43) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(implementations): fix changed directory for kics assets queries (#5213) * updated missing technologies supported in docs (#5223) * build(deps): bump github.com/aws/aws-sdk-go from 1.43.43 to 1.43.44 (#5230) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.43 to 1.43.44. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.43...v1.43.44) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update(docs): updated missing technologies supported logs in docs (#5226) * updated platform images * changed dockercompose image size * docs(kicsbot): update images digest (#5219) Co-authored-by: rogeriopeixotocx <rogeriopeixotocx@users.noreply.github.com> * fix(query): Api Gateway Without Content Encoding on Terraform platform (#5227) * fix query name Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix result Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * update query (#5233) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * build(deps): bump github.com/hashicorp/hcl/v2 from 2.11.1 to 2.12.0 (#5238) Bumps [github.com/hashicorp/hcl/v2](https://github.com/hashicorp/hcl) from 2.11.1 to 2.12.0. - [Release notes](https://github.com/hashicorp/hcl/releases) - [Changelog](https://github.com/hashicorp/hcl/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/hcl/compare/v2.11.1...v2.12.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/hcl/v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump github/codeql-action from 1 to 2 (#5243) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 1 to 2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v1...v2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.43.44 to 1.44.0 (#5244) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.43.44 to 1.44.0. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.43.44...v1.44.0) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * refactor(analyzer): analyzer usage when types flag is passed (#5222) * refactored analyzer + update docs * corrected supportedRegexes * improving log message * Discard files pointed in -e in the analyzer * requested changes * Fix(e2e): Results json compare (index out of range) (#5209) * fix(script): queries validator files filtering * fix(e2e): added validation for query name & results in json file * docs(kicsbot): update github-action image digest (#5228) Co-authored-by: nunoocx <nunoocx@users.noreply.github.com> * remove -q flag (#5225) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix(query): ALB Listening on HTTP for AWS CloudFormation (#5212) * fix incorrect line in result exposure * Fix E2E * update seach line * change search line * Feat(Query): OSS Bucket Allows Delete From All Principals for Alicloud Terraform (#5232) * Query alicloud terraform bucket allows delete * Changed as requested * Changed the search range to a bigger delete scope * updated terralib and query to save code * build(deps): bump github.com/aws/aws-sdk-go from 1.44.0 to 1.44.1 (#5256) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.0 to 1.44.1. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.0...v1.44.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/tdewolff/minify/v2 from 2.11.1 to 2.11.2 (#5257) Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.11.1 to 2.11.2. - [Release notes](https://github.com/tdewolff/minify/releases) - [Commits](https://github.com/tdewolff/minify/compare/v2.11.1...v2.11.2) --- updated-dependencies: - dependency-name: github.com/tdewolff/minify/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(query): updated ecr_repositories_not_encrypted TF rule to match KMS type (#5195) * Feat(query): Oss Bucket Allows List Action From All Principals for Alicloud Terraform (#5247) * query oss bucket allow list action from all principals * corrected keyvalues * changed resource names * Feat(Query): Oss Bucket Allows All Actions for Alicloud Terraform (#5235) * query oss bucket allows all actions * renamed query and added func to terralib * changed aws queries to terralib func * saving code * Query Oss Bucket Allows Put Action For All Principals (#5250) * + DB Instance Publicly Accessible (#5251) * Feat(e2e): Allow E2E Tests to run locally (dev) and dockerized (CI) (#5214) * fix(script): queries validator files filtering * fix(e2e): added validation for query name & results in json file * feat(tests): added option to run e2e tests from binary (faster) and docker. * fix(e2e): fix lint issues & code security * fix(e2e): lint issues * model.NewIgnore.Reset() at the YAML parser top (#5255) * feat(query): Added NAS File System Not Encrypted for Terraform Alicloud (#5249) * + NAS File System Not Encrypted * add searchLine * feat(query): Added Using Kubernetes Native Secret Management for Kubernetes (#5237) * + Using Kubernetes Native Secret Management * update query description * change severirty & remove SecretStore verification * remove SecretStore in git hub checks * fix(queries): Fixed aws unique identifiers from common queries (#5236) * separated ids Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * added positive41 sample Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * feat(query): Added NAS File System Without KMS for Alicloud (#5248) * + NAS File System Without KMS * update policies to check for encrypt_type * change key values and issue type * Feat(Query): OSS Bucket Has Static Website for Alicloud Terraform (#5252) * Query OSS Bucket Has Static Website * Updated metadata descriptions * changed keyvalues as suggested * feat(query): Added VPC Flow Logs Disabled for Terraform Alicloud (#5253) * + VPC Flow Logs Disabled * change description and remove check resource_id * change description * change key values * feat(query): ROS Stack Retention Disabled for Terraform Alicloud (#5258) * stage * + ROS Stack Retention Disabled * feat(query): Added ROS Stack Notifications Disabled for Terraform Alicloud (#5260) * + ROS Stack Notifications Disabled * change issueType * feay(query): Added High KMS Key Rotation Period in Alicloud Terraform (#5263) * + stage changes * + High KMS Key Rotation Period * build(deps): bump github.com/aws/aws-sdk-go from 1.44.1 to 1.44.2 (#5269) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.1 to 1.44.2. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.1...v1.44.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/moby/buildkit from 0.10.1 to 0.10.2 (#5270) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.10.1 to 0.10.2. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.10.1...v0.10.2) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * + ALB Listening on HTTP (#5272) * Feat(Query): CS Kubernetes Node Pool Auto Repair Disabled for Alicloud Terraform (#5273) * Query CS Kubernetes Node Pool Auto Repair Disabled for Alicloud Terraform * changed as suggested, updated description text for auto repair queries * Feat(Query): Log Retention Is Not Greater Than 90 Days for Alicloud Terraform (#5254) * Query Log Retention Is Not Greater Than 90 Days * changed as suggested * changed keyvalues in policies * Query ROS Stack Without Template * Delete metadata.json * Delete query.rego * Delete negative1.tf * Delete positive1.tf * Delete positive_expected_result.json * feat(query): Added No ROS Stack Policy for Terraform Alicloud (#5259) * + No ROS Stack Policy * add searchLine * change key expected value * Feat(Query): ROS Stack Without Template for Alicloud Terraform (#5262) * Query Log Retention Is Not Greater Than 90 Days * changed as suggested * changed keyvalues in policies * Query ROS Stack Without Template * Query ROS Stack Without Template * deleted extra query from other branch * changed as suggested * changed as requested * update OSS Bucket Logging Disabled (#5275) * fix(query): adjust severity of iam_access_analyzer_undefined rule to LOW (#5197) * fix(query): adjust severity of iam_access_analyzer_undefined rule to LOW * fix(query): move iam_access_analyzer_undefined rule to iam_access_analyzer_not_enabled * Apply metadata changes to CF rule too * move iam_access_analyzer_undefined CF rule to iam_access_analyzer_not_enabled * fixed E2E tests * update(query): Apt Get Install Pin Version Not Defined (#5176) * update apt_get_install_lists_were_not_deleted * add positive sample * fix bug and add negative sample * add negative sample to pin version not defined * add support for ; * fix(query): fixed searchKey rbac_roles_with_read_secrets_permissions k8s rule (#5265) * feat(query): Add Launch Template Is Not Encrypted for Terraform Alicloud (#5274) * + Launch Template Is Not Encrypted * change descriptions * change key values * build(deps): bump github.com/aws/aws-sdk-go from 1.44.2 to 1.44.3 (#5277) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.2 to 1.44.3. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.2...v1.44.3) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/open-policy-agent/opa from 0.39.0 to 0.40.0 (#5278) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.39.0 to 0.40.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.39.0...v0.40.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Updated query descriptions (#5279) * feat(query): Added SLB Policy With Insecure TLS Version In Use for Terraform Alicloud (#5271) * + SLB Policy With Insecure Tls Version In Use * correct typo * correct typo * change key expected value * Feat(Query): CMK Is Unusable for Alicloud Terraform (#5280) * Query CMK Is Unusable for Alicloud Terraform * changed as suggested * Typo fix Signed-off-by: Thomas Spear <tspear@conquestcyber.com> * Use option from the docs Signed-off-by: Thomas Spear <tspear@conquestcyber.com> * feature(report): Code Climate report (#5261) * code quality report Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * renamed to code climate Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * added tests Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix e2e test Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * integration docs Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * added comments Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix comment Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix results.md Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix docs integration examples Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * Feat(e2e): adding E2E Tests to validate codeclimate reports Co-authored-by: Lucas Mendes <lucas.mendes@checkmarx.com> * update(query): Unpinned Package Version in Apk Add (#5181) * fix issue * add suport for -t * docs(kicsbot): update images digest (#5234) Co-authored-by: rogeriopeixotocx <rogeriopeixotocx@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.3 to 1.44.4 (#5281) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.3 to 1.44.4. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.3...v1.44.4) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(filesystem): GetExcludedPaths (#5288) * Update README.md * Update README.md * fixed GetExcludePaths * correcting log msg * docs: preparing for release 1.5.7 (#5289) * docs: preparing for release 1.5.7 * updated version Co-authored-by: rafaela-soares <rafaela-soares@users.noreply.github.com> Co-authored-by: rafaela-soares <rafaela.soares@checkmarx.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.4 to 1.44.5 (#5297) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.4 to 1.44.5. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.4...v1.44.5) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.5 to 1.44.6 (#5299) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.5 to 1.44.6. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.5...v1.44.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5300) * update Network ACL With Unrestricted Access To RDP (#5296) * update(query): Update category and severities according with issue 5220 (#5292) * Queries severity and category change * update SNS Topic is Publicly Accessible ansible * update SNS Topic is Publicly Accessible for cF * update SNS Topic is Publicly Accessible ansible * update description * change any principal check * update CloudTrail Log Files Not Encrypted With CMK * update yaml sample * change yaml sample * update line * fix issues * fixing e2e errors * Add community tag to new issues by default This change is possible as core team members mostly create PRs instead of opening issues. * build(deps): bump github.com/aws/aws-sdk-go from 1.44.6 to 1.44.7 (#5306) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.6 to 1.44.7. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.6...v1.44.7) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5302) Co-authored-by: rogeriopeixotocx <rogeriopeixotocx@users.noreply.github.com> * feat(query): add new k8s rule to detect port-forwarding into containers (RBAC) (#5266) * feat(query): add new k8s rule to detect account impersonation (RBAC) (#5267) * feat(query): add new k8s rule to detect bind or escalate permissions (RBAC) (#5268) * feat(query): add new k8s rule to detect exec permissions (RBAC) (#5286) * update installation options and notes (#5293) * update installation options and notes Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * fix links Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * another broken link Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * add deprecated Homebrew instructions Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> * update Missing Flag From Dnf Install (#5310) * removed results report formats list from docs (#5308) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * ci(deps): bump docker/build-push-action from 2.10.0 to 3.0.0 (#5316) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 2.10.0 to 3.0.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v2.10.0...v3.0.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump docker/login-action from 1.14.1 to 2.0.0 (#5317) Bumps [docker/login-action](https://github.com/docker/login-action) from 1.14.1 to 2.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v1.14.1...v2.0.0) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.7 to 1.44.8 (#5318) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.7 to 1.44.8. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.7...v1.44.8) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * update(query): StatefulSet Without Service Name for Kubernetes (#5303) * update check for matching labels * update label checking method & queries description * update keyExpectedValue * update description * update(query): Remote Desktop Port Open To Internet and HTTP Port Open To Internet (#5307) * docs(kicsbot): update images digest (#5302) Co-authored-by: rogeriopeixotocx <rogeriopeixotocx@users.noreply.github.com> * update open port aws queries name * add fileName Co-authored-by: rogeriopeixotocx <rogeriopeixotocx@users.noreply.github.com> * delete check for incorrect default (#5314) * doc: fix syntax (#5309) broken markdown syntax without line before list * ci(deps): bump docker/setup-qemu-action from 1 to 2 (#5315) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 1 to 2. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v1...v2) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.8 to 1.44.9 (#5323) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.8 to 1.44.9. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.8...v1.44.9) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/moby/buildkit from 0.10.2 to 0.10.3 (#5324) Bumps [github.com/moby/buildkit](https://github.com/moby/buildkit) from 0.10.2 to 0.10.3. - [Release notes](https://github.com/moby/buildkit/releases) - [Commits](https://github.com/moby/buildkit/compare/v0.10.2...v0.10.3) --- updated-dependencies: - dependency-name: github.com/moby/buildkit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(query): adjusted severity rating and added searchLine in rbac_wildcard_in_rule k8s rule (#5264) * fix(query): adjusted severity rating and added searchLine in rbac_wildcard_in_rule k8s rule * updated severity to HIGH * update(query): Audit Policy Not Cover Key Security Concerns for Kubernetes (#5326) * add audit policy check * empty commit * update(queries): Add check for traffic direction in port queries in some providers (#5313) * add check for inbound direction * add check for inbound direction * update alicloud queries to check for ingress * change function Name * empty commit * build(deps): bump github.com/aws/aws-sdk-go from 1.44.9 to 1.44.10 (#5329) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.9 to 1.44.10. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.9...v1.44.10) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.10 to 1.44.11 (#5330) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.10 to 1.44.11. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.10...v1.44.11) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/johnfercher/maroto from 0.36.1 to 0.37.0 (#5331) Bumps [github.com/johnfercher/maroto](https://github.com/johnfercher/maroto) from 0.36.1 to 0.37.0. - [Release notes](https://github.com/johnfercher/maroto/releases) - [Commits](https://github.com/johnfercher/maroto/compare/v0.36.1...v0.37.0) --- updated-dependencies: - dependency-name: github.com/johnfercher/maroto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump golang from 1.18.1-alpine to 1.18.2-alpine (#5332) Bumps golang from 1.18.1-alpine to 1.18.2-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5311) * fix(password and secrets): improve performance (#5334) * fix(cpu): fixed number of cpus available info (#5321) * fix get cpu Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * change variable name Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * removed magic number Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * change function name Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * ... Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * check error Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * requested changes Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix(samples): k8s queries (#5322) * docs: preparing for release 1.5.8 (#5336) Signed-off-by: João Reigota <joao.reigota@checkmarx.com> * ci(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#5339) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v3.1.0...v3.2.0) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump mvdan.cc/sh/v3 from 3.4.3 to 3.5.0 (#5341) Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.4.3 to 3.5.0. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.4.3...v3.5.0) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5342) * build(deps): bump github.com/aws/aws-sdk-go from 1.44.11 to 1.44.12 (#5340) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.11 to 1.44.12. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.11...v1.44.12) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.12 to 1.44.13 (#5345) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.12 to 1.44.13. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.12...v1.44.13) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5346) * build(deps): bump github.com/aws/aws-sdk-go from 1.44.13 to 1.44.14 (#5350) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.13 to 1.44.14. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.13...v1.44.14) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5351) * build(go): bump golang version to 1.18 (#5348) Signed-off-by: João Reigota <joao.reigota@checkmarx.com> Co-authored-by: rafaela-soares <rafaela.soares@checkmarx.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.14 to 1.44.15 (#5353) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.14 to 1.44.15. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.14...v1.44.15) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5354) * build(deps): bump github.com/aws/aws-sdk-go from 1.44.15 to 1.44.16 (#5366) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.15 to 1.44.16. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.15...v1.44.16) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5367) * build(deps): bump github.com/hashicorp/go-getter from 1.5.11 to 1.6.0 (#5372) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.5.11 to 1.6.0. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.5.11...v1.6.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.16 to 1.44.17 (#5373) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.16 to 1.44.17. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.16...v1.44.17) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump helm.sh/helm/v3 from 3.8.2 to 3.9.0 (#5374) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.8.2 to 3.9.0. - [Release notes](https://github.com/helm/helm/releases) - [Commits](https://github.com/helm/helm/compare/v3.8.2...v3.9.0) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5375) * build(deps): bump github.com/aws/aws-sdk-go from 1.44.17 to 1.44.18 (#5377) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.17 to 1.44.18. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.17...v1.44.18) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/hashicorp/go-getter from 1.6.0 to 1.6.1 (#5378) Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5379) * add support to .crt file (#5360) * fix(query): Changed severity of Memcached Disabled query (#5349) * changed severity Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix positve results Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix function (#5343) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix(vulnerability builder): fixed and improved DefaultVulnerabilityBuilder (#5347) * improved vulnerability_builder.go * fix SAST error * build(deps): bump github.com/aws/aws-sdk-go from 1.44.18 to 1.44.19 (#5385) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: rafaela-soares <rafaela.soares@checkmarx.com> * docs(kicsbot): update images digest (#5382) * feat(query): added Default KMS Key Usage query for CloudFormation (#5363) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * feat(query): CNI Plugin Does Not Support Network Policies for Kubernetes (#5370) * + CNI Plugin Does Not Support Network Policies * change description * update * feat(query): Ensure Administrative Boundaries Between Resources for Kubernetes (#5368) * + Ensure Administrative Boundaries Between Res * change category * change category * update * update(kics): reduced the number of code files (#5325) * fix(cpu): fix number cpus macos (#5371) * fixed cpu number on macos Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * ... Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * ci(deps): bump goreleaser/goreleaser-action from 2.9.1 to 3.0.0 (#5390) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 2.9.1 to 3.0.0. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v2.9.1...v3.0.0) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump mvdan.cc/sh/v3 from 3.5.0 to 3.5.1 (#5391) Bumps [mvdan.cc/sh/v3](https://github.com/mvdan/sh) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/mvdan/sh/releases) - [Changelog](https://github.com/mvdan/sh/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/sh/compare/v3.5.0...v3.5.1) --- updated-dependencies: - dependency-name: mvdan.cc/sh/v3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/tdewolff/minify/v2 from 2.11.2 to 2.11.5 (#5392) Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.11.2 to 2.11.5. - [Release notes](https://github.com/tdewolff/minify/releases) - [Commits](https://github.com/tdewolff/minify/compare/v2.11.2...v2.11.5) --- updated-dependencies: - dependency-name: github.com/tdewolff/minify/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.19 to 1.44.20 (#5393) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.19 to 1.44.20. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.19...v1.44.20) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci(deps): bump alpine from 3.15.4 to 3.16.0 (#5394) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: rafaela-soares <rafaela.soares@checkmarx.com> * fix(ci): fixed access to CIFlag (#5395) * feat(result): added resourceType and resourceName to Kubernetes queries result (#5355) * added resourceType and resourceName to k8s queries * omit ResourceType and ResourceName when empty * unknown to n/a * feat(result): added resourceType and resourceName to Azure Resource Management queries result (#5356) * added resourceType and resourceName to ARM queries * correcting * fix(query): fix/cmk rotation disabled on terraform asymmetric key creation (#5344) * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * Update assets/queries/terraform/aws/cmk_rotation_disabled/query.rego Co-authored-by: Rafaela Soares <rafaela.soares@checkmarx.com> * Update assets/queries/terraform/aws/cmk_rotation_disabled/query.rego Co-authored-by: Rafaela Soares <rafaela.soares@checkmarx.com> * Update assets/queries/terraform/aws/cmk_rotation_disabled/query.rego Co-authored-by: Rafaela Soares <rafaela.soares@checkmarx.com> * Update assets/queries/terraform/aws/cmk_rotation_disabled/query.rego Co-authored-by: Rafaela Soares <rafaela.soares@checkmarx.com> * fix support for AWS KMS in asymmetric keys - do not support automation key rotation * Update assets/queries/terraform/aws/cmk_rotation_disabled/query.rego Co-authored-by: Rafaela Soares <rafaela.soares@checkmarx.com> Co-authored-by: Rafaela Soares <rafaela.soares@checkmarx.com> * update(query): Ensure Administrative Boundaries (#5388) * docs(kicsbot): update github-action image digest (#5359) Co-authored-by: nunoocx <nunoocx@users.noreply.github.com> * feat(result): added resourceType and resourceName to Google Deployment Management queries result (#5357) * added resourceType and resourceName to GDM queries * omit ResourceType and ResourceName when empty * feat(result): added resourceType and resourceName to Ansible queries result (#5362) * added resourceType and resourceName to ANS AWS * added resourceType and resourceName to ANS AZURE * added resourceType and resourceName to ANS GCP * build(deps): bump github.com/aws/aws-sdk-go from 1.44.20 to 1.44.21 (#5397) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.20 to 1.44.21. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.20...v1.44.21) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(resolver): added openapi file resolver for json and yaml parsers (#5396) Signed-off-by: João Reigota <joao.Reigota@checkmarx.com> * docs(kicsbot): update images digest (#5386) * update(resolver): implemented limit in resolver to 50 files (#5398) Signed-off-by: João Reigota <joao.Reigota@checkmarx.com> * fix(resolver): fixed issue with searchLine (#5399) Signed-off-by: João Reigota <joao.Reigota@checkmarx.com> * fix(helm): fixed helm filepath bug introduced by resolver (#5400) Signed-off-by: João Reigota <joao.Reigota@checkmarx.com> * docs: preparing for release 1.5.9 (#5401) Co-authored-by: joaoReigota1 <joaoreigota1@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.21 to 1.44.22 (#5404) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.21 to 1.44.22. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.21...v1.44.22) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/hashicorp/terraform-json (#5405) Bumps [github.com/hashicorp/terraform-json](https://github.com/hashicorp/terraform-json) from 0.13.0 to 0.14.0. - [Release notes](https://github.com/hashicorp/terraform-json/releases) - [Commits](https://github.com/hashicorp/terraform-json/compare/v0.13.0...v0.14.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-json dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5406) * build(deps): bump github.com/aws/aws-sdk-go from 1.44.22 to 1.44.23 (#5409) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.22 to 1.44.23. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.22...v1.44.23) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#5410) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5411) * docs(kicsbot): update images digest (#5416) Co-authored-by: rogeriopeixotocx <rogeriopeixotocx@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.23 to 1.44.24 (#5414) Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 (#5413) Signed-off-by: dependabot[bot] <support@github.com> * build(deps): bump github.com/tdewolff/minify/v2 from 2.11.5 to 2.11.7 (#5420) Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.11.5 to 2.11.7. - [Release notes](https://github.com/tdewolff/minify/releases) - [Commits](https://github.com/tdewolff/minify/compare/v2.11.5...v2.11.7) --- updated-dependencies: - dependency-name: github.com/tdewolff/minify/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5421) * build(deps): bump github.com/aws/aws-sdk-go from 1.44.24 to 1.44.25 (#5425) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.24 to 1.44.25. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.24...v1.44.25) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5426) * Update metadata.json (#5424) * ci(deps): bump golang from 1.18.2-alpine to 1.18.3-alpine (#5430) Bumps golang from 1.18.2-alpine to 1.18.3-alpine. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.25 to 1.44.26 (#5431) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.25 to 1.44.26. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.25...v1.44.26) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5428) * feat(query): added "App Service Without Latest PHP Version" query for Terraform Azure (#5358) * query Php Version Not Latest When Running Web App for azure terraform * changed latest php version (was not mentioned in tf docs) * updated samples * changed severity, category, and query name * correcting tflint errors Co-authored-by: rafaela-soares <rafaela.soares@checkmarx.com> * build(deps): bump github.com/open-policy-agent/opa from 0.40.0 to 0.41.0 (#5436) Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.40.0 to 0.41.0. - [Release notes](https://github.com/open-policy-agent/opa/releases) - [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md) - [Commits](https://github.com/open-policy-agent/opa/compare/v0.40.0...v0.41.0) --- updated-dependencies: - dependency-name: github.com/open-policy-agent/opa dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.26 to 1.44.27 (#5437) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.26 to 1.44.27. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.26...v1.44.27) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/tdewolff/minify/v2 from 2.11.7 to 2.11.8 (#5439) Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.11.7 to 2.11.8. - [Release notes](https://github.com/tdewolff/minify/releases) - [Commits](https://github.com/tdewolff/minify/compare/v2.11.7...v2.11.8) --- updated-dependencies: - dependency-name: github.com/tdewolff/minify/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * added -t flag on docker run command (#5434) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * added 256 color to Dockerfile (#5427) * update(report): improved report message (#5418) * improved report message * standardize * correcting tests * correcting e2e * Fix(e2e): updating junit schema regex Co-authored-by: Lucas Mendes <lucas.mendes@checkmarx.com> * fix(analyzer): fixed Dockerfile analyzer approach (#5407) * fixed Dockerfile analyzer approach * correcting TestParser_SupportedExtensions * fix Code scanning results * improving * update(queries): updated S3 Bucket queries for Terraform (#4872) * updated TF S3 Bucket queries * refactored bucket queries for pre 1.4.0 * removed unnecessary line * added before/after version 1.4.0 comments * added before/after version 1.4.0 comments * 1.4.0 to 4.0 * adjusted key expected values as requested Co-authored-by: André Felicidade <andre.felicidade@checkmarx.com> * update(bom): updated AWS BOM S3 Bucket (#4873) * updated TF AWS BOM S3 Bucket * correcting positive5.tf * added more cases to get_bucket_acl, deleted deprecated function * added missing resource check and version comments * corrected comments saying 1.4.0 to 4.0 Co-authored-by: André Felicidade <andre.felicidade@checkmarx.com> * fix(inspector): fix timeout secrets inspector (#5419) * fix timeout Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * Feat(e2e): adding e2e tests for timeout flag * Fix(e2e): updating config validation in e2e tests * Fix(e2e): moving testing configs to configs folder Co-authored-by: Lucas Mendes <lucas.mendes@checkmarx.com> * feat(filesystem): double star support to exclude folders (#5408) * double start support Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * added test to double star Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * fix test Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * docs(kicsbot): update images digest (#5432) * docs(kicsbot): update github-action image digest (#5440) Co-authored-by: nunoocx <nunoocx@users.noreply.github.com> * fixed queries (#5441) * fix(query): s3 bucket policy accepts http requests (#5415) * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * fix support iam policy document in terraform http deny check * Update positive3.tf * Update negative3.tf * Update negative2.tf * Update negative4.tf * Update query.rego * Update query.rego * feat(query): added "Role Definition Allows Custom Role Creation" query for Ansible (#5417) * added Role Definition Allows Custom Role Creation * correcting wrong indentation * fixed function check_schemes of openapi lib (#5433) * support child modules in the tfplan payload (#5422) * docs(kicsbot): update images digest (#5442) * build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#5443) Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.7.2. - [Release notes](https://github.com/stretchr/testify/releases) - [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.7.2) --- updated-dependencies: - dependency-name: github.com/stretchr/testify dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.27 to 1.44.28 (#5445) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.27 to 1.44.28. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.27...v1.44.28) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/tdewolff/minify/v2 from 2.11.8 to 2.11.9 (#5444) Bumps [github.com/tdewolff/minify/v2](https://github.com/tdewolff/minify) from 2.11.8 to 2.11.9. - [Release notes](https://github.com/tdewolff/minify/releases) - [Commits](https://github.com/tdewolff/minify/compare/v2.11.8...v2.11.9) --- updated-dependencies: - dependency-name: github.com/tdewolff/minify/v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github.com/aws/aws-sdk-go from 1.44.28 to 1.44.29 (#5448) Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.28 to 1.44.29. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.28...v1.44.29) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * docs(kicsbot): update images digest (#5450) * fix(queries): align descriptionText to similar queries across different platforms (#5446) * fix(queries): align descriptionText to similar queries across different platforms * align more descriptionText queries * resolve comments * added mutex (#5429) Signed-off-by: joaorufi <joao.rufino@checkmarx.com> * feat(result): added resourceType and resourceName to CloudFormation quer…
- Loading branch information