resc-3.0.1

A Helm chart for the Repository Scanner

resc-3.0.0

🎉 Migration to Vue3 (and more)

Full re-implementation of the front-end with TypeScript and using Composition API on Vue3.

• Vue2 ➡️ Vue3
• Option API ➡️ Composition API (in Vue)
• JavaScript ➡️ TypeScript
• Vue CLI with Webpack ➡️ Vite bundler
• Jest testing framework ➡️ Vitest testing framework
• BootstrapVue (Bootstrap 4) ➡️ BootstrapVueNext (Bootstrap 5).

🙈 Ignore Finding

It is possible to ignore some blocker findings (e.g. false positive) by providing
a resc-ignore.dsv file. The bockers will be downgraded to a warning level and marked as ignored. Such file has the following structure:

# This is a comment
finding_path|finding_rule|finding_line_number|expiration_date
finding_path_2|finding_rule_2|finding_line_number_2

• finding_path contains the path to the file with the blocking finding.
• finding_rule contains the name of the blocking rule.
• finding_line_number contains the line number of the finding.
• expiration_date is optional, contains the date in ISO 8601 format until which this ignore rule should be considered valid.

For example, if we want to ignore the finding in file /etc/passwd for rule root_value_found on line 1 until April 1st 2024 at 23:59 the following line should be used.

/etc/passwd|root_value_found|1|2024-04-01T23:59:00

To ignore this finding ad vitam aeternam:

/etc/passwd|root_value_found|1

🏆 Third party library maintenance

Update most third party libraries to the latest versions.

🐛 Multiple Bug Fixes & 📦 other minor stuff

• [#2498511] unit tests for endpoints with caching enabled by @amrityamrout in #168
• [#2632286] Fix 500 error coming due to redis permission issue while writing the dump.rdp file for snapshots by @amrityamrout in #169
• [#2614899] Remove reference to specific releases from the readme by @amrityamrout in #170
• [#2634148] Update SQLAlchemy and FastAPI by @Peter-v-d-Spek in #171
• added badge to the readme by @Usman2ABN in #167
• added openssf badge by @Usman2ABN in #172
• [#2651740] Fix scan generation by @ajaikuruppath in #174
• [#2665277] Adjust code changes with respect to latest azuredevops package v7.1.0b3 by @amrityamrout in #175
• [#2674113] Resolve scan directory bug by @Peter-v-d-Spek in #176
• [#2672644] Improve resc-backend pipeline execution time, updated test dependencies for resc-backend, resc-vcs-scraper, resc-vcs-scanner and resc-helm-wizard by @amrityamrout in #177
• added roadmap file with few milestone by @Usman2ABN in #178
• Sonarcloud pipelines and badge by @Usman2ABN in #179
• [#2688349] Created Threat model for RESC by @amrityamrout in #180
• removing unused files by @ildyria in #183
• Add support for ignore rules by @ildyria in #184
• [#2743740] readme cleanup by @amrityamrout in #182
• Fix null path ignore by @ildyria in #190
• [#2856872] Fix CVE-2023-46233 in crypto-js package in resc-frontend by @amrityamrout in #192
• Added condition to skip SonarCloud if PR is created externally by @Usman2ABN in #189
• Urgent fix unblock blockers whitelisting by @ildyria in #193
• Update gitleaks version to 8.18.0 by @ildyria in #194
• Use build to build the sdist and wheel files. by @mbyrnepr2 in #195
• Migrate from vuex to pinia + frontend 2.0.1 by @ildyria in #198
• Added Licences file to each module by @Usman2ABN in #199
• [#2911614] Updated dependencies by @ajaikuruppath in #202
• Using build to build the sdist and wheel files by @Usman2ABN in #200
• Updated gitleaks to 8.18.1 by @Usman2ABN in #203
• Sorting rule pack version by @Usman2ABN in #205
• Adjusted sonarcloud step to execute on pr and main branch by @Usman2ABN in #206
• Add OpenSSF Score card by @BVabn in #207
• Metrix-bug-fix by @Usman2ABN in #208
• Migrate front-end to Vue3 by @ildyria in #209

New Contributors

• @ildyria made their first contribution in #183
• @BVabn made their first contribution in #207

Full Changelog: resc-2.0.0...resc-3.0.0

resc-2.0.0

🎉 Caching through Redis

Performance improvement to the RESC-Backend by adding optional Redis caching. (Pull Requests #126 #133 #134 #145 #148 #150 #153 #162).
Configurable through environment variables and in the RESC-Helm chart the optional caching using Redis can be enabled as well as the included Redis server.

🔐 Single Sign On

Improved Single Sign On support, add more parameterization through environment variables (Pull Request #135)

💾 Custom volumes

RESC-Helm now supports parameters for custom volumes (Pull Request #141)

🎁 Dummy Data

Add Dummy data generator python script to create demo data quickly and easily. (Pull Request #144)

🔦 RulePack Traceability

Add RulePack upload date in RulePack page(Pull Request #159)

🏆 Third party library maintenance

Update most third party libraries to the latest versions (Pull Request #158)

🔭 Liveness Readiness probes

Add Liveness Readiness probes to appropriate pods (Pull Request #160)

🐛 Multiple Bug Fixes

• Fix bug to display correct percentage change in current week audit trend (Pull Request #130)
• Resolve metrics bug, displaying incorrect week (Pull Request #131)
• RESC-Helm Fix bug resc-rules-init job not being removed as part of helm uninstall (Pull Request #132)
• Optimized query performance related to get repositories (Pull Request #134)
• Improve Newman tests to make use of the database_dummy_data.sql (Pull Request #140)
• Fix commit date bug, make use of the Commit date from Gitleaks if present (Pull Request #151)
• Fix python_requires typo @mbyrnepr2 (Pull Request #137)
• Fix Kubeaudit findings for Redis (Pull Request #164)
• Update Database Docker image (Pull Request #152)
• Skip scanning of empty repositories (Pull Request #154)

💚 Continuous Integration

• Integrate kubeaudit and datree in Github actions pipeline to detect security issues related to Kubernetes misconfigurations and resolve findings (Pull Request #125 #157 #164)
• Helm-wizard CI pipeline and unit test setup with supported Python versions @mbyrnepr2 (Pull Request #146)

resc-1.4.0

📈 Analytics

• Multiline chart to display number of finding triaged by Auditors for last 13 weeks (Pull Request #117)
• Personalized audit metrics to display audit activity over time, audit trend and audit rank for the logged in user (Pull Request #127)

🚀 Scan type logic improvement

• Improve the type of scan (Base/Incremental) to run based specific conditions such as rule pack change, force base scan etc. (Pull Request #113)

🔥 Remove branch

• Remove branch as the default behaviour of gitleaks is to scans all branches in a repository (Pull Request #124)

⬆️ Scanner update

• Updated VCS-Scanner to use gitleaks v8.16.4 (Pull Request #115)

🐛 Bug Fix

• Helm Wizard multiple bug fixes and improvements (Pull Request #107, #112, #114, #116)

🔒 Security Issues

• Fix critical findings from kubeaudit and datree scan (Pull Request #121)
• Fix multiple issues related to missing security headers reported from OWASP ZAP API security scan (Pull Request #123)

💚 Continuous Integration

• Integrate kubeaudit and datree in Github actions pipeline to detect security issues related to Kubernetes misconfigurations
• Integrate OWASP ZAP tool in Github actions pipeline to detect security issues related to API (Pull Request #122)

resc-1.3.0

🚀 Rule pack filter in rule metrics screen.

You can now filter over multiple rule packs in the metrics screen. (Pull Request #97)

📈 Finding metrics over the past 13 weeks

Graphs for showing the amount of findings, amount of untriaged and true positive findings (Pull Request #107)

🔭 Rule categorization based on tags.

You can now filter over your finding based on the rule tags. (Pull Request #109)

🐛 Multiple bug fixes.

• Fix Backend performance issue with NOT_ANALYZED filter. (Pull Request #98)
• Fix Getting populated for the selected latest rule pack version on the initial page load. (Pull Request #99)
• Fix frontend finding a mismatch. (Pull Request #100)
• (Pull Request #102)
  - Fixed frontend issue where multiple APIs called twice.
  - Set correct rule pack versions from the rule analytics page.
  - Fetching rule metrics of active rule pack.
  - Fixing counts in rule pack metrics.

⬆️ Requirements upgrade.

Requests version bump from 2.25.9 to 2.31.0.

resc-1.2.0

💚 Audit Trail to view triage history

The Audit and History tabs have been added to the scan findings and rule analysis screen.
Each status change is recorded on the History tab along with the Date, Auditor, and newly added Comment. (Pull Request #95)

🚀 Performance improvements

The page loading speed of the Rule Metrics and Repositories screen has been significantly improved. (Pull Request #95)

resc-1.1.0

This release contains some breaking changes, it is advised to empty the previous findings from the database before upgrading to prevent duplicate entries.

🐛 Bug fix in RESC datamodel

A bug fix was made to resolve an issue with the datamodel or RESC causing errors if multiple instances of the same finding were found in one line. This created the breaking change creating duplicate findings if old data is kept(Pull Request #82)

🚀 Secret scanner CLI improvements

Improvements have been made to the secret scanner CLI to have better input arguments, a styled output table and configurable exit codes. (Pull Request #77)

💚 Wizard for helm values.yaml

A python based wizard has been created to help with populating the starting values for the helm chart values.yaml. (Pull Request #78 #80)

🎉 Rule pack filter in RESC Frontend

In the RESC front end on the rule analysis screen an additional filter has been added for the rule pack version, defaulted to the current active rule pack. (Pull Request #79 #81)

resc-1.0.3

This release tackles a security vulnerability CVE-2023-0286 reported in openssl and an urgent bug fix where findings are not saved to database after a scan due to none value in comment field. Happy Scanning!

🔒 Security Issues

The openssl package present in resc-frontend and rabbitmq has been upgraded to latest version. Since the earlier version had CVE-2023-0286 present (Pull Request #71 and #73)

🐛 Bug fix in RESC API

A bug fix was made to save a finding in to database when the comment was none (Pull Request #75)

resc-1.0.2

With the launch of the Repository Scanner (RESC) back in December of last year, we're getting ready for the second release of this year! This release tackles a security issue in the form of CVE-2023-23931, changes in the GitHub Workflow, escaping HTML entities in the comment boxes and tests along with some documentation changes. Happy Scanning!

🔒 Security Issues

• The "cryptography" package in resc-backend has been upgraded from 37.0.2 to 39.0.1. Since version 37.0.2 had CVE-2023-23931 present (Pull Request #64)
• HTML entities are now escaped from the comment boxes in the findings overview. There are already several layers of protection present in the form of escaping certain characters with VueJS default settings and allowing a maximum amount of characters in the comment box, but an additional layer of security is always welcome (Pull Request #68)

💚 GitHub Workflow Changes

• With Helm playing an important part in our project, we decided to add a GitHub Workflow Action which allows us to turn the GitHub repository into a self-hosted Helm Chart Repository. It is now possible for anyone to download the Helm Charts and run the project that way. For more information check the "gh-pages" branch (Pull Request #67)

✅ Tests Changes

• To improve the integrity of our product we added an additional set of tests in the form of Newman Tests. This allows for Postman Collections to be ran and tested (Pull Request #61)

📝 Documentation Changes

• Several typos, grammar and punctuation mistakes in several README.md files throughout the project have been fixed (Pull Request #65, Pull Request #66)

resc-helm-chart-1.0.1

A Helm chart for the Repository Scanner