Skip to content

0.138.0

Choose a tag to compare

View all tags
@heryxpc heryxpc released this 19 Jun 01:15
· 2 commits to master since this release
0.138.0
d5a619f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

  • chore: bump aiohttp from 3.13.4 to 3.14.0 by @dependabot[bot] in #2860
  • chore: bump starlette from 0.52.1 to 1.0.1 by @dependabot[bot] in #2862
  • feat(entra)/fix(gcp): sync Entra directory roles and link GCP instances to their service accounts by @jychp in #2856
  • feat(rules): Clean up SubImage coverage rule frameworks by @kunaals in #2864
  • chore: bump the minor-and-patch group with 2 updates by @dependabot[bot] in #2867
  • feat(rules): add stable finding identity metadata to rules by @jychp in #2863
  • feat(spacelift): link stacks to assumed AWS IAM roles by @jychp in #2870
  • feat(aws): capture GuardDuty sample findings and exclude them from the active-threat rule by @kunaals in #2865
  • fix (rules): Fix CIS AWS IAM datetime casts by @kunaals in #2872
  • fix(aws): emr subscription required retry loop by @vanshika2720 in #2311
  • chore: bump azure-mgmt-compute from 37.2.0 to 38.0.0 by @dependabot[bot] in #2848
  • chore: bump azure-mgmt-keyvault from 13.0.0 to 14.0.1 by @dependabot[bot] in #2734
  • chore: bump cloudflare from 4.3.1 to 5.1.0 by @dependabot[bot] in #2869
  • chore: bump the minor-and-patch group across 1 directory with 5 updates by @dependabot[bot] in #2868
  • feat(aws): Add CloudFormation Stack support by @yashasviyadav30 in #2478
  • feat(ontology): add Subnet, VirtualNetwork and Snapshot semantic labels by @jychp in #2873
  • fix(okta): skip groups deleted during sync when listing members by @jychp in #2885
  • feat(ecr): Add ECR pull through cache rule sync by @kunaals in #2823
  • feat(aibom): link detections to GitHub/GitLab code repositories by @jychp in #2875
  • Add public_snapshots rule: detect publicly shared EBS/RDS snapshots and AMIs by @jychp in #2879
  • feat(rules): detect IAM roles trusting unsynced AWS accounts by @jychp in #2880
  • Implement CIS AWS IAM rules 2.3, 2.4, 2.15 (resolve stale TODOs) by @jychp in #2881
  • fix(aws): correct AWSTag region handling for tag matching (#1094, #1137) by @jychp in #2883
  • feat(ontology): canonical HAS_ROLE edge (UserAccount/ServiceAccount -> PermissionRole) by @jychp in #2888
  • feat(github): project GitHub dependencies into the Package ontology with provenance and lockfile fallback by @jychp in #2886
  • feat(kubernetes): Process mapAccounts from aws-auth ConfigMap by @jychp in #2884
  • fix(aws): draw permission edges for object-level S3 grants (#1639) by @jychp in #2882
  • chore: adapt AKS sync to azure-mgmt-containerservice 41.x by @jychp in #2890
  • feat(rules): Separate rule identity from compliance framework mapping by @kunaals in #2887
  • fix(rules): align ISO and NIST framework filters by @kunaals in #2892
  • chore(cubic): add cubic-audit skill and tighten the AI-review config by @jychp in #2893
  • feat(ontology): canonical MEMBER_OF / HAS_ROLE(group) / INCLUDES / ENCRYPTED_BY / USES_SECRET edges by @jychp in #2889
  • fix(rules): update stale CISA reference by @kunaals in #2894
  • feat(azure): Ingest Azure Management Groups and Management Group Subscriptions by @shyammukund in #2842
  • fix(azure): defer hierarchy cleanup by @kunaals in #2900
  • fix(rules): lead finding output models with a human-readable display field by @jychp in #2902
  • chore: bump python from 3.13.13-slim to 3.13.14-slim by @dependabot[bot] in #2903
  • chore: bump the minor-and-patch group with 3 updates by @dependabot[bot] in #2904
  • chore: bump workos from 6.2.0 to 7.0.1 by @dependabot[bot] in #2906
  • fix(rules): reduce CIS Kubernetes finding noise by @jychp in #2898
  • chore(gcp): finish GCP HttpError classifier migration by @jychp in #2874
  • chore: bump the minor-and-patch group across 1 directory with 10 updates by @dependabot[bot] in #2905
  • fix(github): synthesize token_name for classic PATs by @jychp in #2915
  • feat(ontology): canonical OWNED_BY / RUNS_AS / ASSUMES workload-identity edges by @jychp in #2899
  • fix(aws): skip Inspector region on transient endpoint failure by @jychp in #2914
  • fix(rules): K8s 5.1.13 noise, filter-property indexes, KubernetesNode->EC2Instance link, quieter ECR sync by @jychp in #2910
  • feat(guardduty): link Kubernetes findings to their EKS cluster by @jychp in #2909
  • fix(rules): exclude account-BPA-covered buckets from S3 block public access by @jychp in #2916
  • fix(microsoft): make Intune detected-apps export resilient to stalled jobs by @jychp in #2913
  • feat(azure): sync management group role assignments by @kunaals in #2901
  • chore: bump pyjwt from 2.12.1 to 2.13.0 by @dependabot[bot] in #2917
  • chore: bump aiohttp from 3.14.0 to 3.14.1 by @dependabot[bot] in #2919
  • chore: bump starlette from 1.0.1 to 1.3.1 by @dependabot[bot] in #2918
  • fix(rules): make finding source a connector slug (CROSS_CLOUD + Entra/Snipe-IT/Google Workspace) by @jychp in #2923
  • feat(tenable): add Tenable assets and vulnerability findings intel module by @heryxpc in #2897
  • fix(cve_metadata): ignore deprecated CVE feed nodes by @kunaals in #2925

New Contributors

Full Changelog: 0.137.0...0.138.0

Contributors

heryxpc, kunaals, and 5 other contributors
Assets 2
Loading