Release v2.14.0
Summary
Installer
- Added support for installing using composite root.
Inventory
- Cloud Asset Inventory GA API migration.
Scanner
- Added Config Validator Scanner that uses Forseti Config Validator to evaluate for violations. Users are now able to define customized policies to scan for resources.
- Added Groups Settings Scanner to scan for GSuite Groups Settings violations.
- Updated ke_scanner_rules.yaml with CIS benchmark examples.
- Sample firewall rule updated to include a sample rule to disallow firewall rules that open ssh to the public.
Notifier
- Cloud Security Command Center GA API migration & Alpha/Beta API deprecation.
Digital Forensics - Timesketch
- Timesketch is an open source collaborative forensic timeline analysis tool developed by the incident response team at Google together with the Digital Forensics & Incident Response open source community. It uses full text search to give you insight into your timelines and you can search hundreds of millions of events across different timelines all at once. Share your findings using saved views and add meaning to your data with labels and comments.
- This product is currently in ALPHA. Please reach out to us if you would like to work with us on making Timesketch accessible for your organization.
Terraform
- Starting from v2.14.0, the Real Time Enforcer is available on the Forseti Terraform module.
- Developed in partnership with ClearDATA, Real Time Enforcer (BETA) automatically remediates non-compliant configurations in targeted Google Cloud Platform (GCP) resources. More information about the resources available can be found here.
Thanks to our contributors!
- @Red-Five
- @Limezest
- @jceresini
- @rvandegrift
- @roscoejp
- @berggren
- @frozen425
All changes
a45d433 Timesketch terraform release 2.14.0 (#2711)
af0ac79 Incremented version to 2.14.0
24c8d7f Only attempt to start the config-validator service during the cron run.
24ab777 updated run_forseti.sh to point to the correct policy-libray path.
d9fe8e4 (origin/issue2693, origin/dev, origin/HEAD, dev) Update policy-library path. (#2691)
c04fe92 Update README after 1.0 Has Been Deprecated (#2686)
854004e Config validator scanner (#2632)
0b30c41 Updated config file to sync with GA API integration (#2687)
b92ed04 Tests updated to align with GA API (#2683)
a5fdd87 Update ke_scanner_rules.yaml with CIS Benchmark Examples (#2659)
73a5af5 Migrate to CSCC GA API in Forseti (#2680)
ffe93f0 Shared VPC firewall rule creation fix (#2636)
5ca7cde Update ISSUE_TEMPLATE.md (#2622)
a07f143 Update pre-commit and pre-push githooks so that everything runs in containers like Travis (#2671)
efef493 Catch jmespath type errors (#2668)
6b1bcef Version updated (#2679)
773efbc Resolved merge conflicts (#2678)
53ef39e Add autocommit and retry to read only sql sessions for CAI temp table. (#2672)
e14b30a add firewall rule to scan for SSH from anywhere (#2666)
fe8d79f Fix sqlalchemy rollback and disconnect errors after connection reuse. (#2656)
e93d38d Deprecating CSCC Alpha support and removing Beta checks (#2647)
b5ad038 Fix exception caused by calling model delete with no handle (#2644)
2470654 Update the Cloud Asset API to use the v1 release. (#2639)
6acf16f Fixed Pylint errors (#2640)