Releases: stacscan/stacs-ci
Releases · stacscan/stacs-ci
Green Fern
Overview
Upgrades to the latest STACS container. See the STACS release notes for the new version for a list of changes in this container. Only changes to STACS-CI will be included below.
🛠️ New Features
- N/A
🍩 Improvements
- N/A
🐛 Bug Fixes
- N/A
Violet Fern
Overview
PLEASE NOTE: There is a potentially breaking change as part of this update, as the Stripe rule has been relocated under SaaS
. This modifies its reference to now be CredentialSaaSStripeAPI
. Any previously suppressed findings for this rule will need to be updated to reflect this new identifier.
🛠️ New Features
- Upgrade to the latest STACS rules, which includes new rules for
- PyPI Token
- Slack Token
- User (
xoxp-...
) - Bot (
xoxb-...
)
- User (
- NPM
authToken
password
- PKCS#12 / PFX
- DER format RSA keys.
- Detects keys with exponents
3
/65537
, and modulous sizes64
/128
/256
/512
/1024
.
- Detects keys with exponents
🍩 Improvements
- Minor changes to AWS rule.
- Simplify matching criteria for a number of rules.
🐛 Bug Fixes
- N/A
Orange Fern
Overview
🛠️ New Features
- N/A
🍩 Improvements
- Pulls in latest STACS rules (r57ce3ce).
🐛 Bug Fixes
- Fix off-by-one edge case which caused Github pull-request annotation to fail.
- This was triggered when a new file was added in a pull-request containing a credential on the first line.
Blue Fern
Overview
🛠️ New Features
- Upgrade to the latest version of STACS (STACS 0.4.4)
🍩 Improvements
- Tweak to STACS-CI deployment pipeline to simplify testing prior to release.
🐛 Bug Fixes
- N/A
Red Fern
Overview
🛠️ New Features
- Upgrade to the latest version of STACS (STACS 0.4.3)
🍩 Improvements
- N/A
🐛 Bug Fixes
- N/A
Purple Fern
Overview
🛠️ New Features
- Upgrade to the latest version of STACS (STACS 0.4.2)
🍩 Improvements
- N/A
🐛 Bug Fixes
- Ensures that file with the finding appears in the change set.
- This prevents attempts to add a review comment for a file which is already in the target branch.
- In these cases a comment will be added instead.
Yellow Fern
Overview
Initial release of STACS CI Integrations.
🛠️ New Features
-
Github Actions
- Fails the build on unsuppressed findings.
- Automatically annotates pull requests with findings.
- Automatically loads suppressions from a
stacs.ignore.json
in the root of the repository.
-
Generic CI Systems
- Fails the build on unsuppressed findings.
- Outputs findings to the console in formatted plain-text.
- Automatically loads suppressions from a
stacs.ignore.json
in the scan directory.
🍩 Improvements
- N/A
🐛 Bug Fixes
- N/A