Skip to content

Changelog

v1.8.1 (2021-07-22)

Full Changelog

Closed issues:

  • terrascan init should not be triggered if the user only wants to generate normalised json. #926
  • No rules are processed in GitlabCI #925
  • Scanning remote modules doesn't have same results as for scanning Terraform plan itself #923
  • Module AWS.KMS.Logging.High.0400 seems to serve no purpose #917
  • Secure ciphers are not used in CloudFront distribution #875
  • Correct point in time recovery for DynamoDB still leads to violation #838

Merged pull requests:

Changelog

v1.8.0 (2021-07-02)

Full Changelog

Implemented enhancements:

  • Add Support for new reference id field #786

Fixed bugs:

  • Sarif output has wrong file path value for file scans #861
  • 'k8s' key updated multiple times in policy package #439

Closed issues:

  • Terrascan is failing in scan #887
  • Refactor to Disable CGO #884
  • Issue on Azure Pipelines: failed to initialize terrascan 1.7.0 #864
  • Can't skip rules with underscore #856
  • Recursive Loop Scanning Terraform #851
  • Improve filenames in remote modules #841
  • Issues running terrascan in azure pipelines #835

Merged pull requests:

Changelog

v1.7.0 (2021-06-09)

Full Changelog

Implemented enhancements:

  • Enhancement: Support sarif as output format #775
  • Admission Controller e2e tests #749
  • Enhance terrascan docker to support all terrascan run modes #748
  • Config file changes for server and admission controller #747
  • Create Helm charts for the terrascan admission webhook setup. #685
  • Enhancement: Use module instance name for download directory #672

Fixed bugs:

  • Azure AKS failling to check the network policy status. #789
  • Scan for terraform doesn't error out if a module definition refers to a directory with no tf files #782
  • Wrong detection of MemoryRequestsCheck,CpuRequestsCheck,noReadinessProbe and nolivenessProbe policy in k8s Job spec #767
  • Update Docker build for terrascan to use numeric UID #766
  • Wrong detection of AllowPrivilegeEscalation (policy AC-K8-CA-PO-H-0165) in K8s pod spec #721
  • Failed to run prepared query error in opa/engine.go #709
  • tfplan should use resource address for id field #702
  • Rule IDs with spaces cannot be skipped #610
  • AWS.CloudFront.Network Security.Low.0568 Doesn't allow skipping due to space in filename #549
  • Error parsing syntax if using complex query for dynamic ip_restriction in azurerm_function_app or azurerm_app_service ressource #433

Closed issues:

  • Add support for YAML format for terrascan config file #807
  • Add ID field #805
  • Add a middleware to log incoming http(s) requests on terrascan server #784
  • terrascan server: validation missing for --cert-path and --key-path #769
  • show-passed should report passes only for the existing resources #757
  • Out of the box handling of certificates in helm charts for terrascan in Server mode #756
  • In-file Instrumentation #755
  • Release 1.5.2 or 1.6.0 #745
  • Issue in GCP Policyfile unrestrictedRdpAccess.rego #735
  • accurics.azure.AKS.3 is defective #711
  • Rule lambdaNotEncryptedWithKms should not check for KMS when env vars are not being used #682
  • Terrascan does not resolve env var for aws_rds_cluster attribute storage_encrypted #678
  • Valid Terraform configuration fails with s3EnforceUserAcl #659
  • kmsKeyExposedPolicy:22: eval_builtin_error: json.unmarshal: invalid character '$' looking for beginning of value} #627
  • Terrascan not able to find terraform config files in a sub directory, but it works in case of k8s infrastructure type #622
  • Potential nil-dereference found while fuzzing #611
  • terrascan should have a category-list command #597
  • Improved Documentation #416
  • Improve test coverage for k8s #400

Merged pull requests:

Changelog

v1.6.0 (2021-05-10)

Full Changelog

Implemented enhancements:

  • Atlantis Integration #686
  • Enhancement: support for all iac scan for cli #673
  • Feature request: scan sub-folders too #411

Fixed bugs:

  • Admission Controller Doesn't display feedback for kubectl "create" and "apply" #731

Closed issues:

  • GKE Control Plane is exposed to few public IP addresses #743
  • Error with finding Enable AWS CloudWatch Logs for APIs #730
  • Task: Add to github actions ability to build/push terrascan_atlantis image #728
  • accurics.azure.NS.161 does not work with tfplan #725
  • terrascan "latest" docker image broken for tfplan #718
  • Local expansion recursive infinite loop #690

Merged pull requests:

Changelog

v1.5.0 (2021-04-23)

Full Changelog

Fixed bugs:

  • Recursive loop expanding variables in included module #675
  • Terrascan doesn't resolve terraform complex variables #656
  • Panic while resolving floating point variable #652
  • Terrascan using absolute path for "source" value of resource #642
  • Failed to initialize terrascan. error : failed to install policies #614
  • Terrascan not able to read modules within a subdirectory #600
  • Terrascan init command doesn't work with -c flag #550

Closed issues:

  • Not able to scan repo when google terraform module defined #681
  • The link referencing the documentation to integrate Terrascan into CI/CD is broken #669
  • Make saving of "admission request" configurable via an option in the config file for the validating admission webhook #664
  • Add API_KEY to the /logs endpoint for the validating admission webhook #662
  • Panic: not a string #647
  • unit tests and e2e tests failing on windows #639
  • Add support for private terraform repos #631
  • policy not evaluating #629
  • Terrascan does not support to download modules via SSH #621
  • terrascan scan fails if path and rego_subdir are not provided together in the toml configfile #619
  • Getting error while running scan on our terraform repo #607
  • Terrascan not found policy id #601
  • Policies Violated and Violated Policies are confusing. #598
  • Invalid categories not being validated from config file #594
  • Terrascan API server's file scan doesn't work for k8s yaml files #584
  • Add /go/bin to the PATH variable in Docker image #577
  • terrascan scan command doesn't work with TERRASCAN_CONFIG env variable #570
  • Format junit-xml need to have passed test results, not only failed test #563
  • optimize policy download process in terrascan init #535

Merged pull requests:

v1.4.0 (2021-03-05)

Full Changelog

Implemented enhancements:

  • Scanning terraform plan files #407
  • Adds support for junit xml output #527
  • Adds e2e test scenarios for help and scan command #564
  • Adds e2e tests for api server #585
  • Please checkout our new Github Action!

Fixed bugs:

  • Fixed a few bugs in the init command and downloading of fresh policies, including #561
  • Difference in violated policies for the same terraform file #519
  • false positive for AWS.Instance.NetworkSecurity.Medium.0506 #404
  • accurics.gcp.IAM.122 needs to take into account the new name for Uniform bucket-level access flag #329
  • fix the 'repo already exist' bug and improve error logging for terrascan init #552 (dev-gaur)

Closed issues:

  • terrascan API server's file scan always returns the resource config #578
  • Issue on Azure DevOps Agents since 1.3.2 : failed to initialize terrascan #561
  • Could not get terrascan init to work - would not download policy documents #551

Merged pull requests:

v1.3.2 (2021-02-03)

Full Changelog

Fixed bugs:

  • terrascan init should download new policies #521

Closed issues:

  • How to get rid of "Anonymous, public read access to a container and its blobs can be enabled in Azure Blob storage. This is only recommended if absolutely necessary." #405
  • False Positive for accurics.azure.NS.161 when Security Groups Association and Subnets are defined indepently from VNet #391
  • Calico is not supported as a valid Network Security for azurerm_kubernetes_cluster #376

Merged pull requests:

v1.3.1 (2021-01-22)

Full Changelog

Implemented enhancements:

  • Support for remote modules
  • Tag container image with release version #504

Fixed bugs:

  • Build error on ARM MacOS
  • terrascan consider source = "terraform-aws-modules/vpc/aws" as local path #418
  • Failed to read module directory #332

Closed issues:

  • Custom Variable Validation no longer experiemental in 0.13 #500

Merged pull requests:

v1.3.0 (2021-01-19)

Full Changelog

Implemented enhancements: - Prints output in human friendly format #168 - Support for rule suppression using terraform comments,kubernetes annotations, cli arguments, and config file. - New Policies for Kubernetes #480 - Tag released Docker images #398 - Add policy for checking insecure_ssl configuration for github_repository_webhook in GitHub provider #355 - Introduced support for terraform .14 and .13. Note: This will introduce some breaking changes for terraform v.12 files, even if using --iac-version v.12 flag. Notably we will no longer support multiple providers blocks, and certain references inside provisioner blocks (objects other than self, count or each, where when = destroy) . For more details see: https://github.com/hashicorp/terraform/releases/tag/v0.13.0

Fixed bugs:

  • terrascan doesn't allow registering multiple versions for an iac-type #471
  • Debug resource lock #432
  • terrascan panic: not a string #412
  • False positive for aws rule vpcFlowLogsNotEnabled #408
  • accurics.GCP.EKM.132 and accurics.GCP.EKM.131 wrong violation using disk_encryption_key #382
  • s3EnforceUserACL - False Positive #359
  • How to fix accurics.azure.EKM.20 #331
  • Why accurics.gcp.IAM.104 suggests enabling a client certificate? #330

Closed issues:

  • terraform can't detect violations in terraform modules #468
  • uniformBucketEnabled.rego referencing deprecated config #453
  • Unable to run terrascan scan #446
  • Terrascan doesn't exit with error on CLI or Parsing errors. #442
  • Terrascan Failure When Using Terraform 13 + Variable Validation #426
  • Update policy example in documentation to use latest GitHub implementation #422
  • Fix link to repo playground in policies documentation #421
  • terrascan scan crashes with runtime: goroutine stack exceeds 1000000000-byte limit #406
  • Typo error in the terrascan Architecture page #403
  • accurics.gcp.OPS.114 should also check for cos_containerd image #395
  • accurics.gcp.NS.112 suggest basic auth is enabled when is not #394
  • Test coverage missing for kustomize iac-provider #379
  • Why is vpcFlowLogsNotEnabled determined to be a violation? #352

Merged pull requests:

v1.2.0 (2020-11-16)

Full Changelog

Implemented enhancements:

  • Add support for Helm #353
  • Add 'git' to container image, or run container as 'root' user by default #349
  • Add policy for checking insecure_ssl configuration for github_organization_webhook in GitHub provider #339
  • Rule for github_repository seems to be wrongly placed under gcp #325

Fixed bugs:

  • Fail to validate when there are multiple properties with the same name in a resource #1

Closed issues:

  • Deep modules location mis-proccessed. #365
  • 20MB binary file included in repo now #364
  • Private GitHub repositories are not recognized with version 3.0.0+ of GitHub provider #326
  • Terrascan -var-file=../another dir #144
  • Error in test_aws_security_group_inline_rule_open and test_aws_security_group_rule_open #138
  • Intial setup after installation #136
  • Add support for data sources #3
  • Support from modules #2

Merged pull requests:

v1.1.0 (2020-09-16)

Full Changelog

Implemented enhancements:

Fixed bugs:

Closed issues:

  • Terrascan wrongly reports a accurics.gcp.NS.130 (checkIpForward) violation #320
  • Allow structure output (Json) #252
  • Throwing Errors when parsing nested brackets in HCL #233
  • Be able to generate xml/html reports #119

Merged pull requests:

1.0.0 (2020-08-16)

Major updates to Terrascan and the underlying architecture including:

  • Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling.
  • Server mode. This allows Terrascan to be executed as a server and use it's API to perform static code analysis
  • Notifications hooks. Will be able to integrate for notifications to external systems (e.g. email, slack, etc.)
  • Uses OPA policy engine and policies written in Rego.

0.2.3 (2020-07-23)

  • Introduces the '-f' flag for passing a list of ".tf" files for linting and the '--version' flag.

0.2.2 (2020-07-21)

  • Adds Docker image and pipeline to push to DockerHub

0.2.1 (2020-06-19)

  • Bugfix: The pyhcl hard dependency in the requirements.txt file caused issues if a higher version was installed. This was fixed by using the ">=" operator.

0.2.0 (2020-01-11)

  • Adds support for terraform 0.12+

0.1.2 (2020-01-05)

  • Adds ability to setup terrascan as a pre-commit hook

0.1.1 (2020-01-01)

  • Updates dependent packages to latest versions
  • Migrates CI to GitHub Actions from travis

0.1.0 (2017-11-26)

  • First release on PyPI.

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator

* This Changelog was automatically generated by github_changelog_generator