Cloudsplaining Versions Save

Changes

• Add release drafter GitHub Action @kmcquade (#148)
• Fixing bug in scan-policy-file command @saikirankv (#143)
• add RoleLastUsed date @dgwhited (#140)
• Expand collapse approach changed @rohanshenoy96 (#138)
• remove click_log lib @reetasingh (#136)
• Fix logging @reetasingh (#135)
• Added inline explanations of findings @kmcquade (#132)
• udpate README.md badge link to test action @reetasingh (#127)

🚀 Features

• Implemented Vue router for navbar @rohanshenoy96 (#128)

🐛 Bug Fixes

• fix: User-Group relationships are now shown on IAM Principals page (#122) @verkaufer (#146)

📝 Documentation

• Improve Privilege Escalation output format in the UI - fixes #114 @kmcquade (#144)
• Add definitions to documentation so we can link to them @kmcquade (#139)

• UI
  • Credentials Exposure as a new finding (#99)
  • Service Wildcard as a new finding (#82)
  • scan command now has a --minimize option, which you can use to reduce your report size. The example report size was reduced from 3.9MB (ouch!) to 212KB. (Fixes #125)
• Backend
  • Updated tests to include updated sample data

• Excluded actions no longer show up in results (Fixes #106)
• Fixed issue where : policy would break results due to how the Service Wildcard finding was implemented (Fixes #109)
• Credentials Exposure and Service Wildcard now show up in the data file results. These will show up in the HTML Report in a future release
• Exclusions are now applied earlier in the scan to improve speed
• Vue components are cleaned up - less HTML, more config and JS

• Fixes issue where Inline Policies were showing up as findings even when they were attached to excluded IAM principals. Fixes #104

• Major UI uplift:
  • Summary page: new Bar chart to summarize results
  • Upgraded page: IAM Principals metadata
  • New page: Inline Policies (separated from Customer policies)
  • Many bug fixes that were present with the previous UI
• Backend
  • Migration to Vue.js
  • Leveraging an updated data JSON file
• New findings
  • scan-policy-file command now returns findings about Service Wildcard (#82)
  • scan-policy-file command now returns findings about Credentials Exposure (#99).
  • Note: the above two findings are not in the scan command for this release (the HTML Report)

• UI: The Exclusions configuration was not showing up in the report due to a typo
• Changed --input flag to --input-file for all commands
• Fixed bug in scan-policy-file command (#79)
• Backend: Improved the JSON output a bit for the new principal policy mapping data file.

• UI: Fixed an issue where the Remediation guidance was not showing up in the resulting report. Fixes #70
• Triage Worksheet: Made the values under the Triage worksheet "Type" column more specific - i.e., AWS-Managed Policy, Customer-Managed Policy, Inline Group Policy, Inline User Policy, or Inline Role Policy. Before, it just said "group", "role", "user", or "Policy", which didn't help much.
• Added some backend methods that do not change the functionality. This will help with the eventual UI uplift (and helps with an additional side project)

• Definitions for Risk types are now available via Popovers. Fixes #66
• Renamed "Group", "User", "Role" as "Inline Group Policy", "Inline User Policy", and "Inline Role Policy" respectively. Addresses #63
• Fixes links to the inline policies in case there are duplicate names. Addresses #63
• Moves "Attached to Principal(s)" to the Finding card instead of in the finding details in case there are duplicate policy names. Fixes #63

See the updated example report: https://opensource.salesforce.com/cloudsplaining/

• Made callable via script to partially fix #39
• Move to virtualenv instead of Pipenv