SecureCodeBox Versions Save

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

⚠️ Upgrade Notes

This release contains a fix in the Custom Resource Definitions (CRDs), Helm does not update CRDs after the initial installation. To upgrade the CRDs you can run the following script or grab the latest CRDs from the git repo at the v4.5.0 tag:

kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/cascading.securecodebox.io_cascadingrules.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_clusterscancompletionhooks.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_clusterscantypes.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_parsedefinitions.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_scans.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_scantypes.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.5.0/operator/crds/execution.securecodebox.io_scheduledscans.yaml

🚀 Features

• Ensure Lurker Does Not Run Out of Memory When Uploading Large Scan Results @J12934 & @Alon-Katz (#2336)

🚓 Security Scanner

• Upgraded semgrep from 1.61.1 to 1.65.0 @secureCodeBoxBot (#2357, #2337, #2323, #2312)

🐛 Bug Fixes

• Add missing node selector field to CRDs @J12934 & @Alon-Katz (#2348)

📚 Documentation

• Fix typo in installation documentation @sw-fox (#2335)
• Document how to use AWS IAM for S3 in AWS @Weltraumschaf (#2314)

🔧 Maintenance

• Streamline CRD and RBAC Generation to avoid further Issues @J12934 (#2348)

📌 Dependencies

Minor dependency updates (30 pull requests). Click to expand.

• Bump @types/node from 20.11.19 to 20.11.24 in /documentation @dependabot (#2330)
• Bump @types/react from 18.2.56 to 18.2.63 in /documentation @dependabot (#2334)
• Bump @types/react from 18.2.63 to 18.2.64 in /documentation @dependabot (#2355)
• Bump com.fasterxml.jackson.core:jackson-annotations from 2.16.1 to 2.16.2 in /hooks/persistence-defectdojo/hook @dependabot (#2352)
• Bump com.fasterxml.jackson.core:jackson-core from 2.16.1 to 2.16.2 in /hooks/persistence-defectdojo/hook @dependabot (#2349)
• Bump com.fasterxml.jackson.core:jackson-databind from 2.16.1 to 2.16.2 in /hooks/persistence-defectdojo/hook @dependabot (#2350)
• Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.16.1 to 2.16.2 in /hooks/persistence-defectdojo/hook @dependabot (#2351)
• Bump eslint from 8.56.0 to 8.57.0 in /documentation @dependabot (#2316)
• Bump eslint-plugin-react from 7.33.2 to 7.34.0 in /documentation @dependabot (#2354)
• Bump fsfe/reuse-action from 2 to 3 in /.github/workflows @dependabot (#2333)
• Bump google.golang.org/protobuf from 1.27.1 to 1.33.0 in /lurker @dependabot (#2359)
• Bump google.golang.org/protobuf from 1.28.0 to 1.33.0 in /auto-discovery/kubernetes @dependabot (#2361)
• Bump google.golang.org/protobuf from 1.28.0 to 1.33.0 in /operator @dependabot (#2360)
• Bump google.golang.org/protobuf from 1.31.0 to 1.33.0 in /auto-discovery/cloud-aws @dependabot (#2362)
• Bump ip from 2.0.0 to 2.0.1 in /scanners/amass/parser @dependabot (#2308)
• Bump jose from 4.11.2 to 4.15.5 in /auto-discovery/kubernetes/pull-secret-extractor/integration-test @dependabot (#2341)
• Bump jose from 4.11.2 to 4.15.5 in /hook-sdk/nodejs @dependabot (#2340)
• Bump jose from 4.11.2 to 4.15.5 in /hooks @dependabot (#2338)
• Bump jose from 4.11.2 to 4.15.5 in /parser-sdk/nodejs @dependabot (#2339)
• Bump jose from 4.11.4 to 4.15.5 in /hooks/notification/hook @dependabot (#2343)
• Bump jose from 4.11.4 to 4.15.5 in /scanners @dependabot (#2342)
• Bump jose from 4.14.4 to 4.15.5 in /hooks/cascading-scans/hook @dependabot (#2344)
• Bump jose from 4.14.4 to 4.15.5 in /tests/integration @dependabot (#2345)
• Bump jose from 4.15.4 to 4.15.5 @dependabot (#2346)
• Bump mikefarah/yq from 4.41.1 to 4.42.1 in /.github/workflows @dependabot (#2321)
• Bump org.mockito:mockito-core from 5.10.0 to 5.11.0 in /hooks/persistence-defectdojo/hook @dependabot (#2331)
• Bump org.mockito:mockito-junit-jupiter from 5.10.0 to 5.11.0 in /hooks/persistence-defectdojo/hook @dependabot (#2332)
• Bump sass from 1.71.0 to 1.71.1 in /documentation @dependabot (#2319)
• Bump sass-loader from 14.1.0 to 14.1.1 in /documentation @dependabot (#2317)
• Bump typescript from 5.3.3 to 5.4.2 in /documentation @dependabot (#2356)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @J12934, @Weltraumschaf and @sw-fox

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🐛 Bug Fixes

• Fix issue with amass parser where the operator isn't able to properly start the parser due to an RBAC issue @J12934 (#2309)

🔒 Security

• Change RSA padding mechanism due to a potential timing attack in ncrack parser. The encryption can be used into encrypt passwords identified by ncrack scanner (https://www.securecodebox.io/docs/scanners/ncrack#password-encryption) @J12934 (#2310)

Distribution

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

⚠️ Upgrade Notes

This update adds new fields to the Custom Resource Definitions (CRDs), Helm does not update CRDs after the initial installation. To upgrade the CRDs you can run the following script or grab the latest CRDs from the git repo at the v4.4.0 tag:

kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/cascading.securecodebox.io_cascadingrules.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_clusterparsedefinitions.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_clusterscancompletionhooks.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_clusterscantypes.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_parsedefinitions.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_scans.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_scantypes.yaml	
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v4.4.0/operator/crds/execution.securecodebox.io_scheduledscans.yaml

🚀 Features

• Add nodeSelector Support to Operator, Parsers, and Scanners @kamirendawkins (#2254)
• Added GitHub Actions workflow for releasing Helm charts to GHCR @Ilyesbdlala (#2108)
• Add option to wait between DefectDojo finding upload and redownload for DefectDojo Hook SyncBack mode to ensure findings are properly deduplicated @moxli & @Weltraumschaf (#2057, #2208)
• Replace twitter account with mastadon @Weltraumschaf (#2249, #2250, #2274)

🚓 Security Scanner

• Upgraded gitleaks from v8.18.0 to v8.18.2 @secureCodeBoxBot (#2245, #2103)
• Upgraded kubeaudit from 0.22.0 to 0.22.1 @secureCodeBoxBot (#2111)
• Upgraded nikto to actual 2.5.0 version @J12934 (#2262)
• Upgraded nuclei from v3.0.3 to v3.1.10 @secureCodeBoxBot (#2253, #2240, #2217, #2202, #2173, #2165, #2150, #2129, #2114, #2104)
• Upgraded semgrep from 1.48.0 to 1.61.1 @secureCodeBoxBot (#2294, #2270, #2252, #2241, #2218, #2203, #2174, #2158, #2154, #2132, #2126, #2112, #2101)
• Upgraded trivy from 0.46.1 to 0.49.1 @secureCodeBoxBot (#2267, #2246, #2176, #2156, #2127)
• Upgraded typo3scan from v1.1.3 to v1.1.4 @secureCodeBoxBot (#2269)

🐛 Bug Fixes

• Fix Crash in DefectDojo Hook for Scans without Parameters @Weltraumschaf (#2275)
• Fixed Scans being marked as Failed after the First Jobs has failed @Ilyesbdlala (#2205)
• Added DefectDojo mapping for zap-automation-framework scans @moxli (#2134)

🧪 Test

• Added Unit tests for CI helpers @Ilyesbdlala (#2177)

📚 Documentation

• Add Page with List of Mentions @Weltraumschaf (#2247)
• Minor issues in documentation @BorisShek (#2239)
• Update contributing guidelines to include guideline about ticket numbers in commit messages @Weltraumschaf (#2238)
• Add Page with List of Mentions @Weltraumschaf (#2247)
• Clean Up Docs for Hooks esp. DD Hook @Weltraumschaf (#2206)
• Change relative links to absolute in docs @BorisShek (#2256)
• Clarify which names need to be unique in DefectDojo @J12934 (#2288)

🔧 Maintenance

• Upgraded Docusaurus to v3.1.1 @Ilyesbdlala & @dependabot (#2102, #2131, #2227)
• Minor Java Code Style Cleanups in DefectDojo Hooks Cleaning @Weltraumschaf (#2207)
• Extract side effects introduced by System#getenv() @Weltraumschaf (#2184)
• Add gradle, docker, workflows to dependabot config @Weltraumschaf (#2186)
• Improve Error Logging for File Uploads in DefectDojo Persistence Hook @Weltraumschaf (#2292)
• Fix Admonition in Post-Processing Hooks How-To @Weltraumschaf (#2289)

📌 Dependencies

Minor dependency updates (38 pull requests). Click to expand.

• Applied NPM audit fixes @Ilyesbdlala (#2097)
• Bump @docusaurus/types from 3.1.0 to 3.1.1 in /documentation @dependabot (#2226)
• Bump @types/node from 20.11.1 to 20.11.5 in /documentation @dependabot (#2196)
• Bump @types/node from 20.11.16 to 20.11.17 in /documentation @dependabot (#2282)
• Bump @types/node from 20.11.5 to 20.11.16 in /documentation @dependabot (#2260)
• Bump @types/react from 18.2.48 to 18.2.53 in /documentation @dependabot (#2261)
• Bump @types/react from 18.2.53 to 18.2.55 in /documentation @dependabot (#2283)
• Bump actions/cache from 3 to 4 in /.github/workflows @dependabot (#2280)
• Bump actions/checkout from 3 to 4 in /.github/workflows @dependabot (#2232)
• Bump actions/setup-go from 4 to 5 in /.github/workflows @dependabot (#2215)
• Bump actions/setup-java from 3 to 4 in /.github/workflows @dependabot (#2213)
• Bump actions/setup-python from 4 to 5 in /.github/workflows @dependabot (#2233)
• Bump actions/upload-artifact from 3 to 4 in /.github/workflows @dependabot (#2194)
• Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.15.2 to 2.16.1 in /hooks/persistence-defectdojo/hook @dependabot (#2211)
• Bump com.github.ben-manes.versions from 0.50.0 to 0.51.0 in /hooks/persistence-defectdojo/hook @dependabot (#2222)
• Bump crazy-max/ghaction-import-gpg from 5 to 6 in /.github/workflows @dependabot (#2212)
• Bump docker/build-push-action from 2 to 5 in /.github/workflows @dependabot (#2195)
• Bump docker/login-action from 1 to 3 in /.github/workflows @dependabot (#2214)
• Bump docker/metadata-action from 3 to 5 in /.github/workflows @dependabot (#2189)
• Bump docker/setup-buildx-action from 1 to 3 in /.github/workflows @dependabot (#2230)
• Bump docker/setup-qemu-action from 2 to 3 in /.github/workflows @dependabot (#2198)
• Bump eslint-plugin-prettier from 5.0.1 to 5.1.3 in /documentation @dependabot (#2199)
• Bump io.freefair.lombok from 8.1.0 to 8.4 in /hooks/persistence-defectdojo/hook @dependabot (#2192)
• Bump mikefarah/yq from 4.4.1 to 4.40.5 in /.github/workflows @dependabot (#2231)
• Bump mikefarah/yq from 4.40.5 to 4.40.7 in /.github/workflows @dependabot (#2281)
• Bump nodemailer from 6.6.3 to 6.9.9 in /hooks/notification/hook @dependabot (#2248)
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 in /hooks/persistence-defectdojo/hook @dependabot (#2258)
• Bump org.mockito:mockito-core from 5.4.0 to 5.9.0 in /hooks/persistence-defectdojo/hook @dependabot (#2197)
• Bump org.mockito:mockito-core from 5.9.0 to 5.10.0 in /hooks/persistence-defectdojo/hook @dependabot (#2224)
• Bump org.mockito:mockito-junit-jupiter from 5.4.0 to 5.9.0 in /hooks/persistence-defectdojo/hook @dependabot (#2188)
• Bump org.mockito:mockito-junit-jupiter from 5.9.0 to 5.10.0 in /hooks/persistence-defectdojo/hook @dependabot (#2223)
• Bump org.slf4j:slf4j-api from 2.0.11 to 2.0.12 in /hooks/persistence-defectdojo/hook @dependabot (#2278)
• Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.11 in /hooks/persistence-defectdojo/hook @dependabot (#2193)
• Bump org.slf4j:slf4j-log4j12 from 2.0.11 to 2.0.12 in /hooks/persistence-defectdojo/hook @dependabot (#2277)
• Bump org.slf4j:slf4j-log4j12 from 2.0.7 to 2.0.11 in /hooks/persistence-defectdojo/hook @dependabot (#2187)
• Bump peter-evans/create-pull-request from 3 to 5 in /.github/workflows @dependabot (#2216)
• Bump peter-evans/create-pull-request from 5 to 6 in /.github/workflows @dependabot (#2257)
• Bump peter-evans/dockerhub-description from 2 to 3 in /.github/workflows @dependabot (#2191)
• Bump peter-evans/dockerhub-description from 3 to 4 in /.github/workflows @dependabot (#2234)
• Bump sass-loader from 13.3.2 to 14.1.0 in /documentation @dependabot (#2259)
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.3 to 2.1.6 in /hooks/persistence-defectdojo/hook @dependabot (#2209)
• Updated Docusaurus to 3.1.1 @dependabot (#2227)
• Use latest releases DD Client Lib @Weltraumschaf (#2204)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @BorisShek, @Ilyesbdlala, @kamirendawkins, @moxli, @J12934 and @Weltraumschaf

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Add nodeSelector Support to Operator, Parsers, and Scanners @kamirendawkins (#2254)
• Added GitHub Actions workflow for releasing Helm charts to GHCR @Ilyesbdlala (#2108)
• Replace twitter account with mastadon @Weltraumschaf (#2249, #2250, #2274)

🚓 Security Scanner

• Upgraded gitleaks from v8.18.0 to v8.18.2 @secureCodeBoxBot (#2245, #2103)
• Upgraded kubeaudit from 0.22.0 to 0.22.1 @secureCodeBoxBot (#2111)
• Upgraded nikto to actual 2.5.0 version @J12934 (#2262)
• Upgraded nuclei from v3.0.3 to v3.1.10 @secureCodeBoxBot (#2253, #2240, #2217, #2202, #2173, #2165, #2150, #2129, #2114, #2104)
• Upgraded semgrep from 1.48.0 to 1.60.1 @secureCodeBoxBot (#2270, #2252, #2241, #2218, #2203, #2174, #2158, #2154, #2132, #2126, #2112, #2101)
• Upgraded trivy from 0.46.1 to 0.49.1 @secureCodeBoxBot (#2267, #2246, #2176, #2156, #2127)
• Upgraded typo3scan from v1.1.3 to v1.1.4 @secureCodeBoxBot (#2269)

🐛 Bug Fixes

• Fix Crash in DefectDojo Hook for Scans without Parameters @Weltraumschaf (#2275)
• Fixed Scans being marked as Failed after the First Jobs has failed @Ilyesbdlala (#2205)
• Add zap automation scan defectdojo mapping @moxli (#2134)
• Implements awaiting before refetching imported DefectDojo finding @Weltraumschaf (#2208)

🧪 Test

• Added Unit tests for CI helpers @Ilyesbdlala (#2177)

📚 Documentation

• Add Page with List of Mentions @Weltraumschaf (#2247)
• Minor issues in documentation @BorisShek (#2239)
• Update contributing guidelines to include guideline about ticket numbers in commit messages @Weltraumschaf (#2238)
• Add Page with List of Mentions @Weltraumschaf (#2247)
• Clean Up Docs for Hooks esp. DD Hook @Weltraumschaf (#2206)
• Change relative links to absolute in docs @BorisShek (#2256)

🔧 Maintenance

• Upgraded Docusaurus to v3.1.1 @Ilyesbdlala & @dependabot (#2102, #2131, #2227)
• Minor Java Code Style Cleanups in DefectDojo Hooks Cleaning @Weltraumschaf (#2207)
• Extract side effects introduced by System#getenv() @Weltraumschaf (#2184)
• Add gradle, docker, workflows to dependabot config @Weltraumschaf (#2186)

📌 Dependencies

Minor dependency updates (38 pull requests). Click to expand.

• Applied NPM audit fixes @Ilyesbdlala (#2097)
• Bump @docusaurus/types from 3.1.0 to 3.1.1 in /documentation @dependabot (#2226)
• Bump @types/node from 20.11.1 to 20.11.5 in /documentation @dependabot (#2196)
• Bump @types/node from 20.11.16 to 20.11.17 in /documentation @dependabot (#2282)
• Bump @types/node from 20.11.5 to 20.11.16 in /documentation @dependabot (#2260)
• Bump @types/react from 18.2.48 to 18.2.53 in /documentation @dependabot (#2261)
• Bump actions/cache from 3 to 4 in /.github/workflows @dependabot (#2280)
• Bump actions/checkout from 3 to 4 in /.github/workflows @dependabot (#2232)
• Bump actions/setup-go from 4 to 5 in /.github/workflows @dependabot (#2215)
• Bump actions/setup-java from 3 to 4 in /.github/workflows @dependabot (#2213)
• Bump actions/setup-python from 4 to 5 in /.github/workflows @dependabot (#2233)
• Bump actions/upload-artifact from 3 to 4 in /.github/workflows @dependabot (#2194)
• Bump com.fasterxml.jackson.datatype:jackson-datatype-jsr310 from 2.15.2 to 2.16.1 in /hooks/persistence-defectdojo/hook @dependabot (#2211)
• Bump com.github.ben-manes.versions from 0.50.0 to 0.51.0 in /hooks/persistence-defectdojo/hook @dependabot (#2222)
• Bump crazy-max/ghaction-import-gpg from 5 to 6 in /.github/workflows @dependabot (#2212)
• Bump docker/build-push-action from 2 to 5 in /.github/workflows @dependabot (#2195)
• Bump docker/login-action from 1 to 3 in /.github/workflows @dependabot (#2214)
• Bump docker/metadata-action from 3 to 5 in /.github/workflows @dependabot (#2189)
• Bump docker/setup-buildx-action from 1 to 3 in /.github/workflows @dependabot (#2230)
• Bump docker/setup-qemu-action from 2 to 3 in /.github/workflows @dependabot (#2198)
• Bump eslint-plugin-prettier from 5.0.1 to 5.1.3 in /documentation @dependabot (#2199)
• Bump io.freefair.lombok from 8.1.0 to 8.4 in /hooks/persistence-defectdojo/hook @dependabot (#2192)
• Bump mikefarah/yq from 4.4.1 to 4.40.5 in /.github/workflows @dependabot (#2231)
• Bump mikefarah/yq from 4.40.5 to 4.40.7 in /.github/workflows @dependabot (#2281)
• Bump nodemailer from 6.6.3 to 6.9.9 in /hooks/notification/hook @dependabot (#2248)
• Bump org.junit:junit-bom from 5.10.1 to 5.10.2 in /hooks/persistence-defectdojo/hook @dependabot (#2258)
• Bump org.mockito:mockito-core from 5.4.0 to 5.9.0 in /hooks/persistence-defectdojo/hook @dependabot (#2197)
• Bump org.mockito:mockito-core from 5.9.0 to 5.10.0 in /hooks/persistence-defectdojo/hook @dependabot (#2224)
• Bump org.mockito:mockito-junit-jupiter from 5.4.0 to 5.9.0 in /hooks/persistence-defectdojo/hook @dependabot (#2188)
• Bump org.mockito:mockito-junit-jupiter from 5.9.0 to 5.10.0 in /hooks/persistence-defectdojo/hook @dependabot (#2223)
• Bump org.slf4j:slf4j-api from 2.0.7 to 2.0.11 in /hooks/persistence-defectdojo/hook @dependabot (#2193)
• Bump org.slf4j:slf4j-log4j12 from 2.0.7 to 2.0.11 in /hooks/persistence-defectdojo/hook @dependabot (#2187)
• Bump peter-evans/create-pull-request from 3 to 5 in /.github/workflows @dependabot (#2216)
• Bump peter-evans/create-pull-request from 5 to 6 in /.github/workflows @dependabot (#2257)
• Bump peter-evans/dockerhub-description from 2 to 3 in /.github/workflows @dependabot (#2191)
• Bump peter-evans/dockerhub-description from 3 to 4 in /.github/workflows @dependabot (#2234)
• Bump sass-loader from 13.3.2 to 14.1.0 in /documentation @dependabot (#2259)
• Bump uk.org.webcompere:system-stubs-jupiter from 2.1.3 to 2.1.6 in /hooks/persistence-defectdojo/hook @dependabot (#2209)
• Use latest releases DD Client Lib @Weltraumschaf (#2204)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @BorisShek, @Ilyesbdlala, @kamirendawkins, @moxli, @J12934 and @Weltraumschaf

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Added GitHub Actions workflow for releasing Helm charts to GHCR @Ilyesbdlala (#2108) Note: this is still considered experimental. We'll hopefully be able to switch to oci helm charts completly over the next couple of month. This will be properly announced and the existing registry will be kept running some multiple month before it's turned off.

🚓 Security Scanner

- Upgraded gitleaks from v8.18.0 to v8.18.1 @secureCodeBoxBot (#2103)

• Upgraded kubeaudit from 0.22.0 to 0.22.1 @secureCodeBoxBot (#2111)
• Upgraded nuclei from v3.0.3 to v3.1.0 @secureCodeBoxBot (#2114, #2104)
• Upgraded semgrep from 1.48.0 to 1.51.0 @secureCodeBoxBot (#2112, #2101)

📚 Documentation

• Upgraded Docusaurus to v3 @Ilyesbdlala (#2102)

🔧 Maintenance

• Applied NPM audit fixes @Ilyesbdlala (#2097)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @Ilyesbdlala and @J12934

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Added GitHub Actions workflow for releasing Helm charts to GHCR @Ilyesbdlala (#2108) Note: this is still considered experimental. We'll hopefully be able to switch to oci helm charts completly over the next couple of month. This will be properly announced and the existing registry will be kept running some multiple month before it's turned off.

🚓 Security Scanner

- Upgraded gitleaks from v8.18.0 to v8.18.1 @secureCodeBoxBot (#2103)

• Upgraded kubeaudit from 0.22.0 to 0.22.1 @secureCodeBoxBot (#2111)
• Upgraded nuclei from v3.0.3 to v3.1.0 @secureCodeBoxBot (#2114, #2104)
• Upgraded semgrep from 1.48.0 to 1.51.0 @secureCodeBoxBot (#2112, #2101)

📚 Documentation

• Upgraded Docusaurus to v3 @Ilyesbdlala (#2102)

🔧 Maintenance

• Applied NPM audit fixes @Ilyesbdlala (#2097)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @Ilyesbdlala and @J12934

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Allow to configure project name and version for Dependecy-Track hook @o1oo11oo (#2062)
• Automatically set Dependency-Track project name and version for images discovered by AWS AutoDiscovery @o1oo11oo (#2062)

🚓 Security Scanner

• Upgraded nuclei from v3.0.0 to v3.0.3 @secureCodeBoxBot (#2063, #2074, #2081)
• Upgraded semgrep from 1.45.0 to 1.48.0 @secureCodeBoxBot (#2069, #2085)
• Upgraded trivy from 0.46.0 to 0.46.1 @secureCodeBoxBot (#2076)
• Upgraded trivy-sbom from 0.46.0 to 0.47.0 @secureCodeBoxBot (#2075, #2084)

🐛 Bug Fixes

• Added permission to manager-role ClusterRole to update 'roles' @Ilyesbdlala (#2078)
• Update CRDs included in helm chart to fix missing definition for ScheduledScan concurrencyPolicy @Ilyesbdlala (#2077)

📚 Documentation

• Change Primary Community "Channel" from Slack to Github Discussions & Issues @J12934 (#2072)
• Update supported kubernetes version range to v1.25 - v1.28 @Ilyesbdlala (#2088)
• Documented Decission About OpenVAS Integration @Weltraumschaf (#2017, #2071)
• Add missing docs to Dependency-Track hook @o1oo11oo (#2060)

📌 Dependencies

• Update NPM Dependencies @Ilyesbdlala (#2068)
• Update @kubernetes/client-node to 0.19.0 @Ilyesbdlala (#2088)

🔧 Maintenance

• Optimizie CI Runtime by Parallelizing Slow Tests @Ilyesbdlala (#2087)
• Decreased likelihood for trivy-k8s tests to fail in CI by reducing the scope of the scan @Ilyesbdlala (#2052)
• Fixed nuclei integration-test timeout @Ilyesbdlala (#2079)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @Ilyesbdlala, @J12934, @Weltraumschaf and @o1oo11oo

Changes

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Added MVP for an AWS AutoDiscovery to automatically scan images in AWS ECS @o1oo11oo (#1894, #1936)
• Added support for genorating SBOM for Container Images using new trivy-sbom-image ScanType @o1oo11oo (#1838, #1854)
• Added the dependency-track hook to upload SBOMs to OWASP Dependency-Track @o1oo11oo (#1838, #1854)

🚓 Security Scanner

• Upgraded nuclei from v2.9.14 to v2.9.15 @secureCodeBoxBot (#1967)
• Upgraded semgrep from 1.41.0 to 1.44.0 @secureCodeBoxBot (#2004, #2021)
• Upgraded trivy from 0.45.1 to 0.46.0 @secureCodeBoxBot (#2028)
• Upgraded trivy-sbom from 0.45.0 to 0.46.0 @secureCodeBoxBot (#2012, #2029)
• Upgraded wpscan from v3.8.24 to v3.8.25 @secureCodeBoxBot (#1999)
• Switch ZAP Docker images from OWASP to SSP docker hub repo @o1oo11oo (#2025)
• Upgraded zap from 2.13.0 to 2.14.0 @secureCodeBoxBot (#2022)
• Upgraded zap-advanced from 2.13.0 to 2.14.0 @secureCodeBoxBot (#2023)

⚓️ Hooks

• Add a basic SBOM workflow (closes #1838) @o1oo11oo (#1854)

🐛 Bug Fixes

• Remove interval from required properties as ScheduledScan can be defined by schedule too @Zero3141 (#1994)
• Add missing affinity and tolerations properties to hooks @Zero3141 (#1996)
• Fix path to iteratec logo in main README.md @o1oo11oo (#2027)
• Add missing licenses for SBOM workflow @o1oo11oo (#2011)
• Fix helm unit test templates @o1oo11oo (#2008)
• Fix spdx header @Weltraumschaf (#2005, #2006)

🧪 Test

• Implemented Helm Unit Tests @Ilyesbdlala (#1949)

📚 Documentation

• Move documentation to primary secureCodeBox repository @Zero3141 (#1992)
• Add architecture decision for OpenVAS integration @Zero3141 (#1957)
• Fix example secret keys for S3 api keys @1ovsss (#2036)

🔧 Maintenance

• Update NPM Dependencies @Ilyesbdlala (#2050)
• Recurring documentation maintenance @Ilyesbdlala (#2039)
• Use ZAP Docker images from SSP repo @o1oo11oo (#2025)
• Skip trivy k8 test until we fixed #1982 @Zero3141 (#1995)
• Add SPDX Header License Check To PRs @Zero3141 (#1961)

📌 Dependencies

• Bump @babel/traverse from 7.15.0 to 7.23.2 in /hooks/notification/hook @dependabot (#2038)
• Bump @types/react-helmet from 6.1.6 to 6.1.7 in /documentation @dependabot (#2015)
• Bump eslint from 8.50.0 to 8.51.0 in /documentation @dependabot (#2034)
• Bump golang.org/x/net from 0.7.0 to 0.17.0 in @dependabot (#2018, #2019, #2020, #2056)
• Bump postcss from 8.4.30 to 8.4.31 in /documentation @dependabot (#2009)
• Bump rimraf from 3.0.2 to 5.0.5 in /documentation @dependabot (#2014)
• Bump sass from 1.68.0 to 1.69.3 in /documentation @dependabot (#2013, #2032)
• Bump urllib3 from 1.26.14 to 1.26.18 in /auto-discovery/kubernetes/pull-secret-extractor @dependabot (#2000, #2053)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @1ovsss, @Ilyesbdlala, @Weltraumschaf, @Zero3141, @o1oo11oo and Heiko Kiesel

v4.1.0

This release contains the following changes 🎉. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Add trivy-k8s scan support (closes #1411) @fbelter-iteratec (#1694)
• Added a concurrency policy option for scheduledScan CRD @Ilyesbdlala (#1749)
• Added a crontab configuration option to scheduledScans @Ilyesbdlala (#1722)
• Allow to configure env and volumes in hooks @Zero3141 (#1881)
• Allowed Specifying Labels for Pods of Scans @Ilyesbdlala (#1899)
• DefectDojo Hook: Allow setting minimum severity on Import (closes #1700 ) @ManuelNeuer (#1775)
• Enable client/server mode for trivy by default to cache the vulnerability DB (closes #911) @o1oo11oo (#1760)
• Hardcode debian version in screenshooter Dockerfile @Zero3141 (#1829)
• Remove deprecated userId attribute for DefectDojo Hook @Zero3141 (#1861)
• Update JuiceShop Helm chart to use modern Ingress resource @maze88 (#1882)

🚓 Security Scanner

• Upgraded amass from v3.23.2 to v4.2.0 @Ilyesbdlala, @secureCodeBoxBot (#1773, #1821, #1825)
• Upgraded doggo from v0.5.5 to v0.5.7 @secureCodeBoxBot (#1824, #1955)
• Upgraded ffuf from v2.0.0 to v2.1.0 @secureCodeBoxBot (#1968)
• Upgraded gitleaks from v8.16.3 to v8.18.0 @secureCodeBoxBot (#1753, #1768, #1873)
• Upgraded nmap from 7.92-r2 to 7.93-r1 @Zero3141 (#1960)
• Upgraded nuclei from v2.9.6 to v2.9.14 @secureCodeBoxBot (#1865, #1872, #1880, #1898, #1778, #1788, #1823, #1843)
• Upgraded semgrep from 1.24.1 to 1.41.0 @secureCodeBoxBot (#1761, #1764, #1777, #1784, #1794, #1822, #1840, #1844, #1863, #1879, #1890, #1940, #1962)
• Upgraded ssh-audit from v2.9.0 to v3.0.0 @secureCodeBoxBot (#1939)
• Upgraded sslyze from 5.1.3 to 5.2.0 @secureCodeBoxBot (#1983)
• Upgraded trivy from 0.42.0 to 0.45.1 @secureCodeBoxBot (#1757, #1785, #1793, #1846, #1859, #1888, #1966)
• Upgraded typo3scan from v1.1.2 to v1.1.3 @secureCodeBoxBot (#1771)
• Upgraded wpscan from v3.8.22 to v3.8.24 @secureCodeBoxBot (#1762)
• Upgraded zap from 2.12.0 to 2.13.0 @secureCodeBoxBot (#1810)
• Upgraded zap-advanced from 2.12.0 to 2.13.0 @secureCodeBoxBot (#1809)

🐛 Bug Fixes

• Added sslyze parser check for successful ASN1 certificate parsing @Ilyesbdlala (#1856)
• Fix typo in trivy-rbac RoleBinding name @o1oo11oo (#1765)
• Fixed Bug ErrImagePull in SSH-audit parser @Reet00 (#1801)
• Implemented the failIfFoundUrlsLessThan and warnIfFoundUrlsLessthan settings in ZAP Advanced @Ilyesbdlala (#1791)

🧪 Test

• Remove skipped test against securecodebox.io @Zero3141 (#1875)
• Fixed the kind image used in zap-advanced tests @Ilyesbdlala (#1792)
• Fixes the tests of Trivy and adds a check for empty scanResults @Ilyesbdlala (#1787)

📚 Documentation

• Add Heiko Kiesel to contributors @Zero3141 (#1795)
• Add logo to helm docs and README @Zero3141 (#1866)
• Add recurring documentation issue @Zero3141 (#1956)
• Capitalize "Kubernetes" in scanner documentations @Zero3141 (#1831)
• Clarify documentation that scans and hooks/scanners must be deleted before the operator @Zero3141 (#1900)
• Clean up docs dir as prerequiste for monorepo @Weltraumschaf (#1892)
• Fix documentation findings @Zero3141 (#1878)
• Fix screenshooter documentation @Zero3141 (#1827)
• Fixed markdown typo for heading in ZAP documentation @sofi0071 (#1819)
• Improve issue templates @Zero3141 (#1874)
• Improve Kubeaudit documentation @Zero3141 (#1867)
• Improve ncrack documentation @Zero3141 (#1836)
• Improve Nikto examples @Zero3141 (#1868)
• Improve SSH examples @Zero3141 (#1869)
• Improve SSLyze examples @Zero3141 (#1870)
• Improve wpscan documentation @Zero3141 (#1871)
• Link ffuf GitHub repo in README @Zero3141 (#1876)
• Move documentation to main repository @Zero3141 (#1893)
• Publish SBOM blogpost part two @o1oo11oo (#1954)
• Replace sponsor image paths to documentation path @Zero3141 (#1950)
• Update filename and image of second SBOM blogpost @o1oo11oo (#1935)
• Warn about rate limits in trivy-k8s docs @o1oo11oo (#1855)

🔧 Maintenance

• Add note about resource limits for persistence-defectdojo hook @Ilyesbdlala (#1889)
• Added warning about amass enum not exiting correctly @Ilyesbdlala (#1895)
• Changed SCB-Bot to check all PRs for exisiting upgrade PRs @Ilyesbdlala (#1832)
• Explicitly install the tools kubectl/helm/kind in the CI @Ilyesbdlala (#1842)
• Fix failing build of DefectDojo persistance hook @Weltraumschaf (#1820)
• Improve issue templates @Zero3141 (#1874)
• Move dependabot configuration file to correct location @Zero3141 (#1937)
• Refresh Helm Docs Update CI @Zero3141 (#1862)
• Remove GitHub Actions warnings @Zero3141 (#1951)
• Remove skipped test against securecodebox.io @Zero3141 (#1875)
• Remove unused language versions (fixes #1945) @o1oo11oo (#1946)
• Removed Jest/npm/node Versions from Makefiles @Ilyesbdlala (#1789)
• Rename leftover lurcher to lurker @o1oo11oo (#1897)
• Rename leftover lurcher to lurker @o1oo11oo (#1897)
• Updated Elastic Stack from 7.9.2 to 7.17.3 @Ilyesbdlala (#1816)
• Updated megalinter and gpg import actions to avoid the use of save-state and set-output @Ilyesbdlala (#1802)
• Updated the templates/rbac of the operator @Ilyesbdlala (#1811)
• Upgrade node to latest LTS in templates @o1oo11oo (#1896)
• Upgrade node version to current LTS @o1oo11oo (#1853)
• Upgrade CI base images to latest LTS version i.e 22.04 @Ilyesbdlala (#1841)
• Used pinned versions instead of latest for all ci images @Ilyesbdlala (#1948)

📌 Dependencies

• Upgrade node version to current LTS @o1oo11oo (#1853)
• Upgrade node to latest LTS in templates @o1oo11oo (#1896)
• Upgrade to latest version of DefectDojo Client lib @Weltraumschaf (#1857)
• Upgrade eslint from 8.47.0 to 8.49.0 in /documentation @dependabot (#1941)
• Upgrade eslint-plugin-prettier from 3.4.1 to 5.0.0 in /documentation @dependabot (#1942)
• Upgrade gopkg.in/yaml.v3 from 3.0.0-20220512140231-539c8e751b99 to 3.0.0 @dependabot (#1885, #1883, #1884)
• Upgrade certifi from 2022.12.7 to 2023.7.22 in /auto-discovery/kubernetes/pull-secret-extractor @dependabot (#1834)
• Upgrade word-wrap from 1.2.3 to 1.2.4 @dependabot (#1817)
• Upgrade semver from 6.3.0 to 6.3.1 @Zero3141 & @dependabot (#1808, #1796, #1807)
• Upgrade ts-jest from 29.0.5 to 29.1.0 @rseedorff (#1782)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @Ilyesbdlala, @J12934, @ManuelNeuer, @Reet00, @Weltraumschaf, @Zero3141, @fbelter-iteratec, @maze88, @o1oo11oo, @rseedorff, @secureCodeBoxBot, @snyk-bot, @sofi0071, Frank Belter and Vanessa Hermann

v4.1.0-alpha.4

This release contains is a alpha release for the upcoming 4.1.0 release. 🎉 If everything goes well, the actual 4.1.0 will follow a couple of hours later. Help spread the word or leave a GitHub star if you like it 😉

🚀 Features

• Add trivy-k8s scan support (closes #1411) @fbelter-iteratec (#1694)
• Added a concurrency policy option for scheduledScan CRD @Ilyesbdlala (#1749)
• Added a crontab configuration option to scheduledScans @Ilyesbdlala (#1722)
• Allow to configure env and volumes in hooks @Zero3141 (#1881)
• Allowed Specifying Labels for Pods of Scans @Ilyesbdlala (#1899)
• DefectDojo Hook: Allow setting minimum severity on Import (closes #1700 ) @ManuelNeuer (#1775)
• Enable client/server mode for trivy by default to cache the vulnerability DB (closes #911) @o1oo11oo (#1760)
• Hardcode debian version in screenshooter Dockerfile @Zero3141 (#1829)
• Remove deprecated userId attribute for DefectDojo Hook @Zero3141 (#1861)
• Update JuiceShop Helm chart to use modern Ingress resource @maze88 (#1882)

🚓 Security Scanner

• Upgraded amass from v3.23.2 to v4.2.0 @Ilyesbdlala, @secureCodeBoxBot (#1773, #1821, #1825)
• Upgraded doggo from v0.5.5 to v0.5.7 @secureCodeBoxBot (#1824, #1955)
• Upgraded ffuf from v2.0.0 to v2.1.0 @secureCodeBoxBot (#1968)
• Upgraded gitleaks from v8.16.3 to v8.18.0 @secureCodeBoxBot (#1753, #1768, #1873)
• Upgraded nmap from 7.92-r2 to 7.93-r1 @Zero3141 (#1960)
• Upgraded nuclei from v2.9.6 to v2.9.14 @secureCodeBoxBot (#1865, #1872, #1880, #1898, #1778, #1788, #1823, #1843)
• Upgraded semgrep from 1.24.1 to 1.41.0 @secureCodeBoxBot (#1761, #1764, #1777, #1784, #1794, #1822, #1840, #1844, #1863, #1879, #1890, #1940, #1962)
• Upgraded ssh-audit from v2.9.0 to v3.0.0 @secureCodeBoxBot (#1939)
• Upgraded sslyze from 5.1.3 to 5.2.0 @secureCodeBoxBot (#1983)
• Upgraded trivy from 0.42.0 to 0.45.1 @secureCodeBoxBot (#1757, #1785, #1793, #1846, #1859, #1888, #1966)
• Upgraded typo3scan from v1.1.2 to v1.1.3 @secureCodeBoxBot (#1771)
• Upgraded wpscan from v3.8.22 to v3.8.24 @secureCodeBoxBot (#1762)
• Upgraded zap from 2.12.0 to 2.13.0 @secureCodeBoxBot (#1810)
• Upgraded zap-advanced from 2.12.0 to 2.13.0 @secureCodeBoxBot (#1809)

🐛 Bug Fixes

• Added sslyze parser check for successful ASN1 certificate parsing @Ilyesbdlala (#1856)
• Fix typo in trivy-rbac RoleBinding name @o1oo11oo (#1765)
• Fixed Bug ErrImagePull in SSH-audit parser @Reet00 (#1801)
• Implemented the failIfFoundUrlsLessThan and warnIfFoundUrlsLessthan settings in ZAP Advanced @Ilyesbdlala (#1791)

🧪 Test

• Remove skipped test against securecodebox.io @Zero3141 (#1875)
• Fixed the kind image used in zap-advanced tests @Ilyesbdlala (#1792)
• Fixes the tests of Trivy and adds a check for empty scanResults @Ilyesbdlala (#1787)

📚 Documentation

• Add Heiko Kiesel to contributors @Zero3141 (#1795)
• Add logo to helm docs and README @Zero3141 (#1866)
• Add recurring documentation issue @Zero3141 (#1956)
• Capitalize "Kubernetes" in scanner documentations @Zero3141 (#1831)
• Clarify documentation that scans and hooks/scanners must be deleted before the operator @Zero3141 (#1900)
• Clean up docs dir as prerequiste for monorepo @Weltraumschaf (#1892)
• Fix documentation findings @Zero3141 (#1878)
• Fix screenshooter documentation @Zero3141 (#1827)
• Fixed markdown typo for heading in ZAP documentation @sofi0071 (#1819)
• Improve issue templates @Zero3141 (#1874)
• Improve Kubeaudit documentation @Zero3141 (#1867)
• Improve ncrack documentation @Zero3141 (#1836)
• Improve Nikto examples @Zero3141 (#1868)
• Improve SSH examples @Zero3141 (#1869)
• Improve SSLyze examples @Zero3141 (#1870)
• Improve wpscan documentation @Zero3141 (#1871)
• Link ffuf GitHub repo in README @Zero3141 (#1876)
• Move documentation to main repository @Zero3141 (#1893)
• Publish SBOM blogpost part two @o1oo11oo (#1954)
• Replace sponsor image paths to documentation path @Zero3141 (#1950)
• Update filename and image of second SBOM blogpost @o1oo11oo (#1935)
• Warn about rate limits in trivy-k8s docs @o1oo11oo (#1855)

🔧 Maintenance

• Add note about resource limits for persistence-defectdojo hook @Ilyesbdlala (#1889)
• Added warning about amass enum not exiting correctly @Ilyesbdlala (#1895)
• Changed SCB-Bot to check all PRs for exisiting upgrade PRs @Ilyesbdlala (#1832)
• Explicitly install the tools kubectl/helm/kind in the CI @Ilyesbdlala (#1842)
• Fix failing build of DefectDojo persistance hook @Weltraumschaf (#1820)
• Improve issue templates @Zero3141 (#1874)
• Move dependabot configuration file to correct location @Zero3141 (#1937)
• Refresh Helm Docs Update CI @Zero3141 (#1862)
• Remove GitHub Actions warnings @Zero3141 (#1951)
• Remove skipped test against securecodebox.io @Zero3141 (#1875)
• Remove unused language versions (fixes #1945) @o1oo11oo (#1946)
• Removed Jest/npm/node Versions from Makefiles @Ilyesbdlala (#1789)
• Rename leftover lurcher to lurker @o1oo11oo (#1897)
• Rename leftover lurcher to lurker @o1oo11oo (#1897)
• Updated Elastic Stack from 7.9.2 to 7.17.3 @Ilyesbdlala (#1816)
• Updated megalinter and gpg import actions to avoid the use of save-state and set-output @Ilyesbdlala (#1802)
• Updated the templates/rbac of the operator @Ilyesbdlala (#1811)
• Upgrade node to latest LTS in templates @o1oo11oo (#1896)
• Upgrade node version to current LTS @o1oo11oo (#1853)
• Upgrade CI base images to latest LTS version i.e 22.04 @Ilyesbdlala (#1841)
• Used pinned versions instead of latest for all ci images @Ilyesbdlala (#1948)

📌 Dependencies

• Upgrade node version to current LTS @o1oo11oo (#1853)
• Upgrade node to latest LTS in templates @o1oo11oo (#1896)
• Upgrade to latest version of DefectDojo Client lib @Weltraumschaf (#1857)
• Upgrade eslint from 8.47.0 to 8.49.0 in /documentation @dependabot (#1941)
• Upgrade eslint-plugin-prettier from 3.4.1 to 5.0.0 in /documentation @dependabot (#1942)
• Upgrade gopkg.in/yaml.v3 from 3.0.0-20220512140231-539c8e751b99 to 3.0.0 @dependabot (#1885, #1883, #1884)
• Upgrade certifi from 2022.12.7 to 2023.7.22 in /auto-discovery/kubernetes/pull-secret-extractor @dependabot (#1834)
• Upgrade word-wrap from 1.2.3 to 1.2.4 @dependabot (#1817)
• Upgrade semver from 6.3.0 to 6.3.1 @Zero3141 & @dependabot (#1808, #1796, #1807)
• Upgrade ts-jest from 29.0.5 to 29.1.0 @rseedorff (#1782)

Distribution

Contributors

Thanks to all our contributors supporting this project 🤗 @Ilyesbdlala, @J12934, @ManuelNeuer, @Reet00, @Weltraumschaf, @Zero3141, @fbelter-iteratec, @maze88, @o1oo11oo, @rseedorff, @secureCodeBoxBot, @snyk-bot, @sofi0071, Frank Belter and Vanessa Hermann