Releases: ZupIT/horusec
Releases · ZupIT/horusec
v2.7.0-beta.1
Updates
- 2b09274 nancy:fix - empty file name, code and line on vulnerability result (#833)
- f71ca15 printresults:fix - duplicated vulnerability severities on result (#836)
- 8cc6d4c all:chore - replace Sprintf to filepath|path.Join to join paths (#834)
- 00eb2bb release:bugfix - revert removing import GPG from release workflows (#832) (#835)
- 4bc7690 feature:script - add install-beta and install-rc to install script (#827)
- 7f29878 release:bugfix - removing import GPG from release workflows (#832)
- 4db8779 deps:chore - upgrade github.com/containerd/containerd (#807)
- 77e4846 deps:chore - update zricethezav/gitleaks Docker tag to v8 (#825)
- 61b21ac release: chore - add new release process using magefiles (#789)
- 205be92 renovate:chore - updating renovate json to follow commit message pattern (#830)
- 7713b7a deps:chore - update ruby Docker tag to v2.7.5 (#823)
- cf3a820 scs:chore - improve tests asserts and code cleaning (#828)
- e9d6c36 deps:chore - update alpine Docker tag to v3.15.0 (#822)
- bfdb344 config/dist:chore - add docs about stand-alone builds (#826)
- 8f4170f images:chore - upgrade Docker tags (#820)
- e50d225 engine:chore - improvement tests for rules of the swift (#813)
- d4159e5 readme:fix - minor fixes to Contributing and Readme (#829)
- 094fca1 docker: chore - improve code readability (#819)
- 339eccf dotnetcli:chore - improve tests asserts and code cleaning (#817)
- d8e253b customrules:chore - improve tests asserts and code cleaning (#818)
- e9012bd lint:chore - updating lint config file (#811)
- 3e40b04 deps:chore - update module github.com/ZupIT/horusec-devkit to v1.0.20 (#821)
- a461416 flawfinder:chore - improve tests asserts and code cleaning (#808)
- e848f2f engine:chore - add test for HS-JAVASCRIPT-19 rule. (#812)
- 5418bec auto-fomart/chore - running auto format makefile command (#809)
- f845105 makefile:chore - updaate makefile to avoid outdated dependencies (#810)
- 2148215 nancy:chore - improve tests and code cleaning (#806)
- 9cfbca1 semgrep:chore - clean code (#805)
- 5d6b4eb deps:chore - update module github.com/go-enry/go-enry/v2 to v2.8.0 (#803)
- 68567cd deps:chore - update php Docker tag to v8.0.13 (#802)
- a12a2ed e2e:feature - update e2e/analysis tests for build locally (#761)
- 4a3543a deps:chore - update module github.com/opencontainers/image-spec to v1.0.2 (#801)
- 7567ed5 e2e:chore - test for the show vulnerabilities and project path flags (#791)
- 252dd1c e2e:chore - test for container bind project path flag. (#799)
- 1ea1b47 e2e:chore - add tests for enable git history and enable commit author (#790)
- e8e37a7 e2e:chore - test for the information severity flag (#786)
- db2954b e2e:chore - test for enable shell check flag (#795)
- 43fb413 e2e:chore - test for the ignore flag (#797)
- e40affa gosec:chore - improve tests and clean code (#794)
- 1edb9bc e2e:chore - test for horusec url api and headers flags (#796)
- 0ec075e e2e:chore - test for insecure skip verify flag (#798)
- e70e404 tests:chore - move Mock implementations to testutil pkg (#753)
- 4c4d2de printresults:fix - wrong filepath when using --container-bind-project-path (#800)
- f2d5dd1 usecases/cli:chore - remove unnecessary UseCases struct (#792)
- d46f261 e2e:chore - test for the monitor retry count flag (#784)
- 5611c8e workdir:chore - improve tests and rename public functions (#788)
- 5f6d967 e2e:chore - test for ignore severity flag (#783)
- d68e166 utils/copy:chore - skip symlink files and improve tests assertiveness (#782)
- d1e565c engine:chore - rename the nodejs engine service to javascript (#780)
- 4fc016d e2e:feature - for disable docker and repository name (#781)
- 7f80151 e2e:feature - for risk accepted and false positive flags (#777)
- b982a6e engine:chore - improve the HS-JAVASCRIPT-02 rule (#766)
- de514e9 formatters:fix - fix random vulnerability hash on Windows (#779)
- f1b2258 utils:chore - remove unused functions (#776)
- fe00272 vulnhash:chore - improvement tests asserts (#775)
- a309736 customrules:chore - add new tests to cover all supported languages (#774)
- dd2116e engine:chore - improve the nodejs hashing rules HS-JAVASCRIPT-4 and HS-JAVASCRIPT-5 (#769)
- f60f6cb readme:chore - add -L flag for install command in windows (#778)
- c13985e e2e:feature - test for --return-error flag (#771)
- a6886d5 customimages:chore - avoid type casting and add tests (#770)
- 6044637 readme:chore - Added new fixes to readme (#730)
- a76b74f deps:chore - update alpine Docker tag to v3.14.3 (#772)
- 1b80e0c e2e - add certificate path tests (#762)
- 6ef57f3 deps:chore - update Node.js to v17.1.0 (#773)
- 77c8d12 e2e:chore - test for the request timeout flag (#767)
- c09446c e2e:chore - test for the output format and json outuput file flags (#763)
- 637fa62 toolsconfig:chore - create tests and rename public objects (#764)
- c3c10d4 engine:chore - add java engine unity tests from 18 (#743)
- 92e1d0d e2e:feature - tests for start with global flags (#759)
- 20e7581 printresults:chore - add tests to cover output and Sonarqube output type (#760)
- 0151921 horus_api:chore - improving horus_api.go functions and tests (#754)
- 77afb54 e2e:feature - some places were not using previously defined "enums". (#755)
- 822abc9 gitleaks:chore - improving gitleaks formatter config and fixing dockerfile error (#758)
- 59f7eab docker:chore - use env variables to configure docker client (#756)
- d5ffcee e2e:feature - add tests for horusec start command with flags -p and -t (#741)
- 1e7b9ac project:fix - resolve typos and grammar issues from files (#740)
- b79058f docker:chore - improvement logs on pulling image (#748)
- c9b14d7 deps:chore - update module github.com/onsi/gomega to v1.17.0 (#751)
- 98e604f analyzer:chore - disable scan loading when debug level log is set (#749)
- 417bbff deps:chore - update golang Docker tag to v1.17.3 (#750)
- d85ff3a utils/file:chore - improving tests and functions (#747)
- bee2a45 e2e:feature - refactoring the scans e2e tests (#745)
- 208614f engine/nodejs:chore - create tests for rules (#744)
- 61c2eda usecases:fix - fix some tests validation and usecases (#746)
- ba4a6a3 logs:fix - Fix position and responsability of logs into horusec (#726)
- c45934f language_detect:chore - improve tests, file matching checks and to_ignore paths (#720)
- bd5d029 service:chore - improve tests and service funtions (#727)
- e6fa2d5 lint:chore - fix some lint errors from golangci v1.43.0 version (#742)
- 0d886fb deps:chore - update module github.com/manifoldco/promptui to v0.9.0 (#739)
- afa7e92 cmd/start:fix - fix typo on Analyzer doc (#737)
- 5b488eb engine:chore - add tests for HS-CSHARP-1 and HS-CSHARP-2 (#735)
- 803c122 actions:fix - fix to run when pr is merged to main (#734)
- 4d432f8 workflow:chore - execute unit tests on MacOS (#728)
- 2d11821 engine:chore - add java rules tests 2, 5 to 14 and 111 (#725)
- bb099b6 cli:chore - not stop analysis when get error to create log file (#690)
- 309254f engine:chore - Added tests for HS-JAVA-134 rule (#687)
- 6e0c4ef scripts:fix - fix installation on Mac (#688)
- 96a7db5 testutil:feature - tests: create package testutil (#685)
- 1cadbdd tests:chore - update constants names in samples files tests of the engine rules (#729)
- 98c876e engine:chore - add javascript test rules (#732)
- 910bde4 testutils:chore - move constants with flags and commands to testutils (#731)
- 6419dcf tests:fix - fix unnecessary file created on config tests (#733)
- 9a85401 workflow:chore - execute unit tests on Windows (#717)
- 1888d99 e2e:feature - Generate command (#723)
- c1c754d engine:chore - Adding tests for rules 7-17 of dart language (#716)
- f157f12 deps:chore - update Node.js to v17 (#715)
- 20b183f custom_rules:chore - improve tests to use filepath.Join (#722)
- 2fe8379 requirements:chore - improve git and docker validation (#721)
- 75f492c ignore:fix - add .tar, .zip and .exe to the list of ignored extensions (#724)
- 6f1e577 utils/file:chore - remove usage of find command to search for files (#719)
- 7be8763 git:chore - validate if repository is fully cloned (#708)
- f9bd9d7 tests:chore - improve start tests (#701)
- f5adad4 deps:chore - update php Docker tag to v8.0.12 (#712)
- 9c7148f engine:chore - improving rule and adding tests for java 1, 3, 4 (#710)
- c380dcc deps:chore - update ZupIT/zup-dco-validator action to v1.1 (#714)
- 5459a8c git:chore - improvements on get commit author (#704)
- ea8f83d workflows:feature - updating workflows to contains amr64 (#702)
- b2272fa deps:chore - remove unused modules (#709)
- 28d716f engine:chore - add tests for Dart Rules 1-5 (#707)
- 323516c engine:chore - add tests for nginx rules using horusec-engine (#705)
- 569e7ae e2e:feature - refactor to use ginkgo test runner and gomega test matcher. (#700)
- ac04aa8 tests:chore - improve config tests (#695)
- e8d877f ci:chore - Update security workflow for not broken in base branch for other origin (#694)
- bac1b4b docs:chore - add a new image to the Contributing guide. (#697)
- d5049c5 deps:chore - update Node.js to v16.11.1 (#682)
- 5474ab1 formatters:chore - add documentation on IService interface (#689)
- 693bf32 workflow:feature - Added arm64 arch (#670)
- 245f013 rules:chore - refactor engines rules tests (#691)
- ddeca73 formatters/yarn:chore - filter errors logs (#679)
- bb0665d tests:chore - add some analysis tests (#684)
- 6434b57 rules:chore - add some tests to Java and JavaScript rules (#677)
- 5a4be7b cli:chore - not stop analysis when get error to create log file (#690)
- b6e7899 engine:chore - Added tests for HS-JAVA-134 rule (#687)
- 44cb2bd scripts:fix - fix installation on Mac (#688)
- 15001f3 tests:feature - create package testutil (#685)
Docker images
docker pull horuszup/horusec-cli:v2.7.0-beta.1
v2.6.4
Updates
- [CHORE] tests: create package testutil (#685)
- [FIX] scripts: fix installation on Mac (#688)
- [CHORE] Added tests for HS-JAVA-134 rule (#687
- [FIX] cli: not stop analysis when get error to create log file (#690)
Docker images
docker pull horuszup/horusec-cli:v2.6.4docker pull horuszup/horusec-cli:v2
v2.6.3
Updates
We identified a bug on versions 2.6.0 to 2.6.2 of Horusec that changed our vulnerabilities hashes and, because of that, broke the pipelines with vulnerabilities already set with false positives and risk accepted.
To solve this problem, our team did the following:
On CLI’s v2.6.3 release, we corrected the issue, so both hashes are identified and accepted.
On Horusec's Platform, we implemented a correction so the hashes could return to default before the bug, avoiding the pipeline to break when updating the CLI. This new configuration will be available in the 2.17.3 version.
For more information, check out our GitHub’s issues:
CLI: #680
Platform: https://github.com/ZupIT/horusec-platform/issues/390
- [CHORE] docs: improvement on dev setup on contributing (#676)
- [FIX] cli: fix breaking change on vulnerability hashes (#678)
- [CHORE] ci: add full depth checkout on security workflow (#675)
- [SECURITY] deps: update modules and remove vulnerable dependencies (#673)
- [CHORE] custom_rules: fix typo on match type enum (#672)
- [CHORE] e2e: update ruby total vulnerabilities (#674)
- [CHORE] git: improvement on success commit author tests (#671)
- [CHORE] deps: update github.com/aquasecurity/fanal commit hash to f7efd1b (#662)
- [CHORE] deps: update python Docker tag to v3.10.0 (#666)
- [CHORE] deps: update golang Docker tag to v1.17.2 (#664)
- [CHORE] deps: update docker Docker tag to v20.10.9 (#663)
- [CHORE] tests: fix coverage and e2e tests (#669)
Docker images
docker pull horuszup/horusec-cli:v2.6.3docker pull horuszup/horusec-cli:v2
v2.6.2
Updates
- [CHORE] e2e: update total javascript vulnerabilities (#660) …
- [CHORE] workflows: adding workflows to update tool images (#652) …
- [CHORE] version: improving the view of version command (#659) …
- [FIX] Fix license link (#654) …
- [CHORE] usecases: remove unnecessary partial struct to validate config (#655) …
- [FIX] config: fix read config file if its not default value (#661) …
- [CHORE] workflows: adding stand alone binaries (#658)
Docker images
docker pull horuszup/horusec-cli:v2.6.2docker pull horuszup/horusec-cli:v2
v2.6.1
v2.6.0
Updates
- [FEAT] Adding renovate bot in application
- [FIX] Fix formatting (#565)
- [CHORE] Update python Docker tag to v3.9.7 (#560) …
- [CHORE] Update zricethezav/gitleaks Docker tag to v7.6.0 (#564) …
- [FEAT] refactor config values management (#523) …
- [CHORE] Update github.com/aquasecurity/fanal commit hash to f558ffe (#566) …
- [CHORE] Update Node.js to v16.9.0 (#574) …
- [CHORE] Update elixir Docker tag to v1.12.3 (#573) …
- [CHORE] Update golang Docker tag to v1.17.1 (#575) …
- [CHORE] Update github.com/aquasecurity/fanal commit hash to fc6254a (#576) …
- [FEAT] Adding analysis loading and removing timeout message …
- [CHORE] Update Node.js to v16.9.1
- [CHORE] ci: bump Go version 1.17 on workflows …
- [FIX] Fix double cottle on get commit author of file and Fix e2e ruby tests
- [FIX] cli: fix unnecessary log file creation …
- [CHORE] Update github.com/aquasecurity/fanal commit hash to 9538245
- [FEAT] config: remove getters and setters …
- [CHORE] update code owners …
- [FEAT] ci: generate .deb and .rpm files …
- [CHORE] update renovate bot base branch to main …
- [CHORE] renovate: scheduling to run every weekend (#594) …
- [CHORE] Update module github.com/spf13/viper to v1.9.0 (#593) …
- [FEAT] Translating ROADMAP.md to English (#596)
- [CHORE] Update github.com/aquasecurity/fanal commit hash to 461bc0c (#591) …
- [FIX] Fixing error that .jsx was being identified as unknown (#595) …
- [FEAT] ci: create workflow to validate commits signatures for DCO (#598) …
- [CHORE] tests: change example dir to be a git submodule (#582) …
- [CHORE] deps: remove unused dependencies (#599) …
- [CHORE] chore: upgrade examples folder to latest version (#600) …
- [FEAT] Adds support to Jakarta package instead of javax (#592) …
- [CHORE] Update module github.com/ZupIT/horusec-devkit to v1.0.17 (#606) …
- [CHORE] Update module github.com/ZupIT/horusec-engine to v0.3.6 (#607) …
- [CHORE] Update module github.com/go-enry/go-enry/v2 to v2.7.2 (#611) …
- [CHORE] Update php Docker tag to v8.0.11 (#608) …
- [CHORE] Update Node.js to v16.10.0 (#609) …
- [FEAT] Added a alpha workflow that will run after any push to main branch, … (#604)
- [CHORE] Update azul/zulu-openjdk-alpine Docker tag to v17 (#610) …
- [FIX] Goreleaser no longer ignores semver validation in snapshot mode, added generic alpha version to fix the issue (#614)
- [FIX] ci: fix workflows not running on pull requests (#613) …
- [FIX] tests: fix e2e tests of Ruby (#618) …
- [FIX] dco: updating to run as specified on docs (#617) …
- [FIX] analyzer: improve performance to execute tools on Docker (#612) …
- [CHORE] Updated README and CONTRIBUTING (#605) …
- [CHORE] Adding * to add reviewers on every change (#616) …
- [FIX] scripts: fix branch name of coverage script on devkit (#620) …
- [CHORE] ci: install Go on lint workflow (#622) …
- [FIX] all: remove usage of io/ioutil package (#621) …
- [FIX] tests: fix Python Safety e2e (#625) …
- [FEAT] rules: merge or/and/regular packages into single file (#624) …
- [CHORE] tests: refactor leaks tests to be more generic (#619) …
- [CHORE] rules: change rule ids to template (#627) …
- [CHORE] tests: fix e2e tests of Javascript npm (#631) …
- [CHORE] tests: update total vulnerabilities in javascript npm e2e (#634) …
- [CHORE] workflow: add step to delete alpha to avoid outdated release (#632) …
- [CHORE] actions: update permissions and add show-vulnerabilities to security (#637) …
- [CHORE] renovate: add signoff body to make commits DCO compliant (#639) …
- [CHORE] renovate: fix renovate bot name on commit body (#640) …
- [CHORE] cli: add rule id on Details of Vulnerability (#636) …
- [FIX] cli: fix parse of custom-rule-path flag (#638) …
- [CHORE] deps: update module github.com/docker/docker to v20.10.9 (#641) …
- [CHORE] Update zricethezav/gitleaks Docker tag to v7.6.1 (#629) …
- [CHORE] Update github.com/aquasecurity/fanal commit hash to 124d5e3 (#628) …
- [CHORE] renovate: change commit message template (#642) …
- [CHORE] rules: validate duplicates when using custom rules (#643) …
- [CHORE] deps: fix security in package github.com/containerd/containerd (#644) …
- [FIX] checkov: fix parsing when found no vulnerabilities (#645) …
- [FIX] config: fix flags not overriding config file and env variables (#647) …
- [CHORE] formatter: remove unused methods from interface (#648) …
- [FIX] cli: fix bad name of log file on Windows (#649) …
- [CHORE] remove unused .semver.yaml file (#650) …
Docker images
docker pull horuszup/horusec-cli:v2.6.0docker pull horuszup/horusec-cli:v2
v2.5.0
- [FEATURE] Creating ROADMAP.md file
- [FEATURE] Configure Renovate (#536)
- [CHORE] Update trivy tool description (#520)
- [CHORE] tests: fix coverage tests (#531)
- [CHORE] Update github.com/aquasecurity/fanal commit hash to 152431c (#537)
- [CHORE] Update module github.com/ZupIT/horusec-devkit to v1.0.15 (#538)
- [CHORE] Update module github.com/docker/docker to v20.10.8 (#540)
- [CHORE] Update module github.com/golang/mock to v1.6.0 (#542)
- [CHORE] Update python Docker tag to v3.9 (#543)
- [CHORE] Update EndBug/add-and-commit action to v7 (#544)
- [CHORE] Update actions/setup-go action to v2 (#545)
- [CHORE] Update module github.com/go-enry/go-enry/v2 to v2.7.1 (#541)
- [CHORE] Update azul/zulu-openjdk-alpine Docker tag to v16 (#546)
- [CHORE] Update mcr.microsoft.com/dotnet/runtime Docker tag to v6 (#547)
- [CHORE] bugfix/updating-horusec-engine (#551)
- [CHORE] Update module github.com/ZupIT/horusec-engine to v0.3.4 (#539)
- [CHORE] Feature/permissions on workflows (#534)
- [CHORE] hotifix/cli-errors (#535)
- [CHORE] bugfix/dockerfile-with-versions (#552)
- [CHORE] Updating branch with main (#556)
- [CHORE] csharp: fix false positive hardcoded password (#558)
- [CHORE] Update trivy tool description (#520)
- [CHORE] Update module github.com/ZupIT/horusec-devkit to v1.0.15 (#538)
- [CHORE] Update module github.com/go-enry/go-enry/v2 to v2.7.1 (#541)
- [CHORE] bugfix/updating-horusec-engine (#551)
- [CHORE] Update module github.com/ZupIT/horusec-engine to v0.3.4 (#539)
- [CHORE] hotifix/cli-errors (#535)
- [CHORE] Update release.yml
v2.4.3
v2.4.2
v2.4.1
- [FIX] Removing some unnecessary paths ignored by horusec (#502)
- [FIX] Removing duplicated issues (#501)
- [FEATURE] Feature/output txt (#496)
- [CHORE] Builds binaries for platforms and draft a GitHub release (#503)
- [CHORE] Move tfsec formatter to conform to architectural standards (#508)
- [FEATURE] Feature/trivy (#504)
- [CHORE] Tests: refactor end-to-end tests (#505)
- [FEATURE] Javascript rules improve (#506)
- [CHORE] Remove unused constant (#511)
- [CHORE] Tests: fix expected vulnerabities on Javascript (#512)
- [FEATURE] Add Checkov as HCL analyzer (#510)
- [CHORE] Normalize interfaces to follow Go standards (#509)