v1.3.3

What's Changed

• Fix false suppression of Helm scan findings by @whitemerch in #169

Full Changelog: v1.3.2...v1.3.3

v1.3.2

What's Changed

• User-friendly configuration error messages by @jacobotb in #154
• Delete iac documentation by @ChouraquiBen in #156
• Emit SARIF suppressions for in-source ignored IaC findings by @whitemerch in #155
• Delete rule-corpus tests and strip corpus-only infrastructure from test/ by @whitemerch in #151
• Delete assets/queries/ and retire embedded rule corpus by @whitemerch in #152
• Delete rule-generation scaffolding now that rules live in datadog-iac-scanner-default-rules by @whitemerch in #158
• Decouple scanner tests from the deleted rule corpus by @whitemerch in #159
• Drop the --x-downloadqueriesfromdatadog flag and always fetch rules from the backend by @whitemerch in #157
• Fix CloudFormation short-form intrinsic tag parsing and resolve resource names from parameter defaults by @whitemerch in #160
• IaC config v1.3 support by @whitemerch in #162
• Move platform filtering to the scan function by @jacobotb in #163
• Remove ExcludePlatform from the Scan Parameters by @jacobotb in #164
• Fix Helm chart templates scanned twice as raw YAML by @whitemerch in #165
• Expand CloudFormation Fn::ForEach resources for truthful resource names by @whitemerch in #161

Full Changelog: v1.3.1...v1.3.2

v1.3.1

What's Changed

• [ID Migration #10] Generate documentation by @ChouraquiBen in #140
• Delete four redundant rule-corpus tests by @whitemerch in #148
• Convert four inspector tests, executeScan smoke, cyclonedx, and jsonencode helper to local testdata by @whitemerch in #149
• [ID Migration #11] Update documentation providers by @ChouraquiBen in #143
• De-brittle Test_E2EExclusions, TestScanner_StartScan, TestGetQueriesWithLegacyIdFiltering by @whitemerch in #150
• Add legacy IaC config reference and refresh README configuration section by @whitemerch in #142
• Default --x-downloadqueriesfromdatadog to true by @whitemerch in #153

Full Changelog: v1.3.0...v1.3.1

v1.3.1-alpha

What's Changed

• [ID Migration #10] Generate documentation by @ChouraquiBen in #140
• Delete four redundant rule-corpus tests by @whitemerch in #148
• Convert four inspector tests, executeScan smoke, cyclonedx, and jsonencode helper to local testdata by @whitemerch in #149
• [ID Migration #11] Update documentation providers by @ChouraquiBen in #143
• De-brittle Test_E2EExclusions, TestScanner_StartScan, TestGetQueriesWithLegacyIdFiltering by @whitemerch in #150

Full Changelog: v1.3.0...v1.3.1-alpha

v1.3.0

What's Changed

• Add DD_JWT_TOKEN and DD_HOSTNAME support to the Datadog API client by @whitemerch in #145
• Preserve id and legacyId on backend rule conversion by @whitemerch in #147
• Remove noise when rules don't have legacyIds by @ChouraquiBen in #146

Full Changelog: v1.2.0-alpha...v1.3.0

v1.2.0-alpha

What's Changed

• [ID Migration #1] Add Legacy ID logic by @ChouraquiBen in #122
• [ID Migration #2] Move ID for Ansible by @ChouraquiBen in #127
• [ID Migration #3] Move ID for CICD by @ChouraquiBen in #128
• [ID Migration #4] Move ID for CloudFormation by @ChouraquiBen in #133
• [ID Migration #5] Move ID for Dockerfile by @ChouraquiBen in #134
• [ID Migration #6] Move ID for K8s by @ChouraquiBen in #135
• [ID Migration #7] Move ID for Terraform by @ChouraquiBen in #136
• [ID Migration #8] Move ID for non-published platforms by @ChouraquiBen in #137
• [ID Migration #9] Add testing by @ChouraquiBen in #138
• Fix: Apply remote config even when no local config file is present by @MikaYuoadas in #141

Full Changelog: v1.2.0...v1.2.0-alpha

v1.2.0

What's Changed

• Added new workflow to check if the documentation is up to date by @ChouraquiBen in #86
• Overprovisioned secrets root env is not checked by @ChouraquiBen in #124
• fix(deps): vuln minor: github.com/go-git/go-git/v5 · patch: google.golang.org/grpc, helm.sh/helm/v3 by @gh-worker-campaigns-3e9aa4[bot] in #131
• Exit with code 127 for invalid IaC configuration files by @MikaYuoadas in #139

Full Changelog: v1.1.1...v1.2.0

v1.1.1

What's Changed

• Remove CWE prefix in two gcp rules by @whitemerch in #103
• Follow-up on beta rules documentation correction by @whitemerch in #102
• Match by id and legacy id (when present) by @jacobotb in #110
• chore(deps): eol minor: github.com/rs/zerolog, github.com/tdewolff/minify/v2 [.github/scripts] by @gh-worker-campaigns-3e9aa4[bot] in #107
• Use run key instead of parsed_run object in searchKey by @ChouraquiBen in #95
• Resolve S3 companion resource names to bucket name in Terraform findings by @whitemerch in #101
• Extend GitHub Actions scanning to composite actions by @whitemerch in #120
• Include the configured severity in the SARIF, in a DATADOG_SEVERITY tag by @jacobotb in #84
• Catch reusable workflows unpinned actions by @ChouraquiBen in #89
• Read and apply server-side configurations by @jacobotb in #114
• Flag only GitHub files cicd by @ChouraquiBen in #121

New Contributors

• @gh-worker-campaigns-3e9aa4[bot] made their first contribution in #107

Full Changelog: v1.1.0...v1.1.1

v1.1.0

What's Changed

• Fix backend rule and configuration file parsing by @jacobotb in #97
• Update Databricks, Nifcloud, and Tencent Cloud Terraform rules and documentation by @whitemerch in #100
• Reduce scanner peak memory usage by @MikaYuoadas in #88

New Contributors

• @MikaYuoadas made their first contribution in #88

Full Changelog: v1.0.1...v1.1.0

v1.0.1

What's Changed

• Add CODEOWNERS for documentation rules files by @valeryjuli in #92
• Extend run and script block injection to new triggers by @ChouraquiBen in #76
• [CICD Coverage #4] Documentation for the lesser Sev Zizmor rules by @ChouraquiBen in #83
• New configuration file format by @jacobotb in #87
• Update served rule converter by @jacobotb in #94
• Export the query reading and conversion functions by @jacobotb in #96
• docs(terraform): refresh AWS rule examples after multi-statement fixtures by @whitemerch in #81
• Precise SARIF regions for vulnerable policy and rules (pt 1) by @whitemerch in #98
• Precise SARIF regions for vulnerable policy and rules (pt 2) by @whitemerch in #99

Full Changelog: v1.0.0...v1.0.1