- Resource line numbers for Kubernetes manifests
k8sinput type in help text (#217)
- A tutorial on how to debug a rule
- A new rule to enforce lambda permission conditions (#200)
- Base docker image from scratch to alpine (#215)
- Add resource source code location for regula scan
- Kubernetes support and first batch of rules
- Add CIS AWS v1.4.0 and CIS Google v1.2.0
- Enhance ASG AZ rule by inspecting vpc_zone_identifier
- Fix trailing commas in rego metadocs for regula scan
- A new 'compact' output format. See our updated usage documentation for example output.
- Option to set the output format via the
- Remediation docs URLs to JSON output format. See our updated report output documentation for more info.
- Rule documentation links in the text output format
- Bug with template strings in arguments to
- Bug that caused S3 buckets to be ignored by some rules if they had a bucket policy we could not parse (#186)
- Compatibility issue with
regula scanand some custom Fugue SaaS rules (#185)
- Integration with Fugue's SaaS product via
regula scan. This is a purely optional feature and
regula runcontinues to operate entirely standalone. Let us know if you'd like access to the closed beta by emailing email@example.com!
- Out-of-date NIST mappings (#175)
- Errors from some Terraform configurations that use variables with nested complex types (#176)
- Bug where .terraform directory can get loaded when --no-ignore option is used (#181)
- Use consistent evaluation order for local variables in Terraform (#184)
- A configuration file for 'regula run'. See 'regula init' in our usage and configuration pages for more details (#172)
- Inconsistent filepaths when inputs are specified with a leading
./. Now all filepaths will be normalized to remove any leading
- Confusing warning messages when
terraform initis needed (#170)
- Default WORKDIR to
/workspacein Docker image (#158)
- Resource line and column numbers in rule results
- Issue with
missing_resource()rule results excluded from report output (#157)
- Values for undefined Terraform variables without defaults (#156)
- Support for _ in flag names, e.g. --input_type=tf_plan
- A new text format as the default output format
- Many new Terraform rules! See the full list on our docs site.
- Unified input_type values in rules with --input-type flag
- Bug when reading .tf files from stdin
- Use specific filepath in report output for tf inputs (#128)
data.prefix in data source type names (e.g.
data.aws_iam_policy_document) for tf inputs
- Remove coloring for WAIVED status and severity in table output so that it's readable against a black background (#126)
- Improve support for conditional resources (count = 0) in Terraform HCL
regulaCLI tool with lots of new features, including:
- Support for HCL source code
- Built-in OPA and input processing - removes the need for a separate OPA installation as well as the Python and Terraform dependencies.
- Discovery of IaC configurations
- Additional output formats (an ASCII table, JUnit XML, etc.)
- A configurable exit status based on rule severity
replcommands which enhance OPA with the Regula library
For descriptions of the new features and how to use them, please see our updated documentation at https://regula.dev
- Put all rego code in a
regosubdirectory. Please see our Conftest documentation for the updated URLs.
- Add support for waivers.
- Add support for disabling rules.
- Always use multiple input file mode to display the file path.
filepathin report out.
- Use nonzero exit code when rules are failing.
- Update regula report output format.
- Support multiple input files.
- Add support for CloudFormation templates.
- Add 23 new CIS AWS rules for CloudFormation templates.
- Reorganize rules and tests and standardize rule names.
- Update control and compliance family names to new format.
- Add a Dockerfile.
- New rule: Ensure AWS S3 Buckets are encrypted.
- New rule: Ensure AWS CloudFront uses HTTPS.
deny[msg]style simple rules.
- Enable structured output for
- Relicense under Apache 2.0 rather than AGPL.
NIST_800-53mapping to existing rules.
- Add support for
fugue.missing_resource_with_messageto return custom messages from rules.
- Add a workaround for a bug in OPA >= 0.20 that prevented simple
denyrules from working.
- Fix an issue where multiple terraform refs would cause an
object keys must be uniqueerror.
- Add conftest integration.
- Add a human-readable message to the report.
- Work around terraform issue with subdirectories & remote backends.
- Add initial set of Azure rules.
- Add initial set of GCP rules.
- Minor README.md and SECURITY.md fixes and improvements.
- Add support for terraform modules.
mktempinvocation on Mac.
- Various README improvements.
- Initial release.