Skip to main content

4.2.0

Highlights

Google Cloud Platform

  • Expanded Service Support: Added collections for Pub/Sub, Cloud Functions, Firestore, Filestore, and SCC services.
  • AI Service Support: Added support for Vertex AI resources.
  • Enhanced Insights: Improved metrics collection for major cloud services.

Amazon Web Services

  • Broader Security Coverage: Added collections for SSM Compliance, GuardDuty, and Inspector resources.
  • AI Service Support: Fix now supports SageMaker, Bedrock, and Q services.
  • Policy and Lifecycle Enhancements: Lifecycle policies for S3 and expanded CloudWatch policies.

Microsoft Azure

  • New Resource Support: Added collections for PostgreSQL, CosmosDB, SQL Server, and Flow Logs.
  • AI Service Support: Added support for Machine Learning resources.
  • Improved Monitoring and KeyVault Integration: Enhanced visibility and security for critical Azure resources.
  • New Security Benchmark: Azure CIS 2.1 has been added to the list of benchmarks.

Core and Library Enhancements

  • Resource Abstraction: More common properties added to base resources.
  • Categories: Unified resource categories for better organization.
  • Consistency: Improved consistency checks.

What's Changed

Features

  • 98efe454 gcp Add SCC service collection (#2291)
  • 54024e5c gcp Improve the way of collection for DiskTypes and MachineTypes (#2284)
  • 73efbf33 gcp Add Pub/Sub service collection (#2287)
  • c6267002 gcp Add metrics collection (#2283)
  • 5b8dc075 lib Extend base resources with additional common properties (#2278)
  • 2cccb449 aws Reimplement SSM Compliance resource collection (#2280)
  • a18bf1af gcp Add cloudfunctions service collection (#2276)
  • 6a681048 gcp Add filestore service collection (#2277)
  • 6d185bb3 gcp Add firestore service collection (#2275)
  • 897e9204 core Add Async Streams abstraction (#2273)
  • 309a6344 azure Update security assessments collection (#2266)
  • c22f979f aws Add searching instances also by region and make SEVERITY_MAPPING statically (#2272)
  • 65c98f76 aws Add collection of GuardDuty resource (#2255)
  • bc8eae4a aws Make a collection of Ec2 Instance types only for existing instances (#2264)
  • fc42db51 lib Allow marking resource classes as not exportable (#2259)
  • 23cd836a lib Define separate assessment section (#2257)
  • d77c65cc aws Ignore datetime for history by default (#2256)
  • a0083255 plugins/onprem Move onprem plugin to dedicated repository (#2251)
  • 8626219a aws Add collection of Inspector resource (#2242)
  • 6cacdf95 azure : Add more connections from monitor (#2239)
  • 47a41a01 plugins/vsphere Move vSphere plugin to dedicated repository (#2243)
  • b37bc55c azure Collect certificates from sub resources (#2225)
  • f3a94606 core Allows retrieving the model from plugins instead of db (#2232)
  • 8482aa6d azure : Improved AzureComputeDiskTypePricing deletion (#2231)
  • e27feda8 aws Add additional policies to the cloudwatch (#2216)
  • 1022d231 Cleanup (#2224)
  • 25d12134 aws Add lifecycle policy to the S3 resource (#2220)
  • a2853406 gcp Add Vertex AI collection (#2211)
  • 06ff0a3f azure Connect CosmosDB resources to the location instead of subscription (#2214)
  • 70e1eec9 core Add node command (#2212)
  • 4ba56c19 plugin Better docs and docs_url (#2210)
  • 14887b64 core Add kind description in multi tenant mode (#2204)
  • 550f6bf1 aws : Add more policies to collect (#2202)
  • 146cd102 core list: allow for listing props with default props (#2200)
  • 077a8086 core Add IAM edge collection (#2198)
  • 50ec1d35 aws Bedrock resources collection (#2190)
  • 6d11a8a9 lib Unify groups and categories (#2194)
  • 62a867e8 lib Improve model check (#2193)
  • 90139f5c hetzner Initial Hetzner Cloud support (#2168)
  • 66cbd9e3 plugins Proper name, icon and group for AWS, Azure and GCP (#2188)
  • 36ddfa5b core Allow filtering edge properties (#2186)
  • 85fbe2d2 azure Azure adjust names and connections (#2183)
  • f7d3dac7 core Allow edge properties (#2182)
  • 467a6638 core Use database locks to perform migration (#2184)
  • c3a1bddb aws Add amazon Q resource collection (#2175)
  • 6be0feb2 azure Add machine learning resources collection (#2174)
  • 70cee4c5 core allowlist events for posthog (#2177)
  • 0b83034f azure Add PostgreSQL collection for cosmos-db resources (#2170)
  • 4fffcfa9 azure Add cosmos-db resources collection (#2167)
  • 4b9b7184 azure Add WebApp (#2164)
  • 3c831f8c azure Improve KeyVault (#2163)
  • c06a775b core account security score details (#2162)
  • 89ffc7c4 gcp Save parsing with feedback (#2160)
  • 34d50ba3 azure Add flow log resource collection (#2159)
  • fdaeb537 azure Monitoring and KeyVault resources (#2156)
  • f692309a azure : Update configs collection for mysql and postgresql (#2157)
  • 3410e814 azure Add postgres service collection (#2155)
  • 4125af70 azure Improve SQL Server (#2151)
  • 3de8958f azure Add support for mysql resource collection (#2150)
  • 4f24d5ba core Add history timeline (#2152)
  • a7cdc097 azure : Add prefix 'server' to the SQL resources (#2148)
  • ea2c97fe azure Add policies (#2141)
  • 4f4d80eb azure Add support for sql resource collection (#2144)

Fixes

  • d61bb368 docker-compose no pull info (#2297)
  • 0d969e4f docker-compose -> docker compose (#2295)
  • 3fff8b57 aws : Update S3 bucket tests for updated implementation (#2281)
  • e0c1ae7d azure : Ignore errors from Azure side (#2263)
  • ebb67bec aws Collect and connect Inspector resources properly (#2253)
  • 2022f484 azure Metadata (#2261)
  • aceca6bc core Use id and name for descendant count (#2271)
  • e83ee7a7 Store access levels directly on the reported section (#2265)
  • 67091085 core Count failing resources correctly (#2269)
  • fee7b5a0 Enable access_edges via env variable (#2262)
  • d2acc740 aws Ignore wrong history events (#2260)
  • 3ba74a90 Add sts:AssumeRole action when checking roles (#2244)
  • 4d6ff4a7 Add an access section next to permissions in IAM edges (#2254)
  • 015bbfee Make resource_policy abstract method to trigger typecheck (#2252)
  • 53b45ef1 aws Turn off access edge collection (#2248)
  • 4381b4fb core Export property documentation for configs (#2245)
  • 20335dd2 Wrap scp collection into try catch (#2241)
  • d3c88331 Enable access edges collection (#2238)
  • 42c7c446 Collect SCPs for access edges (#2235)
  • d989475c aws Handle AWS server errors properly (#2236)
  • 19801757 azure Reimplement resource type collection of compute, psql, mysql and ml services (#2234)
  • 8adf359d core Add kinds to content hash (#2233)
  • 303e661e azure Define Phantom Resources (#2230)
  • 12878a16 aws Add missing resource docs (#2227)
  • 73218b40 azure Compute unused regions as last step (#2228)
  • c6e9b82a Access Edges (#2195)
  • bce4ffcb Better detect and remove unused regions (#2222)
  • 7f41f800 core move slotted data to previous slot, not next (#2226)
  • e0f8435b gcp : Deduplicate error messages in accumulator (#2223)
  • 46953708 core Merge edge and vertex and unfold in code (#2217)
  • 5aee8cbc core Compute descendant count based on ancestors section not g… (#2213)
  • a5267a37 azure : Fix connect_in_graph method of AzureAuthorizationRoleAssignment resource (#2215)
  • 47c62533 core Multipart name (#2203)
  • 5d39d027 azure Ignore props for history (#2201)
  • 61e97ea3 core Traverse the graph by walking all possible paths when an edge filter is present (#2197)
  • 21ddc09a core Persist parent update structure in an atomic way (#2196)
  • ac8c4a08 azure : Fix unnecessary abstract class kinds (#2191)
  • d7fcb849 plugins Add missing metadata (#2192)
  • e44bb355 core Fix model filter condition (#2189)
  • 2b99e41a Add IamPrincipal base resource (#2187)
  • f11d8717 core Surrogate system data (#2185)
  • 16df325e core arangosearch predicates with array access (#2179)
  • 9256dace core Do not use arangosearch for nested array context searches (#2178)
  • d4f3a035 core latest azure check (#2172)
  • e0008e56 Make report checks lookup safer (#2171)
  • 89cf8177 core History timeseries slotter (#2169)
  • 00b95816 gcp : Duplicate checksum error in sql service (#2166)
  • 59e53ccb core Move timeline to request time after (#2165)
  • dcd08d96 gcp Improve error message (#2161)
  • 2278030e core Use consistent reading when updating the account (#2158)
  • c8bb7918 gcp Disk size types (#2154)
  • 57a7d38c shell Do not warn when the model cannot be loaded (#2153)
  • 0c4ee17a azure Better names (#2149)
  • 73486084 core Security sync by always marking the resource vulnerable (#2147)
  • 4f0f9734 core History search with sort and fulltext terms (#2146)
  • c710cf6e core Fix nested with statements (#2145)

Documentation

Chores

feature

  • 76f1e08c lib Add the source of resource kind (#2218)

Docker Images

  • somecr.io/someengineering/fixcore:4.2.0
  • somecr.io/someengineering/fixworker:4.2.0
  • somecr.io/someengineering/fixshell:4.2.0
  • somecr.io/someengineering/fixmetrics:4.2.0