Skip to content

1.13.0.3464
Compare
Choose a tag to compare
@nils-werner-sonarsource nils-werner-sonarsource released this 10 Mar 13:46
· 1021 commits to master since this release
1.13.0.3464
2dea50b
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Release notes - SonarIac - 1.13

Bug

SONARIAC-632 Global ARG variable should be accessible to any FROM instruction

SONARIAC-635 Invalid textrange for heredoc argument

False-Positive

SONARIAC-440 [CF, TF] FP on rule S6304: "Granting access to all resources" should not be raised on actions without resource-level permissions

New Feature

SONARIAC-560 Rule S6500: Installing unnecessary packages is security-sensitive

SONARIAC-564 Rule S6474: Sharing the host’s network namespace is security-sensitive

SONARIAC-567 Rule S6497: Using a container image based on its digest is security-sensitive

SONARIAC-569 Rule S6502: Disabling builder sandboxes is security-sensitive

SONARIAC-570 Rule S2612: Dangerous chmod options on COPY, ADD and RUN instructions

SONARIAC-577 Rule S6472: Add ARG secret handling detection

SONARIAC-617 Track ENV arguments similar to ARG arguments when resolving variables

SONARIAC-618 Rule S1135: Track uses of "TODO" tags in comments

False Negative

SONARIAC-438 S6303: Support all kinds of DB resource in Terraform for AWS

Improvement

SONARIAC-473 S6303: Update message to target the resource type

SONARIAC-516 S6470: Improve the message of to make the issue clearer

SONARIAC-520 S6258: Incorrect path of code for Azure

SONARIAC-566 Rule S4507: Delivering code in production with debug features activated is security-sensitive

SONARIAC-622 Rework Log Message of Parsing Error

SONARIAC-631 Improve ArgumentResultions to provide valuable data

SONARIAC-641 Clean DockerLexicalGrammar

Assets 2
Loading