Releases: Hack23/sonar-cloudformation-plugin
Release 1.7.0(legacy)
##Note legacy version release, not in marketplace.
##What’s Changed
Update dependency com.fasterxml.jackson.core:jackson-databind to v2.11.0
Update dependency org.apache.commons:commons-lang3 to v3.10
Bump mockito-core f 3.3.9
##Cfn-nag rules added
- F79 A NetworkACL's rule numbers cannot be repeated unless one is egress and one is ingress.
- F80 RDS instance should have deletion protection enabled
- W71 NetworkACL Entry Deny rules should affect all CIDR ranges.
- W72 NetworkACL Entries are reusing or overlapping ports which may create ineffective rules.
- W73 DynamoDB table should have billing mode set to either PAY_PER_REQUEST or PROVISIONED
- W74 DynamoDB table should have encryption enabled using a CMK stored in KMS
- W75 RDS instance should have backup retention period greater than 0
- W70 Cloudfront should use minimum protocol version TLS 1.2
- W1200 SageMaker EndpointConfig should have a KmsKeyId property set.
- W1201 SageMaker NotebookInstance should have a KmsKeyId property set.
Release 2.0.5
What’s Changed
- Update dependency com.fasterxml.jackson.core:jackson-databind to v2.11.0 (#129) @renovate
- Bump mockito-core from 3.3.8 to 3.3.9 (#128) @dependabot-preview
- Update dependency org.mockito:mockito-core to v3.3.8 (#127) @renovate
- Update dependency org.mockito:mockito-core to v3.3.7 (#124) @renovate
- Update dependency org.apache.maven.plugins:maven-gpg-plugin to v3 (#122) @renovate
Cfn-nag rules added
- F79 A NetworkACL's rule numbers cannot be repeated unless one is egress and one is ingress.
- F80 RDS instance should have deletion protection enabled
- W71 NetworkACL Entry Deny rules should affect all CIDR ranges.
- W72 NetworkACL Entries are reusing or overlapping ports which may create ineffective rules.
- W73 DynamoDB table should have billing mode set to either PAY_PER_REQUEST or PROVISIONED
- W74 DynamoDB table should have encryption enabled using a CMK stored in KMS
- W75 RDS instance should have backup retention period greater than 0
Release 2.0.4
What’s Changed
- Renamed project name from sonar cloudformation plugin -> Cloudformation
Release 2.0.3
What’s Changed
Cfn-nag new rules supported
- W70 Cloudfront should use minimum protocol version TLS 1.2
Release 2.0.2
What’s Changed
- Bump dependency-check-maven from 5.3.1 to 5.3.2 (#120) @dependabot-preview
- Update dependency org.mockito:mockito-core to v3.3.6 (#119) @renovate
Cfn-nag new rules supported
- W1200 SageMaker EndpointConfig should have a KmsKeyId property set.
- W1201 SageMaker NotebookInstance should have a KmsKeyId property set.
Release 2.0.1
What’s Changed
- Require at least version 1.4.3 of yaml plugin to be installed, json plugin is optional
- Bump sonar-testing-harness from 7.9.2 to 7.9.3.33150 (#116) @dependabot-preview
- Update dependency org.mockito:mockito-core to v3.3.5 (#118) @renovate
- Update dependency org.apache.commons:commons-lang3 to v3.10 (#117) @renovate
Release 2.0.0
Release 1.6.0
What’s Changed
- Update dependency org.mockito:mockito-core to v3.3.3 (#112) @renovate
- Update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.2.0 (#111) @renovate
- Update dependency org.owasp:dependency-check-maven to v5.3.1 (#110) @renovate
New supported cfn-nag
#113
W65 GameLift fleet EC2InboundPermissions found with port range instead of just a single port
W66 To avoid opening all ports for Allow rules, EC2 NetworkACL Entry Protocol should be either 6 (for TCP), 17 (for UDP), 1 (for ICMP), or 58 (for ICMPv6, which must include an IPv6 CIDR block, ICMP type, and code).
W67 TCP/UDP protocol NetworkACL entries possibly should not allow all ports.
W68 AWS::ApiGateway::Deployment resources should be associated with an AWS::ApiGateway::UsagePlan.
W69 AWS::ApiGateway::Stage should have the AccessLogSetting property defined.
Release 1.5.1
Release 1.5.0
What’s Changed
- Update dependency com.fasterxml.jackson.core:jackson-databind to v2.10.3 (#107) @renovate
- Update dependency org.mockito:mockito-core to v3.3.2 (#106) @renovate
- Update dependency org.mockito:mockito-core to v3.3.1 (#104) @renovate
- Update dependency nl.talsmasoftware:umldoclet to v2.0.8 (#103) @renovate
New supported cfn-nag
W60 VPC should have a flow log attached
W61 EMR SecurityConfiguration should enable and properly configure encryption at rest and in transit.
W63 EMR Cluster should specify SecurityConfiguration.
W64 AWS::ApiGateway::Stage resources should be associated with an AWS::ApiGateway::UsagePlan.