Release 2.1.2

What’s Changed

• Improve parsing of checkov reports, support directory style reports.
• update checkov rules to version 2.0.269
• Bump jackson-databind from 2.12.4 to 2.13-rc1
• Bump commons-io from 2.10.0 to 2.11.0 (#381) @dependabot-preview
• Bump jackson-databind from 2.12.3 to 2.12.4 (#380) @dependabot-preview

Download latest release from https://search.maven.org/remotecontent?filepath=com/hack23/sonar/sonar-cloudformation-plugin/2.1.2/sonar-cloudformation-plugin-2.1.2.jar

Release 2.1.1

What’s Changed

• update checkov rules to version 2.0.226 (b92add5)
• Bump mockito-core from 3.11.1 to 3.11.2 (#375) @dependabot-preview
• Update dependency org.mockito:mockito-core to v3.11.1 (#374) @renovate
• Bump commons-io from 2.9.0 to 2.10.0 (#373) @dependabot-preview
• Bump dependency-check-maven from 6.2.1 to 6.2.2 (#372) @dependabot-preview
• Update dependency org.owasp:dependency-check-maven to v6.2.1 (#369) @renovate
• Revert "Bump org.eclipse.jgit from 5.6.1.202002131546-r to 5.12.0.202106070339-r" (#368) @pethers
• Bump org.eclipse.jgit from 5.6.1.202002131546-r to 5.12.0.202106070339-r (#367) @dependabot-preview
• Bump mockito-core from 3.10.0 to 3.11.0 (#365) @dependabot-preview
• Bump dependency-check-maven from 6.1.6 to 6.2.0 (#364) @dependabot-preview

Download latest release from https://search.maven.org/remotecontent?filepath=com/hack23/sonar/sonar-cloudformation-plugin/2.1.1/sonar-cloudformation-plugin-2.1.1.jar

Release 2.1.0

What’s Changed

• New feature : Checkov support (#220) , add support for Terraform, Kubernetes, Dockerfile, Serverless and ARM Templates

Support new cfn-nag rules

• W87 ApiGateway Deployment should have cache data encryption enabled when
  caching is enabled in StageDescription properties
• W88 Kinesis Firehose DeliveryStream of type DirectPut should specify
  SSE.
• W89 Lambda functions should be deployed inside a VPC
• W90 ElasticsearchcDomain should be inside vpc, should specify VPCOptions
• W91 Database Migration Service replication instances are public,
  property PubliclyAccessible should be set to false
• W92 Lambda functions should define ReservedConcurrentExecutions to
  reserve simultaneous executions

Dependency updates

• Update dependency commons-io:commons-io to v2.9.0 (#362) @renovate
• Bump sonar-analyzer-commons from 1.14.1.690 to 1.15.0.699 (#360) @dependabot-preview
• Update dependency org.apache.maven.plugins:maven-javadoc-plugin to v3.3.0 (#359) @renovate
• Bump cyclonedx-maven-plugin from 2.5.0 to 2.5.1 (#358) @dependabot-preview
• Bump openpojo from 0.8.13 to 0.9.1 (#357) @dependabot-preview
• Bump cyclonedx-maven-plugin from 2.4.1 to 2.5.0 (#355) @dependabot-preview
• Revert "Bump org.eclipse.jgit from 5.6.1.202002131546-r to 5.11.1.202105131744-r" (#354) @pethers
• Bump org.eclipse.jgit from 5.6.1.202002131546-r to 5.11.1.202105131744-r (#353) @dependabot-preview
• Revert "Bump org.eclipse.jgit from 5.6.1.202002131546-r to 5.11.1.202105131744-r" (#352) @pethers
• Bump org.eclipse.jgit from 5.6.1.202002131546-r to 5.11.1.202105131744-r (#350) @dependabot-preview
• Bump mockito-core from 3.9.10 to 3.10.0 (#349) @dependabot-preview
• Bump maven-gpg-plugin from 1.6 to 3.0.1 (#348) @dependabot-preview
• Bump jacoco-maven-plugin from 0.8.6 to 0.8.7 (#347) @dependabot-preview
• Update dependency org.sonarsource.analyzer-commons:sonar-analyzer-commons to v1.14.1.690 (#344) @renovate
• Update dependency org.owasp:dependency-check-maven to v6.1.6 (#343) @renovate
• Update dependency org.mockito:mockito-core to v3.9.10 (#342) @renovate
• Bump parent from 58.0.22 to 59.0.29 (#341) @dependabot-preview
• Update dependency org.sonarsource.parent:parent to v59 (#340) @renovate
• Update dependency org.apache.maven.plugins:maven-project-info-reports-plugin to v3.1.2 (#337) @renovate
• Bump mockito-core from 3.9.3 to 3.9.7 (#336) @dependabot-preview
• Update dependency org.sonarsource.parent:parent to v58 (#335) @renovate
• Bump parent from 55 to 57.0.19 (#334) @dependabot-preview
• Bump maven-jxr-plugin from 3.0.0 to 3.1.1 (#332) @dependabot-preview

Release 1.7.2(legacy)

What’s Changed

Dependency updates

New cfn-nag rules

• W83 DynamoDB Accelerator (DAX) Cluster should have encryption enabled
• W84 CloudWatchLogs LogGroup should specify a KMS Key Id to encrypt the
  log data
• W85 ElasticsearchcDomain should have NodeToNodeEncryptionOptions enabled
• W86 CloudWatchLogs LogGroup should specify RetentionInDays to expire the
  log data
• W87 ApiGateway Deployment should have cache data encryption enabled when
  caching is enabled in StageDescription properties
• W88 Kinesis Firehose DeliveryStream of type DirectPut should specify
  SSE.
• W89 Lambda functions should be deployed inside a VPC
• W90 ElasticsearchcDomain should be inside vpc, should specify VPCOptions
• W91 Database Migration Service replication instances are public,
  property PubliclyAccessible should be set to false
• W92 Lambda functions should define ReservedConcurrentExecutions to
  reserve simultaneous executions

Release 2.0.10

What’s Changed

New support Cfn-nag rules

• W80 Kendra Index ServerSideEncryptionConfiguration should specify a KmsKeyId value.
• W81 DLM LifecyclePolicy PolicyDetails Actions CrossRegionCopy EncryptionConfiguration should enable Encryption
• W82 EKS Cluster EncryptionConfig Provider should specify KeyArn to enable Encryption.
• W83 DynamoDB Accelerator (DAX) Cluster should have encryption enabled
• W84 CloudWatchLogs LogGroup should specify a KMS Key Id to encrypt the log data
• W85 ElasticsearchcDomain should have NodeToNodeEncryptionOptions enabled
• W86 CloudWatchLogs LogGroup should specify RetentionInDays to expire the log data

Dependency updates

• Bump mockito-core from 3.7.7 to 3.7.8 (#255) @dependabot-preview
• Bump mockito-core from 3.7.6 to 3.7.7 (#254) @dependabot-preview
• Bump mockito-core from 3.7.4 to 3.7.6 (#253) @dependabot-preview
• Bump mockito-core from 3.7.3 to 3.7.4 (#250) @dependabot-preview
• Bump mockito-core from 3.7.2 to 3.7.3 (#248) @dependabot-preview
• Update dependency com.fasterxml.jackson.core:jackson-databind to v2.12.1 (#247) @renovate
• Update dependency org.owasp:dependency-check-maven to v6.0.5 (#246) @renovate
• Bump mockito-core from 3.7.1 to 3.7.2 (#245) @dependabot-preview
• Update dependency org.mockito:mockito-core to v3.7.1 (#244) @renovate
• Update dependency org.mockito:mockito-core to v3.7.0 (#242) @renovate
• Update dependency org.sonarsource.parent:parent to v55 (#243) @renovate
• Update dependency org.mockito:mockito-core to v3.6.54 (#241) @renovate

Release 1.7.1(legacy)

What’s Changed

• Support custom rules
• NIST 800-53 tags
• sonar-analyzer-commons 1.11.0.541 -> 1.12.0.632
• commons-lang3 3.10 -> 3.11
• staxmate 2.3.1 -> 2.4.0
• jackson 2.11.0 > 2.12.0
• mockito 3.3.9 -> 3.6.51

New cfn-nag rules

• W76 SPCM for IAM policy document is higher than 25
• W77 Secrets Manager Secret should explicitly specify KmsKeyId. Besides control of the key this will allow the secret to be shared cross-account
• W78 DynamoDB table should have backup enabled, should be set using PointInTimeRecoveryEnabled
• W79 ECR Repository should have scanOnPush enabled
• W80 Kendra Index ServerSideEncryptionConfiguration should specify a KmsKeyId value.
• W81 DLM LifecyclePolicy PolicyDetails Actions CrossRegionCopy EncryptionConfiguration should enable Encryption.
• W82 EKS Cluster EncryptionConfig Provider should specify KeyArn to enable Encryption.

Release 2.0.9

What’s Changed

• New cfn-nag rule : W79 ECR Repository should have scanOnPush enabled
• Fix #227 (Plugin is missing .nag report, support new/old format)
• Update dependency org.mockito:mockito-core to v3.6.51 (#238) @renovate
• Bump mockito-core from 3.6.48 to 3.6.49 (#237) @dependabot-preview
• Update dependency org.apache.maven.plugins:maven-scm-publish-plugin to v3.1.0 (#236) @renovate
• Update dependency org.mockito:mockito-core to v3.6.48 (#234) @renovate
• Bump mockito-core from 3.6.44 to 3.6.47 (#233) @dependabot-preview
• Bump mockito-core from 3.6.42 to 3.6.44 (#228) @dependabot-preview
• Bump maven-compiler-plugin from 3.8.1-jboss-1 to 3.8.1-jboss-2 (#225) @dependabot-preview
• Bump mockito-core from 3.6.40 to 3.6.42 (#226) @dependabot-preview
• Update dependency org.mockito:mockito-core to v3.6.40 (#223) @renovate
• Bump mockito-core from 3.6.31 to 3.6.36 (#222) @dependabot-preview
• Bump mockito-core from 3.6.28 to 3.6.31 (#221) @dependabot-preview
• Update dependency com.fasterxml.jackson.core:jackson-databind to v2.12.0 (#219) @renovate

Release 2.0.8

What’s Changed

• New cfn-nag rule supported : W78 DynamoDB table should have backup enabled, should be set using PointInTimeRecoveryEnabled.
• #212 Support custom cfn-nag rules
• Bump mockito-core from 3.6.25 to 3.6.28 (#218) @dependabot-preview
• Bump mockito-core from 3.6.0 to 3.6.25 (#217) @dependabot-preview
• Bump cyclonedx-maven-plugin from 2.1.0 to 2.1.1 (#215) @dependabot-preview
• Bump sonar-testing-harness from 7.9.4 to 7.9.5 (#214) @dependabot-preview
• Bump dependency-check-maven from 6.0.2 to 6.0.3 (#213) @dependabot-preview

Release 2.0.7

What’s Changed

Bug fixes
Scanning issues with 2.0.6 version.
#210 (Handing same filename in different directories) thanks to @tzvetkov75 for reporting
#202 (.nag output from cfn_nag now looks like .nagscan output) thanks to @JoelPagliuca for reporting

Also contain fixes in https://github.com/Hack23/sonar-cloudformation-plugin/releases/tag/sonar-cloudformation-plugin-2.0.6

Release 2.0.6

What’s Changed

##Features

#136 (Add tags for NIST 800-53)
#145 (Update descriptions for issues , sync with cfn-nag)

Bug fixes

#210 (Handing same filename in different directories) thanks to @tzvetkov75 for reporting
#202 (.nag output from cfn_nag now looks like .nagscan output) thanks to @JoelPagliuca for reporting

Dependency updates

• Bump mockito-core from 3.5.15 to 3.6.0 (#209) @dependabot-preview
• Update dependency org.mockito:mockito-core to v3.5.15 (#207) @renovate
• Bump staxmate from 2.3.1 to 2.4.0 (#206) @dependabot-preview
• Bump sonar-packaging-maven-plugin from 1.19.0.397 to 1.20.0.405 (#205) @dependabot-preview
• Bump cyclonedx-maven-plugin from 2.0.3 to 2.1.0 (#204) @dependabot-preview
• Bump junit from 4.13 to 4.13.1 (#203) @dependabot-preview
• Update dependency com.fasterxml.jackson.core:jackson-databind to v2.11.3 (#198) @renovate
• Update dependency org.owasp:dependency-check-maven to v6.0.2 (#197) @renovate
• Bump mockito-core from 3.5.11 to 3.5.13 (#196) @dependabot-preview
• Bump mockito-core from 3.5.10 to 3.5.11 (#193) @dependabot-preview
• Bump jacoco-maven-plugin from 0.8.5 to 0.8.6 (#192) @dependabot-preview
• Bump dependency-check-maven from 6.0.0 to 6.0.1 (#190) @dependabot-preview
• Bump commons-io from 2.7 to 2.8.0 (#189) @dependabot-preview
• Update dependency org.sonarsource.analyzer-commons:sonar-analyzer-commons to v1.12.0.632 (#188) @renovate
• Bump dependency-check-maven from 5.3.2 to 6.0.0 (#186) @dependabot-preview
• Bump mockito-core from 3.5.9 to 3.5.10 (#185) @dependabot-preview
• Bump mockito-core from 3.5.8 to 3.5.9 (#184) @dependabot-preview
• Bump maven-project-info-reports-plugin from 3.1.0 to 3.1.1 (#183) @dependabot-preview
• Update dependency nl.talsmasoftware:umldoclet to v2.0.12 (#180) @renovate
• Bump mockito-core from 3.5.7 to 3.5.8 (#179) @dependabot-preview
• Update dependency org.mockito:mockito-core to v3.5.7 (#178) @renovate
• Bump mockito-core from 3.5.5 to 3.5.6 (#177) @dependabot-preview
• Bump mockito-core from 3.5.2 to 3.5.5 (#176) @dependabot-preview
• Bump mockito-core from 3.5.1 to 3.5.2 (#175) @dependabot-preview
• Bump mockito-core from 3.5.0 to 3.5.1 (#174) @dependabot-preview
• Bump mockito-core from 3.4.8 to 3.5.0 (#173) @dependabot-preview
• Bump cyclonedx-maven-plugin from 2.0.2 to 2.0.3 (#172) @dependabot-preview
• Bump mockito-core from 3.4.7 to 3.4.8 (#171) @dependabot-preview
• Bump maven-resources-plugin from 3.1.0 to 3.2.0 (#170) @dependabot-preview
• Bump mockito-core from 3.4.6 to 3.4.7 (#169) @dependabot-preview
• Update dependency com.fasterxml.jackson.core:jackson-databind to v2.11.2 (#168) @renovate
• Bump mockito-core from 3.4.5 to 3.4.6 (#167) @dependabot-preview
• Update dependency nl.talsmasoftware:umldoclet to v2.0.11 (#166) @renovate
• Bump sonar-testing-harness from 7.9.3.33150 to 7.9.4 (#165) @dependabot-preview
• Bump mockito-core from 3.4.4 to 3.4.5 (#163) @dependabot-preview
• Update dependency org.cyclonedx:cyclonedx-maven-plugin to v2.0.2 (#162) @renovate
• Bump mockito-core from 3.4.3 to 3.4.4 (#161) @dependabot-preview
• Update dependency org.mockito:mockito-core to v3.4.3 (#160) @renovate
• Bump mockito-core from 3.4.1 to 3.4.2 (#159) @dependabot-preview
• Bump cyclonedx-maven-plugin from 2.0.0 to 2.0.1 (#158) @dependabot-preview
• Bump mockito-core from 3.4.0 to 3.4.1 (#157) @dependabot-preview
• Bump cyclonedx-maven-plugin from 1.6.4 to 2.0.0 (#155) @dependabot-preview
• Update dependency org.apache.commons:commons-lang3 to v3.11 (#154) @renovate
• Bump mockito-core from 3.3.12 to 3.4.0 (#153) @dependabot-preview
• Update dependency com.fasterxml.jackson.core:jackson-databind to v2.11.1 (#150) @renovate
• Update dependency nl.talsmasoftware:umldoclet to v2.0.10 (#149) @renovate
• Update dependency org.apache.maven.plugins:maven-site-plugin to v3.9.1 (#147) @renovate
• Update dependency org.sonarsource.sonar-packaging-maven-plugin:sonar-packaging-maven-plugin to v1.19.0.397 (#146) @renovate
• Bump mockito-core from 3.3.11 to 3.3.12 (#144) @dependabot-preview
• Update dependency commons-io:commons-io to v2.7 (#143) @renovate
• Update dependency org.apache.maven.plugins:maven-jxr-plugin to v3.1.0 (#141) @renovate
• Update dependency org.apache.maven.plugins:maven-project-info-reports-plugin to v3.1.0 (#142) @renovate
• Update surefire.version to v3.0.0-RC1 (#140) @renovate
• Update dependency org.apache.maven.plugins:maven-surefire-plugin to v3.0.0-RC1 (#139) @renovate
• Bump mockito-core from 3.3.10 to 3.3.11 (#138) @dependabot-preview
• Update dependency org.mockito:mockito-core to v3.3.10 (#135) @renovate