Skip to content

CHANGELOG.md

Latest commit

 

History

History
327 lines (184 loc) · 13.9 KB

CHANGELOG.md

File metadata and controls

327 lines (184 loc) · 13.9 KB

v1.3.2 [2026-05-28]

Bug fixes

  • Fixed the bigquery_table_encrypted_with_cmk query to skip BigQuery views, which do not store data and cannot be encrypted with a customer-managed encryption key (CMEK). (#224) (Thanks @tpoindessous for the contribution!)
  • Fixed incorrect references to AWS in the compute control descriptions to correctly reference GCP. (#228) (Thanks @dark-panda for the contribution!)

v1.3.1 [2025-09-25]

Bug fixes

  • Fixed the cis_v400_8_1 control to correctly reference the dataproc_cluster_encryption_with_cmek query instead of bigquery_dataset_not_publicly_accessible. (#218)

v1.3.0 [2025-08-29]

Enhancements

  • Updated all top-level benchmark titles to include GCP for clearer cloud provider identification. (#211)

Bug fixes

  • Fixed compute_instance_oslogin_enabled and project_oslogin_enabled queries to correctly handle case-sensitive columns to ensure accurate compliance results. (#214)

v1.2.2 [2025-07-11]

Bug fixes

  • Fixed the kubernetes_cluster_private_cluster_config_enabled query to correctly identify publicly accessible clusters. (#202)

v1.2.1 [2025-07-03]

Bug fixes

  • Fixed the sql_instance_require_ssl_enabled query to correctly identify SQL instances that do not enforce SSL connections. (#204)

v1.2.0 [2025-07-01]

What's new?

  • Added NIST Cybersecurity Framework (CSF) v2.0 benchmark (powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v2). (#200)

v1.1.0 [2025-05-23]

What's new?

  • Added CIS v4.0.0 benchmark (powerpipe benchmark run gcp_compliance.benchmark.cis_v400). (#195)

v1.0.3 [2025-04-22]

Bug fixes

  • Fixed control titles to correctly use 0.0.0.0/0 instead of 0.0.00/0. (#191) (Thanks @akumar-99 for the contribution!)
  • Fixed a syntax issue by adding a missing semicolon at the end of the logging_metric_alert_network_changes query. (#190) (Thanks @tolgaOzen for the contribution!)

v1.0.2 [2025-04-14]

Bug fixes

  • Added the missing GCP/IAM and GCP/SQL service tags to relevant controls. (#188)

v1.0.1 [2024-10-24]

Bug fixes

  • Renamed steampipe.spvars.example files to powerpipe.ppvars.example and updated documentation. (#186)

v1.0.0 [2024-10-22]

This mod now requires Powerpipe. Steampipe users should check the migration guide.

v0.34 [2024-08-23]

What's new?

  • Added SOC2 2017 benchmark (powerpipe benchmark run gcp_compliance.benchmark.soc_2_2017). (#181)

v0.33 [2024-08-02]

Enhancements

  • Added the following controls to the All Controls benchmark: (#176)
    • alloydb_instance_log_error_verbosity_database_flag_default_or_stricter
    • alloydb_instance_log_min_error_statement_database_flag_configured
    • alloydb_instance_log_min_messages_database_flag_error

v0.32 [2024-06-07]

What's new?

  • Added NIST Cybersecurity Framework (CSF) v1.0 benchmark (powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v10). (#168)
  • Added NIST 800-53 Revision 5 benchmark (powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5). (#168)

Bug fixes

  • Fixed the kms_key_users_limited_to_3 query to correctly return data by removing the hardcoded GCP connection name. (#170)
  • Fixed the logging_bucket_retention_policy_enabled query to correctly return data by adding the missing project column to the query. (#173)

v0.31 [2024-05-31]

What's new?

  • Added HIPAA benchmark (powerpipe benchmark run gcp_compliance.benchmark.hipaa). (#165)
  • Added PCI DSS v3.2.1 benchmark (powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321). (#163)

Enhancements

  • Optimized several queries to minimize API usage, achieving faster performance. (#162)

v0.30 [2024-04-16]

What's new?

  • Added CIS v3.0.0 benchmark (powerpipe benchmark run gcp_compliance.benchmark.cis_v300). (#158)

v0.29 [2024-03-20]

Bug fixes

  • Fixed the CIS controls from cis_v200_2_4 to cis_v200_2_11 to correctly evaluate results when using the aggregator connection of the GCP plugin. (#154)

v0.28 [2024-03-06]

Powerpipe

Powerpipe is now the preferred way to run this mod! Migrating from Steampipe →

All v0.x versions of this mod will work in both Steampipe and Powerpipe, but v1.0.0 onwards will be in Powerpipe format only.

Enhancements

  • Focus documentation on Powerpipe commands.
  • Show how to combine Powerpipe mods with Steampipe plugins.

v0.27 [2024-02-26]

Bug fixes

  • Fixed the hierarchy in the benchmark list by properly integrating Cloud Functions benchmark into all_controls benchmark. (#146)

v0.26 [2024-02-22]

Dependencies

  • GCP plugin v0.49.0 or higher is now required. (#143)

Enhancements

  • Added 5 new controls to the All Controls benchmark across the following services: (#143)
    • App Engine
    • Cloud Run
    • Kubernetes

v0.25 [2024-01-04]

Enhancements

  • Added 61 new controls to the All Controls benchmark across the following services: (#140)
    • CloudFunctions
    • Compute
    • KMS
    • Kubernetes
    • Project
    • SQL
    • Storage

v0.24 [2023-11-14]

Bug fixes

  • Fixed the compute_firewall_allow_tcp_connections_proxied_by_iap query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)

v0.23 [2023-11-09]

What's new?

  • Added the new All Controls benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)

v0.22 [2023-11-03]

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#130)

Bug fixes

  • Fixed the kms_key_separation_of_duties_enforced query to ensure that separation of duties is enforced while assigning KMS-related roles to users. (#132)

v0.21 [2023-08-02]

Bug fixes

  • Fixed kms_key_rotated_within_90_day and kms_key_rotated_within_100_day queries to skip KMS keys that are either in DESTROYED or DESTROY_SCHEDULED or DISABLED state since we cannot schedule rotation for such keys. (#124)

v0.20 [2023-07-28]

Bug fixes

  • Added the missing iam_api_key_restricts_apis query for cis_v120_1_14, cis_v130_1_14, and cis_v200_1_14 controls. (#115) (Thanks @saisirishreddy for the contribution!)
  • Added the missing iam_api_key_restricts_websites_hosts_apps query for cis_v120_1_13, cis_v130_1_13, and cis_v200_1_13 controls. (#115) (Thanks @saisirishreddy for the contribution!)
  • Fixed the kubernetes_cluster_network_policy_installed query to correctly check if the GKE clusters have a network policy installed. (#116) (Thanks @saisirishreddy for the contribution!)

v0.19 [2023-07-21]

Bug fixes

  • Fixed the logging_metric_alert_storage_iam_permission_changes query to correctly check if sinks have been configured for all the log entries across all the projects instead of only the last project in an aggregator connection. (#111) (Thanks @M0nsieurChat for the contribution!)

v0.18 [2023-07-19]

Bug fixes

  • Added the missing iam_api_key_age_90 query for cis_v120_1_15, cis_v130_1_15, and cis_v200_1_14 controls. (#107) (Thanks @saisirishreddy for the contribution!)

v0.17 [2023-07-13]

Bug fixes

  • Fixed the iam_user_uses_corporate_login_credentials query to return info status, when plugin authentication mechanism does not include organization viewer permission, instead of false positives. (#97)
  • Fixed dashboard localhost URLs in README and index doc. (#104)

v0.16 [2023-05-15]

Bug fixes

  • Fixed cis_v130_3_10 and cis_v200_3_10 controls to also include IP 35.235.240.0/20 and port 443 in the list of allowed IPs and ports per CIS documentation. (#101)

v0.15 [2023-04-21]

Bug fixes

  • Fixed the following queries to use the project_id column instead of the name column (project name) as the project common dimension: (#96)
    • logging_metric_alert_audit_configuration_changes
    • logging_metric_alert_custom_role_changes
    • logging_metric_alert_firewall_rule_changes
    • logging_metric_alert_network_changes
    • logging_metric_alert_network_route_changes
    • logging_metric_alert_project_ownership_assignment
    • logging_metric_alert_sql_instance_configuration_changes
    • logging_metric_alert_storage_iam_permission_changes
    • logging_sink_configured_for_all_resource
    • manual_control
    • project_access_approval_settings_enabled

v0.14 [2023-03-24]

What's new?

v0.13 [2023-01-20]

What's new?

  • Added CIS v2.0.0 benchmark (steampipe check benchmark.cis_v200). (#87)

v0.12 [2022-11-03]

Bug fixes

  • Fixed the kms_key_separation_of_duties_enforced query to correctly check if the principle of 'Separation of Duties' is enforced while assigning KMS related roles to users. (#80)

v0.11 [2022-08-18]

What's new?

  • Added CIS v1.3.0 benchmark (steampipe check benchmark.cis_v130). (#76)

v0.10 [2022-05-09]

Enhancements

  • Updated docs/index.md and README with new dashboard screenshots and latest format. (#68)

v0.9 [2022-05-02]

Enhancements

  • Added category, service, and type tags to benchmarks and controls. (#64)

v0.8 [2022-03-17]

Bug fixes

  • Fixed the kubernetes_cluster_private_cluster_config_enabled query to correctly evaluate which GKE clusters are private (#59)

v0.7 [2021-11-10]

Enhancements

  • docs/index.md file now includes the console output image

v0.6 [2021-10-06]

What's new?

  • Added: CFT Scorecard v1 benchmark (steampipe check benchmark.cft_scorecard_v1)
  • Added: Forseti Security v2.26.0 benchmark (steampipe check benchmark.forseti_security_v226)

v0.5 [2021-09-23]

Bug fixes

  • Fixed broken links to the Mod developer guide in README.md
  • Removed the unnecessary quotes from iam_user_separation_of_duty_enforced query

v0.4 [2021-07-01]

What's new?

  • New CIS v1.2.0 controls added:
    • 1.1

v0.3 [2021-06-03]

What's new?

  • New CIS v1.2.0 controls added
    • 1.9
    • 1.10
    • 1.11

v0.2 [2021-05-28]

Bug fixes

  • Minor fixes in the docs