Releases: Hack23/sonar-cloudformation-plugin
Release 1.0.9
Changes
Clean cwe tagging
CWE-732 - Incorrect Permission Assignment for Critical Resource
CWE-272 - Least Privilege Violation
CWE-257 - Storing Passwords in a Recoverable Format
CWE-311 - Missing Encryption of Sensitive Data
CWE-286 - Incorrect User Management
CWE-778 - Insufficient Logging
Release 1.0.8
Changes
Clean cwe tagging
CWE-732 - Incorrect Permission Assignment for Critical Resource
CWE-272 - Least Privilege Violation
CWE-257 - Storing Passwords in a Recoverable Format
CWE-311 - Missing Encryption of Sensitive Data
CWE-286 - Incorrect User Management
CWE-778 - Insufficient Logging
Release 1.0.7
Changes
Clean cwe tagging
CWE-732 - Incorrect Permission Assignment for Critical Resource
CWE-272 - Least Privilege Violation
CWE-257 - Storing Passwords in a Recoverable Format
CWE-311 - Missing Encryption of Sensitive Data
CWE-286 - Incorrect User Management
CWE-778 - Insufficient Logging
Release 1.0.6
Changes
Add rule : W44 Api gateway should have access logging configured
Release 1.0.5
Changes
add rule W43 IAM role should not have AdministratorAccess policy
Release 1.0.4
Changes
Update dependency com.fasterxml.jackson.core:jackson-databind to v2.10.0
Update dependency org.sonarsource.analyzer-commons:sonar-analyzer-commons to v1.11.0.541
Update dependency org.codehaus.plexus:plexus-utils to v3.3.0
Update dependency org.jacoco:jacoco-maven-plugin to v0.8.5
Update dependency org.mockito:mockito-core to v3.1.1
Release 1.0.3
Changes
Update dependency org.mockito:mockito-core to v3.0.8
Update dependency com.fasterxml.jackson.core:jackson-databind to v2.10.0.pr3
Release 1.0.2
Changes
Update dependency com.fasterxml.jackson.core:jackson-databind to v2.10.0.pr2
Release 1.0.1
New rules added from cfn-nag
W38 IOT policy should not allow * action
W39 IoT policy should not allow * resource
W40 Security Groups egress with an IpProtocol of -1 found
W41 S3 Bucket should have encryption option set
W42 Security Groups ingress with an ipProtocol of -1 found
Release 1.0.0.beta4
New rules added
F38 IAM role should not allow * resource with PassRole action on its permissions policy
F39 IAM policy should not allow * resource with PassRole action
F40 IAM managed policy should not allow a * resource with PassRole action
F50 Amplify App BasicAuthConfig Password must not be a plaintext string or a Ref to a NoEcho Parameter with a Default value.
W36 Security group rules without a description obscure their purpose and may lead to bad practices in ensuring they only allow traffic from the ports and sources/destinations required.
W37 EBS Volume should specify a KmsKeyId value