MyGit

v3.3.0

aquasecurity/cloudsploit

版本发布时间: 2024-03-26 16:37:35

aquasecurity/cloudsploit最新发布版本:v3.9.0(2024-09-24 17:03:17)

CloudSploit version 3.3.0 introduces the most latest version on 2024-03-25. The update includes severities added for all clouds plugins, new regions of AWS and Azure clouds and new category plugins for Azure Open AI Service and Vertex AI Service for GCP , category change of AWS Services to 'AI &ML' and title and description change of AWS and Azure plugins. Along with this there are new plugins for existing services of Azure, AWS with the hotfixes and enhancements in the existing plugins. The details are as follows.


Severities

Added severities for all plugins of following clouds:

Severities were assigned based on careful analysis of services, taking into account compliance rules, thorough documentation review, addressing customer complaints, and incorporating their suggestions.This approach ensures accurate representation of the impact and importance of each plugin and service across AWS, Azure, GCP, Oracle, Alibaba, and GitHub platforms, aligning with compliance standards.

New regions

AWS Added support for the following regions:

Azure Added support for the following regions:

Category changes

AWS Changed category of the following AWS services to AI and ML:

Plugin title changes

Changed the title, description, and output messages for the following plugins:

AWS

  1. Firehose Delivery Streams CMK Encrypted is renamed to Firehose Delivery Stream Destination CMK Encrypted
  2. DynamoDB Unused Table is renamed to DynamoDB Empty Table

Azure

  1. PostgreSQL Server Services Access Disabled is renamed to PostgreSQL Server Services Network Access Disabled
  2. PostgreSQL Flexible Server Services Access Disabled is renamed to PostgreSQL Flexible Server Services Public Network Access Disabled

New Plugins

AWS

CodeStar

Azure

App Service

Application Gateway

App Configurations

Automation Account

Bastion

Blob Service

Container Registry

Defender

Event Hub

Front Door

Key Vaults

Kubernetes Services

Load Balancer

Monitor

Network Security Groups

Open AI

PostgreSQL Server

Redis Cache

Service Bus

SQL Databases

SQL Server

Virtual Machines

Virtual Machines Scale Sets

Virtual Networks

GCP

Vertex AI

Hot fixes and enhancements

Aws

  1. As per AWS document, AWS now provides the SSE to all bucket objects by default. Previously, the following plugins were failing in case SSE was not enabled on s3. However, the logic of the following plugins are modified to produce pass result by default when checking for server side encryption:

    • S3 Bucket Enforce Object Encryption
    • Firehose Delivery Stream Destination CMK Encrypted
  2. Open RFC 1918 Updated the output message of plugin so it provides a more accurate description when RFC IP ranges are utilized.

  3. EKS Kubernetes Version Modified the depreciation date for following eks versions. 1.23, 1.24, and 1.27.

  4. Lambda Old Runtimes Modified the deprecation date for following runtime environments, Node.js 16, Go 1, Java 8.

  5. SES Email Messages Encrypted Added logic to exclude regions that don't have SES enabled.

Azure

  1. VM Security Type Previously, the plugin was checking for only trusted launch type configured, added the setting to the check desired security type for Azure virtual machines.

  2. No Network Gateways In Use Previously, the plugin was checking for only network gateway in use. Added the Virtual Network Gateway Type setting with empty default value. The setting can be used to the check for desired type for network gateways in use.

  3. Added setting Ignore Internal Load Balancers in plugins with default value set to false. When set to true the plugin ignores internal load balancers.

    • LB HTTPS Only
    • Load Balancer Has Tags
    • Load Balancer Log Analytics Enabled
    • LB No Instances

相关地址:原始地址 下载(tar) 下载(zip)

查看:2024-03-26发行的版本