Changelog
Subscribe to Steampipe changelog via RSS or join #changelog on our Slack community to stay updated on everything we ship.
Azure Compliance mod v0.38 - Fixed Azure Active Directory and Azure IAM queries to remove duplicate benchmark results
Bug fixes
- Fixed
ad_guest_user_reviewed_monthly
,iam_deprecated_account_with_owner_roles
,iam_external_user_with_read_permission
,iam_external_user_with_write_permission
,iam_user_not_allowed_to_create_security_group
andiam_user_not_allowed_to_register_application
queries to remove duplicate benchmark results. (#228)
Hubspot plugin v0.0.2 - Fixed plugin brand colour
v0.0.2 [2023-11-17]
Bug fixes
- Fixed the plugin brand colour.
Hubspot plugin v0.0.1 - Initial plugin release
Kubernetes plugin v0.25.2 - Fixed the plugin to pass the namespace qualifier to the kubernetes API client
Github plugin v0.37.1 - Fixed GetConfig of github_team_repository table to include support for dynamic GraphQL queries
GCP plugin v0.46.0 - Added gcp_aiplatform_endpoints table, and fixed retention_policy column of gcp_storage_bucket table
v0.46.0 [2023-11-16]
What's new?
- New tables added
Bug fixes
- Fixed the
retention_policy
column ofgcp_storage_bucket
table to correctly return data instead of null. (#502)
AWS plugin v0.123.0 - Added aws_lambda_event_source_mapping table, and added resource_record_set_limit column to aws_route53_zone table
v0.123.0 [2023-11-16]
What's new?
- New tables added
- aws_lambda_event_source_mapping (#1874) (Thanks @nickman for the contribution!)
Enhancements
Jira plugin v0.13.0 - Added new tables, new columns to existing tables, and fixed bugs
v0.13.0 [2023-11-15]
What's new?
- New tables added
Enhancements
- Added the
properties
column tojira_project
table. (#105)
Bug fixes
Microsoft365 Compliance mod v0.9 - Added CIS v3.0.0 benchmark
What's new?
- Added CIS v3.0.0 benchmark (
steampipe check benchmark.cis_v300
). (#57)
Linkedin plugin v0.4.0 - Removed tables using the search API that no longer work due to API limitations
Breaking Changes
- Removed the following tables using the search API that no longer work due to API limitations. These tables will be added back if functionality can be restored.
linkedin_company_employee
linkedin_company_past_employee
linkedin_connection
linkedin_search_company
linkedin_search_profile
GCP Compliance mod v0.24 - Fixed compute_firewall_allow_tcp_connections_proxied_by_iap query to correctly include all the ports and source IP ranges
Bug fixes
- Fixed the
compute_firewall_allow_tcp_connections_proxied_by_iap
query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)
Net Insights mod v0.6 - Added dns_mx_dmarc_record_enabled control to dns_mx_best_practices benchmark
Github plugin v0.37.0 - Added run_started_at column to github_actions_repository_workflow_run table
AWS plugin v0.122.0 - Added new tables and new columns to existing tables
What's new?
- New tables added
- aws_fms_policy (#1851)
- aws_fms_app_list (#1851)
- aws_transfer_server (#1909) (Thanks @jramosf for the contribution!)
Enhancements
- Added the
features
column toaws_guardduty_detector
table. (#1958)
GCP Compliance mod v0.23 - Added new All Controls benchmark
What's new?_
- Added the new
All Controls
benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)
Updated plugin dependency section of 25 mods to use min_version instead of version
- Updated the plugin dependency section of the following mods to use
min_version
instead ofversion
:- Alicloud Insights
- AWS Insights
- AWS Tags
- Azure Insights
- Digitalocean Insights
- Docker Compliance
- GCP Insights
- GCP Labels
- Github Compliance
- Github Insights
- Gitlab Insights
- Hackernews Insights
- IBM Insights
- Kubernetes Insights
- Microsoft 365 Compliance
- OCI Compliance
- OCI Insights
- OCI Thrifty
- Snowflake Compliance
- Tailscale Compliance
- Terraform AWS Compliance
- Terraform Azure Compliance
- Terraform GCP Compliance
- Terraform OCI Compliance
- Turbot Guardrails Insights
Kubernetes Compliance mod v0.17 - Updated docs to include correct links and fixed queries to cast data to a boolean format
Breaking changes
- Updated the plugin dependency section of the mod to use min_version instead of version. (#82)
Bug fixes
- Updated the docs to include the correct links for the nsa_cisa_v1 benchmark. (#80) (Thanks @aniketh-varma for the contribution!)
- Fixed the following queries to cast the data to boolean format. (#79)
- cronjob_container_privilege_disabled
- cronjob_host_network_access_disabled
- cronjob_hostpid_hostipc_sharing_disabled
- cronjob_immutable_container_filesystem
- cronjob_non_root_container
- daemonset_container_privilege_disabled
- daemonset_host_network_access_disabled
- daemonset_hostpid_hostipc_sharing_disabled
- daemonset_immutable_container_filesystem
- daemonset_non_root_container
- deployment_container_privilege_disabled
- deployment_host_network_access_disabled
- deployment_hostpid_hostipc_sharing_disabled
- deployment_immutable_container_filesystem
- deployment_non_root_container
- job_container_privilege_disabled
- job_host_network_access_disabled
- job_hostpid_hostipc_sharing_disabled
- job_immutable_container_filesystem
- job_non_root_container
- pod_container_privilege_disabled
- pod_immutable_container_filesystem
- pod_non_root_container
- pod_service_account_token_enabled
- pod_template_container_privilege_disabled
- pod_template_immutable_container_filesystem
- replicaset_container_privilege_disabled
- replicaset_host_network_access_disabled
- replicaset_hostpid_hostipc_sharing_disabled
- replicaset_immutable_container_filesystem
- replicaset_non_root_container
- replication_controller_container_privilege_disabled
- replication_controller_host_network_access_disabled
- replication_controller_hostpid_hostipc_sharing_disabled
- replication_controller_immutable_container_filesystem
- replication_controller_non_root_container
- statefulset_container_privilege_disabled
- statefulset_host_network_access_disabled
- statefulset_hostpid_hostipc_sharing_disabled
- statefulset_immutable_container_filesystem
- statefulset_non_root_container
GCP Compliance mod v0.22 - Fixed kms_key_separation_of_duties_enforced query to ensure that separation of duties is enforced while assigning KMS-related roles to users
Azure Compliance mod v0.37 - Fixed compute_vm_tcp_udp_access_restricted_internet query
AWS Well Architected mod v0.9 - Updated the plugin dependency section of the mod to use min_version instead of version
AWS Thrifty mod v0.26 - Renamed control lambda_function_with_graviton2 to lambda_function_with_graviton
Breaking changes
- Updated the plugin dependency section of the mod to use
min_version
instead ofversion
. (#161) - Renamed the control
lambda_function_with_graviton2
tolambda_function_with_graviton
in order to maintain consistency. (#158) (Thanks @bluedoors for the contribution!)
AWS Perimeter mod v0.7 - Updated the plugin dependency section of the mod to use min_version instead of version
AWS Compliance mod v0.82 - Added glue_connection_ssl_enabled and vpc_peering_connection_route_table_least_privilege controls to All Controls benchmark
AWS plugin v0.121.1 - Resolved intermittent retention of expired credentials in connection cache
Bug fixes
- Fixed the description of the
name
column inaws_organizations_account
table. (#1947) (Thanks @badideasforsale for the contribution!)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.3 which addresses the issue of expired credentials being intermittently retained in the connection cache. (#1956)
Steampipe Plugin SDK v5.6.3 - Fixed intermittent expired credentials
Bug fixes
- Fixed expired credentials sometimes being left in the connection cache. Update connection cache to use a backing store per connection, rather than a shared backing store. (#699)
Azure plugin v0.51.0 - Added azure_alert_management, azure_databricks_workspace, azure_monitor_activity_log_event, and azure_recovery_services_backup_job tables
What's new?
Linkedin plugin v0.3.0 - Added contact_info column to linkedin_profile table
Enhancements
- Added the
contact_info
column tolinkedin_profile
table. (#5)
GitHub plugin v0.36.1 - Fixed required quals for github_issue and github_pull_request tables
Bug fixes
- Fixed the required quals of
github_issue
andgithub_pull_request
tables to correctly return data instead of an error. (#355)
GitHub plugin v0.36.0 - Optimized GraphQL queries for issue and pull request tables
What's new
- Updated
github_issue
,github_my_issue
,github_pull_request
,github_search_issue
, andgithub_search_pull_request
tables to only include nested and user permission columns in GraphQL request when requested. This should result in faster queries and large scale queries completing more consistently. (#342)
Vanta plugin v0.3.2 - Fixed vanta_computer table queries failing
Sentry plugin v0.2.0 - Sentry base URL can now be configured
Prometheus plugin v0.5.0 - Added support for PROMETHEUS_URL environment variable
Azure Compliance mod v0.36 - Fixed README to include correct benchmark reference
AWS Compliance mod v0.81 - Added controls for Athena and IAM services
Enhancements
- Added the following controls to the
All Controls
benchmark: (#722)athena_workgroup_enforce_configuration_enabled
iam_inline_policy_no_administrative_privileges
Bug fixes
AWS plugin v0.121.0 - Improved documentation for AWS IAM role table
AWS Insights mod v0.14 - Added new dashboard and query docs
Enhancements
- Added additional dashboard and query docs and updated metadata descriptions in docs. (#323)
Terraform Azure Compliance mod v0.9 - Added 11 new controls
What's new?
- Added 11 new controls across the benchmarks for the following services: (#39)
- Application Gateway
- Automation
- Cognitive Search
- Compute
- Frontdoor
- Network
- PostgreSQL
AWS plugin v0.120.2 - Removed unnecessary error retry logic and added UnknownError as retryable error
Resolved nil pointer reference errors related to implicit hydrate configurations across 94 plugins
The remaining 94 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs.
Kubernetes Compliance mod v0.16 - Fixed queries to correctly return data for connection_name and tags dimensions
Bug fixes
- Fixed queries to correctly return data for
connection_name
andtags
dimensions instead of an error. (#73)
Github Compliance mod v0.5 - Updated 10 queries to use url as the resource column
Enhancements
- Updated the following queries to use
url
as the resource column: (#35)default_branch_all_build_steps_as_code
default_branch_pipeline_locks_external_dependencies_for_build_process
default_branch_pipeline_must_have_jobs_with_sbom_generation
default_branch_pipelines_scan_for_vulnerabilities
default_branch_pipelines_scanners_set_to_prevent_sensitive_data
org_member_mfa_enabled
repo_inactive_members_review
repo_deletion_limited_to_trusted_users
repo_issue_deletion_limited_to_trusted_users
repo_webhook_package_registery_security_settings_enabled
GCP plugin v0.45.0 - Added gcp_artifact_registry_repository and gcp_cloud_run_service tables
What's new?
- New tables added
Fixed nil pointer reference errors for implicit hydrate configs for 21 plugins
The following 21 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs:
- Alibaba Cloud
- AWS CloudFormation
- Azure
- Azure Active Directory
- CSV
- DigitalOcean
- Docker
- Docker Hub
- Exec
- GCP
- GitHub
- IBM Cloud
- Jira
- Microsoft 365
- Net
- Okta
- OpenShift
- Oracle Cloud Infrastructure
- Salesforce
- Turbot Pipes
- Zoom
Terraform plugin v0.10.0 - Added address, attributes, and attributes_std columns to terraform_resource table
Terraform OCI Compliance mod v0.6 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files
Terraform GCP Compliance mod v0.9 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files
Terraform Azure Compliance mod v0.8 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files
Terraform AWS Compliance mod v0.20 - Updated the queries to use attributes_std and address columns from the terraform_resource table for better support of terraform state files
Kubernetes plugin v0.25.1 - Fixed plugin crash due to invalid definition of manifest_file_paths config argument
Bug fixes
- Fixed the plugin to prevent crashes when
source_types
config argument containsmanifest
butmanifest_file_paths
is not defined. (#177)
Kubernetes Compliance mod v0.15 - Added 39 new controls
What's new?
- Added 39 new controls for the
ClusterRoleBinding
,CronJob
,DaemonSet
,Ingress
,Job
,Pod
resource types to theall_controls
benchmark. (#68)
AWS plugin v0.120.1 - Fixed source_account_id column of aws_securityhub_finding table and members column of aws_rds_db_cluster table to correctly return data
Bug fixes
- Fixed the
source_account_id
column ofaws_securityhub_finding
table to correctly return data instead ofnull
. (#1927) (Thanks @gabrielsoltz for the contribution!) - Fixed the
members
column ofaws_rds_db_cluster
table to correctly return data instead ofnull
. (#1926)
Steampipe CLI v0.21.1 - Added support for the missing mod-location flag to the steampipe variable list command
Bug fixes
- Added support for the missing
mod-location
flag to thesteampipe variable list
command. (#3942)
Steampipe Plugin SDK v5.6.2 - Fixed nil pointer exception if hydrate call fails
Bug fixes
- The
initialise
function is now being called for implicit hydrate configs (i.e. hydrate functions without explicit config), thereby preventing nil pointer reference errors when the hydrate function returns an error. (#683)
Steampipe CLI v0.21.0 - Add support for rate limiting, and memory limits
Whats new?
- Define rate and concurrency limits for plugin execution. (#3746)
- Define multiple instances of a plugin version using a
plugin
connection config block. (#3807) - The maximum memory used by plugins and the CLI can now be specified either in
plugin
instance definitions or the newplugin
options block. (#3807) - New introspection tables
steampipe_plugin
andsteampipe_plugin_limiter
containing all configured plugin instances and limiters. (#3746) - New introspection table
steampipe_server_settings
populated with server settings data during service startup. (#3462) - Running
plugin install
with no arguments installs all referenced plugins. (#3451) - New
--output
flag forplugin list
cmd allows selection betweenjson
andtable
output. (#3368) - Each plugin directory ncontains a
version.json
which can be used to recompose the global pluginversions.json
if it is missing or corrupt. (#3492) - Typing
.cache
in interactive prompt shows the current value of cache. (#2439) - Steampipe commands bypass plugin requirement check if installed plugin is locally built. (#3643)
- New
skip-config
flag disables writing of default plugin config during plugin installation. (#3531, #2206) - Logs are now written to file instead of console. (#2916)
- When plugin startup fails, report useful message in the CLI. (#3732)
- Users are warned to not have mod.sp files in home directory. (#2321)
- Updated messaging when service is started on an unavailable port. (#623)
- Log files are rotated if the process is active across date boundaries. (#125, #3825)
- Listen hosts may be selected when starting steampipe service. (#3505)
- Initialisation behaviour for the sample options has been changed: always copy a sample file (
default.spc.sample
), but only overwrite thedefault.spc
file with the sample content if the existing file has not been modified. (#3431) - Validation for the workspace profile
cache
settings. (#3646) - Support OCI registries requiring authentication. (#2819)
- Compiled with Go 1.21. (#3763)
Bug fixes
- Plugin manager shutdown stalling intermittently due to deadlocks. (#3818)
- Temporary tables dropped in interactive prompt when pool connections recycled. (#3781,#3543)
service start
was not listening onnetwork
by default. (#3593)- Multi line logs from plugins not rendered correctly in plugin logs. (#3678)
.inspect
panicking for long column descriptions. (#3709)- Interactive prompt crashing when there is a code panic. (#3713)
- Incorrect zsh completion instructions.
- Steampipe should not create export files for cancelled control runs. (#3578)
BuildFullResourceName
not validating non empty arguments. (#3601)- Spinner not showing when exporting check results. (#3577)
stdin
was consumed byquery
command even if there are arguments. (#1985)- When exporting multiple benchmarks, results now merged the results into a single export. (#2380)
- Raise warning when pseudo-resources are ignored because of named HCL resources. (#1328)
- Database reinstalled unnecessarily if any FDW files were missing. (#2040)
- Improved error message when steampipe fails to parse a mod definition file because mod block does not exist. (#1198)
- Only
install-dir
andworkspace
flags should be global flags. All other flags should only apply to specific command. (#3542) - Passing an empty list for list variables was not working. (#2094)
- Show deprecation warning for
version
field inrequire
block of mod definition. - Temporary directories were not always being cleaned up after plugin commands.
plugin list
returned nothing if no plugins were installed. (#3927)
Deprecations and migrations
- Table
steampipe_connection_state
renamed tosteampipe_connection
- Removed migration and backward compatibility of data files from v0.13.0. (#3517)
- Removed deprecated
workspace-chdir
flag. (#3925) - Migrated from
cloud.steampipe.io
topipes.turbot.com
. (#3724) - Removed support for plugins which do not support multiple connections (i.e. using SDK < v4.0.0).
- Deprecated
terminal options
.
Added rate limiter support for 115 plugins
All 115 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.1, which adds support for rate and concurrency limiters.
Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to:
- Smooth the request rate from Steampipe to reduce load on the remote API or service
- Limit the number of parallel requests to reduce contention for client and network resources
- Avoid hitting server limits and throttling
For more information on getting started, please see Concurrency and Rate Limiting.
Kubernetes plugin v0.24.0 - Deprecated source_type config argument (replaced by source_types)
Deprecated
- The
source_type
config argument has been deprecated and will be removed in the next major version. Please use thesource_types
config argument instead. If both config arguments are set,source_types
will take precedence. For backward compatibility, please see below for old and new value equivalents: (#167)source_type = 'all'
:source_types = ["deployed", "helm", "manifest"]
source_type = 'deployed'
:source_types = ["deployed"]
source_type = 'helm'
:source_types = ["helm"]
source_type = 'manifest'
:source_types = ["manifest"]
What's new?
- Added the
source_types
config argument, which allows specifying a combination of source types to load per connection. (#167)
Kubernetes Compliance mod v0.14 - Added 350+ new controls
What's new?
- Added 350+ new controls across all resource types to the
all_controls
benchmark. (#64)
Enhancements
- Added
path
to default set ofcommon_dimensions
, so now any file paths will appear by default in the additional dimensions in control results. (#63) - Added
iac
category to mod definition.
Dependencies
- Kubernetes plugin
v0.23.0
or higher is now required.
Exec plugin v0.0.4 - Added stdout and stderr columns and fixed inconsistent local and remote results
Breaking changes
- Removed the
output
column in theexec_command
table. This column has been replaced by thestdout_output
andstderr_output
columns. (#13)
What's new?
- Added
stdout_output
andstderr_output
columns to theexec_command
table. (#13) - Added
stream
column to theexec_command_line
table. (#13) - Added plugin limiter
exec_global
withMaxConcurrency
set to 15 in an effort to reduce abuse reports due to large number of concurrent remote connections. (#13)
Bug fixes
- Results from the
exec_command
table should now be consistent when using local and remote connections. (#13)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.0 which adds support for rate limiters. (#13)
- Recompiled plugin with Go 1.21. (#13)
Docker Compliance mod v0.1 - Added CIS v1.6.0 benchmark
What's new?
- Added CIS v1.6.0 benchmark (
steampipe check docker_compliance.benchmark.cis_v160
). (#4)
AWS plugin v0.119.0 - Improved plugin performance on Darwin OS and added configuration_settings column to aws_elastic_beanstalk_environment table
Steampipe Plugin SDK v5.6.1 - GRPC endpoint to clear connection cache
What's new?
SetConnectionCacheOptions
, a new GRPC endpoint to clear connection cache. (#678)
OCI plugin v0.31.0 - Added column last_successful_login_time to oci_identity_user table
Enhancements
- Added the
last_successful_login_time
column tooci_identity_user
table. (#547)
Azuread plugin v0.13.0 - Updated azuread_user and azuread_device tables
Steampipe Plugin SDK v5.6.0 - Add support for rate limiters
What's new?
- Define rate and concurrency limits for plugin execution. (#623)
- Diagnostics property added to
_ctx
column, containing information on hydrate calls and rate limiting (enabled by setting env varSTEAMPIPE_DIAGNOSTIC_LEVEL=all
) - Support for JSONB operators in
List
hydrate functions. (#594) Type
property added toConnectionConfig
protobuf definition to determine if a connection is an aggregator. (#590)- When plugin startup fails, write a specially formatted string to stdout so plugin manager can parse the output and display a useful message. (#619)
- Support for multi-line log entries. (#612)
- Added
Equals
function forQualValue
. (#646)
Kubernetes plugin v0.23.0 - Added kubernetes_pod_template table
What's new?
- New tables added
Kubernetes Compliance mod v0.13 - Added 112 new controls
Enhancements
- Added 112 new controls to the
All Controls
benchmark for the following services: (#59)CronJob
DaemonSet
Deployment
Job
Pod
ReplicaSet
ReplicationController
StatefulSet
Jira plugin v0.11.0 - Added support for on-premise Jira instances
GitHub plugin v0.34.1 - Fixed caching for repository tables
GitHub plugin v0.34.0 - Optimized GraphQL queries for repository tables
GitHub plugin v0.33.1 - Fixes for github_search_repository table
Bug fixes
- Fixed
github_search_repository
table queries failing when selecting thehas_downloads
,has_pages
,hooks
,network_count
,subscribers_count
, ortopics
columns. (#337)
Terraform plugin v0.8.1 - Improved handling of null values in arguments
Bug fixes
- Fixed the
invalid memory address or nil pointer dereference
errors when querying Terraform configuration or plan or state files that includednull
valued arguments. (#56)
Kubernetes Compliance mod v0.12 - Added 90 new controls
Docker plugin v0.9.0 - Fixes for handling missing Dockerfile and Compose files
Bug fixes
- Fixed the plugin to return
nil
instead of anerror
when the file/path specified indockerfile_paths
ordocker_compose_file_paths
config arguments does not exist. (#38)
AWS Compliance mod v0.80 - Added missing resource column in Glue queries
Bug fixes
- Added the missing
resource
column in the queries ofglue_data_catalog_encryption_settings_metadata_encryption_enabled
andglue_data_catalog_encryption_settings_password_encryption_enabled
controls. (#715)
Guardrails plugin v0.12.0 - Added columns to guardrails_notification and guardrails_resource tables
Enhancements
- Added the
resource_object
andobject
columns toguardrails_notification
andguardrails_resource
tables respectively. (#7)
CSV plugin v0.10.0 - Added missing S3 go-getter examples in docs
Bug fixes
- Added the missing S3 go-getter examples in the
docs/index.md
file.
AWS plugin v0.118.1 - Fixed capacity_reservation_specification column data type in aws_ec2_instance table
Bug fixes
- Fixed the data type of
capacity_reservation_specification
column ofaws_ec2_instance
table to be ofJSON
type instead ofSTRING
. (#1903)
Terraform GCP Compliance mod v0.8 - Added new IAM control
Enhancements
- Added the
iam_workload_identity_restricted
control to theIAM
benchmark. (#38)
Terraform AWS Compliance mod v0.19 - Updates for DMS and VPC controls
Net plugin v0.10.0 - Deprecation and addition of columns to the net_certificate table
Deprecations
- Deprecated
domain
column innet_certificate
table, which has been replaced by theaddress
column. Please note that theaddress
column requires a port, e.g.,github.com:443
. This column will be removed in a future version. (#50)
What's new?
- Added
address
column to thenet_certificate
table to allow specifying a port with the domain name. (#50)
Bitbucket plugin v0.6.1 - Added environment usage information to docs
Bug fixes
- Updated the
bitbucket.spc
andindex.md
files to include details ofBITBUCKET_USERNAME
,BITBUCKET_PASSWORD
, andBITBUCKET_API_BASE_URL
environment variables. (#77)
Get cloud
work done.
Get cloud
work done.
