Changelog
Subscribe to Steampipe changelog via RSS or join #changelog on our Slack community to stay updated on everything we ship.
What's new?
- New tables added
- aws_cost_by_region_monthly (#2310) (Thanks @razbne for the contribution!)
Enhancements
- Added
error
,is_public
,resource_owner_account
andresource_type
optional quals foraws_accessanalyzer_finding
table. (#2331) (Thanks @dbermuehler for the contribution!) - Updated the
aws_s3_object
table to use theHeadObject
API to retrieve object metadata. (#2312) (Thanks @JonMerlevede for the contribution!)
Bug fixes
- Fixed the
aws_s3_bucket
table to correctly return data by ignoring the not found error ingetBucketTagging
andgetBucketWebsite
hydrate functions. (#2335)
Bug fixes
- Fixed the issue where the steampipe interactive meta-command
.cache clear
was not clearing the cache. (#4443)
Enhancements
- Added
multi_region
andmulti_region_configuration
columns toaws_kms_key
table. (#2338) (Thanks @pdecat for the contribution!)
Bug fixes
- Fixed the comparison operator
(<= or >=)
for number and date filter inaws_inspector2_finding
table. (#2332) (Thanks @dbermuehler for the contribution!)
Bug fixes
- Fixed the
trigger_parameters
column of thecircleci_pipeline
table to correctly return data instead ofJSON unmarshalling
error. (#53)
What's new?
- New tables added
- gcp_compute_instance_group_manager (#669) (Thanks @pdecat for the contribution!)
Enhancements
- Added
labels
andtags
columns to thegcp_compute_global_forwarding_rule
table. (#678) (Thanks @pdecat for the contribution!) - Added
database_installed_version
andmaintenance_version
columns to thegcp_sql_database_instance
table. (#677) (Thanks @pdecat for the contribution!)
Bug fixes
- Fixed the
gcp_compute_instance_group
table to correctly return data for regional instance groups'instances
column. (#670) (Thanks @pdecat for the contribution!) - Fixed the
kubernetes_node_pool
table to correctly return data instead of an error for node pools with auto-pilot disabled. (#668) (Thanks @multani for the contribution!)
What's new?
- New tables added
Enhancements
- Added
firewall_rules
column to theazure_postgresql_flexible_server
table. (#852)
Bug fixes
- Added
verification_token
column toaws_ses_domain_identity
table which was accidentally removed in v1.0.0.
Breaking changes
The mod functionality, which was previously deprecated and moved to Powerpipe, has been removed in this version.
- Removed the
check
,dashboard
,mod
, andvariable
commands. (#4413) - Removed support for running named queries. (#4416)
- Removed the
watch
andmod-location
CLI args from thequery
command. (#4417) - Removed the
dashboard
,dashboard-listen
, anddashboard-port
CLI args from theservice
command. (#4418) - Removed the
STEAMPIPE_MOD_LOCATION
andSTEAMPIPE_INTROSPECTION
env vars. (#4419) - Removed support for deprecated
STEAMPIPE_CLOUD_HOST
andSTEAMPIPE_CLOUD_TOKEN
env vars. (#4420) - Removed the
watch
,introspection
, andmod-location
workspace profile args. (#4421) - Removed the
check
anddashboard
options from workspace profiles. (#4422) - Removed the
dashboard
option from global options (default.spc
). (#4423)
We’re excited to announce the v1.0.0 release of 116 Steampipe plugins!
While there are no significant changes in the new plugin versions, this release aligns with Steampipe's v1.0.0 launch. The plugins now adhere to semantic versioning, ensuring backward compatibility within each major version.
What's new?
- New tables added
Bug fixes
- Fixed the
rules
column inokta_signon_policy
,okta_password_policy
,okta_idp_discovery_policy
andokta_authentication_policy
tables to correctly return data instead ofnull
. (#145)
Dependencies
- Recompiled plugin with Go version
1.22
. (#146) - Recompiled plugin with steampipe-plugin-sdk v5.10.4 that fixes logging in the plugin export tool. (#146)
Enhancements
- The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. - Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed pagination across all the tables. (#34)
Dependencies
- Recompiled plugin with Go version
1.22
. (#43) - Recompiled plugin with steampipe-plugin-sdk v5.10.4 that fixes logging in the plugin export tool. (#43)
Bug fixes
- Fixed an issue where credentials from the imported foreign schema were lost after restarting the session in the Postgres FDW extension of the plugin. (#2275)
Dependencies
- Recompiled plugin with Go version
1.22
. (#450) - Recompiled plugin with steampipe-plugin-sdk v5.10.4 that fixes logging in the plugin export tool. (#450)
What's new?
- New tables added
Enhancements
- Added
connection_info
column to thegcp_alloydb_instance
table. (#651)
Bug fixes
- Removed the
name
column from thegcp_bigquery_table
table since the API response did not include this field. (#648)
Dependencies
- Recompiled plugin with Go version
1.22
. (#635) - Recompiled plugin with steampipe-plugin-sdk v5.10.4 that fixes logging in the plugin export tool. (#635)
Bug fixes
- Fixed the CLI to correctly display the latest released version when using the
steampipe -v
command. (#4388)
Bug fixes
- Fixed an issue where Steampipe failed to download the embedded PostgreSQL database and FDW during installation. (#4382)
Deprecations
- This GitHub Action is deprecated and will no longer be maintained. Please use Powerpipe Action Check instead.
Bug fixes
- Fixed secret references for AWS creds in README.
Dependencies
- Bumped @actions/core from v0.10.0 to v0.10.1.
- Bumped @vercel/ncc from v0.38.0 to v0.38.1.
- Bumped actions/setup-node from 3 to 4. (#95)
- Bumped actions/upload-artifact from 3 to 4. (#100)
- Bumped braces from 3.0.2 to 3.0.3. (#109)
- Bumped eslint from 8.52.0 to 8.56.0. (#101)
- Bumped eslint from 8.56.0 to 9.2.0. (#108)
- Bumped github/codeql-action from 2 to 3. (#99)
- Bumped semver from v7.5.4 to v7.6.3.
- Update to node v20 in action and check-dist workflow (#104) (Thanks @francois2metz for the contribution!)
Whats new
- Added the ability to configure plugin startup timeout. (#4320)
- Installed FDW and embedded Postgres database from GHCR instead of GCP. (#4344)
- Updated query JSON output format to add a
columns
property containing the column information. This allows us to handle duplicate column names by appending a unique suffix to duplicate column name (#4317)
Existing query JSON format:
$ steampipe query "select account_id, arn from aws_account" --output json{"rows": [{"account_id": "123456789012","arn": "arn:aws:::123456789012"}]}
New query JSON format(with new columns
property):
$ steampipe query "select account_id, arn from aws_account" --output json{"columns": [{"name": "account_id","data_type": "text"},{"name": "arn","data_type": "text"}],"rows": [{"account_id": "123456789012","arn": "arn:aws:::123456789012"}]}
Bug fixes
- Fixed the issue where the plugin manager was incorrectly reporting a shutdown. (#4365)
What's new?
- New tables added
Enhancements
- Added
time_created
column to theazure_compute_virtual_machine
table. (#831) - Added
ip_configuration
,linked_public_ip_address
,nat_gateway
andservice_public_ip_address
columns to theazure_public_ip
table. (#836) - Added 20 new columns to the
azure_postgresql_flexible_server
table. (#824)
Bug fixes
- Fixed the
ip_configurations
column of theazure_subnet
table to correctly return data instead ofnull
. (#822) - Fixed the
web_application_firewall_configuration
column ofazure_application_gateway
table to correctly return data instead ofnull
. (#835)
Dependencies
- Recompiled plugin with Go version
1.22
. (#832) - Recompiled plugin with steampipe-plugin-sdk v5.10.4 that fixes logging in the plugin export tool.
- Updated the
azure_mysql_flexible_server
andazure_postgresql_flexible_server
tables to use the new Azure ARM Go package. (#820)
What's new?
- New tables added
Enhancements
- Updated the
aws_ec2_ami
table to correctly return disabled AMIs on passing thedisabled
value to thestate
optional qual (where state = 'disabled'
). (#2277) - Added 100+ new columns across all tables per
AWS Go SDK v2 1.27.0
. (#2139)
Dependencies
- Recompiled plugin with Go version
1.22
. (#2283) - Recompiled plugin with steampipe-plugin-sdk v5.10.4 that fixes logging in the plugin export tool. (#2286)
Bug fixes
- Fixed an issue where Steampipe failed to create a new connection if it was outside the defined search path. (#4353)
What's new?
- New tables added
- prismacloud_account
- prismacloud_alert
- prismacloud_alert_rule
- prismacloud_compliance_breakdown_requirement_summary
- prismacloud_compliance_breakdown_statistic
- prismacloud_compliance_breakdown_summary
- prismacloud_compliance_requirement
- prismacloud_compliance_standard
- prismacloud_iam_permission
- prismacloud_iam_role
- prismacloud_iam_user
- prismacloud_inventory_api_endpoint
- prismacloud_inventory_asset_explorer
- prismacloud_inventory_asset_view
- prismacloud_inventory_workload
- prismacloud_inventory_workload_container_image
- prismacloud_inventory_workload_host
- prismacloud_permission_group
- prismacloud_policy
- prismacloud_prioritized_vulnerabilitiy
- prismacloud_report
- prismacloud_resource
- prismacloud_trusted_alert_ip
- prismacloud_vulnerabilitiy_asset
- prismacloud_vulnerabilitiy_burndown
- prismacloud_vulnerabilitiy_overview
What's new?
- New tables added
Enhancements
- The
euuid
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Linode accounts. (#56) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#60) - Added the
version
flag to the plugin's Export tool. (#65)
Dependencies
- Recompiled plugin with linode-sdk-for-go v1.37.0. (#56)
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that
QueryData
passed toConnectionKeyColumns
value callback is populated withConnectionManager
. (#55)
Enhancements
- Added
Reader
andData Access
role assignment information to thedocs/index.md
file. (#811)
Bug fixes
- Fixed the
azure_compute_virtual_machine
table to correctly populate theguest_configuration_assignments
column across allAzure
environments. (#816) - Fixed the
azure_role_assignment
table to correctly return the result while using any mode of plugin authentication. (#809) - Fixed the paging issue in the
azure_monitor_activity_log_event
table. (#810) - Fixed the caching issue in the standalone plugin FDW extensions. (#480)
Enhancements
- Added
location_type
column as an optional qual to theaws_ec2_instance_availability
table and 6 new columns to theaws_ec2_instance_type
table. (#2078) - Updated docs for
aws_appautoscaling_policy
andaws_appautoscaling_target
tables to add information on required quals. (#2247) - Added the
type
column as an optional qual to theaws_auditmanager_control
table. (#2254)
Bug fixes
- Fixed the
GetConfig
definition of theaws_auditmanager_control
table to correctly return data instead of an error. (#2254) - Fixed the
aws_kms_key_rotation
table to correctly returnnil
whenever anAccessDeniedException
error is returned by the API. (#2253) - Fixed the caching issue in the standalone plugin FDW extensions. (#480)
Breaking changes
- Removed the following columns in
gcp_cloudfunctions_function
table to align with the new API response structure: (#612)environment_variables
source_upload_url
version_id
What's new?
- Added the
impersonate_access_token
config argument to support plugin authentication by using a pre-generated temporary access token. (#621)
Enhancements
- Added 17 new columns to the
gcp_cloudfunctions_function
table. (#612)
Bug fixes
- Fixed the cache key issue in the
SecretManager
service client creation. (#624)
What's new?
- New tables added
Bug fixes
- Fixed the
power_state
column of theazure_compute_virtual_machine
table to correctly return data instead of anil pointer dereference
error. (#804)
Bug fixes
- Fixed plugin loading issues by eliminating the need for manual caching, ensuring smoother and more reliable plugin installations. (#50)
What's new?
- Added the
insecure_skip_verify
connection config argument to support bypassing theSSL/TLS
certificate verification while querying the tables. (#48)
Enhancements
- The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package.
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 that adds support for connection key columns. (#49)
Bug fixes
- Fixed issue where local Docker config for the credential store was used when installing plugins from GHCR, enabling installation from GHCR to work even if docker-credential-desktop is not in PATH. (#4323)
- Fixed issue where Steampipe returned a 0 exit code even if it failed to export a snapshot. (#4276)
- Fixed issue where the query command did not support the legacy 'true' and 'false' values for the --timing flag. (#4282)
- Fixed issue where SPS output was not working. (#4297)
- Fixed issue where loading connection plugins did not return successfully created connections if some connections failed due to the configuration not being available. (#474)
- Fixed issue where scan info in query JSON output was shown even when the timing configuration was not set to verbose. (#4292)
What's new?
- New tables added
Enhancements
- The
domain
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Okta organizations. (#120) - Added support to specify the time period in
.spc
file formax retries
,request timeout
, andmax backoff time
as required. (#112) - Added
profile
column to theokta_factor
table. (#130)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that
QueryData
passed toConnectionKeyColumns
value callback is populated withConnectionManager
. (#120)
Enhancements
- The
organization_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Linear accounts. (#34)
Bug fixes
- Fixed the plugin to correctly check for a valid Personal Access token. (#33)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that
QueryData
passed toConnectionKeyColumns
value callback is populated withConnectionManager
. (#34)
Enhancements
- Added column
power_state
to theazure_compute_virtual_machine_scale_set_vm
table. (#800) (Thanks @pdepdecatcat for the contribution!)
Bug fixes
- Fixed the
azure_log_alert
table to correctly return values foractions
,condition
,description
,enabled
, andscopes
columns instead ofnull
. (#796)
What's new?
- New tables added
Bug fixes
Bug fixes
- Fixed the export tool of the plugin to return a non-zero error code instead of 0 whenever an error occurred. (#79)
Bug fixes
- Reverted the export CLI behavior to return
<nil>
fornull
values instead of""
. (#77)
Bug fixes
- Reverted the export CLI behavior to return
<nil>
fornull
values instead of""
. (#77)
Bug fixes
- Reverted the export CLI behavior to return
<nil>
fornull
values instead of""
. (#77)
What's new
- New tables added
Enhancements
- Added 9 new columns to the
aws_elasticache_cluster
table. (#2224)
Bug fixes
What's new?
- New tables added
Enhancements
- The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#101) - Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed the
arguments
column ofterraform_resource
table to correctly return thetype
field. (#99) (#92)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 that adds support for connection key columns. (#92)
What's new?
- New tables added
Enhancements
Bug fixes
- Fixed the issue of missing and inconsistent columns in Kubernetes CRD tables. (#229) (Thanks @dongho-jung for the contribution!!)
What's new?
- New tables added
- aws_route53_vpc_association_authorization (#2199) (Thanks @jramosf for the contribution!)
Enhancements
- Updated
aws_s3_bucket
,aws_s3_bucket_intelligent_tiering_configuration
,aws_s3_object
andaws_s3_object_version
tables to useHeadBucket
API instead ofGetBucketLocation
to fetch the region that the bucket resides in. (#2082) (Thanks @pdecat for the contribution!) - Added column
create_time
toaws_ec2_key_pair
table. (#2196) (Thanks @kasadaamos for the contribution!) - Added
instance_type
column as an optional qual to theaws_ec2_instance_type
table. (#2200)
Bug fixes
- Fixed the
akas
column inaws_health_affected_entity
table to correctly return data instead of an error by handling events that do not have anyARN
. (#2189) - Fixed
cname
andendpoint_url
columns ofaws_elastic_beanstalk_environment
table to correctly return data instead ofnull
. (#2201) - Fixed the
aws_api_gatewayv2_*
tables to correctly return data instead of an error by excluding support for the new unsupportedil-central-1
region. (#2190)
What's new?
- New tables added
Enhancements
- The
login_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Jira connections. (#119) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#128) - Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed pagination in the
jira_board
table to correctly return all the data instead of partial results. (#127)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 that adds support for connection key columns. (#119)
What's new?
- New tables added
Bug fixes
- Fixed the
public_network_access_for_ingestion
and thepublic_network_access_for_query
columns of theazure_application_insight
table to be ofString
data type instead ofJSON
. (#769) - Fixed the
azure_role_assignment
table to correctly return values forprincipal_id
andprincipal_type
columns instead ofnull
. (#763) - Fixed the
web_application_firewall_configuration
column of theazure_application_gateway
table to correctly return data instead ofnull
. (#770)
What's new?
- New tables added
Bug fixes
Enhancements
- The
user_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Pipes connections. (#27) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#32) - Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed the plugin to correctly authenticate against a custom tenant in
Pipes
instead of returning a401
error. (#30)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 that adds support for connection key columns. (#27)
What's new?
- New tables added
- github_blob (#430) (Thanks @rmhartog for the contribution!)
- github_repository_content (#317)
Enhancements
- The
login_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Github connections. (#422) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#219) - Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed the plugin support for Github OAuth Access token to work correctly. (#432)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 that adds support for connection key columns. (#422)
Bug fixes
- Updated Postgres FDW to
v1.11.2
to remove unnecessaryNOTICE
level log messages. (#469)
Enhancements
- The
tenant_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Microsoft 365 subscriptions. (#50) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#55) - Added the
version
flag to the plugin's Export tool. (#65)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that
QueryData
passed toConnectionKeyColumns
value callback is populated withConnectionManager
. (#50)
Enhancements
- The
tenant_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Azure subscriptions. (#175) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#180) - Added support for
China cloud
endpoint and scope based on the environment. (#174) - Added the
version
flag to the plugin's Export tool. (#65)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that
QueryData
passed toConnectionKeyColumns
value callback is populated withConnectionManager
. (#175)
- New tables added
Enhancements
- The
tenant_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple OCI tenants. (#606) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#614) - Added the
version
flag to the plugin's Export tool. (#65)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.0 that adds support for connection key columns. (#606)
- Recompiled plugin with github.com/hashicorp/go-getter v1.7.4. (#611)
Enhancements
- The
project
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple GCP projects. (#564) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#580) - Added the
version
flag to the plugin's Export tool. (#65)****
Bug fixes
- Fixed the table
gcp_cloudfunctions_function
to listgen2
cloud functions. (#568) (Thanks @ashutoshmore658 for the contribution!)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.0 that adds support for connection key columns. (#564)
- Recompiled plugin with github.com/hashicorp/go-getter v1.7.4. (#570)
Enhancements
- The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#756)
Bug fixes
- Fixed the
server_properties
column in theazure_postgresql_flexible_server
table to correctly return data instead ofnil
. (#754)
Dependencies
- Recompiled plugin with azure-sdk-for-go v68.0.0+incompatible. (#747)
- Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that
QueryData
passed toConnectionKeyColumns
value callback is populated withConnectionManager
. (#755)
Enhancements
- The
account_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Alibaba Cloud accounts. (#406) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#419) - Added the
version
flag to the plugin's Export tool. (#65)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.0 that adds support for connection key columns. (#406)
- Recompiled plugin with github.com/hashicorp/go-getter v1.7.4. (#412)
Enhancements
- The
context_name
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Kubernetes connections. (#217) - The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package. (#219) - Added the
version
flag to the plugin's Export tool. (#65)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.0 that adds support for connection key columns. (#217)
- Recompiled plugin with github.com/hashicorp/go-getter v1.7.4. (#218)
v0.138.0 [2024-05-09]
Enhancements
- The Plugin and the Steampipe Anywhere binaries are now built with the
netgo
package for both the Linux and Darwin systems. (#219) (#2180)
Bug fixes
- Fixed the
aws_ebs_snapshot
table to correctly return data instead of an empty row. (#2185)
Dependencies
- Recompiled plugin with github.com/hashicorp/go-getter v1.7.4. (#2178)
Whats new
Added support for connection key columns: (#768)
A
connection key column
defines a column whose value maps 1-1 to a Steampipe connection and so can be used to filter connections when executing an aggregator query. These columns are treated as (optional) KeyColumns. This means they are taken into account in the query planning.Added support for verbose timing information. (#4244)
Added support for pushing down sort order. (#447)
Updated limit pushdown logic to push down the limit if all sort clauses are pushed down. (#458)
Added support for
WHERE column=val1 OR column=val2 OR column=val3...
Migrated from plugin registry from GCP to GHCR. (#4232)
Bug fixes
Bug fixes
- Ensured
QueryData
passed to connection key column value callback is populated withConnectionManager
. (#797)
What's new?
- New tables added
Enhancements
- The
subscription_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Azure subscriptions. (#740) - Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed the plugin's Postgres FDW Extension crash issue.
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.10.0 that adds support for connection key columns. (#745)
What's new?
- New tables added
Enhancements
- Added the
version
flag to the plugin's Export tool. (#65)
Bug fixes
- Fixed intermittent FDW crashes when certain postgres errors resulted in a signal 16 being raised. (#455)
- Fixed the broken Postgres 14, Postgres 15 and SQLite x86_64 binaries for Darwin operating systems.
What's new?
- New tables added
Enhancements
- The
account_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple AWS accounts. (#2133)
Bug fixes
- Fixed the
getDirectoryServiceSnapshotLimit
andgetDirectoryServiceEventTopics
hydrate calls in theaws_directory_service_directory
table to correctly returnnil
for the unsupportedADConnector
services instead of an error. (#2170)
What's new?
- New tables added: (Thanks @jplanckeel for the new plugin!)
v0.40.0 [2024-04-12]
What's new?
- New tables added
- Added support for plugin authentication using
Github App
. Please refer Github plugin configuration for more information. (#414)
Bug fixes
What's new?
- New tables added
Enhancements
- Added
snapshot_block_public_access_state
column toaws_ec2_regional_settings
table. (#2077)
Bug fixes
- Fixed the
getDirectoryServiceSnapshotLimit
andgetDirectoryServiceEventTopics
hydrate calls in theaws_directory_service_directory
table to correctly returnnil
for unsupportedSharedMicrosoftAD
services instead of an error. (#2156)
What's new?
- New tables added: (Thanks @ramirezj for the new plugin!)
What's new?
- New tables added
Enhancements
- Added support for nested dashboards. (#4208)
Bug fixes
- Fixed the issue where local plugins were not being loaded. (#4196)
- Re-added support for 'implicit' local plugins (i.e. the plugin binary exists but there is no entry in the
versions.json
). (#4223) - Fixed the issue where the daily update check message showed a
<nil>
when there was no message to show. (#4206)
What's new?
- New tables added
Enhancements
- Added support for
quota_project
config arg to provide users the ability to set theProject ID
used for billing and quota. (#556)
Bug fixes
- Fixed the
retry_policy_maximum_backoff
andretry_policy_minimum_backoff
columns ofgcp_pubsub_subscription
table to correctly return data. (#552) (Thanks to @mvanholsteijn for the contribution!)
What's new?
- New tables added
- aws_backup_job (#2145) (Thanks @rogerioacp for the contribution!)
- aws_elastic_beanstalk_application_version (#2150)
- aws_rds_db_engine_version (#2098)
- aws_s3_object_version (#2070)
- aws_servicequotas_service (#2070)
Bug fixes
- Fixed the
aws_vpc_eip
table to return anAccess Denied
error instead of anInvalid Memory Address or Nil Pointer Dereference
error when aService Control Policy
is applied to an account for a specific region. (#2136) - Fixed the
aws_s3_bucket
terraform script to prevent theAccessControlListNotSupported: The bucket does not allow ACLs
error during thePutBucketAcl
terraform call. (#2080) (Thanks @pdecat for the contribution!) - Fixed an issue where querying regional tables while using AWS profiles with
cross-account
role credentials results in the correct error being reported instead of zero rows. (#2137) - Fixed pagination in the
aws_ebs_snapshot
table to make fewer API calls when thelimit
parameter is passed to the query. (#2088)
What's new?
- New tables added
Enhancements
What's new?
- New tables added
- aws_acmpca_certificate_authority (#2125)
- aws_dms_endpoint (#1992)
- aws_dms_replication_task (#2110)
- aws_docdb_cluster_snapshot (#2123)
- aws_transfer_user (#2089) (Thanks @jramosf for the contribution!)
Enhancements
- Added
auto_minor_version_upgrade
column toaws_rds_db_cluster
table. (#2109) - Added
open_zfs_configuration
column toaws_fsx_file_system
table. (#2113) - Added
logging_configuration
column toaws_networkfirewall_firewall
table. (#2115) - Added
lf_tags
column toaws_glue_catalog_table
table. (#2128)
Bug fixes
- Fixed the query in the
aws_s3_bucket
table doc to correctly filter out buckets without theapplication
tag. (#2093) - Fixed the
aws_cloudtrail_lookup_event
input param to pass correctlyend_time
as an optional qual. (#2102) - Fixed the
arn
column of theaws_elastic_beanstalk_environment
table to correctly return data instead ofnull
. (#2105) - Fixed the
template_body_json
column of theaws_cloudformation_stack
table to correctly return data by adding a new transform functionformatJsonBody
, replacing theUnmarshalYAML
transform function. (#1959) - Fixed the
next_execution_time
column ofaws_ssm_maintenance_window
table to be ofString
datatype instead ofTIMESTAMP
. (#2116) - Renamed the
client_log_options
column toconnection_log_options
inaws_ec2_client_vpn_endpoint
table to correctly return data instead ofnull
. (#2122)
Whats new
- Improved startup performance with high plugin count - parallelize plugin startup. (#4183)
- Added database SSL password support for encrypted private key in order to handle your own certificates. (#4149)
Bug fixes
- Fixed issue where plugin list cannot re-create top-level versions.json file if the file has been corrupted or empty. (#4191)
Notice
- Scripts must use the permanent installation script at https://steampipe.io/install/steampipe.sh.
- The script above is automatically updated when the script moves location.
install.sh
has been moved from the top level folder to thescripts
folder.- Scripts directly referencing the raw GitHub location must be updated.
Notice
Steampipe will no longer officially publish or support a Dockerfile or container images.
Steampipe can be run in a containerized setup. We run it ourselves that way as part of Turbot Pipes. But, we've decided to cease publishing an supporting a container definition because:
- The CLI is optimized for developer use on the command line.
- Everyone has specific goals and requirements for their containers.
- Container setup requires various mounts and access to configuration files.
- It's hard to support containers across many different environments.
We welcome users to create and share your own open-source container definitions for Steampipe!
Steampipe unbundled, introducing Powerpipe
Powerpipe is now the recommended way to run dashboards and benchmarks!
Mods still work as normal in Steampipe for now, but they are deprecated and will be removed in a future release:
Whats new
- Added
version
column tosteampipe_plugin
table. (#4141) - Direct all errors and warnings to standard error (stderr). (4162)
Bug fixes
- Fixed the issue where
search_path_prefix
set indatabase options
does not alter the search path. (#4160) - Fix issue where
asff
output was always missing the first row. (#4157)
Deprecations and migrations
- Steampipe mods and dashboards are now separately available in Powerpipe, a new open-source project. The steampipe mod, check and dashboard commands have been deprecated and will be removed in a future version. Migration guide.
- Deprecated
cloud-host
andcloud-token
CLI args, and replaced them withpipes-host
andpipes-token
respectively. (#4137) - Deprecated
STEAMPIPE_CLOUD_HOST
andSTEAMPIPE_CLOUD_TOKEN
env vars, replaced withPIPES_HOST
andPIPES_TOKEN
respectively. (#4137) - Deprecated
cloud_host
andcloud_token
workspace args, replaced withpipes_host
andpipes_token
respectively. (#4137) - Removed support for deprecated
terminal options
. (#3751) - Removed support for deprecated
max_parallel
property ingeneral options
. (#4132) - Removed support for deprecated
connection options
. (#4131) - Removed deprecated
version
property from the modrequire
block. (#3750)
What's new?
- New dashboards added:
- OpenSearch Domain Detail (#75) (Thanks @Errahulaws for the contribution!)
What's new?
- New tables added
Bug fixes
- Fixed the
InvalidParameterCombination
error when querying theaws_rds_db_instance
table. (#2085) - Fixed
aws_rds_db_instance_metric_write_iops_daily
table to correctly displayWriteIOPS
instead ofReadIOPS
. (#2079)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.9.0 that fixes critical caching issues. (#2067)
Bug fixes
- Fixed the hierarchy in the benchmark list by properly integrating
Cloud Functions
benchmark intoall_controls
benchmark. (#146)
What's new?
- Removed support for Memoized functions to be directly assigned as column hydrate functions. Instead, require a wrapper hydrate function. (#756) (#738)
Bug fixes
- If cache is disabled for the server, but enabled for the client, the query execution code tries to stream to the cache even though there is no active set operation. (#740)
Bug fixes
- Fixed growing memory usage following file watching events when running dashboard server. (#4150)
Dependencies
- AWS plugin
v0.131.0
or higher is now required. (#747)
Enhancements
- Added 11 new controls to the
All Controls
benchmark across the following services: (#747)API Gateway
DMS
EMR
MQ
VPC
Bug fixes
- Fixed the
foundational_security_ssm_2
control to correctly evaluate results when patches are not applicable for SSM managed EC2 instances. (#761)
Bug fixes
- Fixed the typo in the
scaleway_billing_consumption
table docs to useconsumption
instead ofconsumtion
. (#80)
What's new?
- New tables added
- scaleway_account_project (#53) (Thanks @jplanckeel for the contribution!)
- scaleway_billing_consumption (#70) (Thanks @jplanckeel for the contribution!)
Enhancements
- Improved the plugin error message when invalid credentials are set in the
wiz.spc
file. (#23)
Bug fixes
- Fixed the
service_tickets
column inwiz_issue
table by removing theaction
subfield from theServiceTickets
field in the GraphQL response since it was no longer available. (#24 #25) (Thanks @sycophantic for the contribution!)
Bug fixes
- Removed duplicate control
rds_db_cluster_encrypted_with_kms_cmk
. (#105)
Bug fixes
- Removed duplicate node
service_account
. (#56)
What's new?
- New tables added
Bug fixes
What's new?
- New table added
- tfe_project (#42) (Thanks @edebrye for the contribution!)
Bug fixes
- Fixed the plugin initialization error by returning only the static tables when invalid config parameters were set for dynamic tables. #39
v0.86 [2024-02-08]
What's new?
- Added CIS v3.0.0 benchmark (
steampipe check benchmark.cis_v300
). (#755)
Bug fixes
- Fixed
HomeDirectoryModfileCheck
returning false positive, causing errors when executing steampipe out of the home directory. (#4118)
Enhancements
- Updated all the tables to fetch the column data using hydrate functions to optimize the API calls and increase query speed when querying specific columns. (#30)
What's new?
- New tables added
What's new?
- Added
OAuth
config support to provide users the ability to setOAuth secret client ID
andOAuth secret value
of a service principal. For more information, please see Databricks plugin configuration. (#6) (Thanks @rinzool for the contribution!) - Added
Config
object to directly pass credentials to the client. (#10)
What's new?
- New tables added
Enhancements
- Added the
authorization_rules
column toazure_servicebus_namespace
table. (#719)
Enhancements
- Optimized
aws_cloudwatch_log_stream
table's query performance by addingdescending
,log_group_name
,log_stream_name_prefix
andorder_by
new optional key qual columns. (#1951) - Optimized
aws_ssm_inventory
table's query performance by adding new optional key qual columns such asfilter_key
,filter_value
,network_attribute_key
,network_attribute_value
, etc. (#1980)
Bug fixes
- Fixed
aws_cloudwatch_log_group
table key column to be globally unique by filtering the results by region. (#1976) - Removed duplicate memoizing of getCommonColumns function from
aws_s3_multi_region_access_point
andaws_ec2_launch_template
tables.(#2065) - Fixed error for column
type_name
in tableaws_ssm_inventory_entry
. (#1980) - Added the missing rate-limiter tags for
aws_s3_bucket
table'sGetBucketLocation
hydrate function to optimize query performance. (#2066)
What's new?
- New tables added
Dependencies
- Azure plugin
v0.53.0
or higher is now required. (#242)
Enhancements
- Added 41 new controls to the
All Controls
benchmark across the following services: (#234 #233)Active Directory
App Service
Batch
Compute
Container Instance
Key Vault
Kubernetes Service
Network
Recovery Service
Service Bus
Storage
Bug fixes
- Fixed the description of
CIS_v150_2_1_9
control. (#238) (Thanks @sfunkernw for the contribution!)
Breaking changes
- Removed the
iam_root_user_virtual_mfa
control since it is not recommended as good practice. (#743) - Replaced
iam_account_password_policy_strong
withiam_account_password_policy_strong_min_reuse_24
in theGDPR
,FFIEC
andCISA Cyber Essentials
benchmarks to align more accurately with the requirements specified in the AWS Config rules. (#739)
Bug fixes
- Updated the dashboard image to correctly list all the 25 benchmarks. (#748)
What's new?
- New tables added
Bug fixes
- Fixed schema clone function failing if table has an LTREE column. (#4079)
- Maintained the order of execution when running multiple queries in batch mode. (#3728)
- Fixed issue where using any meta-command would load connection state even if not required. (#3614)
- Fixed issue where plugin version file back-filling would write
versions.json
to the CWD if the plugin folder is not found. (#4073) - Simplified and fixed available port check. (#4030)
What's new?
- New tables added
What's new?
- Added the
kubernetes_cluster_no_cluster_level_node_pool
control to theKubernetes
benchmark. (#53)
What's new?
- New tables added
Enhancements
What's new?
- New tables added
Enhancements
- Added column
iam_policy
togcp_cloud_run_service
table. (#531) - Optimized the
gcp_logging_log_entry
table result or result timing by applying a timestamp filter. (#508) - Added the
json_payload
,proto_payload
,metadata
,resource
,operation
, andtags
columns togcp_logging_log_entry
table. (#508)
Bug fixes
- Fixed the
addons_config
,network_config
andnetwork_policy
column ofgcp_kubernetes_cluster
table to correctly return data instead of null. (#530) - Fixed the
end_time
column of thegcp_sql_backup
table to returnnull
instead of an error when end time is unavailable for a SQL backup. (#534) - Fixed the
enqueued_time
,start_time
andwindow_start_time
columns of thegcp_sql_backup
table to returnnull
instead of an error when timestamp is unavailable for a SQL backup. (#536)
Enhancements
- Added the
audit_policy
column toazure_sql_database
andazure_sql_server
tables. (#711) - Added the
webhooks
column toazure_container_registry
table. (#710) - Added the
disable_local_auth
andstatus
columns toazure_servicebus_namespace
table. (#715)
Bug fixes
- Fixed the
azure_key_vault_secret
table to correctly return data when keyvault name is in camel-case. (#638)
Bug fixes
- Fixed the
low_iops_ebs_volumes
control to now suggest convertingio1
andio2
volumes toGP3
volumes, when the baseIOPS
is less than16000
instead of3000
. (#167)
What's new?
- New tables added
Enhancements
- Added
deletion_protection_enabled
column toaws_dynamodb_table
table. (#2049)
Bug fixes
What's new?
- Added the input variables to the following services to allow different thresholds to be passed in:
Droplet
Database
Block Storage
Kubernetes
To get started, please see [Digitalocean Thrifty Configuration] (https://hub.steampipe.io/mods/turbot/digitalocean_thrifty#configuration). For a list of variables and their default values, please see steampipe.spvars. (#36)
What's new?
- New tables added
Note : Table aws_sns_topic_subscription
will be changing behaviours in a future release to return results from ListSubscriptionsByTopic
instead of ListSubscriptions
.
Bug fixes
- Updated the tags to use
risk
instead ofseverity
to eliminate duplicate column names in output files. (#41)
What's new?
- Added the following controls across the benchmarks: (#51)
container_instance_container_group_secure_environment_variable
container_registry_zone_redundant_enabled
What's new?
- New tables added
Enhancements
- Added
storage_throughput
column toaws_rds_db_instance
table. (#2010) (Thanks @toddwh50 for the contribution!) - Added
layers
column toaws_lambda_function
table. (#2008) (Thanks @icaliskanoglu for the contribution!) - Added
tags
column toaws_backup_recovery_point
andaws_backup_vault
tables. (#2033)
Bug fixes
Enhancements
- Updated the controls to reference their query using
query =
rather thansql =
. (#25)
Bug fixes
- Fixed the broken
network_subnet_to_network_virtual_network
edge of the relationship graph in thesql_server_detail
dashboard page to correctly reference thenetwork_subnets_for_sql_server
query. (#118)
Bug fixes
- Fixed the
kubernetes_cluster_upgraded_with_non_vulnerable_version
query to correctly check if a Kubernetes cluster is using an outdated software version. (#235)
Bug fixes
- Fixed the plugin to return only static tables instead of an error when the
objects
config argument is not set or the plugin credentials are not set correctly. (#26)
What's new?
- New tables added
- reddit_my_saved_post (Thanks @mkell43 for the contribution!)
- reddit_my_saved_comment (Thanks @mkell43 for the contribution!)
Whats new
- Allow using pprof on FDW when STEAMPIPE_FDW_PPROF environment variable is set. (#368)
Bug fixes
Enhancements
- Added 61 new controls to the
All Controls
benchmark across the following services: (#140)- CloudFunctions
- Compute
- KMS
- Kubernetes
- Project
- SQL
- Storage
Enhancements
- Added 50 new controls to the
All Controls
benchmark across the following services: (#736)- ACM
- CloudFront
- CloudTrail
- Config
- DocumentDB
- EC2
- ECS
- EKS
- ElastiCache
- ELB
- EMR
- Kinesis
- RDS
- Redshift
- S3
- SNS
- SQS
- SSM
- VPC
What's new?
- New tables added: (Thanks @ajmaradiaga for the new plugin!)
Enhancements
- Updated the plugin to use a shared, optimized HTTP client that enhances DNS management and reduces connection floods for more stable and efficient queries. (#2036)
Enhancements
- Updated the plugin's
.goreleaser
file to build the netgo package only for Darwin systems. (#2029)
114 plugins have been updated to include the following changes:
What's new?
- Query tables directly in Postgres as a native Foreign Data Wrapper.
- Query tables directly in SQLite as a SQLite extension.
- Run as an Export CLI to extract data to files.
- SQLite examples added to table documentation.
- Expanded table documentation, especially to describe example queries.
- Docs license updated to match Steampipe CC BY-NC-ND license.
Dependencies
- Recompiled with steampipe-plugin-sdk v5.8.0 that includes plugin server encapsulation for in-process and GRPC usage, adding Steampipe Plugin SDK version to
_ctx
column, and fixing connection and potential divide-by-zero bugs.
Bug fixes
- Fixed the plugin to correctly return results when environment variables are only used for authentication. (#21)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#15)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#20)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#13)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#43)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#36)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#20)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#26)
What's new?
- New tables added
- github_repository_sbom (#353) (Thanks @lwakefield for the contribution!)
Enhancements
- Updated the following tables to include support for dynamic GraphQL queries:
github_my_star
(#369)github_stargazer
(#370)github_tag
(#371)github_rate_limit
(#368)github_community_profile
(#367)github_license
(#366)github_organization_member
(#364)github_team_member
(#364)github_user
(#364)github_my_team
(#363)github_team
(#363)github_commit
(#362)github_my_organization
(#361)github_organization
(#361)github_organization_external_identity
(#361)github_branch
(#360)github_branch_protection
(#360)github_repository_collaborator
(#365)github_repository_deployment
(#365)github_repository_environment
(#365)github_repository_vulnerability_alert
(#365)github_issue
(#359)github_issue_comment
(#359)github_pull_request
(#359)github_pull_request_comment
(#359)github_pull_request_review
(#359)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#27)
What's new?
- New tables added: (Thanks @gabrielsoltz for the new plugin!)
What's new?
- Added the following controls across the benchmarks: (#49)
bigquery_table_deletion_protection_enabled
bigtable_instance_deletion_protection_enabled
spanner_database_deletion_protection_enabled
spanner_database_drop_protection_enabled
What's new?
- Added the following controls across the benchmarks: (#47)
appservice_environment_zone_redundant_enabled
appservice_function_app_public_access_disabled
appservice_plan_zone_redundant
appservice_web_app_public_access_disabled
eventhub_namespace_uses_latest_tls_version
eventhub_namespace_zone_redundant
kubernetes_cluster_critical_pods_on_system_nodes
kubernetes_cluster_os_disk_ephemeral
redis_cache_standard_replication_enabled
sql_database_ledger_enabled
sql_database_zone_redundant_enabled
What's new?
- Added the following controls across the benchmarks: (#98)
docdb_cluster_backup_retention_period_7
lambda_permission_restricted_service_permission
neptune_cluster_backup_retention_period_7
neptune_cluster_copy_tags_to_snapshot_enabled
neptune_cluster_iam_authentication_enabled
Bug fixes
- Fixed the index doc by removing unsupported images. (#334)
Enhancements
- Added the following controls to the
All Controls
benchmark: (#733)api_gateway_rest_api_public_endpoint_with_authorizer
dlm_ebs_snapshot_lifecycle_policy_enabled
docdb_cluster_instance_encryption_at_rest_enabled
ebs_volume_snapshot_exists
elasticache_cluster_no_public_subnet
iam_role_no_administrator_access_policy_attached
iam_user_access_key_unused_45
iam_user_console_access_unused_45
neptune_db_cluster_no_public_subnet
Bug fixes
- Fixed missing closing tag in index doc. (#331)
Bug fixes
- Fixed
ad_guest_user_reviewed_monthly
,iam_deprecated_account_with_owner_roles
,iam_external_user_with_read_permission
,iam_external_user_with_write_permission
,iam_user_not_allowed_to_create_security_group
andiam_user_not_allowed_to_register_application
queries to remove duplicate benchmark results. (#228)
Bug fixes
- Fixed the plugin brand colour.
What's new?
- New tables added
Bug fixes
- Fixed the
retention_policy
column ofgcp_storage_bucket
table to correctly return data instead of null. (#502)
What's new?
- New tables added
- aws_lambda_event_source_mapping (#1874) (Thanks @nickman for the contribution!)
Enhancements
What's new?
- New tables added
Enhancements
- Added the
properties
column tojira_project
table. (#105)
Bug fixes
What's new?
- Added CIS v3.0.0 benchmark (
steampipe check benchmark.cis_v300
). (#57)
Breaking Changes
- Removed the following tables using the search API that no longer work due to API limitations. These tables will be added back if functionality can be restored.
linkedin_company_employee
linkedin_company_past_employee
linkedin_connection
linkedin_search_company
linkedin_search_profile
Bug fixes
- Fixed the
compute_firewall_allow_tcp_connections_proxied_by_iap
query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)
What's new?
- Encapsulate plugin server so it is possible to use it in-process as well as via GRPC. (#719)
- Add
steampipe
field to_ctx
column, containing sdk version. (#712)
Bug fixes
- Remove
plugin has no connections
error when deleting and then re-adding a connection. (#725) - Fix potential divide by zero bug when setting cache size
What's new?
- New tables added
- aws_fms_policy (#1851)
- aws_fms_app_list (#1851)
- aws_transfer_server (#1909) (Thanks @jramosf for the contribution!)
Enhancements
- Added the
features
column toaws_guardduty_detector
table. (#1958)
What's new?_
- Added the new
All Controls
benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)
- Updated the plugin dependency section of the following mods to use
min_version
instead ofversion
:- Alicloud Insights
- AWS Insights
- AWS Tags
- Azure Insights
- Digitalocean Insights
- Docker Compliance
- GCP Insights
- GCP Labels
- Github Compliance
- Github Insights
- Gitlab Insights
- Hackernews Insights
- IBM Insights
- Kubernetes Insights
- Microsoft 365 Compliance
- OCI Compliance
- OCI Insights
- OCI Thrifty
- Snowflake Compliance
- Tailscale Compliance
- Terraform AWS Compliance
- Terraform Azure Compliance
- Terraform GCP Compliance
- Terraform OCI Compliance
- Turbot Guardrails Insights
Breaking changes
- Updated the plugin dependency section of the mod to use min_version instead of version. (#82)
Bug fixes
- Updated the docs to include the correct links for the nsa_cisa_v1 benchmark. (#80) (Thanks @aniketh-varma for the contribution!)
- Fixed the following queries to cast the data to boolean format. (#79)
- cronjob_container_privilege_disabled
- cronjob_host_network_access_disabled
- cronjob_hostpid_hostipc_sharing_disabled
- cronjob_immutable_container_filesystem
- cronjob_non_root_container
- daemonset_container_privilege_disabled
- daemonset_host_network_access_disabled
- daemonset_hostpid_hostipc_sharing_disabled
- daemonset_immutable_container_filesystem
- daemonset_non_root_container
- deployment_container_privilege_disabled
- deployment_host_network_access_disabled
- deployment_hostpid_hostipc_sharing_disabled
- deployment_immutable_container_filesystem
- deployment_non_root_container
- job_container_privilege_disabled
- job_host_network_access_disabled
- job_hostpid_hostipc_sharing_disabled
- job_immutable_container_filesystem
- job_non_root_container
- pod_container_privilege_disabled
- pod_immutable_container_filesystem
- pod_non_root_container
- pod_service_account_token_enabled
- pod_template_container_privilege_disabled
- pod_template_immutable_container_filesystem
- replicaset_container_privilege_disabled
- replicaset_host_network_access_disabled
- replicaset_hostpid_hostipc_sharing_disabled
- replicaset_immutable_container_filesystem
- replicaset_non_root_container
- replication_controller_container_privilege_disabled
- replication_controller_host_network_access_disabled
- replication_controller_hostpid_hostipc_sharing_disabled
- replication_controller_immutable_container_filesystem
- replication_controller_non_root_container
- statefulset_container_privilege_disabled
- statefulset_host_network_access_disabled
- statefulset_hostpid_hostipc_sharing_disabled
- statefulset_immutable_container_filesystem
- statefulset_non_root_container
Breaking changes
- Updated the plugin dependency section of the mod to use
min_version
instead ofversion
. (#161) - Renamed the control
lambda_function_with_graviton2
tolambda_function_with_graviton
in order to maintain consistency. (#158) (Thanks @bluedoors for the contribution!)
Bug fixes
- Fixed the description of the
name
column inaws_organizations_account
table. (#1947) (Thanks @badideasforsale for the contribution!)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.3 which addresses the issue of expired credentials being intermittently retained in the connection cache. (#1956)
Bug fixes
- Fixed expired credentials sometimes being left in the connection cache. Update connection cache to use a backing store per connection, rather than a shared backing store. (#699)
What's new?
Enhancements
- Added the
contact_info
column tolinkedin_profile
table. (#5)
Bug fixes
- Fixed the required quals of
github_issue
andgithub_pull_request
tables to correctly return data instead of an error. (#355)
What's new
- Updated
github_issue
,github_my_issue
,github_pull_request
,github_search_issue
, andgithub_search_pull_request
tables to only include nested and user permission columns in GraphQL request when requested. This should result in faster queries and large scale queries completing more consistently. (#342)
Enhancements
- Added the following controls to the
All Controls
benchmark: (#722)athena_workgroup_enforce_configuration_enabled
iam_inline_policy_no_administrative_privileges
Bug fixes
Enhancements
- Added additional dashboard and query docs and updated metadata descriptions in docs. (#323)
What's new?
- Added 11 new controls across the benchmarks for the following services: (#39)
- Application Gateway
- Automation
- Cognitive Search
- Compute
- Frontdoor
- Network
- PostgreSQL
The remaining 94 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs.
Bug fixes
- Fixed queries to correctly return data for
connection_name
andtags
dimensions instead of an error. (#73)
Enhancements
- Updated the following queries to use
url
as the resource column: (#35)default_branch_all_build_steps_as_code
default_branch_pipeline_locks_external_dependencies_for_build_process
default_branch_pipeline_must_have_jobs_with_sbom_generation
default_branch_pipelines_scan_for_vulnerabilities
default_branch_pipelines_scanners_set_to_prevent_sensitive_data
org_member_mfa_enabled
repo_inactive_members_review
repo_deletion_limited_to_trusted_users
repo_issue_deletion_limited_to_trusted_users
repo_webhook_package_registery_security_settings_enabled
What's new?
- New tables added
The following 21 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs:
- Alibaba Cloud
- AWS CloudFormation
- Azure
- Azure Active Directory
- CSV
- DigitalOcean
- Docker
- Docker Hub
- Exec
- GCP
- GitHub
- IBM Cloud
- Jira
- Microsoft 365
- Net
- Okta
- OpenShift
- Oracle Cloud Infrastructure
- Salesforce
- Turbot Pipes
- Zoom
Bug fixes
- Fixed the plugin to prevent crashes when
source_types
config argument containsmanifest
butmanifest_file_paths
is not defined. (#177)
What's new?
- Added 39 new controls for the
ClusterRoleBinding
,CronJob
,DaemonSet
,Ingress
,Job
,Pod
resource types to theall_controls
benchmark. (#68)
Bug fixes
- Fixed the
source_account_id
column ofaws_securityhub_finding
table to correctly return data instead ofnull
. (#1927) (Thanks @gabrielsoltz for the contribution!) - Fixed the
members
column ofaws_rds_db_cluster
table to correctly return data instead ofnull
. (#1926)
Bug fixes
- Added support for the missing
mod-location
flag to thesteampipe variable list
command. (#3942)
Bug fixes
- The
initialise
function is now being called for implicit hydrate configs (i.e. hydrate functions without explicit config), thereby preventing nil pointer reference errors when the hydrate function returns an error. (#683)
Whats new?
- Define rate and concurrency limits for plugin execution. (#3746)
- Define multiple instances of a plugin version using a
plugin
connection config block. (#3807) - The maximum memory used by plugins and the CLI can now be specified either in
plugin
instance definitions or the newplugin
options block. (#3807) - New introspection tables
steampipe_plugin
andsteampipe_plugin_limiter
containing all configured plugin instances and limiters. (#3746) - New introspection table
steampipe_server_settings
populated with server settings data during service startup. (#3462) - Running
plugin install
with no arguments installs all referenced plugins. (#3451) - New
--output
flag forplugin list
cmd allows selection betweenjson
andtable
output. (#3368) - Each plugin directory ncontains a
version.json
which can be used to recompose the global pluginversions.json
if it is missing or corrupt. (#3492) - Typing
.cache
in interactive prompt shows the current value of cache. (#2439) - Steampipe commands bypass plugin requirement check if installed plugin is locally built. (#3643)
- New
skip-config
flag disables writing of default plugin config during plugin installation. (#3531, #2206) - Logs are now written to file instead of console. (#2916)
- When plugin startup fails, report useful message in the CLI. (#3732)
- Users are warned to not have mod.sp files in home directory. (#2321)
- Updated messaging when service is started on an unavailable port. (#623)
- Log files are rotated if the process is active across date boundaries. (#125, #3825)
- Listen hosts may be selected when starting steampipe service. (#3505)
- Initialisation behaviour for the sample options has been changed: always copy a sample file (
default.spc.sample
), but only overwrite thedefault.spc
file with the sample content if the existing file has not been modified. (#3431) - Validation for the workspace profile
cache
settings. (#3646) - Support OCI registries requiring authentication. (#2819)
- Compiled with Go 1.21. (#3763)
Bug fixes
- Plugin manager shutdown stalling intermittently due to deadlocks. (#3818)
- Temporary tables dropped in interactive prompt when pool connections recycled. (#3781,#3543)
service start
was not listening onnetwork
by default. (#3593)- Multi line logs from plugins not rendered correctly in plugin logs. (#3678)
.inspect
panicking for long column descriptions. (#3709)- Interactive prompt crashing when there is a code panic. (#3713)
- Incorrect zsh completion instructions.
- Steampipe should not create export files for cancelled control runs. (#3578)
BuildFullResourceName
not validating non empty arguments. (#3601)- Spinner not showing when exporting check results. (#3577)
stdin
was consumed byquery
command even if there are arguments. (#1985)- When exporting multiple benchmarks, results now merged the results into a single export. (#2380)
- Raise warning when pseudo-resources are ignored because of named HCL resources. (#1328)
- Database reinstalled unnecessarily if any FDW files were missing. (#2040)
- Improved error message when steampipe fails to parse a mod definition file because mod block does not exist. (#1198)
- Only
install-dir
andworkspace
flags should be global flags. All other flags should only apply to specific command. (#3542) - Passing an empty list for list variables was not working. (#2094)
- Show deprecation warning for
version
field inrequire
block of mod definition. - Temporary directories were not always being cleaned up after plugin commands.
plugin list
returned nothing if no plugins were installed. (#3927)
Deprecations and migrations
- Table
steampipe_connection_state
renamed tosteampipe_connection
- Removed migration and backward compatibility of data files from v0.13.0. (#3517)
- Removed deprecated
workspace-chdir
flag. (#3925) - Migrated from
cloud.steampipe.io
topipes.turbot.com
. (#3724) - Removed support for plugins which do not support multiple connections (i.e. using SDK < v4.0.0).
- Deprecated
terminal options
.
All 115 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.1, which adds support for rate and concurrency limiters.
Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to:
- Smooth the request rate from Steampipe to reduce load on the remote API or service
- Limit the number of parallel requests to reduce contention for client and network resources
- Avoid hitting server limits and throttling
For more information on getting started, please see Concurrency and Rate Limiting.
Deprecated
- The
source_type
config argument has been deprecated and will be removed in the next major version. Please use thesource_types
config argument instead. If both config arguments are set,source_types
will take precedence. For backward compatibility, please see below for old and new value equivalents: (#167)source_type = 'all'
:source_types = ["deployed", "helm", "manifest"]
source_type = 'deployed'
:source_types = ["deployed"]
source_type = 'helm'
:source_types = ["helm"]
source_type = 'manifest'
:source_types = ["manifest"]
What's new?
- Added the
source_types
config argument, which allows specifying a combination of source types to load per connection. (#167)
What's new?
- Added 350+ new controls across all resource types to the
all_controls
benchmark. (#64)
Enhancements
- Added
path
to default set ofcommon_dimensions
, so now any file paths will appear by default in the additional dimensions in control results. (#63) - Added
iac
category to mod definition.
Dependencies
- Kubernetes plugin
v0.23.0
or higher is now required.
Breaking changes
- Removed the
output
column in theexec_command
table. This column has been replaced by thestdout_output
andstderr_output
columns. (#13)
What's new?
- Added
stdout_output
andstderr_output
columns to theexec_command
table. (#13) - Added
stream
column to theexec_command_line
table. (#13) - Added plugin limiter
exec_global
withMaxConcurrency
set to 15 in an effort to reduce abuse reports due to large number of concurrent remote connections. (#13)
Bug fixes
- Results from the
exec_command
table should now be consistent when using local and remote connections. (#13)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.0 which adds support for rate limiters. (#13)
- Recompiled plugin with Go 1.21. (#13)
What's new?
- Added CIS v1.6.0 benchmark (
steampipe check docker_compliance.benchmark.cis_v160
). (#4)
What's new?
SetConnectionCacheOptions
, a new GRPC endpoint to clear connection cache. (#678)
Enhancements
- Added the
last_successful_login_time
column tooci_identity_user
table. (#547)
What's new?
- Define rate and concurrency limits for plugin execution. (#623)
- Diagnostics property added to
_ctx
column, containing information on hydrate calls and rate limiting (enabled by setting env varSTEAMPIPE_DIAGNOSTIC_LEVEL=all
) - Support for JSONB operators in
List
hydrate functions. (#594) Type
property added toConnectionConfig
protobuf definition to determine if a connection is an aggregator. (#590)- When plugin startup fails, write a specially formatted string to stdout so plugin manager can parse the output and display a useful message. (#619)
- Support for multi-line log entries. (#612)
- Added
Equals
function forQualValue
. (#646)
What's new?
- New tables added
Enhancements
- Added 112 new controls to the
All Controls
benchmark for the following services: (#59)CronJob
DaemonSet
Deployment
Job
Pod
ReplicaSet
ReplicationController
StatefulSet
Bug fixes
- Fixed
github_search_repository
table queries failing when selecting thehas_downloads
,has_pages
,hooks
,network_count
,subscribers_count
, ortopics
columns. (#337)
Bug fixes
- Fixed the
invalid memory address or nil pointer dereference
errors when querying Terraform configuration or plan or state files that includednull
valued arguments. (#56)
Bug fixes
- Fixed the plugin to return
nil
instead of anerror
when the file/path specified indockerfile_paths
ordocker_compose_file_paths
config arguments does not exist. (#38)
Bug fixes
- Added the missing
resource
column in the queries ofglue_data_catalog_encryption_settings_metadata_encryption_enabled
andglue_data_catalog_encryption_settings_password_encryption_enabled
controls. (#715)
Enhancements
- Added the
resource_object
andobject
columns toguardrails_notification
andguardrails_resource
tables respectively. (#7)
Bug fixes
- Added the missing S3 go-getter examples in the
docs/index.md
file.
Bug fixes
- Fixed the data type of
capacity_reservation_specification
column ofaws_ec2_instance
table to be ofJSON
type instead ofSTRING
. (#1903)
Enhancements
- Added the
iam_workload_identity_restricted
control to theIAM
benchmark. (#38)
Deprecations
- Deprecated
domain
column innet_certificate
table, which has been replaced by theaddress
column. Please note that theaddress
column requires a port, e.g.,github.com:443
. This column will be removed in a future version. (#50)
What's new?
- Added
address
column to thenet_certificate
table to allow specifying a port with the domain name. (#50)
Bug fixes
- Updated the
bitbucket.spc
andindex.md
files to include details ofBITBUCKET_USERNAME
,BITBUCKET_PASSWORD
, andBITBUCKET_API_BASE_URL
environment variables. (#77)
work done.