Changelog

Subscribe to Steampipe changelog via RSS or join #changelog on our Slack community to stay updated on everything we ship.

Changelog image

What's new?

Enhancements

  • Added error, is_public, resource_owner_account and resource_type optional quals for aws_accessanalyzer_finding table. (#2331) (Thanks @dbermuehler for the contribution!)
  • Updated the aws_s3_object table to use the HeadObject API to retrieve object metadata. (#2312) (Thanks @JonMerlevede for the contribution!)

Bug fixes

  • Fixed the aws_s3_bucket table to correctly return data by ignoring the not found error in getBucketTagging and getBucketWebsite hydrate functions. (#2335)

Bug fixes

  • Fixed the issue where the steampipe interactive meta-command .cache clear was not clearing the cache. (#4443)

Enhancements

  • Added multi_region and multi_region_configuration columns to aws_kms_key table. (#2338) (Thanks @pdecat for the contribution!)

Bug fixes

  • Fixed the comparison operator (<= or >=) for number and date filter in aws_inspector2_finding table. (#2332) (Thanks @dbermuehler for the contribution!)

Bug fixes

  • Fixed the trigger_parameters column of the circleci_pipeline table to correctly return data instead of JSON unmarshalling error. (#53)

What's new?

Enhancements

  • Added labels and tags columns to the gcp_compute_global_forwarding_rule table. (#678) (Thanks @pdecat for the contribution!)
  • Added database_installed_version and maintenance_version columns to the gcp_sql_database_instance table. (#677) (Thanks @pdecat for the contribution!)

Bug fixes

  • Fixed the gcp_compute_instance_group table to correctly return data for regional instance groups' instances column. (#670) (Thanks @pdecat for the contribution!)
  • Fixed the kubernetes_node_pool table to correctly return data instead of an error for node pools with auto-pilot disabled. (#668) (Thanks @multani for the contribution!)

Bug fixes

  • Added verification_token column toaws_ses_domain_identity table which was accidentally removed in v1.0.0.

Steampipe CLI v1.0.0

cli

Breaking changes

The mod functionality, which was previously deprecated and moved to Powerpipe, has been removed in this version.

  • Removed the check, dashboard, mod, and variable commands. (#4413)
  • Removed support for running named queries. (#4416)
  • Removed the watch and mod-location CLI args from the query command. (#4417)
  • Removed the dashboard, dashboard-listen, and dashboard-port CLI args from the service command. (#4418)
  • Removed the STEAMPIPE_MOD_LOCATION and STEAMPIPE_INTROSPECTION env vars. (#4419)
  • Removed support for deprecated STEAMPIPE_CLOUD_HOST and STEAMPIPE_CLOUD_TOKEN env vars. (#4420)
  • Removed the watch, introspection, and mod-location workspace profile args. (#4421)
  • Removed the check and dashboard options from workspace profiles. (#4422)
  • Removed the dashboard option from global options (default.spc). (#4423)

We’re excited to announce the v1.0.0 release of 116 Steampipe plugins!

While there are no significant changes in the new plugin versions, this release aligns with Steampipe's v1.0.0 launch. The plugins now adhere to semantic versioning, ensuring backward compatibility within each major version.

What's new?

Bug fixes

  • Fixed the rules column in okta_signon_policy, okta_password_policy, okta_idp_discovery_policy and okta_authentication_policy tables to correctly return data instead of null. (#145)

Dependencies

Enhancements

  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package.
  • Added the version flag to the plugin's Export tool. (#65)

Bug fixes

  • Fixed pagination across all the tables. (#34)

Dependencies

Bug fixes

  • Fixed an issue where credentials from the imported foreign schema were lost after restarting the session in the Postgres FDW extension of the plugin. (#2275)

Dependencies

What's new?

Enhancements

  • Added connection_info column to the gcp_alloydb_instance table. (#651)

Bug fixes

  • Removed the name column from the gcp_bigquery_table table since the API response did not include this field. (#648)

Dependencies

Enhancements

  • Added the event_region column to the aws_health_event table. (#2293)
  • Added the location_type column to the aws_ec2_instance_type table. (#2294)

Bug fixes

  • Removed unnecessary hydration of the instance_type column in aws_ec2_instance_type table. (#2294)
  • Fixed an issue where credentials from import foreign schema were lost after restarting session in the Posgres FDW extensions of the plugin. (#2275)

Bug fixes

  • Fixed the CLI to correctly display the latest released version when using the steampipe -v command. (#4388)

Bug fixes

  • Fixed an issue where Steampipe failed to download the embedded PostgreSQL database and FDW during installation. (#4382)

Deprecations

Bug fixes

  • Fixed secret references for AWS creds in README.

Dependencies

  • Bumped @actions/core from v0.10.0 to v0.10.1.
  • Bumped @vercel/ncc from v0.38.0 to v0.38.1.
  • Bumped actions/setup-node from 3 to 4. (#95)
  • Bumped actions/upload-artifact from 3 to 4. (#100)
  • Bumped braces from 3.0.2 to 3.0.3. (#109)
  • Bumped eslint from 8.52.0 to 8.56.0. (#101)
  • Bumped eslint from 8.56.0 to 9.2.0. (#108)
  • Bumped github/codeql-action from 2 to 3. (#99)
  • Bumped semver from v7.5.4 to v7.6.3.
  • Update to node v20 in action and check-dist workflow (#104) (Thanks @francois2metz for the contribution!)

Whats new

  • Added the ability to configure plugin startup timeout. (#4320)
  • Installed FDW and embedded Postgres database from GHCR instead of GCP. (#4344)
  • Updated query JSON output format to add a columns property containing the column information. This allows us to handle duplicate column names by appending a unique suffix to duplicate column name (#4317)

Existing query JSON format:

$ steampipe query "select account_id, arn from aws_account" --output json
{
"rows": [
{
"account_id": "123456789012",
"arn": "arn:aws:::123456789012"
}
]
}

New query JSON format(with new columns property):

$ steampipe query "select account_id, arn from aws_account" --output json
{
"columns": [
{
"name": "account_id",
"data_type": "text"
},
{
"name": "arn",
"data_type": "text"
}
],
"rows": [
{
"account_id": "123456789012",
"arn": "arn:aws:::123456789012"
}
]
}

Bug fixes

  • Fixed the issue where the plugin manager was incorrectly reporting a shutdown. (#4365)

What's new?

Enhancements

  • Added time_created column to the azure_compute_virtual_machine table. (#831)
  • Added ip_configuration, linked_public_ip_address, nat_gateway and service_public_ip_address columns to the azure_public_ip table. (#836)
  • Added 20 new columns to the azure_postgresql_flexible_server table. (#824)

Bug fixes

  • Fixed the ip_configurations column of the azure_subnet table to correctly return data instead of null. (#822)
  • Fixed the web_application_firewall_configuration column of azure_application_gateway table to correctly return data instead of null. (#835)

Dependencies

  • Recompiled plugin with Go version 1.22. (#832)
  • Recompiled plugin with steampipe-plugin-sdk v5.10.4 that fixes logging in the plugin export tool.
  • Updated the azure_mysql_flexible_server and azure_postgresql_flexible_server tables to use the new Azure ARM Go package. (#820)

What's new?

Enhancements

  • Updated the aws_ec2_ami table to correctly return disabled AMIs on passing the disabled value to the state optional qual (where state = 'disabled'). (#2277)
  • Added 100+ new columns across all tables per AWS Go SDK v2 1.27.0. (#2139)

Dependencies

Bug fixes

  • Fixed an issue where Steampipe failed to create a new connection if it was outside the defined search path. (#4353)

Whats new

  • Recompiled CLI with Go v1.22. (#4340)

Bug fixes

  • Fixed query error message to not include internal function names. (#4335)

What's new?

Enhancements

  • The euuid column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Linode accounts. (#56)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#60)
  • Added the version flag to the plugin's Export tool. (#65)

Dependencies

Bug fixes

  • Fixed the okta_factor table to correctly return data instead of a nil pointer dereference error. (#137)
  • Fixed the caching issue in the standalone plugin FDW extensions. (#480)

Enhancements

  • Added the GetConfig in the github_repository_content table. (#445)

Bug fixes

  • Fixed the caching issue in the standalone plugin FDW extensions. (#480)

Enhancements

  • Added Reader and Data Access role assignment information to the docs/index.md file. (#811)

Bug fixes

  • Fixed the azure_compute_virtual_machine table to correctly populate the guest_configuration_assignments column across all Azure environments. (#816)
  • Fixed the azure_role_assignment table to correctly return the result while using any mode of plugin authentication. (#809)
  • Fixed the paging issue in the azure_monitor_activity_log_event table. (#810)
  • Fixed the caching issue in the standalone plugin FDW extensions. (#480)

Enhancements

  • Added location_type column as an optional qual to the aws_ec2_instance_availability table and 6 new columns to the aws_ec2_instance_type table. (#2078)
  • Updated docs for aws_appautoscaling_policy and aws_appautoscaling_target tables to add information on required quals. (#2247)
  • Added the type column as an optional qual to the aws_auditmanager_control table. (#2254)

Bug fixes

  • Fixed the GetConfig definition of the aws_auditmanager_control table to correctly return data instead of an error. (#2254)
  • Fixed the aws_kms_key_rotation table to correctly return nil whenever an AccessDeniedException error is returned by the API. (#2253)
  • Fixed the caching issue in the standalone plugin FDW extensions. (#480)

Breaking changes

  • Removed the following columns in gcp_cloudfunctions_function table to align with the new API response structure: (#612)
    • environment_variables
    • source_upload_url
    • version_id

What's new?

  • Added the impersonate_access_token config argument to support plugin authentication by using a pre-generated temporary access token. (#621)

Enhancements

  • Added 17 new columns to the gcp_cloudfunctions_function table. (#612)

Bug fixes

  • Fixed the cache key issue in the SecretManager service client creation. (#624)

Enhancements

  • Added column create_time to gcp_sql_database_instance table. (#615)

Bug fixes

  • Fixed the gcp_alloydb_cluster and gcp_alloydb_instance tables to correctly return values for project column instead of null. (#617)

What's new?

Bug fixes

  • Fixed the power_state column of the azure_compute_virtual_machine table to correctly return data instead of a nil pointer dereference error. (#804)

Bug fixes

  • Fixed plugin loading issues by eliminating the need for manual caching, ensuring smoother and more reliable plugin installations. (#50)

What's new?

  • Added the insecure_skip_verify connection config argument to support bypassing the SSL/TLS certificate verification while querying the tables. (#48)

Enhancements

  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package.

Dependencies

Bug fixes

  • Fixed issue where local Docker config for the credential store was used when installing plugins from GHCR, enabling installation from GHCR to work even if docker-credential-desktop is not in PATH. (#4323)
  • Fixed issue where Steampipe returned a 0 exit code even if it failed to export a snapshot. (#4276)
  • Fixed issue where the query command did not support the legacy 'true' and 'false' values for the --timing flag. (#4282)
  • Fixed issue where SPS output was not working. (#4297)
  • Fixed issue where loading connection plugins did not return successfully created connections if some connections failed due to the configuration not being available. (#474)
  • Fixed issue where scan info in query JSON output was shown even when the timing configuration was not set to verbose. (#4292)

What's new?

Enhancements

  • The domain column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Okta organizations. (#120)
  • Added support to specify the time period in .spc file for max retries, request timeout, and max backoff time as required. (#112)
  • Added profile column to the okta_factor table. (#130)

Dependencies

  • Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that QueryData passed to ConnectionKeyColumns value callback is populated with ConnectionManager. (#120)

Enhancements

  • The organization_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Linear accounts. (#34)

Bug fixes

  • Fixed the plugin to correctly check for a valid Personal Access token. (#33)

Dependencies

  • Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that QueryData passed to ConnectionKeyColumns value callback is populated with ConnectionManager. (#34)

Enhancements

  • Added column power_state to the azure_compute_virtual_machine_scale_set_vm table. (#800) (Thanks @pdepdecatcat for the contribution!)

Bug fixes

  • Fixed the azure_log_alert table to correctly return values for actions, condition, description, enabled, and scopes columns instead of null. (#796)

What's new?

Bug fixes

  • Fixed the caching issue in aws_organizations_account table. (#2236)
  • Fixed typo (missing comma) in an example query of aws_health_affected_entity table document. (#2237) (Thanks @tieum for the contribution!)

Bug fixes

  • Fixed the export tool of the plugin to return a non-zero error code instead of 0 whenever an error occurred. (#79)

Enhancements

  • Added column public_network_access to the azure_storage_account table. (#794)

Bug fixes

  • Fixed the export tool of the plugin to return a non-zero error code instead of 0 whenever an error occurred. (#79)

Enhancements

  • Added 16 new columns to the aws_lambda_version table. (#2229)

Bug fixes

  • Fixed the export tool of the plugin to return a non-zero error code instead of 0 whenever an error occurred. (#79)

Bug fixes

  • Reverted the export CLI behavior to return <nil> for null values instead of "". (#77)

Bug fixes

  • Reverted the export CLI behavior to return <nil> for null values instead of "". (#77)

Bug fixes

  • Reverted the export CLI behavior to return <nil> for null values instead of "". (#77)

What's new

Enhancements

  • Added 9 new columns to the aws_elasticache_cluster table. (#2224)

Bug fixes

  • Fixed the aws_s3_object table not returning any rows due to panic error. (#2221)
  • Fixed no rows being returned from the ``table if an unqualified query is run before one withparent_id` specified.
  • Fixed data type for configuration_endpoint column in aws_elasticache_cluster table to be json. (#2214)

What's new?

Enhancements

  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#101)
  • Added the version flag to the plugin's Export tool. (#65)

Bug fixes

  • Fixed the arguments column of terraform_resource table to correctly return the type field. (#99) (#92)

Dependencies

What's new?

Bug fixes

  • Improved the error messaging for file parsing in the github_workflow table. (#438)

Dependencies

  • Recompiled plugin with github.com/cloudflare/circl v1.3.7. (#418)

Bug fixes

  • Fixed the issue of missing and inconsistent columns in Kubernetes CRD tables. (#229) (Thanks @dongho-jung for the contribution!!)

What's new?

Enhancements

  • Updated aws_s3_bucket, aws_s3_bucket_intelligent_tiering_configuration, aws_s3_object and aws_s3_object_version tables to use HeadBucket API instead of GetBucketLocation to fetch the region that the bucket resides in. (#2082) (Thanks @pdecat for the contribution!)
  • Added column create_time to aws_ec2_key_pair table. (#2196) (Thanks @kasadaamos for the contribution!)
  • Added instance_type column as an optional qual to the aws_ec2_instance_type table. (#2200)

Bug fixes

  • Fixed the akas column in aws_health_affected_entity table to correctly return data instead of an error by handling events that do not have any ARN. (#2189)
  • Fixed cname and endpoint_url columns of aws_elastic_beanstalk_environment table to correctly return data instead of null. (#2201)
  • Fixed the aws_api_gatewayv2_* tables to correctly return data instead of an error by excluding support for the new unsupported il-central-1 region. (#2190)

Enhancements

  • The login_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Jira connections. (#119)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#128)
  • Added the version flag to the plugin's Export tool. (#65)

Bug fixes

  • Fixed pagination in the jira_board table to correctly return all the data instead of partial results. (#127)

Dependencies

What's new?

Bug fixes

  • Fixed the public_network_access_for_ingestion and the public_network_access_for_query columns of the azure_application_insight table to be of String data type instead of JSON. (#769)
  • Fixed the azure_role_assignment table to correctly return values for principal_id and principal_type columns instead of null. (#763)
  • Fixed the web_application_firewall_configuration column of the azure_application_gateway table to correctly return data instead of null. (#770)

What's new?

  • Added support for the profile connection config argument. (#409)

Bug fixes

  • Fixed the alicloud_cs_kubernetes_cluster table to ensure it correctly returns data when querying clusters without tags. (#426)

Enhancements

  • The user_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Pipes connections. (#27)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#32)
  • Added the version flag to the plugin's Export tool. (#65)

Bug fixes

  • Fixed the plugin to correctly authenticate against a custom tenant in Pipes instead of returning a 401 error. (#30)

Dependencies

What's new?

Enhancements

  • The login_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Github connections. (#422)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#219)
  • Added the version flag to the plugin's Export tool. (#65)

Bug fixes

  • Fixed the plugin support for Github OAuth Access token to work correctly. (#432)

Dependencies

Bug fixes

  • Updated Postgres FDW to v1.11.2 to remove unnecessary NOTICE level log messages. (#469)

Enhancements

  • The tenant_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Microsoft 365 subscriptions. (#50)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#55)
  • Added the version flag to the plugin's Export tool. (#65)

Dependencies

  • Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that QueryData passed to ConnectionKeyColumns value callback is populated with ConnectionManager. (#50)

Enhancements

  • The tenant_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Azure subscriptions. (#175)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#180)
  • Added support for China cloud endpoint and scope based on the environment. (#174)
  • Added the version flag to the plugin's Export tool. (#65)

Dependencies

  • Recompiled plugin with steampipe-plugin-sdk v5.10.1 which ensures that QueryData passed to ConnectionKeyColumns value callback is populated with ConnectionManager. (#175)

Enhancements

  • The tenant_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple OCI tenants. (#606)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#614)
  • Added the version flag to the plugin's Export tool. (#65)

Dependencies

Enhancements

  • The project column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple GCP projects. (#564)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#580)
  • Added the version flag to the plugin's Export tool. (#65)****

Bug fixes

  • Fixed the table gcp_cloudfunctions_function to list gen2 cloud functions. (#568) (Thanks @ashutoshmore658 for the contribution!)

Dependencies

Enhancements

  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#756)

Bug fixes

  • Fixed the server_properties column in the azure_postgresql_flexible_server table to correctly return data instead of nil. (#754)

Dependencies

Enhancements

  • The account_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Alibaba Cloud accounts. (#406)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#419)
  • Added the version flag to the plugin's Export tool. (#65)

Dependencies

Bug fixes

  • Updated FDW to 1.11.1 to fix bad Linux Arm build. (#4271)
  • Updated hydrates count in timing verbose mode to use integer formatting(e.g. 119,138). (#4270)

Enhancements

  • The context_name column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Kubernetes connections. (#217)
  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package. (#219)
  • Added the version flag to the plugin's Export tool. (#65)

Dependencies

v0.138.0 [2024-05-09]

Enhancements

  • The Plugin and the Steampipe Anywhere binaries are now built with the netgo package for both the Linux and Darwin systems. (#219) (#2180)

Bug fixes

  • Fixed the aws_ebs_snapshot table to correctly return data instead of an empty row. (#2185)

Dependencies

Whats new

  • Added support for connection key columns: (#768)

    A connection key column defines a column whose value maps 1-1 to a Steampipe connection and so can be used to filter connections when executing an aggregator query. These columns are treated as (optional) KeyColumns. This means they are taken into account in the query planning.

  • Added support for verbose timing information. (#4244)

  • Added support for pushing down sort order. (#447)

  • Updated limit pushdown logic to push down the limit if all sort clauses are pushed down. (#458)

  • Added support for WHERE column=val1 OR column=val2 OR column=val3...

  • Migrated from plugin registry from GCP to GHCR. (#4232)

Bug fixes

  • Fixed hang when timing is disabled. (#4237)
  • Added a signal handler for signal 16 to avoid FDW crash. (#457)

Bug fixes

  • Ensured QueryData passed to connection key column value callback is populated with ConnectionManager. (#797)

What's new?

Enhancements

  • The subscription_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple Azure subscriptions. (#740)
  • Added the version flag to the plugin's Export tool. (#65)

Bug fixes

  • Fixed the plugin's Postgres FDW Extension crash issue.

Dependencies

What's new?

Enhancements

  • The account_id column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple AWS accounts. (#2133)

Bug fixes

  • Fixed the getDirectoryServiceSnapshotLimit and getDirectoryServiceEventTopics hydrate calls in the aws_directory_service_directory table to correctly return nil for the unsupported ADConnector services instead of an error. (#2170)

v0.40.0 [2024-04-12]

What's new?

Bug fixes

  • Fixed the github_workflow table to correctly return data for dynamic workflows instead of an error. (#412)
  • Fixed the plugin's Postgres FDW Extension crash issue.

What's new?

Enhancements

  • Added snapshot_block_public_access_state column to aws_ec2_regional_settings table. (#2077)

Bug fixes

  • Fixed the getDirectoryServiceSnapshotLimit and getDirectoryServiceEventTopics hydrate calls in the aws_directory_service_directory table to correctly return nil for unsupported SharedMicrosoftAD services instead of an error. (#2156)

What's new?

  • Added support for connection key columns. (#768)
  • Added sp_ctx and sp_connection_name columns to all tables. (#769)

Enhancements

  • Added support for nested dashboards. (#4208)

Bug fixes

  • Fixed the issue where local plugins were not being loaded. (#4196)
  • Re-added support for 'implicit' local plugins (i.e. the plugin binary exists but there is no entry in the versions.json). (#4223)
  • Fixed the issue where the daily update check message showed a <nil> when there was no message to show. (#4206)

What's new?

Enhancements

  • Added support for quota_project config arg to provide users the ability to set the Project ID used for billing and quota. (#556)

Bug fixes

  • Fixed the retry_policy_maximum_backoff and retry_policy_minimum_backoff columns of gcp_pubsub_subscription table to correctly return data. (#552) (Thanks to @mvanholsteijn for the contribution!)

What's new?

Bug fixes

  • Fixed the aws_vpc_eip table to return an Access Denied error instead of an Invalid Memory Address or Nil Pointer Dereference error when a Service Control Policy is applied to an account for a specific region. (#2136)
  • Fixed the aws_s3_bucket terraform script to prevent the AccessControlListNotSupported: The bucket does not allow ACLs error during the PutBucketAcl terraform call. (#2080) (Thanks @pdecat for the contribution!)
  • Fixed an issue where querying regional tables while using AWS profiles with cross-account role credentials results in the correct error being reported instead of zero rows. (#2137)
  • Fixed pagination in the aws_ebs_snapshot table to make fewer API calls when the limit parameter is passed to the query. (#2088)

What's new?

Enhancements

  • Added auto_minor_version_upgrade column to aws_rds_db_cluster table. (#2109)
  • Added open_zfs_configuration column to aws_fsx_file_system table. (#2113)
  • Added logging_configuration column to aws_networkfirewall_firewall table. (#2115)
  • Added lf_tags column to aws_glue_catalog_table table. (#2128)

Bug fixes

  • Fixed the query in the aws_s3_bucket table doc to correctly filter out buckets without the application tag. (#2093)
  • Fixed the aws_cloudtrail_lookup_event input param to pass correctly end_time as an optional qual. (#2102)
  • Fixed the arn column of the aws_elastic_beanstalk_environment table to correctly return data instead of null. (#2105)
  • Fixed the template_body_json column of the aws_cloudformation_stack table to correctly return data by adding a new transform function formatJsonBody, replacing the UnmarshalYAML transform function. (#1959)
  • Fixed the next_execution_time column of aws_ssm_maintenance_window table to be of String datatype instead of TIMESTAMP. (#2116)
  • Renamed the client_log_options column to connection_log_options in aws_ec2_client_vpn_endpoint table to correctly return data instead of null. (#2122)

Whats new

  • Improved startup performance with high plugin count - parallelize plugin startup. (#4183)
  • Added database SSL password support for encrypted private key in order to handle your own certificates. (#4149)

Bug fixes

  • Fixed issue where plugin list cannot re-create top-level versions.json file if the file has been corrupted or empty. (#4191)

Notice

  • Scripts must use the permanent installation script at https://steampipe.io/install/steampipe.sh.
  • The script above is automatically updated when the script moves location.
  • install.sh has been moved from the top level folder to the scripts folder.
  • Scripts directly referencing the raw GitHub location must be updated.

Notice

Steampipe will no longer officially publish or support a Dockerfile or container images.

Steampipe can be run in a containerized setup. We run it ourselves that way as part of Turbot Pipes. But, we've decided to cease publishing an supporting a container definition because:

  • The CLI is optimized for developer use on the command line.
  • Everyone has specific goals and requirements for their containers.
  • Container setup requires various mounts and access to configuration files.
  • It's hard to support containers across many different environments.

We welcome users to create and share your own open-source container definitions for Steampipe!

Steampipe unbundled, introducing Powerpipe

Powerpipe is now the recommended way to run dashboards and benchmarks!

Mods still work as normal in Steampipe for now, but they are deprecated and will be removed in a future release:

Whats new

  • Added version column to steampipe_plugin table. (#4141)
  • Direct all errors and warnings to standard error (stderr). (4162)

Bug fixes

  • Fixed the issue where search_path_prefix set in database options does not alter the search path. (#4160)
  • Fix issue where asff output was always missing the first row. (#4157)

Deprecations and migrations

  • Steampipe mods and dashboards are now separately available in Powerpipe, a new open-source project. The steampipe mod, check and dashboard commands have been deprecated and will be removed in a future version. Migration guide.
  • Deprecated cloud-host and cloud-token CLI args, and replaced them with pipes-host and pipes-token respectively. (#4137)
  • Deprecated STEAMPIPE_CLOUD_HOST and STEAMPIPE_CLOUD_TOKEN env vars, replaced with PIPES_HOST and PIPES_TOKEN respectively. (#4137)
  • Deprecated cloud_host and cloud_token workspace args, replaced with pipes_host and pipes_token respectively. (#4137)
  • Removed support for deprecated terminal options. (#3751)
  • Removed support for deprecated max_parallel property in general options. (#4132)
  • Removed support for deprecated connection options. (#4131)
  • Removed deprecated version property from the mod require block. (#3750)

Enhancements

  • Updated the regex pattern of slack_api_token to also detect the Slack bot tokens. (#73)
  • Updated the regex pattern of AWS access_key_id to include key resources like AWS SSO credentials. (#74)

Bug fixes

  • Fixed the plugin to return nil instead of an error when API credentials are not set in the *.spc file. (#14)
  • Fixed the default data type of the dynamic columns to be of the String type instead of JSON. (#16)

Bug fixes

  • Fixed the hierarchy in the benchmark list by properly integrating Cloud Functions benchmark into all_controls benchmark. (#146)

What's new?

  • Removed support for Memoized functions to be directly assigned as column hydrate functions. Instead, require a wrapper hydrate function. (#756) (#738)

Bug fixes

  • If cache is disabled for the server, but enabled for the client, the query execution code tries to stream to the cache even though there is no active set operation. (#740)

Bug fixes

  • Fixed growing memory usage following file watching events when running dashboard server. (#4150)

Dependencies

  • GCP plugin v0.49.0 or higher is now required. (#143)

Enhancements

  • Added 5 new controls to the All Controls benchmark across the following services: (#143)
    • App Engine
    • Cloud Run
    • Kubernetes

Dependencies

  • AWS plugin v0.131.0 or higher is now required. (#747)

Enhancements

  • Added 11 new controls to the All Controls benchmark across the following services: (#747)
    • API Gateway
    • DMS
    • EMR
    • MQ
    • VPC

Bug fixes

  • Fixed the foundational_security_ssm_2 control to correctly evaluate results when patches are not applicable for SSM managed EC2 instances. (#761)

Bug fixes

  • Fixed the typo in the scaleway_billing_consumption table docs to use consumption instead of consumtion. (#80)

Enhancements

  • Improved the plugin error message when invalid credentials are set in the wiz.spc file. (#23)

Bug fixes

  • Fixed the service_tickets column in wiz_issue table by removing the action subfield from the ServiceTickets field in the GraphQL response since it was no longer available. (#24 #25) (Thanks @sycophantic for the contribution!)

Bug fixes

  • Removed duplicate control rds_db_cluster_encrypted_with_kms_cmk. (#105)

Bug fixes

  • Removed duplicate node service_account. (#56)

Bug fixes

  • Fixed the pipeline column of the github_workflow table to correctly return data instead of an error. (#388)
  • Fixed the example query in the docs/index.md file by replacing the stargazers_count column with stargazer_count. (#397)

What's new?

Bug fixes

  • Fixed aws_sfn_state_machine_execution_history table to handle pagination and ignore errors for expired execution history. (#1934) (Thanks @pdecat for the contribution!)
  • Fixed the aws_health_affected_entity table to correctly return data instead of an interface conversion error. (#2072)

Bug fixes

  • Fixed the plugin initialization error by returning only the static tables when invalid config parameters were set for dynamic tables. #39

Bug fixes

  • Fixed variables not being reloaded after the file watch event. (#4123)
  • Fixed mod file being left invalid after mod uninstall. (#4124)

v0.86 [2024-02-08]

What's new?

  • Added CIS v3.0.0 benchmark (steampipe check benchmark.cis_v300). (#755)

Bug fixes

  • Fixed pagination in the datadog_monitor table to correctly return data instead of an error. (#48) (Thanks @mdb for the contribution!)

Bug fixes

  • Fixed HomeDirectoryModfileCheck returning false positive, causing errors when executing steampipe out of the home directory. (#4118)

Enhancements

  • Updated all the tables to fetch the column data using hydrate functions to optimize the API calls and increase query speed when querying specific columns. (#30)

Bug fixes

  • Fixed UI freeze when prompting for workspace variables. (#4105)
  • Fixed dependency variable validation - it was failing if dependency variable value was set in the vars file. (#4110)

Dependencies

  • OCI plugin v0.35.0 or higher is now required. (#83)

What's new?

  • Added CIS v2.0.0 benchmark (steampipe check benchmark.cis_v200). (#80)

What's new?

  • Added OAuth config support to provide users the ability to set OAuth secret client ID and OAuth secret value of a service principal. For more information, please see Databricks plugin configuration. (#6) (Thanks @rinzool for the contribution!)
  • Added Config object to directly pass credentials to the client. (#10)

Enhancements

  • Optimized aws_cloudwatch_log_stream table's query performance by adding descending, log_group_name, log_stream_name_prefix and order_by new optional key qual columns. (#1951)
  • Optimized aws_ssm_inventory table's query performance by adding new optional key qual columns such as filter_key, filter_value, network_attribute_key, network_attribute_value, etc. (#1980)

Bug fixes

  • Fixed aws_cloudwatch_log_group table key column to be globally unique by filtering the results by region. (#1976)
  • Removed duplicate memoizing of getCommonColumns function from aws_s3_multi_region_access_point and aws_ec2_launch_template tables.(#2065)
  • Fixed error for column type_name in table aws_ssm_inventory_entry. (#1980)
  • Added the missing rate-limiter tags for aws_s3_bucket table's GetBucketLocation hydrate function to optimize query performance. (#2066)

Dependencies

  • Azure plugin v0.53.0 or higher is now required. (#242)

Enhancements

  • Added 41 new controls to the All Controls benchmark across the following services: (#234 #233)
    • Active Directory
    • App Service
    • Batch
    • Compute
    • Container Instance
    • Key Vault
    • Kubernetes Service
    • Network
    • Recovery Service
    • Service Bus
    • Storage

Bug fixes

  • Fixed the description of CIS_v150_2_1_9 control. (#238) (Thanks @sfunkernw for the contribution!)

Breaking changes

  • Removed the iam_root_user_virtual_mfa control since it is not recommended as good practice. (#743)
  • Replaced iam_account_password_policy_strong with iam_account_password_policy_strong_min_reuse_24 in the GDPR, FFIEC and CISA Cyber Essentials benchmarks to align more accurately with the requirements specified in the AWS Config rules. (#739)

Bug fixes

  • Updated the dashboard image to correctly list all the 25 benchmarks. (#748)

What's new?

  • Added the following controls across Simple Email Service and VPC benchmarks. (#88 #102)
    • ses_configuration_set_tls_enforced
    • vpc_security_group_restrict_ingress_rdp_all
    • vpc_security_group_restrict_ingress_ssh_all

Bug fixes

  • Fixed schema clone function failing if table has an LTREE column. (#4079)
  • Maintained the order of execution when running multiple queries in batch mode. (#3728)
  • Fixed issue where using any meta-command would load connection state even if not required. (#3614)
  • Fixed issue where plugin version file back-filling would write versions.json to the CWD if the plugin folder is not found. (#4073)
  • Simplified and fixed available port check. (#4030)

What's new?

  • Added the kubernetes_cluster_no_cluster_level_node_pool control to the Kubernetes benchmark. (#53)

Enhancements

  • Added the annotations columns on all CRD resources. (#202)
  • Updated the API version for table kubernetes_horizontal_pod_autoscaler. (#190)

What's new?

Enhancements

  • Added column iam_policy to gcp_cloud_run_service table. (#531)
  • Optimized the gcp_logging_log_entry table result or result timing by applying a timestamp filter. (#508)
  • Added the json_payload, proto_payload, metadata, resource, operation, and tags columns to gcp_logging_log_entry table. (#508)

Bug fixes

  • Fixed the addons_config, network_config and network_policy column of gcp_kubernetes_cluster table to correctly return data instead of null. (#530)
  • Fixed the end_time column of the gcp_sql_backup table to return null instead of an error when end time is unavailable for a SQL backup. (#534)
  • Fixed the enqueued_time, start_time and window_start_time columns of the gcp_sql_backup table to return null instead of an error when timestamp is unavailable for a SQL backup. (#536)

Enhancements

  • Added the audit_policy column to azure_sql_database and azure_sql_server tables. (#711)
  • Added the webhooks column to azure_container_registry table. (#710)
  • Added the disable_local_auth and status columns to azure_servicebus_namespace table. (#715)

Bug fixes

  • Fixed the azure_key_vault_secret table to correctly return data when keyvault name is in camel-case. (#638)

Bug fixes

  • Fixed the low_iops_ebs_volumes control to now suggest converting io1 and io2 volumes to GP3 volumes, when the base IOPS is less than 16000 instead of 3000. (#167)

What's new?

Enhancements

  • Added deletion_protection_enabled column to aws_dynamodb_table table. (#2049)

Bug fixes

  • Fixed default page size in aws_organizations_account table. (#2058)
  • Fixed processor_features column in aws_rds_db_instance not returning data when default value is set. (#2028)
  • Temporarily removed aws_organizations_organizational_unit table due to LTREE column issue. (#2058)

Bug fixes

  • Updated the tags to use risk instead of severity to eliminate duplicate column names in output files. (#41)

What's new?

  • Added the following controls across the benchmarks: (#51)
    • container_instance_container_group_secure_environment_variable
    • container_registry_zone_redundant_enabled

What's new?

Enhancements

  • Added storage_throughput column to aws_rds_db_instance table. (#2010) (Thanks @toddwh50 for the contribution!)
  • Added layers column to aws_lambda_function table. (#2008) (Thanks @icaliskanoglu for the contribution!)
  • Added tags column to aws_backup_recovery_point and aws_backup_vault tables. (#2033)

Bug fixes

  • Custom HTTP client should allow buildable settings through env var options such as AWS_CA_BUNDLE. (#2044)
  • Fixed MaxItems in aws_iam_policy and aws_iam_policy_attachment tables to use 1000 instead of 100 to avoid unnecessary API calls. (#2025) (#2026)

Enhancements

  • Updated the controls to reference their query using query = rather than sql =. (#25)

Bug fixes

  • Fixed the broken network_subnet_to_network_virtual_network edge of the relationship graph in the sql_server_detail dashboard page to correctly reference the network_subnets_for_sql_server query. (#118)

Bug fixes

  • Fixed the kubernetes_cluster_upgraded_with_non_vulnerable_version query to correctly check if a Kubernetes cluster is using an outdated software version. (#235)

Bug fixes

  • Fixed the plugin to return only static tables instead of an error when the objects config argument is not set or the plugin credentials are not set correctly. (#26)

Whats new

  • Allow using pprof on FDW when STEAMPIPE_FDW_PPROF environment variable is set. (#368)

Bug fixes

  • Set connection state to error if plugin load fails. (#4043)
  • Fixes incorrect row count in timing output for aggregator connections. (#402)
  • OpenTelemetry metric names must only contain [A-Za-z0-9_.-]. (#369)
  • Maintain the order of execution when running multiple queries in batch mode. (#3728)

Enhancements

  • Added 61 new controls to the All Controls benchmark across the following services: (#140)
    • CloudFunctions
    • Compute
    • KMS
    • Kubernetes
    • Project
    • SQL
    • Storage

Enhancements

  • Added 50 new controls to the All Controls benchmark across the following services: (#736)
    • ACM
    • CloudFront
    • CloudTrail
    • Config
    • DocumentDB
    • EC2
    • ECS
    • EKS
    • ElastiCache
    • ELB
    • EMR
    • Kinesis
    • RDS
    • Redshift
    • S3
    • SNS
    • SQS
    • SSM
    • VPC

Enhancements

  • Updated the plugin to use a shared, optimized HTTP client that enhances DNS management and reduces connection floods for more stable and efficient queries. (#2036)

Enhancements

  • Updated the plugin's .goreleaser file to build the netgo package only for Darwin systems. (#2029)

114 plugins have been updated to include the following changes:

What's new?

Dependencies

  • Recompiled with steampipe-plugin-sdk v5.8.0 that includes plugin server encapsulation for in-process and GRPC usage, adding Steampipe Plugin SDK version to _ctx column, and fixing connection and potential divide-by-zero bugs.

Whats new

  • Added steampipe_plugin_column introspection table to the steampipe_internal schema. (#4003)

Bug fixes

  • Fixed issue where a query would return 'null' for an empty result set when output is set to json. (#3955)
  • Fixed custom registries bugs.
  • Clean up apt temporary files in Dockerfile.

Bug fixes

  • Fixed the plugin to correctly return results when environment variables are only used for authentication. (#21)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#15)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#20)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#13)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#43)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#36)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#20)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#26)

What's new?

Enhancements

  • Updated the following tables to include support for dynamic GraphQL queries:
    • github_my_star (#369)
    • github_stargazer (#370)
    • github_tag (#371)
    • github_rate_limit (#368)
    • github_community_profile (#367)
    • github_license (#366)
    • github_organization_member (#364)
    • github_team_member (#364)
    • github_user (#364)
    • github_my_team (#363)
    • github_team (#363)
    • github_commit (#362)
    • github_my_organization (#361)
    • github_organization (#361)
    • github_organization_external_identity (#361)
    • github_branch (#360)
    • github_branch_protection (#360)
    • github_repository_collaborator (#365)
    • github_repository_deployment (#365)
    • github_repository_environment (#365)
    • github_repository_vulnerability_alert (#365)
    • github_issue (#359)
    • github_issue_comment (#359)
    • github_pull_request (#359)
    • github_pull_request_comment (#359)
    • github_pull_request_review (#359)

Bug fixes

  • Fixed the invalid Go module path of the plugin. (#27)

What's new?

  • Added the following controls across the benchmarks: (#49)
    • bigquery_table_deletion_protection_enabled
    • bigtable_instance_deletion_protection_enabled
    • spanner_database_deletion_protection_enabled
    • spanner_database_drop_protection_enabled

What's new?

  • Added the following controls across the benchmarks: (#47)
    • appservice_environment_zone_redundant_enabled
    • appservice_function_app_public_access_disabled
    • appservice_plan_zone_redundant
    • appservice_web_app_public_access_disabled
    • eventhub_namespace_uses_latest_tls_version
    • eventhub_namespace_zone_redundant
    • kubernetes_cluster_critical_pods_on_system_nodes
    • kubernetes_cluster_os_disk_ephemeral
    • redis_cache_standard_replication_enabled
    • sql_database_ledger_enabled
    • sql_database_zone_redundant_enabled

What's new?

  • Added the following controls across the benchmarks: (#98)
    • docdb_cluster_backup_retention_period_7
    • lambda_permission_restricted_service_permission
    • neptune_cluster_backup_retention_period_7
    • neptune_cluster_copy_tags_to_snapshot_enabled
    • neptune_cluster_iam_authentication_enabled

Bug fixes

  • Fixed the index doc by removing unsupported images. (#334)

Enhancements

  • Added the following controls to the All Controls benchmark: (#733)
    • api_gateway_rest_api_public_endpoint_with_authorizer
    • dlm_ebs_snapshot_lifecycle_policy_enabled
    • docdb_cluster_instance_encryption_at_rest_enabled
    • ebs_volume_snapshot_exists
    • elasticache_cluster_no_public_subnet
    • iam_role_no_administrator_access_policy_attached
    • iam_user_access_key_unused_45
    • iam_user_console_access_unused_45
    • neptune_db_cluster_no_public_subnet

Bug fixes

  • Fixed missing closing tag in index doc. (#331)

Bug fixes

  • Fixed ad_guest_user_reviewed_monthly, iam_deprecated_account_with_owner_roles, iam_external_user_with_read_permission, iam_external_user_with_write_permission, iam_user_not_allowed_to_create_security_group and iam_user_not_allowed_to_register_application queries to remove duplicate benchmark results. (#228)

Bug fixes

  • Fixed the plugin brand colour.

Bug fixes

  • Fixed the plugin to pass the namespace qualifier to the kubernetes API client when querying namespace scoped resources. (#181) (Thanks @pdecat for the contribution!!)

Bug fixes

  • Fixed the GetConfig of github_team_repository table to include support for dynamic GraphQL queries. (#379)
  • Fixed the example queries in github_commit doc file. (#377)
  • Fixed the example queries in github_search_issue doc file to filter out results from the API. (#378)

What's new?

Bug fixes

  • Fixed the retention_policy column of gcp_storage_bucket table to correctly return data instead of null. (#502)

What's new?

Enhancements

  • Added the properties column to jira_project table. (#105)

Bug fixes

  • Fixed typo in the docs/index.md file. (#102) (Thanks @adrfrank for the contribution!)
  • Fixed the jira_issue table by enhancing case insensitivity support for the status column. (#90)

What's new?

  • Added CIS v3.0.0 benchmark (steampipe check benchmark.cis_v300). (#57)

Breaking Changes

  • Removed the following tables using the search API that no longer work due to API limitations. These tables will be added back if functionality can be restored.
    • linkedin_company_employee
    • linkedin_company_past_employee
    • linkedin_connection
    • linkedin_search_company
    • linkedin_search_profile

Bug fixes

  • Fixed the compute_firewall_allow_tcp_connections_proxied_by_iap query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)

What's new?

  • Encapsulate plugin server so it is possible to use it in-process as well as via GRPC. (#719)
  • Add steampipe field to _ctx column, containing sdk version. (#712)

Bug fixes

  • Remove plugin has no connections error when deleting and then re-adding a connection. (#725)
  • Fix potential divide by zero bug when setting cache size

Enhancements

  • Added the dns_mx_dmarc_record_enabled control to the dns_mx_best_practices benchmark. (#20)

Bug fixes

  • Fixed dashboard localhost URLs in README and index doc. (#23)

Enhancements

  • Added the run_started_at column to github_actions_repository_workflow_run table. (#358) (Thanks @mridang for the contribution!)

What's new?_

  • Added the new All Controls benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)
  • Updated the plugin dependency section of the following mods to use min_version instead of version:
    • Alicloud Insights
    • AWS Insights
    • AWS Tags
    • Azure Insights
    • Digitalocean Insights
    • Docker Compliance
    • GCP Insights
    • GCP Labels
    • Github Compliance
    • Github Insights
    • Gitlab Insights
    • Hackernews Insights
    • IBM Insights
    • Kubernetes Insights
    • Microsoft 365 Compliance
    • OCI Compliance
    • OCI Insights
    • OCI Thrifty
    • Snowflake Compliance
    • Tailscale Compliance
    • Terraform AWS Compliance
    • Terraform Azure Compliance
    • Terraform GCP Compliance
    • Terraform OCI Compliance
    • Turbot Guardrails Insights

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#82)

Bug fixes

  • Updated the docs to include the correct links for the nsa_cisa_v1 benchmark. (#80) (Thanks @aniketh-varma for the contribution!)
  • Fixed the following queries to cast the data to boolean format. (#79)
    • cronjob_container_privilege_disabled
    • cronjob_host_network_access_disabled
    • cronjob_hostpid_hostipc_sharing_disabled
    • cronjob_immutable_container_filesystem
    • cronjob_non_root_container
    • daemonset_container_privilege_disabled
    • daemonset_host_network_access_disabled
    • daemonset_hostpid_hostipc_sharing_disabled
    • daemonset_immutable_container_filesystem
    • daemonset_non_root_container
    • deployment_container_privilege_disabled
    • deployment_host_network_access_disabled
    • deployment_hostpid_hostipc_sharing_disabled
    • deployment_immutable_container_filesystem
    • deployment_non_root_container
    • job_container_privilege_disabled
    • job_host_network_access_disabled
    • job_hostpid_hostipc_sharing_disabled
    • job_immutable_container_filesystem
    • job_non_root_container
    • pod_container_privilege_disabled
    • pod_immutable_container_filesystem
    • pod_non_root_container
    • pod_service_account_token_enabled
    • pod_template_container_privilege_disabled
    • pod_template_immutable_container_filesystem
    • replicaset_container_privilege_disabled
    • replicaset_host_network_access_disabled
    • replicaset_hostpid_hostipc_sharing_disabled
    • replicaset_immutable_container_filesystem
    • replicaset_non_root_container
    • replication_controller_container_privilege_disabled
    • replication_controller_host_network_access_disabled
    • replication_controller_hostpid_hostipc_sharing_disabled
    • replication_controller_immutable_container_filesystem
    • replication_controller_non_root_container
    • statefulset_container_privilege_disabled
    • statefulset_host_network_access_disabled
    • statefulset_hostpid_hostipc_sharing_disabled
    • statefulset_immutable_container_filesystem
    • statefulset_non_root_container

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#130)

Bug fixes

  • Fixed the kms_key_separation_of_duties_enforced query to ensure that separation of duties is enforced while assigning KMS-related roles to users. (#132)

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#222)

Bug fixes

  • Fixed the compute_vm_tcp_udp_access_restricted_internet query to ensure internet-facing virtual machines are protected with network security groups. (#224)

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#34)

Bug fixes

  • Fixed the README and index docs to correctly reference the well_architected_framework_security benchmark. (#25)

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#161)
  • Renamed the control lambda_function_with_graviton2 to lambda_function_with_graviton in order to maintain consistency. (#158) (Thanks @bluedoors for the contribution!)

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#45)

Bug fixes

  • Fixed the README to include correct links to the benchmarks. (#47) (Thanks @vil02 for the contribution!)

Breaking changes

  • Updated the plugin dependency section of the mod to use min_version instead of version. (#728)

Enhancements

  • Added the following controls to the All Controls benchmark: (#727)
    • glue_connection_ssl_enabled
    • vpc_peering_connection_route_table_least_privilege

Bug fixes

  • Fixed the description of the name column in aws_organizations_account table. (#1947) (Thanks @badideasforsale for the contribution!)

Dependencies

  • Recompiled plugin with steampipe-plugin-sdk v5.6.3 which addresses the issue of expired credentials being intermittently retained in the connection cache. (#1956)

Bug fixes

  • Fixed expired credentials sometimes being left in the connection cache. Update connection cache to use a backing store per connection, rather than a shared backing store. (#699)

Enhancements

  • Added the contact_info column to linkedin_profile table. (#5)

Bug fixes

  • Fixed the required quals of github_issue and github_pull_request tables to correctly return data instead of an error. (#355)

What's new

  • Updated github_issue, github_my_issue, github_pull_request, github_search_issue, and github_search_pull_request tables to only include nested and user permission columns in GraphQL request when requested. This should result in faster queries and large scale queries completing more consistently. (#342)

Bug fixes

  • Fixed vanta_computer table queries failing due to inclusion of deprecated API field requiresLocationServices in fetchDomainEndpoints query. (#19) (Thanks @eric-glb for the contribution!)

What's new?

  • The Sentry base URL can now be set through the base_url config argument or SENTRY_URL environment variable. (#11) (Thanks @beudbeud for the contribution!)

What's new?

  • The Prometheus address (address) can now be set with the PROMETHEUS_URL environment variable. (#23) (Thanks @beudbeud for the contribution!)

Bug fixes

  • Fixed README to include correct reference to the All Controls benchmark. (#218) (Thanks @vil02 for the contribution!)

Enhancements

  • Added the following controls to the All Controls benchmark: (#722)
    • athena_workgroup_enforce_configuration_enabled
    • iam_inline_policy_no_administrative_privileges

Bug fixes

  • Fixed README to include correct reference to the All Controls benchmark. (#721) (Thanks @vil02 for the contribution!)
  • Fixed typos in several compliance control descriptions. (#719) (Thanks @pdecat for the contribution!)

Enhancements

  • Improved documentation and descriptions for the aws_iam_role table. (#1940)
  • Replaced uses of rand.Seed with latest rand.NewSource. (#1933)

Enhancements

  • Added additional dashboard and query docs and updated metadata descriptions in docs. (#323)

What's new?

  • Added 11 new controls across the benchmarks for the following services: (#39)
    • Application Gateway
    • Automation
    • Cognitive Search
    • Compute
    • Frontdoor
    • Network
    • PostgreSQL

Bug fixes

  • Removed custom plugin level retryer which was unnecessary as the plugin already uses the AWS SDK retryer. (#1932)
  • The plugin now retries errors with the error code UnknownError. These are often thrown by services like SNS when performing a large number of requests. (#1932)

Bug fixes

  • Fixed queries to correctly return data for connection_name and tags dimensions instead of an error. (#73)

Enhancements

  • Updated the following queries to use url as the resource column: (#35)
    • default_branch_all_build_steps_as_code
    • default_branch_pipeline_locks_external_dependencies_for_build_process
    • default_branch_pipeline_must_have_jobs_with_sbom_generation
    • default_branch_pipelines_scan_for_vulnerabilities
    • default_branch_pipelines_scanners_set_to_prevent_sensitive_data
    • org_member_mfa_enabled
    • repo_inactive_members_review
    • repo_deletion_limited_to_trusted_users
    • repo_issue_deletion_limited_to_trusted_users
    • repo_webhook_package_registery_security_settings_enabled

The following 21 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs:

  • Alibaba Cloud
  • AWS CloudFormation
  • Azure
  • Azure Active Directory
  • CSV
  • DigitalOcean
  • Docker
  • Docker Hub
  • Exec
  • GCP
  • GitHub
  • IBM Cloud
  • Jira
  • Microsoft 365
  • Net
  • Okta
  • OpenShift
  • Oracle Cloud Infrastructure
  • Salesforce
  • Turbot Pipes
  • Zoom

Breaking changes

  • Removed instances column from terraform_resource table. (#64)
  • All arguments and lifecycle columns now return null instead of {} if empty. (#64)

Enhancements

  • Added address, attributes, and attributes_std columns to terraform_resource table. (#64)

Bug fixes

  • Fixed the start_line, end_line and source column values in the terraform_resource table to return correct values regardless of file indentation. (#64)
  • Fixed the plugin to check all files even if a non-existent file name is provided in any file_paths config arg. (#67)

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#34)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#34)

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#42)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#42)

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#35)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#35)

Enhancements

  • Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#90)

Dependencies

  • Terraform plugin v0.10.0 or higher is now required. (#90)

Bug fixes

  • Fixed the plugin to prevent crashes when source_types config argument contains manifest but manifest_file_paths is not defined. (#177)

What's new?

  • Added 39 new controls for the ClusterRoleBinding, CronJob, DaemonSet, Ingress, Job, Pod resource types to the all_controls benchmark. (#68)

Bug fixes

  • Fixed the source_account_id column of aws_securityhub_finding table to correctly return data instead of null. (#1927) (Thanks @gabrielsoltz for the contribution!)
  • Fixed the members column of aws_rds_db_cluster table to correctly return data instead of null. (#1926)

Bug fixes

  • Added support for the missing mod-location flag to the steampipe variable list command. (#3942)

Bug fixes

  • The initialise function is now being called for implicit hydrate configs (i.e. hydrate functions without explicit config), thereby preventing nil pointer reference errors when the hydrate function returns an error. (#683)

Whats new?

  • Define rate and concurrency limits for plugin execution. (#3746)
  • Define multiple instances of a plugin version using a plugin connection config block. (#3807)
  • The maximum memory used by plugins and the CLI can now be specified either in plugin instance definitions or the new plugin options block. (#3807)
  • New introspection tables steampipe_plugin and steampipe_plugin_limiter containing all configured plugin instances and limiters. (#3746)
  • New introspection table steampipe_server_settings populated with server settings data during service startup. (#3462)
  • Running plugin install with no arguments installs all referenced plugins. (#3451)
  • New --output flag for plugin list cmd allows selection between json and table output. (#3368)
  • Each plugin directory ncontains a version.json which can be used to recompose the global plugin versions.json if it is missing or corrupt. (#3492)
  • Typing .cache in interactive prompt shows the current value of cache. (#2439)
  • Steampipe commands bypass plugin requirement check if installed plugin is locally built. (#3643)
  • New skip-config flag disables writing of default plugin config during plugin installation. (#3531, #2206)
  • Logs are now written to file instead of console. (#2916)
  • When plugin startup fails, report useful message in the CLI. (#3732)
  • Users are warned to not have mod.sp files in home directory. (#2321)
  • Updated messaging when service is started on an unavailable port. (#623)
  • Log files are rotated if the process is active across date boundaries. (#125, #3825)
  • Listen hosts may be selected when starting steampipe service. (#3505)
  • Initialisation behaviour for the sample options has been changed: always copy a sample file (default.spc.sample), but only overwrite the default.spc file with the sample content if the existing file has not been modified. (#3431)
  • Validation for the workspace profile cache settings. (#3646)
  • Support OCI registries requiring authentication. (#2819)
  • Compiled with Go 1.21. (#3763)

Bug fixes

  • Plugin manager shutdown stalling intermittently due to deadlocks. (#3818)
  • Temporary tables dropped in interactive prompt when pool connections recycled. (#3781,#3543)
  • service start was not listening on network by default. (#3593)
  • Multi line logs from plugins not rendered correctly in plugin logs. (#3678)
  • .inspect panicking for long column descriptions. (#3709)
  • Interactive prompt crashing when there is a code panic. (#3713)
  • Incorrect zsh completion instructions.
  • Steampipe should not create export files for cancelled control runs. (#3578)
  • BuildFullResourceName not validating non empty arguments. (#3601)
  • Spinner not showing when exporting check results. (#3577)
  • stdin was consumed by query command even if there are arguments. (#1985)
  • When exporting multiple benchmarks, results now merged the results into a single export. (#2380)
  • Raise warning when pseudo-resources are ignored because of named HCL resources. (#1328)
  • Database reinstalled unnecessarily if any FDW files were missing. (#2040)
  • Improved error message when steampipe fails to parse a mod definition file because mod block does not exist. (#1198)
  • Only install-dir and workspace flags should be global flags. All other flags should only apply to specific command. (#3542)
  • Passing an empty list for list variables was not working. (#2094)
  • Show deprecation warning for version field in require block of mod definition.
  • Temporary directories were not always being cleaned up after plugin commands.
  • plugin list returned nothing if no plugins were installed. (#3927)

Deprecations and migrations

  • Table steampipe_connection_state renamed to steampipe_connection
  • Removed migration and backward compatibility of data files from v0.13.0. (#3517)
  • Removed deprecated workspace-chdir flag. (#3925)
  • Migrated from cloud.steampipe.io to pipes.turbot.com. (#3724)
  • Removed support for plugins which do not support multiple connections (i.e. using SDK < v4.0.0).
  • Deprecated terminal options.

All 115 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.1, which adds support for rate and concurrency limiters.

Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to:

  • Smooth the request rate from Steampipe to reduce load on the remote API or service
  • Limit the number of parallel requests to reduce contention for client and network resources
  • Avoid hitting server limits and throttling

For more information on getting started, please see Concurrency and Rate Limiting.

Deprecated

  • The source_type config argument has been deprecated and will be removed in the next major version. Please use the source_types config argument instead. If both config arguments are set, source_types will take precedence. For backward compatibility, please see below for old and new value equivalents: (#167)
    • source_type = 'all': source_types = ["deployed", "helm", "manifest"]
    • source_type = 'deployed': source_types = ["deployed"]
    • source_type = 'helm': source_types = ["helm"]
    • source_type = 'manifest': source_types = ["manifest"]

What's new?

  • Added the source_types config argument, which allows specifying a combination of source types to load per connection. (#167)

What's new?

  • Added 350+ new controls across all resource types to the all_controls benchmark. (#64)

Enhancements

  • Added path to default set of common_dimensions, so now any file paths will appear by default in the additional dimensions in control results. (#63)
  • Added iac category to mod definition.

Dependencies

  • Kubernetes plugin v0.23.0 or higher is now required.

Breaking changes

  • Removed the output column in the exec_command table. This column has been replaced by the stdout_output and stderr_output columns. (#13)

What's new?

  • Added stdout_output and stderr_output columns to the exec_command table. (#13)
  • Added stream column to the exec_command_line table. (#13)
  • Added plugin limiter exec_global with MaxConcurrency set to 15 in an effort to reduce abuse reports due to large number of concurrent remote connections. (#13)

Bug fixes

  • Results from the exec_command table should now be consistent when using local and remote connections. (#13)

Dependencies

What's new?

  • Added CIS v1.6.0 benchmark (steampipe check docker_compliance.benchmark.cis_v160). (#4)

Enhancements

  • Updated the Makefile to build the netgo package only for Darwin systems. (#1918)
  • Added the configuration_settings column to aws_elastic_beanstalk_environment table. (#1916)

Bug fixes

  • Fixed the table aws_dynamodb_backup to return nil instead of an error when backup does not exist. (#1914)

What's new?

  • SetConnectionCacheOptions, a new GRPC endpoint to clear connection cache. (#678)

Enhancements

  • Added the last_successful_login_time column to oci_identity_user table. (#547)

Enhancements

  • Added the department column to azuread_user table. (#132)

Bug fixes

  • Fixed the title column in azuread_device and azuread_user tables to correctly return data instead of null. (#134)

What's new?

  • Define rate and concurrency limits for plugin execution. (#623)
  • Diagnostics property added to _ctx column, containing information on hydrate calls and rate limiting (enabled by setting env var STEAMPIPE_DIAGNOSTIC_LEVEL=all)
  • Support for JSONB operators in List hydrate functions. (#594)
  • Type property added to ConnectionConfig protobuf definition to determine if a connection is an aggregator. (#590)
  • When plugin startup fails, write a specially formatted string to stdout so plugin manager can parse the output and display a useful message. (#619)
  • Support for multi-line log entries. (#612)
  • Added Equals function for QualValue. (#646)

Enhancements

  • Added 112 new controls to the All Controls benchmark for the following services: (#59)
    • CronJob
    • DaemonSet
    • Deployment
    • Job
    • Pod
    • ReplicaSet
    • ReplicationController
    • StatefulSet

What's new?

  • Added support for querying on-premise Jira instances. This can be done by setting the personal_access_token config argument in the jira.spc file. (#86) (Thanks @juandspy for the contribution!)

Bug fixes

  • Empty values will no longer be cached incorrectly for the github_my_repository, github_repository, and github_search_repository tables. (#340)
  • Fixed github_team_repository table to include support for dynamic GraphQL queries. (#339)

What's new

  • Update github_my_repository, github_repository, and github_search_repository tables to only include requested columns in GraphQL request. This should result in faster queries and large scale queries completing more consistently. (#338)

Dependencies

  • Recompiled plugin with Go 1.21. (#338)

Bug fixes

  • Fixed github_search_repository table queries failing when selecting the has_downloads, has_pages, hooks, network_count, subscribers_count, or topics columns. (#337)

Bug fixes

  • Fixed the invalid memory address or nil pointer dereference errors when querying Terraform configuration or plan or state files that included null valued arguments. (#56)

Enhancements

  • Added 90 new controls to the All Controls benchmark for the following services: (#56)
    • CronJob
    • DaemonSet
    • Deployment
    • Job
    • Pod
    • ReplicaSet
    • ReplicationController
    • StatefulSet

Bug fixes

  • Fixed the role_with_wildcards_used control to correctly return data instead of an error. (#54)

Bug fixes

  • Fixed the plugin to return nil instead of an error when the file/path specified in dockerfile_paths or docker_compose_file_paths config arguments does not exist. (#38)

Bug fixes

  • Added the missing resource column in the queries of glue_data_catalog_encryption_settings_metadata_encryption_enabled and glue_data_catalog_encryption_settings_password_encryption_enabled controls. (#715)

Enhancements

  • Added the resource_object and object columns to guardrails_notification and guardrails_resource tables respectively. (#7)

Bug fixes

  • Added the missing S3 go-getter examples in the docs/index.md file.

Bug fixes

  • Fixed the data type of capacity_reservation_specification column of aws_ec2_instance table to be of JSON type instead of STRING. (#1903)

Enhancements

  • Added the iam_workload_identity_restricted control to the IAM benchmark. (#38)

Breaking changes

  • Removed the dms_s3_endpoint_encryption_in_transit_enabled control from the DMS benchmark. (#84)

Enhancements

  • Added the vpc_transfer_server_allows_only_secure_protocols control to the VPC benchmark. (#84)

Deprecations

  • Deprecated domain column in net_certificate table, which has been replaced by the address column. Please note that the address column requires a port, e.g., github.com:443. This column will be removed in a future version. (#50)

What's new?

  • Added address column to the net_certificate table to allow specifying a port with the domain name. (#50)

Bug fixes

  • Updated the bitbucket.spc and index.md files to include details of BITBUCKET_USERNAME, BITBUCKET_PASSWORD, and BITBUCKET_API_BASE_URL environment variables. (#77)
 
Get cloud
work done.