Changelog
Subscribe to Steampipe changelog via RSS or join #changelog on our Slack community to stay updated on everything we ship.
What's new?
- New tables added
Enhancements
- The
account_id
column has now been assigned as a connection key column across all the tables which facilitates more precise and efficient querying across multiple AWS accounts. (#2133)
Bug fixes
- Fixed the
getDirectoryServiceSnapshotLimit
andgetDirectoryServiceEventTopics
hydrate calls in theaws_directory_service_directory
table to correctly returnnil
for the unsupportedADConnector
services instead of an error. (#2170)
What's new?
- New tables added: (Thanks @jplanckeel for the new plugin!)
v0.40.0 [2024-04-12]
What's new?
- New tables added
- Added support for plugin authentication using
Github App
. Please refer Github plugin configuration for more information. (#414)
Bug fixes
What's new?
- New tables added
Enhancements
- Added
snapshot_block_public_access_state
column toaws_ec2_regional_settings
table. (#2077)
Bug fixes
- Fixed the
getDirectoryServiceSnapshotLimit
andgetDirectoryServiceEventTopics
hydrate calls in theaws_directory_service_directory
table to correctly returnnil
for unsupportedSharedMicrosoftAD
services instead of an error. (#2156)
What's new?
- New tables added: (Thanks @ramirezj for the new plugin!)
What's new?
- New tables added
Enhancements
- Added support for nested dashboards. (#4208)
Bug fixes
- Fixed the issue where local plugins were not being loaded. (#4196)
- Re-added support for 'implicit' local plugins (i.e. the plugin binary exists but there is no entry in the
versions.json
). (#4223) - Fixed the issue where the daily update check message showed a
<nil>
when there was no message to show. (#4206)
What's new?
- New tables added
Enhancements
- Added support for
quota_project
config arg to provide users the ability to set theProject ID
used for billing and quota. (#556)
Bug fixes
- Fixed the
retry_policy_maximum_backoff
andretry_policy_minimum_backoff
columns ofgcp_pubsub_subscription
table to correctly return data. (#552) (Thanks to @mvanholsteijn for the contribution!)
What's new?
- New tables added
- aws_backup_job (#2145) (Thanks @rogerioacp for the contribution!)
- aws_elastic_beanstalk_application_version (#2150)
- aws_rds_db_engine_version (#2098)
- aws_s3_object_version (#2070)
- aws_servicequotas_service (#2070)
Bug fixes
- Fixed the
aws_vpc_eip
table to return anAccess Denied
error instead of anInvalid Memory Address or Nil Pointer Dereference
error when aService Control Policy
is applied to an account for a specific region. (#2136) - Fixed the
aws_s3_bucket
terraform script to prevent theAccessControlListNotSupported: The bucket does not allow ACLs
error during thePutBucketAcl
terraform call. (#2080) (Thanks @pdecat for the contribution!) - Fixed an issue where querying regional tables while using AWS profiles with
cross-account
role credentials results in the correct error being reported instead of zero rows. (#2137) - Fixed pagination in the
aws_ebs_snapshot
table to make fewer API calls when thelimit
parameter is passed to the query. (#2088)
What's new?
- New tables added
Enhancements
What's new?
- New tables added
- aws_acmpca_certificate_authority (#2125)
- aws_dms_endpoint (#1992)
- aws_dms_replication_task (#2110)
- aws_docdb_cluster_snapshot (#2123)
- aws_transfer_user (#2089) (Thanks @jramosf for the contribution!)
Enhancements
- Added
auto_minor_version_upgrade
column toaws_rds_db_cluster
table. (#2109) - Added
open_zfs_configuration
column toaws_fsx_file_system
table. (#2113) - Added
logging_configuration
column toaws_networkfirewall_firewall
table. (#2115) - Added
lf_tags
column toaws_glue_catalog_table
table. (#2128)
Bug fixes
- Fixed the query in the
aws_s3_bucket
table doc to correctly filter out buckets without theapplication
tag. (#2093) - Fixed the
aws_cloudtrail_lookup_event
input param to pass correctlyend_time
as an optional qual. (#2102) - Fixed the
arn
column of theaws_elastic_beanstalk_environment
table to correctly return data instead ofnull
. (#2105) - Fixed the
template_body_json
column of theaws_cloudformation_stack
table to correctly return data by adding a new transform functionformatJsonBody
, replacing theUnmarshalYAML
transform function. (#1959) - Fixed the
next_execution_time
column ofaws_ssm_maintenance_window
table to be ofString
datatype instead ofTIMESTAMP
. (#2116) - Renamed the
client_log_options
column toconnection_log_options
inaws_ec2_client_vpn_endpoint
table to correctly return data instead ofnull
. (#2122)
Whats new
- Improved startup performance with high plugin count - parallelize plugin startup. (#4183)
- Added database SSL password support for encrypted private key in order to handle your own certificates. (#4149)
Bug fixes
- Fixed issue where plugin list cannot re-create top-level versions.json file if the file has been corrupted or empty. (#4191)
Notice
- Scripts must use the permanent installation script at https://steampipe.io/install/steampipe.sh.
- The script above is automatically updated when the script moves location.
install.sh
has been moved from the top level folder to thescripts
folder.- Scripts directly referencing the raw GitHub location must be updated.
Notice
Steampipe will no longer officially publish or support a Dockerfile or container images.
Steampipe can be run in a containerized setup. We run it ourselves that way as part of Turbot Pipes. But, we've decided to cease publishing an supporting a container definition because:
- The CLI is optimized for developer use on the command line.
- Everyone has specific goals and requirements for their containers.
- Container setup requires various mounts and access to configuration files.
- It's hard to support containers across many different environments.
We welcome users to create and share your own open-source container definitions for Steampipe!
Steampipe unbundled, introducing Powerpipe
Powerpipe is now the recommended way to run dashboards and benchmarks!
Mods still work as normal in Steampipe for now, but they are deprecated and will be removed in a future release:
Whats new
- Added
version
column tosteampipe_plugin
table. (#4141) - Direct all errors and warnings to standard error (stderr). (4162)
Bug fixes
- Fixed the issue where
search_path_prefix
set indatabase options
does not alter the search path. (#4160) - Fix issue where
asff
output was always missing the first row. (#4157)
Deprecations and migrations
- Steampipe mods and dashboards are now separately available in Powerpipe, a new open-source project. The steampipe mod, check and dashboard commands have been deprecated and will be removed in a future version. Migration guide.
- Deprecated
cloud-host
andcloud-token
CLI args, and replaced them withpipes-host
andpipes-token
respectively. (#4137) - Deprecated
STEAMPIPE_CLOUD_HOST
andSTEAMPIPE_CLOUD_TOKEN
env vars, replaced withPIPES_HOST
andPIPES_TOKEN
respectively. (#4137) - Deprecated
cloud_host
andcloud_token
workspace args, replaced withpipes_host
andpipes_token
respectively. (#4137) - Removed support for deprecated
terminal options
. (#3751) - Removed support for deprecated
max_parallel
property ingeneral options
. (#4132) - Removed support for deprecated
connection options
. (#4131) - Removed deprecated
version
property from the modrequire
block. (#3750)
What's new?
- New dashboards added:
- OpenSearch Domain Detail (#75) (Thanks @Errahulaws for the contribution!)
What's new?
- New tables added
Bug fixes
- Fixed the
InvalidParameterCombination
error when querying theaws_rds_db_instance
table. (#2085) - Fixed
aws_rds_db_instance_metric_write_iops_daily
table to correctly displayWriteIOPS
instead ofReadIOPS
. (#2079)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.9.0 that fixes critical caching issues. (#2067)
Bug fixes
- Fixed the hierarchy in the benchmark list by properly integrating
Cloud Functions
benchmark intoall_controls
benchmark. (#146)
What's new?
- Removed support for Memoized functions to be directly assigned as column hydrate functions. Instead, require a wrapper hydrate function. (#756) (#738)
Bug fixes
- If cache is disabled for the server, but enabled for the client, the query execution code tries to stream to the cache even though there is no active set operation. (#740)
Bug fixes
- Fixed growing memory usage following file watching events when running dashboard server. (#4150)
Dependencies
- AWS plugin
v0.131.0
or higher is now required. (#747)
Enhancements
- Added 11 new controls to the
All Controls
benchmark across the following services: (#747)API Gateway
DMS
EMR
MQ
VPC
Bug fixes
- Fixed the
foundational_security_ssm_2
control to correctly evaluate results when patches are not applicable for SSM managed EC2 instances. (#761)
Bug fixes
- Fixed the typo in the
scaleway_billing_consumption
table docs to useconsumption
instead ofconsumtion
. (#80)
What's new?
- New tables added
- scaleway_account_project (#53) (Thanks @jplanckeel for the contribution!)
- scaleway_billing_consumption (#70) (Thanks @jplanckeel for the contribution!)
Enhancements
- Improved the plugin error message when invalid credentials are set in the
wiz.spc
file. (#23)
Bug fixes
- Fixed the
service_tickets
column inwiz_issue
table by removing theaction
subfield from theServiceTickets
field in the GraphQL response since it was no longer available. (#24 #25) (Thanks @sycophantic for the contribution!)
Bug fixes
- Removed duplicate control
rds_db_cluster_encrypted_with_kms_cmk
. (#105)
Bug fixes
- Removed duplicate node
service_account
. (#56)
What's new?
- New tables added
Bug fixes
What's new?
- New table added
- tfe_project (#42) (Thanks @edebrye for the contribution!)
Bug fixes
- Fixed the plugin initialization error by returning only the static tables when invalid config parameters were set for dynamic tables. #39
v0.86 [2024-02-08]
What's new?
- Added CIS v3.0.0 benchmark (
steampipe check benchmark.cis_v300
). (#755)
Bug fixes
- Fixed
HomeDirectoryModfileCheck
returning false positive, causing errors when executing steampipe out of the home directory. (#4118)
Enhancements
- Updated all the tables to fetch the column data using hydrate functions to optimize the API calls and increase query speed when querying specific columns. (#30)
What's new?
- New tables added
What's new?
- Added
OAuth
config support to provide users the ability to setOAuth secret client ID
andOAuth secret value
of a service principal. For more information, please see Databricks plugin configuration. (#6) (Thanks @rinzool for the contribution!) - Added
Config
object to directly pass credentials to the client. (#10)
What's new?
- New tables added
Enhancements
- Added the
authorization_rules
column toazure_servicebus_namespace
table. (#719)
Enhancements
- Optimized
aws_cloudwatch_log_stream
table's query performance by addingdescending
,log_group_name
,log_stream_name_prefix
andorder_by
new optional key qual columns. (#1951) - Optimized
aws_ssm_inventory
table's query performance by adding new optional key qual columns such asfilter_key
,filter_value
,network_attribute_key
,network_attribute_value
, etc. (#1980)
Bug fixes
- Fixed
aws_cloudwatch_log_group
table key column to be globally unique by filtering the results by region. (#1976) - Removed duplicate memoizing of getCommonColumns function from
aws_s3_multi_region_access_point
andaws_ec2_launch_template
tables.(#2065) - Fixed error for column
type_name
in tableaws_ssm_inventory_entry
. (#1980) - Added the missing rate-limiter tags for
aws_s3_bucket
table'sGetBucketLocation
hydrate function to optimize query performance. (#2066)
What's new?
- New tables added
Dependencies
- Azure plugin
v0.53.0
or higher is now required. (#242)
Enhancements
- Added 41 new controls to the
All Controls
benchmark across the following services: (#234 #233)Active Directory
App Service
Batch
Compute
Container Instance
Key Vault
Kubernetes Service
Network
Recovery Service
Service Bus
Storage
Bug fixes
- Fixed the description of
CIS_v150_2_1_9
control. (#238) (Thanks @sfunkernw for the contribution!)
Breaking changes
- Removed the
iam_root_user_virtual_mfa
control since it is not recommended as good practice. (#743) - Replaced
iam_account_password_policy_strong
withiam_account_password_policy_strong_min_reuse_24
in theGDPR
,FFIEC
andCISA Cyber Essentials
benchmarks to align more accurately with the requirements specified in the AWS Config rules. (#739)
Bug fixes
- Updated the dashboard image to correctly list all the 25 benchmarks. (#748)
What's new?
- New tables added
Bug fixes
- Fixed schema clone function failing if table has an LTREE column. (#4079)
- Maintained the order of execution when running multiple queries in batch mode. (#3728)
- Fixed issue where using any meta-command would load connection state even if not required. (#3614)
- Fixed issue where plugin version file back-filling would write
versions.json
to the CWD if the plugin folder is not found. (#4073) - Simplified and fixed available port check. (#4030)
What's new?
- New tables added
What's new?
- Added the
kubernetes_cluster_no_cluster_level_node_pool
control to theKubernetes
benchmark. (#53)
What's new?
- New tables added
Enhancements
What's new?
- New tables added
Enhancements
- Added column
iam_policy
togcp_cloud_run_service
table. (#531) - Optimized the
gcp_logging_log_entry
table result or result timing by applying a timestamp filter. (#508) - Added the
json_payload
,proto_payload
,metadata
,resource
,operation
, andtags
columns togcp_logging_log_entry
table. (#508)
Bug fixes
- Fixed the
addons_config
,network_config
andnetwork_policy
column ofgcp_kubernetes_cluster
table to correctly return data instead of null. (#530) - Fixed the
end_time
column of thegcp_sql_backup
table to returnnull
instead of an error when end time is unavailable for a SQL backup. (#534) - Fixed the
enqueued_time
,start_time
andwindow_start_time
columns of thegcp_sql_backup
table to returnnull
instead of an error when timestamp is unavailable for a SQL backup. (#536)
Enhancements
- Added the
audit_policy
column toazure_sql_database
andazure_sql_server
tables. (#711) - Added the
webhooks
column toazure_container_registry
table. (#710) - Added the
disable_local_auth
andstatus
columns toazure_servicebus_namespace
table. (#715)
Bug fixes
- Fixed the
azure_key_vault_secret
table to correctly return data when keyvault name is in camel-case. (#638)
Bug fixes
- Fixed the
low_iops_ebs_volumes
control to now suggest convertingio1
andio2
volumes toGP3
volumes, when the baseIOPS
is less than16000
instead of3000
. (#167)
What's new?
- New tables added
Enhancements
- Added
deletion_protection_enabled
column toaws_dynamodb_table
table. (#2049)
Bug fixes
What's new?
- Added the input variables to the following services to allow different thresholds to be passed in:
Droplet
Database
Block Storage
Kubernetes
To get started, please see [Digitalocean Thrifty Configuration] (https://hub.steampipe.io/mods/turbot/digitalocean_thrifty#configuration). For a list of variables and their default values, please see steampipe.spvars. (#36)
What's new?
- New tables added
Note : Table aws_sns_topic_subscription
will be changing behaviours in a future release to return results from ListSubscriptionsByTopic
instead of ListSubscriptions
.
Bug fixes
- Updated the tags to use
risk
instead ofseverity
to eliminate duplicate column names in output files. (#41)
What's new?
- Added the following controls across the benchmarks: (#51)
container_instance_container_group_secure_environment_variable
container_registry_zone_redundant_enabled
What's new?
- New tables added
Enhancements
- Added
storage_throughput
column toaws_rds_db_instance
table. (#2010) (Thanks @toddwh50 for the contribution!) - Added
layers
column toaws_lambda_function
table. (#2008) (Thanks @icaliskanoglu for the contribution!) - Added
tags
column toaws_backup_recovery_point
andaws_backup_vault
tables. (#2033)
Bug fixes
Enhancements
- Updated the controls to reference their query using
query =
rather thansql =
. (#25)
Bug fixes
- Fixed the broken
network_subnet_to_network_virtual_network
edge of the relationship graph in thesql_server_detail
dashboard page to correctly reference thenetwork_subnets_for_sql_server
query. (#118)
Bug fixes
- Fixed the
kubernetes_cluster_upgraded_with_non_vulnerable_version
query to correctly check if a Kubernetes cluster is using an outdated software version. (#235)
Bug fixes
- Fixed the plugin to return only static tables instead of an error when the
objects
config argument is not set or the plugin credentials are not set correctly. (#26)
What's new?
- New tables added
- reddit_my_saved_post (Thanks @mkell43 for the contribution!)
- reddit_my_saved_comment (Thanks @mkell43 for the contribution!)
Whats new
- Allow using pprof on FDW when STEAMPIPE_FDW_PPROF environment variable is set. (#368)
Bug fixes
Enhancements
- Added 61 new controls to the
All Controls
benchmark across the following services: (#140)- CloudFunctions
- Compute
- KMS
- Kubernetes
- Project
- SQL
- Storage
Enhancements
- Added 50 new controls to the
All Controls
benchmark across the following services: (#736)- ACM
- CloudFront
- CloudTrail
- Config
- DocumentDB
- EC2
- ECS
- EKS
- ElastiCache
- ELB
- EMR
- Kinesis
- RDS
- Redshift
- S3
- SNS
- SQS
- SSM
- VPC
What's new?
- New tables added: (Thanks @ajmaradiaga for the new plugin!)
Enhancements
- Updated the plugin to use a shared, optimized HTTP client that enhances DNS management and reduces connection floods for more stable and efficient queries. (#2036)
Enhancements
- Updated the plugin's
.goreleaser
file to build the netgo package only for Darwin systems. (#2029)
114 plugins have been updated to include the following changes:
What's new?
- Query tables directly in Postgres as a native Foreign Data Wrapper.
- Query tables directly in SQLite as a SQLite extension.
- Run as an Export CLI to extract data to files.
- SQLite examples added to table documentation.
- Expanded table documentation, especially to describe example queries.
- Docs license updated to match Steampipe CC BY-NC-ND license.
Dependencies
- Recompiled with steampipe-plugin-sdk v5.8.0 that includes plugin server encapsulation for in-process and GRPC usage, adding Steampipe Plugin SDK version to
_ctx
column, and fixing connection and potential divide-by-zero bugs.
Bug fixes
- Fixed the plugin to correctly return results when environment variables are only used for authentication. (#21)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#15)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#20)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#13)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#43)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#36)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#20)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#26)
What's new?
- New tables added
- github_repository_sbom (#353) (Thanks @lwakefield for the contribution!)
Enhancements
- Updated the following tables to include support for dynamic GraphQL queries:
github_my_star
(#369)github_stargazer
(#370)github_tag
(#371)github_rate_limit
(#368)github_community_profile
(#367)github_license
(#366)github_organization_member
(#364)github_team_member
(#364)github_user
(#364)github_my_team
(#363)github_team
(#363)github_commit
(#362)github_my_organization
(#361)github_organization
(#361)github_organization_external_identity
(#361)github_branch
(#360)github_branch_protection
(#360)github_repository_collaborator
(#365)github_repository_deployment
(#365)github_repository_environment
(#365)github_repository_vulnerability_alert
(#365)github_issue
(#359)github_issue_comment
(#359)github_pull_request
(#359)github_pull_request_comment
(#359)github_pull_request_review
(#359)
Bug fixes
- Fixed the invalid Go module path of the plugin. (#27)
What's new?
- New tables added: (Thanks @gabrielsoltz for the new plugin!)
What's new?
- Added the following controls across the benchmarks: (#49)
bigquery_table_deletion_protection_enabled
bigtable_instance_deletion_protection_enabled
spanner_database_deletion_protection_enabled
spanner_database_drop_protection_enabled
What's new?
- Added the following controls across the benchmarks: (#47)
appservice_environment_zone_redundant_enabled
appservice_function_app_public_access_disabled
appservice_plan_zone_redundant
appservice_web_app_public_access_disabled
eventhub_namespace_uses_latest_tls_version
eventhub_namespace_zone_redundant
kubernetes_cluster_critical_pods_on_system_nodes
kubernetes_cluster_os_disk_ephemeral
redis_cache_standard_replication_enabled
sql_database_ledger_enabled
sql_database_zone_redundant_enabled
What's new?
- Added the following controls across the benchmarks: (#98)
docdb_cluster_backup_retention_period_7
lambda_permission_restricted_service_permission
neptune_cluster_backup_retention_period_7
neptune_cluster_copy_tags_to_snapshot_enabled
neptune_cluster_iam_authentication_enabled
Bug fixes
- Fixed the index doc by removing unsupported images. (#334)
Enhancements
- Added the following controls to the
All Controls
benchmark: (#733)api_gateway_rest_api_public_endpoint_with_authorizer
dlm_ebs_snapshot_lifecycle_policy_enabled
docdb_cluster_instance_encryption_at_rest_enabled
ebs_volume_snapshot_exists
elasticache_cluster_no_public_subnet
iam_role_no_administrator_access_policy_attached
iam_user_access_key_unused_45
iam_user_console_access_unused_45
neptune_db_cluster_no_public_subnet
Bug fixes
- Fixed missing closing tag in index doc. (#331)
Bug fixes
- Fixed
ad_guest_user_reviewed_monthly
,iam_deprecated_account_with_owner_roles
,iam_external_user_with_read_permission
,iam_external_user_with_write_permission
,iam_user_not_allowed_to_create_security_group
andiam_user_not_allowed_to_register_application
queries to remove duplicate benchmark results. (#228)
Bug fixes
- Fixed the plugin brand colour.
What's new?
- New tables added
Bug fixes
- Fixed the
retention_policy
column ofgcp_storage_bucket
table to correctly return data instead of null. (#502)
What's new?
- New tables added
- aws_lambda_event_source_mapping (#1874) (Thanks @nickman for the contribution!)
Enhancements
What's new?
- New tables added
Enhancements
- Added the
properties
column tojira_project
table. (#105)
Bug fixes
What's new?
- Added CIS v3.0.0 benchmark (
steampipe check benchmark.cis_v300
). (#57)
Breaking Changes
- Removed the following tables using the search API that no longer work due to API limitations. These tables will be added back if functionality can be restored.
linkedin_company_employee
linkedin_company_past_employee
linkedin_connection
linkedin_search_company
linkedin_search_profile
Bug fixes
- Fixed the
compute_firewall_allow_tcp_connections_proxied_by_iap
query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)
What's new?
- Encapsulate plugin server so it is possible to use it in-process as well as via GRPC. (#719)
- Add
steampipe
field to_ctx
column, containing sdk version. (#712)
Bug fixes
- Remove
plugin has no connections
error when deleting and then re-adding a connection. (#725) - Fix potential divide by zero bug when setting cache size
What's new?
- New tables added
- aws_fms_policy (#1851)
- aws_fms_app_list (#1851)
- aws_transfer_server (#1909) (Thanks @jramosf for the contribution!)
Enhancements
- Added the
features
column toaws_guardduty_detector
table. (#1958)
What's new?_
- Added the new
All Controls
benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)
- Updated the plugin dependency section of the following mods to use
min_version
instead ofversion
:- Alicloud Insights
- AWS Insights
- AWS Tags
- Azure Insights
- Digitalocean Insights
- Docker Compliance
- GCP Insights
- GCP Labels
- Github Compliance
- Github Insights
- Gitlab Insights
- Hackernews Insights
- IBM Insights
- Kubernetes Insights
- Microsoft 365 Compliance
- OCI Compliance
- OCI Insights
- OCI Thrifty
- Snowflake Compliance
- Tailscale Compliance
- Terraform AWS Compliance
- Terraform Azure Compliance
- Terraform GCP Compliance
- Terraform OCI Compliance
- Turbot Guardrails Insights
Breaking changes
- Updated the plugin dependency section of the mod to use min_version instead of version. (#82)
Bug fixes
- Updated the docs to include the correct links for the nsa_cisa_v1 benchmark. (#80) (Thanks @aniketh-varma for the contribution!)
- Fixed the following queries to cast the data to boolean format. (#79)
- cronjob_container_privilege_disabled
- cronjob_host_network_access_disabled
- cronjob_hostpid_hostipc_sharing_disabled
- cronjob_immutable_container_filesystem
- cronjob_non_root_container
- daemonset_container_privilege_disabled
- daemonset_host_network_access_disabled
- daemonset_hostpid_hostipc_sharing_disabled
- daemonset_immutable_container_filesystem
- daemonset_non_root_container
- deployment_container_privilege_disabled
- deployment_host_network_access_disabled
- deployment_hostpid_hostipc_sharing_disabled
- deployment_immutable_container_filesystem
- deployment_non_root_container
- job_container_privilege_disabled
- job_host_network_access_disabled
- job_hostpid_hostipc_sharing_disabled
- job_immutable_container_filesystem
- job_non_root_container
- pod_container_privilege_disabled
- pod_immutable_container_filesystem
- pod_non_root_container
- pod_service_account_token_enabled
- pod_template_container_privilege_disabled
- pod_template_immutable_container_filesystem
- replicaset_container_privilege_disabled
- replicaset_host_network_access_disabled
- replicaset_hostpid_hostipc_sharing_disabled
- replicaset_immutable_container_filesystem
- replicaset_non_root_container
- replication_controller_container_privilege_disabled
- replication_controller_host_network_access_disabled
- replication_controller_hostpid_hostipc_sharing_disabled
- replication_controller_immutable_container_filesystem
- replication_controller_non_root_container
- statefulset_container_privilege_disabled
- statefulset_host_network_access_disabled
- statefulset_hostpid_hostipc_sharing_disabled
- statefulset_immutable_container_filesystem
- statefulset_non_root_container
Breaking changes
- Updated the plugin dependency section of the mod to use
min_version
instead ofversion
. (#161) - Renamed the control
lambda_function_with_graviton2
tolambda_function_with_graviton
in order to maintain consistency. (#158) (Thanks @bluedoors for the contribution!)
Bug fixes
- Fixed the description of the
name
column inaws_organizations_account
table. (#1947) (Thanks @badideasforsale for the contribution!)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.3 which addresses the issue of expired credentials being intermittently retained in the connection cache. (#1956)
Bug fixes
- Fixed expired credentials sometimes being left in the connection cache. Update connection cache to use a backing store per connection, rather than a shared backing store. (#699)
What's new?
Enhancements
- Added the
contact_info
column tolinkedin_profile
table. (#5)
Bug fixes
- Fixed the required quals of
github_issue
andgithub_pull_request
tables to correctly return data instead of an error. (#355)
What's new
- Updated
github_issue
,github_my_issue
,github_pull_request
,github_search_issue
, andgithub_search_pull_request
tables to only include nested and user permission columns in GraphQL request when requested. This should result in faster queries and large scale queries completing more consistently. (#342)
Enhancements
- Added the following controls to the
All Controls
benchmark: (#722)athena_workgroup_enforce_configuration_enabled
iam_inline_policy_no_administrative_privileges
Bug fixes
Enhancements
- Added additional dashboard and query docs and updated metadata descriptions in docs. (#323)
What's new?
- Added 11 new controls across the benchmarks for the following services: (#39)
- Application Gateway
- Automation
- Cognitive Search
- Compute
- Frontdoor
- Network
- PostgreSQL
The remaining 94 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs.
Bug fixes
- Fixed queries to correctly return data for
connection_name
andtags
dimensions instead of an error. (#73)
Enhancements
- Updated the following queries to use
url
as the resource column: (#35)default_branch_all_build_steps_as_code
default_branch_pipeline_locks_external_dependencies_for_build_process
default_branch_pipeline_must_have_jobs_with_sbom_generation
default_branch_pipelines_scan_for_vulnerabilities
default_branch_pipelines_scanners_set_to_prevent_sensitive_data
org_member_mfa_enabled
repo_inactive_members_review
repo_deletion_limited_to_trusted_users
repo_issue_deletion_limited_to_trusted_users
repo_webhook_package_registery_security_settings_enabled
What's new?
- New tables added
The following 21 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs:
- Alibaba Cloud
- AWS CloudFormation
- Azure
- Azure Active Directory
- CSV
- DigitalOcean
- Docker
- Docker Hub
- Exec
- GCP
- GitHub
- IBM Cloud
- Jira
- Microsoft 365
- Net
- Okta
- OpenShift
- Oracle Cloud Infrastructure
- Salesforce
- Turbot Pipes
- Zoom
Bug fixes
- Fixed the plugin to prevent crashes when
source_types
config argument containsmanifest
butmanifest_file_paths
is not defined. (#177)
What's new?
- Added 39 new controls for the
ClusterRoleBinding
,CronJob
,DaemonSet
,Ingress
,Job
,Pod
resource types to theall_controls
benchmark. (#68)
Bug fixes
- Fixed the
source_account_id
column ofaws_securityhub_finding
table to correctly return data instead ofnull
. (#1927) (Thanks @gabrielsoltz for the contribution!) - Fixed the
members
column ofaws_rds_db_cluster
table to correctly return data instead ofnull
. (#1926)
Bug fixes
- Added support for the missing
mod-location
flag to thesteampipe variable list
command. (#3942)
Bug fixes
- The
initialise
function is now being called for implicit hydrate configs (i.e. hydrate functions without explicit config), thereby preventing nil pointer reference errors when the hydrate function returns an error. (#683)
Whats new?
- Define rate and concurrency limits for plugin execution. (#3746)
- Define multiple instances of a plugin version using a
plugin
connection config block. (#3807) - The maximum memory used by plugins and the CLI can now be specified either in
plugin
instance definitions or the newplugin
options block. (#3807) - New introspection tables
steampipe_plugin
andsteampipe_plugin_limiter
containing all configured plugin instances and limiters. (#3746) - New introspection table
steampipe_server_settings
populated with server settings data during service startup. (#3462) - Running
plugin install
with no arguments installs all referenced plugins. (#3451) - New
--output
flag forplugin list
cmd allows selection betweenjson
andtable
output. (#3368) - Each plugin directory ncontains a
version.json
which can be used to recompose the global pluginversions.json
if it is missing or corrupt. (#3492) - Typing
.cache
in interactive prompt shows the current value of cache. (#2439) - Steampipe commands bypass plugin requirement check if installed plugin is locally built. (#3643)
- New
skip-config
flag disables writing of default plugin config during plugin installation. (#3531, #2206) - Logs are now written to file instead of console. (#2916)
- When plugin startup fails, report useful message in the CLI. (#3732)
- Users are warned to not have mod.sp files in home directory. (#2321)
- Updated messaging when service is started on an unavailable port. (#623)
- Log files are rotated if the process is active across date boundaries. (#125, #3825)
- Listen hosts may be selected when starting steampipe service. (#3505)
- Initialisation behaviour for the sample options has been changed: always copy a sample file (
default.spc.sample
), but only overwrite thedefault.spc
file with the sample content if the existing file has not been modified. (#3431) - Validation for the workspace profile
cache
settings. (#3646) - Support OCI registries requiring authentication. (#2819)
- Compiled with Go 1.21. (#3763)
Bug fixes
- Plugin manager shutdown stalling intermittently due to deadlocks. (#3818)
- Temporary tables dropped in interactive prompt when pool connections recycled. (#3781,#3543)
service start
was not listening onnetwork
by default. (#3593)- Multi line logs from plugins not rendered correctly in plugin logs. (#3678)
.inspect
panicking for long column descriptions. (#3709)- Interactive prompt crashing when there is a code panic. (#3713)
- Incorrect zsh completion instructions.
- Steampipe should not create export files for cancelled control runs. (#3578)
BuildFullResourceName
not validating non empty arguments. (#3601)- Spinner not showing when exporting check results. (#3577)
stdin
was consumed byquery
command even if there are arguments. (#1985)- When exporting multiple benchmarks, results now merged the results into a single export. (#2380)
- Raise warning when pseudo-resources are ignored because of named HCL resources. (#1328)
- Database reinstalled unnecessarily if any FDW files were missing. (#2040)
- Improved error message when steampipe fails to parse a mod definition file because mod block does not exist. (#1198)
- Only
install-dir
andworkspace
flags should be global flags. All other flags should only apply to specific command. (#3542) - Passing an empty list for list variables was not working. (#2094)
- Show deprecation warning for
version
field inrequire
block of mod definition. - Temporary directories were not always being cleaned up after plugin commands.
plugin list
returned nothing if no plugins were installed. (#3927)
Deprecations and migrations
- Table
steampipe_connection_state
renamed tosteampipe_connection
- Removed migration and backward compatibility of data files from v0.13.0. (#3517)
- Removed deprecated
workspace-chdir
flag. (#3925) - Migrated from
cloud.steampipe.io
topipes.turbot.com
. (#3724) - Removed support for plugins which do not support multiple connections (i.e. using SDK < v4.0.0).
- Deprecated
terminal options
.
All 115 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.1, which adds support for rate and concurrency limiters.
Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to:
- Smooth the request rate from Steampipe to reduce load on the remote API or service
- Limit the number of parallel requests to reduce contention for client and network resources
- Avoid hitting server limits and throttling
For more information on getting started, please see Concurrency and Rate Limiting.
Deprecated
- The
source_type
config argument has been deprecated and will be removed in the next major version. Please use thesource_types
config argument instead. If both config arguments are set,source_types
will take precedence. For backward compatibility, please see below for old and new value equivalents: (#167)source_type = 'all'
:source_types = ["deployed", "helm", "manifest"]
source_type = 'deployed'
:source_types = ["deployed"]
source_type = 'helm'
:source_types = ["helm"]
source_type = 'manifest'
:source_types = ["manifest"]
What's new?
- Added the
source_types
config argument, which allows specifying a combination of source types to load per connection. (#167)
What's new?
- Added 350+ new controls across all resource types to the
all_controls
benchmark. (#64)
Enhancements
- Added
path
to default set ofcommon_dimensions
, so now any file paths will appear by default in the additional dimensions in control results. (#63) - Added
iac
category to mod definition.
Dependencies
- Kubernetes plugin
v0.23.0
or higher is now required.
Breaking changes
- Removed the
output
column in theexec_command
table. This column has been replaced by thestdout_output
andstderr_output
columns. (#13)
What's new?
- Added
stdout_output
andstderr_output
columns to theexec_command
table. (#13) - Added
stream
column to theexec_command_line
table. (#13) - Added plugin limiter
exec_global
withMaxConcurrency
set to 15 in an effort to reduce abuse reports due to large number of concurrent remote connections. (#13)
Bug fixes
- Results from the
exec_command
table should now be consistent when using local and remote connections. (#13)
Dependencies
- Recompiled plugin with steampipe-plugin-sdk v5.6.0 which adds support for rate limiters. (#13)
- Recompiled plugin with Go 1.21. (#13)
What's new?
- Added CIS v1.6.0 benchmark (
steampipe check docker_compliance.benchmark.cis_v160
). (#4)
What's new?
SetConnectionCacheOptions
, a new GRPC endpoint to clear connection cache. (#678)
Enhancements
- Added the
last_successful_login_time
column tooci_identity_user
table. (#547)
What's new?
- Define rate and concurrency limits for plugin execution. (#623)
- Diagnostics property added to
_ctx
column, containing information on hydrate calls and rate limiting (enabled by setting env varSTEAMPIPE_DIAGNOSTIC_LEVEL=all
) - Support for JSONB operators in
List
hydrate functions. (#594) Type
property added toConnectionConfig
protobuf definition to determine if a connection is an aggregator. (#590)- When plugin startup fails, write a specially formatted string to stdout so plugin manager can parse the output and display a useful message. (#619)
- Support for multi-line log entries. (#612)
- Added
Equals
function forQualValue
. (#646)
What's new?
- New tables added
Enhancements
- Added 112 new controls to the
All Controls
benchmark for the following services: (#59)CronJob
DaemonSet
Deployment
Job
Pod
ReplicaSet
ReplicationController
StatefulSet
Bug fixes
- Fixed
github_search_repository
table queries failing when selecting thehas_downloads
,has_pages
,hooks
,network_count
,subscribers_count
, ortopics
columns. (#337)
Bug fixes
- Fixed the
invalid memory address or nil pointer dereference
errors when querying Terraform configuration or plan or state files that includednull
valued arguments. (#56)
Bug fixes
- Fixed the plugin to return
nil
instead of anerror
when the file/path specified indockerfile_paths
ordocker_compose_file_paths
config arguments does not exist. (#38)
Bug fixes
- Added the missing
resource
column in the queries ofglue_data_catalog_encryption_settings_metadata_encryption_enabled
andglue_data_catalog_encryption_settings_password_encryption_enabled
controls. (#715)
Enhancements
- Added the
resource_object
andobject
columns toguardrails_notification
andguardrails_resource
tables respectively. (#7)
Bug fixes
- Added the missing S3 go-getter examples in the
docs/index.md
file.
Bug fixes
- Fixed the data type of
capacity_reservation_specification
column ofaws_ec2_instance
table to be ofJSON
type instead ofSTRING
. (#1903)
Enhancements
- Added the
iam_workload_identity_restricted
control to theIAM
benchmark. (#38)
Deprecations
- Deprecated
domain
column innet_certificate
table, which has been replaced by theaddress
column. Please note that theaddress
column requires a port, e.g.,github.com:443
. This column will be removed in a future version. (#50)
What's new?
- Added
address
column to thenet_certificate
table to allow specifying a port with the domain name. (#50)
Bug fixes
- Updated the
bitbucket.spc
andindex.md
files to include details ofBITBUCKET_USERNAME
,BITBUCKET_PASSWORD
, andBITBUCKET_API_BASE_URL
environment variables. (#77)
work done.