Bug fixes

• Fixed ad_guest_user_reviewed_monthly, iam_deprecated_account_with_owner_roles, iam_external_user_with_read_permission, iam_external_user_with_write_permission, iam_user_not_allowed_to_create_security_group and iam_user_not_allowed_to_register_application queries to remove duplicate benchmark results. (#228)

v0.0.2 [2023-11-17]

Bug fixes

• Fixed the plugin brand colour.

What's new?

• New tables added
  • hubspot_blog_post
  • hubspot_company
  • hubspot_contact
  • hubspot_deal
  • hubspot_domain
  • hubspot_hub_db
  • hubspot_owner
  • hubspot_ticket

Bug fixes

• Fixed the plugin to pass the namespace qualifier to the kubernetes API client when querying namespace scoped resources. (#181) (Thanks @pdecat for the contribution!!)

v0.37.1 [2023-11-16]

Bug fixes

• Fixed the GetConfig of github_team_repository table to include support for dynamic GraphQL queries. (#379)
• Fixed the example queries in github_commit doc file. (#377)
• Fixed the example queries in github_search_issue doc file to filter out results from the API. (#378)

v0.46.0 [2023-11-16]

What's new?

• New tables added
  • gcp_aiplatform_endpoints (#513)

Bug fixes

• Fixed the retention_policy column of gcp_storage_bucket table to correctly return data instead of null. (#502)

v0.123.0 [2023-11-16]

What's new?

• New tables added
  • aws_lambda_event_source_mapping (#1874) (Thanks @nickman for the contribution!)

Enhancements

• Added the resource_record_set_limit column to aws_route53_zone table. (#1969) (Thanks @keyolk for the contribution!)

v0.13.0 [2023-11-15]

What's new?

• New tables added
  • jira_issue_comment (#103)
  • jira_issue_worklog (#104)

Enhancements

• Added the properties column to jira_project table. (#105)

Bug fixes

• Fixed typo in the docs/index.md file. (#102) (Thanks @adrfrank for the contribution!)
• Fixed the jira_issue table by enhancing case insensitivity support for the status column. (#90)

What's new?

• Added CIS v3.0.0 benchmark (steampipe check benchmark.cis_v300). (#57)

Breaking Changes

• Removed the following tables using the search API that no longer work due to API limitations. These tables will be added back if functionality can be restored.
  • linkedin_company_employee
  • linkedin_company_past_employee
  • linkedin_connection
  • linkedin_search_company
  • linkedin_search_profile

Bug fixes

• Fixed the compute_firewall_allow_tcp_connections_proxied_by_iap query to correctly include all the ports and source IP ranges. (#128) (Thanks @saisirishreddy for the contribution!)

Enhancements

• Added the dns_mx_dmarc_record_enabled control to the dns_mx_best_practices benchmark. (#20)

Bug fixes

• Fixed dashboard localhost URLs in README and index doc. (#23)

Enhancements

• Added the run_started_at column to github_actions_repository_workflow_run table. (#358) (Thanks @mridang for the contribution!)

What's new?

• New tables added
  • aws_fms_policy (#1851)
  • aws_fms_app_list (#1851)
  • aws_transfer_server (#1909) (Thanks @jramosf for the contribution!)

Enhancements

• Added the features column to aws_guardduty_detector table. (#1958)

What's new?_

• Added the new All Controls benchmark (steampipe check benchmark.all_controls). This new benchmark includes 109 service-specific controls. (#127)

• Updated the plugin dependency section of the following mods to use min_version instead of version:
  • Alicloud Insights
  • AWS Insights
  • AWS Tags
  • Azure Insights
  • Digitalocean Insights
  • Docker Compliance
  • GCP Insights
  • GCP Labels
  • Github Compliance
  • Github Insights
  • Gitlab Insights
  • Hackernews Insights
  • IBM Insights
  • Kubernetes Insights
  • Microsoft 365 Compliance
  • OCI Compliance
  • OCI Insights
  • OCI Thrifty
  • Snowflake Compliance
  • Tailscale Compliance
  • Terraform AWS Compliance
  • Terraform Azure Compliance
  • Terraform GCP Compliance
  • Terraform OCI Compliance
  • Turbot Guardrails Insights

Breaking changes

• Updated the plugin dependency section of the mod to use min_version instead of version. (#82)

Bug fixes

• Updated the docs to include the correct links for the nsa_cisa_v1 benchmark. (#80) (Thanks @aniketh-varma for the contribution!)
• Fixed the following queries to cast the data to boolean format. (#79)
  • cronjob_container_privilege_disabled
  • cronjob_host_network_access_disabled
  • cronjob_hostpid_hostipc_sharing_disabled
  • cronjob_immutable_container_filesystem
  • cronjob_non_root_container
  • daemonset_container_privilege_disabled
  • daemonset_host_network_access_disabled
  • daemonset_hostpid_hostipc_sharing_disabled
  • daemonset_immutable_container_filesystem
  • daemonset_non_root_container
  • deployment_container_privilege_disabled
  • deployment_host_network_access_disabled
  • deployment_hostpid_hostipc_sharing_disabled
  • deployment_immutable_container_filesystem
  • deployment_non_root_container
  • job_container_privilege_disabled
  • job_host_network_access_disabled
  • job_hostpid_hostipc_sharing_disabled
  • job_immutable_container_filesystem
  • job_non_root_container
  • pod_container_privilege_disabled
  • pod_immutable_container_filesystem
  • pod_non_root_container
  • pod_service_account_token_enabled
  • pod_template_container_privilege_disabled
  • pod_template_immutable_container_filesystem
  • replicaset_container_privilege_disabled
  • replicaset_host_network_access_disabled
  • replicaset_hostpid_hostipc_sharing_disabled
  • replicaset_immutable_container_filesystem
  • replicaset_non_root_container
  • replication_controller_container_privilege_disabled
  • replication_controller_host_network_access_disabled
  • replication_controller_hostpid_hostipc_sharing_disabled
  • replication_controller_immutable_container_filesystem
  • replication_controller_non_root_container
  • statefulset_container_privilege_disabled
  • statefulset_host_network_access_disabled
  • statefulset_hostpid_hostipc_sharing_disabled
  • statefulset_immutable_container_filesystem
  • statefulset_non_root_container

Breaking changes

• Updated the plugin dependency section of the mod to use min_version instead of version. (#130)

Bug fixes

• Fixed the kms_key_separation_of_duties_enforced query to ensure that separation of duties is enforced while assigning KMS-related roles to users. (#132)

Breaking changes

• Updated the plugin dependency section of the mod to use min_version instead of version. (#222)

Bug fixes

• Fixed the compute_vm_tcp_udp_access_restricted_internet query to ensure internet-facing virtual machines are protected with network security groups. (#224)

Breaking changes

• Updated the plugin dependency section of the mod to use min_version instead of version. (#34)

Bug fixes

• Fixed the README and index docs to correctly reference the well_architected_framework_security benchmark. (#25)

Breaking changes

• Updated the plugin dependency section of the mod to use min_version instead of version. (#161)
• Renamed the control lambda_function_with_graviton2 to lambda_function_with_graviton in order to maintain consistency. (#158) (Thanks @bluedoors for the contribution!)

Breaking changes

• Updated the plugin dependency section of the mod to use min_version instead of version. (#45)

Bug fixes

• Fixed the README to include correct links to the benchmarks. (#47) (Thanks @vil02 for the contribution!)

Breaking changes

• Updated the plugin dependency section of the mod to use min_version instead of version. (#728)

Enhancements

• Added the following controls to the All Controls benchmark: (#727)
  • glue_connection_ssl_enabled
  • vpc_peering_connection_route_table_least_privilege

Bug fixes

• Fixed the description of the name column in aws_organizations_account table. (#1947) (Thanks @badideasforsale for the contribution!)

Dependencies

• Recompiled plugin with steampipe-plugin-sdk v5.6.3 which addresses the issue of expired credentials being intermittently retained in the connection cache. (#1956)

Bug fixes

• Fixed expired credentials sometimes being left in the connection cache. Update connection cache to use a backing store per connection, rather than a shared backing store. (#699)

What's new?

• New tables added
  • azure_alert_management (#685)
  • azure_databricks_workspace (#692)
  • azure_monitor_activity_log_event (#684)
  • azure_recovery_services_backup_job (#681)

Enhancements

• Added the contact_info column to linkedin_profile table. (#5)

Bug fixes

• Fixed the required quals of github_issue and github_pull_request tables to correctly return data instead of an error. (#355)

What's new

• Updated github_issue, github_my_issue, github_pull_request, github_search_issue, and github_search_pull_request tables to only include nested and user permission columns in GraphQL request when requested. This should result in faster queries and large scale queries completing more consistently. (#342)

Bug fixes

• Fixed vanta_computer table queries failing due to inclusion of deprecated API field requiresLocationServices in fetchDomainEndpoints query. (#19) (Thanks @eric-glb for the contribution!)

What's new?

• The Sentry base URL can now be set through the base_url config argument or SENTRY_URL environment variable. (#11) (Thanks @beudbeud for the contribution!)

What's new?

• The Prometheus address (address) can now be set with the PROMETHEUS_URL environment variable. (#23) (Thanks @beudbeud for the contribution!)

Bug fixes

• Fixed README to include correct reference to the All Controls benchmark. (#218) (Thanks @vil02 for the contribution!)

Enhancements

• Added the following controls to the All Controls benchmark: (#722)
  • athena_workgroup_enforce_configuration_enabled
  • iam_inline_policy_no_administrative_privileges

Bug fixes

• Fixed README to include correct reference to the All Controls benchmark. (#721) (Thanks @vil02 for the contribution!)
• Fixed typos in several compliance control descriptions. (#719) (Thanks @pdecat for the contribution!)

Enhancements

• Improved documentation and descriptions for the aws_iam_role table. (#1940)
• Replaced uses of rand.Seed with latest rand.NewSource. (#1933)

Enhancements

• Added additional dashboard and query docs and updated metadata descriptions in docs. (#323)

What's new?

• Added 11 new controls across the benchmarks for the following services: (#39)
  • Application Gateway
  • Automation
  • Cognitive Search
  • Compute
  • Frontdoor
  • Network
  • PostgreSQL

Bug fixes

• Removed custom plugin level retryer which was unnecessary as the plugin already uses the AWS SDK retryer. (#1932)
• The plugin now retries errors with the error code UnknownError. These are often thrown by services like SNS when performing a large number of requests. (#1932)

The remaining 94 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs.

Bug fixes

• Fixed queries to correctly return data for connection_name and tags dimensions instead of an error. (#73)

Enhancements

• Updated the following queries to use url as the resource column: (#35)
  • default_branch_all_build_steps_as_code
  • default_branch_pipeline_locks_external_dependencies_for_build_process
  • default_branch_pipeline_must_have_jobs_with_sbom_generation
  • default_branch_pipelines_scan_for_vulnerabilities
  • default_branch_pipelines_scanners_set_to_prevent_sensitive_data
  • org_member_mfa_enabled
  • repo_inactive_members_review
  • repo_deletion_limited_to_trusted_users
  • repo_issue_deletion_limited_to_trusted_users
  • repo_webhook_package_registery_security_settings_enabled

What's new?

• New tables added
  • gcp_artifact_registry_repository (#496)
  • gcp_cloud_run_service (#497)

The following 21 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.2, which prevents nil pointer reference errors for implicit hydrate configs:

• Alibaba Cloud
• AWS CloudFormation
• Azure
• Azure Active Directory
• CSV
• DigitalOcean
• Docker
• Docker Hub
• Exec
• GCP
• GitHub
• IBM Cloud
• Jira
• Microsoft 365
• Net
• Okta
• OpenShift
• Oracle Cloud Infrastructure
• Salesforce
• Turbot Pipes
• Zoom

Breaking changes

• Removed instances column from terraform_resource table. (#64)
• All arguments and lifecycle columns now return null instead of {} if empty. (#64)

Enhancements

• Added address, attributes, and attributes_std columns to terraform_resource table. (#64)

Bug fixes

• Fixed the start_line, end_line and source column values in the terraform_resource table to return correct values regardless of file indentation. (#64)
• Fixed the plugin to check all files even if a non-existent file name is provided in any file_paths config arg. (#67)

Enhancements

• Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#34)

Dependencies

• Terraform plugin v0.10.0 or higher is now required. (#34)

Enhancements

• Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#42)

Dependencies

• Terraform plugin v0.10.0 or higher is now required. (#42)

Enhancements

• Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#35)

Dependencies

• Terraform plugin v0.10.0 or higher is now required. (#35)

Enhancements

• Updated the queries to use the attributes_std and address columns from the terraform_resource table instead of arguments, type and name columns for better support of terraform state files. (#90)

Dependencies

• Terraform plugin v0.10.0 or higher is now required. (#90)

Bug fixes

• Fixed the plugin to prevent crashes when source_types config argument contains manifest but manifest_file_paths is not defined. (#177)

What's new?

• Added 39 new controls for the ClusterRoleBinding, CronJob, DaemonSet, Ingress, Job, Pod resource types to the all_controls benchmark. (#68)

Bug fixes

• Fixed the source_account_id column of aws_securityhub_finding table to correctly return data instead of null. (#1927) (Thanks @gabrielsoltz for the contribution!)
• Fixed the members column of aws_rds_db_cluster table to correctly return data instead of null. (#1926)

Bug fixes

• Added support for the missing mod-location flag to the steampipe variable list command. (#3942)

Bug fixes

• The initialise function is now being called for implicit hydrate configs (i.e. hydrate functions without explicit config), thereby preventing nil pointer reference errors when the hydrate function returns an error. (#683)

Whats new?

• Define rate and concurrency limits for plugin execution. (#3746)
• Define multiple instances of a plugin version using a plugin connection config block. (#3807)
• The maximum memory used by plugins and the CLI can now be specified either in plugin instance definitions or the new plugin options block. (#3807)
• New introspection tables steampipe_plugin and steampipe_plugin_limiter containing all configured plugin instances and limiters. (#3746)
• New introspection table steampipe_server_settings populated with server settings data during service startup. (#3462)
• Running plugin install with no arguments installs all referenced plugins. (#3451)
• New --output flag for plugin list cmd allows selection between json and table output. (#3368)
• Each plugin directory ncontains a version.json which can be used to recompose the global plugin versions.json if it is missing or corrupt. (#3492)
• Typing .cache in interactive prompt shows the current value of cache. (#2439)
• Steampipe commands bypass plugin requirement check if installed plugin is locally built. (#3643)
• New skip-config flag disables writing of default plugin config during plugin installation. (#3531, #2206)
• Logs are now written to file instead of console. (#2916)
• When plugin startup fails, report useful message in the CLI. (#3732)
• Users are warned to not have mod.sp files in home directory. (#2321)
• Updated messaging when service is started on an unavailable port. (#623)
• Log files are rotated if the process is active across date boundaries. (#125, #3825)
• Listen hosts may be selected when starting steampipe service. (#3505)
• Initialisation behaviour for the sample options has been changed: always copy a sample file (default.spc.sample), but only overwrite the default.spc file with the sample content if the existing file has not been modified. (#3431)
• Validation for the workspace profile cache settings. (#3646)
• Support OCI registries requiring authentication. (#2819)
• Compiled with Go 1.21. (#3763)

Bug fixes

• Plugin manager shutdown stalling intermittently due to deadlocks. (#3818)
• Temporary tables dropped in interactive prompt when pool connections recycled. (#3781,#3543)
• service start was not listening on network by default. (#3593)
• Multi line logs from plugins not rendered correctly in plugin logs. (#3678)
• .inspect panicking for long column descriptions. (#3709)
• Interactive prompt crashing when there is a code panic. (#3713)
• Incorrect zsh completion instructions.
• Steampipe should not create export files for cancelled control runs. (#3578)
• BuildFullResourceName not validating non empty arguments. (#3601)
• Spinner not showing when exporting check results. (#3577)
• stdin was consumed by query command even if there are arguments. (#1985)
• When exporting multiple benchmarks, results now merged the results into a single export. (#2380)
• Raise warning when pseudo-resources are ignored because of named HCL resources. (#1328)
• Database reinstalled unnecessarily if any FDW files were missing. (#2040)
• Improved error message when steampipe fails to parse a mod definition file because mod block does not exist. (#1198)
• Only install-dir and workspace flags should be global flags. All other flags should only apply to specific command. (#3542)
• Passing an empty list for list variables was not working. (#2094)
• Show deprecation warning for version field in require block of mod definition.
• Temporary directories were not always being cleaned up after plugin commands.
• plugin list returned nothing if no plugins were installed. (#3927)

Deprecations and migrations

• Table steampipe_connection_state renamed to steampipe_connection
• Removed migration and backward compatibility of data files from v0.13.0. (#3517)
• Removed deprecated workspace-chdir flag. (#3925)
• Migrated from cloud.steampipe.io to pipes.turbot.com. (#3724)
• Removed support for plugins which do not support multiple connections (i.e. using SDK < v4.0.0).
• Deprecated terminal options.

All 115 Turbot Steampipe plugins have been updated to use steampipe-plugin-sdk v5.6.1, which adds support for rate and concurrency limiters.

Limiters provide a simple, flexible interface to implement client-site rate limiting and concurrency thresholds at compile time or run time. You can use limiters to:

• Smooth the request rate from Steampipe to reduce load on the remote API or service
• Limit the number of parallel requests to reduce contention for client and network resources
• Avoid hitting server limits and throttling

For more information on getting started, please see Concurrency and Rate Limiting.

Deprecated

• The source_type config argument has been deprecated and will be removed in the next major version. Please use the source_types config argument instead. If both config arguments are set, source_types will take precedence. For backward compatibility, please see below for old and new value equivalents: (#167)
  • source_type = 'all': source_types = ["deployed", "helm", "manifest"]
  • source_type = 'deployed': source_types = ["deployed"]
  • source_type = 'helm': source_types = ["helm"]
  • source_type = 'manifest': source_types = ["manifest"]

What's new?

• Added the source_types config argument, which allows specifying a combination of source types to load per connection. (#167)

What's new?

• Added 350+ new controls across all resource types to the all_controls benchmark. (#64)

Enhancements

• Added path to default set of common_dimensions, so now any file paths will appear by default in the additional dimensions in control results. (#63)
• Added iac category to mod definition.

Dependencies

• Kubernetes plugin v0.23.0 or higher is now required.

Breaking changes

• Removed the output column in the exec_command table. This column has been replaced by the stdout_output and stderr_output columns. (#13)

What's new?

• Added stdout_output and stderr_output columns to the exec_command table. (#13)
• Added stream column to the exec_command_line table. (#13)
• Added plugin limiter exec_global with MaxConcurrency set to 15 in an effort to reduce abuse reports due to large number of concurrent remote connections. (#13)

Bug fixes

• Results from the exec_command table should now be consistent when using local and remote connections. (#13)

Dependencies

• Recompiled plugin with steampipe-plugin-sdk v5.6.0 which adds support for rate limiters. (#13)
• Recompiled plugin with Go 1.21. (#13)

What's new?

• Added CIS v1.6.0 benchmark (steampipe check docker_compliance.benchmark.cis_v160). (#4)

Enhancements

• Updated the Makefile to build the netgo package only for Darwin systems. (#1918)
• Added the configuration_settings column to aws_elastic_beanstalk_environment table. (#1916)

Bug fixes

• Fixed the table aws_dynamodb_backup to return nil instead of an error when backup does not exist. (#1914)

What's new?

• SetConnectionCacheOptions, a new GRPC endpoint to clear connection cache. (#678)

Enhancements

• Added the last_successful_login_time column to oci_identity_user table. (#547)

Enhancements

• Added the department column to azuread_user table. (#132)

Bug fixes

• Fixed the title column in azuread_device and azuread_user tables to correctly return data instead of null. (#134)

What's new?

• Define rate and concurrency limits for plugin execution. (#623)
• Diagnostics property added to _ctx column, containing information on hydrate calls and rate limiting (enabled by setting env var STEAMPIPE_DIAGNOSTIC_LEVEL=all)
• Support for JSONB operators in List hydrate functions. (#594)
• Type property added to ConnectionConfig protobuf definition to determine if a connection is an aggregator. (#590)
• When plugin startup fails, write a specially formatted string to stdout so plugin manager can parse the output and display a useful message. (#619)
• Support for multi-line log entries. (#612)
• Added Equals function for QualValue. (#646)

What's new?

• New tables added
  • kubernetes_pod_template (#170)

Enhancements

• Added 112 new controls to the All Controls benchmark for the following services: (#59)
  • CronJob
  • DaemonSet
  • Deployment
  • Job
  • Pod
  • ReplicaSet
  • ReplicationController
  • StatefulSet

What's new?

• Added support for querying on-premise Jira instances. This can be done by setting the personal_access_token config argument in the jira.spc file. (#86) (Thanks @juandspy for the contribution!)

Bug fixes

• Empty values will no longer be cached incorrectly for the github_my_repository, github_repository, and github_search_repository tables. (#340)
• Fixed github_team_repository table to include support for dynamic GraphQL queries. (#339)

What's new

• Update github_my_repository, github_repository, and github_search_repository tables to only include requested columns in GraphQL request. This should result in faster queries and large scale queries completing more consistently. (#338)

Dependencies

• Recompiled plugin with Go 1.21. (#338)

Bug fixes

• Fixed github_search_repository table queries failing when selecting the has_downloads, has_pages, hooks, network_count, subscribers_count, or topics columns. (#337)

Bug fixes

• Fixed the invalid memory address or nil pointer dereference errors when querying Terraform configuration or plan or state files that included null valued arguments. (#56)

Enhancements

• Added 90 new controls to the All Controls benchmark for the following services: (#56)
  • CronJob
  • DaemonSet
  • Deployment
  • Job
  • Pod
  • ReplicaSet
  • ReplicationController
  • StatefulSet

Bug fixes

• Fixed the role_with_wildcards_used control to correctly return data instead of an error. (#54)

Bug fixes

• Fixed the plugin to return nil instead of an error when the file/path specified in dockerfile_paths or docker_compose_file_paths config arguments does not exist. (#38)

Bug fixes

• Added the missing resource column in the queries of glue_data_catalog_encryption_settings_metadata_encryption_enabled and glue_data_catalog_encryption_settings_password_encryption_enabled controls. (#715)

Enhancements

• Added the resource_object and object columns to guardrails_notification and guardrails_resource tables respectively. (#7)

Bug fixes

• Added the missing S3 go-getter examples in the docs/index.md file.

Bug fixes

• Fixed the data type of capacity_reservation_specification column of aws_ec2_instance table to be of JSON type instead of STRING. (#1903)

Enhancements

• Added the iam_workload_identity_restricted control to the IAM benchmark. (#38)

Breaking changes

• Removed the dms_s3_endpoint_encryption_in_transit_enabled control from the DMS benchmark. (#84)

Enhancements

• Added the vpc_transfer_server_allows_only_secure_protocols control to the VPC benchmark. (#84)

Deprecations

• Deprecated domain column in net_certificate table, which has been replaced by the address column. Please note that the address column requires a port, e.g., github.com:443. This column will be removed in a future version. (#50)

What's new?

• Added address column to the net_certificate table to allow specifying a port with the domain name. (#50)

Bug fixes

• Updated the bitbucket.spc and index.md files to include details of BITBUCKET_USERNAME, BITBUCKET_PASSWORD, and BITBUCKET_API_BASE_URL environment variables. (#77)