ci(deps): bump golang from 1.20.7-alpine to 1.21.0-alpine in Checkmarx/kics#6623
👻 Maintenance
update(docs): adding github icon into readme and docs website in Checkmarx/kics#6722
update(comments): comments related to files extensions updated in Checkmarx/kics#6696
docs(queries): update queries catalog in Checkmarx/kics#6699
v1.7.7
🚀 New features and improvements
feat(panic): add panic handler to possible panic places in Checkmarx/kics#6527
Processing .gitignore – paths assumed for KICS scan exclusion
From v1.6, KICS will read .gitignore file in the root of the project to exclude from the scan the paths therein.
How does this impact your scans?
You will only be affected by this change in case you use KICS locally on your develop environment.
Notice that if you are using KICS on top of a repository (e.g., as part of a CI/CD pipeline) those paths already do not exist, so there will be no effect for those scenarios.
You’ll notice an apparent loss of results: results identified in files under the .gitignore paths will no more be identified.
Consistency between scan with and without the -t flag
-t or --type flag is used to instruct KICS to scan only files of specific technologies.
Before v1.6, KICS with -t flag would scan the project and, in case there are no files of the specified technologies, it will terminate with a message “No files were scanned” and no other output.
From v1.6, KICS will keep its behavior consistent whether -t flag is used or not. Meaning: it will always output results file, even if it is an “empty” results report is created due to no files being scanned, as shown in the image below.
How does this impact your scans?
You will only be affected by this change in case you use KICS with flag -t/--type AND there are no files of the specified “type” in the scanned project.
If you rely on the message “No files were scanned” for some post-scan action, this change will also affect you, because that message disappears now.
Masking Secrets – Hide secrets from results when KICS finds them
From v1.6, KICS will mask/hide identified secrets out of results reports, in order to avoid exposing them to undesirable report readers.
How does this impact your scans?
This is not likely to impact you in any way.
Notice that results of secrets and passwords will appear in a slightly different, but more secure, fashion (see below an example of an HTML report)
... (truncated)
Commits
5be1428 Merge pull request #6729 from Checkmarx/feature/kicsbot-update-docs-index
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot]
commented
1 year ago
Bumps github.com/Checkmarx/kics from 1.4.9 to 1.7.8.
Release notes
Sourced from github.com/Checkmarx/kics's releases.
... (truncated)
Changelog
Sourced from github.com/Checkmarx/kics's changelog.
... (truncated)
Commits
5be1428Merge pull request #6729 from Checkmarx/feature/kicsbot-update-docs-indexe2ab851updatea63ffaedocs(kicsbot): preparing for release 1.7.8643f5ffMerge pull request #6699 from Checkmarx/feature/kicsbot-update-queries-docs6452c76Merge branch 'master' into feature/kicsbot-update-queries-docsd9f1538Merge pull request #6722 from Checkmarx/adding-github-iconc674864Merge branch 'adding-github-icon' of https://github.com/Checkmarx/kics into a...5b5ce56alt text correctionc81cfc9Merge branch 'master' into adding-github-iconb5afabcMerge pull request #6726 from liorj-orca/terraform_parse_recoverDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show