tfsec v0.23.1

• Publish images to docker hub

tfsec v0.23.0

• Add support for Terraform function evaluation, e.g. concat etc.
• Add support for .tfvars files.
• Allow gcp bucket without default key
• Whitelist aws_instance.get_password_data to avoid GEN003 false positives

tfsec v0.22.0

• Add whitelisting to avoid false positives for generic sensitive attributes
• Add parse caching to avoid hanging during scans
• Improve JUnit output for better Bitbucket integration
• Moved warnings about skipped checks to stderr to prevent malformed Junit etc. output
• Added support for dynamic blocks utilising for_each
• Checks are now done for multiple egress/ingress blocks in security groups
• Added --exclude-dir [directory] flag to exclude directories from scans
• Check access param of azure sg rules

tfsec v0.21.0

• New: AWS023: Ensure ECR repository image scans are enabled
• New: AWS024: Ensure Kinesis streams have encryption enabled

tfsec v0.20.0

• New: Added JUnit support
• Fix: Prevent infinite traversal when using local modules
• New: Added option to exclude certain checks globally
• New: Added --soft-fail flag

tfsec v0.19.0

• Add AWS021
• Add AWS022

tfsec v0.18.0

Adds KMS auto-rotation check

tfsec v0.17.0

Added check for unencrypted cloudfront comms

tfsec v0.16.0

Merge pull request #76 from liamg/liamg-improve-output

Improve output

tfsec v0.15.1

Disable CGO for homebrew installs