All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Update vitest version to v3.0.5 to mitigate CVE-2025-24964
- Daily policy scan via EventBridge Rule / Step Function that records all found policies in DynamoDB
- PolicyExplorer page on the UI
- Ability to export all result tables as .csv
- Support for policy scans in AWS services: AWS RAM, EventBridge Schemas, AWS Systems Manager Incident Manager Contacts, Redshift, ACM-PCA and Lex v2
- Support for Service Control Policies
- Deprecated Resource Based Policy module in favor of Policy Explorer. Data from previous Resource Based Policy scans can still be viewed, but cannot start new scans.
- Upgraded Amplify library from v5 to v6
- Upgraded mock-service-worker library from v1 to v2
- Upgraded from create-react-app to vite
- Make handling of 'content-type' request header case-insensitive to be more resilient to API Gateway service changes
- API error responses are now displayed on the UI properly, no longer disguised as CORS problems
- ApplicationInsightsConfiguration due to race condition that caused intermittent deployment failures. Customer can still set up ApplicationInsights through AWS Console if desired.
- Updated dependencies to address cross-spawn CVE-2024-21538
- Updated dependencies to address cross-spawn CVE-2024-21538
- Updated dependencies to mitigate CVE-2024-21536
- Add poetry.lock to pin dependency versions for Python code
- Adapt build scripts to use Poetry for dependency management
- Remove dependencies
bootstrapanddatefns - Allow backend to accept uppercase http headers, to prevent errors when receiving uppercase
Content-type - Replace pip3/requirements.txt dependency management with Poetry
- Add poetry.lock file to support reproducible builds, improve vulnerability scanning
- Upgrade
rollupto mitigate CVE-2024-47068
path-to-regexpto mitigate CVE-2024-45296
- Added support for keys
aws:SourceOrgID,aws:SourceOrgPathsin policy conditions
motofrom v4.x to v5.x for python unit testsmicromatchto mitigate CVE-2024-4067webpackto mitigate CVE-2024-43788expressto mitigate CVE-2024-43796sendto mitigate CVE-2024-43799serve-staticto mitigate CVE-2024-43800path-to-regexpto mitigate CVE-2024-45296body-parserto mitigate CVE-2024-45590
- Upgrade
axiosto mitigate CVE-2024-39338
- Upgrade
fast-xml-parserto mitigate CVE-2024-41818
- When scan fails for a certain S3 bucket, the solution will no longer fail the scan for all S3 buckets in the account. The failed buckets will be reported as individual failures with bucket name in on the solution UI, while scan results for all other buckets will be reported successfully.
- Updated package versions to resolve security vulnerabilities.
- Updated package versions to resolve security vulnerabilities.
- Updated package versions to resolve security vulnerabilities.
- Pinned boto3 and botocore versions to ~1.34.0
- Updated package versions to resolve security vulnerabilities.
- Mitigated impact caused by new default settings for S3 Object Ownership (ACLs disabled) for all new S3 buckets.
- Support scanning more than five specified OpenSearch Service domains. Fixed #7
- Support scanning S3 bucket policies in the Opt-In regions.
- AppRegistry Attribute Group name with a unique string.
- Optional Multi-factor authentication (MFA) for Cognito User Pool
- Shortened the role name in OrgManagementStack to avoid name length constraints in some regions. #3
- Encryption of DynamoDB tables from AWS owned to AWS managed key. Allows customers to view key metadata and audit key use in AWS CloudTrail logs.
- Increase Lambda function memory size to scan large number of accounts in AWS Organizations
- Ignore deleted CloudFormation stacks in the Resource-based policy scan.
- Fix typo to process next marker when listing IoT policies.
- Updated 3rd party library versions
- Mitigated vulnerability in py library by updating pytest version
- All files, initial version