Skip to content

2.1.0: Performance and Recursion
Compare
Choose a tag to compare
@gabrielsoltz gabrielsoltz released this 18 Nov 14:17
· 70 commits to main since this release
v2.1.0
54ab282
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

This release focuses on performance and association recursion improvements.

  • Associated resources are now "cached" across the whole execution, meaning that if a resource is associated with more than one resource, we only scan it once.
  • Recursion for associations is now standardized and valid for any resource in any combination with a maximum of 2 levels, except when there is an IAM Role; we can go to one more level as it's an important resource to understand Context. Before, we were only supporting this recursion level for a few resources like roles, policies, route tables, and volumes. Now, we do 2 recursion levels for any resource.
  • Instances and IAM Users are now supported as associated resources for drilling.
  • Some previously hardcoded values, like' assume_role_duration' and options related to the outputs, are now in the configuration file.
  • The unknown value is now, by default, not computed from the Impact Scoring calculation. This can be configured.
  • I'm trying to clean up the main file for a better understanding of its logic, so I'm slowly moving related code together to new files, in this case, everything related to findings.
  • Some bug fixing
Assets 2
Loading