Powerpipe
Powerpipe is now the preferred way to run this mod! Migrating from Steampipe →
All v0.x versions of this mod will work in both Steampipe and Powerpipe, but v1.0.0 onwards will be in Powerpipe format only.
Enhancements
- Focus documentation on Powerpipe commands.
- Show how to combine Powerpipe mods with Steampipe plugins.
Breaking changes
- Updated the plugin dependency section of the mod to use
min_version
instead ofversion
. (#43)
What's new?
- Added 10 new controls across the benchmarks for the following services: (#39)
Block Storage
Compute
Identity and Access Management
Object Storage
VCN
Enhancements
- Updated the queries to use the
attributes_std
andaddress
columns from theterraform_resource
table instead ofarguments
,type
andname
columns for better support of terraform state files. (#34)
Dependencies
- Terraform plugin
v0.10.0
or higher is now required. (#34)
What's new?
- Added
connection_name
in the common dimensions to group and filter findings. (see var.common_dimensions) (#26) - Added
tags
as dimensions to group and filter findings. (see var.tag_dimensions) (#26)
What's new?
- New VCN controls added: (#19)
- vcn_network_security_group_restrict_ingress_rdp_all (
steampipe check control.vcn_network_security_group_restrict_ingress_rdp_all
) - vcn_network_security_group_restrict_ingress_ssh_all (
steampipe check control.vcn_network_security_group_restrict_ingress_ssh_all
)
- vcn_network_security_group_restrict_ingress_rdp_all (
Bug fixes
- Fixed
vcn_security_list_restrict_ingress_rdp_all
andvcn_security_list_restrict_ingress_ssh_all
queries to correctly check if the security lists restrict ingress access to ports3389
and22
respectively. (#19)
Enhancements
- Updated docs/index.md and README with new dashboard screenshots and latest format. (#15)
Enhancements
- Added
category
,service
, andtype
tags to benchmarks and controls. (#11)
Breaking changes
- Renamed the
network
benchmark (steampipe check terraform_oci_compliance.benchmark.network
) tovcn
benchmark (steampipe check terraform_oci_compliance.benchmark.vcn
) to maintain consistency with OCI documentation. (#11) - Renamed the following controls and queries to maintain consistency with the benchmark names:
network_default_security_group_allow_icmp_only
tovcn_default_security_group_allow_icmp_only
network_security_list_restrict_ingress_rdp_all
tovcn_security_list_restrict_ingress_rdp_all
network_security_list_restrict_ingress_ssh_all
tovcn_list_restrict_ingress_ssh_all
network_subnet_public_access_blocked
tovcn_subnet_public_access_blocked
What's new?
- Added 8 benchmarks and 18 controls to check Terraform OCI resources against security best practices. Controls for the following services have been added:
- Block Storage
- Cloud Guard
- Compute
- Database
- File Storage
- Identity and Access Management
- Network
- Object Storage