v1.35.0-B0116

What's changed since pre-release v1.35.0-B0084:

• New features:
  • Added March 2024 baselines Azure.GA_2024_03 and Azure.Preview_2024_03 by @BernieWhite.
    #2781
    • Includes rules released before or during March 2024.
    • Marked Azure.GA_2023_12 and Azure.Preview_2023_12 baselines as obsolete.
• General improvements:
  • Renamed Cognitive Services rules to Azure AI by @BernieWhite.
    #2776
    • Rules that were previously named Azure.Cognitive.* have been renamed to Azure.AI.*.
    • For each rule that has been renamed, an alias has been added to reference the old name.

See change log.

v1.35.0-B0084

What's changed since pre-release v1.35.0-B0055:

• General improvements:
  • Improved export of in-flight data for Event Grid and Azure Firewall Policies by @BernieWhite.
    #2774

See change log.

v1.35.0-B0055

What's changed since pre-release v1.35.0-B0030:

• Updated rules:
  • Updated Azure.AppService.NETVersion to detect out of date .NET versions including .NET 5/6/7 by @BernieWhite.
    #2766
    • Bumped rule set to 2024_03.
  • Updated Azure.AppService.PHPVersion to detect out of date PHP versions before 8.2 by @BernieWhite.
    #2768
    • Fixed Azure.AppService.PHPVersion check fails when phpVersion is null.
    • Bumped rule set to 2024_03.
  • Updated Azure.AKS.Version to use 1.27.9 as the minimum version by @BernieWhite.
    #2771
• General improvements:
  • Quality updates to rule documentation by @BernieWhite.
    #2570
  • Additional policies added to default ignore list by @BernieWhite.
    #1731
• Bug fixes:
  • Fixed failed to expand JObject value with invalid key by @BernieWhite.
    #2751

See change log.

v1.35.0-B0030

What's changed since pre-release v1.35.0-B0012:

• General improvements:
  • Add rule severity to rule documentation pages by @BernieWhite.
    #1243
  • Add documentation redirects for renamed rules by @BernieWhite.
    #2757
• Engineering:
  • Bump coverlet.collector to v6.0.2.
    #2754
• Bug fixes:
  • Fixed false negative from Azure.LB.AvailabilityZone when zone list is empty or null by @jtracey93.
    #2759

See change log.

v1.35.0-B0012

What's changed since v1.34.2:

• New features:
  • Added WAF pillar specific baselines by @BernieWhite.
    #1633
    #2752
    • Use pillar specific baselines to target a specific area of the Azure Well-Architected Framework.
    • The following baselines have been added:
      • Azure.Pillar.CostOptimization
      • Azure.Pillar.OperationalExcellence
      • Azure.Pillar.PerformanceEfficiency
      • Azure.Pillar.Reliability
      • Azure.Pillar.Security
• General improvements:
  • Documentation improvements by @BernieWhite.
    #2570

See change log.

v1.34.2

What's changed since v1.34.1:

• Bug fixes:
  • Fixed export of in-flight data for flexible PostgreSQL servers by @BernieWhite.
    #2744

See change log.

v1.34.1

What's changed since v1.34.0:

• Bug fixes:
  • Fixed policy as rules export issues by @BernieWhite.
    #2724
    #2725
    #2726
    #2727

See change log.

v1.34.0

What's changed since v1.33.2:

• New rules:
  • Azure Kubernetes Service:
    • Check that user mode pools have a minimum number of nodes by @BernieWhite.
      #2683
      • Added configuration to support changing the minimum number of node and to exclude node pools.
      • Set AZURE_AKS_CLUSTER_USER_POOL_MINIMUM_NODES to set the minimum number of user nodes.
      • Set AZURE_AKS_CLUSTER_USER_POOL_EXCLUDED_FROM_MINIMUM_NODES to exclude a specific node pool by name.
• Updated rules:
  • Azure Kubernetes Service:
    • Updated Azure.AKS.MinNodeCount the count nodes system node pools by @BernieWhite.
      #2683
      • Improved guidance and examples specifically for system node pools.
      • Added configuration to support changing the minimum number of node.
      • Set AZURE_AKS_CLUSTER_MINIMUM_SYSTEM_NODES to set the minimum number of system nodes.
  • Front Door:
    • Updated Azure.FrontDoor.Logs to cover premium and standard profiles instead of just classic by @BernieWhite.
      #2704
      • Added a selector for premium and standard profiles Azure.FrontDoor.IsStandardOrPremium.
      • Added a selector for classic profiles Azure.FrontDoor.IsClassic.
      • Updated rule set to 2024_03.
  • Microsoft Defender for Cloud:
    • Renamed rules to align with recommended naming length by @BernieWhite.
      #2718
      • Renamed Azure.Defender.Storage.SensitiveData to Azure.Defender.Storage.DataScan.
    • Promoted Azure.Defender.Storage.MalwareScan to GA rule set by @BernieWhite.
      #2590
  • Storage Account:
    • Renamed rules to align with recommended naming length by @BernieWhite.
      #2718
      • Renamed Azure.Storage.DefenderCloud.MalwareScan to Azure.Storage.Defender.MalwareScan.
      • Renamed Azure.Storage.DefenderCloud.SensitiveData to Azure.Storage.Defender.DataScan.
    • Promoted Azure.Storage.Defender.MalwareScan to GA rule set by @BernieWhite.
      #2590
• General improvements:
  • Moved .bicepparam file support to stable by @BernieWhite.
    #2682
    • Bicep param files are now automatically expanded when found.
    • To disable expansion, set the configuration option AZURE_BICEP_PARAMS_FILE_EXPANSION to false.
  • Added support for type/ variable/ and function imports from Bicep files by @BernieWhite.
    #2537
  • Added duplicate policies to default ignore list by @BernieWhite.
    #1731
  • Documentation and metadata improvements by @BernieWhite.
    #1772
    #2570
• Engineering:
  • Updated resource providers and policy aliases.
    #2717
  • Improved debugging experience by providing symbols for .NET code by @BernieWhite.
    #2712
  • Bump Microsoft.NET.Test.Sdk to v17.9.0.
    #2680
  • Bump xunit to v2.7.0.
    #2688
  • Bump xunit.runner.visualstudio to v2.5.7.
    #2689
  • Bump coverlet.collector to v6.0.1.
    #2699
• Bug fixes:
  • Fixed missing zones property for public IP addresses by @BernieWhite.
    #2698
  • Fixes for policy as rules by @BernieWhite.
    #181
    #1323

What's changed since pre-release v1.34.0-B0077:

• No additional changes.

See change log.

v1.34.0-B0077

What's changed since pre-release v1.34.0-B0047:

• Updated rules:
  • Microsoft Defender for Cloud:
    • Renamed rules to align with recommended naming length by @BernieWhite.
      #2718
      • Renamed Azure.Defender.Storage.SensitiveData to Azure.Defender.Storage.DataScan.
    • Promoted Azure.Defender.Storage.MalwareScan to GA rule set by @BernieWhite.
      #2590
  • Storage Account:
    • Renamed rules to align with recommended naming length by @BernieWhite.
      #2718
      • Renamed Azure.Storage.DefenderCloud.MalwareScan to Azure.Storage.Defender.MalwareScan.
      • Renamed Azure.Storage.DefenderCloud.SensitiveData to Azure.Storage.Defender.DataScan.
    • Promoted Azure.Storage.Defender.MalwareScan to GA rule set by @BernieWhite.
      #2590
• General improvements:
  • Added duplicate policies to default ignore list by @BernieWhite.
    #1731
• Engineering:
  • Updated resource providers and policy aliases.
    #2717
• Bug fixes:
  • Fixes for policy as rules by @BernieWhite.
    #181
    #1323

See change log.

v1.34.0-B0047

What's changed since pre-release v1.34.0-B0022:

• General improvements:
  • Added support for type/ variable/ and function imports from Bicep files by @BernieWhite.
    #2537
• Engineering:
  • Improved debugging experience by providing symbols for .NET code by @BernieWhite.
    #2712

See change log.