From cb8a4e048697d1d20c98b0de8687d9c84ea759fa Mon Sep 17 00:00:00 2001 From: Aurelien Gateau Date: Wed, 16 Aug 2023 10:53:23 +0200 Subject: [PATCH] chore(release): 1.18.0 --- CHANGELOG.md | 73 +++++++++++++++++++ actions/iac/action.yml | 2 +- actions/sca/action.yml | 2 +- actions/secret/action.yml | 2 +- ...2111_aurelien.gateau_docker_max_workers.md | 3 - ..._handling_of_quota_limit_reached_errors.md | 41 ----------- ...ylvain.baud.ext_iac_scan_parameters_fix.md | 3 - ...0230705_183308_aurelien.gateau_drop_3_7.md | 3 - ...l.beslin.ext_refactor_iac_scan_commands.md | 11 --- ..._aurelien.gateau_fix_maximum_size_check.md | 3 - ...624_paul.beslin.ext_iac_scan_ci_command.md | 9 --- ...in.lacombe_logout_hmsl_when_auth_logout.md | 3 - ...1_samuel.guillaume_pin_pyyaml_gte_6_0_1.md | 41 ----------- ...7_171745_antonin.lacombe_hmsl_env_files.md | 3 - ..._henri.hubert_allow_scan_all_pre_commit.md | 3 - ...0230801_185552_henri.hubert_add_ghsa_id.md | 3 - ...2_153039_henri.hubert_add_sca_scan_diff.md | 3 - ...315_aurelien.gateau_config_set_instance.md | 3 - ...814_aurelien.gateau_update_cryptography.md | 3 - ...0811_135805_aurelien.gateau_unhide_hmsl.md | 3 - ggshield/__init__.py | 2 +- 21 files changed, 77 insertions(+), 142 deletions(-) delete mode 100644 changelog.d/20230704_152111_aurelien.gateau_docker_max_workers.md delete mode 100644 changelog.d/20230705_120528_samuel.guillaume_scrt_3734_ggshield_improve_handling_of_quota_limit_reached_errors.md delete mode 100644 changelog.d/20230705_164100_sylvain.baud.ext_iac_scan_parameters_fix.md delete mode 100644 changelog.d/20230705_183308_aurelien.gateau_drop_3_7.md delete mode 100644 changelog.d/20230707_170027_paul.beslin.ext_refactor_iac_scan_commands.md delete mode 100644 changelog.d/20230712_171932_aurelien.gateau_fix_maximum_size_check.md delete mode 100644 changelog.d/20230718_171624_paul.beslin.ext_iac_scan_ci_command.md delete mode 100644 changelog.d/20230720_140628_antonin.lacombe_logout_hmsl_when_auth_logout.md delete mode 100644 changelog.d/20230727_102601_samuel.guillaume_pin_pyyaml_gte_6_0_1.md delete mode 100644 changelog.d/20230727_171745_antonin.lacombe_hmsl_env_files.md delete mode 100644 changelog.d/20230801_183736_henri.hubert_allow_scan_all_pre_commit.md delete mode 100644 changelog.d/20230801_185552_henri.hubert_add_ghsa_id.md delete mode 100644 changelog.d/20230802_153039_henri.hubert_add_sca_scan_diff.md delete mode 100644 changelog.d/20230807_180315_aurelien.gateau_config_set_instance.md delete mode 100644 changelog.d/20230808_105814_aurelien.gateau_update_cryptography.md delete mode 100644 changelog.d/20230811_135805_aurelien.gateau_unhide_hmsl.md diff --git a/CHANGELOG.md b/CHANGELOG.md index 96964bf241..67bf8ea3d6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,78 @@ # Changelog + + +## 1.18.0 — 2023-08-16 + +### Added + +#### HMSL + +- ggshield gained a new group of commands: `hmsl`, short for "Has My Secret Leaked". These commands make it possible to securely check if secrets have been leaked in a public repository. + +#### IaC + +- `ggshield iac scan` now provides three new commands for use as Git hooks: + + - `ggshield iac scan pre-commit` + - `ggshield iac scan pre-push` + - `ggshield iac scan pre-receive` + + They use the same arguments and options as the other `ggshield iac scan` commands. + +- The new `ggshield iac scan ci` command can be used to perform IaC scans in CI environments. + It supports the same arguments as hook subcommands (in particular, `--all` to scan the whole repository). + Supported CIs are: + + - Azure + - Bitbucket + - CircleCI + - Drone + - GitHub + - GitLab + - Jenkins + - Travis + +#### SCA + +- `ggshield sca scan pre-commit` now provides a `--all` option to scan all files. + +- The text output of `ggshield sca` scans now includes the identifier of the SCA vulnerability. + +- The new `ggshield sca scan diff` command can be used to run custom differential scans. + +#### Other + +- It is now possible to manipulate the default instance using `ggshield config`: + + - `ggshield config set instance ` defines the default instance. + - `ggshield config unset instance` removes the previously defined instance. + - The default instance can be printed with `ggshield config get instance` and `ggshield config list`. + +### Changed + +- ggshield now requires Python 3.8. + +- The IaC Github Action now runs the new `ggshield iac scan ci` command. This means the action only fails if the changes introduce a new vulnerability. To fail if any vulnerability is detected, use the `ggshield iac scan ci --all` command. + +### Removed + +- The following options have been removed from `ggshield iac scan diff`: `--pre-commit`, `--pre-push` and `--pre-receive`. You can replace them with the new `ggshield iac scan pre-*` commands. + +### Fixed + +- `ggshield secret scan docker` now runs as many scans in parallel as the other scan commands. + +- `ggshield` now provides an easier-to-understand error message for "quota limit reached" errors (#309). + +- `ggshield iac scan diff` `--minimum-severity` and `--ignore-policy` options are now correctly processed. + +- `ggshield secret scan` no longer tries to scan files longer than the maximum document size (#561). + +### Security + +- ggshield now depends on cryptography 41.0.3, fixing https://github.com/advisories/GHSA-jm77-qphf-c4w8. + ## 1.17.3 — 2023-07-27 diff --git a/actions/iac/action.yml b/actions/iac/action.yml index 45122195a6..007343fe1c 100644 --- a/actions/iac/action.yml +++ b/actions/iac/action.yml @@ -21,7 +21,7 @@ branding: color: 'blue' runs: using: 'docker' - image: 'docker://gitguardian/ggshield:v1.17.3' + image: 'docker://gitguardian/ggshield:v1.18.0' entrypoint: '/app/docker/actions-iac-entrypoint.sh' args: - ${{ inputs.args }} diff --git a/actions/sca/action.yml b/actions/sca/action.yml index e0928c5197..ff0c023878 100644 --- a/actions/sca/action.yml +++ b/actions/sca/action.yml @@ -19,7 +19,7 @@ branding: color: 'blue' runs: using: 'docker' - image: 'docker://gitguardian/ggshield:v1.17.2' + image: 'docker://gitguardian/ggshield:v1.18.0' entrypoint: '/app/docker/actions-sca-entrypoint.sh' args: - ${{ inputs.args }} diff --git a/actions/secret/action.yml b/actions/secret/action.yml index 00fd5a1d42..fd253d79b8 100644 --- a/actions/secret/action.yml +++ b/actions/secret/action.yml @@ -21,7 +21,7 @@ inputs: runs: using: 'docker' - image: 'docker://gitguardian/ggshield:v1.17.3' + image: 'docker://gitguardian/ggshield:v1.18.0' entrypoint: '/app/docker/actions-secret-entrypoint.sh' args: - ${{ inputs.args }} diff --git a/changelog.d/20230704_152111_aurelien.gateau_docker_max_workers.md b/changelog.d/20230704_152111_aurelien.gateau_docker_max_workers.md deleted file mode 100644 index ca690f20f4..0000000000 --- a/changelog.d/20230704_152111_aurelien.gateau_docker_max_workers.md +++ /dev/null @@ -1,3 +0,0 @@ -### Fixed - -- `ggshield secret scan docker` now runs as many scans in parallel as the other scan commands. diff --git a/changelog.d/20230705_120528_samuel.guillaume_scrt_3734_ggshield_improve_handling_of_quota_limit_reached_errors.md b/changelog.d/20230705_120528_samuel.guillaume_scrt_3734_ggshield_improve_handling_of_quota_limit_reached_errors.md deleted file mode 100644 index 19689d752d..0000000000 --- a/changelog.d/20230705_120528_samuel.guillaume_scrt_3734_ggshield_improve_handling_of_quota_limit_reached_errors.md +++ /dev/null @@ -1,41 +0,0 @@ - - - - - - - -### Fixed - -- Improve handling of "quota limit reached" errors (#309) - - diff --git a/changelog.d/20230705_164100_sylvain.baud.ext_iac_scan_parameters_fix.md b/changelog.d/20230705_164100_sylvain.baud.ext_iac_scan_parameters_fix.md deleted file mode 100644 index 6360fba4f4..0000000000 --- a/changelog.d/20230705_164100_sylvain.baud.ext_iac_scan_parameters_fix.md +++ /dev/null @@ -1,3 +0,0 @@ -### Fixed - -- `ggshield iac scan diff` `minimum-severity` and `ignore-policy` arguments are now correctly processed. diff --git a/changelog.d/20230705_183308_aurelien.gateau_drop_3_7.md b/changelog.d/20230705_183308_aurelien.gateau_drop_3_7.md deleted file mode 100644 index d15197c1f0..0000000000 --- a/changelog.d/20230705_183308_aurelien.gateau_drop_3_7.md +++ /dev/null @@ -1,3 +0,0 @@ -### Changed - -- ggshield now requires Python 3.8. diff --git a/changelog.d/20230707_170027_paul.beslin.ext_refactor_iac_scan_commands.md b/changelog.d/20230707_170027_paul.beslin.ext_refactor_iac_scan_commands.md deleted file mode 100644 index a776e867da..0000000000 --- a/changelog.d/20230707_170027_paul.beslin.ext_refactor_iac_scan_commands.md +++ /dev/null @@ -1,11 +0,0 @@ -### Removed - -- These options are removed in `ggshield iac scan diff`: `--pre-commit`, `--pre-push` and `--pre-receive`. Please use the new related commands instead. - -### Added - -- Three new commands are added for use as Git hooks: - - `ggshield iac scan pre-commit` - - `ggshield iac scan pre-push` - - `ggshield iac scan pre-receive` - They use the same arguments and options as other IaC scan commands. diff --git a/changelog.d/20230712_171932_aurelien.gateau_fix_maximum_size_check.md b/changelog.d/20230712_171932_aurelien.gateau_fix_maximum_size_check.md deleted file mode 100644 index 7877fb120c..0000000000 --- a/changelog.d/20230712_171932_aurelien.gateau_fix_maximum_size_check.md +++ /dev/null @@ -1,3 +0,0 @@ -### Fixed - -- `ggshield secret scan` no longer tries to scan files that are longer than the maximum document size (#561). diff --git a/changelog.d/20230718_171624_paul.beslin.ext_iac_scan_ci_command.md b/changelog.d/20230718_171624_paul.beslin.ext_iac_scan_ci_command.md deleted file mode 100644 index 5b7412acc0..0000000000 --- a/changelog.d/20230718_171624_paul.beslin.ext_iac_scan_ci_command.md +++ /dev/null @@ -1,9 +0,0 @@ -### Added - -- A new command is added to IaC scans: `ggshield iac scan ci`. It is meant to simplify using IaC scans in CI environments. - It allows the same arguments as hook subcommands (in particular, `--all` to perform a scan on the whole repository). - Supported CIs are: - Azure - Bitbucket - CircleCI - Drone - Github - Gitlab - Jenkins - Travis - -### Changed - -- Code is shared between iac scan CI and secret scan CI. Commit range functions are now inside `ggshield/core/git_hooks/ci.py`. diff --git a/changelog.d/20230720_140628_antonin.lacombe_logout_hmsl_when_auth_logout.md b/changelog.d/20230720_140628_antonin.lacombe_logout_hmsl_when_auth_logout.md deleted file mode 100644 index cc00ace33a..0000000000 --- a/changelog.d/20230720_140628_antonin.lacombe_logout_hmsl_when_auth_logout.md +++ /dev/null @@ -1,3 +0,0 @@ -### Fixed - -- The logout command now also logout HMSL diff --git a/changelog.d/20230727_102601_samuel.guillaume_pin_pyyaml_gte_6_0_1.md b/changelog.d/20230727_102601_samuel.guillaume_pin_pyyaml_gte_6_0_1.md deleted file mode 100644 index f4773acdab..0000000000 --- a/changelog.d/20230727_102601_samuel.guillaume_pin_pyyaml_gte_6_0_1.md +++ /dev/null @@ -1,41 +0,0 @@ - - - - - - - -### Fixed - -- Pin PyYAML>=6.0.1 to fix building (see https://github.com/yaml/pyyaml/pull/702) - - diff --git a/changelog.d/20230727_171745_antonin.lacombe_hmsl_env_files.md b/changelog.d/20230727_171745_antonin.lacombe_hmsl_env_files.md deleted file mode 100644 index be604762e2..0000000000 --- a/changelog.d/20230727_171745_antonin.lacombe_hmsl_env_files.md +++ /dev/null @@ -1,3 +0,0 @@ -### Added - -- The command `gshield hmsl fingerprint` can now take an environment file (.env) diff --git a/changelog.d/20230801_183736_henri.hubert_allow_scan_all_pre_commit.md b/changelog.d/20230801_183736_henri.hubert_allow_scan_all_pre_commit.md deleted file mode 100644 index 7013fc8835..0000000000 --- a/changelog.d/20230801_183736_henri.hubert_allow_scan_all_pre_commit.md +++ /dev/null @@ -1,3 +0,0 @@ -### Added - -- Add `--all` flag for `ggshield sca scan pre-commit` command to scan all the files. diff --git a/changelog.d/20230801_185552_henri.hubert_add_ghsa_id.md b/changelog.d/20230801_185552_henri.hubert_add_ghsa_id.md deleted file mode 100644 index 4c47bac8b7..0000000000 --- a/changelog.d/20230801_185552_henri.hubert_add_ghsa_id.md +++ /dev/null @@ -1,3 +0,0 @@ -### Added - -- Add the identifier of the SCA vulnerability in the text output diff --git a/changelog.d/20230802_153039_henri.hubert_add_sca_scan_diff.md b/changelog.d/20230802_153039_henri.hubert_add_sca_scan_diff.md deleted file mode 100644 index 95390f273d..0000000000 --- a/changelog.d/20230802_153039_henri.hubert_add_sca_scan_diff.md +++ /dev/null @@ -1,3 +0,0 @@ -### Added - -- Add `ggshield sca scan diff` command to allow users to make custom differential scans. diff --git a/changelog.d/20230807_180315_aurelien.gateau_config_set_instance.md b/changelog.d/20230807_180315_aurelien.gateau_config_set_instance.md deleted file mode 100644 index f68c03da71..0000000000 --- a/changelog.d/20230807_180315_aurelien.gateau_config_set_instance.md +++ /dev/null @@ -1,3 +0,0 @@ -### Added - -- It is now possible to manipulate the default instance using `ggshield config`: `ggshield config set instance ` defines the default instance, `ggshield config unset instance` removes the previously defined instance. The default instance can be printed with `ggshield config get instance` and `ggshield config list`. diff --git a/changelog.d/20230808_105814_aurelien.gateau_update_cryptography.md b/changelog.d/20230808_105814_aurelien.gateau_update_cryptography.md deleted file mode 100644 index 450426bb4f..0000000000 --- a/changelog.d/20230808_105814_aurelien.gateau_update_cryptography.md +++ /dev/null @@ -1,3 +0,0 @@ -### Security - -- ggshield now depends on cryptography 41.0.3, fixing . diff --git a/changelog.d/20230811_135805_aurelien.gateau_unhide_hmsl.md b/changelog.d/20230811_135805_aurelien.gateau_unhide_hmsl.md deleted file mode 100644 index e1d8a63e12..0000000000 --- a/changelog.d/20230811_135805_aurelien.gateau_unhide_hmsl.md +++ /dev/null @@ -1,3 +0,0 @@ -### Added - -- ggshield gained a new group of commands: `hmsl`, short for "Has My Secret Leaked". These commands make it possible to securely check if secrets have been leaked in a public repository. diff --git a/ggshield/__init__.py b/ggshield/__init__.py index 66942597d9..6cea18d86c 100644 --- a/ggshield/__init__.py +++ b/ggshield/__init__.py @@ -1 +1 @@ -__version__ = "1.17.3" +__version__ = "1.18.0"