Merge pull request #327 from accurics/docs/k8s

Documents k8s policies
tenable · Sep 16, 2020 · 4c30787 · 4c30787
2 parents d182f1c + 142dccc
commit 4c30787
Show file tree

Hide file tree

Showing 5 changed files with 182 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,52 @@
 # Changelog
 
-## 1.0.0 (UNRELEASED)
+## [v1.1.0](/~https://github.com/accurics/terrascan/tree/v1.1.0) (2020-09-16)
+
+[Full Changelog](/~https://github.com/accurics/terrascan/compare/v1.0.0...v1.1.0)
+
+**Implemented enhancements:**
+
+- Initial kubernetes support [\#313](/~https://github.com/accurics/terrascan/pull/313) ([williepaul](/~https://github.com/williepaul))
+- Adds different exit code when issues are found [\#299](/~https://github.com/accurics/terrascan/pull/299) ([cesar-rodriguez](/~https://github.com/cesar-rodriguez))
+- Adding terrascan to Homebrew [\#293](/~https://github.com/accurics/terrascan/issues/293)
+
+**Fixed bugs:**
+
+- Oudated Docker image [\#294](/~https://github.com/accurics/terrascan/issues/294)
+- Error with XML output [\#290](/~https://github.com/accurics/terrascan/issues/290)
+- Fixed checkIpForward rule \(gcp\) [\#323](/~https://github.com/accurics/terrascan/pull/323) ([williepaul](/~https://github.com/williepaul))
+
+**Closed issues:**
+
+- Terrascan wrongly reports a accurics.gcp.NS.130 \(checkIpForward\) violation [\#320](/~https://github.com/accurics/terrascan/issues/320)
+- Allow structure output \(Json\) [\#252](/~https://github.com/accurics/terrascan/issues/252)
+- Throwing Errors when parsing nested brackets in HCL [\#233](/~https://github.com/accurics/terrascan/issues/233)
+- Be able to generate xml/html reports [\#119](/~https://github.com/accurics/terrascan/issues/119)
+
+**Merged pull requests:**
+
+- Revert "fixed a bug in checkIpForward" [\#322](/~https://github.com/accurics/terrascan/pull/322) ([cesar-rodriguez](/~https://github.com/cesar-rodriguez))
+- Fixed a bug in checkIpForward [\#321](/~https://github.com/accurics/terrascan/pull/321) ([williepaul](/~https://github.com/williepaul))
+- Move server command out of ENTRYPOINT and into CMD [\#318](/~https://github.com/accurics/terrascan/pull/318) ([williepaul](/~https://github.com/williepaul))
+- Send logs to stderr instead of stdout [\#317](/~https://github.com/accurics/terrascan/pull/317) ([williepaul](/~https://github.com/williepaul))
+- Fix template rendering bug [\#316](/~https://github.com/accurics/terrascan/pull/316) ([williepaul](/~https://github.com/williepaul))
+- chore\(docs\): add homebrew installation [\#315](/~https://github.com/accurics/terrascan/pull/315) ([chenrui333](/~https://github.com/chenrui333))
+- Update badges in readme [\#314](/~https://github.com/accurics/terrascan/pull/314) ([acc-jon](/~https://github.com/acc-jon))
+- Update mkdocs-diagrams to 1.0.0 [\#312](/~https://github.com/accurics/terrascan/pull/312) ([pyup-bot](/~https://github.com/pyup-bot))
+- Add support to print resource config as an output [\#309](/~https://github.com/accurics/terrascan/pull/309) ([kanchwala-yusuf](/~https://github.com/kanchwala-yusuf))
+- Manage relative module path [\#308](/~https://github.com/accurics/terrascan/pull/308) ([guilhem](/~https://github.com/guilhem))
+- Update mkdocs-material to 5.5.12 [\#307](/~https://github.com/accurics/terrascan/pull/307) ([pyup-bot](/~https://github.com/pyup-bot))
+- chore\(docs\): fix indent of tar extraction [\#306](/~https://github.com/accurics/terrascan/pull/306) ([zmarouf](/~https://github.com/zmarouf))
+- Fixes issue template and rego capitalization [\#301](/~https://github.com/accurics/terrascan/pull/301) ([cesar-rodriguez](/~https://github.com/cesar-rodriguez))
+- Update mkdocs-material to 5.5.8 [\#300](/~https://github.com/accurics/terrascan/pull/300) ([pyup-bot](/~https://github.com/pyup-bot))
+- Update about.md [\#298](/~https://github.com/accurics/terrascan/pull/298) ([Upa-acc](/~https://github.com/Upa-acc))
+- Updated policies to the latest set [\#297](/~https://github.com/accurics/terrascan/pull/297) ([williepaul](/~https://github.com/williepaul))
+- Fixes docker latest tag [\#296](/~https://github.com/accurics/terrascan/pull/296) ([cesar-rodriguez](/~https://github.com/cesar-rodriguez))
+- Typo fixes [\#295](/~https://github.com/accurics/terrascan/pull/295) ([erichs](/~https://github.com/erichs))
+- Update mkdocs-material to 5.5.7 [\#292](/~https://github.com/accurics/terrascan/pull/292) ([pyup-bot](/~https://github.com/pyup-bot))
+- Fix xml output [\#291](/~https://github.com/accurics/terrascan/pull/291) ([kanchwala-yusuf](/~https://github.com/kanchwala-yusuf))
+
+## 1.0.0 (2020-08-16)
 Major updates to Terrascan and the underlying architecture including:
 
 - Pluggable architecture written in Golang. We updated the architecture to be easier to extend Terrascan with additional IaC languages and support policies for different cloud providers and cloud native tooling.
@@ -29,3 +75,5 @@ Major updates to Terrascan and the underlying architecture including:
 
 ## 0.1.0 (2017-11-26)
 - First release on PyPI.
+
+\* *This Changelog was automatically generated by [github_changelog_generator](/~https://github.com/github-changelog-generator/github-changelog-generator)*
diff --git a/README.md b/README.md
@@ -19,13 +19,13 @@ Detect compliance and security violations across Infrastructure as Code to mitig
 ## Features
 * 500+ Policies for security best practices
 * Scanning of Terraform 12+ (HCL2)
-* Support for AWS, Azure, and GCP
+* Support for AWS, Azure, GCP, and Kubernetes
 
 ## Installing
 Terrascan's binary for your architecture can be found on the [releases](/~https://github.com/accurics/terrascan/releases) page. Here's an example of how to install it:
 
 ```sh
-$ curl --location /~https://github.com/accurics/terrascan/releases/download/v1.0.0/terrascan_1.0.0_Darwin_x86_64.tar.gz --output terrascan.tar.gz
+$ curl --location /~https://github.com/accurics/terrascan/releases/download/v1.1.0/terrascan_1.1.0_Darwin_x86_64.tar.gz --output terrascan.tar.gz
 $ tar -xvf terrascan.tar.gz
   x CHANGELOG.md
   x LICENSE
@@ -39,8 +39,8 @@ If you have go installed, Terrascan can be installed with `go get`
 ```
 $ export GO111MODULE=on
 $ go get -u github.com/accurics/terrascan/cmd/terrascan
-  go: downloading github.com/accurics/terrascan v1.0.0
-  go: found github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.0.0
+  go: downloading github.com/accurics/terrascan v1.1.0
+  go: found github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.1.0
   ...
 $ terrascan
 ```

diff --git a/docs/getting-started.md b/docs/getting-started.md
@@ -5,7 +5,7 @@ Terrascan is a static code analyzer for Infrastructure as Code tooling. It can e
 Terrascan's binary can be found on the package for each [release](/~https://github.com/accurics/terrascan/releases). Here's an example of how to install it:
 
 ``` Bash
-$ curl --location /~https://github.com/accurics/terrascan/releases/download/v1.0.0/terrascan_1.0.0_Darwin_x86_64.tar.gz --output terrascan.tar.gz
+$ curl --location /~https://github.com/accurics/terrascan/releases/download/v1.1.0/terrascan_1.1.0_Darwin_x86_64.tar.gz --output terrascan.tar.gz
 $ tar -xvf terrascan.tar.gz
 x CHANGELOG.md
 x LICENSE
@@ -19,8 +19,8 @@ If you have go installed, Terrascan can be installed with `go get`
 ```
 $ export GO111MODULE=on
 $ go get -u github.com/accurics/terrascan/cmd/terrascan
-  go: downloading github.com/accurics/terrascan v1.0.0
-  go: found github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.0.0
+  go: downloading github.com/accurics/terrascan v1.1.0
+  go: found github.com/accurics/terrascan/cmd/terrascan in github.com/accurics/terrascan v1.1.0
   ...
 $ terrascan
 ```
@@ -106,10 +106,10 @@ Flags:
   -h, --help                 help for scan
   -d, --iac-dir string       path to a directory containing one or more IaC files (default ".")
   -f, --iac-file string      path to a single IaC file
-  -i, --iac-type string      iac type (terraform) (default "terraform")
-      --iac-version string   iac version (v12) (default "v12")
+  -i, --iac-type string      iac type (terraform, k8s)
+      --iac-version string   iac version terraform:(v12) k8s:(v1)
   -p, --policy-path string   policy path directory
-  -t, --policy-type string   <required> policy type (aws, azure, gcp)
+  -t, --policy-type string   <required> policy type (aws, azure, gcp, k8s)
 
 Global Flags:
   -c, --config-path string   config file path
@@ -145,7 +145,7 @@ results:
     total: 1
 ```
 ##### Resource Config
-Terrascan while scanning the IaC, loads all the IaC files, creates a list of resource configs and then processes this list to report violations. For debugging purposes, it possible to print this resource configs list as an output by providing the `--config-only` flag to the `terrascan scan` command. 
+Terrascan while scanning the IaC, loads all the IaC files, creates a list of resource configs and then processes this list to report violations. For debugging purposes, it possible to print this resource configs list as an output by providing the `--config-only` flag to the `terrascan scan` command.
 ``` Bash
 $  terrascan scan -t aws --config-only
 aws_ecr_repository:

diff --git a/docs/policies.md b/docs/policies.md
@@ -39,3 +39,5 @@ Here's an example of the contents of a rule file:
 --8<-- "docs/policies/azure.md"
 
 --8<-- "docs/policies/gcp.md"
+
+--8<-- "docs/policies/k8s.md"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -39,3 +39,5 @@ Here's an example of the contents of a rule file:
		--8<-- "docs/policies/azure.md"

		--8<-- "docs/policies/gcp.md"

		--8<-- "docs/policies/k8s.md"