- [CHANGED] Add compatibility with assertEquals() for Python 3.12+.
- [CHANGED] Remove IBM findings notifier.
- [FIXED] Enable universal newlines when executing local commands.
- [ADDED] Documentation on how to use it with 1Password CLI.
- [CHANGED] "--creds-path" does not default to "~/.credentials". (BREAKING)
- [FIXED] Number of errors/warnings shown correctly for single checks.
- [FIXED] Update pre-commit dependencies.
- [CHANGED] Use python 3.8 in GitHub Actions as newer flake8 does not support less than that.
- [CHANGED] Dot not update pre-commit hooks during "make develop".
- [ADDED] Add basic pre-commit hooks.
- [FIXED] Support for agent signing of binary content.
- [FIXED] Demo fetcher/check for World Clock API replaced with GitHub API example.
- [ADDED] Documentation about using @parameterized.
- [CHANGED] Unify github demo code in one single place.
- [FIXED] flake8 now scans demo code too.
- [CHANGED] Removed yapf in favour of black as code formatter.
- [ADDED] Locker shallow clone depth configuration.
- [ADDED] Multiple remote lockers for fetching evidence.
- [FIXED] Correctly acquire the locker lock when iterating repository commits.
- [FIXED] Raise the
EvidenceNotFoundError
exception for missing evidence.
- [FIXED] Set Python version to 3.7 in publish/deploy GH action to match other actions.
- [ADDED] Agent mode for storing cryptographically signed evidence.
- [ADDED] Configurable branch name for evidence repository.
- [ADDED] Configurable force push to remote for evidence repository.
- [ADDED] Fetcher helper for running local commands.
- [FIXED] Attempt to import missing fetchers from the include JSON configuration.
- [FIXED] Addressed PagerDuty notifier hanging and not firing pages.
- [ADDED] Repository pull request metadata retrieval added to Github service utility.
- [ADDED] Returned support for
DerivedEvidence
. - [ADDED] Returned support for
TmpEvidence
.
- [FIXED] Evidence cache loading bug resolved.
- [ADDED] Pre-commit hook for running
bandit
as part of CI/CD was added. - [CHANGED] Replaced the deprecated
imp
library withimportlib
. - [CHANGED] Replaced the deprecated
ibm_security_advisor_findings_api_sdk
library withibm_cloud_security_advisor
. - [FIXED] Added clarifying PagerDuty notifier documentation content.
- [FIXED] Addressed
bandit
(minor) security issue findings.
- [CHANGED] Now using
pathlib
exclusively for operating system filepath and file functionality. - [FIXED] README table of contents generation multi-blank line bug is resolved.
- [ADDED] Locker get_large_files method added to return large files in the locker.
- [ADDED] Logging of large files added to remote push operation.
- [ADDED] Locker get_empty_evidences method added to return all empty evidence paths.
- [ADDED] Evidence base class has override-able is_empty property.
- [FIXED] The evidences context manager now raises an exception when no evidence is found.
- [ADDED] The
filtered_content
attribute has been added toRawEvidence
. - [ADDED] Locker clone duration logging has been added.
- [FIXED] The
binary_content
attribute on raw evidence is retained as metadata now. - [FIXED] All partitioned evidence defined via constructor correctly retains attributes now.
- [ADDED] Configurable shallow cloning of locker is now supported.
- [ADDED] Referencing historical evidence from a previous locker is now supported.
- [ADDED] The optional
locker.prev_repo_url
configuration element was added. - [ADDED] Evidence used by checks found in reports metadata includes the locker URL field now.
- [ADDED] Links to evidence used by checks found in the table of contents point to the appropriate lockers.
- [ADDED] Evidence used by checks found in check_results.json includes the locker URL field now.
- [ADDED] Fetcher execution using
--evidence full-remote
mode pushes to remote locker now.
- [FIXED] Reading raw evidence in checks is now supported.
- [FIXED] Cleaned up Design Principles document formatting.
- [FIXED] Virtual environment creation syntax corrected in Quick Start document.
- [ADDED] Binary content fetcher and checks included in demo examples.
- [CHANGED] GitHub Issues notifier can create issues for a subset of an accreditation's checks with a new configuration element.
- [FIXED] Github service
Github.get_issue_comments
returns all issue comments now.
- [ADDED] Storing raw evidence as binary content is now possible.
- [CHANGED] Improved selective fetcher bulk execution performance.
- [ADDED] Selective fetcher bulk
--include
and--exclude
execution is now possible.
- [FIXED] LazyLoader namedtuple defaults removed; Framework compatible with Python 3.6 again.
- [FIXED] Subclassed evidence support works with cached evidence now.
- [ADDED] Check evidence decorators and context manager now support subclassed evidence.
- [ADDED] Evidence objects now have a content_as_json property.
- [ADDED] Direct calls to the GH API can be made using the Github service now.
- [ADDED] Demo set of fetchers and checks added.
- [ADDED] "Try It" section added to the README.
- [CHANGED] Quick Start guide updated to include references to demo fetchers and checks implementation.
- [ADDED] Fetcher and check execution times are now included in execution logging.
- [FIXED] Table of contents now handled appropriately for locker without a README.
- [FIXED] Table of contents now handles old/abandoned report evidence metadata appropriately.
- [ADDED] Check reports table of contents now appended to an evidence locker's README.
- [ADDED]
ComplianceCheck.get_historical_evidence
supports historical evidence retrieval.
- [ADDED] Remote locker push failure notifications were added.
- [ADDED] Logging for git locker operations was added.
- [ADDED] Notifier logging was added.
- [CHANGED] The file descriptor (stdout) notifier always notifies now.
- [CHANGED] PagerDuty notifier can send alerts for a subset of the accreditation checks based on the config.
- [ADDED] A warning for possible sensitive information contained within notifications was added.
- [CHANGED] Simplified
controls.json
format. Original format is also supported. - [ADDED] Documentation for
controls.json
and check execution was added. - [ADDED] ControlDescriptor unit tests were added.
- [FIXED] ComplianceFetcher session object is auto-closed now in tearDownClass.
- [CHANGED] Removed PyYAML dependency to resolve downstream dependency issues.
- [CHANGED] Removed Github.get_issue_template helper method.
- [FIXED] ComplianceFetcher.session can now be reset.
- [FIXED] Credentials section bug affecting the Slack notifier is squashed.
- [CHANGED] Fetchers and checks that failed to load appear as errors in STDERR now.
- [CHANGED] Github service
get_commit_details
now takepath
as an optional argument.
- [FIXED] Github service branch protection method now returns "required_signatures" content.
- [FIXED] Notifier
msg_
methods are now accurately found based on checktest_
method names.
- [ADDED] Branch option to retrieving commit details from the Github service was added.
- [ADDED] Repository details retrieval was added to Github service class.
- [ADDED] Recent commit details retrieval was added to Github service class.
- [ADDED] Repository branch protection details retrieval was added to Github service class.
- [FIXED] Added PyYAML library as a dependency to resolve Github service issue.
- [FIXED] Added external evidence as a valid evidence type to evidence map.
- [ADDED] Made the Auditree Framework public.