Releases: ministryofjustice/modernisation-platform-terraform-baselines
Releases · ministryofjustice/modernisation-platform-terraform-baselines
v7.10.0
What's Changed
- Bump ministryofjustice/github-actions from 18.3.1 to 18.4.0 by @dependabot in #638
- Bump actions/checkout from 4.2.1 to 4.2.2 by @dependabot in #639
- Bump actions/setup-go from 5.0.2 to 5.1.0 by @dependabot in #640
- Bump bridgecrewio/checkov-action from 12.2884.0 to 12.2885.0 by @dependabot in #641
- Bump bridgecrewio/checkov-action from 12.2885.0 to 12.2886.0 by @dependabot in #642
- Bump ministryofjustice/github-actions from 18.4.0 to 18.5.0 by @dependabot in #643
- Bump bridgecrewio/checkov-action from 12.2886.0 to 12.2888.0 by @dependabot in #644
- Bump bridgecrewio/checkov-action from 12.2888.0 to 12.2889.0 by @dependabot in #645
- Bump bridgecrewio/checkov-action from 12.2889.0 to 12.2890.0 by @dependabot in #646
- Bump bridgecrewio/checkov-action from 12.2890.0 to 12.2891.0 by @dependabot in #647
- Bump bridgecrewio/checkov-action from 12.2891.0 to 12.2892.0 by @dependabot in #649
- conditionally create SecurityHub alerting resources by @sukeshreddyg in #650
Full Changelog: v7.9.2...v7.10.0
Contributors
dependabot and sukeshreddyg
Assets 2
v7.9.2
What's Changed
The alias for the KMS key that encrypts the SNS topic that is triggered when Security Hub findings are raised is being renamed using a unique ID due to a clash in one of the environments.
- Revert "Rename KMS key for sechub" by @richgreen-moj in #637
- Use
name_prefixfor uniqueness by @richgreen-moj in #636
Full Changelog: v7.9.1...v7.9.2
Contributors
richgreen-moj
Assets 2
v7.9.1
What's Changed
The alias for the KMS key that encrypts the SNS topic that is triggered when Security Hub findings are raised is being renamed due to a clash in one of the environments.
- Rename KMS key for sechub by @richgreen-moj in #635
Full Changelog: v7.9.0...v7.9.1
Contributors
richgreen-moj
Assets 2
v7.9.0
What's Changed
In addition to the changes in v7.8.0 there is now a PagerDuty Integration added to the security-hub module so that findings which match the EventBridge rule will trigger the associated SNS topic which is subscribed to a Security Hub Alerts service in PagerDuty.
- Enable PagerDuty/Slack alerts for Security Hub findings by @richgreen-moj in #632
Dependency Updates
- Bump bridgecrewio/checkov-action from 12.2882.0 to 12.2883.0 by @dependabot in #630
- New files for dependabot by @github-actions in #629
- Bump bridgecrewio/checkov-action from 12.2883.0 to 12.2884.0 by @dependabot in #631
- Bump actions/cache from 4.1.1 to 4.1.2 by @dependabot in #633
- Bump github/codeql-action from 3.26.13 to 3.27.0 by @dependabot in #634
Full Changelog: v7.8.0...v7.9.0
Contributors
dependabot and richgreen-moj
Assets 2
v7.8.0
What's Changed
A new EventBridge rule with associated SNS topic has been added to the securityhub module which will provide the Modernisation Platform the ability to alert on HIGH and CRITICAL SecurityHub findings.
- Feature/8076-sec-hub-slack-alerting by @richgreen-moj in #626
- Add unit tests for securityhub module by @richgreen-moj in #627
Dependency Updates
- Bump bridgecrewio/checkov-action from 12.2873.0 to 12.2874.0 by @dependabot in #601
- Bump github.com/gruntwork-io/terratest from 0.47.1 to 0.47.2 in /test by @dependabot in #600
- issue/7689 by @mikereiddigital in #602
- Bump ministryofjustice/github-actions from 17.1.0 to 18.2.0 by @dependabot in #603
- Bump github/codeql-action from 3.26.10 to 3.26.11 by @dependabot in #604
- Bump Go version by @ASTRobinson in #607
- Bump bridgecrewio/checkov-action from 12.2874.0 to 12.2875.0 by @dependabot in #605
- Bump actions/cache from 4.0.2 to 4.1.0 by @dependabot in #606
- Bump actions/upload-artifact from 4.4.0 to 4.4.1 by @dependabot in #610
- Bump aquasecurity/trivy-action from 0.24.0 to 0.25.0 by @dependabot in #609
- Bump actions/checkout from 4.2.0 to 4.2.1 by @dependabot in #608
- Bump github/codeql-action from 3.26.11 to 3.26.12 by @dependabot in #611
- Bump actions/upload-artifact from 4.4.1 to 4.4.2 by @dependabot in #612
- Bump actions/cache from 4.1.0 to 4.1.1 by @dependabot in #614
- Bump aquasecurity/trivy-action from 0.25.0 to 0.26.0 by @dependabot in #613
- Bump actions/upload-artifact from 4.4.2 to 4.4.3 by @dependabot in #615
- Bump ministryofjustice/github-actions from 18.2.0 to 18.2.1 by @dependabot in #616
- Bump ministryofjustice/github-actions from 18.2.1 to 18.2.2 by @dependabot in #619
- Bump aquasecurity/trivy-action from 0.26.0 to 0.27.0 by @dependabot in #617
- Bump github/codeql-action from 3.26.12 to 3.26.13 by @dependabot in #620
- Bump bridgecrewio/checkov-action from 12.2875.0 to 12.2877.0 by @dependabot in #621
- Bump ministryofjustice/github-actions from 18.2.2 to 18.2.4 by @dependabot in #623
- Bump bridgecrewio/checkov-action from 12.2877.0 to 12.2879.0 by @dependabot in #622
- Bump bridgecrewio/checkov-action from 12.2879.0 to 12.2882.0 by @dependabot in #624
- Bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 by @dependabot in #625
- Bump ministryofjustice/github-actions from 18.2.4 to 18.3.1 by @dependabot in #628
Full Changelog: v7.7.1...v7.8.0
Contributors
mikereiddigital, dependabot, and 2 other contributors
Assets 2
v7.7.1
Exclude GetMacieSession from SecurityHub Alarm to reduce false positives.
What's Changed
- Bump bridgecrewio/checkov-action from 12.2860.0 to 12.2862.0 by @dependabot in #583
- Bump actions/upload-artifact from 4.3.6 to 4.4.0 by @dependabot in #582
- Bump github.com/gruntwork-io/terratest from 0.47.0 to 0.47.1 in /test by @dependabot in #581
- Bump bridgecrewio/checkov-action from 12.2862.0 to 12.2863.0 by @dependabot in #584
- Bump bridgecrewio/checkov-action from 12.2863.0 to 12.2864.0 by @dependabot in #585
- Bump bridgecrewio/checkov-action from 12.2864.0 to 12.2867.0 by @dependabot in #586
- Bump bridgecrewio/checkov-action from 12.2867.0 to 12.2868.0 by @dependabot in #587
- Bump bridgecrewio/checkov-action from 12.2868.0 to 12.2869.0 by @dependabot in #588
- Bump bridgecrewio/checkov-action from 12.2869.0 to 12.2871.0 by @dependabot in #589
- Bump bridgecrewio/checkov-action from 12.2871.0 to 12.2872.0 by @dependabot in #591
- Bump github/codeql-action from 3.26.6 to 3.26.7 by @dependabot in #592
- Bump bridgecrewio/checkov-action from 12.2872.0 to 12.2873.0 by @dependabot in #594
- Bump github/codeql-action from 3.26.7 to 3.26.8 by @dependabot in #595
- Bump github/codeql-action from 3.26.8 to 3.26.9 by @dependabot in #596
- Bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in #597
- Bump github/codeql-action from 3.26.9 to 3.26.10 by @dependabot in #598
- Exclude GetMacieSession from SecurityHub Alarm by @davidkelliott in #599
Full Changelog: v7.7.0...v7.7.1
Contributors
davidkelliott and dependabot
Assets 2
v7.7.0
New Features
- Add admin role usage alarm and tests by @richgreen-moj in #580
This will notify in the MP low priority alerts channel when the AdministratorAccess role is assumed in any accounts
What's Changed
- Bump github/codeql-action from 3.26.2 to 3.26.3 by @dependabot in #569
- Bump bridgecrewio/checkov-action from 12.2856.0 to 12.2857.0 by @dependabot in #573
- Bump github/codeql-action from 3.26.3 to 3.26.4 by @dependabot in #574
- Bump bridgecrewio/checkov-action from 12.2857.0 to 12.2858.0 by @dependabot in #576
- Bump github/codeql-action from 3.26.4 to 3.26.5 by @dependabot in #575
- Bump bridgecrewio/checkov-action from 12.2858.0 to 12.2860.0 by @dependabot in #577
- Bump slackapi/slack-github-action from 1.26.0 to 1.27.0 by @dependabot in #578
- Bump github/codeql-action from 3.26.5 to 3.26.6 by @dependabot in #579
Full Changelog: v7.6.4...v7.7.0
Contributors
dependabot and richgreen-moj
Assets 2
v7.6.4
What's Changed
- Bump github/codeql-action from 3.26.1 to 3.26.2 by @dependabot in #564
- Bump bridgecrewio/checkov-action from 12.2849.0 to 12.2852.0 by @dependabot in #565
- Bump bridgecrewio/checkov-action from 12.2852.0 to 12.2854.0 by @dependabot in #567
- New files for dependabot by @github-actions in #566
- Bump bridgecrewio/checkov-action from 12.2854.0 to 12.2856.0 by @dependabot in #568
- Remove NAT alarms by @markgov in #572
- Bump hashicorp/setup-terraform from 3.1.1 to 3.1.2 by @dependabot in #570
Full Changelog: v7.6.3...v7.6.4
Contributors
dependabot and markgov
Assets 2
v7.6.3
What's Changed
- Feature/7309-sechub-alarms-unit-tests by @richgreen-moj in #560
Unit tests added for the securityhub-alarms sub-module. No destructive changes so backwards compatible 👍
Full Changelog: v7.6.2...v7.6.3
Contributors
richgreen-moj
Assets 2
v7.6.2
What's Changed
- Bump actions/upload-artifact from 4.3.5 to 4.3.6 by @dependabot in #557
- Bump github/codeql-action from 3.25.15 to 3.26.0 by @dependabot in #556
- New Alarms for secure baseline by @markgov in #558
- Bump bridgecrewio/checkov-action from 12.2845.0 to 12.2847.0 by @dependabot in #559
- Bump github/codeql-action from 3.26.0 to 3.26.1 by @dependabot in #561
- Bump bridgecrewio/checkov-action from 12.2847.0 to 12.2849.0 by @dependabot in #562
Full Changelog: v7.6.1...v7.6.2
Contributors
dependabot and markgov