0.4.0 🌈

🚀 Features

• Scan Multiple AWS accounts via AssumeRole @kmcquade (#172)
• Adds short command flags (fixes #171) @kmcquade (#175)

0.3.2 🌈

Changes

• Filter deny from unrestricted actions @schosterbarak (#170)

0.3.1 🌈

Changes

• Update Credentials Exposure actions, dependencies @kmcquade (#169)
• consider iam policy statement condition as a restricted action @schosterbarak (#167)

🐛 Bug Fixes

• expand only allowed actions (not deny actions) @schosterbarak (#166)

0.3.0 🌈

🐛 Bug Fixes

• Statement scanning performance improvements @verkaufer (#156)
• Update setup.py to include cached-property; Fix linting @kmcquade (#160)

0.2.5 🌈

Changes

• Add GitHub workflow to combine Dependabot PRs into a single one @kmcquade (#150)
• Add deeplinks to report findings (#133) @verkaufer (#151)

🚀 Features

• Added links to API docs for every IAM action in the findings @kmcquade (#153)

📝 Documentation

• Updating dependencies. Fixed some documentation as well. @kmcquade (#152)

0.2.4: Vue Router, Report improvements and fixes

Changes

• Add release drafter GitHub Action @kmcquade (#148)
• Fixing bug in scan-policy-file command @saikirankv (#143)
• add RoleLastUsed date @dgwhited (#140)
• Expand collapse approach changed @rohanshenoy96 (#138)
• remove click_log lib @reetasingh (#136)
• Fix logging @reetasingh (#135)
• Added inline explanations of findings @kmcquade (#132)
• udpate README.md badge link to test action @reetasingh (#127)

🚀 Features

• Implemented Vue router for navbar @rohanshenoy96 (#128)

🐛 Bug Fixes

• fix: User-Group relationships are now shown on IAM Principals page (#122) @verkaufer (#146)

📝 Documentation

• Improve Privilege Escalation output format in the UI - fixes #114 @kmcquade (#144)
• Add definitions to documentation so we can link to them @kmcquade (#139)

0.2.3: New findings (Credentials Exposure, Service Wildcard) and --minimize option to shrink report size by ~3.7MB

• UI
  • Credentials Exposure as a new finding (#99)
  • Service Wildcard as a new finding (#82)
  • scan command now has a --minimize option, which you can use to reduce your report size. The example report size was reduced from 3.9MB (ouch!) to 212KB. (Fixes #125)
• Backend
  • Updated tests to include updated sample data

0.2.2: Bug fixes and exclusion improvements

• Excluded actions no longer show up in results (Fixes #106)
• Fixed issue where : policy would break results due to how the Service Wildcard finding was implemented (Fixes #109)
• Credentials Exposure and Service Wildcard now show up in the data file results. These will show up in the HTML Report in a future release
• Exclusions are now applied earlier in the scan to improve speed
• Vue components are cleaned up - less HTML, more config and JS

0.2.1: Fixes bug that included Inline Policies that should have been excluded from results

• Fixes issue where Inline Policies were showing up as findings even when they were attached to excluded IAM principals. Fixes #104

0.2.0: UI uplift and refactor

• Major UI uplift:
  • Summary page: new Bar chart to summarize results
  • Upgraded page: IAM Principals metadata
  • New page: Inline Policies (separated from Customer policies)
  • Many bug fixes that were present with the previous UI
• Backend
  • Migration to Vue.js
  • Leveraging an updated data JSON file
• New findings
  • scan-policy-file command now returns findings about Service Wildcard (#82)
  • scan-policy-file command now returns findings about Credentials Exposure (#99).
  • Note: the above two findings are not in the scan command for this release (the HTML Report)