Changelog
Subscribe to Powerpipe changelog via RSS or join #changelog on our Slack community to stay updated on everything we ship.
Powerpipe CLI v1.0.1 - Updated error message to inform users to run `make dashboard_assets` when dashboard assets are not present
AWS Compliance mod v1.2.0 - Added NYDFS 23 benchmark
What's new?
- Added NYDFS 23 benchmark (
powerpipe benchmark run aws_compliance.benchmark.nydfs_23
). (#844)
Azure Compliance mod v1.1.0 - Added CIS v3.0.0 benchmark
What's new?
- Added CIS v3.0.0 benchmark (
powerpipe benchmark run azure_compliance.benchmark.cis_v300
). (#282)
AWS Compliance mod v1.1.1 - Fixed elb_application_lb_waf_enabled and cloudfront_distribution_use_secure_cipher queries
Bug fixes
- Fixed the
elb_application_lb_waf_enabled
query to correctly flag ELB application load balancers as alarm when the associated WAF is disabled. (#840) - Fixed the
cloudfront_distribution_custom_origins_encryption_in_transit_enabled
query to remove duplicate AWS CloudFront distributions from the result. (#829) (Thanks to @sbldevnet for the contribution!) - Fixed the
where
clause of thecloudfront_distribution_use_secure_cipher
query to correctly check if the CloudFront distributions have insecure cipher protocols. (#827) (Thanks to @sbldevnet for the contribution!)
Powerpipe Mods - v1.0.1 release of 24 mods
Bug Fixes
- Cleaned up documentation and standardized the file naming conventions of
*.ppvars.example
files across the following 24 mods to ensure alignment with the Powerpipe v1.0.0 release:steampipe-mod-alicloud-compliance
steampipe-mod-aws-perimeter
steampipe-mod-aws-tags
steampipe-mod-aws-thrifty
steampipe-mod-aws-top-10
steampipe-mod-azure-compliance
steampipe-mod-azure-tags
steampipe-mod-azure-thrifty
steampipe-mod-digitalocean-thrifty
steampipe-mod-docker-compliance
steampipe-mod-gcp-compliance
steampipe-mod-gcp-labels
steampipe-mod-gcp-thrifty
steampipe-mod-github-compliance
steampipe-mod-kubernetes-compliance
steampipe-mod-microsoft365-compliance
steampipe-mod-net-insights
steampipe-mod-oci-compliance
steampipe-mod-oci-thrifty
steampipe-mod-snowflake-compliance
steampipe-mod-terraform-aws-compliance
steampipe-mod-terraform-azure-compliance
steampipe-mod-terraform-gcp-compliance
steampipe-mod-terraform-oci-compliance
AWS Compliance mod v1.1.0 - Added CIS v4.0.0 and fixed VPC security group rule query bugs
What's new?
- Added CIS v4.0.0 benchmark (
steampipe check benchmark.cis_v400
). (#836) - Added
ebs_encryption_by_default_enabled
andvpc_security_group_restrict_ingress_cifs_port_all
controls to theAll Controls
benchmark. (#835)
Enhancements
- Added the
ebs_encryption_by_default_enabled
control to therbi_cyber_security_annex_i_1_3
benchmark. (#835) - Set
python3.8
as deprecated Lambda runtime inlambda_function_use_latest_runtime
control. (#833) (Thanks to @sbldevnet for the contribution!) - Updated
iam_access_analyzer_enabled_without_findings
andssm_document_prohibit_public_access
controls to use latest columns and tables from the AWS plugin. (#835)
Bug fixes
- VPC security group rule controls that check for restricted port access now correctly detect rules with ports in a port range instead of only exact port matches. (#835)
- Fixed the 2.2.1 control in CIS v1.5.0, v2.0.0, v3.0.0 benchmarks to check if EBS encryption by default is enabled instead of individual volume encryption settings. (#835)
- Fixed the
fedramp_moderate_rev_4_sc_28
benchmark to check if EBS encryption by default is enabled instead of individual volume encryption settings. (#835)
Deprecated
- Deprecated the
ec2_ebs_default_encryption_enabled
control and query. Please use theebs_encryption_by_default
control and query instead.
Powerpipe Mods - v1.0.0 release
We're excited to announce the v1.0.0 release of 43 Powerpipe mods!
These mods now require Powerpipe. Steampipe users should check the migration guide.
Powerpipe CLI v1.0.0
Whats new
connection
resource to manage credentials. Documentation.database
property has been added to mod. A database can be a connection reference, connection string, or Pipes workspace to query.
Deprecations
- Deprecated
database
CLI arg. See Setting the Database for the new syntax to set the database. - Deprecated
POWERPIPE_DATABASE
env var. See Setting the Database for the new syntax to set the database. - Deprecated
database
workspace profile arg. See Setting the Database for the new syntax to set the database.
Powerpipe CLI v0.4.4 - Fixed the issue where the search path setting was not retained while navigating to a different dashboard
Bug fixes
- Fixed the issue where the search path setting was not retained while navigating to a different dashboard. (#325)
Powerpipe Action Setup v1.0.0 - Initial release
What's new?
- Initial release with support for installing Powerpipe and adding it to $PATH.
Powerpipe Action Check v1.0.0 - Initial release
What's new?
- Initial release with support for running Powerpipe benchmarks and controls, creating annotations for Infrastructure as Code (IaC) checks, and uploading snapshots to Turbot Pipes.
AWS Compliance mod v0.98 - Added Australian Cyber Security Center (ACSC) Essential Eight benchmark
What's new?
- Added Australian Cyber Security Center (ACSC) Essential Eight benchmark (
powerpipe benchmark run aws_compliance.benchmark.acsc_essential_eight
). (#823)
AWS Insights mod v0.22 - The VPC Security Group detail page now includes information on the associated services like Amazon MQ broker, ECS service and ECS task
Enhancements
- The
VPC Security Group
detail page now includes information on the following associated services: (#352) (Thanks @maxcorbin for the contribution!)Amazon MQ broker
ECS service
ECS task
GCP Compliance mod v0.34 - Added SOC2 2017 benchmark
What's new?
- Added SOC2 2017 benchmark (
powerpipe benchmark run gcp_compliance.benchmark.soc_2_2017
). (#181)
Powerpipe CLI v0.4.3 - Added JSON extension support for DuckDB backends
Powerpipe CLI v0.4.2 - Recompiled CLI with Go v1.22
AWS Compliance mod v0.97 - Added CIS AWS Compute Services v1.0.0 benchmark
GCP Compliance mod v0.33 - Added three new controls to the All Controls benchmark
Enhancements
- Added the following controls to the
All Controls
benchmark: (#176)alloydb_instance_log_error_verbosity_database_flag_default_or_stricter
alloydb_instance_log_min_error_statement_database_flag_configured
alloydb_instance_log_min_messages_database_flag_error
Azure Compliance mod v0.47 - Added four new controls to the All Controls benchmark and fixed the storage_account_block_public_access query
Enhancements
- Added the following controls to the
All Controls
benchmark: (#274)application_gateway_waf_uses_specified_mode
application_insights_block_log_ingestion_and_querying_from_public
log_analytics_workspace_block_log_ingestion_and_querying_from_public
log_analytics_workspace_block_non_azure_ingestion
Bug fixes
- Fixed the
storage_account_block_public_access
query to correctly check if thepublic_network_access
column of theazure_storage_account
table is correctly set todisabled
or not as per the CIS documentation. (#277)
AWS Compliance mod v0.96 - Added NIST 800-172 benchmark
Powerpipe CLI v0.4.1 - Fixed issue where the arg flag was not working for control and query runs
AWS Compliance mod v0.95 - Optimized CloudWatch log group metric queries to minimize API usage, achieving faster performance
Enhancements
- Optimized
log_group_metric_*
queries to minimize API usage, achieving faster performance. (#802)
Azure Compliance mod v0.46 - Added FedRAMP High benchmark
What's new?
- Added FedRAMP High benchmark (
powerpipe benchmark run azure_compliance.benchmark.fedramp_high
). (#270)
Powerpipe CLI v0.4.0 - Updated JSON and snapshot output to handle duplicate column names
Whats new
- Updated JSON and snapshot output to handle duplicate column names - append a unique suffix to duplicate column names. (#375)
Bug fixes
- Fixed bug when generating a snapshot from a benchmark run, the row data is empty if any of the rows are in error. (#366)
- Updated mod install to only install or update mods which are command targets (and their dependencies). Set default pull mode for install is latest if there is a target, and minimal if no target is given. (#381)
- Fixed incorrect help message for output in powerpipe benchmark/control run. (#367)
- Fixed issue where
POWERPIPE_PORT
env var was not being honoured. (#362) - Updated timing metadata output to rename
duration
field toduration_ms
for consistency with steampipe. (#368) - Dashboard graph should not crash if an invalid edge category color is provided. (#364)
- Dashboard flow/hierarchy components should show panel controls. (#363)
Updated output formats
The rows
property in the JSON
and snapshot
output will now have unique column names for duplicate column names.
The columns property will have the original column name as original_name
.
For example, for the query:
powerpipe query run " select arn as title, account_id as title, title as title from aws_account" --output pps
Here is the updated JSON output:
powerpipe query run " select arn as title, account_id as title, title as title from aws_account" --output json{ "columns": [ { "name": "title", "data_type": "text" }, { "name": "title_t5zj1", "data_type": "text", "original_name": "title" }, { "name": "title_t5zj2", "data_type": "text", "original_name": "title" } ], "rows": [ { "title": "arn:aws:::882789663776", "title_t5zj1": "882789663776", "title_t5zj2": "882789663776" }, ], "metadata": { "rows_returned": 3, "duration_ms": "202ms" }}
Here is the updated snapshot output:
{ "schema_version": "20240130", "panels": { "custom.dashboard.sql_e5br7b82": { "dashboard": "custom.dashboard.sql_e5br7b82", "name": "custom.dashboard.sql_e5br7b82", "panel_type": "dashboard", "source_definition": "", "status": "complete", "title": "Custom query [e5br7b82]" }, "custom.table.results": { "dashboard": "custom.dashboard.sql_e5br7b82", "name": "custom.table.results", "panel_type": "table", "source_definition": "", "status": "complete", "sql": " select arn as title, account_id as title, title as title from aws_account", "properties": { "name": "results" }, "data": { "columns": [ { "name": "title", "data_type": "TEXT" }, { "name": "title_t5zj1", "data_type": "TEXT", "original_name": "title" }, { "name": "title_t5zj2", "data_type": "TEXT", "original_name": "title" } ], "rows": [ { "title": "arn:aws:::876515858155", "title_t5zj1": "876515858155", "title_t5zj2": "morales-aaa" }, { "title": "arn:aws:::882789663776", "title_t5zj1": "882789663776", "title_t5zj2": "882789663776" }, { "title": "arn:aws:::097350876455", "title_t5zj1": "097350876455", "title_t5zj2": "turbot-silverwater" } ] } } }, "inputs": {}, "variables": {}, "search_path": null, "start_time": "2024-06-06T14:50:16.906739+01:00", "end_time": "2024-06-06T14:50:16.991955+01:00", "layout": { "name": "custom.dashboard.sql_e5br7b82", "children": [ { "name": "custom.table.results", "panel_type": "table" } ], "panel_type": "dashboard" }}
GCP Compliance mod v0.32 - Added NIST Cybersecurity Framework (CSF) v1.0 and NIST 800-53 Revision 5 benchmark
AWS Compliance mod v0.94 - Added Reserve Bank of India - IT Framework for NBFC Regulatory Compliance benchmark
What's new?
- Added Reserve Bank of India - IT Framework for NBFC Regulatory Compliance benchmark (powerpipe benchmark run aws_compliance.benchmark.rbi_itf_nbfc). (#798)
GCP Compliance mod v0.31 - Added HIPAA and PCI DSS v3.2.1 benchmark
Azure Compliance mod v0.45 - Added Reserve Bank of India - IT Framework for NBFC Regulatory Compliance benchmark
What's new?
- Added Reserve Bank of India - IT Framework for NBFC Regulatory Compliance
benchmark (
powerpipe benchmark run azure_compliance.benchmark.rbi_itf_nbfc_v2017
). (#267)
Powerpipe CLI v0.3.1 - Fixed the CLI to respect the required app version defined in the powerpipe block of the mod require block
AWS Compliance mod v0.93 - Added runtime variable support for lambda_function_use_latest_runtime control
Azure Compliance mod v0.44 - Added NIST SP 800-171 Revision 2 benchmark
What's new?
- Added NIST SP 800-171 Revision 2 benchmark (
powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2
). (#264)
Guardrails Insights mod v0.5 - Added new dashboard workspace_report_admin and new benchmark workspace_health
What's new?
- New dashboards added:
- New benchmark added:
Alibaba Cloud Insights mod v0.9 - Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load
Enhancements
- Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to AliCloud v0.22.0 or higher. (#95)
Powerpipe CLI v0.3.0 - Added support for installing mods from a branch or from the local file system
Whats new
Added support for installing mods from a branch or from the local file system. (#285)
To install from a branch:
powerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected#mainTo reference a mod in the local file system:
powerpipe mod install ../mods/local_mod_folderAdded
--pull
flag tomod
,dashboard
andbenchmark
commands to control the mod update strategy. (#352). Possible update strategies are:full
- check branch and tags for both latest and accuracylatest
- update everything to latest, but only branches - not tags - are commit checked (which is the same as latest)development
- update branches and broken constraints to latest, leave satisfied constraints unchangedminimal
- only update broken constraints, do not check branches for new commits
GCP Insights mod v0.9 - Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load
Enhancements
- Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to GCP v0.52.0 or higher. (#78)
Azure Insights mod v0.16 - Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load
Enhancements
- Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to Azure v0.56.0 or higher. (#124)
AWS Insights mod v0.21 - Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load
Enhancements
- Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to AWS v0.136.0 or higher. (#347)
Powerpipe CLI v0.2.0 - Added timeout flags for benchmark and dashboard execution commands
Whats new
- It is now possible to set a timeout for benchmark and dashboard execution. These can be set:
- In the workspace using properties:
dashboard_timeout
andbenchmark_timeout
- Using the
--dashboard-timeout
flag for thedashboard run
andserver
commands - Using the
--benchmark-timeout
flag for thebenchmark run
commands. - Using the environment variables
POWERPIPE_DASHBOARD_TIMEOUT
andPOWERPIPE_BENCHMARK_TIMEOUT
respectively. (#336)
- In the workspace using properties:
- Support installing private mods using a GitHub app token. (#381).
- Improve the layout of filter and grouping components for control tags and dimensions. (#263)
- Remove the
dashboard input list
anddashboard input show
commands. - Add thousands separator to numeric values in dashboard tables. (#315)
- Only show benchmark cards for statuses that are contained in the current filter and add status to filter on card click. (#322)
Bug fixes
Guardrails Insights mod v0.4 - Updated the workspace_dashboard to include information on the accounts, resources, and active controls across different workspaces
Enhancements
- Updated the
workspace_dashboard
dashboard to include information on the accounts, resources, and active controls across different workspaces. (#31) - Updated the
workspace_account_report
dashboard to display resources, policy settings, alerts, and active controls across workspaces instead of the TE version. (#31)
AWS Compliance mod v0.92 - Enhanced several queries to minimize API usage, achieving faster performance
Enhancements
- Optimized several queries to minimize API usage, achieving faster performance. (#786)
GCP Compliance mod v0.30 - Added CIS v3.0.0 benchmark
What's new?
- Added CIS v3.0.0 benchmark (
powerpipe benchmark run gcp_compliance.benchmark.cis_v300
). (#158)
AWS Compliance mod v0.91 - Updated foundational_security_lambda_2 control to check for the latest Lambda runtimes as per the AWS FSBP documentation
Bug fixes
- Updated the
foundational_security_lambda_2
control to check for the latest Lambda runtimes as per the AWS FSBP document. (#778) (Thanks @sbldevnet for the contribution!) - Fixed the title of
secretsmanager_secret_unused_90_day
control. (#783)
Azure Compliance mod v0.43 - Added new controls to All Controls benchmark
Enhancements
- Added the following controls to the
All Controls
benchmark: (#253)cosmosdb_account_uses_aad_and_rbac
iam_user_not_allowed_to_create_tenants
securitycenter_image_scan_enabled
Bug fixes
- Updated the
postgres_db_server_allow_access_to_azure_services_disabled
query to check if theendIpAddress
column is set to0.0.0.0
instead of255.255.255.255
as per the CIS documentation. (#253)
AWS Thrifty mod v0.29 - Added new control rds_mysql_postresql_db_no_unsupported_version
What's new?
- New control added:
rds_mysql_postresql_db_no_unsupported_version
(#174)
AWS Insights mod v0.20 - Fixed the `ecs_cluster_active_service_count` query in the `AWS ECS Cluster Dashboard` to correctly return the count of `Cluster Active Services` instead of `ECS Clusters`
AWS Compliance mod v0.90 - Added new sub-benchmarks and controls to AWS Foundational Security Best Practices benchmark
Breaking changes
- The
Foundational Security Best Practices v1.0.0
benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)- The
foundational_security_elbv2
sub-benchmark have been removed. - The following controls are no longer included in the benchmarks:
foundational_security_cloudfront_2
foundational_security_ec2_22
foundational_security_s3_4
- The
Enhancements
- The
Foundational Security Best Practices v1.0.0
benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)- The following sub-benchmarks have been added to the
foundational_security
benchmark:foundational_security_appsync
foundational_security_backup
foundational_security_eventbridge
foundational_security_fsx
foundational_security_msk
foundational_security_pca
foundational_security_route53
foundational_security_sfn
- The following controls have been added to the benchmarks:
foundational_security_acm_2
foundational_security_appsync_2
foundational_security_backup_1
foundational_security_cloudfront_13
foundational_security_dms_6
foundational_security_dms_7
foundational_security_dms_8
foundational_security_dms_9
foundational_security_docdb_3
foundational_security_docdb_4
foundational_security_docdb_5
foundational_security_dms_9
foundational_security_dynamodb_6
foundational_security_ec2_51
foundational_security_ecs_9
foundational_security_eks_8
foundational_security_elasticbeanstalk_3
foundational_security_emr_2
foundational_security_eventbridge_3
foundational_security_fsx_1
foundational_security_msk_1
foundational_security_networkfirewall_2
foundational_security_networkfirewall_9
foundational_security_opensearch_10
foundational_security_pca_1
foundational_security_rds_34
foundational_security_rds_35
foundational_security_route53_2
foundational_security_s3_19
foundational_security_sfn_1
foundational_security_waf_12
- The following sub-benchmarks have been added to the
GitLab Insights mod v0.4 - Fixed the `project_license_table`, `project_other_license_count` and `project_weak_copyleft_license_count` queries to use the latest version of EUP (European Union Public License 1.2)
Bug fixes
- Fixed the
project_license_table
,project_other_license_count
andproject_weak_copyleft_license_count
queries to use the latest version of EUP (European Union Public License 1.2). (#13)
GitHub Insights mod v0.5 - Fixed the `project_license_table`, `project_other_license_count` and `project_weak_copyleft_license_count` queries to use the latest version of EUP (European Union Public License 1.2)
Bug fixes
- Fixed the
repository_license_table
,repository_other_license_count
andrepository_weak_copyleft_license_count
queries to use the latest version of EUP (European Union Public License 1.2). (#25)
GCP Compliance mod v0.29 - Fixed the CIS controls from `cis_v200_2_4` to `cis_v200_2_11` to correctly evaluate results when using the aggregator connection of the GCP plugin
Bug fixes
- Fixed the CIS controls from
cis_v200_2_4
tocis_v200_2_11
to correctly evaluate results when using the aggregator connection of the GCP plugin. (#154)
Powerpipe CLI v0.1.3 - Fix snapshot output for `benchmark run` command
Bug fixes
- When exporting or displaying a
benchmark run
result as a snapshot, ensure the top level panel has a valid summary. (#274) - Update
mod list
output to includeresource_name
andmod
fields.
Azure Compliance mod v0.42 - Added CIS v2.1.0 benchmark
What's new?
- Added CIS v2.1.0 benchmark (
powerpipe benchmark run azure_compliance.benchmark.cis_v210
). (#250)
Powerpipe CLI v0.1.2 - Optimize workspace load time when many mod dependencies are installed.
Whats new
- Optimize workspace load time for large workspaces with multiple dependent mods. (#365)
Powerpipe CLI v0.1.1 - Fix notification when updated CLI version is available
Powerpipe Mods - 52 new mods
We're thrilled to announce the release of 52 new Powerpipe mods, featuring pre-built dashboards and benchmarks for cloud inventory & insights, security & compliance, cost management and shift-left scanning. These include the 43 Steampipe mods to visualize AWS, Azure, GCP, GitHub, Terraform and more using Steampipe as the database. And 9 new, ready-to-use Powerpipe mods providing easy to learn examples to visualize data in Postgres, SQLite, DuckDB, and MySQL!
A full list of mods can be found in the Powerpipe Hub.
For more information on how you can get started incorporating these mods into your own custom dashboards and benchmarks, please see Introducing Powerpipe - Composable Mods.
Powerpipe v0.1.0 - Dashboards for DevOps
Introducing Powerpipe - Dashboards for DevOps.
Benchmarks - 5,000+ open-source controls from CIS, NIST, PCI, HIPAA, FedRamp and more. Run instantly on your machine or as part of your deployment pipeline.
Relationship Diagrams - The only dashboarding tool designed from the ground up to visualize DevOps data. Explore your cloud,understand relationships and drill down to the details.
Dashboards & Reports - High level dashboards provide a quick management view. Reports highlight misconfigurations and attention areas. Filter, pivot and snapshot results.
Code, not clicks - Our dashboards are code. Version controlled, composable, shareable, easy to edit - designed for the way you work. Join our open-source community!
Learn more at:
- Website - https://powerpipe.io
- Docs - https://powerpipe.io/docs
- Hub - https://hub.powerpipe.io
- Introduction - https://powerpipe.io/blog/introducing-powerpipe