Changelog

Bug fixes

• Fixed the issue where the --arg flag was not working for control and query runs. (#439)
• Fixed data inconsistency issue in snapshot output when the same control was included in multiple benchmarks. (#436)

Enhancements

• Optimized log_group_metric_* queries to minimize API usage, achieving faster performance. (#802)

What's new?

• Added FedRAMP High benchmark (powerpipe benchmark run azure_compliance.benchmark.fedramp_high). (#270)

Whats new

• Updated JSON and snapshot output to handle duplicate column names - append a unique suffix to duplicate column names. (#375)

Bug fixes

• Fixed bug when generating a snapshot from a benchmark run, the row data is empty if any of the rows are in error. (#366)
• Updated mod install to only install or update mods which are command targets (and their dependencies). Set default pull mode for install is latest if there is a target, and minimal if no target is given. (#381)
• Fixed incorrect help message for output in powerpipe benchmark/control run. (#367)
• Fixed issue where POWERPIPE_PORT env var was not being honoured. (#362)
• Updated timing metadata output to rename duration field to duration_ms for consistency with steampipe. (#368)
• Dashboard graph should not crash if an invalid edge category color is provided. (#364)
• Dashboard flow/hierarchy components should show panel controls. (#363)

Updated output formats

The rows property in the JSON and snapshot output will now have unique column names for duplicate column names. The columns property will have the original column name as original_name. For example, for the query:

powerpipe query run " select arn as title, account_id as title, title as title from aws_account" --output pps

Here is the updated JSON output:

powerpipe query run " select arn as title, account_id as title, title as title from aws_account" --output json
{
 "columns": [
  {
   "name": "title",
   "data_type": "text"
  },
  {
   "name": "title_t5zj1",
   "data_type": "text",
   "original_name": "title"
  },
  {
   "name": "title_t5zj2",
   "data_type": "text",
   "original_name": "title"
  }
 ],
 "rows": [
  {
   "title": "arn:aws:::882789663776",
   "title_t5zj1": "882789663776",
   "title_t5zj2": "882789663776"
  },
 ],
 "metadata": {
  "rows_returned": 3,
  "duration_ms": "202ms"
 }
}

Here is the updated snapshot output:

{
  "schema_version": "20240130",
  "panels": {
    "custom.dashboard.sql_e5br7b82": {
      "dashboard": "custom.dashboard.sql_e5br7b82",
      "name": "custom.dashboard.sql_e5br7b82",
      "panel_type": "dashboard",
      "source_definition": "",
      "status": "complete",
      "title": "Custom query [e5br7b82]"
    },
    "custom.table.results": {
      "dashboard": "custom.dashboard.sql_e5br7b82",
      "name": "custom.table.results",
      "panel_type": "table",
      "source_definition": "",
      "status": "complete",
      "sql": " select arn as title, account_id as title, title as title from aws_account",
      "properties": {
        "name": "results"
      },
      "data": {
        "columns": [
          {
            "name": "title",
            "data_type": "TEXT"
          },
          {
            "name": "title_t5zj1",
            "data_type": "TEXT",
            "original_name": "title"
          },
          {
            "name": "title_t5zj2",
            "data_type": "TEXT",
            "original_name": "title"
          }
        ],
        "rows": [
          {
            "title": "arn:aws:::876515858155",
            "title_t5zj1": "876515858155",
            "title_t5zj2": "morales-aaa"
          },
          {
            "title": "arn:aws:::882789663776",
            "title_t5zj1": "882789663776",
            "title_t5zj2": "882789663776"
          },
          {
            "title": "arn:aws:::097350876455",
            "title_t5zj1": "097350876455",
            "title_t5zj2": "turbot-silverwater"
          }
        ]
      }
    }
  },
  "inputs": {},
  "variables": {},
  "search_path": null,
  "start_time": "2024-06-06T14:50:16.906739+01:00",
  "end_time": "2024-06-06T14:50:16.991955+01:00",
  "layout": {
    "name": "custom.dashboard.sql_e5br7b82",
    "children": [
      {
        "name": "custom.table.results",
        "panel_type": "table"
      }
    ],
    "panel_type": "dashboard"
  }
}

What's new?

• Added NIST Cybersecurity Framework (CSF) v1.0 benchmark (powerpipe benchmark run gcp_compliance.benchmark.nist_csf_v10). (#168)
• Added NIST 800-53 Revision 5 benchmark (powerpipe benchmark run gcp_compliance.benchmark.nist_800_53_rev_5). (#168)

Bug fixes

• Fixed the kms_key_users_limited_to_3 query to correctly return data by removing the hardcoded GCP connection name. (#170)
• Fixed the logging_bucket_retention_policy_enabled query to correctly return data by adding the missing project column to the query. (#173)

What's new?

• Added Reserve Bank of India - IT Framework for NBFC Regulatory Compliance benchmark (powerpipe benchmark run aws_compliance.benchmark.rbi_itf_nbfc). (#798)

What's new?

• Added HIPAA benchmark (powerpipe benchmark run gcp_compliance.benchmark.hipaa). (#165)
• Added PCI DSS v3.2.1 benchmark (powerpipe benchmark run gcp_compliance.benchmark.pci_dss_v321). (#163)

Enhancements

• Optimized several queries to minimize API usage, achieving faster performance. (#162)

What's new?

• Added Reserve Bank of India - IT Framework for NBFC Regulatory Compliance benchmark (powerpipe benchmark run azure_compliance.benchmark.rbi_itf_nbfc_v2017). (#267)

Bug fixes

• Respect the app version defined powerpipe block of the mod require block. (#405)
• Dashboard UI should handle graph categories containing resource_name rather than name. (#360)

Enhancements

• Added runtime variable support for control lambda_function_use_latest_runtime. (#791)

Bug fixes

• Fixed the ecr_repository_image_scan_on_push_enabled query to use the correct common dimensions. (#793)

What's new?

• Added NIST SP 800-171 Revision 2 benchmark (powerpipe benchmark run azure_compliance.benchmark.nist_sp_800_171_rev_2). (#264)

What's new?

• New dashboards added:
  • Turbot Guardrails Workspace Report for Admin
• New benchmark added:
  • Turbot Guardrails Workspace Health

Enhancements

• Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to AliCloud v0.22.0 or higher. (#95)

Whats new

• Added support for installing mods from a branch or from the local file system. (#285)

  To install from a branch:

  powerpipe mod install github.com/turbot/steampipe-mod-aws-well-architected#main

  To reference a mod in the local file system:

  powerpipe mod install ../mods/local_mod_folder

• Added --pull flag to mod, dashboard and benchmark commands to control the mod update strategy. (#352). Possible update strategies are:

  • full - check branch and tags for both latest and accuracy
  • latest - update everything to latest, but only branches - not tags - are commit checked (which is the same as latest)
  • development - update branches and broken constraints to latest, leave satisfied constraints unchanged
  • minimal - only update broken constraints, do not check branches for new commits

Enhancements

• Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to GCP v0.52.0 or higher. (#78)

Enhancements

• Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to Azure v0.56.0 or higher. (#124)

Enhancements

• Optimized queries to leverage the connection-level qualifiers for faster execution time and lower API load. To benefit from these enhancements, please upgrade to AWS v0.136.0 or higher. (#347)

Whats new

• It is now possible to set a timeout for benchmark and dashboard execution. These can be set:
  • In the workspace using properties: dashboard_timeout and benchmark_timeout
  • Using the --dashboard-timeout flag for the dashboard run and server commands
  • Using the --benchmark-timeout flag for the benchmark run commands.
  • Using the environment variables POWERPIPE_DASHBOARD_TIMEOUT and POWERPIPE_BENCHMARK_TIMEOUT respectively. (#336)
• Support installing private mods using a GitHub app token. (#381).
• Improve the layout of filter and grouping components for control tags and dimensions. (#263)
• Remove the dashboard input list and dashboard input show commands.
• Add thousands separator to numeric values in dashboard tables. (#315)
• Only show benchmark cards for statuses that are contained in the current filter and add status to filter on card click. (#322)

Bug fixes

• When calling mod update, respect the argument (if any) and only update specified mods. (#331)
• Fix mod update display of updates to transitive dependencies. (#288)

Enhancements

• Updated the workspace_dashboard dashboard to include information on the accounts, resources, and active controls across different workspaces. (#31)
• Updated the workspace_account_report dashboard to display resources, policy settings, alerts, and active controls across workspaces instead of the TE version. (#31)

Enhancements

• Optimized several queries to minimize API usage, achieving faster performance. (#786)

What's new?

• Added CIS v3.0.0 benchmark (powerpipe benchmark run gcp_compliance.benchmark.cis_v300). (#158)

Bug fixes

• Updated the foundational_security_lambda_2 control to check for the latest Lambda runtimes as per the AWS FSBP document. (#778) (Thanks @sbldevnet for the contribution!)
• Fixed the title of secretsmanager_secret_unused_90_day control. (#783)

Enhancements

• Added the following controls to the All Controls benchmark: (#253)
  • cosmosdb_account_uses_aad_and_rbac
  • iam_user_not_allowed_to_create_tenants
  • securitycenter_image_scan_enabled

Bug fixes

• Updated the postgres_db_server_allow_access_to_azure_services_disabled query to check if the endIpAddress column is set to 0.0.0.0 instead of 255.255.255.255 as per the CIS documentation. (#253)

What's new?

• New control added:
  • rds_mysql_postresql_db_no_unsupported_version (#174)

Bug fixes

• Fixed the ecs_cluster_active_service_count query in the AWS ECS Cluster Dashboard to correctly return the count of Cluster Active Services instead of ECS Clusters. (#341) (Thanks @mupi2k for the contribution!)

Breaking changes

• The Foundational Security Best Practices v1.0.0 benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)
  • The foundational_security_elbv2 sub-benchmark have been removed.
  • The following controls are no longer included in the benchmarks:
    • foundational_security_cloudfront_2
    • foundational_security_ec2_22
    • foundational_security_s3_4

Enhancements

• The Foundational Security Best Practices v1.0.0 benchmark has been updated to better align with the matching AWS Security Hub. The following updates have been made: (#772)
  • The following sub-benchmarks have been added to the foundational_security benchmark:
    • foundational_security_appsync
    • foundational_security_backup
    • foundational_security_eventbridge
    • foundational_security_fsx
    • foundational_security_msk
    • foundational_security_pca
    • foundational_security_route53
    • foundational_security_sfn
  • The following controls have been added to the benchmarks:
    • foundational_security_acm_2
    • foundational_security_appsync_2
    • foundational_security_backup_1
    • foundational_security_cloudfront_13
    • foundational_security_dms_6
    • foundational_security_dms_7
    • foundational_security_dms_8
    • foundational_security_dms_9
    • foundational_security_docdb_3
    • foundational_security_docdb_4
    • foundational_security_docdb_5
    • foundational_security_dms_9
    • foundational_security_dynamodb_6
    • foundational_security_ec2_51
    • foundational_security_ecs_9
    • foundational_security_eks_8
    • foundational_security_elasticbeanstalk_3
    • foundational_security_emr_2
    • foundational_security_eventbridge_3
    • foundational_security_fsx_1
    • foundational_security_msk_1
    • foundational_security_networkfirewall_2
    • foundational_security_networkfirewall_9
    • foundational_security_opensearch_10
    • foundational_security_pca_1
    • foundational_security_rds_34
    • foundational_security_rds_35
    • foundational_security_route53_2
    • foundational_security_s3_19
    • foundational_security_sfn_1
    • foundational_security_waf_12

Bug fixes

• Fixed the project_license_table, project_other_license_count and project_weak_copyleft_license_count queries to use the latest version of EUP (European Union Public License 1.2). (#13)

Bug fixes

• Fixed the repository_license_table, repository_other_license_count and repository_weak_copyleft_license_count queries to use the latest version of EUP (European Union Public License 1.2). (#25)

Bug fixes

• Fixed the CIS controls from cis_v200_2_4 to cis_v200_2_11 to correctly evaluate results when using the aggregator connection of the GCP plugin. (#154)

Bug fixes

• When exporting or displaying a benchmark run result as a snapshot, ensure the top level panel has a valid summary. (#274)
• Update mod list output to include resource_name and mod fields.

What's new?

• Added CIS v2.1.0 benchmark (powerpipe benchmark run azure_compliance.benchmark.cis_v210). (#250)

Whats new

• Optimize workspace load time for large workspaces with multiple dependent mods. (#365)

Bug fixes

• Fix CLI available version check. (#250)
• Notify when mod install creates a default mod. (#246)
• Remove newline from end of mod install output. (#247)
• Fix issue where asff output was always missing the first row. (#249)

We're thrilled to announce the release of 52 new Powerpipe mods, featuring pre-built dashboards and benchmarks for cloud inventory & insights, security & compliance, cost management and shift-left scanning. These include the 43 Steampipe mods to visualize AWS, Azure, GCP, GitHub, Terraform and more using Steampipe as the database. And 9 new, ready-to-use Powerpipe mods providing easy to learn examples to visualize data in Postgres, SQLite, DuckDB, and MySQL!

A full list of mods can be found in the Powerpipe Hub.

For more information on how you can get started incorporating these mods into your own custom dashboards and benchmarks, please see Introducing Powerpipe - Composable Mods.

Introducing Powerpipe - Dashboards for DevOps.

Benchmarks - 5,000+ open-source controls from CIS, NIST, PCI, HIPAA, FedRamp and more. Run instantly on your machine or as part of your deployment pipeline.

Relationship Diagrams - The only dashboarding tool designed from the ground up to visualize DevOps data. Explore your cloud,understand relationships and drill down to the details.

Dashboards & Reports - High level dashboards provide a quick management view. Reports highlight misconfigurations and attention areas. Filter, pivot and snapshot results.

Code, not clicks - Our dashboards are code. Version controlled, composable, shareable, easy to edit - designed for the way you work. Join our open-source community!

Learn more at:

• Website - https://powerpipe.io
• Docs - https://powerpipe.io/docs
• Hub - https://hub.powerpipe.io
• Introduction - https://powerpipe.io/blog/introducing-powerpipe