v2.0.1

What's Changed

• Bugfix/issue 101 by @awsntheule in #113

Full Changelog: v2.0.0...v2.0.1

v2.0.0

v2.0.0

Breaking Changes

• Building ASH images for use in CI platforms (or other orchestration platforms that may require elevated access within the container) now requires targeting the ci stage of the Dockerfile:

via ash CLI

ash --no-run --build-target ci

via docker or other OCI CLI

docker build --tag automated-security-helper:ci --target ci .

Features

• Run ASH as non-root user to align with security best practices.
• Create a CI version of the docker file that still runs as root to comply with the different requirements from building platforms where UID/GID cannot be modified and there are additional agents installed at runtime that requires elevated privileges.

Fixes

• Offline mode now skips NPM/PNPM/Yarn Audit checks (requires connection to registry to pull package information)
• NPM install during image build now restricts available memory to prevent segmentation fault

---

Commits

What's Changed

• Add additional checks for build expiry and ignoring Checkov/NPM Audit during offline mode by @awsmadi in #106
• Release v2.0.0: Run ASH as non-root user, add explicit CI stage by @rafaelpereyra in #109
• feat: run ASH image using non-root user by @climbertjh2 in #79

Full Changelog: v1.5.1...v2.0.0

v1.5.1

What's Changed

• Fix SHELL directive in Dockerfile and small items in Mkdocs config by @scrthq in #105

Full Changelog: v1.5.0...v1.5.1

v1.5.0

What's Changed

• Begin implementing support for offline mode by @awsmadi in #104

New Contributors

• @awsmadi made their first contribution in #104

Full Changelog: v1.4.1...v1.5.0

v1.4.1

What's Changed

• fix: mkdocs deployment issue by @scrthq in #97
• fix: Windows build issue due to CRLF on shell scripts by @scrthq in #98

Full Changelog: v1.4.0...v1.4.1

v1.4.0

What's Changed

• feat(docs): Add mkdocs documentation site and start of documentation by @scrthq in #86
• Update ash-multi by @orsifacundo in #87
• fix(docs): #comment updated docs triggers by @scrthq in #90
• feat: #comment removed build/deploy interdependency for doc pipeline by @scrthq in #91
• feat/docsite publishing by @scrthq in #93
• Add JSON output format as non-default output option via new --format parameter by @scrthq in #82

New Contributors

• @orsifacundo made their first contribution in #87

Full Changelog: v1.3.3...v1.4.0

ASH - v1.3.3

What's Changed

• fix(ash): adjust where/when output-dir is created, if necessary by @climbertjh2 in #74
• fix(ash): set execute permission on ash script in the container by @climbertjh2 in #81
• fix: update version file to match release tag format in github.com by @climbertjh2 in #84

Full Changelog: v1.3.2...v1.3.3

ASH - v1.3.2

What's Changed

• added get-scan-set.py to utils scripts to return a list of non-ignored files for processing by @scrthq in #47
• fix/codebuild shared bindmount issue by @scrthq in #49
• fix error in reflecting return code in ash script by @climbertjh2 in #51
• Issue 58: missing double quotes by @awsntheule in #64
• fixed cdk nag scanner, added unique stack names based on input filenames. corrected guards on git clone calls within the scanner scripts to ensure those happen in the container image by @scrthq in #54
• Add support for pnpm audit by @awsntheule in #66
• fix(cdk-nag-scan): copy output files to separate folders by @climbertjh2 in #69
• fix(ash): use /tmp rather than tmpfs for scratch area by @climbertjh2 in #73
• Fix CTRL-C cancelling by @awsntheule in #71

New Contributors

• @awsntheule made their first contribution in #64

Full Changelog: 1.2.0-e-06Mar2024...v1.3.2

1.2.0-e-06Mar2024

What's Changed

• fix: block pr comment step in workflow from running in forks by @scrthq in #31
• clean up README and CONTRIBUTING documents by @climbertjh2 in #30
• Update README.md by @geraldino2 in #28
• fix(#33): revert npm install on multi-container-arch to resolve cd issue by @scrthq in #34
• Fix malapropism by @john-aws in #35
• Add support for ARM64 platform, make single-container architecture default by @scrthq in #43

New Contributors

• @climbertjh2 made their first contribution in #30
• @geraldino2 made their first contribution in #28
• @john-aws made their first contribution in #35

Full Changelog: 1.1.0-e-01Dec2023...1.2.0-e-06Mar2024

1.1.0-e-01Dec2023

• Introduced single-container architecture via single Dockerfile in the repo root
  • Updated utils/*.sh and ash shell scripts to support running within a single container
  • Added new ash_helpers.{sh,ps1} scripts to support building and running the new container image
• Changed CDK Nag scanning to use TypeScript instead of Python in order to reduce the number of dependencies
• Changed identification of files to scan from find to git ls-files for Git repositories in order to reduce the number of files scanned and to avoid scanning files that are not tracked by Git
• Updated the multi-container Dockerfiles to be compatible with the script updates and retain backwards compatibility
• Updated ASH documentation and README content to reflect the changes and improve the user experience
• Added simple image build workflow configured as a required status check for PRs