October 12, 2022, Conformity—The following features and updates are now available
with Conformity's latest release on 12 October 2022.
- Added the `skipUpdatingEnabledSuppression` attribute to prevent updating the `suppressed` and `suppressed-until` attributes on suppressed checks using the Checks API.
- Improved our compliance score calculation logic to prevent the score of greater than 95% being rounded off to 100%.
Bug Fixes
- Fixed a bug where the Conformity Bot reported stale checks with a large number of EC2 resources.
- Fixed a bug that prevented getting the list of excluded resources in the UI and the public API by making some performance enhancements.
- Fixed a bug with the Custom Rules engine that returned an `HTTP 500` error for resources without data.
Custom Policy Updates
There is no change to the custom policy as a result of the new deployment. The current
custom policy version is 1.38. Click here to access the current custom policy.
New Rules
GCP
- CloudIAM-013: Essential Contacts for Organizations (Not Scored): This rule ensures that the Essential Contacts are defined for your Google Cloud organization.
- ResourceManager-001: Disable User-Managed Key Creation for Service Accounts: This rule ensures that the `Disable Service Account Key Creation` policy is enforced.
Rule Bug Fixes
- Config-002: AWS Config Referencing Missing S3 Bucket: Fixed a bug where the rule did not return a success check for compliant Config resources on the Provider level.
- Fixed an issue where the check region for the following rules incorrectly returned as `ALL`:
- Monitor-002: Activity Log Retention
- Monitor-003: Activity Log All Activities
- Monitor-004: Activity Log All Regions
- Monitor-005: Check for Publicly Accessible Activity Log Storage Container
- Monitor-006: Use BYOK for Activity Log Storage Container Encryption
- Resources-001: Tags