February 16, 2022, Conformity—The following features and updates are now available
with Conformity's latest release on 16 February 2022.
Bug Fix
- Fixed a bug where the PATCH Rule Settings API endpoint was returning an error when the request had misplaced exception attributes.
Custom Policy Updates
- There is no change to the custom policy as a result of the new deployment. The current custom policy version is 1.35. Click here to access the current custom policy.
New Rules
GCP
- CloudSQL-015: Check for Publicly Accessible Cloud SQL Database Instances: This rule ensures that your Google Cloud SQL database instances are configured to accept connections from trusted networks and IP addresses only.
- ComputeEngine-007: Enable VM Disk Encryption with Customer-Supplied Encryption Keys: This rule ensures that the disks attached to your production Google Compute Engine instances are encrypted with Customer-Supplied Encryption Keys (CSEKs).
- CloudIAM-004: Delete User-Managed Service Account Keys:This rule ensures that VM instances are not associated with default service accounts that allow full access to all Google Cloud APIs.
Rules Updates
- Firehose-001: Firehose Delivery Stream Destination Encryptions: This rule has been updated to specify the relevant encryption type. The rule ensures that Firehose delivery stream data records are encrypted at the destination.
- Lambda-001: Lambda Runtime Environment Version: Customers can now configure the end of support runtime in the rule settings.
Rule Bug Fixes
- ECS-002: ECS Task Log Driver In Use: Fixed a bug where the disabled rule was generating checks.
- ECS-003: ECS Configuration Changes: We've fixed a bug where Conformity Bot was unable to correctly scan ECS Clusters.