v1.1.7
02 November 2017

Download: ZIP TAR

Summary

  • Delay utility.
  • Forseti and rule configuration tweaks.
  • New: Firewall rules scanner.
  • Add new options to setup wizard (G Suite superadmin email, notification recipient email) and pin the default version to the local code’s version.
  • Miscellaneous bug fixes.

Thanks to our contributors!

Alec…

v1.1.6
14 October 2017

Download: ZIP TAR

Summary

  • Add capability to api clients: get global operations, get quota, get disks, get networks, get subnetworks.
  • Support deployment if a user is not a direct org admin, but is a member of a gsuite group that has org admin permissions.
  • Include the notifier component to…

v1.1.5
28 September 2017

Download: ZIP TAR

Summary

  • AppEngine Services, Versions and Instances included in the inventory.
  • Deployment Improvements:
    • Switch forseti inventory and auditor to run as ubuntu instead of root by default
    • Fix service account permissions in deployment.
  • Support for multiple recipients in notifications.
  • Support for Egress and Deny…

v1.1.4
14 September 2017

Download: ZIP TAR

Summary

  • Add compute.projects component to compute repository
  • Fix a bug with the service account scope
  • Add resources to AppEngine API client
  • Slack webhook notifier
  • Add targetServiceAccount to firewall rules inventory
  • Add more information to instance network interface rule violation data

Thanks to…

v1.1.3
31 August 2017

Download: ZIP TAR

Major Features:

  • GCP API clients now use mix-ins of base methods, making it easier and cleaner to add or extend GCP API clients.
  • Logging integration with StackDriver. Log lines will be labeled with “forseti-security”.
  • API client for cloudbilling is added.
  • Copyright ownership changed to reflect…

v1.1.2
22 August 2017

Download: ZIP TAR

Major features:

  • IAM service accounts added to inventory
  • Network interface scanner

Thanks to our contributors!

Special thanks to:

  • Adam Cotenoff (Spotify)
  • Carly Schneider (Spotify)
  • Gianluca Brindisi (Spotify)

All changes:

30225b5 Check if the entry exists (#579) ba2d6d1 Fix network interface scanner (#578) a16d8ca…

v1.1.1
18 August 2017

Download: ZIP TAR

Minor update

  • Update the sample rule for folder IAM
  • Always create tables for inventory resources, even if no resources of that type are found.

All commits:

b108751 Initialize All Tables (#536) 58124a9 Update ISSUE_TEMPLATE.md c4db617 change the iam rule to blacklist (#515)

v1.1.0
25 July 2017

Download: ZIP TAR

Global

  • Moved many flags into a central yaml configuration file.
  • Tuned permissions needed by Forseti.

Inventory

  • Configurable Inventory pipelines.
  • Increased resource coverage.
    • Backend services
    • BigQuery datasets
    • CloudSQL
    • Firewall rules
    • Folders
    • Folder IAM policies
    • GAE applications
  • GCE…

v1.0.2
12 April 2017

Download: ZIP TAR

Inventory

  • Add groups and group member import into inventory.
  • Refactor pipelines to be classes.

Scanner

Case-insensitive rule match.

Miscellaneous

  • Improve deployment manager script to pull Forseti code from git branch.
  • Configure logging to use fluentd/syslog.

Shout-outs

@mcunha

Commits

7f90499 Release 1.0.2…

v1.0.1
29 March 2017

Download: ZIP TAR

Inventory

  • Only active projects will be processed.
  • Don’t fail pipeline on an error with IAM policy.
  • Improved inventory email notification format.

Scanner

  • Fix for rules inheritance.

Miscellaneous

  • Sending email is optional.
  • Remove db password as a commandline option.
  • Documentation updates…

v1.0
16 March 2017

Download: ZIP TAR

Inventory

Build and store an inventory of the following Google Cloud Platform resources:

  • Projects
  • Project IAM policies
  • Organization IAM policies

Scanner

Scan project IAM policies, auditing them with a user-defined set of rules.

Enforcer

Enforce a project Compute Engine firewall policy, given a policy…