v2.5.0
04 October 2018

Download: ZIP TAR

Summary

Inventory

  • Integration with Cloud Asset Inventory (CAI). CAI is a new GCP service that provides data across different resources. We will keep on updating the integration as CAI onboards new resources. This integration also significantly reduces the overall time to build the inventory.
  • Updated quota…

v2.4.0
26 September 2018

Download: ZIP TAR

RELEASE NOTE v2.4.0

Summary

Inventory

  • Added project liens as a new resource to Inventory.

Scanner

  • Added support for Forseti to run from a folder, instead of an organization.
  • Added resource_name column to all scanners and violations which contain human readable names.

Infrastructure

-…

v2.3.0
06 September 2018

Download: ZIP TAR

Summary

Installer

  • More robust installation process by handling ssh failure gracefully, and by enabling additional Google APIs in case they are not enabled by default.

Scanner

  • KE Scanner: Kubernetes rule updated to scan for the below vulnerabilities.
  • CVE-2018-5390 describes a kernel-level networking vulnerability that…

v2.2.0
22 August 2018

Download: ZIP TAR

Summary

Installer

  • Shared VPC Supports: Installer will now be able to handle deployment with shared VPC, by specifying the following flags at the start of the deployment:
    • vpc-host-project-id
    • vpc-host-network
    • vpc-host-subnetwork
  • G Suite updates: G Suite integration is now optional. Forseti will not inventory…

v2.1.0
16 August 2018

Download: ZIP TAR

RELEASE NOTE v2.1.0

Summary

Installer

  • Force the Forseti server to restart at the beginning of the cron run as a temporary fix to the auth issue #1832.
  • Forseti installation process can now be automated by passing in flags for all the prompted values.

Inventory

-…

v1.1.12
31 July 2018

Download: ZIP TAR

Summary

All Changes

6687c0d5 Removed the execution of run_forseti.sh from the startup script c7ffe8a4 Pin idna to version…

v2.0.0
27 June 2018

Download: ZIP TAR

Summary

Forseti 1.0 was first launched at Google Cloud Next ‘17 about a year ago. Since then, over 100 businesses and organizations have adopted Forseti, helping to secure Google Cloud Platform (GCP) environments large and small.

We received great feedback on how we could improve Forseti, and insight into…

v2.0-rc3
27 June 2018

Download: ZIP TAR

We are now in the final stretch for getting Forseti 2.0 released!

We’ve got one last Release Candidate for you to help us test. If you can take some time to help us validate that it works in your environment it would be much appreciated!

I’m in. How do…

v2.0-rc2
27 June 2018

Download: ZIP TAR

What is RC2?

RC2 is Forseti 2.0, Release Candidate 2. We anticipate this will be the last release candidate before finalizing Forseti Security 2.0.

Why should I test RC2? What changes are included?

There are many improvements and fixes in RC2. To name just a few:

  • General:…

v2.0-rc1
27 June 2018

Download: ZIP TAR

Getting started with Forseti Security 2.0

  • Use this guide we’ve put together to install the 2.0 version.

Testing and trying Forseti Security 2.0

  • This testing guide will walk you through the testing we’d like you to do. It includes instructions on testing installation, the client, inventory,…

v1.1.11
20 March 2018

Download: ZIP TAR

Summary

v1.1.10
09 February 2018

Download: ZIP TAR

RELEASE NOTE v1.1.10

Summary

Inventory

  • Kubernetes Engine: Your Kubernetes Engine (KE) Clusters and associated node pools and per zone service configs are now inventoried.

Scanner

  • Kubernetes Engine: Scans kubernetes Engine clusters checking versions. This can be used to detect that cluster nodes are patched against…

v1.1.9
13 December 2017

Download: ZIP TAR

Summary

  • Fix Slack notifications data format.
  • Remove IAM Explain from master branch

All changes

9eb7f5d (HEAD -> master, tag: v1.1.9, origin/master, origin/HEAD) Release 1.1.9 cff8d97 (origin/release-1.1.9, release-1.1.9) Merge branch ‘dev’ into release-1.1.9 da746bf (origin/dev, dev) Removed old Explain version (#892) 1648367 Increment version to 1.1.9 4c0b78e…

v1.1.8
29 November 2017

Download: ZIP TAR

Summary

  • Setup Wizard can deploy Forseti VM to a shared VPC.
  • Tweaks and bug fixes.

Thanks to our contributors!

Brad Leonard

All changes

ad9b00ec fix subnetwork placeholder ad30c506 Make the VPC deployment namings consistent everywhere. (#846) 78c2dbc9 Setup wizard can deploy Forseti to a shared…

v1.1.7
02 November 2017

Download: ZIP TAR

Summary

  • Delay utility.
  • Forseti and rule configuration tweaks.
  • New: Firewall rules scanner.
  • Add new options to setup wizard (G Suite superadmin email, notification recipient email) and pin the default version to the local code’s version.
  • Miscellaneous bug fixes.

Thanks to our contributors!

Alec…

v1.1.6
14 October 2017

Download: ZIP TAR

Summary

  • Add capability to api clients: get global operations, get quota, get disks, get networks, get subnetworks.
  • Support deployment if a user is not a direct org admin, but is a member of a gsuite group that has org admin permissions.
  • Include the notifier component to…

v1.1.5
28 September 2017

Download: ZIP TAR

Summary

  • AppEngine Services, Versions and Instances included in the inventory.
  • Deployment Improvements:
    • Switch forseti inventory and auditor to run as ubuntu instead of root by default
    • Fix service account permissions in deployment.
  • Support for multiple recipients in notifications.
  • Support for Egress and Deny…

v1.1.4
14 September 2017

Download: ZIP TAR

Summary

  • Add compute.projects component to compute repository
  • Fix a bug with the service account scope
  • Add resources to AppEngine API client
  • Slack webhook notifier
  • Add targetServiceAccount to firewall rules inventory
  • Add more information to instance network interface rule violation data

Thanks to…

v1.1.3
31 August 2017

Download: ZIP TAR

Major Features:

  • GCP API clients now use mix-ins of base methods, making it easier and cleaner to add or extend GCP API clients.
  • Logging integration with StackDriver. Log lines will be labeled with “forseti-security”.
  • API client for cloudbilling is added.
  • Copyright ownership changed to reflect…

v1.1.2
22 August 2017

Download: ZIP TAR

Major features:

  • IAM service accounts added to inventory
  • Network interface scanner

Thanks to our contributors!

Special thanks to:

  • Adam Cotenoff (Spotify)
  • Carly Schneider (Spotify)
  • Gianluca Brindisi (Spotify)

All changes:

30225b5 Check if the entry exists (#579) ba2d6d1 Fix network interface scanner (#578) a16d8ca…

v1.1.1
18 August 2017

Download: ZIP TAR

Minor update

  • Update the sample rule for folder IAM
  • Always create tables for inventory resources, even if no resources of that type are found.

All commits:

b108751 Initialize All Tables (#536) 58124a9 Update ISSUE_TEMPLATE.md c4db617 change the iam rule to blacklist (#515)

v1.1.0
25 July 2017

Download: ZIP TAR

Global

  • Moved many flags into a central yaml configuration file.
  • Tuned permissions needed by Forseti.

Inventory

  • Configurable Inventory pipelines.
  • Increased resource coverage.
    • Backend services
    • BigQuery datasets
    • CloudSQL
    • Firewall rules
    • Folders
    • Folder IAM policies
    • GAE applications
  • GCE…

v1.0.2
12 April 2017

Download: ZIP TAR

Inventory

  • Add groups and group member import into inventory.
  • Refactor pipelines to be classes.

Scanner

Case-insensitive rule match.

Miscellaneous

  • Improve deployment manager script to pull Forseti code from git branch.
  • Configure logging to use fluentd/syslog.

Shout-outs

@mcunha

Commits

7f90499 Release 1.0.2…

v1.0.1
29 March 2017

Download: ZIP TAR

Inventory

  • Only active projects will be processed.
  • Don’t fail pipeline on an error with IAM policy.
  • Improved inventory email notification format.

Scanner

  • Fix for rules inheritance.

Miscellaneous

  • Sending email is optional.
  • Remove db password as a commandline option.
  • Documentation updates…

v1.0
16 March 2017

Download: ZIP TAR

Inventory

Build and store an inventory of the following Google Cloud Platform resources:

  • Projects
  • Project IAM policies
  • Organization IAM policies

Scanner

Scan project IAM policies, auditing them with a user-defined set of rules.

Enforcer

Enforce a project Compute Engine firewall policy, given a policy…