Skip to content

Release Notes

We are pleased to announce the latest release of Spotter, packed with new features, enhancements, and fixes.

Note

Spotter updates are part of our ongoing commitment to enhancing Spotter's functionality and user experience. We welcome any feedback and are here to answer any questions.

Check out all the latest updates and improvements:

2024-04-24 Release

  • Spotter App version 3.14.0

New Checks

New Features

  • Added a runtime setting; Enterprise users may disable new user registrations in their on-prem deployments of Spotter.
  • We introduced an optional time-based expiration for API tokens, allowing users to set token expiration dates and implement error handling for expired tokens.

Improvements

  • Action Start Scanning now directs users to the top of the page for streamlined access.
  • Enhanced Custom rules; Spotter now supports updating and clearing policies directly from the app.
  • Enhanced Check Management; Spotter now supports organization-level management of skipping and enforcing checks directly from the app.
  • Users can now close the dropdown in the check catalogue after accessing links with anchors.
  • We flattened the hierarchy by relocating Runtime Settings to the list end to reduce confusion and unintentional navigation collapses.
  • Scan environment is now displayed in the Spotter app. You can access it inside of every given project.
  • Added support for RHEL 9.3 in on-prem installations.

Fixes

  • Fixed the issue preventing multiple saves of subsequent runtime settings during a single user visit, ensuring successful saves without errors on all attempts.
  • Fixed the issue causing admin settings to vanish when switching between runtime settings.
  • Fixed the handling of crashes when users input incorrect custom TLS settings, with the utilization of self-signed certificates as a fallback.

2024-04-11 Release

  • Spotter App version: 3.13.1

Fixes

  • Fixed display issue in Scan Details view of Spotter App. This update ensures that each check result row now accurately displays a reconstruction of the play or task it corresponds to.

2024-04-10 Release

  • Spotter App version: 3.13.0

New Features

  • The Spotter app now enables you to easily view all uploaded custom policies, enhancing user control and efficiency: policies listing, code rendering, and smooth navigation between policies and projects. You can view your policies in the Custom rules section.

Improvements

  • Documented how to configure integration with Active Directory under a new Active Directory Support section in the On-prem documentation.

Fixes

  • Fixed issues with self-signed certificates support for TLS connections after installs and upgrades, easing setup for secure communications.

2024-03-27 Release

  • Spotter App version: 3.12.0
  • Spotter CLI version: 3.3.0

Improvements

  • The on-prem installation documentation now includes instructions for entering license information during the initial setup.
  • Customized bind handling for Active Directory LDAP searches by ensuring a successful bind on the connection.
  • Try On-prem CTA: Introduced a Call-to-Action button on the top navigation for easy access to on-premise setup modal.
  • Adjusted the navigation by relocating Your Plan to the subscription page for improved accessibility.
  • The registration form for the on-prem users is now in a single view.

Fixes

  • Implemented pagination support for LDAP searches to manage size limit exceeded errors resulting from a large number of results.

2024-03-13 Release

  • Spotter App version: 3.11.0
  • Spotter CLI version: 3.2.0

New Features

  • Developed on-prem license models and efficient verification methods.
  • Added SARIF format support for scan results in the CLI. Use spotter scan --sarif report.sarif playbook.yml for easy integration with GitHub code scanning and other SARIF-compatible platforms.

Fixes

  • Fixed the issue where switching projects in the Spotter app with pagination lead to an "error while retrieving project scan list."
  • Fixed the issue where switching pages results in multiple code snippets were being inadvertently opened.

2024-02-28 Release

  • Spotter App version: 3.10.0

Improvements

  • The E3000- No Module Found for Specified Version check has been improved to only trigger if there is no known earlier minor version in the knowledge base, enhancing the accuracy of checks.
  • Improved the scan details view in the Spotter app to enable each check result row to display a reconstruction of the play or task it corresponds to, providing clearer insights into scan results.
  • New and improved Feedback link in the navigation sidebar enables easier and more detailed user feedback submission.

Fixes

  • Fixed the Start scanning button to reopen the Your quick start guide if it had previously been closed, ensuring users have access to the guide when needed.

2024-02-22 Release

  • Spotter App version: 3.9.0

New Features

  • Enabled multiple source LDAP organizations to be mapped into a single Steampunk Spotter organization, allowing for more flexible user management.
  • Added an option for enabling instance admins to view and manage all organizations within the app as if they were an org admin, regardless of their membership status in those organizations.

Improvements

  • Enhanced the organization drop-down to display the exact number of organizations for users who are members of more than 5 organizations.
  • Set LDAP timeout to 30 seconds to improve the system's responsiveness and reliability.
  • Improved error messaging for LDAP configurations by providing a more informative "Unexpected error" message for backend errors, enhancing user understanding and troubleshooting.
  • Increased the robustness of LDAP sync by gracefully handling duplicate usernames or email addresses in LDAP input and discrepancies among multiple users.
  • Made errors of individual LDAP settings visible when testing settings or running sync, aiding in the identification and resolution of configuration issues.
  • Refined the login view to allow users to retain previously typed entries when switching between Internal and LDAP login methods, enhancing the user experience.

2024-02-14 Release

  • Spotter App version: 3.8.0

New Checks

New Features

  • LDAP Integration: Added the ability to configure managed Steampunk Spotter user accounts, groups and user roles by directory information services available in your network.

2024-01-31 Release

  • Spotter App version: 3.7.0
  • Spotter CLI version: 3.1.1

New Checks

  • H806: Decimal Mode Format Check

    • This check is designed to ensure that the mode settings in specific Ansible modules are in the correct numerical format. The focus is on the file and copy modules of Ansible, where it's common to specify file permissions.

  • E3300: Hardcoded Secret Detection in Tasks

    • This check identifies instances where secrets (such as passwords or API keys) are hardcoded directly within a task. The recommendation is to use variables or Ansible Vault for better security practices. This check is relevant for ensuring best practices and enhancing security within configurations.

  • E3301: Hardcoded Secret Detection in Plays

    • This check targets the detection of hardcoded secrets within Ansible plays. The presence of such secrets is considered a security risk and goes against best practices. Instead of embedding secrets directly, the recommendation is to utilize variables or Ansible Vault, which offer more secure and manageable approaches to handling sensitive information. This check is pertinent to ensuring adherence to best practices and bolstering security.

  • E3200: Production Environment Debugger Check

    • The check highlights tasks that may interrupt execution due to the activation of the debugger. It advises against using the debugger in production environments to maintain smooth and uninterrupted execution flows.

  • W2705: Jinja2 Implicit Field Wrapping Warning (CVE-2023-5764)

    • This check identifies instances where a 'Jinja2' field is implicitly wrapped within a Jinja2 expression, leading to a potential risk of double evaluation, which is flagged under CVE-2023-5764. Such practices can introduce security vulnerabilities into the playbook. The check emphasizes the importance of adhering to secure coding practices and avoiding patterns that could result in unintended behavior or security risks. For further guidance, refer to the Ansible Porting Guide.

New Features

Enabled dynamic banners in the app.

Improvements

  • Enhanced CLI from version 3.1.0 onwards to utilize data type information sent to the cloud.

Pricing Plan Updates:

  • Reduced Free Plan scan quota from 100 to 5 scans per month.
  • Discontinued Individual Plan, renamed Team Plan to Pro Plan, and changed Free Trial Team Plan to Free Trial Pro Plan with same features.

Fixes

  • Fixed text overflow issue for long email addresses in the My Profile drop-down menu.
  • Fixed the role change restriction for the sole organization administrator.

2024-01-17 Release

  • Spotter App version: 3.6.0
  • Spotter CLI version: 3.1.0

New Checks

  • H3100: Only Roles or Tasks

    • A check for smoother and clearer play execution. We recommend sticking to either 'tasks' or 'roles' but not both. Mixing them can make the order of execution a bit confusing, so keep it simple and use one or the other.

  • W1408: Reserved Variable Name Changes Play

    • This check identifies instances where reserved variable names are overridden, which could result in unpredictable application behavior. The check emphasizes adherence to best practices for reliable code security and validation.

  • W1407: Reserved Ansible Name Validation

    • This check ensures that variables do not use reserved Ansible names, which is crucial for maintaining code security, best practices, and proper validation.

New Features

  • Enhanced Scan Responses now include links to detailed scan information available in the Spotter web app, as well as the Organization ID, offering improved accessibility and additional resources.
  • Custom Endpoint Use: You can now use custom endpoints from config files.
  • Instance Admins in Organization Member List: Enhanced visibility of instance admins on on-prem installations.
  • Enabled Content Security Policy (CSP) Header: Implemented and enabled the CSP header for enhanced security.

Improvements

  • Administrators and users can now use e-mails that don't contain any dot . in the host name, e.g.: info@local.
  • Improved the system's numerical interpretation capabilities by ensuring correct parsing of octal values in YAML 1.1.
  • Spotter CLI is now tested to support Python 3.12.
  • Improved the progress bar display for nonexistent files.
  • Improved efficiency of discovering CLI environment's Ansible version.
  • Improved CLI output by separating warning messages.
  • Sending relative paths to the scanned files instead of the absolute ones.
  • Removed unnecessary looping in the rewriting process, improving efficiency and readability.
  • Removed sleep after last request and improved request handling strategies.
  • Implemented TLS certificate configuration in Spotter's runtime settings.

Fixes

  • Fixed race condition in asynchronous scanning.
  • Fixed inline form string value quoting issue.
  • Fixed BCC email functionality.

2024-01-09 Release

  • Spotter App version: 3.5.0

New Checks

  • H1601: Enforce Naming Conventions in Playbooks
    • Check to ensure all plays and tasks are appropriately named.
  • W1406: Reserved Variable Name Changes
    • Overriding reserved variable names can cause unpredictable behavior. This check ensures you avoid these reserved names, maintaining your environment's stability and security.
  • H2704: Implement Jinja2 Spacing
    • Check to enhance readability and reduce typos in Jinja2 syntax. For readability, Jinja2 expressions should have spaces after {{ and before }}.
  • H2205: Advice Against 'vars_prompt' Use
    • Playbooks should not use the vars_prompt feature when using AAP, as the automation controller does not interactively allow for vars_prompt questions. This check helps you catch when you should consider replacing vars_prompt with ordinary variables or Ansible Vault.

New Features

  • New Links from Check Results Codes to Catalogue Entries
    • The Reports/Check Results segments now also include direct links to the check catalogue.
  • Profile Badges in Check Catalogue
    • Added profile badges to check catalogue examples to improve the clarity and functionality of your scans. You can learn more about Spotter profiles, here.
  • Enhanced validation is now available by providing preprocessed data to OPA. Within Rego rules, you can access both module names and their Fully Qualified Collection Names (FQCN) for each task.
  • Direct Organization Invitation Acceptance within the Spotter Web App
    • We've improved the Spotter app to allow for direct acceptance and rejection of invitations. This feature offers a convenient alternative for on-premises contexts where email delivery capabilities might be restricted due to policy. It also centralizes invitation control within the Spotter App, providing a more integrated solution than relying solely on external email channels.

Improvements

  • Granted instance admin universal permissions for broader access.
  • Updated CI/CD builds for CLI pre-2.2.0 to avoid mismatches in expected output.
  • Standardized color usage in the 'most common errors' section for error levels.
  • Implemented Content-Security-Policy header to enhance application security.
  • Updated the system to support the 'listen' keyword for both tasks and handlers for improved differentiation.
  • Verified and ensured correct processing of the win_shell module with Jinja expressions.

2023-12-14 Release

  • Spotter App version: 3.4.0
  • Spotter CLI version: 3.1.0

New Features

  • New Links from Check Results Codes to Catalogue Entries
    • Implemented cross-referencing to the catalogue. You can now easily access it with a single click on your check results codes in the Dashboard and Reports segments of the Spotter App.
  • Source and CLI Version in Scan Input:
    • Included CLI version and request source in scan details.
  • Profiles Field in Catalogue API Endpoint:
    • Introduction of a profiles field in the catalogue API.

Improvements

  • Updated Integrations and CLI QSG Links: Modification of links for better on-prem installation compatibility.

Fixes

  • Fixed Admin Menu Post Token Refresh: Stability enhancement for the admin menu.
  • Fixed Jinja in Module_Args and Args Usage: Resolution of a specific case in Jinja argument handling.
  • Upgraded Fortawesome & Fixed Firefox Font Issue: Browser compatibility improvements and Firefox font issue resolution.

2023-12-06 Release

  • Spotter App version: 3.3.0
  • Spotter CLI version: 3.0.0

New Checks

New Features

  • Spotter App:
    • New quick start guide to guide new users on how to use Spotter with shortcuts to documentation and frequently used functionality. A new button Start scanning opens this guide.
    • We added a new Integrations view with cards linking to the relevant documentation.

Improvements

  • Module Support: Now supporting ruamel.yaml > 0.18 and Pydantic V2.
  • Progress Bar: Now shows an "in progress with an unknown total" animation, visible during parsing before exporting the payload.
  • spotter --token switch is now preferred over its --api-token equivalent.
  • Environment Variable: Added SPOTTER_TOKEN alongside the existing SPOTTER_API_TOKEN.
  • Cleaner Command Listing: Removed global parser metavar listing all commands as {a, b, c, d}.
  • Improved Console Output: Reworded to prevent sentence punctuation from being included in clicked URLs.
  • Removed --option/-o flag.
  • Removed --format junit_xml option.
  • Removed --include-values and --include-metadata.
  • Use config get, config set, and config clear instead of get-config, set-config, and clear-config.
  • Transitioned to policies set and policies clear instead of set-policies and clear-policies.
  • Optional --origin ORIGIN switch to indicate scan context. Supported ORIGIN values: cli, docker, ide, ci.
  • Enhanced Task Details: Payload now includes play_id in task details.
  • CLI Version in Payload: Scan payload now includes the CLI version.
  • Relocated Subscriptions link to the profile menu dropdown.

Fixes

2023-11-22 Release

  • Spotter App version: 3.2.0
  • SPotter App version: 3.2.1

New Checks

New Features

  • Introducing the new Ansible Playbook Platform naming.
  • Documentation Enhancements in Spotter
    • Spotter docs have been thoroughly updated for better clarity and accuracy. Access the Documentation from the dropdown menu in the lower-left corner of the Spotter app.

Improvements

  • Now supporting scans against Ansible version 2.16.
  • Preferred use of --no-color switch, removed --no-colors.
  • CLI option descriptions now appear alongside options in help messages.
  • Capitalized --help/-h message and usage message for all commands.
  • Added short version -a for --ansible-version.
  • Improved help description for --project-id.
  • Removed --upload-values and --upload-metadata.
  • New global switch --timeout TIMEOUT to set custom HTTP client request timeout in seconds.
  • Enhanced console output to display where Spotter failed to apply suggestions.
  • Refactored command code with reusable classes for better efficiency.

Fixes

2023-11-16 Release

  • Spotter App version: 3.1.2

Fixes

  • A critical bug has been fixed where a registration POST request might time out during the last step of the registration process. This resolution ensures a smoother and more reliable registration experience for all users.

2023-11-09 Release

  • Spotter App version: 3.1.1

Improvements

  • Renamed CLI docs to Documentation in the navigation sidebar for clearer and more direct access.
  • Implemented cosmetic fixes to enhance the visual aspects and user experience of the registration flow views.

Fixes

  • Fixed an issue where syntax errors occurred when using action/local_action syntax in checks.

2023-11-08 Release

  • Spotter App version: 3.1.0

New Checks

Introducing check results for custom policy errors:

New Features

  • Multi-Step Registration Process
    • Introduced a new multi-step registration method.
  • Seamless Activation
    • Users automatically logged in when visiting the e-mail activation link, eliminating the need for username and password re-entry.
  • Anchor Points in Catalog View
    • Enabled anchor points in the URL, like #E800, to enhance navigation in the catalog view.

Improvements

  • Extended the logic for when expressions to include failed_when and changed_when.
  • The CLI docs link in the navigation sidebar now redirects here.
  • Added support for redirects, recognizing certain internal collection names that have changed.
  • Added support for RHEL 9.2 in on-prem installations.
  • Updated the Scraper to the new Galaxy NG API.
  • Refactored dev.py's format, lint, and build commands into a reusable class structure.
  • Updated dev.py admin subscription [set | update] to include an optional --recurrence RECURRENCE switch and allowed omission of the --end-date switch without errors.

Fixes

  • Fixed E001- Unknown Module Parameter errors related to invalid syntax in vars for tasks or plays.
  • Fixed a bug where Spotter ignored NOQA directives for custom checks.

2023-10-25 Release

  • Spotter App version: 2.3.1

New Checks

New Features

  • Support for Almalinux 8.8, 9.1, and 9.2
    • Added support for on-prem installations of Almalinux versions 8.8, 9.1, and 9.2.

Improvements

  • Enhanced performance of custom checks by eliminating a pre-check in OPA that slowed down with an increasing number of stored policies.
  • Extended dokugen to utilize the 'seealso' type.
  • The ./dev.py deployment make-installer command now includes a new switch --knowledge-version to specify the version
  • Using the ./dev.py build python-obfuscate command's --expiration-date now assumes an offline pyarmor date check, so no NTP will be used on on-prem installs.

Fixes

  • Fixed a hard-coded issue in the built-in library for rpmUtils.