Release Notes for Styra DAS
This page provides Styra DAS SaaS Release Notes for May 2023.
May 31, 2023
The Styra DAS 202300530 release delivers the following new features and changes.
New Features and Changes
This section describes new features and changes.
Terraform Rule Exemption Expiry Support
Exemptions to Terraform snippets can now include an expires field that indicates the date and time at which the exemption should expire.
Fixed Issues
This section describes issues that have been resolved.
Fixed Styra Local Plane (SLP) 0.7.0 Installation on OpenShift
SLP 0.7.0 introduced support for cosign image validation, and this functionality stores certificates in the SLP container home directory. OpenShift does not grant write access to this directory by default, so the SLP installation has been updated to store the certificates in memory rather than writing them to disk.
Increased Compliance API Timeout
The compliance validation can take minutes for large Kubernetes clusters or stacks selecting multiple clusters. Previously when running "Validate" in the UI, the compliance API timed out in 1 minute. This timeout has been increased to 10 minutes.
May 24, 2023
The Styra DAS 202300524 release delivers the following new features and changes.
New Features and Changes
This section describes new features and changes.
Improved Policy Authoring Experience
Policy files now load up to ten times faster when browsing them in the Styra DAS UI.
May 17, 2023
The Styra DAS 202300517 release delivers the following new features and changes.
New Features and Changes
This section describes new features and changes.
Terraform State Compliance
The Styra DAS Terraform v2 system type supports evaluating existing Terraform rules against Terraform state representing the currently deployed resource configurations to report on compliance violations. Terraform state can be added in a Terraform system as one or more data sources from S3, GCS, git, or http, with data transforms for .tfstate files, Terraform Cloud workspaces, and Terraformer cloud plan outputs into a standard policy input format.
Terraform Code Scanning with Styra CLI
The Styra CLI validate check-local command supports scanning Terraform HCL .tf and .tf.json files in addition to Kubernetes YAML manifests. Allows customers to run Terraform policy checks using the Styra CLI during development, in pre-commit hooks, and in commit/PR checks before a Terraform plan has been run.
Terraform Rule Exemptions
The Styra DAS Terraform v2 system type supports defining rule exemptions using any type of data source in JSON format. Rule exemptions use the rule ID and resource address to exempt a resource from rule violations.
Terraform Policy Library Rule Metadata Improvements
All rules in the Styra DAS Terraform v2 policy library now have a unique rule ID defined, which is used for Terraform Rule Exemptions. The rule target metadata (currently fully defined for all Styra-built rules) has been defined for most KICS Terraform rules to provide context of the Terraform resource types targeted by the rule.
Email Now Optional for SSO Configurations
DAS admins can now configure an SSO provider to uniquely identify a user using
a custom claim. Prior to this change, DAS had used the email claim by default
for this purpose. Support has now been added to the /v1/identity-providers
object for a unique_claim field to specify the claim to be used as the
unique identifier instead of email. If not set, DAS will continue to use the
value from email claim to set the user id.
While configuring the unique_claim value, the associated value for
allowed_domains MUST be set to []string{"*"}.
DAS admins must be careful to set the unique_claim to an SSO claim that is
unique. Otherwise, multiple SSO-authenticated users may get assigned the
same User ID within DAS.
May 10, 2023
The Styra DAS 202300510 release delivers the following new features and changes.
New Features and Changes
This section describes new features and changes.
WorkspaceSystemCreator
Styra DAS has a new role. WorkspaceSystemCreator grants the ability to create a new System. Upon creating one, the user is assigned the SystemOwner role for that new System.
Data Source Upload Scale Improvements
Data Source agents now supports uploading data in a compressed binary JSON format that allows Data Sources up to 1 GB to be uploaded to Styra DAS.
This causes other scaling issues to occur in Styra DAS – compliance now supports large Data Sources; however, preview and validate functionality of rego importing a large Data Source will time out when the data is larger than roughly 300 MB.
OPA Timeout Value
In the Styra DAS UI, OPAs are now considered disconnected from a System after one hour, after which they no longer show in the system Deployments view. Previously, OPAs were shown up to 24 hours after they were disconnected from a System.
May 3, 2023
The Styra DAS 202300503 release delivers the following new features and enhancements.
New Features and Enhancements
This section describes new features and enhancements.
Styra DAS and Styra Load Integration
Styra DAS now includes Styra Load integration.
Cosign-Based Image Validation
This release adds support for cosign-based image validation to the Kubernetes System. The OPA Webhooks can be configured to use cosign policy snippets with a list of images to verify and their associated parameters.
SLP Update
Styra DAS is updated with SLP 0.7.0. SLP 0.7.0 adds an internal validation API to be used with the cosign policy snippet.