Skip to main content

Release Notes for Styra DAS

This page provides Styra DAS SaaS Release Notes for May 2023.

May 24, 2023

The Styra DAS 202300524 release delivers the following new features and changes.

New Features and Changes

This section describes new features and changes.

Improved Policy Authoring Experience

Policy files now load up to ten times faster when browsing them in the Styra DAS UI.

May 17, 2023

The Styra DAS 202300517 release delivers the following new features and changes.

New Features and Changes

This section describes new features and changes.

Terraform State Compliance

The Styra DAS Terraform v2 system type supports evaluating existing Terraform rules against Terraform state representing the currently deployed resource configurations to report on compliance violations. Terraform state can be added in a Terraform system as one or more data sources from S3, GCS, git, or http, with data transforms for .tfstate files, Terraform Cloud workspaces, and Terraformer cloud plan outputs into a standard policy input format.

Terraform Code Scanning with Styra CLI

The Styra CLI validate check-local command supports scanning Terraform HCL .tf and .tf.json files in addition to Kubernetes YAML manifests. Allows customers to run Terraform policy checks using the Styra CLI during development, in pre-commit hooks, and in commit/PR checks before a Terraform plan has been run.

Terraform Rule Exemptions

The Styra DAS Terraform v2 system type supports defining rule exemptions using any type of data source in JSON format. Rule exemptions use the rule ID and resource address to exempt a resource from rule violations.

Terraform Policy Library Rule Metadata Improvements

All rules in the Styra DAS Terraform v2 policy library now have a unique rule ID defined, which is used for Terraform Rule Exemptions. The rule target metadata (currently fully defined for all Styra-built rules) has been defined for most KICS Terraform rules to provide context of the Terraform resource types targeted by the rule.

Email Now Optional for SSO Configurations

DAS admins can now configure an SSO provider to uniquely identify a user using a custom claim. Prior to this change, DAS had used the email claim by default for this purpose. Support has now been added to the /v1/identity-providers object for a unique_claim field to specify the claim to be used as the unique identifier instead of email. If not set, DAS will continue to use the value from email claim to set the user id.

While configuring the unique_claim value, the associated value for allowed_domains MUST be set to []string{"*"}.


DAS admins must be careful to set the unique_claim to an SSO claim that is unique. Otherwise, multiple SSO-authenticated users may get assigned the same User ID within DAS.

May 10, 2023

The Styra DAS 202300510 release delivers the following new features and changes.

New Features and Changes

This section describes new features and changes.


Styra DAS has a new role. WorkspaceSystemCreator grants the ability to create a new System. Upon creating one, the user is assigned the SystemOwner role for that new System.

Data Source Upload Scale Improvements

Data Source agents now supports uploading data in a compressed binary JSON format that allows Data Sources up to 1 GB to be uploaded to Styra DAS.

This causes other scaling issues to occur in Styra DAS – compliance now supports large Data Sources; however, preview and validate functionality of rego importing a large Data Source will time out when the data is larger than roughly 300 MB.

OPA Timeout Value

In the Styra DAS UI, OPAs are now considered disconnected from a System after one hour, after which they no longer show in the system Deployments view. Previously, OPAs were shown up to 24 hours after they were disconnected from a System.

May 3, 2023

The Styra DAS 202300503 release delivers the following new features and enhancements.

New Features and Enhancements

This section describes new features and enhancements.

Styra DAS and Styra Load Integration

Styra DAS now includes Styra Load integration.

Cosign-Based Image Validation

This release adds support for cosign-based image validation to the Kubernetes System. The OPA Webhooks can be configured to use cosign policy snippets with a list of images to verify and their associated parameters.

SLP Update

Styra DAS is updated with SLP 0.7.0. SLP 0.7.0 adds an internal validation API to be used with the cosign policy snippet.