Skip to main content

Release Notes for Self-Hosted Styra DAS

Self-Hosted Styra DAS 0.13.6 was released on October 11, 2023.

New Features and Changes

Self-Hosted Telemetry Service

The Self-Hosted Styra DAS installation includes an optional telemetry service to report non-sensitive, high-level telemetry data to Styra about the DAS installation. Telemetry reporting to Styra is enabled by default but can be disabled during the installation or upgrade process. Additional details can be found on the Self-Hosted Styra DAS Telemetry page.

Updated to OPA v0.56.0

The internal version of OPA used by Styra DAS has now been updated to OPA 0.56.0.

UI Refresh and Accessibility Improvements

UI styling has been updated and includes improved color contrast for better accessibility.

Enterprise OPA dynamodb and mongodb Built-ins Support

Styra DAS supports defining and mocking Enterprise OPA's dynamodb.send, mongodb.find, and mongodb.find_one built-ins in the policy editor.

Duplicate Git Config References

Multiple systems, stacks, or libraries can now track the same Git repository reference.

Support if Keyword on else Block in Policy Editor

The visual Rego parser in the policy editor supports using the if keyword on an else block.

Extended Compliance Violation Aggregation

Violations returned when fetching Compliance results in extended mode are aggregated by identical violations and include details of each rule instance which returned that violation.

Additional Data in Kubernetes Compliance Violations

For Kubernetes systems and stacks, the Compliance tab now uses the extended compliance mode for consistency and to display additional resource data for each violation.

Compliance Violation API Pagination

The Compliance API supports pagination to more easily manage violation results when a system or stack has a large number of violations.

Compliance Performance Improvements

Improved resiliency and performance of long-running Compliance evaluations when systems have a large data source or have a large number of violations. Compliance violation results are also cached to improve performance of fetching the last periodically run results.

UI Compliance Improvements

Improved UI performance in the Compliance tab and during policy validation for systems and stacks with a large number of Compliance violations. Systems and stacks with more than 1,500 Compliance violations may truncate the list of violations shown in the UI.

Kubernetes Data Source Agent Improvements

Improved data source agent resiliency and performance when blacklisted groups are included in the data source agent configuration selectors (e.g., apps/v1/*: null). The data source agent will now skip discovery of Kubernetes cluster resources in blacklisted groups (if there are no resource exclusions from the blacklisted group) rather than discovering and then ignoring those blacklisted group resources.

Improved Metrics Reporting Performance

Improved performance of the /v1/timeseries/metrics API for tenants with a large number of systems, stacks, and libraries.

Slack Notification Delivery Improvements

Improved speed and performance of sending Slack notifications in scenarios where a large number of notifications are triggered in a short period of time for a tenant.

Fixed Issues

Fixed SLP Startup Issue on OpenShift

In OpenShift environments, the Styra SLP may have errored on startup if the CoSign validation feature was enabled.

Fixed Token Expiry Email Option

When enabling SMTP, token expiry emails would be sent regardless of the TOKENS_EXPIRY_ALERT_ENABLED feature flag value.

Fixed Kubernetes Compliance Violation Duplicate Count

In Kubernetes systems which had a rule defined multiple times, the compliance violations for each instance of that rule would be summed in the system's timeseries compliance violation count displayed in the Monitoring tab.

Fixed Bundle Build Error When Using Bundle Optimization

For systems without a defined decision masking policy and bundle optimization level configured to 1 or higher, bundle builds would fail with an undefined entrypoint error.

Fixed Terraform Compliance Violation Timeseries

The Terraform State compliance violation count in timeseries metrics reported 0 violations when violations were present in the Compliance tab.

Fixed Kong Decisions Count on Metrics API

The timeseries metrics API may not have returned accurate decision counts for Kong gateway systems when using non-default system decision mapping configurations.

Fixed Deleted Git Branch Showing Intermittently

In certain circumstances, the reference for a deleted Git branch would intermittently show in a system's branches.

Fixed User Activity Log UI Loading Older Entries

Scrolling to the oldest entry in the user activity log would not always trigger loading of older entries without scrolling down and then back up.

Fixed Missing Evaluation Performance in UI

The evaluation time performance metric was not displayed for policies where the input pane was hidden.

Fixed Policy Validation Decision Replay Button

During policy validation, clicking an impacted decision did not trigger decision replay.

Fixed Workspace Usage Library Count

The Workspace usage report Library count only included global read-only Git-style libraries.

Fixed Adding/Removing Terraform Run Task UI Lag

In some cases after adding or removing a Terraform run task integration, the UI would lag in showing the integration configuration change.

Fixed Malformed System Git Settings UI Crash

If a malformed system Git configuration was persisted via the API, a UI crash may have occurred depending on the malformed configuration data.

Fixed Datasource Loading Issue

In the Styra DAS UI, if the initial datasource load operation failed, the datasource would not load until a page refresh.

Fixed Policy Validation Decision Replay for Log Replay v2

When running policy validation for tenants using Log Replay v2, fetching additional decisions to replay may have used Log Replay v1 instead of v2.

Fixed Incorrect Decision Input During Decision Replay

In some cases, the input JSON data shown during decision replay may not have matched the input data from the selected decision.

Fixed Malformed Custom Snippet UI Crash

In cases where a custom snippet had a malformed configuration or did not define required configuration data, adding that custom snippet to a policy could cause a UI crash.

Fixed Styra CLI Error for Malformed OPA Config

When using a malformed or empty OPA config file with the Styra CLI, the CLI would return an error message which was not user friendly.

Fixed Styra CLI Kubernetes YAML Parsing

Running the Styra CLI validate check-local command on a Kubernetes YAML manifest using --- within the data section resulted in a file parsing error.

Link to Enterprise OPA installation documentation was shown in some non-applicable system type's install instructions.