Skip to main content

Release Notes for Self-Hosted Styra DAS

Self-Hosted Styra DAS 0.14.1 was released on January 2, 2024.

New Features and Changes

Updated to OPA v0.59.0

The internal version of OPA used by Styra DAS has now been updated to OPA 0.59.0.

Policy Bundle Software Bill of Materials (SBOM)

This feature adds a Software Bill of Materials (SBOM) to policy bundles, detailing the git references used in the bundle for each package namespace. The SBOM details will be added to the metadata in the bundle's manifest file as well as the bundles API. An updated transactional Git sync process was added to support this feature, which also improves previous inconsistencies in Git sync edge cases. The feature can be enabled by setting the SBOM feature flag to true in your installation's Helm values.yaml file.

Configure bundle activation per bundle type

For systems configured with manual bundle deployment and separate data bundles enabled, users can configure data bundles to be automatically deployed. The Deployments tab has been updated to more clearly indicate bundle types and their activation modes.

Exported bundle name templating

When exporting bundles to Amazon S3 or GCS, discovery and policy bundle names support using template variables in the form of $VARIABLE or ${VARIABLE}. Supported variables include: $VERSION, $BUNDLE_DIGEST, $REVISION_DIGEST, $COMMIT, $SYSTEM, $SYSTEM_NAME, and $TIMESTAMP.

Enterprise OPA neo4j Built-in Support

Styra DAS supports defining and mocking Enterprise OPA's neo4j.query built-in in the policy editor.

Fixed Issues

Fixed policies retained after changing Git settings

When changing the Git settings on a system, stack, or library (e.g., changing the Git reference), deleted or moved policies would not be automatically reconciled in DAS policy storage and would be retained in the system, stack, or library until manually deleted. This fix requires the SBOM feature flag to be enabled to use the new transactional Git sync functionality.

Fixed Data Source Agent timeout causing reporting failure

In some cases a network timeout could cause the Data Source Agent to stop reporting data until restarted.

Fixed missing Allow/Deny toggle on Entitlements library rules

Library rules in the Entitlements system type using an Allow/Deny toggle were missing the toggle in some UI views.

Fixed WorkspaceViewer role missing Decisions

Users with only a WorkspaceViewer role were missing the Workspace-level Decisions tab in the UI.

Fixed error on default function

When using the default keyword on a function, DAS UI editor showed an invalid parser error.

Fixed system status load delay

In some cases when loading the DAS UI, the loading of system status could be delayed for up to a minute.

Fixed Enterprise OPA sql.send query arguments mocking

When mocking the Enterprise OPA sql.send built-in, query arguments were excluded in matching mock objects to sql.send usages.

Fixed replaying system decision for user without stack role

When replaying a system decision which included stack policies, a user without access to that stack would see an error in the UI.

Fixed SSO config support for multiple = in SSO claims

In the SSO provider claims configuration, the UI would only save the first key/value pair and remove any additional equal signs (=) and values following the additional equal signs.