Releases: kubescape/helm-charts
Releases · kubescape/helm-charts
kubescape-operator-1.40.2
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- fix:ensure grype-offline-db uses dedicated service account by @Aneesh-Hegde in #834
- fix: make grype-offline-db CronJob history limits configurable via values.yaml by @Shreya2005-2005 in #837
- feat: remove service discovery components by @matthyx in #835
- fix: make grype-offline-db CronJob schedule configurable via values.yaml by @Shreya2005-2005 in #839
- fix: add liveness and readiness probes to grype-offline-db deployment by @Shreya2005-2005 in #841
- Fix kubevuln tmp-dir PVC rendering when disabled by @aaa-aashna in #842
- prepare release 1.40.2 by @matthyx in #846
- certificate strategy hook -> initContainer by @lyuval-armosec in #843
- kubescape/kubescape@v4.0.6...v4.0.8
- feat(httphandler): support TLS key configuration via env vars by @Kayd-06 in kubescape/kubescape#2029
- fix(cautils): use TrimPrefix to strip URL scheme in CreatePortForwarder by @sahitya-chandra in kubescape/kubescape#2018
- fix: validate severity-threshold flag before running scan by @Shreya2005-2005 in kubescape/kubescape#2031
- fix: surface YAML parse errors instead of silently dropping documents by @Varadraj75 in kubescape/kubescape#2034
- fix(cautils): return error on git URL parse failure and handle unmarshal error by @sakshar2303 in kubescape/kubescape#2036
- fix(core): add warning logs for dropped workloads in local file scans by @Kayd-06 in kubescape/kubescape#2032
- fix: validate compliance-threshold and fail-threshold in scan and sca… by @Shreya2005-2005 in kubescape/kubescape#2040
- fix: replace os.ReadDir with os.RemoveAll in removeResultDirs by @Varadraj75 in kubescape/kubescape#2038
- get services from API, removing sidecar requirement by @matthyx in kubescape/kubescape#1960
- fix: validate empty format flag before running scan subcommands by @Shreya2005-2005 in kubescape/kubescape#2044
- docs: replace placeholder Long description in scan command by @Shreya2005-2005 in kubescape/kubescape#2046
- docs: add Git-repository and Kustomize-directory to scan Long description by @Shreya2005-2005 in kubescape/kubescape#2048
- fix: return clear error when directory path is passed to
kubescape fixby @Shreya2005-2005 in kubescape/kubescape#2050 - test: add baseline coverage for compliance-critical functions in opaprocessor by @Varadraj75 in kubescape/kubescape#2054
- test(vap): comprehensive test coverage for VAP commands (77 tests) by @manmathbh in kubescape/kubescape#2019
- feat(opaprocessor): filter expired exceptions before applying results by @manmathbh in kubescape/kubescape#2023
- feat: add ControlInput CRD for in-cluster control configuration by @manmathbh in kubescape/kubescape#2042
- fix: return error when empty name passed to download framework or control by @Shreya2005-2005 in kubescape/kubescape#2058
- docs: add PDF output format and fix heading inconsistencies in getting-started.md by @Ridhi-03Kumari in kubescape/kubescape#2056
- feat(vap): add --timeout flag to deploy-library command by @manmathbh in kubescape/kubescape#2021
- suppress spurious interrupt signal log on graceful exit by @yugal07 in kubescape/kubescape#2060
- Fix scan results not submitted when using API_URL-based service discovery (no services.json) by @Copilot in kubescape/kubescape#2064
- kubescape/kubevuln@v0.3.137...v0.3.142
- get services from API, removing sidecar requirement by @matthyx in kubescape/kubevuln#340
- chore(deps): Bump github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream from 1.7.7 to 1.7.8 by @dependabot[bot] in kubescape/kubevuln#360
- fix: set viper delim key and test proxyRegistryMap by @mkm29 in kubescape/kubevuln#361
- chore(deps): Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 by @dependabot[bot] in kubescape/kubevuln#363
- fix: close previous grype DB store before replacing on 24h refresh by @matthyx in kubescape/kubevuln#364
- kubescape/node-agent@v0.3.111...v0.3.119
- get services from API, removing sidecar requirement by @matthyx in kubescape/node-agent#772
- fix: improve logging for rules with missing profileDataRequired by @matthyx in kubescape/node-agent#803
- fix: cache only completed container profiles to ensure data integrity by @matthyx in kubescape/node-agent#813
- Chore(deps): Bump github.com/in-toto/in-toto-golang from 0.9.0 to 0.11.0 by @dependabot[bot] in kubescape/node-agent#814
- Chore(deps): Bump github.com/go-git/go-git/v5 from 5.18.0 to 5.19.0 by @dependabot[bot] in kubescape/node-agent#816
- fix(networkstream): fix timeout, mutex stall, and empty-stream skip by @matthyx in kubescape/node-agent#817
- kubescape/operator@v0.2.141...v0.2.142
- fix(gitlab): populate repositories for scan-all by @matthyx in kubescape/operator#371
- kubescape/synchronizer@v0.0.141...v0.0.147
- get services from API, removing sidecar requirement by @matthyx in kubescape/synchronizer#145
- chore(deps): bump github.com/cilium/cilium from 1.17.14 to 1.17.15 by @dependabot[bot] in kubescape/synchronizer#154
- update packages by @YakirOren in kubescape/synchronizer#155
- fix(httpendpoint): increase ReadTimeout for large network stream payloads by @matthyx in kubescape/synchronizer#156
Full Changelog: kubescape-operator-1.40.1...kubescape-operator-1.40.2
Contributors
mkm29, matthyx, and 13 other contributors
Assets 3
kubescape-operator-1.40.1
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- feat: update kubevuln image tag to v0.3.137 and add riskAcceptance co… by @matthyx in #833
- fix(kubescape-operator): gate operator httpExporterConfig on synchronizer.enabled by @yugal07 in #832
- kubescape/kubevuln@v0.3.136...v0.3.137
- feat: add riskAcceptance flag for SecurityException CRD integration by @matthyx in kubescape/kubevuln#358
Full Changelog: kubescape-operator-1.40.0...kubescape-operator-1.40.1
Contributors
matthyx and yugal07
Assets 3
kubescape-operator-1.40.0
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- refactor(templates): remove redundant GOMAXPROCS by @Maximus-08 in #822
- ArgoCD GitOps Support for Kubescape Helm by @lyuval-armosec in #825
- feat: add artifact provenance attestation for Helm chart releases by @matthyx in #828
- feat: GOMEMLIMIT at 80% of memory limit for node-agent + kubevuln by @slashben in #827
- feat: add profileDataRequired field to rules CRD for rule-aware projection by @matthyx in #829
- Replace host sensor with node agent sensing by @Bezbran in #773
- prepare new release by @matthyx in #830
- kubescape/kubescape@v3.0.48...v4.0.6
- Replace host sensor with node agent sensing by @Bezbran in kubescape/kubescape#1916
- run system test from private repo by @bvolovat in kubescape/kubescape#1935
- fix all linter errors by @matthyx in kubescape/kubescape#1936
- add verbose option to scan-images by @matthyx in kubescape/kubescape#1932
- Fix broken README table of contents anchor links by @Mujib-Ahasan in kubescape/kubescape#1931
- build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 by @dependabot[bot] in kubescape/kubescape#1937
- Add krew plugin manifest by @matthyx in kubescape/kubescape#1934
- feat: Optimize CPU and Memory Usage for Resource-Intensive Scans by @matthyx in kubescape/kubescape#1939
- fix isRuleKubescapeVersionCompatible bug with version 4.0.0 by @matthyx in kubescape/kubescape#1941
- Pass tag for the runtime version by @lpmi-13 in kubescape/kubescape#1944
- build(deps): Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5 by @dependabot[bot] in kubescape/kubescape#1945
- build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in kubescape/kubescape#1948
- feat: new flag
--grype-db-urladded to overload the url inkubescape scancommand by @Mujib-Ahasan in kubescape/kubescape#1949 - build(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in kubescape/kubescape#1952
- build(deps): Bump golang.org/x/image from 0.25.0 to 0.38.0 by @dependabot[bot] in kubescape/kubescape#1954
- build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by @dependabot[bot] in kubescape/kubescape#1957
- build(deps): Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 by @dependabot[bot] in kubescape/kubescape#1956
- build(deps): Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 by @dependabot[bot] in kubescape/kubescape#1955
- fix: duplicate flags removed from image.go by @Mujib-Ahasan in kubescape/kubescape#1962
- Fix: handle error from
NormalizeImageNamein patch command by @Mujib-Ahasan in kubescape/kubescape#1965 - build(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in kubescape/kubescape#1966
- build(deps): Bump helm.sh/helm/v3 from 3.18.5 to 3.20.2 by @dependabot[bot] in kubescape/kubescape#1968
- build(deps): Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6 by @dependabot[bot] in kubescape/kubescape#1967
- build(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.6 by @dependabot[bot] in kubescape/kubescape#1969
- build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1970
- build(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.97.1 to 1.97.3 by @dependabot[bot] in kubescape/kubescape#1971
- build(deps): Bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1972
- build(deps): Bump github.com/moby/buildkit from 0.26.1 to 0.28.1 by @dependabot[bot] in kubescape/kubescape#1958
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.38.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1973
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.39.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1974
- use go-logger v0.0.28 by @matthyx in kubescape/kubescape#1977
- build(deps): Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 by @dependabot[bot] in kubescape/kubescape#1978
- fix(image-scan): normalize vulnerability exceptions across casings by @raajheshkannaa in kubescape/kubescape#1979
- test(image-scan): add all-lowercase CVE ID test case by @matthyx in kubescape/kubescape#1980
- build(deps): Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 by @dependabot[bot] in kubescape/kubescape#1981
- Preserve cluster-scoped rule results when
--include-namespacesis set by @Copilot in kubescape/kubescape#1986 - Enable Helm-backed Kustomize rendering in local resource loading by @Copilot in kubescape/kubescape#1985
- docs: clarify how Kubescape detects Helm vs Kustomize directories by @ivaresarthak-cloud in kubescape/kubescape#1991
- fix(opaprocessor): eliminate false negatives when OPA rule evaluation fails by @Sanchit2662 in kubescape/kubescape#1987
- fix host scans with data retrieved from the CRDs by @matthyx in kubescape/kubescape#1990
- stop logging raw scan request bodies by @matthyx in kubescape/kubescape#1993
- remove dead helm-template source-mapping code by @yugal07 in kubescape/kubescape#1995
- fix: prevent nil map assignment panic in APIServerStore by @pulkitvats2007-crypto in kubescape/kubescape#1999
- fix(opaprocessor): propagate OPA eval errors instead of silently dropping resources by @Sanchit2662 in kubescape/kubescape#1992
- fix(resourcehandler): recognize ErrCloudDescribeUnavailable as non-fatal by @yugal07 in kubescape/kubescape#2003
- fix: apply cluster-scoped exceptions to manual controls by @RohanKaran in kubescape/kubescape#1994
- Fix/surface partial resource collection errors by @Sanchit2662 in kubescape/kubescape#1997
- fix(httphandler): use unique temp file for per-request exceptions by @yugal07 in kubescape/kubescape#2009
- test(resourcehandler): add tests for partial GVR collection failure and InfoMap propagation by @Sanchit2662 in kubescape/kubescape#2011
- test(resourcehandler): ensure scan integrity by verifying surfaced API pull errors by @pulkitvats2007-crypto in kubescape/kubescape#2012
- fix(portforwarder): surface ForwardPorts error and unblock waitForPortForwardReadiness by @SAY-5 in kubescape/kubescape#2016
- feat(cautils): populate scanMetadata excluded/include namespaces by @Sanchit2662 in kubescape/kubescape#2015
- Feat/helm values overrides scan by @yugal07 in kubescape/kubescape#2013
- fix: prevent goroutine leak in copaPatch on timeout by @Varadraj75 in kubescape/kubescape#2027
- test: mock GitHub API calls and restore repository scanner tests by @Kayd-06 in kubescape/kubescape#2025
- kubescape/kubevuln@v0.3.132...v0.3.136
- chore(deps): Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 by @dependabot[bot] in kubescape/kubevuln#354
- perf: switch to kubescape/syft v1.32.0-ks.2 + disable file catalogers by @slashben in kubescape/kubevuln#355
- fixing a FIXME by @yugal07 in kubescape/kubevuln#356
- add debug log for grype DB url by @matthyx in kubescape/kubevuln#357
- kubescape/node-agent@v0.3.94...v0.3.111
- Chore(deps): Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 by @dependabot[bot] in kubescape/node-agent#783
- chore: validate NAUT-1252 memory optimizations (go.mod replace directives) by @matthyx in kubescape/node-agent#786
- fix iouring CO-RE relocation by @YakirOren in kubescape/node-agent#741
- Feature/cel const folding by @YakirOren in kubescape/node-agent#789
- Chore(deps): Bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 by @dependabot[bot] in kubescape/node-agent#790
- reduce per-event work in rule manager hot path by @YakirOren in kubescape/node-agent#794
- drop HttpRequestAccessor wrapper from request field access by @YakirOren in kubescape/node-agent#796
- reduce per-call allocations in CEL FieldG...
Contributors
raajheshkannaa, lpmi-13, and 17 other contributors
Assets 3
kubescape-operator-1.30.7
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- fix: add /tmp emptyDir volume to SBOM scanner sidecar by @slashben in #811
- feat(rbac): add CiliumClusterwideNetworkPolicy permissions by @bernardgut in #810
- fix(storage): allow configuring storage Service exposure by @officialasishkumar in #816
- Enable setting admission service type, and service annotations by @seppelucas in #813
- fix: persist admission webhook CA to prevent caBundle drift by @slashben in #818
- Add SecurityException CRDs, RBAC, and riskAcceptance capability by @slashben in #817
- prepare next release by @matthyx in #821
- kubescape/http-request@v0.2.16...v0.2.19
- add permissions by @bvolovat in kubescape/http-request#21
- build with go 1.26 by @matthyx in kubescape/http-request#22
- Close HTTP response body after request by @matthyx in kubescape/http-request#23
- Remove non-existent tests from REQUIRED_TESTS by @matthyx in kubescape/http-request#24
- Ensure HTTP response body is closed properly by @matthyx in kubescape/http-request#25
- kubescape/kubevuln@v0.3.119...v0.3.132
- Add SecurityException CRD design doc and review by @slashben in kubescape/kubevuln#341
- chore(deps): Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6 by @dependabot[bot] in kubescape/kubevuln#343
- chore(deps): update go-logger to v0.0.28 by @matthyx in kubescape/kubevuln#347
- Integrate SecurityException CRDs into vulnerability scanning by @slashben in kubescape/kubevuln#342
- chore(deps): fix dependabot security alerts (aws-sdk-go-v2, go-jose) by @matthyx in kubescape/kubevuln#348
- chore(deps): update docker/cli to v29.2.0 by @matthyx in kubescape/kubevuln#350
- Fix: enable SecurityException CRDs in keepLocal mode by @slashben in kubescape/kubevuln#349
- fix: handle nil storage in relevancy provider initialization by @matthyx in kubescape/kubevuln#346
- fix(exceptions): normalize vulnerability ID casing and trim whitespace by @matthyx in kubescape/kubevuln#353
- feat: GCP Workload Identity fallback for 401 Unauthorized by @matthyx in kubescape/kubevuln#351
- feat: registry proxy/mirror rewriting support by @matthyx in kubescape/kubevuln#352
- kubescape/node-agent@v0.3.79...v0.3.94
- fix: deep copy eBPF data for each syscall sub-event to prevent memory issues by @yugal07 in kubescape/node-agent#770
- add pprof labels for rules by @YakirOren in kubescape/node-agent#755
- pass component prerelease image tag to E2E tests by @bvolovat in kubescape/node-agent#765
- fix: support non-overlay snapshotters (ZFS, btrfs) in SBOM manager by @matthyx in kubescape/node-agent#771
- Feature/cel prefilter by @YakirOren in kubescape/node-agent#759
- fix(utils): restore NormalizePath to fix headless /proc and dot paths by @yugal07 in kubescape/node-agent#774
- Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 by @dependabot[bot] in kubescape/node-agent#768
- do not skip callback and update namespace for host containers by @matthyx in kubescape/node-agent#776
- feat: eBPF event deduplication before CEL rule evaluation by @slashben in kubescape/node-agent#762
- chore: trigger release for eBPF event dedup by @slashben in kubescape/node-agent#777
- fix: remove job-level permissions from benchmark workflow by @slashben in kubescape/node-agent#778
- chore: add package doc to dedupcache by @slashben in kubescape/node-agent#779
- fix: remove DNS events from dedup cache by @slashben in kubescape/node-agent#781
- update go-logger and other vulnerable packages by @matthyx in kubescape/node-agent#782
- do not skip host containers in NNC ContainerCallback by @matthyx in kubescape/node-agent#780
- kubescape/operator@v0.2.134...v0.2.140
- remove service discovery code by @matthyx in kubescape/operator#364
- chore: bump registryx to v0.0.35 (GitLab registry host discovery) by @rotemamsa in kubescape/operator#365
- chore(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by @dependabot[bot] in kubescape/operator#366
- chore(deps): update go-logger to v0.0.28 by @matthyx in kubescape/operator#367
- chore(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in kubescape/operator#368
- chore(deps): bump github.com/docker/cli to v29.2.0 by @matthyx in kubescape/operator#369
- kubescape/storage@v0.0.265...v0.0.272
- added cloudAccountIdentifier and region to host key by @shanyl9 in kubescape/storage#308
- fix: remove deleted HostTypeEcsService/HostTypeEcsTask, bump armoapi-go v0.0.696 by @kooomix in kubescape/storage#310
- fix: restore HostTypeEksEc2 — accidentally removed in #310 by @kooomix in kubescape/storage#311
- chore(deps): update go-logger to v0.0.28 by @matthyx in kubescape/storage#312
- fix(security): bump otel and go-jose in integration-test-suite by @matthyx in kubescape/storage#314
- fix(security): bump go-jose to v4.1.4 and syft to v1.42.3 by @matthyx in kubescape/storage#313
- kubescape/synchronizer@v0.0.136...v0.0.141
- chore(deps): update go-logger to v0.0.28 by @matthyx in kubescape/synchronizer#146
- chore: update armoapi-go to v0.0.700 and add ClusterUID support by @jnathangreeg in kubescape/synchronizer#147
- chore(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in kubescape/synchronizer#148
- chore(deps): update docker/cli to v29.2.0 by @matthyx in kubescape/synchronizer#149
- feat: propagate Azure ResourceGroup for synchronizer clients by @jnathangreeg in kubescape/synchronizer#150
- Bump prometheus-exporter from v0.2.13 to v0.2.18
- Bump http-request from v0.2.16 to v0.2.19
Full Changelog: kubescape-operator-1.30.6...kubescape-operator-1.30.7
Contributors
bernardgut, matthyx, and 11 other contributors
Assets 3
kubescape-operator-1.30.6
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- fix(node-agent): correct AppArmor version check by @lukaszpyczek in #807
- Feat/add priorityclassname deployments by @matthyx in #809
- feat: kubevuln SBOM scanner sidecar support by @slashben in #803
- feat: add SBOM scanner sidecar container to node-agent pod by @slashben in #802
- prepare next release by @matthyx in #808
- kubescape/kubevuln@v0.3.109...v0.3.119
- Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 by @dependabot[bot] in kubescape/kubevuln#331
- feat: SBOM scanner sidecar for memory-isolated SBOM generation by @slashben in kubescape/kubevuln#335
- Bump google.golang.org/grpc from 1.74.0 to 1.79.3 by @dependabot[bot] in kubescape/kubevuln#336
- Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 by @dependabot[bot] in kubescape/kubevuln#337
- Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 by @dependabot[bot] in kubescape/kubevuln#338
- add test coverage for filterSBOM including dynamicpathdetector.DynamicIdentifier by @matthyx in kubescape/kubevuln#339
- feat: add scan failure reporting (SUB-7105) by @kooomix in kubescape/kubevuln#334
- kubescape/node-agent@v0.3.47...v0.3.79
- Fix GetGid/GetUid not implemented for event type. eventType: symlink by @matthyx in kubescape/node-agent#728
- Remove kskubemanager dependency and replace with kubemanager in tracer_factory by @matthyx in kubescape/node-agent#729
- Improve logging for DatasourceEvent field access errors, fix error_raw type by @matthyx in kubescape/node-agent#730
- Pass alert platform to RuleFailureCreator by @matthyx in kubescape/node-agent#731
- Remove LocalManager.host parameter from gadget execution to fix host detection by @matthyx in kubescape/node-agent#732
- fix http body parsing to respect Content-Length by @YakirOren in kubescape/node-agent#733
- Don't log warning for missing proc enrichment in SyscallEventType DatasourceEvent methods by @matthyx in kubescape/node-agent#734
- Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in kubescape/node-agent#738
- Refactor DatasourceEvent methods to suppress invalid field length warnings by @matthyx in kubescape/node-agent#739
- fix http event data bleed by @YakirOren in kubescape/node-agent#742
- Fix: Add ContainerID to virtual host container by @matthyx in kubescape/node-agent#740
- add agent version to runtime alerts by @YakirOren in kubescape/node-agent#746
- add new metadata to CPs by @matthyx in kubescape/node-agent#745
- fix: use correct datasource fields for iouring events by @slashben in kubescape/node-agent#751
- feat: add SBOM scanner sidecar for memory-isolated SBOM generation by @slashben in kubescape/node-agent#753
- Fix: Update related kind labels and allow overriding by @matthyx in kubescape/node-agent#754
- Fix: Implement scanner readiness watcher and queue pending scans for retry by @matthyx in kubescape/node-agent#758
- allow missing config file by @matthyx in kubescape/node-agent#763
- fix hard/sym link tracers for arm by @matthyx in kubescape/node-agent#764
- Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 by @dependabot[bot] in kubescape/node-agent#766
- Bump golang.org/x/image from 0.18.0 to 0.38.0 by @dependabot[bot] in kubescape/node-agent#767
- Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by @dependabot[bot] in kubescape/node-agent#769
- feat: add SBOM failure reporting interface and instrumentation (SUB-7109) by @kooomix in kubescape/node-agent#760
- kubescape/operator@v0.2.128...v0.2.134
- chore(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in kubescape/operator#358
- fix: populate image, imageDigest and clusterUID in admission alerts by @slashben in kubescape/operator#359
- bump github.com/armosec/registryx v0.0.34 by @matthyx in kubescape/operator#360
- chore(deps): Bump google.golang.org/grpc from 1.77.0 to 1.79.3 by @dependabot[bot] in kubescape/operator#361
- Skip TS containerprofiles for relevancy scans by @matthyx in kubescape/operator#362
- chore(deps): Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 by @dependabot[bot] in kubescape/operator#363
- kubescape/storage@v0.0.247...v0.0.265
- chore(deps): Bump go.opentelemetry.io/otel/sdk from 1.36.0 to 1.40.0 by @dependabot[bot] in kubescape/storage#294
- fix errors due to changes in k8s-interface by @shanyl9 in kubescape/storage#296
- fix: unsupported type uint64 errors in server-side apply by @matthyx in kubescape/storage#291
- memory savings by @matthyx in kubescape/storage#298
- use reflect.MakeSlice by @YakirOren in kubescape/storage#299
- Use timeout for pool connections by @matthyx in kubescape/storage#297
- Support ecs host storage by @shanyl9 in kubescape/storage#295
- fix MapMutex unbounded growth by adding refcounted eviction by @YakirOren in kubescape/storage#301
- Implement GobEncode and GobDecode for backward compatibility with uint64 fields by @matthyx in kubescape/storage#300
- use sync cond by @YakirOren in kubescape/storage#302
- restore direct I/O flags for payload file operations by @matthyx in kubescape/storage#303
- chore(deps): Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 by @dependabot[bot] in kubescape/storage#305
- Initialize sbomSet when nil instead of error by @matthyx in kubescape/storage#306
- fix buggy locking for migration path by @matthyx in kubescape/storage#307
- kubescape/synchronizer@v0.0.132...v0.0.136
- Bump go.opentelemetry.io/otel/sdk from 1.37.0 to 1.40.0 by @dependabot[bot] in kubescape/synchronizer#141
- Bump google.golang.org/grpc from 1.74.0 to 1.79.3 by @dependabot[bot] in kubescape/synchronizer#143
- add features provider by @YakirOren in kubescape/synchronizer#142
- Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 by @dependabot[bot] in kubescape/synchronizer#144
- Bump prometheus-exporter from v0.2.11 to v0.2.13
Full Changelog: kubescape-operator-1.30.5...kubescape-operator-1.30.6
Contributors
lukaszpyczek, matthyx, and 5 other contributors
Assets 3
kubescape-operator-1.30.5
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- Update values.yaml by @Naor-Armo in #799
- kubescape/kubevuln@v0.3.105...v0.3.109
- Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5 by @dependabot[bot] in kubescape/kubevuln#328
- strip unnecessary fields from SBOM to reduce size by @matthyx in kubescape/kubevuln#327
- fix test expectations by @matthyx in kubescape/kubevuln#329
- use fixed StripSBOM from storage v0.0.247 by @matthyx in kubescape/kubevuln#330
- kubescape/storage@v0.0.239...v0.0.247
- add permissions by @bvolovat in kubescape/storage#281
- Fix OpenAPI model names to use dot-notation instead of slash-notation by @matthyx in kubescape/storage#283
- disable slug channel by @shanyl9 in kubescape/storage#285
- Fix key not found by @jnathangreeg in kubescape/storage#287
- Implement StripSBOM function to reduce SBOM size by clearing unnecessary fields by @matthyx in kubescape/storage#288
- Preserve relationships in StripSBOM function (needed by kubevuln's filterSBOM) by @matthyx in kubescape/storage#289
- kubescape/node-agent@v0.3.42...v0.3.47
- Strip unused SBOM fields to reduce object size by ~52% by @slashben in kubescape/node-agent#720
- use fixed StripSBOM from storage v0.0.247 by @matthyx in kubescape/node-agent#726
- bump github.com/goradd/maps v1.3.0 by @matthyx in kubescape/node-agent#727
- kubescape/synchronizer@v0.0.131...v0.0.132
- fix: bump k8s-interface to v0.0.203 for OCI bare OCID detection by @rotemamsa in kubescape/synchronizer#140
New Contributors
- @Naor-Armo made their first contribution in #799
Full Changelog: kubescape-operator-1.30.4...kubescape-operator-1.30.5
Contributors
matthyx, dependabot, and 6 other contributors
Assets 3
kubescape-operator-1.30.4
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- do not sync spdx.softwarecomposition resources without storage by @matthyx in #796
- kubescape/operator@v0.2.126...v0.2.128
- bump github.com/armosec/registryx to v0.0.33 by @jnathangreeg in kubescape/operator#356
- Fix exec to pod has no workloadUID and update packages by @YakirOren in kubescape/operator#357
- kubescape/kubevuln@v0.3.104...v0.3.105
- add permissions by @bvolovat in kubescape/kubevuln#324
- add default name for CVE summary and update tests by @matthyx in kubescape/kubevuln#326
- kubescape/node-agent@v0.3.36...v0.3.42
- Implement HttpRequestAccessor for nested CEL field access by @YakirOren in kubescape/node-agent#711
- fix rule eval by @YakirOren in kubescape/node-agent#712
- Bump github.com/sigstore/sigstore from 1.10.3 to 1.10.4 by @dependabot[bot] in kubescape/node-agent#714
- fix Test_07 after CRD change by @matthyx in kubescape/node-agent#713
- Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5 by @dependabot[bot] in kubescape/node-agent#719
- Set IG logger level based on global log level by @matthyx in kubescape/node-agent#715
- Optimize/ebpf loading by @matthyx in kubescape/node-agent#718
- kubescape/synchronizer@v0.0.128...v0.0.131
- add permissions by @bvolovat in kubescape/synchronizer#136
- feat: restrict storage client operations to specific resource group by @matthyx in kubescape/synchronizer#137
- bump github.com/armosec/armoapi-go v0.0.673 by @matthyx in kubescape/synchronizer#138
- fix: detect OCI cloud provider from bare OCID providerID by @rotemamsa in kubescape/synchronizer#139
Full Changelog: kubescape-operator-1.30.3...kubescape-operator-1.30.4
Contributors
matthyx, dependabot, and 4 other contributors
Assets 3
kubescape-operator-1.30.3
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- chore: adding the ability to adjust the source of busybox by @drew-viles in #784
- add k8s context tag by @YakirOren in #785
- run system tests from private repo by @bvolovat in #786
- add stream logs and wait for tests finish by @bvolovat in #787
- fix attempt by @bvolovat in #788
- Update 02-e2e-test.yaml by @armobot in #789
- Run test from private repo by @bvolovat in #791
- add workflow_call by @bvolovat in #792
- add startup probe by @YakirOren in #793
- kubescape/kubescape@v3.0.47...v3.0.48
- Fix typos in documentation by @oglok in kubescape/kubescape#1913
- fix: Kustomize directory analysis not working by @majiayu000 in kubescape/kubescape#1914
- feat: Define labels to copy from workloads to reports by @majiayu000 in kubescape/kubescape#1915
- Add SkipPersistence flag to MetricsQueryParams in metrics endpoint by @BroderPeters in kubescape/kubescape#1917
- ci: update scorecard action version by @AndrewCharlesHay in kubescape/kubescape#1918
- update test lists by @amirmalka in kubescape/kubescape#1919
- build(deps): Bump github.com/sigstore/cosign/v3 from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4 by @dependabot[bot] in kubescape/kubescape#1920
- Update build number retrieval and permissions in workflow by @matthyx in kubescape/kubescape#1921
- Fix workload scan to include allcontrols framework by @Copilot in kubescape/kubescape#1922
- build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 by @dependabot[bot] in kubescape/kubescape#1923
- Fix panic on unsafe interface{} to string type assertions by @Copilot in kubescape/kubescape#1926
- build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1 by @dependabot[bot] in kubescape/kubescape#1927
- build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 by @dependabot[bot] in kubescape/kubescape#1928
- kubescape/operator@v0.2.121...v0.2.126
- bump version by @jnathangreeg in kubescape/operator#349
- Fix comment typo in checkECRRegistry function to clarify _catalog end… by @jnathangreeg in kubescape/operator#351
- add permissions by @bvolovat in kubescape/operator#352
- bump github.com/armosec/armoapi-go v0.0.673 by @matthyx in kubescape/operator#353
- bump github.com/kubescape/go-logger v0.0.26 by @matthyx in kubescape/operator#354
- bump github.com/goradd/maps v1.3.0 by @matthyx in kubescape/operator#355
- kubescape/kubevuln@v0.3.98...v0.3.104
- replace debian 12 with debian 13 when building container images by @pfarikrispy in kubescape/kubevuln#317
- Add comprehensive documentation and governance by @matthyx in kubescape/kubevuln#318
- Bump github.com/cilium/cilium from 1.16.9 to 1.16.17 by @dependabot[bot] in kubescape/kubevuln#319
- Add timeout to Grype DB update with graceful fallback to prevent indefinite readiness probe failures by @Copilot in kubescape/kubevuln#320
- Prevent DB update cancellation on readiness probe by @matthyx in kubescape/kubevuln#321
- kubescape/storage@v0.0.237...v0.0.239
- feat: handle large object storage by clearing spec and updating annotations by @matthyx in kubescape/storage#279
- bump k8s version to v0.35.0 by @matthyx in kubescape/storage#280
- kubescape/node-agent@v0.3.11...v0.3.36
- feat: propagate IsTriggerAlert field from rules to runtime alerts by @slashben in kubescape/node-agent#686
- Generating release by @slashben in kubescape/node-agent#688
- Feature/rule engine redesign by @YakirOren in kubescape/node-agent#685
- refactor: update cloud metadata types to use armotypes package by @matthyx in kubescape/node-agent#689
- Replace host sensor with node agent sensing by @Bezbran in kubescape/node-agent#681
- use k8s-interface by @Bezbran in kubescape/node-agent#691
- optimize header parsing and add early return in ruleAppliesToContext by @YakirOren in kubescape/node-agent#692
- improve field accessor retrieval with nil checks and type assertions by @matthyx in kubescape/node-agent#694
- Bump github.com/sigstore/sigstore from 1.9.5 to 1.10.4 by @dependabot[bot] in kubescape/node-agent#696
- Add Azure ResourceGroup enrichment to CloudMetadata by @slashben in kubescape/node-agent#697
- Add unit tests for Azure ResourceGroup parsing by @slashben in kubescape/node-agent#698
- remove toMap function by @YakirOren in kubescape/node-agent#693
- run system test from private repo by @bvolovat in kubescape/node-agent#700
- bump: update golang-set dependency to v2.8.0 by @matthyx in kubescape/node-agent#701
- bump: update armoapi-go dependency to v0.0.671 by @matthyx in kubescape/node-agent#702
- update the tests_groups by @bvolovat in kubescape/node-agent#703
- bump: update dependencies for backend, storage, and OpenAPI packages by @matthyx in kubescape/node-agent#704
- update chart repo by @bvolovat in kubescape/node-agent#705
- bump: update cel-go dependency to v0.26.1 by @matthyx in kubescape/node-agent#706
- Implement ClusterUID enrichment for runtime alerts by @slashben in kubescape/node-agent#708
- fix a bug where failed expressions would recompile on every event by @YakirOren in kubescape/node-agent#690
- fix container watcher error propagation by @YakirOren in kubescape/node-agent#709
- add permissions by @bvolovat in kubescape/node-agent#710
- upgrade to IG v0.48.1 by @matthyx in kubescape/node-agent#695
- kubescape/synchronizer@v0.0.127...v0.0.128
- perf: optimize memory usage by avoiding string-to-byte conversions by @amirmalka in kubescape/synchronizer#135
New Contributors
- @drew-viles made their first contribution in #784
- @YakirOren made their first contribution in #785
- @armobot made their first contribution in #789
- @pfarikrispy made their first contribution in kubescape/kubevuln#317
- @bvolovat made their first contribution in kubescape/operator#352
- @oglok made their first contribution in kubescape/kubescape#1913
- @majiayu000 made their first contribution in kubescape/kubescape#1914
- @BroderPeters made their first contribution in kubescape/kubescape#1917
- @AndrewCharlesHay made their first contribution in kubescape/kubescape#1918
- @Bezbran made their first contribution in kubescape/node-agent#681
- @bvolovat made their first contribution in kubescape/node-agent#700
Full Changelog: kubescape-operator-1.30.2...kubescape-operator-1.30.3
Contributors
drew-viles, BroderPeters, and 13 other contributors
Assets 3
kubescape-operator-1.30.2
Kubescape is an E2E Kubernetes cluster security platform
kubescape-operator-1.30.1
Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- Node-agent daemonset autoscaler support by @slashben in #772
- Update operator image tag to v0.2.121 by @slashben in #775
Full Changelog: kubescape-operator-1.30.0...kubescape-operator-1.30.1
Contributors
slashben