Changes
This release contains the following changes ๐. Help spread the word or leave a GitHub star if you like it ๐
โ ๏ธ Upgrade Notes
This update adds new fields to the Custom Resource Definitions (CRDs), Helm does not update CRDs after the initial installation.
To upgrade the CRDs you can run the following script or grab the latest CRDs from the git repo at the v3.11.0 tag:
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v3.11.0/operator/crds/cascading.securecodebox.io_cascadingrules.yaml
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v3.11.0/operator/crds/execution.securecodebox.io_parsedefinitions.yaml
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v3.11.0/operator/crds/execution.securecodebox.io_scancompletionhooks.yaml
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v3.11.0/operator/crds/execution.securecodebox.io_scans.yaml
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v3.11.0/operator/crds/execution.securecodebox.io_scantypes.yaml
kubectl apply -f https://raw.githubusercontent.com/secureCodeBox/secureCodeBox/v3.11.0/operator/crds/execution.securecodebox.io_scheduledscans.yaml
โ ๏ธ Potential Breaking Scanner Upgrades
Important: please be aware that this release contains some potential breaking scanner updates. As discussed in ADR 0011 we accept potentially breaking changes delivered by security scanner projects within our minor updates. In the future, minor releases can contain changes that are breaking to some users. These changes will be highlighted in the release notes. Major releases will be used to indicate larger compatibility-breaking changes.
- Upgraded semgrep from 0.85.0 to 0.92.1 @secureCodeBoxBot (#1172, #1127)
- Semgrep now runs its docker container as root user (See #1127 returntocorp/semgrep#5081). If you have a PodSecurityPolicy (PSP) or a alternative (like kyverno) in place to disallow root container running in the namespace.
๐ Features
- Add Multi-Platform Builds for ARM Container Images @J12934 (#1168)
- Replace Codeclimate with megalint @the-simmon (#1122)
- New Trello type for the notification hook @Spritekin (#1153)
- Added authentication feature to generic webhook @Miker91 (#1107)
๐ Security Scanner
- Upgraded trivy from 0.26.0 to 0.28.0 @secureCodeBoxBot (#1139, #1177)
- Upgraded typo3scan from v1.0.1 to v1.0.2 @secureCodeBoxBot (#1170)
- Upgraded sslyze from 5.0.3 to 5.0.5 @secureCodeBoxBot (#1144, #1175)
- Upgraded kube-hunter from 0.6.5 to 0.6.8 @secureCodeBoxBot (#1171)
- Upgraded semgrep from 0.85.0 to 0.92.1 @secureCodeBoxBot (#1172)
- Upgraded nuclei from v2.6.8 to v2.7.0 @secureCodeBoxBot (#1136, #1161)
โ๏ธ Hooks
- New Trello type for the notification hook @Spritekin (#1153)
- Added authentication feature to generic webhook @Miker91 (#1107)
๐ Bug Fixes
- Regenerate Helm Docs @J12934 (#1166)
- Allows the Dashboard importer to be built through the makefiles @Ilyesbdlala (#1143)
- Add SSLyze Image to custom scanner list @J12934 (#1157)
- Removed module type from hooks/package.json @Ilyesbdlala (#1154)
- Make common.mk use python3 (new) (Closes #1019) @SebieF (#1133)
๐งช Test
- Removed the simply expanded variable for the ABS_PROJECT_DIR in Makefile @Ilyesbdlala (#1124)
๐ Documentation
- Regenerate Helm Docs @J12934 (#1166)
- Update OWASP status from Incubator to Lab in more READMEs @malexmave (#1141)
๐ง Maintenance
- Replace Codeclimate with megalint @the-simmon (#1122)
๐ Dependencies
Distribution
Contributors
Thanks to all our contributors supporting this project ๐ค
@Ilyesbdlala, @J12934, @Miker91, @SebieF, @Spritekin, @Weltraumschaf, @malexmave, @rseedorff, @secureCodeBoxBot and @the-simmon