Thanks to everyone who created feature requests, bug reports and tested fixes. Your help is instrumental to continue to improve Cupdate!
Features
Using Docker with (m)TLS
Cupdate now supports securely exposed Docker hosts using TLS, mTLS, trusted certificates or self-signed certificates - with per-host configuration.
To use Docker with TLS where there is established trust (the Docker API is exposed using a certificate trusted by the host running Cupdate), simply specify your Docker host as https://<my-host>.
To use mTLS or self-signed certificates, additional configuration is required. By using the new CUPDATE_DOCKER_TLS_PATH environment variable, you can now specify a directory in which certificates and keys are stored. For more information, refer to the new documentation:
Generic registry auth
Cupdate now supports well-behaving registries which tell Cupdate how they expect authentication to work (via the WWW-Authenticate header). This means that Cupdate will now work more reliably with images requiring authentication, such as private GHCR images or private Docker Hub images. But it also means that self-hosted registries such as Zot can work without dedicated support by Cupdate.
Towards 1.0.0
A lot of features and improvements have been added to Cupdate over the past minor releases, taking steps towards a first stable release (in the semantic sense). In order to get there and to make it possible to develop improvements and fixes with confidence that they don't break existing features or installations, a lot of effort has gone in to writing additional comprehensive test suites for Cupdate, targeting wide test coverage through unit and integration tests.
Improvements and fixes
- Clarify the risk score shown on images scanned by Open SSF
- Add support for registries with basic auth
- Ignore invalid OCI references from Docker Compose
Full Changelog: v0.18.0...v0.19.0