github aquasecurity/starboard v0.10.0
on GitHub

latest releases: v0.15.22, v0.15.22-rc, v0.15.21...
3 years ago

Noteworthy

  1. Starboard Operator integrates with KubeBench by discovering K8s nodes and running KubeBench checks on existing and new nodes.
  2. Starboard CLI and Starboard Operator integrate with Conftest as a configuration audit plugin. The Conftest plugin supports custom OPA Rego checks and can be used as an alternative to Polaris, which has predefined set of checks.
  3. Deleting a security report, e.g. VulnerabilityReport, triggers rescan.
  4. Changing the configuration of the Conftest plugin, which is stored in the starboard-conftest-config ConfigMap, triggers rescan.
  5. New kind of HTML report to sum up risks in the specified K8s namespace.

Changelog

92e39f4 chore(Conftest): Update deployment descriptors (#495)
a7de614 fix(conftest): Do not show negative pass count (#488)
8929137 fix(helm): Add configAuditReport.scanner to the default Starboard settings (#487)
020b61d fix(helm): Add permission to delete ConfigAuditReports (#496)
dc6d9a3 fix(helm): Error calling gt: incompatible types for comparison (#486)
69ec5b4 fix(operator): Delete scan job for workload that has been deleted (#497)
5cb2c04 fix(polaris): Remove clutter from JSON output (#493)
748d553 fix: Rearrange sections in HTML report for namespace (#491)
80f9a0f refactor(conftest): Skip rescan when plugin ConfigMap is deleted (#489)
802cfa7 refactor: Embed vulnerabilityreports CRD (#484)
aa95a98 refactor: Move constants to starboard package (#477)
89d860a chore: Bump up Polaris from v3.0 to v3.2 (#447)
d57c119 chore: Fix code formatting (#456)
55b37f7 feat(cli): Show top 5 failed workload configuration checks in html report for namespace (#462)
f53705a feat(cli): Show top 5 vulnerabilities by score in html report for namespace (#463)
c836618 feat(helm): Add HTTPS_PROXY and NO_PROXY settings for Trivy (#443)
8841b79 feat(operator): Add config to enable/disable scanners (#467)
b136b07 feat: Add HA Support for the Starboard Operator (#452)
56c1a3b feat: Add PluginContext for configuration audit scanners (#474)
9978cf4 feat: Add plugin name and config getter to PluginContext (#475)
20182e2 feat: Deleting a VulnerabilityReport should trigger rescan (#458)
1ddfb87 feat: Integrate Conftest as ConfigAuditReports scanner (#417)
89e3ba8 fix: Skip reconciling Jobs managed by CronJob (#450)
fa27379 refactor: Use client.Client in integration test (#469)
774ee8b refactor: Use client.Client in integration test for operator (#470)
2060f7b refactor: Use custom Gomega matcher to assert VulnerabilityReports (#461)
09c1bc0 chore: Review log statements and error messages (#441)
d12f369 feat(helm): Add ConfigMap template for plugins configuration (#437)
275e215 chore(release): Remove logout step (#408)
9c23ea8 chore: Bump up Trivy from v0.14.0 to v0.16.0 (#412)
c4c4289 chore: Delete deployment descriptors for Trivy server (#436)
42c8621 chore: Publish Starboard Operator Helm chart to our OSS charts repository (#393)
b9c1d27 chore: Trigger Helm chart publishing workflow manually (#439)
27d0ccc chore: Update deployment descriptors (#438)
8325cb2 chore: Upgrade CRD apiVersion from apiextensions.k8s.io/v1beta1 to apiextensions.k8s.io/v1 (#411)
75502ed feat(cli): Update description of get report command (#423)
001ee2c feat(operator): Integrate kube-bench (#404)
7134455 feat: Add AVD links to HTML report (#398)
05cc500 feat: Add AVD reference to KubeHunterReport CR (#407)
004dba6 feat: Deleting a ConfigAuditReport should trigger rescan (#428)
38285f1 feat: Export kube-bench reports to HTML (#422)
5d98f63 feat: Get ConfigAuditReports from ReplicaSet in the same hierarchy (#397)
2954b44 feat: Get vulnerabilities from ReplicaSet in the same hierarchy (#389)
d5278c2 feat: Pass K8s object to configauditreport.Plugin (#420)
8cf7552 feat: Scaffold HTML report for namespace (#413)
52fe3a7 feat: Set security context for kube-bench (#354)
776bb1e feat: Set security context for kube-hunter (#394)
d066379 refactor: Delete *pod.Manager (#429)
30c164c refactor: Merge resources package with kube package (#430)
0e234c1 refactor: Merge rs package with kube package (#431)
a36725a refactor: Move Polaris package under plugin (#419)
a54ed60 refactor: Move aqua package under pkg/plugin (#426)
30b95b2 refactor: Move trivy package under pkg/plugin (#427)
62d47df refactor: Remove redundant args passed to configauditreport.Plugin (#432)
0c9cf08 refactor: Separate kube-bench -specific code (#405)
3892722 refactor: Use factory to instantiate ConfigAuditReport plugins (#418)
9aa35b1 refactor: kubebench.ReadWriter to use controller-runtime Client (#399)
1bb07be refactor: vulnerabilityreport.ReadWriter to use controller-runtime Client (#403)

Docker images

  • docker pull docker.io/aquasec/starboard:0.10.0
  • docker pull public.ecr.aws/aquasecurity/starboard:0.10.0
  • docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.0
  • docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.0
  • docker pull docker.io/aquasec/starboard-operator:0.10.0
  • docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.0
Check out latest releases or
releases around aquasecurity/starboard v0.10.0

Don't miss a new starboard release

NewReleases is sending notifications on new releases.

Get notifications