Kubescape is an E2E Kubernetes cluster security platform
What's Changed
- refactor(templates): remove redundant GOMAXPROCS by @Maximus-08 in #822
- ArgoCD GitOps Support for Kubescape Helm by @lyuval-armosec in #825
- feat: add artifact provenance attestation for Helm chart releases by @matthyx in #828
- feat: GOMEMLIMIT at 80% of memory limit for node-agent + kubevuln by @slashben in #827
- feat: add profileDataRequired field to rules CRD for rule-aware projection by @matthyx in #829
- Replace host sensor with node agent sensing by @Bezbran in #773
- prepare new release by @matthyx in #830
- kubescape/kubescape@v3.0.48...v4.0.6
- Replace host sensor with node agent sensing by @Bezbran in kubescape/kubescape#1916
- run system test from private repo by @bvolovat in kubescape/kubescape#1935
- fix all linter errors by @matthyx in kubescape/kubescape#1936
- add verbose option to scan-images by @matthyx in kubescape/kubescape#1932
- Fix broken README table of contents anchor links by @Mujib-Ahasan in kubescape/kubescape#1931
- build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1 by @dependabot[bot] in kubescape/kubescape#1937
- Add krew plugin manifest by @matthyx in kubescape/kubescape#1934
- feat: Optimize CPU and Memory Usage for Resource-Intensive Scans by @matthyx in kubescape/kubescape#1939
- fix isRuleKubescapeVersionCompatible bug with version 4.0.0 by @matthyx in kubescape/kubescape#1941
- Pass tag for the runtime version by @lpmi-13 in kubescape/kubescape#1944
- build(deps): Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5 by @dependabot[bot] in kubescape/kubescape#1945
- build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in kubescape/kubescape#1948
- feat: new flag
--grype-db-urladded to overload the url inkubescape scancommand by @Mujib-Ahasan in kubescape/kubescape#1949 - build(deps): Bump google.golang.org/grpc from 1.78.0 to 1.79.3 by @dependabot[bot] in kubescape/kubescape#1952
- build(deps): Bump golang.org/x/image from 0.25.0 to 0.38.0 by @dependabot[bot] in kubescape/kubescape#1954
- build(deps): Bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 by @dependabot[bot] in kubescape/kubescape#1957
- build(deps): Bump github.com/cilium/cilium from 1.16.17 to 1.17.14 by @dependabot[bot] in kubescape/kubescape#1956
- build(deps): Bump github.com/go-git/go-git/v5 from 5.16.5 to 5.17.1 by @dependabot[bot] in kubescape/kubescape#1955
- fix: duplicate flags removed from image.go by @Mujib-Ahasan in kubescape/kubescape#1962
- Fix: handle error from
NormalizeImageNamein patch command by @Mujib-Ahasan in kubescape/kubescape#1965 - build(deps): Bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in kubescape/kubescape#1966
- build(deps): Bump helm.sh/helm/v3 from 3.18.5 to 3.20.2 by @dependabot[bot] in kubescape/kubescape#1968
- build(deps): Bump github.com/hashicorp/go-getter from 1.7.9 to 1.8.6 by @dependabot[bot] in kubescape/kubescape#1967
- build(deps): Bump github.com/sigstore/timestamp-authority/v2 from 2.0.4 to 2.0.6 by @dependabot[bot] in kubescape/kubescape#1969
- build(deps): Bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1970
- build(deps): Bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.97.1 to 1.97.3 by @dependabot[bot] in kubescape/kubescape#1971
- build(deps): Bump go.opentelemetry.io/otel/sdk from 1.42.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1972
- build(deps): Bump github.com/moby/buildkit from 0.26.1 to 0.28.1 by @dependabot[bot] in kubescape/kubescape#1958
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetrichttp from 1.38.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1973
- build(deps): Bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp from 1.39.0 to 1.43.0 by @dependabot[bot] in kubescape/kubescape#1974
- use go-logger v0.0.28 by @matthyx in kubescape/kubescape#1977
- build(deps): Bump github.com/moby/spdystream from 0.5.0 to 0.5.1 by @dependabot[bot] in kubescape/kubescape#1978
- fix(image-scan): normalize vulnerability exceptions across casings by @raajheshkannaa in kubescape/kubescape#1979
- test(image-scan): add all-lowercase CVE ID test case by @matthyx in kubescape/kubescape#1980
- build(deps): Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 by @dependabot[bot] in kubescape/kubescape#1981
- Preserve cluster-scoped rule results when
--include-namespacesis set by @Copilot in kubescape/kubescape#1986 - Enable Helm-backed Kustomize rendering in local resource loading by @Copilot in kubescape/kubescape#1985
- docs: clarify how Kubescape detects Helm vs Kustomize directories by @ivaresarthak-cloud in kubescape/kubescape#1991
- fix(opaprocessor): eliminate false negatives when OPA rule evaluation fails by @Sanchit2662 in kubescape/kubescape#1987
- fix host scans with data retrieved from the CRDs by @matthyx in kubescape/kubescape#1990
- stop logging raw scan request bodies by @matthyx in kubescape/kubescape#1993
- remove dead helm-template source-mapping code by @yugal07 in kubescape/kubescape#1995
- fix: prevent nil map assignment panic in APIServerStore by @pulkitvats2007-crypto in kubescape/kubescape#1999
- fix(opaprocessor): propagate OPA eval errors instead of silently dropping resources by @Sanchit2662 in kubescape/kubescape#1992
- fix(resourcehandler): recognize ErrCloudDescribeUnavailable as non-fatal by @yugal07 in kubescape/kubescape#2003
- fix: apply cluster-scoped exceptions to manual controls by @RohanKaran in kubescape/kubescape#1994
- Fix/surface partial resource collection errors by @Sanchit2662 in kubescape/kubescape#1997
- fix(httphandler): use unique temp file for per-request exceptions by @yugal07 in kubescape/kubescape#2009
- test(resourcehandler): add tests for partial GVR collection failure and InfoMap propagation by @Sanchit2662 in kubescape/kubescape#2011
- test(resourcehandler): ensure scan integrity by verifying surfaced API pull errors by @pulkitvats2007-crypto in kubescape/kubescape#2012
- fix(portforwarder): surface ForwardPorts error and unblock waitForPortForwardReadiness by @SAY-5 in kubescape/kubescape#2016
- feat(cautils): populate scanMetadata excluded/include namespaces by @Sanchit2662 in kubescape/kubescape#2015
- Feat/helm values overrides scan by @yugal07 in kubescape/kubescape#2013
- fix: prevent goroutine leak in copaPatch on timeout by @Varadraj75 in kubescape/kubescape#2027
- test: mock GitHub API calls and restore repository scanner tests by @Kayd-06 in kubescape/kubescape#2025
- kubescape/kubevuln@v0.3.132...v0.3.136
- chore(deps): Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 by @dependabot[bot] in kubescape/kubevuln#354
- perf: switch to kubescape/syft v1.32.0-ks.2 + disable file catalogers by @slashben in kubescape/kubevuln#355
- fixing a FIXME by @yugal07 in kubescape/kubevuln#356
- add debug log for grype DB url by @matthyx in kubescape/kubevuln#357
- kubescape/node-agent@v0.3.94...v0.3.111
- Chore(deps): Bump github.com/go-git/go-git/v5 from 5.17.1 to 5.18.0 by @dependabot[bot] in kubescape/node-agent#783
- chore: validate NAUT-1252 memory optimizations (go.mod replace directives) by @matthyx in kubescape/node-agent#786
- fix iouring CO-RE relocation by @YakirOren in kubescape/node-agent#741
- Feature/cel const folding by @YakirOren in kubescape/node-agent#789
- Chore(deps): Bump github.com/Azure/go-ntlmssp from 0.0.0-20221128193559-754e69321358 to 0.1.1 by @dependabot[bot] in kubescape/node-agent#790
- reduce per-event work in rule manager hot path by @YakirOren in kubescape/node-agent#794
- drop HttpRequestAccessor wrapper from request field access by @YakirOren in kubescape/node-agent#796
- reduce per-call allocations in CEL FieldGetters by @YakirOren in kubescape/node-agent#795
- add process-name exclude prefilter options by @YakirOren in kubescape/node-agent#784
- Replace AP and NN cache with CP by @matthyx in kubescape/node-agent#788
- feat: extract client CA file from kubelet config YAML and enhance service file handling by @matthyx in kubescape/node-agent#791
- add learning period label to TS CPs by @matthyx in kubescape/node-agent#797
- perf: switch to kubescape/syft v1.32.0-ks.2 + disable file catalogers by @slashben in kubescape/node-agent#798
- fix: record exec path symmetric with rule-side resolver (fexecve/AT_EMPTY_PATH) by @slashben in kubescape/node-agent#800
- implement Rule-Aware Profile Projection by @matthyx in kubescape/node-agent#799
- kubescape/operator@v0.2.140...v0.2.141
- feat(autoscaler): compute GOMEMLIMIT per node group by @slashben in kubescape/operator#370
- kubescape/storage@v0.0.272...v0.0.274
- fix(cleanup): enhance pod deletion logic and add tests for standalone pods by @matthyx in kubescape/storage#317
Full Changelog: kubescape-operator-1.30.7...kubescape-operator-1.40.0