image-factory 1.3.0 (2026-05-08)
Welcome to the v1.3.0 release of image-factory!
Please try out the release binaries and report any issues at
https://github.com/siderolabs/image-factory/issues.
Vulnerability Scanner
Image Factory now includes a built-in vulnerability scanner that automatically scans the images for known vulnerabilities after the build process.
This feature helps users identify and address security issues in their images before deployment.
Note: This feature is enterprise-only and is subject to the BUSL-1.1 license.
VEX Support
Image Factory now supports VEX (Vulnerability Exploitability eXchange) documents, allowing users to associate vulnerability information with their schematics.
This feature enables better tracking and management of vulnerabilities in the images created with Image Factory.
Note: This feature is enterprise-only and is subject to the BUSL-1.1 license.
Contributors
- Mateusz Urbanek
- Orzelius
- Utku Ozdemir
Changes
7 commits
41d3947release(v1.3.0): prepare releaseae3ed04feat: add enterprise features with Helm chart support3fb0f96feat(enterprise): add vulnerability scanning endpoint92209b6feat: return normalized schematic on creationba2a46dfeat(enterprise): implement VEX endpoint9b40156feat: show schematic-id url parameter on the final wizard step114bb60fix(spdx): use configured external URL in document namespace
Changes from siderolabs/go-vex
3 commits
7076424feat: add vulnerability scanning with Grypecb3a5bcdocs: add go-vex library documentationfd0fd5efeat: initial implementation of go-vex library
Dependency Changes
- github.com/anchore/clio v0.1.0 new
- github.com/anchore/grype v0.112.0 new
- github.com/anchore/syft v1.44.0 new
- github.com/siderolabs/go-vex 70764247d873 new
Previous release can be found at v1.2.0