github sse-secure-systems/connaisseur v3.4.0
on GitHub

one month ago

Connaisseur v3.4.0

Big news: We are switching programming languages from Python to Golang! 🎉💯
See #1513

Notable features

  • The policy rules now support a with.mode option that can be set to mutate or insecureValidateOnly, allowing the mutation of the image reference to be toggled on and off (the default is mutate, meaning references will be mutated; the alternative is considered insecure since it implies that while a trusted image is available, its use is not guaranteed 🤷).
  • A caching mechanism in the form of a Redis key-value store now stores the results of a validation for 30 seconds.
  • A new feature flag, resourceValidationMode, with supported values all and podsOnly. all is the default, causing Connaisseur to block all resources if they fail validation and mutate them if they pass. podsOnly will still validate all resources but only block and mutate Pod resources, while others are passed through with a warning (similar to PSA). This enhances compatibility with GitOps solutions like ArgoCD by preventing diffs on each reconciliation.
  • Notary now supports all TUF compliant keys.
  • Setting the with.trustRoot to * for a policy is now supported across all validators, allowing AND conjunctions for all defined trust roots within a validator.
  • Custom labels can be added (thanks to @jimonthebarn)
Check out latest releases or
releases around sse-secure-systems/connaisseur v3.4.0

Don't miss a new connaisseur release

NewReleases is sending notifications on new releases.

Get notifications