stackrox/stackrox 3.68.0

on GitHub

What's Changed (autogenerated)

• Skip flakey Violation tags e2e tests by @vjwilson in #19
• Fix default Helm debug path by @SimonBaeumer in #33
• ROX-8261 + ROX-8263 + ROX-8264 + ROX-8265 + ROX-8564: Added the approved false positives table by @sachaudh in #20
• ROX-8471: Backend.LoginURL() to return error by @0x656b694d in #25
• Supply policy detector to sensor deployment reprocessor by @md2119 in #38
• Adding a helper function to derive scope queries for graphql based queries for vulnerability reporting by @clickboo in #14
• ROX-8515: Verify no privilege escalation when generating APIToken by @ivan-degtiarenko in #17
• ROX-8515: Cosmetic changes to API token privilege escalation check + test by @ivan-degtiarenko in #46
• Fix additional CA secret namespace by @SimonBaeumer in #35
• ROX-8643: Move metadata.tpl to shared directory by @SimonBaeumer in #34
• Bump @types/node from 16.11.6 to 16.11.12 in /ui by @dependabot in #45
• Bump js-base64 from 3.6.1 to 3.7.2 in /ui by @dependabot in #7
• RS-370: Pull up collector full/slim image values to meta template by @fredrb in #21
• RS-371: Type MetaVals strongly - round 1 by @msugakov in #24
• ROX-8628: Show notifier name instead of id in policies table cell by @pedrottimark in #36
• Fix TestScopeQueries unit test by @md2119 in #53
• Bump d3-brush from 2.1.0 to 3.0.0 in /ui by @dependabot in #50
• Remove Access Control classic folder from UI as it is unused by @ivan-degtiarenko in #51
• fix: TestErrorWriter by @janisz in #55
• [ROX-8696][ROX-8724] Ensure sensor and admission controller reprocesses deployments on vuln events by @md2119 in #41
• Fix failing AdmissionControllerTest by @md2119 in #59
• Attempt 2: Fix Admissioncontrollertest by @md2119 in #61
• ROX-8368: Adding Step 2 Policy behavior form to PF Policy Wizard by @alwayshooin in #47
• Fix README links to stackrox repo by @SimonBaeumer in #63
• ROX-8730: Fix the loopclosure bug in tests and improve consistency by @porridge in #48
• RS-341: Retag stackrox.io collector and scanner images with main version by @vikin91 in #27
• Add a check that prevents some targets from running in CI. by @porridge in #67
• ROX-8656: Implement colors in standard output by @janisz in #37
• ROX-8430: Add resource scope selection for report form by @vjwilson in #56
• Adding support to save the scope hierarchy in the Context object by @clickboo in #72
• ROX-8736: roxctl - don't retry on policy enforcement failure by @ivan-degtiarenko in #66
• ROX-8431: Add basic select existing notifier and freeform audience list by @vjwilson in #42
• Change to an established environment variable. by @porridge in #78
• roxctl deployment check - display remediation for broken policy by @ivan-degtiarenko in #75
• ROX-8730: gosec: enable implicit memory aliasing in for loop by @janisz in #81
• ROX-8486: Skip the mitre check by @gavin-stackrox in #77
• Bump rest-assured from 2.4.1 to 2.9.0 in /qa-tests-backend by @dependabot in #2
• move tools to a separated go.mods by @janisz in #83
• ROX-8743: Adding policy field keys in PF BPL section by @alwayshooin in #88
• Assert os.ErrOut within roxctl tests for image check / scan & deployment check by @ivan-degtiarenko in #82
• Fix circle CI badge in README by @SimonBaeumer in #58
• ROX-8742: Include executable dependent component by @c-du in #74
• ROX-8045 Validate CRs in operator test suite by @mtesseract in #26
• ROX-8663: Generalize scripts by @0x656b694d in #71
• Update rox-ci-image to apollo-ci:0.3.20 by @roxbot in #79
• RS-372: Define more attributes as [< required >] in *.htpl files by @msugakov in #64
• Removed unused code in a policy check by @rukletsov in #100
• [ROX-8741] Ensure brand new images are enriched with vuln snooze state by @md2119 in #69
• Push k8s artifacts during upgrade tests by @msugakov in #102
• Ensure ImageCVEEdge options map is removed from Image options map by @md2119 in #89
• refactoring: Risk Acceptance Improvements by @sachaudh in #87
• ROX-8750: Change VerifyServiceCert arguments to match its purpose. by @porridge in #96
• ROX-8024: Create policy field for automountServiceAccountToken deployment parameter by @rhybrillou in #29
• ROX-8448: get available auth provider types from backend instead of hard-coded value by @ivan-degtiarenko in #28
• RS-384: enhance deployer test by @fredrb in #93
• RS-369: move artifacts to GCS by @gavin-stackrox in #44
• ROX-8244: Adding pagination to pending approvals table by @sachaudh in #91
• ROX-8709: Use the correct context in the Vulns and VulnCount resolvers in image component by @clickboo in #94
• [ROX-8767] Ensure that the correct image cache key is being used in sensor by @md2119 in #113
• Update go.mod to latest scanner by @theencee in #107
• Write new vuln state field when writing images by @md2119 in #115
• ROX-8266 + ROX-8217: Added GraphQL call for Observed CVEs table and pagination by @sachaudh in #92
• ROX-8434: View report page title with report name by @vjwilson in #108
• RS-374: Remove echoed secret by @gavin-stackrox in #112
• ROX-8676: CI: Fix EKS provisioning by @gavin-stackrox in #117
• ROX-8745: Bump CSV patch timeout to help with flakes. by @porridge in #95
• ROX-8543: handle jagged array in junit printer by @janisz in #111
• ROX-8702: do not display user e-mail if empty by @ivan-degtiarenko in #98
• ROX-7571: Configure linter to create an error when comment does not start with a space by @janisz in #85
• ROX-8775: Create default policy to detect log4shell CVE by @theencee in #129
• ROX-8773: Fix webhook validation for Teams integration by @vjwilson in #130
• ROX-8668: Expire "When Fixable" Deferrals when CVE is fixable by @theencee in #15
• [ROX-8781] Add linked query support for image-cve edge by @md2119 in #127
• CI: Fix build for race-condition-debug tests by @gavin-stackrox in #140
• Fix bundle renderer tests on local machine by @SimonBaeumer in #123
• ROX-8543: Enable JUnit printer for image / deployment check by @janisz in #126
• Update rox-ci-image by @roxbot in #84
• Only cache vuln requests that are approved and active on startup by @theencee in #142
• ROX-8071: GraphQL resolver for the vulnerability request state under the EmbeddedVulnerability GraphQL object by @theencee in #106
• Update PatternFly 2021.16 dependencies in UI by @pedrottimark in #125
• ROX-8419: Wiring up creating a new report by @vjwilson in #136
• ROX-8526-8527: Add validation for policy wizard steps 1 and 2 by @pedrottimark in #118
• Get rid of buildConfigFileOverridesMap as unused by @msugakov in #128
• ROX-8670: IdentityFromContext() error propagation by @ivan-degtiarenko in #18
• ROX-8580: Move Scanner manifests to shared helm directory by @SimonBaeumer in #31
• ROX-7996: Switch to upstream helm operator ValueTranslator implementation. by @porridge in #149
• Fix broken master: right amount of return values for IdentityFromContext() by @ivan-degtiarenko in #152
• ROX-8361: Add MitreAttackVectorsFormSection to policies wizard step 1 by @pedrottimark in #105
• style-checks: Fix comment style in test by @ivan-degtiarenko in #154
• [ROX-8805] Ensure vulns searched by "CVE Snoozed" include vulns from new workflow by @md2119 in #148
• [ROX-8724] Handle snooze cases when no affected deployments are found in db by @md2119 in #103
• Update sync release branch script to look at stackrox/stackrox by @viswajithiii in #133
• ROX-8748: GraphQL resolver for vulnerabilityRequestsCount by @theencee in #141
• Rewrite validate imports as an analyzer by @viswajithiii in #156
• CI: fix 4.6 provision for operator tests by @gavin-stackrox in #160
• RS-376: Refactor to allow configurable default image values by @fredrb in #65
• ROX-8130: Introduce ephemeral certs by @porridge in #120
• ROX-8788: Fix Image Overview crash on browser back by @vjwilson in #151
• fix: show risk acceptance if risk acceptance feature flag is on by @sachaudh in #153
• ROX-8820: operator: bind pip and setuptools versions in Makefile by @janisz in #169
• ci: fallback to goproxy.io on proxy.golang.org error by @janisz in #164
• RS-401: Use distinct collector full/slim names by @fredrb in #167
• CI: reduce resource usage by @gavin-stackrox in #159
• Fix E2E test's proto-generated-srcs when running on M1 Macs by @theencee in #172
• ROX-8792 - Consolidate scanner Helm config shape in shared directory by @SimonBaeumer in #150
• Fix the envtest target. by @porridge in #161
• ROX-8130: Validation of operator-issued init bundle certs in Central. by @porridge in #121
• ROX-7197: explicitly return nil and log when service account is missing for the deployment by @janisz in #144
• Adding PF Policies BPL Cards and using react-dnd by @alwayshooin in #143
• ROX-7251: use cached controller-runtime client by @porridge in #175
• Add a minimal .editorconfig file for tabs in Makefiles. by @porridge in #189
• ROX-8759: Move scanner config to Helm shared directory by @SimonBaeumer in #179
• ROX-7807: Fix Anchore scanner test flakiness by @gavin-stackrox in #185
• ROX-8266 + ROX-8226: Added GraphQL API for getting deferred CVEs data and added pagination by @sachaudh in #131
• ROX-8821: Fix upgrade tests by @vikin91 in #180
• Automatically label PRs based on changed files by @dhaus67 in #177
• Automatically assign teams as reviewer based on files changed within a PR by @dhaus67 in #191
• ROX-8130 Make Central operator issue init bundle if a SecuredCluster is present in the same namespace by @porridge in #97
• Remove unnecessary function by @SimonBaeumer in #199
• Fix build due to previous code refactoring by @SimonBaeumer in #203
• Add more areas to github labeler by @SimonBaeumer in #201
• Label PRs on more events via GitHub Actions by @dhaus67 in #196
• Use correct syntax within CODEOWNERS file by @dhaus67 in #198
• ROX-8306 enable azure tests by @sbostick in #170
• RS-386: Add parameter --image-defaults to roxctl helm output by @vikin91 in #168
• Basic E2E test for Vuln Management that tests state transitions by @theencee in #173
• RS-383: deployer support flavors by @fredrb in #176
• RS-348: additional central tests by @fredrb in #181
• RS-385: refactor .sh part of templates by @msugakov in #104
• dependabot: fix linters path by @janisz in #207
• Rely on operator to provision init bundle automatically in securedcluster e2e test. by @porridge in #215
• ROX-8778: Allow disabling SELinux opts and change container runtime for collector in Helm by @juanrh in #208
• Race condition in datastore test. by @0x656b694d in #202
• Add vuln_req bucket to rocksdb dump tool by @connorgorman in #210
• Remove unused bolthelper code by @connorgorman in #221
• Add generic walker by @connorgorman in #57
• ROX-8297,ROX-8296: Querying report data and notification email. by @clickboo in #22
• ROX-8584 remove alt download feature flag by @Stringy in #52
• ROX-8729: Generate local scanner TLS certificates in Central by @juanrh in #211
• Pin pip and setuptools to newer versions taken from pypi.org by @msugakov in #217
• Move internal comment to meta template so it is not visible in charts by @juanrh in #224
• ROX-8436: Show details of report in readonly view by @vjwilson in #193
• ROX-8449: AWS ECR integration should support AssumeRole by @keyallis in #73
• Bump fabric8Version from 5.7.0 to 5.10.1 in /qa-tests-backend by @dependabot in #86
• Bump splunk/splunk from 6.6.0 to 8.2.4 in /ci/splunk by @dependabot in #212
• Update go-grpc-http1 to 0.2.4 by @RTann in #229
• ROX-8366: Adding Policy Criteria Cards in BPL Section in PF by @alwayshooin in #204
• ROX-8449: Fix for CI Pipeline issue introduced in #73 by @keyallis in #230
• Ensure image risk is reprocessed on vuln req events by @md2119 in #183
• Fix graphql query to get the image name unmarshalled correctly. by @clickboo in #231
• Derive embedded vuln state from image-cve edge by @md2119 in #235
• ROX-8812: Update Log4Shell Policy's description and criteria to reflect new findings by @theencee in #155
• Bump com.google.protobuf from 0.8.17 to 0.8.18 in /qa-tests-backend by @dependabot in #227
• ROX-8413: Row action to delete specific report by @vjwilson in #225
• Revert "Ensure image risk is reprocessed on vuln req events (#183)" by @md2119 in #238
• Add isSVG prop to occurrences of PatternFly Spinner element by @pedrottimark in #244
• [ROX-8898] Make user name searchable in vuln requests by @md2119 in #250
• [ROX-8898] Migrate CVE Suppressed to Vulnerability State by @md2119 in #249
• ROX-8827: Add conditional logic for showing risk acceptance actions based on permissions by @sachaudh in #205
• RS-352: Allow empty image names in roxctl sensor generate by @0x656b694d in #162
• ROX-8802: Migrate printers to a shared location by @dhaus67 in #243
• RS-382: Use main version number for collector and scanner by @vikin91 in #200
• Make sure inithooks script fails if realpath is not found by @mtesseract in #220
• Fix monitoring deployment script by @connorgorman in #246
• ROX-8796: Refactor cluster delete to use Environment by @stehessel in #234
• Style fix. by @0x656b694d in #256
• Revert "Revert "Ensure image risk is reprocessed on vuln req events (… by @md2119 in #252
• ROX-8366 PF BPL nested fields by @alwayshooin in #247
• ROX-8372: Create ReviewPolicyForm (Step 5 of Wizard) by @pedrottimark in #240
• [ROX-8694] Add vuln req perms to those with write image perms by @md2119 in #251
• ROX-8828: Change Snooze to Defer and Approve by @sachaudh in #258
• Expire requests when denied by @md2119 in #263
• update scanner version for updated proto path by @RTann in #232
• dependabot: remove splunk image from updates by @janisz in #206
• Specify image for CI machine executor by @roxbot in #269
• Speed up go generate by @viswajithiii in #137
• Fix semantic merge conflict in generated file by @viswajithiii in #279
• ROX-8901+ROX-8902+ROX-8903: Risk Acceptance bug fixes by @sachaudh in #257
• ROX-8412: Allow triggering edit mode for existing report by @vjwilson in #264
• Replace specific code with generic usePermissions hook in Policies by @pedrottimark in #280
• Use docker registry catalog API results to filter registry matches by @connorgorman in #242
• ROX-7564: gRPC interceptors to panic on ErrInvariantViolation in dev builds by @ivan-degtiarenko in #254
• RS-391: Add Bats tests for roxctl central generate by @vikin91 in #110
• RS-378: use ROX_IMAGE_FLAVOR environment variable to set flavor by @fredrb in #223
• Make main, scanner, scanner-db images configurable in central chart by @fredrb in #284
• Bump github.com/prometheus/common from 0.30.0 to 0.32.1 by @dependabot in #272
• Fix featureflag check in helmtemplate ignore by @SimonBaeumer in #270
• Unignore //lint:file-ignore SA4006 for *_easyjson.go files by @msugakov in #283
• Replace Descriptor with type union for Policy criteria by @pedrottimark in #266
• Groovy script refactor and documentation by @gavin-stackrox in #281
• [ROX-8925] Move migrations behind feature flag by @md2119 in #292
• RS-413: Use job links in artifact location helper by @gavin-stackrox in #293
• [ROX-8930] Add sleep when vuln req are undone in tests by @md2119 in #291
• ROX-8370: Adding Step 4 for Policy Form in PF by @alwayshooin in #290
• Fix roxctl bats output location by @dhaus67 in #289
• Just mark the deployment for reprocessing instead of forcing scan rightaway by @md2119 in #296
• ROX-8906: AssumeRole AWS ECR Integration tests by @keyallis in #261
• Try fix race-contidion-tests by @msugakov in #285
• Update rox-ci-image to v0.3.23 fixing the cci-export by @roxbot in #241
• ROX-8783: Disable editing the cluster configuration in the StackRox UI for Helm-based installations by @juanrh in #163
• Ensure to images from cache having keys with no ID are also being flushed by @md2119 in #304
• ROX-8905: Miscellaneous fixes in report contents and report email formatting. by @clickboo in #259
• ROX-8784: Remove Helm release revision from configuration fingerprint by @juanrh in #165
• RS-383: follow up refactor by @fredrb in #209
• RS-405 roxctl central generate image defaults by @vikin91 in #245
• Bump fabric8Version from 5.10.1 to 5.11.2 in /qa-tests-backend by @dependabot in #271
• Typo in helm template by @0x656b694d in #298
• Rewrite DeploymentsService in TypeScript by @pedrottimark in #303
• ROX-8414: Allow user to run specific report by @vjwilson in #294
• Reduce lock time for scannderdefinitions update by @RTann in #158
• fix: don't show expired vuln requests in the image findings section by @sachaudh in #282
• Making BPL section inputs disabled for Policy Overview by @alwayshooin in #295
• Revert Bump fabric8Version from 5.10.1 to 5.11.2 in /qa-tests-backend by @msugakov in #316
• ROX-8242: Search filter for Pending Approvals by @sachaudh in #315
• Bump github.com/dave/jennifer from 1.4.1 to 1.5.0 by @dependabot in #274
• Minor optimizations, fixing a bug with posting report configs by @clickboo in #322
• Update PUT url for report configuration by @vjwilson in #319
• Upgrade cypress 9.2.1 devDependencies in ui by @pedrottimark in #320
• ROX-8961: Mention the automatic init bundle creation in operator docs. by @porridge in #328
• ROX-8936: Fix Central panic in nightly tests and other CI fixes by @msugakov in #300
• ROX-8790: Create gRPC endpoint to generate Scanner certificate by @juanrh in #219
• Add deployments to reprocessing pipeline on vuln req events by @md2119 in #333
• ROX-8965: Add scanner slim image flavors by @SimonBaeumer in #331
• ROX-8252: Search filter for Approved Deferrals by @sachaudh in #318
• Revert "Bump github.com/dave/jennifer from 1.4.1 to 1.5.0 (#274)" by @msugakov in #334
• ROX-8258: Search filter for Approved False Positives by @sachaudh in #321
• Remove recompile step from debug helm chart script by @SimonBaeumer in #327
• RS-380: Introduce RHACS flavor by @fredrb in #275
• Revert "ROX-8961: Mention the automatic init bundle creation in operator docs." by @porridge in #343
• ROX-8406: Getting pagination working for reports table by @alwayshooin in #338
• RS-380: set ImagePullSecrets.AllowNone = true for Operator by @fredrb in #344
• ROX-8770: return suggested rule attributes for auth provider by @ivan-degtiarenko in #145
• Restore central debugging, improve CI experience by @msugakov in #330
• fix: risk acceptance bug fixes by @sachaudh in #326
• Ensure that the vulnerability states are updated as effective vuln state by @md2119 in #351
• ROX-8973: Make Vulnerability Request ID searchable by @theencee in #335
• ROX-8904: Add UX for sharing link to pending request by @sachaudh in #352
• Vulnerability Request sub-resolver for vulns by @md2119 in #354
• Bump collector version to 3.6.0 by @robbycochran in #339
• RS-379 strong typing of MetaValues by @lvalerom in #255
• ROX-8963: Return 'central.stackrox:443' as the default central endpoint by @0x656b694d in #329
• Assert that manually created init bundle is not deleted. by @porridge in #340
• ROX-8406: Search params in URL for reports list page by @vjwilson in #337
• Proto definition for signature integration by @dhaus67 in #317
• ROX-8931 set ROX_IMAGE_FLAVOR in development by @lvalerom in #309
• Write exportPolicy integration test for PatternFly by @pedrottimark in #353
• ROX-8703: fixes 500 errors for missing kernel probes by @Stringy in #342
• ROX-8406: UI filter for Report table by @vjwilson in #362
• Move -rhel8 to the proper place for rhacs images by @msugakov in #359
• ROX-7233: Notifier trigger on all runtime events by @keyallis in #306
• Enable Vulnerability Risk Management feature by @md2119 in #307
• ROX-9005,ROX-9006,ROX-9007: Fix indexing of the image cve edges, fix since last report query, fix empty report email contents by @clickboo in #325
• fix: risk acceptance bug fixes by @sachaudh in #355
• ROX-8983: Limit height of watched image list and add scrolling, review by @vjwilson in #365
• [ROX-8544] UI for vuln req retention system configuration by @md2119 in #368
• Fix make target for circleci validate by @gavin-stackrox in #369
• RS-380: Leftover: enable tests to run on rhacs flavor by @fredrb in #363
• Update Scanner version for pre-68 testing by @RTann in #370
• Nil vuln requests shouldn't cause errors in GraphQL resolver by @md2119 in #372
• run diagnostic first by @gavin-stackrox in #373
• Cache pending vuln requests by @md2119 in #374
• Fixing console errors for PF policies page by @alwayshooin in #371
• ROX-8948: Add modal for showing image in deferral request by @vjwilson in #377
• Turning on the vulnerability report feature flag ROX_VULN_REPORTING by @clickboo in #367
• ROX-8170, ROX-8171: Show Inactive state and state on nested CVE table in Active VM flow by @vjwilson in #378
• Add a rate limit on ScanImageInternal in central by @connorgorman in #267
• Respect MAIN_IMAGE_TAG in ensure-rox-image script by @SimonBaeumer in #347
• Update CHANGELOG.md in prep for 68.0 release by @vikin91 in #382
• ROX-9023: disable init bundle generation for release 3.68 by @porridge in #392

New Contributors

• @mtesseract made their first contribution in #26
• @rhybrillou made their first contribution in #29
• @sbostick made their first contribution in #170
• @Stringy made their first contribution in #52
• @lvalerom made their first contribution in #255

Full Changelog: https://github.com/stackrox/stackrox/commits/3.68.0