Releases: aquasecurity/trivy-operator
Releases · aquasecurity/trivy-operator
v0.1.5-rc
v0.1.4
Discussions
Changelog
- f099f7f Add missing GHCR template in goreleaser configuration (#309)
- a8dd0da Also publish container images to GHCR (#293)
- e475610 Enable gosec for security linting (#294)
- e2ebe23 Pass GitHub token to snapshot workflow's goreleaser action (#292)
- 38d04cd Prepare k8s 1.25 support (#324)
- 382c530 Revert "Revert "chore: disable caching of secrets and serviceaccounts (#276)" (#329)" (#333)
- 88bf642 Revert "chore: disable caching of secrets and serviceaccounts (#276)" (#329)
- e46cc25 Unit test TTLReportReconciler controller (#330)
- 8116f67 build(deps): bump github.com/aquasecurity/defsec from 0.68.9 to 0.68.10 (#346)
- d551e64 build(deps): bump k8s.io/client-go from 0.24.2 to 0.24.3 (#347)
- c7496eb chore: bump trivy version 0.30.0 (#342)
- df4e1ff chore: dead code cleanup (#312)
- 86a99da chore: delete dead code (#284)
- 519d9fe chore: disable caching of secrets and serviceaccounts (#276)
- 4888a72 chore: generate ClusterRole from RBAC markers (#215)
- 8fbd3f7 chore: operator ClusterRole as static file (#304)
- a2e350c chore: remove nodes RBAC permissions from clusterrole (#310)
- 083ed1f chore: remove some generated/deduced files (#325)
- 94e5fc6 chore: use controller-gen to generate CRDs from Go markers (#279)
- 661a31e feat: ability to add additional labels to serviceMonitor (#316)
- 1a00baf fix: config and rbac report should not regenerate the same report (#358)
- e095927 fix: remove unused field from RBAC assessments CRDs (#328)
- a04d5c4 fix: should not error when serviceaccount not found (#336)
- 2877172 fix: update policies not trigger rescan after operator startup (#353)
- 8c13605 fix: use upstream alpine 3.16.1 image (fix CVE-2022-2097) (#340)
- 8b38b18 refactor: fix imported package names shadowed in assignments (#322)
- f432b0a refactor: make code to read image pull secrets more readable (#280)
- eacdd88 refactor: move TTL controller to where it is used (#308)
- 4d61001 refactor: organize ClusterRole rules by resource (#317)
- 23b02c4 refactor: reorganize cat in update-static.yaml.sh (#307)
- 98675ff refactor: sort ClusterRole rules by apiGroups, resources (#321)
- 5773fc6 refactor: sort ClusterRole rules[].verbs (#323)
v0.1.4-rc
Changelog
- f099f7f Add missing GHCR template in goreleaser configuration (#309)
- a8dd0da Also publish container images to GHCR (#293)
- e475610 Enable gosec for security linting (#294)
- e2ebe23 Pass GitHub token to snapshot workflow's goreleaser action (#292)
- 38d04cd Prepare k8s 1.25 support (#324)
- 382c530 Revert "Revert "chore: disable caching of secrets and serviceaccounts (#276)" (#329)" (#333)
- 88bf642 Revert "chore: disable caching of secrets and serviceaccounts (#276)" (#329)
- e46cc25 Unit test TTLReportReconciler controller (#330)
- 8116f67 build(deps): bump github.com/aquasecurity/defsec from 0.68.9 to 0.68.10 (#346)
- d551e64 build(deps): bump k8s.io/client-go from 0.24.2 to 0.24.3 (#347)
- c7496eb chore: bump trivy version 0.30.0 (#342)
- df4e1ff chore: dead code cleanup (#312)
- 86a99da chore: delete dead code (#284)
- 519d9fe chore: disable caching of secrets and serviceaccounts (#276)
- 4888a72 chore: generate ClusterRole from RBAC markers (#215)
- 8fbd3f7 chore: operator ClusterRole as static file (#304)
- a2e350c chore: remove nodes RBAC permissions from clusterrole (#310)
- 083ed1f chore: remove some generated/deduced files (#325)
- 94e5fc6 chore: use controller-gen to generate CRDs from Go markers (#279)
- 661a31e feat: ability to add additional labels to serviceMonitor (#316)
- 1a00baf fix: config and rbac report should not regenerate the same report (#358)
- e095927 fix: remove unused field from RBAC assessments CRDs (#328)
- a04d5c4 fix: should not error when serviceaccount not found (#336)
- 2877172 fix: update policies not trigger rescan after operator startup (#353)
- 8c13605 fix: use upstream alpine 3.16.1 image (fix CVE-2022-2097) (#340)
- 8b38b18 refactor: fix imported package names shadowed in assignments (#322)
- f432b0a refactor: make code to read image pull secrets more readable (#280)
- eacdd88 refactor: move TTL controller to where it is used (#308)
- 4d61001 refactor: organize ClusterRole rules by resource (#317)
- 23b02c4 refactor: reorganize cat in update-static.yaml.sh (#307)
- 98675ff refactor: sort ClusterRole rules by apiGroups, resources (#321)
- 5773fc6 refactor: sort ClusterRole rules[].verbs (#323)
v0.1.3
Discussions
Changelog
- 949192b Add signatures and provenance to goreleaser configuration (#260)
- 669b661 Merge pull request #220 from josedonizetti/fix-flaky-test
- f809e01 Merge pull request #222 from josedonizetti/fix-release-md
- e68a3d1 Merge pull request #224 from josedonizetti/refactor-collector
- 048e5c5 Merge pull request #241 from aquasecurity/dependabot/go_modules/github.com/stretchr/testify-1.8.0
- 6a994d2 Merge pull request #242 from aquasecurity/dependabot/go_modules/github.com/aquasecurity/defsec-0.68.6
- cc9e7c9 Replace code-generator with controller-gen (#209)
- 6ac11dc Use explicit permissions for release workflow (#289)
- 5cca701 build(deps): bump actions/setup-python from 4.0.0 to 4.1.0 (#281)
- 399afdf build(deps): bump github.com/aquasecurity/defsec from 0.68.5 to 0.68.6
- 57f73ad build(deps): bump github.com/aquasecurity/defsec from 0.68.6 to 0.68.9 (#282)
- 3f5fee6 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
- 0d892d7 build(deps): bump sigs.k8s.io/controller-runtime from 0.12.2 to 0.12.3 (#283)
- 3f4a238 chore: add ecr ubi8 amd64 image (#296)
- ca611bd chore: delete dead code (#273)
- 7adc1c7 chore: delete dead code (legacy configaudit scan-jobs) (#274)
- 5bc1f5d chore: delete unused consts (#277)
- 26026d4 chore: deploy images to ecr public repository (#255)
- 764f1ef chore: format CRDs with controller-gen list style (#259)
- a64f658 chore: make CI verify all generated is up-to-date (#271)
- 09071d6 chore: remove unused Helm chart values (#272)
- 0028abd chore: tighten RBAC; default leader election lock is now leases (#252)
- 6b72e81 chore: upgrade to Ginkgo v2 (#254)
- 5a67f8a chore: upgrade to Go 1.18 (#285)
- 37ffce9 feat/rbac risk assessment report support (#238)
- 69e9bb8 feat: pull scan job image from ghcr by default (#267)
- 89fe937 feat: rbac assessment metrics (#256)
- 56de514 fix: add missing trivy-operator labels to user-facing roles (#253)
- 740f55d fix: dbRepositoryInsecure param always return true (#246)
- c3eacd0 fix: deploy/static (#236)
- 4b70883 fix: getting imagePullSecrets should fail only if not exist in pod spec and service account (#270)
- c5bb5e3 fix: regenerate static resources (outdated) (#268)
- 9752a35 fix: report items closure (#257)
- d135871 fix: tighten RBAC; remove some unneeded cluster-wide permissions (#234)
- 790ffc2 fix: update rbac assesstment doc (#258)
- 60566c2 helm: add ServiceMonitor (#195)
- afb84c2 refactor: extract const collector.go
- 12f9122 rename the CRD files to match the controller-gen naming convention (#233)
- 0742e99 sort the yaml files alphabetically (#247)
v0.1.3-rc.2
v0.1.3-rc
Changelog
- 949192b Add signatures and provenance to goreleaser configuration (#260)
- 669b661 Merge pull request #220 from josedonizetti/fix-flaky-test
- f809e01 Merge pull request #222 from josedonizetti/fix-release-md
- e68a3d1 Merge pull request #224 from josedonizetti/refactor-collector
- 048e5c5 Merge pull request #241 from aquasecurity/dependabot/go_modules/github.com/stretchr/testify-1.8.0
- 6a994d2 Merge pull request #242 from aquasecurity/dependabot/go_modules/github.com/aquasecurity/defsec-0.68.6
- cc9e7c9 Replace code-generator with controller-gen (#209)
- 6ac11dc Use explicit permissions for release workflow (#289)
- 5cca701 build(deps): bump actions/setup-python from 4.0.0 to 4.1.0 (#281)
- 399afdf build(deps): bump github.com/aquasecurity/defsec from 0.68.5 to 0.68.6
- 57f73ad build(deps): bump github.com/aquasecurity/defsec from 0.68.6 to 0.68.9 (#282)
- 3f5fee6 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
- 0d892d7 build(deps): bump sigs.k8s.io/controller-runtime from 0.12.2 to 0.12.3 (#283)
- 3f4a238 chore: add ecr ubi8 amd64 image (#296)
- ca611bd chore: delete dead code (#273)
- 7adc1c7 chore: delete dead code (legacy configaudit scan-jobs) (#274)
- 5bc1f5d chore: delete unused consts (#277)
- 26026d4 chore: deploy images to ecr public repository (#255)
- 764f1ef chore: format CRDs with controller-gen list style (#259)
- a64f658 chore: make CI verify all generated is up-to-date (#271)
- 09071d6 chore: remove unused Helm chart values (#272)
- 0028abd chore: tighten RBAC; default leader election lock is now leases (#252)
- 6b72e81 chore: upgrade to Ginkgo v2 (#254)
- 5a67f8a chore: upgrade to Go 1.18 (#285)
- 37ffce9 feat/rbac risk assessment report support (#238)
- 69e9bb8 feat: pull scan job image from ghcr by default (#267)
- 89fe937 feat: rbac assessment metrics (#256)
- 56de514 fix: add missing trivy-operator labels to user-facing roles (#253)
- 740f55d fix: dbRepositoryInsecure param always return true (#246)
- c3eacd0 fix: deploy/static (#236)
- 4b70883 fix: getting imagePullSecrets should fail only if not exist in pod spec and service account (#270)
- c5bb5e3 fix: regenerate static resources (outdated) (#268)
- 9752a35 fix: report items closure (#257)
- d135871 fix: tighten RBAC; remove some unneeded cluster-wide permissions (#234)
- 790ffc2 fix: update rbac assesstment doc (#258)
- 60566c2 helm: add ServiceMonitor (#195)
- afb84c2 refactor: extract const collector.go
- 12f9122 rename the CRD files to match the controller-gen naming convention (#233)
- 0742e99 sort the yaml files alphabetically (#247)
v0.1.0
Discussions
Changelog
- 63a98e9 Merge pull request #223 from josedonizetti/prepare-release-0.1.0
- 20dae12 relase: prepare 0.1.0
- b4bdea5 Added Region support for ECR-Registry handling. (#186)
- dd7fed7 Merge pull request #115 from josedonizetti/add-opensecret-report
- ed03ca6 Merge pull request #130 from erikgb/config-audit-metrics
- 20f9ba3 Merge pull request #159 from aquasecurity/dependabot/go_modules/k8s.io/client-go-0.24.2
- 01cc7b5 Merge pull request #175 from erikgb/feat/add-aggregated-clusterrole
- 9164f4b Merge pull request #183 from josedonizetti/fix-documentation
- 3bc460c Merge pull request #198 from chen-keinan/fix/exposedsecretreports-missing-clusterrole
- 2f7df67 Merge pull request #210 from josedonizetti/exposedmetrics-prometheus
- 8691633 Merge pull request #211 from josedonizetti/add-basic-metrics-doc
- 8502d41 Merge pull request #213 from josedonizetti/fix-policies-template
- 65e32b5 Merge pull request #214 from josedonizetti/prepare-release-0.1.0-rc
- cc5cdd2 build(deps): bump github.com/aquasecurity/defsec from 0.68.2 to 0.68.3 (#172)
- fab3cfc build(deps): bump github.com/aquasecurity/defsec from 0.68.3 to 0.68.5 (#202)
- 0506985 build(deps): bump github.com/google/go-containerregistry (#200)
- a7c616d build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#162)
- 3019447 build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (#199)
- 65495ae build(deps): bump k8s.io/client-go from 0.24.1 to 0.24.2
- 5d2c28b build(deps): bump k8s.io/code-generator from 0.24.1 to 0.24.2 (#163)
- 35a7c3c build(deps): bump k8s.io/klog/v2 from 2.60.1 to 2.70.0 (#203)
- 858650e build(deps): bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.2 (#201)
- 5f7a700 chore: update deploy/static
- c2fa6b9 feat: add ConfigAuditReport summary metrics
- aede3c2 feat: add aggregated view clusterroles for default user-facing roles
- a8dea26 feat: add exposedsecrets metrics
- d54d0ab feat: add open secret crd
- 701749c feat: exposed secrets scanning
- 427228b feat: support builtin policies (#191)
- e798e73 fix: client server mode is not compatible with latest trivy (#190)
- 8afb0be fix: exposed secret resync
- 5ed0ca3 fix: exposedsecretreports are missing from trivy-operator clusterrole
- dbbc8f0 fix: fix labels on helm/template/policies.yaml
- 7515a5b fix: make OPERATOR_METRICS_FINDINGS_ENABLED configurable in Helm chart (#179)
- f8316c9 fix: plugin_test
- e0d0fe2 fix: re-gen static resources from Helm chart and update doc for doing it (#176)
- 7e5c57f fix: remove unknwon from exposed secrets
- c65ba9a fix: support insecure flag for download trivy-db (#169)
- 37bef5c fix: use correct env name in update-static.yaml.sh (#185)
- 693cb8b refacor: remove exposed secrets None
- 03c76f5 refactor: clean up methods not used
- 0c94c65 refactor: extract compareReports
- 8ac676c refactor: pkg/plugin/trivy
- 2f01594 refactor: remove exposed secrets TTL
- 965261d refactor: rename workload controller ReadWriter
- c2ae8bf refactor: vulnerabilityreport/controller
- fbbe9a8 Merge pull request #216 from josedonizetti/fix-exposedsecret-sample
- e0d41cf Merge pull request #218 from josedonizetti/fix-helm-lint
- 3bc882c Merge pull request #219 from josedonizetti/prepare-release-0.1.0-rc-2
- 5a714ae lint: fix helm chart
v0.1.0-rc-2
v0.1.0-rc
Changelog
- b4bdea5 Added Region support for ECR-Registry handling. (#186)
- dd7fed7 Merge pull request #115 from josedonizetti/add-opensecret-report
- ed03ca6 Merge pull request #130 from erikgb/config-audit-metrics
- 20f9ba3 Merge pull request #159 from aquasecurity/dependabot/go_modules/k8s.io/client-go-0.24.2
- 01cc7b5 Merge pull request #175 from erikgb/feat/add-aggregated-clusterrole
- 9164f4b Merge pull request #183 from josedonizetti/fix-documentation
- 3bc460c Merge pull request #198 from chen-keinan/fix/exposedsecretreports-missing-clusterrole
- 2f7df67 Merge pull request #210 from josedonizetti/exposedmetrics-prometheus
- 8691633 Merge pull request #211 from josedonizetti/add-basic-metrics-doc
- 8502d41 Merge pull request #213 from josedonizetti/fix-policies-template
- 65e32b5 Merge pull request #214 from josedonizetti/prepare-release-0.1.0-rc
- cc5cdd2 build(deps): bump github.com/aquasecurity/defsec from 0.68.2 to 0.68.3 (#172)
- fab3cfc build(deps): bump github.com/aquasecurity/defsec from 0.68.3 to 0.68.5 (#202)
- 0506985 build(deps): bump github.com/google/go-containerregistry (#200)
- a7c616d build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.4 (#162)
- 3019447 build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5 (#199)
- 65495ae build(deps): bump k8s.io/client-go from 0.24.1 to 0.24.2
- 5d2c28b build(deps): bump k8s.io/code-generator from 0.24.1 to 0.24.2 (#163)
- 35a7c3c build(deps): bump k8s.io/klog/v2 from 2.60.1 to 2.70.0 (#203)
- 858650e build(deps): bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.2 (#201)
- 5f7a700 chore: update deploy/static
- c2fa6b9 feat: add ConfigAuditReport summary metrics
- aede3c2 feat: add aggregated view clusterroles for default user-facing roles
- a8dea26 feat: add exposedsecrets metrics
- d54d0ab feat: add open secret crd
- 701749c feat: exposed secrets scanning
- 427228b feat: support builtin policies (#191)
- e798e73 fix: client server mode is not compatible with latest trivy (#190)
- 8afb0be fix: exposed secret resync
- 5ed0ca3 fix: exposedsecretreports are missing from trivy-operator clusterrole
- dbbc8f0 fix: fix labels on helm/template/policies.yaml
- 7515a5b fix: make OPERATOR_METRICS_FINDINGS_ENABLED configurable in Helm chart (#179)
- f8316c9 fix: plugin_test
- e0d0fe2 fix: re-gen static resources from Helm chart and update doc for doing it (#176)
- 7e5c57f fix: remove unknwon from exposed secrets
- c65ba9a fix: support insecure flag for download trivy-db (#169)
- 37bef5c fix: use correct env name in update-static.yaml.sh (#185)
- 693cb8b refacor: remove exposed secrets None
- 03c76f5 refactor: clean up methods not used
- 0c94c65 refactor: extract compareReports
- 8ac676c refactor: pkg/plugin/trivy
- 2f01594 refactor: remove exposed secrets TTL
- 965261d refactor: rename workload controller ReadWriter
- c2ae8bf refactor: vulnerabilityreport/controller
v0.0.8
Discussions
Changelog
- bcc48f5 Merge pull request #131 from josedonizetti/add-init-and-ephemeral-container
- 37b130d Merge pull request #147 from mycodeself/feat-add-scan-target-vulnerability
- aab8d41 Merge pull request #164 from chen-keinan/chore/update-trivy-to-0.29.1
- 4fcdb1b add target type to crds
- e3f7788 build(deps): bump actions/setup-python from 3.1.2 to 4 (#154)
- b941fc7 build(deps): bump github.com/aquasecurity/defsec from 0.65.0 to 0.68.2 (#157)
- b65c4a5 build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#155)
- 910ed09 build(deps): bump k8s.io/apimachinery from 0.24.1 to 0.24.2 (#158)
- b2fbe9c feat: add scan target to vulnerabilities
- d26bcd8 feat: scan init/ephemeral containers
- 201ae6e fix: ImagePullSecret server discovery with wildcard (#151)
- 6f8f028 fix: remove dups on configaudit report (#161)
- 6f0128e fix: use trivy sub command on initcontainer download db (#150)
- 491d87b update trivy to 0.29.1