All notable changes to this project will be documented in this file.
- 2.12.0
- 2.11.4
- 2.11.3
- 2.11.2
- 2.11.1
- 2.11.0
- 2.10.2
- 2.10.1
- 2.10.0
- 2.9.0
- 2.8.0
- 2.7.2
- 2.7.1
- 2.7.0
- 2.6.0
- 2.5.0
- 2.4.0
- 2.3.1
- 2.3.0
- 2.2.0
- 2.1.0
- 2.0.0
- 1.0.0
- Update kubesec dependencies
- Update actions
- Migrate from kubeval to kubeconform
- Fix StatefulSet and VolumeClaimTemplate issues
- Fix container builds so all tags are correctly built
- Split release and container release so they can be re-ran separately
- Bump dependencies
- Bump dependencies
- Minor doc cleanup
- Allow specifying schema location with
--schema-dir
- thanks @AndreasMili
- Fix LimitsMemory rule incorrectly using the RequestsLimit rule
- thanks @AndreasMili
- Split out actions so they can run only when necessary
- Bump dependencies
- Includes a couple more breaking updates that required some additional work to integrate
- Move assets in the containers to make them easier to access
- Fix changelog links
- Add exit-code override
- drop ghcr until auth is fixed
- actually push the container releases
- add more release targets
- sunset i386 target
- add template directory to the Dockerfiles
- build and push containers on release
- Docker Hub
- GitHub Container Registry
- add templating output format
- add provided sarif template
- add output location
- make go install and build easier by splitting cmd and a main.go in the root
- cleaned up docs
- made tests less brittle
- fix scratch container
- fix issues processing multi doc yaml with empty elements
- added some more kubesec scan examples
- added the file name to the kubeval input
- added a flag to show the absolute filename instead
- bump go and alpine versions
- this is also part of making
go mod
happy withv2
- this is also part of making
- further fixes to make
go mod
happy withv2
- should resolve issues with tools that use
go list ./...
at the project root
- should resolve issues with tools that use
- fix go mod issues with
v2
- can use
go get
again
- can use
- allow for piping into
kubesec scan
using-
or/dev/stdin
cat somefile.yml | kubesec scan -
cat somefile.yml | kubesec scan /dev/stdin
- improved in-toto integration
- added passed to the JSON output
- note: repo tests now require
jq
- only concerns maintainers
- patch to accept form data from the https://kubesec.io webpage sample form
- moved everything to go modules
- added in-toto support
- add rule for
allowPrivilegeEscalation: true
with a score of -7 - add
points
field to each recommendation so the values that comprise the total score can be seen - fix case sensitivity bug in
.capabilities.drop | index("ALL")
- rules in
critical
andadvise
lists prioritised and returned in same order across runs
- first open source release
- passes same acceptance tests as Kubesec v1
- more stringent analysis: scoring for a rule is multiplied by number of matches (previously the score was only applied once), initContainers are included in score, new securityContext directive support, seccomp and apparmor pod-targeting tighter
- CLI and HTTP server bundled in single binary
- initial release at https://kubesec.io
- closed source