Releases: aquasecurity/trivy-operator
Releases · aquasecurity/trivy-operator
v0.23.0
Changelog
✨ Notable Changes ✨
- 693908e: feat: add options to Helm chart to load Trivy config from custom configmap or secret (#2174) (@kimdre)
- fadc65c: feat: add package purl in vuln report (#2311) (@hown3d)
🐛 Notable Fixes 🐛
- ac6de39: fix: fix check gcr service account (#2200) (@vadimceb)
- 7b0c518: fix: remove null checks values from ClusterComplianceReport in helm chart (#2168) (@verdel)
- 48d87f4: fix: vuln scan success criteria met (#2292) (@badgerspoke)
📝 Documentation 📝
- 96d4e72: docs: Grafana Dashboard - Add headless parameter to values.yaml (#2190) (@3xAG)
- 18e40db: docs: fix typo (#2235) (@pjonsson)
🔧 Miscellaneous 🔧
- 84422dc: chore: Update chart 0.24.1 (#2180) (@Dimonyga)
- 72ac532: chore: Use
mirror.gcr.io
insteadghcr.io
as helm chart default (#2331) (@simar7) - 763c60d: chore: bump up base alpine image to 3.20.3 (#2320) (@afdesk)
- 265309e: chore: bump up go version to 1.22.7 (#2319) (@afdesk)
- d4da6e5: chore: bump up kind for k8s v1.31 (#2318) (@afdesk)
- 6f3499c: chore: bump up trivy to v0.57.1 (#2301) (@afdesk)
- 5b2c1f7: chore: use mirror.gcr.io for trivy-check by default (#2321) (@afdesk)
👷 Other work 👷
- 3bbda93: platform and type - no metadata values (#2179) (@Dimonyga)
- 1880d76: - Updated
cache.Options
with aDefaultTransform
function that removes managed fields and the"kubectl.kubernetes.io/last-applied-configuration"
annotation from objects before storing them in the cache. (#2300) (@mjshastha) - 81fdbc8: Add hashing for vulnKey. (#2183) (@kersten)
- 0f84528: Fix compliance typo (#2210) (@harryagstian)
- 41ff2ce: Update configuration.md, added sbom generation flag (#2163) (@Talbalash-legit)
- f8123a0: build(deps): bump actions/setup-python from 5.1.0 to 5.1.1 (#2185) (@dependabot[bot])
- 5b1ad3f: build(deps): bump aquaproj/aqua-installer from 3.0.1 to 3.0.2 (#2315) (@dependabot[bot])
- 5ddd8a4: build(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#2193) (@dependabot[bot])
- 8bd760f: build(deps): bump github.com/aws/aws-sdk-go from 1.54.15 to 1.54.19 (#2187) (@dependabot[bot])
- 3517ca4: build(deps): bump github.com/aws/aws-sdk-go from 1.54.19 to 1.54.20 (#2195) (@dependabot[bot])
- 2cd18ea: build(deps): bump github.com/aws/aws-sdk-go from 1.54.20 to 1.55.5 (#2215) (@dependabot[bot])
- df12b1e: build(deps): bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.15 (#2177) (@dependabot[bot])
- d5d7e3d: build(deps): bump github.com/google/go-containerregistry (#2186) (@dependabot[bot])
- ec3d7c7: build(deps): bump github.com/google/go-containerregistry (#2224) (@dependabot[bot])
- 8674c19: build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#2203) (@dependabot[bot])
- ca07821: build(deps): bump github.com/onsi/ginkgo/v2 from 2.19.1 to 2.20.0 (#2223) (@dependabot[bot])
- d422d2e: build(deps): bump github.com/onsi/gomega from 1.33.1 to 1.34.0 (#2207) (@dependabot[bot])
- f02c74b: build(deps): bump github.com/onsi/gomega from 1.34.0 to 1.34.1 (#2214) (@dependabot[bot])
- 377ef08: build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#2176) (@dependabot[bot])
- 5e7eb45: build(deps): bump golang.org/x/text from 0.16.0 to 0.17.0 (#2222) (@dependabot[bot])
- 38e0674: build(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#2213) (@dependabot[bot])
- c4de896: build(deps): bump k8s.io/cli-runtime from 0.30.2 to 0.30.3 (#2198) (@dependabot[bot])
- 523b723: build(deps): bump sigstore/cosign-installer from 3.5.0 to 3.6.0 (#2225) (@dependabot[bot])
- 720a4e3: ci: bump GoReleaser up for private registry test (#2334) (@afdesk)
- 65f5425: ci: bump up GoReleaser to v2.4.8 (#2323) (@afdesk)
- f8e2cc2: refactor(misconf): Remove support for
WARN
in rego (#2317) (@simar7)
v0.22.0
Ref to Release Notes #2169
Changelog
✨ Notable Changes ✨
- 1d4ec56: feat: dynamic compliance reports (#2160) (@chen-keinan)
🐛 Notable Fixes 🐛
- ec93a42: fix: Prevent grouped vulnerability entries by including target and package path (#2140) (@kersten)
- 5d266cf: fix: helm param gcr service account auth (#2108) (@chen-keinan)
- 181ebae: fix: update olm defaults (#2138) (@chen-keinan)
📝 Documentation 📝
- 3448c9e: docs: add section on importing the Grafana dashboard using the Grafana Helm Chart (#2155) (@maritiren)
🔧 Miscellaneous 🔧
- 74a7d44: chore: bump github.com/hashicorp/go-getter-v1.7.5 (#2162) (@chen-keinan)
- d7f3484: chore: make operator policies-config optional (#2152) (@chen-keinan)
👷 Other work 👷
- 1c035b0: build(deps): bump github.com/aquasecurity/trivy from 0.52.0 to 0.52.2 (#2149) (@dependabot[bot])
- d135915: build(deps): bump github.com/aws/aws-sdk-go from 1.53.14 to 1.53.19 (#2133) (@dependabot[bot])
- 08afd7f: build(deps): bump github.com/aws/aws-sdk-go from 1.53.19 to 1.54.6 (#2157) (@dependabot[bot])
- d6632d9: build(deps): bump github.com/aws/aws-sdk-go from 1.54.6 to 1.54.11 (#2164) (@dependabot[bot])
- 19bf370: build(deps): bump github.com/google/go-containerregistry (#2145) (@dependabot[bot])
- 20acccc: build(deps): bump golang.org/x/net from 0.25.0 to 0.26.0 (#2131) (@dependabot[bot])
- 886550d: build(deps): bump golang.org/x/text from 0.15.0 to 0.16.0 (#2129) (@dependabot[bot])
- bb9a08d: build(deps): bump goreleaser/goreleaser-action from 5 to 6 (#2128) (@dependabot[bot])
- fbf4a75: build(deps): bump k8s.io/apiextensions-apiserver from 0.30.1 to 0.30.2 (#2156) (@dependabot[bot])
- 8bc9854: build(deps): bump k8s.io/cli-runtime from 0.30.1 to 0.30.2 (#2148) (@dependabot[bot])
- 2479a90: build(deps): bump k8s.io/client-go from 0.30.1 to 0.30.2 (#2146) (@dependabot[bot])
- d9924b1: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.3 to 0.18.4 (#2130) (@dependabot[bot])
- af05935: fix typos (#2154) (@maritiren)
v0.21.3
v0.21.2
Changelog
🐛 Notable Fixes 🐛
- 20a8a5b: fix: Add scanJobAnnotations to the Job instead of just the Pod (#2111) (@darkhelmet)
- dcbb19a: fix: log failed container error (#2112) (@chen-keinan)
- f1dada8: fix: non completed containers with invalid stacktrace (#2107) (@chen-keinan)
- f222fef: fix: policies bundle insecure (#2100) (@chen-keinan)
- 4cde7c1: fix: set default value for useBuiltIntPolicies (#2114) (@chen-keinan)
🔧 Miscellaneous 🔧
- b4bab35: chore: bump trivy 0.52.0 (#2115) (@chen-keinan)
👷 Other work 👷
- f048e86: build(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#2119) (@dependabot[bot])
- 0babd17: build(deps): bump github.com/aquasecurity/trivy from 0.51.2 to 0.51.4 (#2106) (@dependabot[bot])
- ce31865: build(deps): bump github.com/aws/aws-sdk-go from 1.53.0 to 1.53.10 (#2105) (@dependabot[bot])
- 7dea6fd: build(deps): bump github.com/aws/aws-sdk-go from 1.53.10 to 1.53.14 (#2118) (@dependabot[bot])
- fc164c3: build(deps): bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#2102) (@dependabot[bot])
- 7f90963: build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.3 to 2.19.0 (#2103) (@dependabot[bot])
- 12ebab1: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3 (#2104) (@dependabot[bot])
v0.21.1
Changelog
✨ Notable Changes ✨
- d472cd6: feat(helm): Add http/https proxy option in operator (#2087) (@bunseokbot)
👮 Security updates👮
- 39e5f7f: sec: cve-2023-42366 (#2085) (@chen-keinan)
🔧 Miscellaneous 🔧
- f284c83: chore: auto bump minor golang version (#2093) (@chen-keinan)
👷 Other work 👷
- 83ff5c0: build(deps): bump k8s.io/api from 0.30.0 to 0.30.1 (#2092) (@dependabot[bot])
- 8d22cdf: build(deps): bump k8s.io/apiextensions-apiserver from 0.30.0 to 0.30.1 (#2090) (@dependabot[bot])
- 25c69d7: build(deps): bump k8s.io/cli-runtime from 0.30.0 to 0.30.1 (#2091) (@dependabot[bot])
- 86c65a5: build(deps): bump k8s.io/client-go from 0.30.0 to 0.30.1 (#2089) (@dependabot[bot])
v0.21.0
Changelog
✨ Notable Changes ✨
- 8c62a23: feat(helm): only deploy ClusterComplianceReports if enabled (#2027) (@elchenberg)
- 96a010b: feat: Add custom header options for webhook notification (#2044) (@bunseokbot)
- 289f303: feat: filter container by regex (#2080) (@chen-keinan)
🐛 Notable Fixes 🐛
- 81cd4ca: fix: cves high and critical (#2077) (@chen-keinan)
- 727b9ab: fix: node-collector cves high critical (#2075) (@chen-keinan)
- 22d6898: fix: the use of embedded checks, fallback for air-gapped env. (#2074) (@chen-keinan)
- fcfad91: fix: trivy db repository credential set (#2064) (@kimtaehong)
🔧 Miscellaneous 🔧
- 1cbf7bd: chore: bump k8s.io libs-0.30.0 & fix lint issues (#2040) (@chen-keinan)
- 40bcbe0: chore: bump trivy 0.51.2 (#2081) (@chen-keinan)
- dca19ab: chore: bump trivy-0.50.4 (#2041) (@chen-keinan)
- c19a52b: chore: bump trivy-0.51.1 (#2054) (@chen-keinan)
👷 Other work 👷
- 6f37df7: build(deps): bump aquaproj/aqua-installer from 3.0.0 to 3.0.1 (#2065) (@dependabot[bot])
- 4b1c6c3: build(deps): bump github.com/aws/aws-sdk-go from 1.51.25 to 1.51.30 (#2047) (@dependabot[bot])
- 8e350ab: build(deps): bump github.com/aws/aws-sdk-go from 1.51.30 to 1.52.2 (#2058) (@dependabot[bot])
- e425d5e: build(deps): bump github.com/aws/aws-sdk-go from 1.52.2 to 1.53.0 (#2069) (@dependabot[bot])
- cd737be: build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.1 to 2.17.2 (#2050) (@dependabot[bot])
- 015e514: build(deps): bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.17.3 (#2071) (@dependabot[bot])
- 17d52b6: build(deps): bump github.com/onsi/gomega from 1.32.0 to 1.33.0 (#2031) (@dependabot[bot])
- c66f771: build(deps): bump github.com/onsi/gomega from 1.33.0 to 1.33.1 (#2070) (@dependabot[bot])
- c987127: build(deps): bump github.com/prometheus/client_golang (#2068) (@dependabot[bot])
- ad73f01: build(deps): bump golang.org/x/net from 0.24.0 to 0.25.0 (#2060) (@dependabot[bot])
- 48984f0: build(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.1.0 (#2045) (@dependabot[bot])
- fd87877: build(deps): bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 (#2056) (@dependabot[bot])
- 3c8dbab: build(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#2066) (@dependabot[bot])
- 2720782: build(deps): bump helm/kind-action from 1.9.0 to 1.10.0 (#2046) (@dependabot[bot])
- 3d82ecc: build(deps): bump k8s.io/cli-runtime from 0.29.3 to 0.30.0 (#2048) (@dependabot[bot])
- 54c1d7a: build(deps): bump sigs.k8s.io/controller-runtime (#2049) (@dependabot[bot])
- d567158: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.0 to 0.18.1 (#2059) (@dependabot[bot])
- 10bbeff: build(deps): bump sigs.k8s.io/controller-runtime from 0.18.1 to 0.18.2 (#2067) (@dependabot[bot])
v0.20.1
Changelog
✨ Notable Changes ✨
- ba16b57: feat: add helm value for adding annotations to the trivy operator deployment (#1989) (@martijnvdp)
- eaf2b20: feat: scan-job custom volumes (#2020) (@chen-keinan)
- 0f9e0f8: feat: separate toleration setting for node-collector (#2006) (@chen-keinan)
🐛 Notable Fixes 🐛
- 8b906fd: fix(helm): trivy server value typo (#2001) (@ABWassim)
- b56e499: fix: add policies download err msg and fallback to embeded (#2000) (@chen-keinan)
- d810d14: fix: better error handling for node config api data (#2004) (@chen-keinan)
- 759019d: fix: better handling for kubelet config (#2017) (@chen-keinan)
- 9e8663c: fix: log entry name on policy loader (#2013) (@chen-keinan)
- 201d00a: fix: typo fail download policy label (#2035) (@bunseokbot)
👮 Security updates👮
- a509895: sec: update go-getter to latest version (#2023) (@Starttoaster)
📝 Documentation 📝
- f8bf366: docs: add information on running Helm Chart in client server mode (#2005) (@AnaisUrlichs)
- ec64431: docs: version callout (#2012) (@AnaisUrlichs)
🔧 Miscellaneous 🔧
- 9b8c3e5: chore: bump trivy-0.50.2 (#2037) (@chen-keinan)
- 77c9675: chore: update built-in checks package repository name (#2014) (@chen-keinan)
👷 Other work 👷
- 1bf2c8f: Updates ignorePolicy comments in values.yaml (#1988) (@KateFiroozi)
- 4a06fc2: build(deps): bump azure/setup-helm from 4.1.0 to 4.2.0 (#2029) (@dependabot[bot])
- a324c2d: build(deps): bump github.com/aws/aws-sdk-go from 1.51.11 to 1.51.16 (#1990) (@dependabot[bot])
- 3c03632: build(deps): bump github.com/aws/aws-sdk-go from 1.51.16 to 1.51.21 (#2009) (@dependabot[bot])
- 6146286: build(deps): bump github.com/aws/aws-sdk-go from 1.51.21 to 1.51.25 (#2033) (@dependabot[bot])
- 098e084: build(deps): bump golang.org/x/net from 0.22.0 to 0.24.0 (#1991) (@dependabot[bot])
- 83e64f2: build(deps): bump sigs.k8s.io/controller-runtime from 0.17.2 to 0.17.3 (#2010) (@dependabot[bot])
- ef8f01b: build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#2011) (@dependabot[bot])
v0.20.0
Changelog
✨ Notable Changes ✨
- ba16b57: feat: add helm value for adding annotations to the trivy operator deployment (#1989) (@martijnvdp)
- eaf2b20: feat: scan-job custom volumes (#2020) (@chen-keinan)
- 0f9e0f8: feat: separate toleration setting for node-collector (#2006) (@chen-keinan)
🐛 Notable Fixes 🐛
- 8b906fd: fix(helm): trivy server value typo (#2001) (@ABWassim)
- b56e499: fix: add policies download err msg and fallback to embeded (#2000) (@chen-keinan)
- d810d14: fix: better error handling for node config api data (#2004) (@chen-keinan)
- 759019d: fix: better handling for kubelet config (#2017) (@chen-keinan)
- 9e8663c: fix: log entry name on policy loader (#2013) (@chen-keinan)
👮 Security updates👮
- a509895: sec: update go-getter to latest version (#2023) (@Starttoaster)
📝 Documentation 📝
- f8bf366: docs: add information on running Helm Chart in client server mode (#2005) (@AnaisUrlichs)
- ec64431: docs: version callout (#2012) (@AnaisUrlichs)
🔧 Miscellaneous 🔧
- 77c9675: chore: update built-in checks package repository name (#2014) (@chen-keinan)
👷 Other work 👷
- 1bf2c8f: Updates ignorePolicy comments in values.yaml (#1988) (@KateFiroozi)
- a324c2d: build(deps): bump github.com/aws/aws-sdk-go from 1.51.11 to 1.51.16 (#1990) (@dependabot[bot])
- 3c03632: build(deps): bump github.com/aws/aws-sdk-go from 1.51.16 to 1.51.21 (#2009) (@dependabot[bot])
- 098e084: build(deps): bump golang.org/x/net from 0.22.0 to 0.24.0 (#1991) (@dependabot[bot])
- 83e64f2: build(deps): bump sigs.k8s.io/controller-runtime from 0.17.2 to 0.17.3 (#2010) (@dependabot[bot])
- ef8f01b: build(deps): bump sigstore/cosign-installer from 3.4.0 to 3.5.0 (#2011) (@dependabot[bot])
v0.19.4
v0.19.3
Changelog
🐛 Notable Fixes 🐛
- 228e0fe: fix: add annotation job pod template spec (#1975) (@chen-keinan)
- 2af353a: fix: add appropriate info msg for not supported windows images (#1966) (@chen-keinan)
- 8ca4b5f: fix: configure context timeout for sync resources (#1974) (@chen-keinan)
- f38ca4e: fix: handle non sha256 digest (#1967) (@chen-keinan)
- fa6f596: fix: lazy loading of config-audit policies (#1958) (@chen-keinan)
🔧 Miscellaneous 🔧
- 4cf0c1c: chore: clean-up un-used folders and files (#1964) (@chen-keinan)
👷 Other work 👷
- b5b694b: build(deps): bump actions/setup-python from 5.0.0 to 5.1.0 (#1968) (@dependabot[bot])
- b798f2c: build(deps): bump github.com/aws/aws-sdk-go from 1.51.8 to 1.51.11 (#1969) (@dependabot[bot])
- 9b856d5: refactor: integration tests (#1962) (@chen-keinan)
- 35b6806: refactor: tests e2e config (#1963) (@chen-keinan)