kubescape-operator-1.18.9

1.18.9 Release Notes

🚀 Enhancements

Alpha release: rule-based alerting
In this release, we are introducing runtime-based alerting to detect malicious behavior in the applications running in the cluster.
Feel free to contact us if you are interested in testing it out :)

Install

For installation, add the following flags to the installation command:

• runtimeDetection: Detect unexpected file exec/file open and network
• malwareDetection: Anti-virus

--set capabilities.runtimeDetection=enable --set capabilities.malwareDetection=enable 

Alerts

The alerts should be available in Prometheus.
Enable the serviceMonitor:

--set nodeAgent.serviceMonitor.enabled=true

@dwertent @amirmalka @amitschendel #416

🐞 Fixed issues

• Fixed cronJob headers by @matthyx in #415
• Operator getting stuck by @matthyx in #415

Full Changelog: kubescape-operator-1.18.8...kubescape-operator-1.18.9

kubescape-operator-1.18.8

1.18.8 Release Notes

🚀 Enhancements

• Adding contextual remediation (remediation based on runtime data) by @matthyx in #410

🐞 Fixed issues

• Fix potential race conditions in the synchronizer
• Removed deprecated summary objects

Full Changelog: kubescape-operator-1.18.7...kubescape-operator-1.18.8

kubescape-operator-1.18.7

Kubescape is an E2E Kubernetes cluster security platform

kubescape-operator-1.18.6

1.18.6 Release Notes

🐞 Fixed issues

• Hotfix registry scanning

Full Changelog: kubescape-operator-1.18.5...kubescape-operator-1.18.6

kubescape-operator-1.18.5

1.18.5 Release Notes

🚀 Enhancements

• Set default cluster name by @dwertent in #400
• add skip TLS verify in registry creds secret by @amirmalka in #402
• Bump images to the latest release by @matthyx in #403

🐞 Fixed issues

• Set continues-scanning to disable when there is an adaptor
• Improve image vulnerability scanning results

Full Changelog: kubescape-operator-1.18.4...kubescape-operator-1.18.5

kubescape-operator-1.18.4

1.18.4 Release Notes

🚀 Enhancements

• Synchronizer GA by @amirmalka in #394
• Generating network policies is enabled:

  kubectl -n <namespace> get generatednetworkpolicies <workload-kind>-<workload-name> -o yaml
  

• Adding ignore label to all resources by @dwertent in #395 (This is for future support)
• bump images by @matthyx in #396

🐞 Fixed issues

• Fix: missing imagePullSecrets in storage deployment by @jbertozzi in #391
• Fix panic in node-agent
• Fix panic in storage

New Contributors

• @jbertozzi made their first contribution in #391

Full Changelog: kubescape-operator-1.18.3...kubescape-operator-1.18.4

kubescape-operator-1.18.3

1.18.3 Release Notes

🐞 Fixed issues

• Fix RBAC permission for storage class by @matthyx in #392

Full Changelog: kubescape-operator-1.18.2...kubescape-operator-1.18.3

kubescape-operator-1.18.2

1.18.2 Release Notes

🚀 Enhancements

• add README explanation for runc path on K3s by @matthyx in #385
• Adding gateway API objects to clusterrole by @slashben in #388
• Fix accessKey value by @dwertent in #387
• Bump versions by @dwertent in #389

🐞 Fixed issues

• Trigger scan when an image is updated
• Enhance initContainers image scanning
• Reduce storage memory usage
• Optimize applicationProfiles patching

Full Changelog: kubescape-operator-1.18.1...kubescape-operator-1.18.2

kubescape-operator-1.18.1

1.18.1 Release Notes

🚀 Enhancements

• Add secret for private registries credentials by @amirmalka in #382

🐞 Fixed issues

• Fix SBOM cleanup mechanics
• Removed many logs from the storage

Full Changelog: kubescape-operator-1.18.0...kubescape-operator-1.18.1

kubescape-operator-1.18.0

1.18.0 Release Notes

📢 Updates

We changed the internal SBOM format from SPDX to the Syft format in this release.
As a result, any collected relevant data is ignored and must be collected again.

This change will reduce the number of false-positive results.

Note: SPDX format is no longer supported, you can convert from the syft format using the syft convert command

Full Changelog: kubescape-operator-1.17.3...kubescape-operator-1.18.0