0.3.10

What's Changed

• ART-13785: create 4.21 config file by @mbiarnes in #280

Full Changelog: 0.3.9...0.3.10

0.3.9

What's Changed

• ACM-22422 add hypershift cli binaries exception by @rokej in #276
• Skip CGO checks for binaries without crypto by @dbenoit17 in #278

New Contributors

• @dbenoit17 made their first contribution in #278

Full Changelog: 0.3.8...0.3.9

0.3.8

What's Changed

• Update OCP virt validation exception binary path by @Axuba in #269
• ignore ErrNotDynLinked for all valgrind rpm files by @jctanner in #270
• volsync-container exception for diskrsync binary (for ocp 4.14) by @tesshuflower in #271
• add RHEL 9.6 to certified_distributions for OCP 4.16 by @tesshuflower in #273

New Contributors

• @jctanner made their first contribution in #270

Full Changelog: 0.3.7...0.3.8

0.3.7

What's Changed

• Ignore CLI and catatonit for MTA by @fbladilo in #264
• dockerfiles: update umoci download location by @rphillips in #266
• chore(deps): bump golang.org/x/net from 0.36.0 to 0.38.0 by @dependabot in #263
• CMP-3427: Update certified distributions to include RHEL 8.10 by @rhmdnd in #268

New Contributors

• @fbladilo made their first contribution in #264

Full Changelog: 0.3.6...0.3.7

0.3.6

What's Changed

• ART-12531: create 4.20 config file by @mbiarnes in #262
• Add CGO_ENABLED as an exclusion for ocp-virt-validation-checkup due to false positive by @Axuba in #265

New Contributors

• @mbiarnes made their first contribution in #262

Full Changelog: 0.3.5...0.3.6

0.3.5

What's Changed

• Turn off usage on scan failures by @dhaiducek in #250
• Fix Dockerfile.upstream by @dhaiducek in #251
• Upgrade to Go1.23 and OCP 4.18 by @dhaiducek in #252
• chore(deps): bump github.com/opencontainers/runc from 1.1.12 to 1.2.0 by @dependabot in #256
• chore(deps): bump github.com/deckarep/golang-set/v2 from 2.6.0 to 2.7.0 by @dependabot in #239
• chore(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot in #253
• chore(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 by @dependabot in #254
• chore(deps): bump github.com/BurntSushi/toml from 1.4.0 to 1.5.0 by @dependabot in #260
• add secondary-scheduler-operator-container static ignores by @rphillips in #261
• Ignore catatonit for kiali operator for OCP 4.15 and 4.14 by @mkralik3 in #257

New Contributors

• @dhaiducek made their first contribution in #250

Full Changelog: 0.3.4...0.3.5

0.3.4

What's Changed

• Add FIPS exclusions to CNV by @Axuba in #248
• Add virt-handler and virt-launcher ignores that weren't reported by CVP by @Axuba in #249

New Contributors

• @Axuba made their first contribution in #248

Full Changelog: 0.3.3...0.3.4

0.3.3

What's Changed

• bump xcrypto by @rphillips in #232
• add ignore to hco-bundle-registry-container by @tal-hason in #228
• skip ErrNotDynLinked for catatonit in ansible-operator by @ashwindasr in #233
• Bump net/html by @rphillips in #234
• ACM-10922 No CGO Enabled exemptions by @rokej in #230
• ignore rhacs client binaries by @davdhacs in #241
• Cnv fips separate the package files to pass the scan by @tal-hason in #235
• added to v4.19 and virt-handler ignore by @tal-hason in #243
• chore(deps): bump github.com/Masterminds/semver/v3 from 3.2.1 to 3.3.1 by @dependabot in #236
• chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.9 to 6.6.5 by @dependabot in #237
• chore(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 by @dependabot in #238
• add skip for sriov cni in 4.14 by @SchSeba in #244
• [OSSM-8688] Ignore catatonit for kiali operator by @mkralik3 in #242
• skip ib-sriov-cni check for rhel9 crypto by @SchSeba in #245
• execute gotags/goexperiment checking by @davdhacs in #240
• Empty commit by @sdodson in #247

New Contributors

• @tal-hason made their first contribution in #228
• @rokej made their first contribution in #230
• @davdhacs made their first contribution in #241
• @SchSeba made their first contribution in #244
• @mkralik3 made their first contribution in #242

Full Changelog: 0.3.2...0.3.3

0.3.2

What's Changed

• chore(config): remove cliff.toml since it is unused by @rphillips in #110
• chore(Dockerfile): bump dockerfile to use golang 1.21 by @rphillips in #111
• chore(images): add openshift dockerfile by @rphillips in #112
• add label by @rphillips in #113
• chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.6 to 6.4.7 by @dependabot in #114
• Add podman so that we can run the check in the container by @liangxia in #116
• config.toml: add exception for rukpak by @kolyshkin in #117
• exclude a statically-compiled utility for OLM by @stevekuznetsov in #118
• add Java / JDK image scan option by @tchughesiv in #115
• internal/podman: add retry by @kolyshkin in #121
• config: exclude ovnkube-trace for 4.14 by @kolyshkin in #122
• dockerfile: bump base to rhel 9 by @rphillips in #124
• dummy commit to rebuild images by @rphillips in #125
• OCPBUGS-22678: bump builder to rhel9 by @rphillips in #126
• chore(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.18 by @dependabot in #127
• chore(deps): bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible by @dependabot in #128
• chore(deps): bump golang.org/x/net from 0.8.0 to 0.17.0 by @dependabot in #129
• chore(deps): bump github.com/opencontainers/runc from 1.1.3 to 1.1.5 by @dependabot in #131
• chore(deps): bump k8s.io/klog/v2 from 2.100.1 to 2.110.1 by @dependabot in #132
• chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.7 to 6.4.9 by @dependabot in #133
• Add opm so that we can run the operator index image check in the container by @xiaojiey in #135
• README minor fix by @ashwindasr in #136
• add oc to image by @rphillips in #137
• add runc to image by @rphillips in #138
• chore(deps): bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #134
• Add jq to image by @xiaojiey in #139
• OCPBUGS-24612: check for goexperimental >= 1.18 by @rphillips in #143
• chore(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 by @dependabot in #144
• chore(deps): bump github.com/deckarep/golang-set/v2 from 2.3.1 to 2.6.0 by @dependabot in #145
• chore(deps): bump k8s.io/klog/v2 from 2.110.1 to 2.120.0 by @dependabot in #148
• chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.4.9 to 6.5.3 by @dependabot in #149
• x_cgo: check for _cgo_topofstack by @rphillips in #152
• Add a "local" scan sub-command avoids podman mount by @bentito in #154
• chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.3 to 6.5.4 by @dependabot in #153
• chore(deps): bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 by @dependabot in #155
• chore(deps): bump k8s.io/klog/v2 from 2.120.0 to 2.120.1 by @dependabot in #151
• Adding /usr/bin/tini-static back to the ignore list by @FilipB in #157
• add 4.15 and 4.16 config files by @rphillips in #158
• update for 4.16 by @rphillips in #159
• fallback to bigendian to check for golang magic number by @rphillips in #164
• add Lance Bragstad to owners by @rphillips in #160
• Add exception for bond cni RHEL 8 binary in RHEL 9 base by @mrunalp in #168
• chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.4 to 6.5.8 by @dependabot in #169
• update 4.15 ignores by @ashwindasr in #170
• Update docs to reference correct bundle directory by @rhmdnd in #172
• chore(deps): bump golang.org/x/net from 0.17.0 to 0.23.0 by @dependabot in #173
• chore(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 by @dependabot in #162
• Add exceptions for OpenShift Virtualisation by @dominikholler in #174
• volsync-container exception for diskrsync binary by @tesshuflower in #177
• chore(deps): bump google.golang.org/protobuf from 1.28.1 to 1.33.0 by @dependabot in #161
• Update excludes by @ashwindasr in #176
• Setup 4.17 config.toml by @ashwindasr in #180
• Update 4.11 exclude by @ashwindasr in #181
• [4.15] exclude sriov-cni-container ErrLibcryptoSoMissing by @ashwindasr in #182
• Fix braces by @dominikholler in #183
• chore(deps): bump github.com/jedib0t/go-pretty/v6 from 6.5.8 to 6.5.9 by @dependabot in #179
• Update excludes by @ashwindasr in #186
• add Ashwin to config approvers by @rphillips in #187
• add rukpak and lifecycle manager to 4.17 by @ashwindasr in #188
• Add skopeo and umoci to CI image by @swghosh in #189
• chore(deps): bump github.com/BurntSushi/toml from 1.3.2 to 1.4.0 by @dependabot in #190
• int/types: rm NewDefaultConfig by @kolyshkin in #191
• update rukpak and lifecycle manager excludes by @ashwindasr in #192
• CMP-2633: Update check to support golang 1.22 symbols by @rhmdnd in #196
• Fix golang 1.22 symbols check by @karelyatin in #197
• exclude operator-lifecycle-manager-container by @ashwindasr in #200
• chore(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #194
• chore(deps): bump k8s.io/klog/v2 from 2.120.1 to 2.130.1 by @dependabot in #198
• Implement an operating system check for FIPS certified distributions by @rhmdnd in #175
• Fix OS scan when -V is not set by @rphillips in #202
• [OSSM-6411] Ignore rhel9 binary in rhel8 istio-cni image by @asmigala in #203
• bump deps by @rphillips in #204
• CMP-2639: Exclude binary libcrypto check using golang 1.22 by @rhmdnd in #205
• Pass component information to scan local check by @rhmdnd in #206
• config: exclude runc by @kolyshkin in #207
• add invalid tag ignore for runc by @rphillips in #208
• add ose-operator-framework-tools-container to 4.16 exclude by @ashwindasr in #209
• MCO: ignore additional binaries for 4.14/4.15 by @yuqi-zhang in #210
• add 4.18 config.toml by @ashwindasr in #211
• OCPBUGS-37846: rpm.runc ignore ErrLibcryptoMissing by @sdodson in #212
• openshift-enterprise-operator-sdk-container update exclude by @ashwindasr in #213
• openshift-enterprise-operator-sdk-container update exclude by @ashwindasr in #214
• Add RHEL 9.4 to certified distributions by @sdodson in #220
• Update checks to support golang 1.21.13 symbols by @olliewalsh in #221
• [ART-11064] create 4.19 config file by @ashwindasr...

0.3.1

Features

• Config de-duplication (moved some rules into the main config.toml)
• Improve config validation for [[ignores]] sections
• Add 4.14 configuration.
• Add semver sort of stored config versions
• Add --walk-scan flag to node scan. If set, the scan is using the same
  algorithm as scan payload (walk the directory tree and scan all files).
  Note that per-payload and per-tag configuration entries are still ignored
  because neither tag nor component is set.
• Add --rpm-scan flag to payload and image scan. If set, the scan is using
  the same algorithm and rules as scan node (only scan files belonging to RPM
  packages, and ignore per-payload and per-tag configuration entries).

Bug fixes

• Fix error text in message when logging scan node failure/warning
• Fix checking for duplicates in config validation logic