polaris
Validation of best practices in your Kubernetes clusters
APACHE-2.0 License
Bot releases are visible (Hide)
Published by reactiveops-bot over 1 year ago
Changelog
- b472f342 Managed by Terraform
- ef4ea66d Update checks documentation (#936)
- 166b39b6 move to latest alpine (#944)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 1 year ago
Changelog
- 727c6fa2 Update documentation from template (#934)
- 1ddd2d98 Update documentation from template (#935)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 1 year ago
Changelog
- b75db7fc Bump golang.org/x/net from 0.6.0 to 0.7.0 (#922)
- 501744a6 Skip https certificate verification (#920)
- f531103f Update documentation from template (#926)
- 6abfbb35 Update package-lock.json (#923)
- d909dfd0 chore(ci): Upgrade Github CI/CD to non-deprecated actions (#933)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 1 year ago
Changelog
- 498ccf22 Fix #908 by generating release name (#909)
- bf065f9b Update dangerousCapabilities.yaml (#866)
- 80c43347 update go modules (#917)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot almost 2 years ago
Changelog
- a1b63ac4 Fix #547 - add a check for topologySpreadConstraint (#879)
- 71b0e002 Update documentation from template (#899)
- 2d28ea55 sc/rd 71 add plg link (#896)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot almost 2 years ago
Changelog
- c2d1b1cc Bump alpine from 3.16 to 3.17 (#885)
- 81755e32 Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 (#870)
- 531322c6 Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 (#869)
- e3f3254f Managed by Terraform
- 8bc1a4bc refactor: move from io/ioutil to io and os packages (#858)
- 8af43636 update dependencies (#898)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot almost 2 years ago
Changelog
- 467d06f4 FWI-2719: Enable new RBAC / sensitive content / Pod exec checks, add
hasPrefixandhasSuffixfunctions to the GO template, exemptsystem:name prefixes for RBAC checks, sensitive content checks ignorevalueFrom, (#832)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot almost 2 years ago
Changelog
- 29102dea Build docker images using goreleaser and support arm64 (#845)
- 587396a5 Bump k8s.io/api from 0.25.0 to 0.25.3 (#862)
- 45be5cbb FWI-2912: Add logging to improve debugging of JSON Schema (#859)
- b3d842a1 Fix CI tag filters and re-enable docs (#852)
- 4091355e Managed by Terraform
- 6ef87be5 update dependencies (#867)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot about 2 years ago
Changelog
- 29102dea Build docker images using goreleaser and support arm64 (#845)
- 7e099521 Define tag filters for all jobs in the workflow
- 98d8646c Fix 7e099521
- 21ca5ee6 Re-enable build/push of documentation
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot about 2 years ago
Changelog
- be45519a Add
target PodTemplatewhich exposes the full Pod (not only the spec) (#801) - f9e2603b Bump alpine from 3.16.0 to 3.16.1 (#810)
- 7addced3 Bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0 (#815)
- 76c42c47 Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#813)
- 41030320 Bump github.com/stretchr/testify from 1.7.1 to 1.8.0 (#786)
- 65add73e Bump k8s.io/api from 0.24.1 to 0.24.3 (#808)
- af0d548a Bump k8s.io/apimachinery from 0.24.1 to 0.24.3 (#807)
- 3efa3b40 Bump k8s.io/client-go from 0.24.1 to 0.24.3 (#806)
- 7e773504 Bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.3 (#814)
- e5b92362 FWI-2476: Add missingNetworkPolicy, automountServiceAccountToken, and linuxHardening checks (#816)
- 20632227 FWI-2509: Add sensitiveContainerEnvVar and sensitiveConfigMapContent checks (#817)
- 50d789fd Fix
resourceKindMap.addResource()to not assume every Kind has an APIGroup (#805) - e3a6cb37 Fix namespace checking when validating additional schemas which are not namespaced (#822)
- a0000e19 Suppress empty results when --only-show-failed-tests is passed (#811)
- 25ab600e Update docs to reflect
target: PodTemplateRE: PR #801 (#804) - c3b57bf6
target: containeralso populates.Polaris.PodSpec|PodTemplate+ a new.Polaris.Containerrepresenting the currently checked container,GetPodTemplateserializes data to work around a DeepCopy bug with type int (#812) - ccaa384c expose
Polaris.PodSpecfor PodSpec targeted checks (#793) - b90f091b fix polaris cves (#824)
- 652b65b3 fix: properly remove emojis in pretty format with no color (#765)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 2 years ago
Changelog
- fec00893 Update fairwinds-insights.yaml (#799)
- 1c09ce9e update changelog and docs (#800)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 2 years ago
Changelog
- f713d436 ensure path exists when adding mutations (#789)
- e3e79004 Add
checksflag to fix specific checks (#797) - c3eb0811 Add flag to enable mutations in webhook (#794)
- a2ec0252 Add more mutations, fix mutation tests (#790)
- 276c1688 Bump alpine from 3.15.4 to 3.16.0 (#773)
- f71ca999 Change
target: Podtotarget: PodSpec(#726) - 08682075 Enable pullPolicyNotAlways (#795)
- e896eec8 Expose GetValidateResults function to be used in the polaris package (#763)
- 54234491 Use orb to publish docs (#791)
- acadebe9 add docs for mutation (#792)
- 92f0b6e5 fix issue when the files-path is actual file path instead of directory (#761)
- 50319fb1 fix webhook test (#798)
- 3b865fce skip incomplete or broken YAML - warn user (#678)
- 25a120ba update dependencies (#777)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 2 years ago
Changelog
- a59063bd Add fix command to mutate and update IaC (#746)
- 6b7d6ab3 Added Mutation webhook (#755)
- 321bfa8f Added more mutations and refactor test to test each mutation separately (#734)
- 57d0ae39 Bump alpine from 3.15.3 to 3.15.4 (#745)
- c597b162 Managed by Terraform
- c92819ca Save last podspec when walking owner hierarchy (#748)
- 322e6f7d fix kinds (#752)
- 8a8ac2d9 update go modules (#743)
- 6c331683 update release process (#744)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 2 years ago
Changelog
- 78838a60 Add a --namespace flag to the in-cluster audit (#742)
- a4c0b0f5 Add mutation field to
imagePolicyNotAlways(#712) - a7e30075 Bump alpine from 3.15.0 to 3.15.1 (#731)
- f2833f2c Bump alpine from 3.15.1 to 3.15.2 (#733)
- 82d36636 Bump alpine from 3.15.2 to 3.15.3 (#739)
- 861fd42d Bump golang from 1.17.7 to 1.17.8 (#716)
- bd8b2962 Fix license headers (#736)
- 1841b744 audit check specific checks when passing checks args (#737)
- fd16fb99 merge the list of resources from custom checks and the generated controller list before deduplicating them (#727)
- ce8786b9 update x/text (#740)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 2 years ago
Changelog
- b1e22ab4 Bump alpine from 3.14 to 3.15.0 (#704)
- 5e4d6bd8 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#687)
- e61c50a6 Bump golang from 1.16 to 1.17.7 (#705)
- afe718b6 Managed by Terraform
- f429f192 Nobletrout/add kubectx support (#719)
- ef50fbbf Release 5.1 (#720)
- 06322dc8 bounce out once we hit a type we know to avoid CRD problems (#718)
You can verify the signature of the checksums.txt file using cosign.
cosign verify-blob checksums.txt --signature=checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
Published by reactiveops-bot over 2 years ago
Changelog
268f0e68 Correct URL to download polaris tar (#660)
fa243824 Delete .github/ISSUE_TEMPLATE/bug.yaml
675eb156 Delete .github/ISSUE_TEMPLATE/bug_report.md
40fbe9ca Delete .github/ISSUE_TEMPLATE/bug_report.md
6d89e6ba Delete .github/stale.yml
31e9f220 Managed by Terraform
a7aef2a5 Managed by Terraform
19d3af90 Managed by Terraform
6bebdb8e Managed by Terraform
d695a204 Managed by Terraform
be80d91a Managed by Terraform
975b829f Managed by Terraform
0e2212dc Managed by Terraform
94e74e3d Managed by Terraform
008a7cbe Managed by Terraform
8584110e Managed by Terraform
5e1f7589 Managed by Terraform
1731febe Managed by Terraform
e31f3f1b Managed by Terraform
e91b9b88 Update serverity for polaris check (#690)
5acdc4a4 fix: add space before "in namespace" output (#650)
Published by reactiveops-bot about 3 years ago
Changelog
89dfce5b Bump github.com/fatih/color from 1.12.0 to 1.13.0 (#641)
5aa397ca Bump github.com/thoas/go-funk from 0.9.0 to 0.9.1 (#624)
8c454fa7 Bump k8s.io/api from 0.22.1 to 0.22.2 (#630)
1b97f31e Bump sigs.k8s.io/controller-runtime from 0.10.0 to 0.10.1 (#640)
19341205 Bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0 (#639)
d41ce88f Update README.md (#627)
a62389b8 Update documentation from template (#634)
32c1150b config: new flags '--disallow-(config|annotation)-exemptions' (#636)
0f1d4cd9 fix configuration syntax for goreleaser (#644)
c398f104 prep for 4.2.0 release and helm chart update (#643)
091fa77d update goreleaser and make sure to build darwin arm build for homebrew (#642)