kubeaudit-v0.22.1

Changelog

• db8a302 capture exit code for sarif (#576)
• 76fe452 version bump: patch. prepare release (#577)

kubeaudit-v0.22.0

What's Changed

• updates release instructions by @dani-santos-code in #503
• adds metadata to sarif result by @dani-santos-code in #486
• Fix CI: tidy with 1.17 by @genevieveluyt in #521
• Bump github.com/spf13/cobra from 1.5.0 to 1.6.1 by @dependabot in #497
• By default, test without Kind by @genevieveluyt in #524
• support for new override labels by @dani-santos-code in #527
• bump minor version - release 0.22.0 by @dani-santos-code in #534
• Remove Docker release process by @genevieveluyt in #540
• go releaser action by @dani-santos-code in #539

Full Changelog: v0.21.0...v0.22.0

kubeaudit-v0.21.0

⚠️ Breaking Changes

• deprecated seccomp annotations are no longer supported by the seccomp auditor

✨ New Features

• the Seccomp auditor has been updated to flag missing Seccomp profiles in securityContext instead of deprecated seccomp annotations. Thank you @Ser87ch, for your amazing contribution! 👏
• Override added for the unconfined apparmor profile! Once again, thank you @Ser87ch! 😍

Changelog

• 2bb1146 new release (#502)
• b0b5d9f fix gh action (#488)
• fbffa4a Add override for unconfined apparmor profile ✨ (#489)
• 2061bc7 Migrate to Seccomp profile in security Context ⚠️ (#475)
• c875a37 uses gh actions instead of probot (#477)

kubeaudit-v0.20.0

⚠️ Breaking Changes

• The Name field in the AuditorResult struct has been renamed to Auditor

✨ New Features

• A new package was added, allowing for the use of the --format sarif flag to generate a SARIF report, which eases integration with other Static Code Analysis tooling, such as Github Code Scanning: https://github.com/Shopify/kubeaudit#audit-results

• The AuditorResult has been extended with new fields: Auditor (used to be Name), Rule and FilePath

• containerd paths have been added to the list of sensitive paths from Falco - thank you @Benzhaomin !!! 🎉

Changelog

• 918091a adds new version (#474)
• e9fce13 refactors sarif test (#469)
• 7bb32c2 Bump k8s.io/apimachinery from 0.24.3 to 0.24.4 (#468)
• 32a65c8 adds support for sarif output (#453)
• df0fd92 feat(mounts): update list of sensitive paths from Falco, adds containerd (#463)
• b3342d7 Remove CLA from probots.yml and use new GitHub action (#461)
• 85e7b30 updates deps 07 22 2022 (#459)

kubeaudit-v0.19.0

⚠️ Breaking Changes

• The -c shorthand flag has been repurposed from being the shorthand for --kubeconfig to being the shorthand for the new --context flag. This is consistent with kubectl. --kubeconfig does not have a replacement shorthand, please use the full flag.

✨ New Features

• Kubeaudit now has a deprecatedapis auditor that checks for deprecated apis! 🎉
• Kubeaudit now supports a new --no-color flag to produce output without color codes! 🎉
• Kubeaudit is up to date dependency-wise 💊

thank you @jerr @genevieveluyt 👏

Changelog

• 8624972 Fix --no-color documentation (#451)
• dbeb9b5 Add --no-color flag (#449)
• c1d5057 Bump github.com/stretchr/testify from 1.7.5 to 1.8.0 (#450)
• fa172f2 ✨ Adds "deprecated apis" auditor (#428)
• 7eaf685 add the --context option (#427)
• 96a7b61 Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 (#447)
• ffd993e Bump k8s.io/client-go from 0.24.1 to 0.24.2 (#443)
• 1702945 Bump github.com/stretchr/testify from 1.7.2 to 1.7.5 (#448)

kubeaudit-v0.18.0

Summary

Kubeaudit can now read from stdin by using the -f - flag and value. This allows for piping output from another command directly into kubeaudit! Thank you @raffis for adding this useful feature!

Changelog

• e70662b Update version to 0.18.0 (#441)
• 8a2ee04 ✨ Support dash as short for stdin (#434) - thank you @raffis

kubeaudit-v0.17.1

Changelog

• 0ce511d 🐛 Ignore groups not served by the cluster (#440)
• 6a30cc0 Update k8s.io/api and friends to v0.24.1 (#438)
• c0cfe7e Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#437)
• 81a1ceb ✨ Use dynamic kubeclient (#433)
• 29fbf35 🐛 bump KinD k8s node image version to 1.20 (#426)

kubeaudit-v0.17.0

Changelog

• 7ebb9a6 Fix docker go version (#425)
• b49fedb Bump k8s.io/client-go from 0.23.5 to 0.23.6 (#420)
• c03dd7d Bump version (#416)
• 33dd111 Bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#411)
• 4196a57 Bump k8s.io/apiextensions-apiserver from 0.23.4 to 0.23.5 (#415)
• a7934bd Bump k8s.io/apiextensions-apiserver from 0.22.4 to 0.23.4 (#400)
• 49ba47e Bump k8s.io/client-go from 0.22.4 to 0.23.4 (#401)
• dfc14d8 Bump k8s.io/api from 0.22.4 to 0.23.4 (#402)
• 15cd439 Bump k8s.io/apimachinery from 0.22.4 to 0.23.4 (#403)
• fc078cf Upgrade to go 1.17 (#410)
• 1759e7a Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#409)
• e285d5a Fix deadlink in seccomp auditor docs (#407) - Thank you @bvwells!
• 2bcbff0 Fix PR welcome message to contributing guidelines (#406) - Thank you @bvwells!
• 1090bd1 Fix kubeaudit job namespace in cluster example (#404) - Thank you @bvwells!
• dd699c5 Bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#387)

kubeaudit-v0.16.0

Summary

• Introduces the --includegenerated flag which can be used to audit generated resources, which are normally ignored by kubeaudit (eg. pods generated by deployments) - Thank you @nobletrout for this contribution!
• Adds support for initContainers. They will be audited the same as normal containers. - Thank you @danishprakash for this contribution!
• Dependency updates

Changelog

d3ec331 Bump k8s.io/apiextensions-apiserver from 0.22.3 to 0.22.4 (#378)
55ef5fa Test IncludeGenerated (#381)
9f45e34 Bump k8s.io/client-go from 0.22.3 to 0.22.4 (#380)
b0c9c3c ✨ Adds ability to not filter CRDS, see ISSUE #373 (#374)
abd7f12 pkg/k8s: add support for initContainer (#376)

Docker images

• docker pull shopify/kubeaudit:latest
• docker pull shopify/kubeaudit:0.16.0
• docker pull shopify/kubeaudit:v0.16

kubeaudit-v0.15.0

Summary

• Adds support for Job resources - thank you @superbrothers for this contribution!
• Adds option to disable colour output when using pretty formatting (package only)
• Enabled Dependabot and updates dependencies

Changelog

b68cabd Update version to 0.15.0 (#372)
7f54326 Bump github.com/jetstack/cert-manager from 1.6.0 to 1.6.1 (#371)
9cdecb3 Bump k8s.io/apiextensions-apiserver from 0.22.2 to 0.22.3 (#368)
6cc7a75 Add support for kind Job (#370)
0ef3005 Bump github.com/jetstack/cert-manager from 1.5.4 to 1.6.0 (#365)
e5c797a Bump k8s.io/apimachinery from 0.22.2 to 0.22.3 (#369)
d597928 Bump k8s.io/apiextensions-apiserver from 0.21.3 to 0.22.2 (#362)
79cce8c Remove wip probot (#364)
700c39f Bump github.com/jetstack/cert-manager from 1.4.1 to 1.5.4 (#363)
fe44171 Fix dependabot (#358)
374a428 Support parsing for server specs (#356)
50c618b Add Support for Services (#353)
7b57f85 Update dependencies and add dependabot (#354)
2d8282c Make k8s and override packages public (#351)
47c31d5 Add option to disable printing results in color (#350)
ca64457 Remove deprecated mountds auditor (#349)
863e367 Remove example dependency on internal packages (#348)

Docker images

• docker pull shopify/kubeaudit:latest
• docker pull shopify/kubeaudit:0.15.0
• docker pull shopify/kubeaudit:v0.15