Releases: aquasecurity/starboard
v0.10.1-rc1
Docker images
docker pull docker.io/aquasec/starboard:0.10.1-rc1docker pull public.ecr.aws/aquasecurity/starboard:0.10.1-rc1docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.1-rc1docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.1-rc1docker pull docker.io/aquasec/starboard-operator:0.10.1-rc1docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.1-rc1
v0.10.0
Noteworthy
- Starboard Operator integrates with KubeBench by discovering K8s nodes and running KubeBench checks on existing and new nodes.
- Starboard CLI and Starboard Operator integrate with Conftest as a configuration audit plugin. The Conftest plugin supports custom OPA Rego checks and can be used as an alternative to Polaris, which has predefined set of checks.
- Deleting a security report, e.g. VulnerabilityReport, triggers rescan.
- Changing the configuration of the Conftest plugin, which is stored in the
starboard-conftest-configConfigMap, triggers rescan. - New kind of HTML report to sum up risks in the specified K8s namespace.
Changelog
92e39f4 chore(Conftest): Update deployment descriptors (#495)
a7de614 fix(conftest): Do not show negative pass count (#488)
8929137 fix(helm): Add configAuditReport.scanner to the default Starboard settings (#487)
020b61d fix(helm): Add permission to delete ConfigAuditReports (#496)
dc6d9a3 fix(helm): Error calling gt: incompatible types for comparison (#486)
69ec5b4 fix(operator): Delete scan job for workload that has been deleted (#497)
5cb2c04 fix(polaris): Remove clutter from JSON output (#493)
748d553 fix: Rearrange sections in HTML report for namespace (#491)
80f9a0f refactor(conftest): Skip rescan when plugin ConfigMap is deleted (#489)
802cfa7 refactor: Embed vulnerabilityreports CRD (#484)
aa95a98 refactor: Move constants to starboard package (#477)
89d860a chore: Bump up Polaris from v3.0 to v3.2 (#447)
d57c119 chore: Fix code formatting (#456)
55b37f7 feat(cli): Show top 5 failed workload configuration checks in html report for namespace (#462)
f53705a feat(cli): Show top 5 vulnerabilities by score in html report for namespace (#463)
c836618 feat(helm): Add HTTPS_PROXY and NO_PROXY settings for Trivy (#443)
8841b79 feat(operator): Add config to enable/disable scanners (#467)
b136b07 feat: Add HA Support for the Starboard Operator (#452)
56c1a3b feat: Add PluginContext for configuration audit scanners (#474)
9978cf4 feat: Add plugin name and config getter to PluginContext (#475)
20182e2 feat: Deleting a VulnerabilityReport should trigger rescan (#458)
1ddfb87 feat: Integrate Conftest as ConfigAuditReports scanner (#417)
89e3ba8 fix: Skip reconciling Jobs managed by CronJob (#450)
fa27379 refactor: Use client.Client in integration test (#469)
774ee8b refactor: Use client.Client in integration test for operator (#470)
2060f7b refactor: Use custom Gomega matcher to assert VulnerabilityReports (#461)
09c1bc0 chore: Review log statements and error messages (#441)
d12f369 feat(helm): Add ConfigMap template for plugins configuration (#437)
275e215 chore(release): Remove logout step (#408)
9c23ea8 chore: Bump up Trivy from v0.14.0 to v0.16.0 (#412)
c4c4289 chore: Delete deployment descriptors for Trivy server (#436)
42c8621 chore: Publish Starboard Operator Helm chart to our OSS charts repository (#393)
b9c1d27 chore: Trigger Helm chart publishing workflow manually (#439)
27d0ccc chore: Update deployment descriptors (#438)
8325cb2 chore: Upgrade CRD apiVersion from apiextensions.k8s.io/v1beta1 to apiextensions.k8s.io/v1 (#411)
75502ed feat(cli): Update description of get report command (#423)
001ee2c feat(operator): Integrate kube-bench (#404)
7134455 feat: Add AVD links to HTML report (#398)
05cc500 feat: Add AVD reference to KubeHunterReport CR (#407)
004dba6 feat: Deleting a ConfigAuditReport should trigger rescan (#428)
38285f1 feat: Export kube-bench reports to HTML (#422)
5d98f63 feat: Get ConfigAuditReports from ReplicaSet in the same hierarchy (#397)
2954b44 feat: Get vulnerabilities from ReplicaSet in the same hierarchy (#389)
d5278c2 feat: Pass K8s object to configauditreport.Plugin (#420)
8cf7552 feat: Scaffold HTML report for namespace (#413)
52fe3a7 feat: Set security context for kube-bench (#354)
776bb1e feat: Set security context for kube-hunter (#394)
d066379 refactor: Delete *pod.Manager (#429)
30c164c refactor: Merge resources package with kube package (#430)
0e234c1 refactor: Merge rs package with kube package (#431)
a36725a refactor: Move Polaris package under plugin (#419)
a54ed60 refactor: Move aqua package under pkg/plugin (#426)
30b95b2 refactor: Move trivy package under pkg/plugin (#427)
62d47df refactor: Remove redundant args passed to configauditreport.Plugin (#432)
0c9cf08 refactor: Separate kube-bench -specific code (#405)
3892722 refactor: Use factory to instantiate ConfigAuditReport plugins (#418)
9aa35b1 refactor: kubebench.ReadWriter to use controller-runtime Client (#399)
1bb07be refactor: vulnerabilityreport.ReadWriter to use controller-runtime Client (#403)
Docker images
docker pull docker.io/aquasec/starboard:0.10.0docker pull public.ecr.aws/aquasecurity/starboard:0.10.0docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.0docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.0docker pull docker.io/aquasec/starboard-operator:0.10.0docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.0
v0.10.0-rc5
Docker images
docker pull docker.io/aquasec/starboard:0.10.0-rc5docker pull public.ecr.aws/aquasecurity/starboard:0.10.0-rc5docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.0-rc5docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.0-rc5docker pull docker.io/aquasec/starboard-operator:0.10.0-rc5docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.0-rc5
v0.10.0-rc4
Docker images
docker pull docker.io/aquasec/starboard:0.10.0-rc4docker pull public.ecr.aws/aquasecurity/starboard:0.10.0-rc4docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.0-rc4docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.0-rc4docker pull docker.io/aquasec/starboard-operator:0.10.0-rc4docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.0-rc4
v0.10.0-rc3
Docker images
docker pull docker.io/aquasec/starboard:0.10.0-rc3docker pull public.ecr.aws/aquasecurity/starboard:0.10.0-rc3docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.0-rc3docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.0-rc3docker pull docker.io/aquasec/starboard-operator:0.10.0-rc3docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.0-rc3
v0.10.0-rc2
Docker images
docker pull docker.io/aquasec/starboard:0.10.0-rc2docker pull public.ecr.aws/aquasecurity/starboard:0.10.0-rc2docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.0-rc2docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.0-rc2docker pull docker.io/aquasec/starboard-operator:0.10.0-rc2docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.0-rc2
v0.10.0-rc1
Docker images
docker pull docker.io/aquasec/starboard-operator:0.10.0-rc1docker pull public.ecr.aws/aquasecurity/starboard-operator:0.10.0-rc1docker pull docker.io/aquasec/starboard-scanner-aqua:0.10.0-rc1docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.10.0-rc1docker pull docker.io/aquasec/starboard:0.10.0-rc1docker pull public.ecr.aws/aquasecurity/starboard:0.10.0-rc1
v0.9.2
Changelog
699cfb2 fix(helm): Configure service account assigned to operator's pod (#390)
668d43e fix: Aqua logo in HTML report (#383)
6b273d8 fix: Make kube-hunter.quick config param optional (#388)
Docker images
docker pull docker.io/aquasec/starboard:0.9.2docker pull public.ecr.aws/aquasecurity/starboard:0.9.2docker pull docker.io/aquasec/starboard-scanner-aqua:0.9.2docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.9.2docker pull docker.io/aquasec/starboard-operator:0.9.2docker pull public.ecr.aws/aquasecurity/starboard-operator:0.9.2
v0.9.1
Changelog
3912678 chore: Integrate MkDocs with jimporter/mike (#372)
b73ef2a feat: Manage pods controlled by third parties (#376)
8e5503f fix(kube-bench): Auto-detect CIS benchmark sections to run (#378)
8f7cd87 fix: Get registry server from Docker auth key (#379)
057c751 fix: Save security reports for static pods (#370)
Docker images
docker pull docker.io/aquasec/starboard:0.9.1docker pull public.ecr.aws/aquasecurity/starboard:0.9.1docker pull docker.io/aquasec/starboard-scanner-aqua:0.9.1docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.9.1docker pull docker.io/aquasec/starboard-operator:0.9.1docker pull public.ecr.aws/aquasecurity/starboard-operator:0.9.1
v0.9.0
Changelog
ac82c14 chore: Bump up controller-runtime from v0.6.3 to v0.7.1 (#341)
39d80a4 chore: Bump up dependencies (#338)
110c372 chore: Update deployment descriptors and docs (#358)
143085c chore: Verify code in parallel in GitHub Actions workflow (#349)
2a490f9 feat(cli): Provide more details when scan job fails (#328)
ab281e4 feat(operator): Integrate Polaris (#357)
5af029b feat: Add kube-hunter.quick configuration parameter (#331)
585c4b6 feat: Add passing checks count to ConfigAuditReport summary (#348)
8f29f72 feat: Implement configauditreport.ReadWriter using client provided by controller-runtime module (#345)
9f94deb feat: Set security context for Polaris (#360)
81414f8 feat: Set security context for Trivy (#359)
b73bc8c fix(kube-bench): Skip windows nodes (#289)
217d88b fix(operator): Skip workloads in the operator namespace (#362)
8154ee3 fix: Integration tests runner in release workflow (#363)
3a548ef refactor(operator): Use predicates to filter out events added to a worker queue (#352)
807de44 refactor: Cleanup polaris package (#335)
0882c9e refactor: Define interface for resource configuration checkers (#333)
965b180 refactor: Delete StoreInterface in favour of ReadWriter (#321)
b0a8932 refactor: Delete WorkloadVulnerabilities type (#322)
0d45462 refactor: Delete scanners pkg (#351)
725dd4f refactor: Move aqua package (#346)
dbc3726 refactor: Simplify struct used to configure the operator (#344)
27a2885 refactor: Use kube.LogsReader to parse logs and termination statuses (#353)
69e885c refactor: kubebench package (#329)
64802a7 refactor: kubehunter package (#330)
Docker images
docker pull docker.io/aquasec/starboard:0.9.0docker pull public.ecr.aws/aquasecurity/starboard:0.9.0docker pull docker.io/aquasec/starboard-scanner-aqua:0.9.0docker pull public.ecr.aws/aquasecurity/starboard-scanner-aqua:0.9.0docker pull docker.io/aquasec/starboard-operator:0.9.0docker pull public.ecr.aws/aquasecurity/starboard-operator:0.9.0