Skip to content

Releases: kvesta/vesta

Vesta v1.0.10

21 Apr 09:33
@christasa christasa
v1.0.10
dab816e
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.10 Latest
Latest

Notable Updates:

  • Add CVE-2024-21626 checking
    Checking the mount path, due to the variety of fd number, vesta checks the key path /proc/self/fd in WORKDIR.
  • Add CVE-2024-3094 checking
    Checking the library liblzma.so, refer to detect.sh
  • Add the severity of each Linux capabilities
    Reorder the security severity for different Capabilities based on the ease of exploitation.
md5 filename
7ea0d98f1a9fcb8917cd9834fd51c08e vesta_darwin_amd64
ff58c0fba46ab9e4ac083283de1c5072 vesta_linux_amd64
f8b5b16689ff0dd460a81989970dbcab vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.9

25 Dec 04:51
@christasa christasa
v1.0.9
55d84f3
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.9

Notable Updates:

  • Add Docker Histories environment checking
    The Docker Histories checking inlcuding the malicious variables, unsafe command and hardcode. This feature is implemented in the Docker analysis and image scan, accepting either a tar file or an image ID.
  • Add the filesystem scanning
  • Add BearerToken for authentication
  • Delete the --inside flag in the k8s analysis
    The founction clientcmd.BuildConfigFromFlags will automatically use restclient.InClusterConfig when it can't find the config in user directory. Therefore, remove the redundant inside symbols.
md5 filename
75820c21fc4df579df4dfa12e47eafcd vesta_darwin_amd64
50e4aa00ae5a5ccc5f4ba07ffa239204 vesta_linux_amd64
1b6dc5033ab5bada38d5027fd655d56e vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.8

16 Jul 17:21
@christasa christasa
v1.0.8
f356373
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.8

Notable Updates:

  • Add Docker Swarm Service checking
    Checking the docker config, docker secret in Docker swarm, and find the relevant docker services. Also, reviewing the vulnerable container related to the docker services.
  • Annotate the tag of image checking
    After researching, We find that it is hard to observe evidence of image poisoning, and there are often numerous security issues related to image tags after scanning. Therefore, annotate the image tags checking temporarily.
  • Add dangerous image used checking in Docker
    Each container will also check whether it uses the dangerous image.
  • Add checking of the usage of ephemeral-storage limitation
  • Fixed the incorrect of the input parameter in image scan
md5 filename
12e3734748efcc4352bc197680284cf9 vesta_darwin_amd64
e0210985d0a941bd65e785be33cbf945 vesta_linux_amd64
9d74eded560dccd3b07027b85694b98c vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.7

07 May 08:56
@christasa christasa
v1.0.7
f356373
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.7

Notable Updates:

md5 filename
e91b6dcb80e767d2dd12b5f0fe3268b0 vesta_darwin_amd64
9253b89e2d8afc694ff4f1900cc37361 vesta_linux_amd64
5b0552bb46b50f5044dfef62094d998f vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.6

26 Mar 15:08
@christasa christasa
v1.0.6
023ddfb
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.6

Notable Updates:

  • Add Backdoor Checking in k8s and Docker
    We check the executed binary and malicious commands in each k8s configuration. Detailed references can be found in https://github.com/kvesta/vesta/wiki/Backdoor-Detection.
  • Change the default namespaces of serval checkings
    Change the ConfigMap, Secret, Job, and Cronjob checkings from out-of-whitelist to every namespace.
  • Add PodScurityPolicy and k8s version checking
  • Fixed the inaccuracy of kernel version checking
md5 filename
903f839034771bf56f34c5b1b6693a8c vesta_darwin_amd64
a80a88e55c444c99064c958b9c708652 vesta_linux_amd64
f5e4846dd5e65a4fc3b5f0652166d1ee vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.5

25 Feb 17:02
@christasa christasa
v1.0.5
97395cf
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.5

Notable Updates:

  • Add Python pip analysis from poetry and venv
  • Rewrite part of analysis method of java libraries and add special dependence detected, such as log4j
  • Add some rules of docker analysis
    add some dangerous Linux Capacity checkings, add --pid=host, --net=host to checking list.
md5 filename
5eb1dc394ddea93b256f9acd2da60fb6 vesta_darwin_amd64
9f3f50b3ac049c6978083510fb2ed768 vesta_linux_amd64
55c158c3a30579d4ee3c6ec85cc2fc85 vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.4

06 Feb 12:08
@christasa christasa
v1.0.4
88b76a7
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.4

Notable Updates:

  • Add sidecar Environment Checking, including Env and EnvFrom
    Mainly check the weak password in Env and check ConfigMap or Secret referenced in EnvFrom.
  • Change command upgrade to update
  • Add malicious packages checking
    We collected names of the most popular PyPI packages and known malicious packages, then judged the similarity ratio of official package names.

14/02/2023: fixed DNS panic due to the C.getaddrinfo.

md5 filename
a7e74211ebab589172006b1fc76d6503 vesta_darwin_amd64
2cd17e7c804a981784f2c4e59a842e38 vesta_linux_amd64
ad0f412280c9eb95f61d46f8f0ffcfae vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.3

14 Jan 16:10
@christasa christasa
v1.0.3
88b76a7
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.3

Notable Updates:

  • Add java, php, rust libraries analysis
  • Add istio checking
  • Add Docker history analysis
  • Revise the rules of RBAC checking
    Divide the RBAC vulnerabilities into four categories, high, medium, low and warning. Key resources such as pods, deployments and statefulsets with dangerous verbs such as create, patch and delete need to be noticed. Service account mount path /var/run/secrets/kubernetes.io/serviceaccount/token is checked with RBAC vulnerabilities. Untrusted users are printed for self-checking.
md5 filename
ef292417ac9024281f92f639e81dbe58 vesta_darwin_amd64
62043d3914f567a5987be688afa21e96 vesta_linux_amd64
f1b34889fae13db512a84f9fc48ba20b vesta_windows_amd64.exe
Assets 5
Loading

Vesta v1.0.2

01 Jan 16:30
@christasa christasa
v1.0.2
a18bab4
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.2

Notable Updates:

  • Add cilium checking
  • Add Kubelet read-only-port and kubectl proxy checking
  • Add Etcd safe configuration checking
  • Add RoleBinding checking
  • Optimize layer integration and add go binary analysis
md5 filename
90108eb6831d775c0c3acc7a39b45590 vesta_darwin_amd64
4bedfce3d118c31242f02769ccd8fe1a vesta_darwin_m1
f0089f76d4693241b6cd5d0fd299b7b9 vesta_linux_amd64
e4af14cdd21c9d2cfc6af4b9324a2e4d vesta_windows_amd64.exe
Assets 6
Loading

Vesta v1.0.1

18 Dec 12:16
@christasa christasa
v1.0.1
9f4760d
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Vesta v1.0.1

Notable Updates:

  • Add weak password checking in Configmap and Secret
  • Add weak password checking in Docker env
  • Add Envoy admin checking
md5 filename
9d49884e7853464c3a04b3b8436e4ebc vesta_darwin_amd64
dfe150c086c77fa6026075148483e43f vesta_darwin_m1
237abd4c3985230131501e40bf95c1fc vesta_linux_amd64
9d958437756f21dddabd7797e098f79c vesta_linux_arm
b9bb5ff87b80a558539c4b08fe1020a1 vesta_windows_amd64.exe
Assets 7
Loading