Releases: stackrox/kube-linter
v0.6.0
Changes
- Add ignore paths @titanlien (#460)
- Add check for duplicate name env var @charlesoconor (#461)
- Allow ignoring specific labels in dangling service selector check @heckler1 (#465)
⬆️ Dependencies
8 changes
- Bump docker/metadata-action from 4.2.0 to 4.3.0 @dependabot (#472)
- Bump docker/build-push-action from 3.2.0 to 3.3.0 @dependabot (#473)
- Bump github.com/bmatcuk/doublestar/v4 from 4.0.3 to 4.6.0 @dependabot (#469)
- Bump docker/metadata-action from 4.1.1 to 4.2.0 @dependabot (#468)
- Bump github.com/cert-manager/cert-manager from 1.10.1 to 1.11.0 @dependabot (#470)
- Bump k8s.io/cli-runtime from 0.25.4 to 0.26.0 @dependabot (#463)
- Bump k8s.io/client-go from 0.25.4 to 0.26.0 @dependabot (#464)
- Bump helm.sh/helm/v3 from 3.10.2 to 3.10.3 @dependabot (#462)
Full Changelog: 0.5.1...0.5.2
v0.5.1
Changes
⬆️ Dependencies
27 changes
- Bump github.com/Masterminds/sprig/v3 from 3.2.2 to 3.2.3 @dependabot (#458)
- Bump github.com/cert-manager/cert-manager from 1.10.0 to 1.10.1 @dependabot (#453)
- Bump k8s.io/cli-runtime from 0.25.3 to 0.25.4 @dependabot (#454)
- Bump helm.sh/helm/v3 from 3.10.1 to 3.10.2 @dependabot (#450)
- Bump k8s.io/client-go from 0.25.3 to 0.25.4 @dependabot (#448)
- Bump github.com/spf13/viper from 1.13.0 to 1.14.0 @dependabot (#447)
- Bump github.com/golangci/golangci-lint from 1.50.0 to 1.50.1 @dependabot (#446)
- Bump github.com/cert-manager/cert-manager from 1.9.1 to 1.10.0 @dependabot (#442)
- Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 @dependabot (#443)
- Bump github.com/stretchr/testify from 1.8.0 to 1.8.1 @dependabot (#444)
- Bump k8s.io/cli-runtime from 0.25.2 to 0.25.3 @dependabot (#434)
- Bump docker/metadata-action from 4.1.0 to 4.1.1 @dependabot (#435)
- Bump docker/setup-buildx-action from 2.1.0 to 2.2.1 @dependabot (#436)
- Bump sigstore/cosign-installer from 2.8.0 to 2.8.1 @dependabot (#437)
- Bump helm.sh/helm/v3 from 3.10.0 to 3.10.1 @dependabot (#432)
- Bump docker/login-action from 2.0.0 to 2.1.0 @dependabot (#429)
- Bump sigstore/cosign-installer from 2.7.0 to 2.8.0 @dependabot (#430)
- Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 @dependabot (#424)
- Bump docker/setup-buildx-action from 2.0.0 to 2.1.0 @dependabot (#425)
- Bump docker/metadata-action from 4.0.1 to 4.1.0 @dependabot (#426)
- Bump docker/build-push-action from 3.1.1 to 3.2.0 @dependabot (#427)
- Bump github.com/golangci/golangci-lint from 1.49.0 to 1.50.0 @dependabot (#422)
- Bump golang.org/x/net @tspearconquest (#419)
- Bump sigstore/cosign-installer from 2.6.0 to 2.7.0 @dependabot (#417)
- Bump k8s.io/cli-runtime from 0.25.0 to 0.25.2 @dependabot (#416)
- Bump helm.sh/helm/v3 from 3.9.4 to 3.10.0 @dependabot (#412)
- Bump k8s.io/api from 0.25.0 to 0.25.1 @dependabot (#411)
Full Changelog: 0.5.0...0.5.1
v0.5.0
Changes
- Fix uploading cosign signature for source code @dhaus67 (#409)
- Avoid name clash @dhaus67 (#408)
- Update Go to 1.19 @janisz (#401)
- antiaffinity check with namespaces: selector @jouve (#403)
- feat: Export RegisterObjectKind and MatcherFunc from objectkinds package @heckler1 (#394)
- feat: Add ephemeral containers to PodSpec.AllContainers() @heckler1 (#395)
- Create dangling ingress check @charlesoconor (#388)
- Support all hpa types in dangling-hpa @charlesoconor (#390)
- Skip failing anti-affinity rules if at least one valid rule is found. @dhaus67 (#373)
- Added t.Run() to use test name in unit test @Ankit152 (#374)
- Add release documentation and minor changes to draft release template. @dhaus67 (#372)
- Set permissions to binaries before uploading them. @dhaus67 (#371)
⬆️ Dependencies
17 changes
- Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 @dependabot (#407)
- Bump github.com/spf13/viper from 1.12.0 to 1.13.0 @dependabot (#405)
- Bump helm.sh/helm/v3 from 3.9.2 to 3.9.4 @dependabot (#402)
- Bump k8s.io/cli-runtime from 0.24.3 to 0.25.0 @dependabot (#396)
- Bump k8s.io/client-go from 0.24.3 to 0.25.0 @dependabot (#397)
- Bump github.com/golangci/golangci-lint from 1.48.0 to 1.49.0 @dependabot (#398)
- Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 @dependabot (#399)
- Bump docker/build-push-action from 3.1.0 to 3.1.1 @dependabot (#392)
- Bump github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 @dependabot (#391)
- Bump github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 @dependabot (#385)
- Bump k8s.io/cli-runtime from 0.24.2 to 0.24.3 @dependabot (#384)
- Bump helm.sh/helm/v3 from 3.9.0 to 3.9.2 @dependabot (#381)
- Bump github.com/golangci/golangci-lint from 1.46.2 to 1.47.2 @dependabot (#382)
- Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 @dependabot (#383)
- Bump docker/build-push-action from 3.0.0 to 3.1.0 @dependabot (#379)
- Bump k8s.io/client-go from 0.24.2 to 0.24.3 @dependabot (#376)
- Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 @dependabot (#370)
Full Changelog: 0.4.0...0.4.1
Release changes
For the assets available for each release, there's been a change starting with this release:
Instead of adding tar.gz / zip archives for specific platforms containing the kube-linter binary, the binary have been now added unarchived as replacement.
The kube-linter-linux.tar.gz
archive has been kept for backwards compatability with kube-linter-action, but is deprecated and will be removed with the next release. Hence, there's also no cosign signature available for it.
v0.4.0
Changes
- Adding support for ServiceAccount @trumant (#325)
- Fix typos in HPA replica check @acj (#347)
- Sign archives on release page @janisz (#338)
🚀 Features
- Add support to check dnsConfig options @weixiongny (#358)
🐛 Bug Fixes
🧰 Maintenance
⬆️ Dependencies
20 changes
- Bump github.com/stretchr/testify from 1.7.4 to 1.8.0 @dependabot (#368)
- Bump k8s.io/cli-runtime from 0.24.1 to 0.24.2 @dependabot (#366)
- Bump github.com/owenrumney/go-sarif/v2 from 2.1.1 to 2.1.2 @dependabot (#365)
- Bump k8s.io/client-go from 0.24.1 to 0.24.2 @dependabot (#364)
- Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 @dependabot (#361)
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 @dependabot (#362)
- Bump k8s.io/api from 0.24.1 to 0.24.2 @dependabot (#363)
- Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 @dependabot (#357)
- Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 @dependabot (#355)
- Bump github.com/spf13/viper from 1.11.0 to 1.12.0 @dependabot (#356)
- Bump k8s.io/cli-runtime from 0.24.0 to 0.24.1 @dependabot (#352)
- Bump k8s.io/api from 0.24.0 to 0.24.1 @dependabot (#350)
- Bump k8s.io/apimachinery from 0.24.0 to 0.24.1 @dependabot (#349)
- Bump docker/login-action from 1.14.1 to 2 @dependabot (#345)
- Bump github/codeql-action from 1 to 2 @dependabot (#346)
- Bump helm.sh/helm/v3 from 3.8.2 to 3.9.0 @dependabot (#344)
- Bump github.com/golangci/golangci-lint from 1.46.0 to 1.46.2 @dependabot (#340)
- Bump actions/checkout from 2 to 3 @dependabot (#341)
- Bump actions/setup-go from 2 to 3 @dependabot (#342)
- Bump docker/build-push-action from 2.10.0 to 3.0.0 @dependabot (#343)
Full Changelog: 0.3.0...0.4.0
v0.3.0
Changes
- Run action on tag @janisz (#334)
- Update to Go1.18. @dhaus67 (#326)
- Add new flag to force color output. @dhaus67 (#324)
- Update CODEOWNERS @janisz (#319)
- Be more clear with errors found within anti-affinity rules. @dhaus67 (#318)
- Added target-port template and check for it @mtodor (#310)
- Remove if condition, handled by ignore-branches now. @dhaus67 (#309)
- Ignore dependabot branches. @dhaus67 (#306)
- added link to blog post about writing a custom template @garethahealy (#298)
- Use single workflow to build and test @janisz (#296)
- Create CODEOWNERS @janisz (#293)
- Add support for all current autoscaler hpa versions @mrunesson (#290)
- Add --fail-on-invalid-resource flag @rumstead (#279)
- update docker version in pre-commit-hooks @kenzht (#284)
🐛 Bug Fixes
- Check bash version on bats @janisz (#327)
- Do not alert on missing readiness / liveness probe for init containers. @dhaus67 (#302)
🧰 Maintenance
- Build alpine image and push to dockerhub @janisz (#316)
- Update actions with dependabot @janisz (#320)
- Enable gosec. @dhaus67 (#301)
- Add missing release id to upload artifacts @janisz (#299)
- Release with GH Action @janisz (#297)
- Build and push images to ghcr.io, sign images with cosign. @janisz (#295)
⬆️ Dependencies
20 changes
- Bump k8s.io/client-go from 0.23.6 to 0.24.0 @dependabot (#317)
- Bump actions/upload-artifact from 2 to 3 @dependabot (#329)
- Bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 @dependabot (#333)
- Bump k8s.io/api from 0.23.6 to 0.24.0 @dependabot (#328)
- Bump actions/download-artifact from 2 to 3 @dependabot (#330)
- Bump docker/setup-buildx-action from 79abd3f86f79a9d68a23c75a09a9a85889262adf to 2 @dependabot (#331)
- Bump k8s.io/apimachinery from 0.23.6 to 0.24.0 @dependabot (#314)
- Bump docker/metadata-action from 3.3.0 to 4.0.1 @dependabot (#323)
- Bump docker/login-action from 1.9.0 to 1.14.1 @dependabot (#322)
- Bump actions/cache from 2 to 3 @dependabot (#321)
- Bump honnef.co/go/tools from 0.3.0 to 0.3.1 @dependabot (#315)
- Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 @dependabot (#307)
- Bump k8s.io/cli-runtime from 0.23.5 to 0.23.6 @dependabot (#308)
- Bump k8s.io/client-go from 0.23.5 to 0.23.6 @dependabot (#303)
- Bump k8s.io/api from 0.23.5 to 0.23.6 @dependabot (#304)
- Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 @dependabot (#305)
- Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 @dependabot (#292)
- Bump github.com/spf13/viper from 1.10.1 to 1.11.0 @dependabot (#289)
- Bump honnef.co/go/tools from 0.2.2 to 0.3.0 @dependabot (#280)
- Bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 @dependabot (#281)
Full Changelog: 0.2.6...v0.3.0
What's Changed
- update docker version in pre-commit-hooks by @kenzht in #284
- Bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 by @dependabot in #281
- Bump honnef.co/go/tools from 0.2.2 to 0.3.0 by @dependabot in #280
- Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #289
- Add --fail-on-invalid-resource flag by @rumstead in #279
- Add support for all current autoscaler hpa versions by @mrunesson in #290
- Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 by @dependabot in #292
- Create CODEOWNERS by @janisz in #293
- Use single workflow to build and test by @janisz in #296
- Build and push images to ghcr.io, sign images with cosign. by @janisz in #295
- added link to blog post about writing a custom template by @garethahealy in #298
- Release with GH Action by @janisz in #297
- Add missing release id to upload artifacts by @janisz in #299
- Enable gosec. by @dhaus67 in #301
- Do not alert on missing readiness / liveness probe for init containers. by @dhaus67 in #302
- Ignore dependabot branches. by @dhaus67 in #306
- Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 by @dependabot in #305
- Bump k8s.io/api from 0.23.5 to 0.23.6 by @dependabot in #304
- Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in #303
- Bump k8s.io/cli-runtime from 0.23.5 to 0.23.6 by @dependabot in #308
- Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #307
- Remove if condition, handled by ignore-branches now. by @dhaus67 in #309
- Added target-port template and check for it by @mtodor in #310
- Bump honnef.co/go/tools from 0.3.0 to 0.3.1 by @dependabot in #315
- Update actions with dependabot by @janisz in #320
- Build alpine image and push to dockerhub by @janisz in #316
- Bump actions/cache from 2 to 3 by @dependabot in #321
- Bump docker/login-action from 1.9.0 to 1.14.1 by @dependabot in #322
- Bump docker/metadata-action from 3.3.0 to 4.0.1 by @dependabot in #323
- Be more clear with errors found within anti-affinity rules. by @dhaus67 in #318
- Update CODEOWNERS by @janisz in #319
- Add new flag to force color output. by @dhaus67 in #324
- Update to Go1.18. by @dhaus67 in #326
- Bump k8s.io/apimachinery from 0.23.6 to 0.24.0 by @dependabot in #314
- Check bash version on bats by @janisz in #327
- Bump docker/setup-buildx-action from 79abd3f86f79a9d68a23c75a09a9a85889262adf to 2 by @dependabot in #331
- Bump actions/download-artifact from 2 to 3 by @dependabot in #330
- Bump k8s.io/api from 0.23.6 to 0.24.0 by @dependabot in #328
- Bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 by @dependabot in #333
- Bump actions/upload-artifact from 2 to 3 by @dependabot in #329
- Bump k8s.io/client-go from 0.23.6 to 0.24.0 by @dependabot in #317
- Run action on tag by @janisz in #334
New Contributors
- @kenzht made their first contribution in #284
- @rumstead made their first contribution in #279
- @mrunesson made their first contribution in #290
- @dhaus67 made their first contribution in #301
- @mtodor made their first contribution in #310
Full Changelog: 0.2.6...0.3.0
v0.2.6
KubeLinter v0.2.5
Changes in this version: 0.2.5...0.2.6
Features
- template: add forbidden-annotation (#248)
- docs: Use YAML for parameters in documentation (#247)
- Add a check to enforce node affinities being defined (#265)
- Adding basic support for HorizontalPodAutoscaler resources from autoscalingv2Beta1 (#271)
Bug Fixes
v0.2.5
KubeLinter v0.2.5
Changes in this version: 0.2.4...0.2.5
Features
- Recognize batch/v1 CronJobs (#225)
Bug Fixes
v0.2.4
KubeLinter v0.2.4
Changes in this version: 0.2.3...0.2.4
Features
- Add AllowList parameter to the existing latestTag check (#199)
- Flag pods that are not isolated by a NetworkPolicy (#206)
Bug Fixes
- Ensure that the "results" field is populated in SARIF output even if there are no lint errors (#214)
v0.2.3
KubeLinter v0.2.3
Changes in this version: 0.2.2...0.2.3
Features
- Add template for imagePullPolicy checks (#202 )
- Add check for improper-container-image-tag (#191)
- Add template for update strategy and a basic check (#190)
- Add templates/checks for CIS Benchmarks for RBAC, secret, and namespace (#188)
- Add check for minimum number of replicas (#185)
Bug Fixes
v0.2.2
KubeLinter v0.2.2
Changes in this version: 0.2.1...0.2.2
Features
- Add about a dozen new templates and built-in checks based on Docker CIS benchmarks (#170)
- Add SARIF output (#160)
Bug Fixes
- Make the default service account check not fail when AutomountServiceAccountToken is
false
(#166)