By Category

Back to all categories

Security

Mar 20, 2025 Security cloudnative-pg-app v0.0.7
Added
- Push to CAPI app collections.
Changed
- grafana dashboard: load it to Shared Org (public) organization
Mar 18, 2025 Security teleport-kube-agent-app v0.10.4
Added
- Add headless service on diag port 3000.
Changed
- Migrated to ABS
Mar 17, 2025 Security trivy-app v0.13.4
Changed
- Add API capabilities check for Kyverno PolicyExceptions before switching to v2.
Mar 17, 2025 Security trivy-app v0.13.3
Changed
- Make livenessProbe.initialDelaySeconds configurable.
Mar 17, 2025 Security rbac-operator v0.42.0
Added
- Added support for read-all-customer-groups bindings.
Changed
- Change ownership to Team Shield
Feb 25, 2025 Security kyverno-policies v0.23.0
Added
- Add supplemental security and best practices policies:
  - check-resources-request-and-limits-ratio
  - check-serviceaccount-secrets
  - disallow-gitrepo-volume
  - disallow-latest-tag
  - prevent-bare-pods
  - require-container-requests-and-limits
  - require-emptydir-requests-and-limits
  - require-pod-probes
  - restrict-binding-clusteradmin
  - restrict-binding-system-groups
  - restrict-sa-automount-sa-token
Feb 25, 2025 Security trivy-app v0.13.2
Changed
- Narrow down CiliumNetworkPolicy egress rule to match DNS service only.
- Narrow down CiliumNetworkPolicy ingress rule to allow traffic from namespace.
Feb 20, 2025 Security kyverno-app v0.19.0
Changed
- Update kyverno to upstream version v1.13.4.
- Use GVK for specifying Kinds in core-policies.
- Add runAsGroup to container security contexts.
Feb 20, 2025 Security kyverno-policies v0.22.0
Changed
- Update to upstream Kyverno Policies version 1.13.4.
Added
- Add supplemental policies restrict-external-ips, require-ro-rootfs, and enable upstream policy require-non-root-groups.
- Add supplemental policy to generate default deny-all Network Policies in newly created namespaces.
Feb 5, 2025 Security falco-app v0.10.0
Changed
- Update Falco to upstream version 0.40.0

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.