1. Docs
  2. Changes and releases
  3. Security

Security

  • Security external-secrets v0.20.5

    Changed

    • Update chart metadata to add audience and upstream chart version annotations.
  • Security auth-bundle v0.5.0
  • Security dex-app v2.2.0
  • Security auth-bundle v0.4.0
  • Security starboard-exporter v1.0.2

    Fixed

    • Disable the kubescape scanner input by default.
  • Security athena v1.15.0

    Added

    • Add Gateway API support with HTTPRoute template (.Values.route).
    • Add support for SecurityPolicy resources for authentication via Envoy Gateway.

    Changed

    • Make Ingress resource conditional with .Values.ingress.enabled (defaults to true for backwards compatibility).
  • Security starboard-exporter v1.0.1

    Fixed

    • Downgrade k8s client libraries to v1.34 versions to fix a regression (#135895).
  • Security starboard-exporter v1.0.0

    Announcements

    • starboard-exporter now supports kubescape! In addition to Trivy VulnerabilityReports, starboard-exporter now also supports reconciliation of Kubescape VulnerabilityManifests. Metrics have been updated to include a scanner label, indicating the source type of the data. Trivy and Kubescape can be used simultaneously, or individually toggled on and off. See the README for more information.
    • There is a breaking change to one of the CLI flags in this version. The --vulnerability-scans-enabled flag has been renamed to --trivy-vulnerability-scans-enabled in order to facilitate the new Kubescape scanner support. Users installing via the Helm chart are not affected.

    Added

    • Support for Kubescape vulnerability scanning via VulnerabilityManifest CR.
    • Scanner label (scanner="trivy" or scanner="kubescape") to all vulnerability metrics to distinguish between scanning sources.
    • Command-line flag --kubescape-vulnerability-scans-enabled.
    • Helm values configuration for enabling/disabling individual scanners under exporter.vulnerabilityReports.scanners.
    • Added backwards compatibility for legacy vulnerabilityReports.enabled Helm value (now enables Trivy scanner)

    Changed

    • Renamed Trivy-specific functions and constants to include “Trivy” prefix to distinguish them from Kubescape components while maintaining shared metrics.
    • Command-line flag --vulnerability-scans-enabled to --trivy-vulnerability-scans-enabled (Breaking Change).
  • Security auth-bundle v0.3.0

    Changed

    • Update dependency dex to version v2.1.5.
    • Update dependency ingress-nginx-app to version v4.2.1.
  • Security dex-app v2.1.5

    Added

    • Add muster as a confidential static client for muster OAuth authentication (server-side OAuth proxy).
    • Auto-include muster in dex-k8s-authenticator trustedPeers for seamless token exchange.