By Category

Back to all categories

Security

Mar 20, 2025 Security cloudnative-pg-app v0.0.7
Added
- Push to CAPI app collections.
Changed
- grafana dashboard: load it to Shared Org (public) organization
Mar 18, 2025 Security teleport-kube-agent-app v0.10.4
Added
- Add headless service on diag port 3000.
Changed
- Migrated to ABS
Mar 17, 2025 Security trivy-app v0.13.4
Changed
- Add API capabilities check for Kyverno PolicyExceptions before switching to v2.
Mar 17, 2025 Security trivy-app v0.13.3
Changed
- Make livenessProbe.initialDelaySeconds configurable.
Mar 17, 2025 Security rbac-operator v0.42.0
Added
- Added support for read-all-customer-groups bindings.
Changed
- Change ownership to Team Shield
Feb 25, 2025 Security kyverno-policies v0.23.0
Added
- Add supplemental security and best practices policies:
  - check-resources-request-and-limits-ratio
  - check-serviceaccount-secrets
  - disallow-gitrepo-volume
  - disallow-latest-tag
  - prevent-bare-pods
  - require-container-requests-and-limits
  - require-emptydir-requests-and-limits
  - require-pod-probes
  - restrict-binding-clusteradmin
  - restrict-binding-system-groups
  - restrict-sa-automount-sa-token
Feb 25, 2025 Security trivy-app v0.13.2
Changed
- Narrow down CiliumNetworkPolicy egress rule to match DNS service only.
- Narrow down CiliumNetworkPolicy ingress rule to allow traffic from namespace.
Feb 20, 2025 Security kyverno-app v0.19.0
Changed
- Update kyverno to upstream version v1.13.4.
- Use GVK for specifying Kinds in core-policies.
- Add runAsGroup to container security contexts.
Feb 20, 2025 Security kyverno-policies v0.22.0
Changed
- Update to upstream Kyverno Policies version 1.13.4.
Added
- Add supplemental policies restrict-external-ips, require-ro-rootfs, and enable upstream policy require-non-root-groups.
- Add supplemental policy to generate default deny-all Network Policies in newly created namespaces.
Feb 5, 2025 Security falco-app v0.10.0
Changed
- Update Falco to upstream version 0.40.0.