Connaisseur v3.4.0

Big news: We are switching programming languages from Python to Golang! 🎉💯 See #1513

Notable features

• The policy rules now support a with.mode option that can be set to mutate or insecureValidateOnly, allowing the mutation of the image reference to be toggled on and off (the default is mutate, meaning references will be mutated; the alternative is considered insecure since it implies that while a trusted image is available, its use is not guaranteed 🤷).
• A caching mechanism in the form of a Redis key-value store now stores the results of a validation for 30 seconds.
• A new feature flag, resourceValidationMode, with supported values all and podsOnly. all is the default, causing Connaisseur to block all resources if they fail validation and mutate them if they pass. podsOnly will still validate all resources but only block and mutate Pod resources, while others are passed through with a warning (similar to PSA). This enhances compatibility with GitOps solutions like ArgoCD by preventing diffs on each reconciliation.
• Notary now supports all TUF compliant keys.
• Setting the with.trustRoot to * for a policy is now supported across all validators, allowing AND conjunctions for all defined trust roots within a validator.
• Custom labels can be added (thanks to @jimonthebarn)

v3.3.4

Refactor

• Black formatting https://github.com/sse-secure-systems/connaisseur/pull/1484

Build

• Fix notary call in getroot utility and improve caching https://github.com/sse-secure-systems/connaisseur/pull/1492

Ci

• Disable non-oci-compliant provenance https://github.com/sse-secure-systems/connaisseur/pull/1515
• Disable image cleanup during public golang test https://github.com/sse-secure-systems/connaisseur/pull/1515
• New testimages https://github.com/sse-secure-systems/connaisseur/pull/1484

Test

• Added oneliner to fix issues with minikube integration tests https://github.com/sse-secure-systems/connaisseur/pull/1480

Docs

• Add example of payload fields https://github.com/sse-secure-systems/connaisseur/pull/1481
• Drop deprecated materialx extension https://github.com/sse-secure-systems/connaisseur/pull/1481

Update

• Bump the pip-packages group with 4 updates https://github.com/sse-secure-systems/connaisseur/pull/1512
• Bump the gh-actions-packages group with 5 updates https://github.com/sse-secure-systems/connaisseur/pull/1514
• Bump the pip-packages group with 5 updates https://github.com/sse-secure-systems/connaisseur/pull/1496

---

What's Changed

• ci: new testimages by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1484
• Payload field documentation by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1481
• fix: Added oneliner to fix issues with minikube by @chrysogonus in https://github.com/sse-secure-systems/connaisseur/pull/1480
• build: Fix Notary call in getRoot utility and improve caching by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1492
• update: bump the pip-packages group with 5 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1496
• update: bump the gh-actions-packages group with 5 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1514
• CI: Disable non-OCI-compliant provenance and disable image cleanup during public Golang test by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1515
• update: bump the pip-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1512
• v3.3.4 by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1516

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.3...v3.3.4

v3.3.3

Fix

• Report notary auth failure https://github.com/sse-secure-systems/connaisseur/pull/1469
• No exceptions on automatic child approval https://github.com/sse-secure-systems/connaisseur/pull/1467

Build

• Removed safety https://github.com/sse-secure-systems/connaisseur/pull/1471
• Fix build of getroot utility https://github.com/sse-secure-systems/connaisseur/pull/1462

Update

• Bump the pip-packages group with 4 updates (#1468) https://github.com/sse-secure-systems/connaisseur/pull/1468
• Bump the gh-actions-packages group with 4 updates (#1466) https://github.com/sse-secure-systems/connaisseur/pull/1466
• Bump the pip-packages group with 6 updates https://github.com/sse-secure-systems/connaisseur/pull/1460
• Bump the gh-actions-packages group with 4 updates https://github.com/sse-secure-systems/connaisseur/pull/1461
• Update anchore/sbom-action to v0.15.1 https://github.com/sse-secure-systems/connaisseur/pull/1439

---

What's Changed

• update: Update anchore/sbom-action to v0.15.1 by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1439
• update: bump the gh-actions-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1461
• update: bump the pip-packages group with 6 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1460
• build: Fix build of getRoot utility by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1462
• fix: no exceptions on automatic child approval by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1467
• fix: Report notary auth failure by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1469
• update: bump the gh-actions-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1466
• update: bump the pip-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1468
• build: removed safety by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1471
• v3.3.3 by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1470

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.2...v3.3.3

What's Changed

• test: fix local integration testing and add script for ease of use by @annekebr in https://github.com/sse-secure-systems/connaisseur/pull/1414
• test: get logs on error case of other-ns integration test by @annekebr in https://github.com/sse-secure-systems/connaisseur/pull/1427
• ci: continue when kubelinter fails by @chrysogonus in https://github.com/sse-secure-systems/connaisseur/pull/1428
• update: Update k8s image registry in default policy by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1429
• update: bump the pip-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1434
• update: bump the gh-actions-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1433
• update: Update Cosign to version 2.2.2 by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1435
• Develop by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1437

New Contributors

• @chrysogonus made their first contribution in https://github.com/sse-secure-systems/connaisseur/pull/1428

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.1...v3.3.2

---

v3.3.2

Ci

• Continue when kubelinter fails https://github.com/sse-secure-systems/connaisseur/pull/1428

Test

• Get logs on error case of other-ns integration test https://github.com/sse-secure-systems/connaisseur/pull/1427
• Fix local integration testing and add script for ease of use https://github.com/sse-secure-systems/connaisseur/pull/1414

Update

• Update cosign to version 2.2.2 https://github.com/sse-secure-systems/connaisseur/pull/1435
• Bump the gh-actions-packages group with 4 updates https://github.com/sse-secure-systems/connaisseur/pull/1433
• Bump the pip-packages group with 4 updates https://github.com/sse-secure-systems/connaisseur/pull/1434
• Update k8s image registry in default policy https://github.com/sse-secure-systems/connaisseur/pull/1429

What's Changed

• build: remove pip package manager after installation of needed python… by @annekebr in https://github.com/sse-secure-systems/connaisseur/pull/1403
• Fix/redundant network calls to notary during auth by @annekebr in https://github.com/sse-secure-systems/connaisseur/pull/1376
• test: Fix unit test to use mocked responses instead of live ones by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1405
• Fix DoS vulnerability by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1407
• update: bump the gh-actions-packages group with 3 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1408
• update: bump the pip-packages group with 3 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1402
• Connaisseur version 3.3.1 by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1409

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.0...v3.3.1

---

Connaisseur v3.3.1

Sec

• Prevent redos during delegation validation https://github.com/sse-secure-systems/connaisseur/pull/1407

Fix

• Add generic timeout for any async operations https://github.com/sse-secure-systems/connaisseur/pull/1407
• Do not redundantly authenticate calls to notary https://github.com/sse-secure-systems/connaisseur/pull/1376

Build

• Remove pip package manager after installation of needed python images https://github.com/sse-secure-systems/connaisseur/pull/1403

Ci

• Add security release annotation if there is a commit with security commit header https://github.com/sse-secure-systems/connaisseur/pull/1407
• Add new sec commit header https://github.com/sse-secure-systems/connaisseur/pull/1407

Test

• Fix unit test to use mocked responses instead of live ones https://github.com/sse-secure-systems/connaisseur/pull/1405
• Add integration test for self hosted notary without auth https://github.com/sse-secure-systems/connaisseur/pull/1376

Docs

• Fix testing instructions https://github.com/sse-secure-systems/connaisseur/pull/1376

Update

• Bump the pip-packages group with 3 updates https://github.com/sse-secure-systems/connaisseur/pull/1402
• Bump the gh-actions-packages group with 3 updates https://github.com/sse-secure-systems/connaisseur/pull/1408
• Add k8s version 1.28 for integration tests https://github.com/sse-secure-systems/connaisseur/pull/1376

What's Changed

• update: bump the gh-actions-packages group with 2 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1343
• update: bump the pip-packages group with 1 update by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1342
• More improvements to integration tests by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1344
• Fix integration test failures by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1331
• Cosign logging by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1347
• Fix RuntimeError by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1334
• update: bump the pip-packages group with 1 update by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1345
• update: bump the gh-actions-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1371
• fix: Allow unset path of delegation by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1372
• update: bump the gh-actions-packages group with 2 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1383
• Cosign 2.2.1 by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1384
• feat: add functional labels by @xopham in https://github.com/sse-secure-systems/connaisseur/pull/1321
• update: bump the pip-packages group with 3 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1389
• update: bump the docker-packages group in /docker with 1 update by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1390
• update: bump the gh-actions-packages group with 2 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1391
• Connaisseur v3.3.0 by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1392

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.2.0...v3.3.0

---

v3.3.0

Feat

• Add functional labels https://github.com/sse-secure-systems/connaisseur/pull/1321
• Update cosign to 2.2.1 https://github.com/sse-secure-systems/connaisseur/pull/1384
• Enable cosign debugging at debug log level https://github.com/sse-secure-systems/connaisseur/pull/1347

Fix

• Correct cosign logging output if manifest_unknown https://github.com/sse-secure-systems/connaisseur/pull/1384
• Allow unset path of delegation https://github.com/sse-secure-systems/connaisseur/pull/1372
• Fix initialization of event loop and prevent runtimeerrors https://github.com/sse-secure-systems/connaisseur/pull/1334

Build

• Update pip version in build container https://github.com/sse-secure-systems/connaisseur/pull/1344

Ci

• Update cosign installer package https://github.com/sse-secure-systems/connaisseur/pull/1347

Test

• Improve execution of local integration test https://github.com/sse-secure-systems/connaisseur/pull/1334
• Correctly mock and actually test with test_update_with_delegation_trust_data https://github.com/sse-secure-systems/connaisseur/pull/1347
• Remove unused imports https://github.com/sse-secure-systems/connaisseur/pull/1347
• Use context managing for sessions https://github.com/sse-secure-systems/connaisseur/pull/1347
• Resolve sporadic integration test failures https://github.com/sse-secure-systems/connaisseur/pull/1331
• Remove non-functional receiver config in tests https://github.com/sse-secure-systems/connaisseur/pull/1344
• Improve debug base pod naming https://github.com/sse-secure-systems/connaisseur/pull/1344

Docs

• Modernize documentation using admonitions and code block titles https://github.com/sse-secure-systems/connaisseur/pull/1321
• Switch note blocks to mkdocs admonitions https://github.com/sse-secure-systems/connaisseur/pull/1321
• Add deployment of kubernetes manifests https://github.com/sse-secure-systems/connaisseur/pull/1321
• Fix deprecated cosign flag in docs https://github.com/sse-secure-systems/connaisseur/pull/1384

Update

• Bump the gh-actions-packages group with 2 updates https://github.com/sse-secure-systems/connaisseur/pull/1391
• Bump the docker-packages group in /docker with 1 update https://github.com/sse-secure-systems/connaisseur/pull/1390
• Bump the pip-packages group with 3 updates https://github.com/sse-secure-systems/connaisseur/pull/1389
• Bump the pip-packages group with 4 updates https://github.com/sse-secure-systems/connaisseur/pull/1384
• Bump the gh-actions-packages group with 2 updates https://github.com/sse-secure-systems/connaisseur/pull/1383
• Bump the gh-actions-packages group with 4 updates https://github.com/sse-secure-systems/connaisseur/pull/1371
• Bump the pip-packages group with 1 update https://github.com/sse-secure-systems/connaisseur/pull/1345
• Bump the pip-packages group with 1 update https://github.com/sse-secure-systems/connaisseur/pull/1342
• Bump the gh-actions-packages group with 2 updates https://github.com/sse-secure-systems/connaisseur/pull/1343

What's Changed

• fix: fix regular integration test by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1309
• feat: explicitly specify containerPort in helm chart by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1308
• docs: add copy/select code buttons by @xopham in https://github.com/sse-secure-systems/connaisseur/pull/1302
• test: fix getRoot utility by @xopham in https://github.com/sse-secure-systems/connaisseur/pull/1295
• docs: fix code blocks in basics by @xopham in https://github.com/sse-secure-systems/connaisseur/pull/1310
• Feat: Validate ephemeral containers by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1311
• update: cosign v2.2.0 by @xopham in https://github.com/sse-secure-systems/connaisseur/pull/1296
• test: Add message to retry of deployment during integration test by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1332
• update: bump the gh-actions-packages group with 4 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1333
• update: bump the pip-packages group with 5 updates by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1338
• Multiple improvements to the integration test setup by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1335
• update: bump the gh-actions-packages group with 1 update by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1336
• Connaisseur release 3.2.0 by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1340

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.1.1...v3.2.0

---

v3.2.0

Feat

• Validate ephemeral containers https://github.com/sse-secure-systems/connaisseur/pull/1311
• Explicitly specify containerport in helm chart https://github.com/sse-secure-systems/connaisseur/pull/1308

Fix

• Getroot base image https://github.com/sse-secure-systems/connaisseur/pull/1295
• Fix regular integration test https://github.com/sse-secure-systems/connaisseur/pull/1309

Refactor

• Add missing variable brackets https://github.com/sse-secure-systems/connaisseur/pull/1335

Ci

• Show non-truncated logs on failure https://github.com/sse-secure-systems/connaisseur/pull/1335

Test

• No uninstall on integration test failure https://github.com/sse-secure-systems/connaisseur/pull/1335
• Run most integration tests on a single replica https://github.com/sse-secure-systems/connaisseur/pull/1335
• Add message to retry of deployment during integration test https://github.com/sse-secure-systems/connaisseur/pull/1332

Docs

• Update unittest recommendation https://github.com/sse-secure-systems/connaisseur/pull/1311
• Fix code blocks in basics https://github.com/sse-secure-systems/connaisseur/pull/1310
• Add copy code buttons and linked content tabs https://github.com/sse-secure-systems/connaisseur/pull/1302

Update

• Bump the gh-actions-packages group with 1 update https://github.com/sse-secure-systems/connaisseur/pull/1336
• Bump the pip-packages group with 5 updates (#1338) https://github.com/sse-secure-systems/connaisseur/pull/1338
• Bump the gh-actions-packages group with 4 updates https://github.com/sse-secure-systems/connaisseur/pull/1333
• Cosign v2.2.0 https://github.com/sse-secure-systems/connaisseur/pull/1296

Fixed some automation problem, which hampered release v3.1.0

What's Changed

• update: version bump by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1300

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.1.0...v3.1.1

⚠️ This release has been fixed by release v3.1.1

What's Changed

• fix: less verbose logging for cosign by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1138
• Make failures visible via metrics in detection mode by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1148
• Update/dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1162
• update: bump bridgecrewio/checkov-action from 12.2434.0 to 12.2463.0 by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1192
• Update/dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1193
• update: update setuptools requirement from ~=68.1.0 to ~=68.1.2 by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1195
• Update/dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1214
• update: trivy-action by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1263
• ci: grouping of dependabot PRs by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1241
• feat: Add pod securityContext to helm chart by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1264
• update: update flask requirement from ~=2.3.3 to ~=3.0.0 by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1267
• Update/dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1268
• fix: switch to python 3.11 by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1275
• Update flask_application.py by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1274
• fix: overloaded requests by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1280
• fix: skip replica to zero by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1262
• Update/dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1281
• ci: add k8s v1.27 integration test by @xopham in https://github.com/sse-secure-systems/connaisseur/pull/1283
• refactor: Minimize software footprint of Dockerfiles by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1282
• update: bump version by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1286
• Develop by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1287

thanks to @FalacerSelene @hsudbrock @jacobkoren1 and @b3n3d17

---

v3.1.0

Feat

• Add pod securitycontext to helm chart

Fix

• Skip replica to zero https://github.com/sse-secure-systems/connaisseur/pull/1262
• Use nest-asyncio https://github.com/sse-secure-systems/connaisseur/pull/1280
• Potential memory leak fix https://github.com/sse-secure-systems/connaisseur/pull/1274
• Switch to python 3.11
• Make failures visible via metrics in detection mode (#1148)
• Less verbose logging for cosign

Refactor

• Minimize software footprint of dockerfiles https://github.com/sse-secure-systems/connaisseur/pull/1282

Ci

• Add k8s v1.27 integration test https://github.com/sse-secure-systems/connaisseur/pull/1283
• Split log and state display https://github.com/sse-secure-systems/connaisseur/pull/1280
• Grouping of dependabot prs (#1241)

Update

• Bump version https://github.com/sse-secure-systems/connaisseur/pull/1286
• Bump bridgecrewio/checkov-action from 12.2519.0 to 12.2526.0 https://github.com/sse-secure-systems/connaisseur/pull/1281
• Update pylint requirement from ~=2.17.7 to ~=3.0.1 https://github.com/sse-secure-systems/connaisseur/pull/1281
• Update mkdocs-material requirement from ~=9.4.2 to ~=9.4.4 https://github.com/sse-secure-systems/connaisseur/pull/1281
• Bump actions/dependency-review-action from 3.0.8 to 3.1.0
• Update setuptools requirement from ~=68.1.2 to ~=68.2.2
• Bump docker/login-action from 2.2.0 to 3.0.0
• Update jsonschema requirement from ~=4.19.0 to ~=4.19.1
• Bump actions/checkout from 4.0.0 to 4.1.0
• Update mkdocs-material requirement from ~=9.2.8 to ~=9.4.2
• Bump github/codeql-action from 2.21.5 to 2.21.9
• Bump bridgecrewio/checkov-action from 12.2486.0 to 12.2519.0
• Update pylint requirement from ~=2.17.5 to ~=2.17.7
• Update flask requirement from ~=2.3.3 to ~=3.0.0
• Trivy-action (#1263)
• Update mkdocs-material requirement from ~=9.1.21 to ~=9.2.8
• Bump actions/checkout from 3.5.3 to 4.0.0
• Bump bridgecrewio/checkov-action from 12.2463.0 to 12.2486.0 https://github.com/sse-secure-systems/connaisseur/pull/1214
• Bump github/codeql-action from 2.21.4 to 2.21.5 https://github.com/sse-secure-systems/connaisseur/pull/1214
• Update flask requirement from ~=2.3.2 to ~=2.3.3 https://github.com/sse-secure-systems/connaisseur/pull/1214
• Update setuptools requirement from ~=68.1.0 to ~=68.1.2 https://github.com/sse-secure-systems/connaisseur/pull/1214
• Update pylint requirement from ~=2.17.4 to ~=2.17.5 https://github.com/sse-secure-systems/connaisseur/pull/1193
• Update mkdocs-material requirement from ~=9.1.19 to ~=9.1.21 https://github.com/sse-secure-systems/connaisseur/pull/1193
• Bump snok/container-retention-policy from 2.1.1 to 2.1.2 https://github.com/sse-secure-systems/connaisseur/pull/1193
• Update jsonschema requirement from ~=4.18.4 to ~=4.19.0 https://github.com/sse-secure-systems/connaisseur/pull/1193
• Bump github/codeql-action from 2.21.0 to 2.21.4 https://github.com/sse-secure-systems/connaisseur/pull/1193
• Bump actions/dependency-review-action from 3.0.6 to 3.0.8 https://github.com/sse-secure-systems/connaisseur/pull/1193
• Update setuptools requirement from ~=68.0.0 to ~=68.1.0
• Bump bridgecrewio/checkov-action from 12.2434.0 to 12.2463.0
• Bump bridgecrewio/checkov-action from 12.2401.0 to 12.2434.0
• Bump github/codeql-action from 2.20.1 to 2.21.0
• Update aiohttp requirement from ~=3.8.4 to ~=3.8.5
• Update jsonschema requirement from ~=4.17.3 to ~=4.18.4
• Update mkdocs-material requirement from ~=9.1.17 to ~=9.1.19
• Update pytest-asyncio requirement from ~=0.21.0 to ~=0.21.1

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.0.0...v3.1.0

More details on the changes are in our documentation

v3.0.0

Feat

• Add serviceaccount annotations to allow irsa
• Support RSA public keys for Cosign
• Update to Cosign 2.0 and switch to asyncio
• Add upgrade script
• Common ancestor for Kubernetes resource configurations
• Create MS Teams alert template

Fix

• Remove old config of Rekor url
• Helm error when setting auth username and password

Refactor

• Feature flag utility
• Dev logging for dev install
• Changed logging format to JSON
• Allow all commented-out config keys to be uncommented and then be valid yaml
• Consistency in feature enablement
• Split off webhook configuration
• Group application configuration under single key
• Remove debug config key
• Improve naming within alerting configuration
• Add Rekor subkey for Cosign host config key
• Consistent config key naming (except alerting)

Build

• Default to appversion

Ci

• Less verbose values.yaml debug

Test

• Remove legacy k8s tests
• Only run alerting for tests that use it
• Add object descriptions in error case

Docs

• Fix release documentation
• Added migration steps
• Fix announcement link
• Fix scripts link
• Add Connaisseur 3 announcement to docs
• Fix default values
• Consistent no/none representation for default and not required values
• Correct alerting documentation
• Add migration documentation

Update

• Bump ossf/scorecard-action from 2.1.3 to 2.2.0
• Bump bridgecrewio/checkov-action from 12.2393.0 to 12.2401.0
• Update mkdocs-material requirement from ~=9.1.16 to ~=9.1.17
• Bump github/codeql-action from 2.20.0 to 2.20.1
• Bump anchore/sbom-action from 0.14.2 to 0.14.3
• Update setuptools requirement from ~=67.8.0 to ~=68.0.0
• Update mkdocs-material requirement from ~=9.1.15 to ~=9.1.16
• Update pytest-mock requirement from ~=3.10.0 to ~=3.11.1
• Bump bridgecrewio/checkov-action from 12.2382.0 to 12.2393.0
• Bump github/codeql-action from 2.3.6 to 2.20.0
• Bump actions/checkout from 3.5.2 to 3.5.3
• Update requests-mock requirement from ~=1.10.0 to ~=1.11.0
• Bump docker/login-action from 2.1.0 to 2.2.0
• Updating more dependencies

What's Changed

• update: updateding dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1087
• feat: create microsoft teams alert template by @antonin-arquey in https://github.com/sse-secure-systems/connaisseur/pull/1066
• feat: create ms teams alert template by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1089
• fix: helm error when setting auth username and password by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1095
• Connaisseur version 3 by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/985
• update: bump docker/login-action from 2.1.0 to 2.2.0 by @dependabot in https://github.com/sse-secure-systems/connaisseur/pull/1092
• Update/dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1107
• Update/dependencies by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1119
• feat: support cosign rsa keys by @xopham in https://github.com/sse-secure-systems/connaisseur/pull/416
• feat: add serviceaccount annotations to allow IRSA by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1126
• refactor: feature flag utility by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1002
• docs: add conny 3 announcement to docs by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1127
• docs: fix scripts link by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1128
• docs: added migration steps by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1130
• Docs: Fix release documentation by @Starkteetje in https://github.com/sse-secure-systems/connaisseur/pull/1131
• Develop by @phbelitz in https://github.com/sse-secure-systems/connaisseur/pull/1129

New Contributors

• @antonin-arquey made their first contribution in https://github.com/sse-secure-systems/connaisseur/pull/1066

Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v2.8.1...v3.0.0