Changes

• Fix uploading cosign signature for source code @dhaus67 (#409)
• Avoid name clash @dhaus67 (#408)
• Update Go to 1.19 @janisz (#401)
• antiaffinity check with namespaces: selector @jouve (#403)
• feat: Export RegisterObjectKind and MatcherFunc from objectkinds package @heckler1 (#394)
• feat: Add ephemeral containers to PodSpec.AllContainers() @heckler1 (#395)
• Create dangling ingress check @charlesoconor (#388)
• Support all hpa types in dangling-hpa @charlesoconor (#390)
• Skip failing anti-affinity rules if at least one valid rule is found. @dhaus67 (#373)
• Added t.Run() to use test name in unit test @Ankit152 (#374)
• Add release documentation and minor changes to draft release template. @dhaus67 (#372)
• Set permissions to binaries before uploading them. @dhaus67 (#371)

⬆️ Dependencies

17 changes

• Bump sigstore/cosign-installer from 2.5.1 to 2.6.0 @dependabot (#407)
• Bump github.com/spf13/viper from 1.12.0 to 1.13.0 @dependabot (#405)
• Bump helm.sh/helm/v3 from 3.9.2 to 3.9.4 @dependabot (#402)
• Bump k8s.io/cli-runtime from 0.24.3 to 0.25.0 @dependabot (#396)
• Bump k8s.io/client-go from 0.24.3 to 0.25.0 @dependabot (#397)
• Bump github.com/golangci/golangci-lint from 1.48.0 to 1.49.0 @dependabot (#398)
• Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 @dependabot (#399)
• Bump docker/build-push-action from 3.1.0 to 3.1.1 @dependabot (#392)
• Bump github.com/golangci/golangci-lint from 1.47.3 to 1.48.0 @dependabot (#391)
• Bump github.com/golangci/golangci-lint from 1.47.2 to 1.47.3 @dependabot (#385)
• Bump k8s.io/cli-runtime from 0.24.2 to 0.24.3 @dependabot (#384)
• Bump helm.sh/helm/v3 from 3.9.0 to 3.9.2 @dependabot (#381)
• Bump github.com/golangci/golangci-lint from 1.46.2 to 1.47.2 @dependabot (#382)
• Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 @dependabot (#383)
• Bump docker/build-push-action from 3.0.0 to 3.1.0 @dependabot (#379)
• Bump k8s.io/client-go from 0.24.2 to 0.24.3 @dependabot (#376)
• Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 @dependabot (#370)

Full Changelog: https://github.com/stackrox/kube-linter/compare/0.4.0...0.4.1

Release changes

For the assets available for each release, there's been a change starting with this release: Instead of adding tar.gz / zip archives for specific platforms containing the kube-linter binary, the binary have been now added unarchived as replacement. The kube-linter-linux.tar.gz archive has been kept for backwards compatability with kube-linter-action, but is deprecated and will be removed with the next release. Hence, there's also no cosign signature available for it.

Changes

• Adding support for ServiceAccount @trumant (#325)
• Fix typos in HPA replica check @acj (#347)
• Sign archives on release page @janisz (#338)

🚀 Features

• Add support to check dnsConfig options @weixiongny (#358)

🐛 Bug Fixes

• Release archives and use release tag @janisz (#337)

🧰 Maintenance

• Remove unused staticcheck import @janisz (#348)
• Remove circleci @janisz (#332)

⬆️ Dependencies

20 changes

• Bump github.com/stretchr/testify from 1.7.4 to 1.8.0 @dependabot (#368)
• Bump k8s.io/cli-runtime from 0.24.1 to 0.24.2 @dependabot (#366)
• Bump github.com/owenrumney/go-sarif/v2 from 2.1.1 to 2.1.2 @dependabot (#365)
• Bump k8s.io/client-go from 0.24.1 to 0.24.2 @dependabot (#364)
• Bump github.com/stretchr/testify from 1.7.2 to 1.7.4 @dependabot (#361)
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 @dependabot (#362)
• Bump k8s.io/api from 0.24.1 to 0.24.2 @dependabot (#363)
• Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 @dependabot (#357)
• Bump github.com/stretchr/testify from 1.7.1 to 1.7.2 @dependabot (#355)
• Bump github.com/spf13/viper from 1.11.0 to 1.12.0 @dependabot (#356)
• Bump k8s.io/cli-runtime from 0.24.0 to 0.24.1 @dependabot (#352)
• Bump k8s.io/api from 0.24.0 to 0.24.1 @dependabot (#350)
• Bump k8s.io/apimachinery from 0.24.0 to 0.24.1 @dependabot (#349)
• Bump docker/login-action from 1.14.1 to 2 @dependabot (#345)
• Bump github/codeql-action from 1 to 2 @dependabot (#346)
• Bump helm.sh/helm/v3 from 3.8.2 to 3.9.0 @dependabot (#344)
• Bump github.com/golangci/golangci-lint from 1.46.0 to 1.46.2 @dependabot (#340)
• Bump actions/checkout from 2 to 3 @dependabot (#341)
• Bump actions/setup-go from 2 to 3 @dependabot (#342)
• Bump docker/build-push-action from 2.10.0 to 3.0.0 @dependabot (#343)

Full Changelog: https://github.com/stackrox/kube-linter/compare/0.3.0...0.4.0

Changes

• Run action on tag @janisz (#334)
• Update to Go1.18. @dhaus67 (#326)
• Add new flag to force color output. @dhaus67 (#324)
• Update CODEOWNERS @janisz (#319)
• Be more clear with errors found within anti-affinity rules. @dhaus67 (#318)
• Added target-port template and check for it @mtodor (#310)
• Remove if condition, handled by ignore-branches now. @dhaus67 (#309)
• Ignore dependabot branches. @dhaus67 (#306)
• added link to blog post about writing a custom template @garethahealy (#298)
• Use single workflow to build and test @janisz (#296)
• Create CODEOWNERS @janisz (#293)
• Add support for all current autoscaler hpa versions @mrunesson (#290)
• Add --fail-on-invalid-resource flag @rumstead (#279)
• update docker version in pre-commit-hooks @kenzht (#284)

🐛 Bug Fixes

• Check bash version on bats @janisz (#327)
• Do not alert on missing readiness / liveness probe for init containers. @dhaus67 (#302)

🧰 Maintenance

• Build alpine image and push to dockerhub @janisz (#316)
• Update actions with dependabot @janisz (#320)
• Enable gosec. @dhaus67 (#301)
• Add missing release id to upload artifacts @janisz (#299)
• Release with GH Action @janisz (#297)
• Build and push images to ghcr.io, sign images with cosign. @janisz (#295)

⬆️ Dependencies

20 changes

• Bump k8s.io/client-go from 0.23.6 to 0.24.0 @dependabot (#317)
• Bump actions/upload-artifact from 2 to 3 @dependabot (#329)
• Bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 @dependabot (#333)
• Bump k8s.io/api from 0.23.6 to 0.24.0 @dependabot (#328)
• Bump actions/download-artifact from 2 to 3 @dependabot (#330)
• Bump docker/setup-buildx-action from 79abd3f86f79a9d68a23c75a09a9a85889262adf to 2 @dependabot (#331)
• Bump k8s.io/apimachinery from 0.23.6 to 0.24.0 @dependabot (#314)
• Bump docker/metadata-action from 3.3.0 to 4.0.1 @dependabot (#323)
• Bump docker/login-action from 1.9.0 to 1.14.1 @dependabot (#322)
• Bump actions/cache from 2 to 3 @dependabot (#321)
• Bump honnef.co/go/tools from 0.3.0 to 0.3.1 @dependabot (#315)
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 @dependabot (#307)
• Bump k8s.io/cli-runtime from 0.23.5 to 0.23.6 @dependabot (#308)
• Bump k8s.io/client-go from 0.23.5 to 0.23.6 @dependabot (#303)
• Bump k8s.io/api from 0.23.5 to 0.23.6 @dependabot (#304)
• Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 @dependabot (#305)
• Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 @dependabot (#292)
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 @dependabot (#289)
• Bump honnef.co/go/tools from 0.2.2 to 0.3.0 @dependabot (#280)
• Bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 @dependabot (#281)

Full Changelog: https://github.com/stackrox/kube-linter/compare/0.2.6...v0.3.0

What's Changed

• update docker version in pre-commit-hooks by @kenzht in https://github.com/stackrox/kube-linter/pull/284
• Bump github.com/golangci/golangci-lint from 1.45.0 to 1.45.2 by @dependabot in https://github.com/stackrox/kube-linter/pull/281
• Bump honnef.co/go/tools from 0.2.2 to 0.3.0 by @dependabot in https://github.com/stackrox/kube-linter/pull/280
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in https://github.com/stackrox/kube-linter/pull/289
• Add --fail-on-invalid-resource flag by @rumstead in https://github.com/stackrox/kube-linter/pull/279
• Add support for all current autoscaler hpa versions by @mrunesson in https://github.com/stackrox/kube-linter/pull/290
• Bump helm.sh/helm/v3 from 3.8.1 to 3.8.2 by @dependabot in https://github.com/stackrox/kube-linter/pull/292
• Create CODEOWNERS by @janisz in https://github.com/stackrox/kube-linter/pull/293
• Use single workflow to build and test by @janisz in https://github.com/stackrox/kube-linter/pull/296
• Build and push images to ghcr.io, sign images with cosign. by @janisz in https://github.com/stackrox/kube-linter/pull/295
• added link to blog post about writing a custom template by @garethahealy in https://github.com/stackrox/kube-linter/pull/298
• Release with GH Action by @janisz in https://github.com/stackrox/kube-linter/pull/297
• Add missing release id to upload artifacts by @janisz in https://github.com/stackrox/kube-linter/pull/299
• Enable gosec. by @dhaus67 in https://github.com/stackrox/kube-linter/pull/301
• Do not alert on missing readiness / liveness probe for init containers. by @dhaus67 in https://github.com/stackrox/kube-linter/pull/302
• Ignore dependabot branches. by @dhaus67 in https://github.com/stackrox/kube-linter/pull/306
• Bump k8s.io/apimachinery from 0.23.5 to 0.23.6 by @dependabot in https://github.com/stackrox/kube-linter/pull/305
• Bump k8s.io/api from 0.23.5 to 0.23.6 by @dependabot in https://github.com/stackrox/kube-linter/pull/304
• Bump k8s.io/client-go from 0.23.5 to 0.23.6 by @dependabot in https://github.com/stackrox/kube-linter/pull/303
• Bump k8s.io/cli-runtime from 0.23.5 to 0.23.6 by @dependabot in https://github.com/stackrox/kube-linter/pull/308
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in https://github.com/stackrox/kube-linter/pull/307
• Remove if condition, handled by ignore-branches now. by @dhaus67 in https://github.com/stackrox/kube-linter/pull/309
• Added target-port template and check for it by @mtodor in https://github.com/stackrox/kube-linter/pull/310
• Bump honnef.co/go/tools from 0.3.0 to 0.3.1 by @dependabot in https://github.com/stackrox/kube-linter/pull/315
• Update actions with dependabot by @janisz in https://github.com/stackrox/kube-linter/pull/320
• Build alpine image and push to dockerhub by @janisz in https://github.com/stackrox/kube-linter/pull/316
• Bump actions/cache from 2 to 3 by @dependabot in https://github.com/stackrox/kube-linter/pull/321
• Bump docker/login-action from 1.9.0 to 1.14.1 by @dependabot in https://github.com/stackrox/kube-linter/pull/322
• Bump docker/metadata-action from 3.3.0 to 4.0.1 by @dependabot in https://github.com/stackrox/kube-linter/pull/323
• Be more clear with errors found within anti-affinity rules. by @dhaus67 in https://github.com/stackrox/kube-linter/pull/318
• Update CODEOWNERS by @janisz in https://github.com/stackrox/kube-linter/pull/319
• Add new flag to force color output. by @dhaus67 in https://github.com/stackrox/kube-linter/pull/324
• Update to Go1.18. by @dhaus67 in https://github.com/stackrox/kube-linter/pull/326
• Bump k8s.io/apimachinery from 0.23.6 to 0.24.0 by @dependabot in https://github.com/stackrox/kube-linter/pull/314
• Check bash version on bats by @janisz in https://github.com/stackrox/kube-linter/pull/327
• Bump docker/setup-buildx-action from 79abd3f86f79a9d68a23c75a09a9a85889262adf to 2 by @dependabot in https://github.com/stackrox/kube-linter/pull/331
• Bump actions/download-artifact from 2 to 3 by @dependabot in https://github.com/stackrox/kube-linter/pull/330
• Bump k8s.io/api from 0.23.6 to 0.24.0 by @dependabot in https://github.com/stackrox/kube-linter/pull/328
• Bump github.com/golangci/golangci-lint from 1.45.2 to 1.46.0 by @dependabot in https://github.com/stackrox/kube-linter/pull/333
• Bump actions/upload-artifact from 2 to 3 by @dependabot in https://github.com/stackrox/kube-linter/pull/329
• Bump k8s.io/client-go from 0.23.6 to 0.24.0 by @dependabot in https://github.com/stackrox/kube-linter/pull/317
• Run action on tag by @janisz in https://github.com/stackrox/kube-linter/pull/334

New Contributors

• @kenzht made their first contribution in https://github.com/stackrox/kube-linter/pull/284
• @rumstead made their first contribution in https://github.com/stackrox/kube-linter/pull/279
• @mrunesson made their first contribution in https://github.com/stackrox/kube-linter/pull/290
• @dhaus67 made their first contribution in https://github.com/stackrox/kube-linter/pull/301
• @mtodor made their first contribution in https://github.com/stackrox/kube-linter/pull/310

Full Changelog: https://github.com/stackrox/kube-linter/compare/0.2.6...0.3.0

KubeLinter v0.2.5

Changes in this version: https://github.com/stackrox/kube-linter/compare/0.2.5...0.2.6

Features

• template: add forbidden-annotation (#248)
• docs: Use YAML for parameters in documentation (#247)
• Add a check to enforce node affinities being defined (#265)
• Adding basic support for HorizontalPodAutoscaler resources from autoscalingv2Beta1 (#271)

Bug Fixes

• fix command name for shell completion (#231)
• Update the latest-tag check to capture the case where no tags are specified (#233)
• Use go install for installing binaries (#235)
• Ports check: Assume protocol is TCP if not specified (#230)
• Return non-zero exit status on no valid objects (#209)

KubeLinter v0.2.5

Changes in this version: https://github.com/stackrox/kube-linter/compare/0.2.4...0.2.5

Features

• Recognize batch/v1 CronJobs (#225)

Bug Fixes

• 'deprecated-service-account-field' should pass if both 'serviceAccount' and 'serviceAccountName' are set (#218)
• Fix object paths when Helm chart was renamed (#226)
• Correctly detect the replica count and selector for DeploymentConfig objects (#219)

KubeLinter v0.2.4

Changes in this version: https://github.com/stackrox/kube-linter/compare/0.2.3...0.2.4

Features

• Add AllowList parameter to the existing latestTag check (#199)
• Flag pods that are not isolated by a NetworkPolicy (#206)

Bug Fixes

• Ensure that the "results" field is populated in SARIF output even if there are no lint errors (#214)

KubeLinter v0.2.3

Changes in this version: https://github.com/stackrox/kube-linter/compare/0.2.2...0.2.3

Features

• Add template for imagePullPolicy checks (#202 )
• Add check for improper-container-image-tag (#191)
• Add template for update strategy and a basic check (#190)
• Add templates/checks for CIS Benchmarks for RBAC, secret, and namespace (#188)
• Add check for minimum number of replicas (#185)

Bug Fixes

KubeLinter v0.2.2

Changes in this version: https://github.com/stackrox/kube-linter/compare/0.2.1...0.2.2

Features

• Add about a dozen new templates and built-in checks based on Docker CIS benchmarks (#170)
• Add SARIF output (#160)

Bug Fixes

• Make the default service account check not fail when AutomountServiceAccountToken is false (#166)

KubeLinter v0.2.1

Changes in this version: https://github.com/stackrox/kube-linter/compare/0.2.0...0.2.1

Features

• Add JSON output (#131)

Bug Fixes

• Fix regression where kube-linter lint would fail on Windows (#162)

KubeLinter v0.2.0

Changes in this version: https://github.com/stackrox/kube-linter/compare/0.1.6...0.2.0

Features

• Add OpenShift DeploymentConfig Schema (#153)

General Improvements

• Update Kube library dependencies to 1.20 (#138)
• Update to Go 1.16 (#151)
• Add default names for config files (#148)

Bug Fixes

• Fix bug where some options in the config file were not honoured (#150)