IMPROVEMENTS:
IMPROVEMENTS:
- Unified policies metadata and new console output #208
BUG FIXES:
- Policy recommendations not present in SCC finding summary #206
IMPROVEMENTS:
- Upgraded all direct and transitive dependencies
FEATURES:
- Krew based installation #105
NEW POLICIES:
- GKE intranode visibility #196
- Control plane user basic authentication #197
- Control plane user certificate authentication #197
- Customer-Managed Encryption Keys for persistent disks #197
- Enable Security Posture dashboard #197
- Enable Workload vulnerability scanning #197
IMPROVEMENTS:
- Upgraded direct and indirect dependencies #195
- Adjusted all policies to GKE CIS version 1.4 benchmark #197
- Added Regal for linting Rego #194
BUG FIXES:
- Policy
node_pool_use_cosshould not fail on windows node pools #198
IMPROVEMENTS:
BUG FIXES:
- Added anchors to cluster asset regex for security #190
IMPROVEMENTS:
- Upgraded Go to 1.20
- Upgraded all direct and indirect dependencies
BUG FIXES:
- Upgraded CIRCL indirect dependency to v1.3.3 to fix security issues with error-handling on rand readers (CVE-2023-1732)
FEATURES:
- GKE Scalability checks based on metrics from kube-state-metrics #179
- Introduced external URI and recommendations to the policy model and outputs #131, #141
IMPROVEMENTS:
- Introduced modularized inputs concept #127
- Added PromQL integration with a Cloud Monitoring and self hosted Prometheus for metrics ingestion #132, #178
- Security Command Center output performance improvements #151
- Logs from logger can be stored in a files and in JSON format #155
- Adding -json flag to output results to stdout in JSON format #147
BUG FIXES:
- Fixed variable types in Terraform code #150
IMPROVEMENTS:
- Add support for JSON output to stdout #129
IMPROVEMENTS:
BUG FIXES:
- Tool should not fail on a discovered cluster that does not exist #113
- Failed cluster discovery was not returning an error #104
FEATURES:
- Security Command Center output #100
IMPROVEMENTS:
- Cluster discovery triggered from CLI #92
- New console output, cluster evaluations are now policy oriented #90
- Tool can generate markdown documentation from policies #86
BUG FIXES:
- Cluster discovery skipped zonal clusters due to name pattern mismatch#91
FEATURES:
- Introduced check commands and multiple packages handling #89
- Use of K8S resources data in REGO policies #61
- Policy filtering logic with policy names and groups #69
BUG FIXES:
- Bumped dependency versions, including yaml.3 #84
- Bump github.com/open-policy-agent/opa from 0.38.1 to 0.40.0 #83
FEATURES:
- Terraform serverless solution #75
- Cluster discovery mechanism #59
- Cluster review with cluster data from a file #50
- Command that prints raw cluster data #37
- Policy Evaluation result JSON output to Cloud Storage #34
- Policy Evaluation result JSON output to Pub/Sub #33
- Policy Evaluation result JSON output to local file #5
IMPROVEMENTS:
- Adjusted exit code on errors and improved logging#81
- Custom user-agent in GCP API calls #78
- Default GIT policy source params are set in consistent way #43
BUG FIXES:
- Tool fetches cluster details even if there are no policies #45
FEATURES:
IMPROVEMENTS:
- Mandatory params check and color fix (#26)
BUG FIXES:
- Specifying multiple clusters in
config.yamlcauses panic (#27) - Specifying --local-policy-dir CLI flag is not stopping from reading default GIT repo bug (#21)
- Missing configuration parameters should cause tool to fail fast (#20)
NOTES:
- initial version of the
gke-policytool after migration from PoC project
FEATURES:
gke-policy cluster reviewcommand validates GKE clusters against best practices described with REGO policies