2022.4.1

What's Changed

• Correct the service name in the Scanner and Ingress by @FrederikNJS in #12
• Correct image pull secret name in service account by @FrederikNJS in #13
• Fixed by @niso120b in #14
• Update to fix errors in contents and English by @Josh-aqua in #16
• Update README.md by @Josh-aqua in #21
• Update README.md by @Josh-aqua in #22
• 4.0 by @niso120b in #23
• Update Helm Chart App Versions by @niso120b in #24
• 4.0 by @niso120b in #25
• Update Pod Security Policy Labels by @niso120b in #27
• Update Aqua Security Version To 4.0 by @niso120b in #28
• Update Aqua Enforcer by @niso120b in #30
• Update Privileged Options by @niso120b in #31
• 4.0 by @niso120b in #32
• Error can't evaluate field nodeSelector in type interface {} when specifying a nodeSelector by @jamsyoung in #33
• Fix default runc flag by @eranbibi in #35
• fixing issue - can't evaluate field Release in type interface by @kcorupe in #37
• Add GKE marketplace docs by @oranmoshai in #49
• Add resource key for enforce, use resources and probe keys by @spencergilbert in #51
• Added HTTP proxy vars for web deployment by @ap0phi5 in #45
• made use of hosts in console web ingress optional by @kkleidal in #40
• Fix apiVersion for Ingress by @paaloeye in #70
• Remove the reference to the namespace in the rbac template file #54 by @mohatagarvit in #55
• Fixed typo errors and made few grammatical fixes by @steffinstanly in #57
• fix: add repo with tls by @amalucelli in #71
• fix: Remove AQUA_DOCKERLESS_SCANNING overriding value of 1 by @danielpacak in #84
• Update values.yaml by @cpt-redbeard in #90
• docs: Rename scanner.replicas to scanner.replicaCount by @danielpacak in #85
• Fix 'serviceName' parameter of scanner in README. by @akin-ozer in #76
• Bugfix: Use release namespace for ClusterRoleBinding by @labaneilers in #77
• Added helm chart support for KubeEnforcer by @VineethReddy02 in #86
• Improvements for KubeEnforcer helm charts by @VineethReddy02 in #93
• docs: update KubeEnforcer docs to be consistent with others by @agilgur5 in #108
• docs: consistently use "Issues and feedback" section by @agilgur5 in #106
• fix spelling, capitalization, and formatting errors in docs by @agilgur5 in #97
• docs/fix: use correct default secret name in imagepullsecret docs by @agilgur5 in #103
• docs: clarify setting imageCredentials.create: false by @agilgur5 in #104
• Incorrect parentheses by @Hefeweizen in #101
• Correct minor typo by @Hefeweizen in #100
• docs: consistently link to docs/imagepullsecret.md in all charts by @agilgur5 in #105
• fix/docs: dated TLS auth link in KubeEnforcer docs' ToC by @niso120b in #109
• Update kube-enforcer helm chart docs by @VineethReddy02 in #121
• Support for KE helm install 5.3 by @VineethReddy02 in #128
• Change default for Ingress annotations to a map by @nafarlee in #127
• Allow defining annotations on the web Service by @nafarlee in #126
• Change the README.md steps sequence for KE by @VineethReddy02 in #129
• add envoy support by @niso120b in #132
• Invalid container name when using non-privileged by @kenmccann in #131
• Add webhooks failure policy for Kube-Enforcer by @VineethReddy02 in #133
• Documentation updates and new helm charts by @ppandrangi in #135
• Merging master into 5.3 by @ppandrangi in #136
• New Create & Update verbs for Secret object by @SaiMandalo in #137
• 6.0 | New Create & Update verbs for Secret object by @SaiMandalo in #138
• Adding log level env variable by @ppandrangi in #139
• Adding support for split database by @ppandrangi in #140
• master | Remove 'UPDATE' operation from validation by @SaiMandalo in #144
• 5.3 | Remove 'UPDATE' operation from validation hook by @SaiMandalo in #143
• README typo - secret command fixed by @kenmccann in #147
• Envoy fix slk 29686 by @KoppulaRajender in #155
• 6.0| Fix to support rawk8s 1.19+ mutation certs by @SaiMandalo in #160
• envoy_ns_enhancement_6 by @KoppulaRajender in #165
• Fix 148 branch 6.0 by @KoppulaRajender in #170
• adding default probes for web deployment for 6.0 branch by @KoppulaRajender in #172
• Gateway probes & KE resources fix 6.0 by @KoppulaRajender in #176
• Awsnlb steps 6 by @KoppulaRajender in #180
• Enforcer certs fix for 6.0 branch by @KoppulaRajender in #183
• Rc1 tag by @KoppulaRajender in #188
• adding platform specific rbac(openshift) + security contexts for server and gateway charts by @KoppulaRajender in #187
• multiple gateway support for enforcer env: Aqua_Server 6.0 by @KoppulaRajender in #185
• adding securitycontext for scanner 6.0 by @KoppulaRajender in #190
• Init Container for DB by @KoppulaRajender in #192
• adding ocp route, mTLS certs config | fixing issues by @KoppulaRajender in #194
• updating tag to 6.0.21040 by @KoppulaRajender in #195
• support for advance ke | fixing lint issue | support for existing cert secrets in KE by @KoppulaRajender in #198
• fixing advance KE deployment blockers by @KoppulaRajender in #202
• Updating scanner helm chart version by @KoppulaRajender in #203
• adding platform support for tkg and tkgi by @KoppulaRajender in #206
• 6.0 | fix | loading db passwords from secrets by @KoppulaRajender in #210
• 6.0 | adding security context for kubeenforcer by @KoppulaRajender in #212
• Change image tag to 6.0 after GA. by @guyyakir in #216
• 6.0 | adding imagecreds for scanner by @KoppulaRajender in #214
• 6.0 | fixing imagecreds bug and Updating Readme by @KoppulaRajender in #219
• 6.0 | fixing typo with environment spelling by @KoppulaRajender in #222
• chore: codespell by @krol3 in #225
• 6.0 | adding tenant manager & adding scheme for scanner by @KoppulaRajender in #229
• 6.0 | adding platform support for rancher by @KoppulaRajender in #238
• 6.0 | fixing enforcer serviceaccount naming bug by @KoppulaRajender in #243
• Update README.md by @Josh-aqua in #237
• 6.0 | KE timeouts && maintenance DB env by @KoppulaRajender in #245
• 6.2 | updating tags and versions to 6.2 by @KoppulaRajender in #250
• 6.2 | adding readme for maintenance DB parameter and support in TM by @KoppulaRajender in #254
• 6.2 | Adding additional README | enhancing KE certs secret by @KoppulaRajender in #258
• 6.2 | Adding changelog by @KoppulaRajender in #262
• 6.2 | fixing scanner serviceaccount bug & KE imagesecrets bug by @KoppulaRajender in #263
• 6.2 | Adding simple mTLS solution for server gateway enforcer and updated readme by @KoppulaRajender in #266
• 6.2 | loadbalancerIP support for server chart services && scanner password from secret by @KoppulaRajender in #271
• 6.2 | updating activeactive, clustermode details in readme by @KoppulaRajender in #273
• 6.2 | Updating changelog and Readme by @KoppulaRajender in #277
• 6.2 | updating 6.2 tag to RC2 by @KoppulaRajender in #281
• 6.2 | KE Starboard | New | Adding KubeEnforcer Starboard Chart by @KoppulaRajender in #286
• 6.2 | KE Starboard | Bug | Updating ke starboard readme file by @KoppulaRajender in #287
• 6.2 | Server | Enhancement | Envoy config templated and TLS certs for listener and cluster by @andreazorzetto in #285
• 6.2 | Server | Fix | Disabling DB persistence doesn't work by @andreazorzetto in #288
• 6.2 | server | fix | adding AQUA_PUBSUB_DBSSL value by @KoppulaRajender in #291
• 6.2 | Changelog | updating changelog by @KoppulaRajender in #294
• 6.2 | Update | 6.2 tag to 6.2.21166 by @KoppulaRajender in #297
• 6.2 | Gateway | Fix | Enhancement | mTLS Support & Loading DB passwords form secrets & fixing bugs by @KoppulaRajender in #300
• 6.2 | server | enhancement | adding support for k3s and gaintswarm platform by @KoppulaRajender in #304
• 6.2 | KE | Enhancement | TLS/mTLS support by @KoppulaRajender in #307
• 6.2 | All | Updating tags to 6.2 by @KoppulaRajender in #308
• FIX: kube-enforcer namespace is taken from values and not static by @andreazorzetto in #309
• Fix 'helm lint' errors by @gezb in #312
• added podAnnotations to all templates by @sebidude in #316
• 6.2 | adding changelog by @KoppulaRajender in #320
• 6.2 | Updating KE readme files by @KoppulaRajender in #323
• 6.2 | fixing enforcer token conversion by @KoppulaRajender in #325
• 6.2 | All | Bug | fixing mandatory rootca filename bug by @KoppulaRajender in #329
• Update README.md by @Josh-aqua in #327
• 6.2 | Sever | Enhancement | adding aquasec registry envoy image by @KoppulaRajender in #333
• Allow web ingress path to be configured by @gezb in #313
• Allow creation of the kube-enforcer-token secret to be disabled by @gezb in #314
• Add NodeSelector support to the Kube Enforcer chart by @gezb in #315
• Fix ServiceAccount name on ClusterRoleBinding by @gezb in #334
• 6.2 | adding changelog by @KoppulaRajender in #339
• 6.5_Unofficial | KE | Making ke starboard default by @KoppulaRajender in #340
• 6.5 | fixing KE issues and adding namespace to all component templates by @KoppulaRajender in #361
• 6.5 | Fix | Kube-enforcer | Validating Webhook missing UPDATE capability by @andreazorzetto in #364
• 6.5 unofficial | adding 6.2 preview7 tag && adding jenkinsfile and dockerfile" by @KoppulaRajender in #370
• 6.5 | Fix | Envoy | No Load-balancer finalizer for non-LoadBalancer service type by @andreazorzetto in #368
• 6.5 | updating to latest starboard image by @KoppulaRajender in #373
• 6.5 | ALL | updating tag to preview9 and fixing envoy config by @KoppulaRajender in #375
• 6.5 | fixing quickstart helm chart by @KoppulaRajender in #376
• 6.5 | ALL | updating image tag & KE starboard fixes by @KoppulaRajender in #379
• 6.5 | Fix | README: missing info about envoy.service.annotations by @andreazorzetto in #377
• 6.5 | ALL | updating readme files by @KoppulaRajender in #380
• 6.5 | Kubeenforcer | adding KE mtls support and fixing certs bug by @KoppulaRajender in #381
• 6.5 | All | updating image tags to 6.5 GA by @KoppulaRajender in #382
• 6.5 | cloud connector by @sudhirsinghaqua in #383
• 6.5 | cybercenter & cloud connector | Adding cyber center chart & fixing cloud connector by @KoppulaRajender in #384
• 6.5 | CC | README typos by @KoppulaRajender in #385
• 6.5 | changing chart api version to v1 by @KoppulaRajender in #386
• 6.5 | Scanner | adding aqua server ssl suport and aqua offline CC mtls support by @KoppulaRajender in #389
• 6.5 | SLK-40850 | add PDB by @sudhirsingh-cloudbuilders in #387
• 6.5 | KE | fixing admissionReviewVersions by @KoppulaRajender in #391
• 6.5| cloud connector config map changes | Slk 41172 by @sudhirsinghaqua in #390
• 6.5| cloud connector pdb | SLK41172 by @sudhirsinghaqua in #393
• 6.5 | Slk 40713 | automatic deployment restart after configmap changes by @sudhirsingh-cloudbuilders in #388
• 6.5 | file name changes for cloud-connector templates by @KoppulaRajender in #395
• [Fix] Scanner Chart EOF Error in Version 6.5 by @patareis2 in #398
• 6.5 | Updating charts and Change-log by @KoppulaRajender in #400
• 6.5 | Server Enforcer KE GW | Adding configmap and config/checksum by @KoppulaRajender in #401
• 6.5 | cloud connector | fixing user/password bug by @KoppulaRajender in #406
• 6.5 | enforcer | fixing readiness/liveness probes by @KoppulaRajender in #408
• Move scanner variables to separate configMap by @sudhirsinghaqua in #409
• update gateway chart support global variables by @semyonmor in #412
• Update server use gw dependency by @semyonmor in #413
• Update image pullPolicy to Always in ALL charts in 6.5 by @sudhirsinghaqua in #415
• Revert "Update image pullPolicy to Always in ALL charts in 6.5" by @KoppulaRajender in #419
• 6.5 | Updating chart.yaml and Changelog by @KoppulaRajender in #420
• 6.5 | Slk 40714 | adding ingress type by @sudhirsinghaqua in #422
• 6.5 | Server | Fix | Web Ingress pathType fix by @andreazorzetto in #423
• Update Chart.yaml by @semyonmor in #424
• Fix Chart file apiVersion by @semyonmor in #425
• Fix Chart.yaml by @semyonmor in #426
• Move dependencies to requirements.yaml by @semyonmor in #427
• 6.5 | Server | Fixing gateway dependency by @KoppulaRajender in #429
• 6.5 | fixing gateway dependency - 2 by @KoppulaRajender in #430
• 6.5 | fixing gateway dependency - 3 by @KoppulaRajender in #431
• Ingress definition updated for kubernetes versions up to 1.22 by @andreazorzetto in #432
• Update Chart version by @semyonmor in #433
• Add gateway headless service by @semyonmor in #436
• Fix headless service by @semyonmor in #439
• Add support for gateway headless service by @semyonmor in #437
• Redesign gateway headless service creation by @semyonmor in #440
• Add Chart.lock file by @semyonmor in #441
• Move platform variable to global scope by @semyonmor in #444
• Move platform variable to global scope by @semyonmor in #445
• Remove duplicated namespace definition from serviceAccount by @semyonmor in #446
• 6.5 | Enforcer | fixing serviceaccount names by @KoppulaRajender in #447
• 6.5 | ingress new by @sudhirsinghaqua in #448
• 6.5 | Enforcer | Adding caps & non-privilege as default by @KoppulaRajender in #450
• Fix Openshift route by @semyonmor in #453
• 6.5 | RBAC fixing && default to non-privileged mode by @KoppulaRajender in #454
• fix indentation for gateway and web services by @semyonmor in #457
• Remove capabilities by @semyonmor in #460
• Fix server chart and add capabilities to enforcer by @semyonmor in #464
• 6.5 | KE | adding scc for ke by @KoppulaRajender in #465
• Update ingress to support different Kubernetes versions by @semyonmor in #469
• 6.5 | Server & KE | minor fixes by @KoppulaRajender in #470
• fix typo by @semyonmor in #471
• 6.5 | gateway | fixing db vaule refs by @KoppulaRajender in #474
• 6.5 | Updating PR flow to push charts to dev helm repo by @KoppulaRajender in #478
• 6.5 | adding mke support for KE and removing loglevel for enforcer by @KoppulaRajender in #480
• 6.5 | Add nodeSelectors to starboard operator deployment by @gezb in #488
• 6.5 | Remove duplicated lines for failurePolicy and sideEffects by @semyonmor in #485
• 6.5 | fixing minor bugs by @KoppulaRajender in #484
• 6.5 | Update gateway.serviceAccount to support different from aqua namespace by @semyonmor in #486
• Update Gateway in server chart by @semyonmor in #489
• 6.5 | Jenkins pipeline with validations by @KoppulaRajender in #492
• 6.5 | Fix enforcer serviceAccount and pull secret to deploy enforcer on sam… by @semyonmor in #491
• Fix ke service account by @semyonmor in #494
• Fix issue with secret and serviceAccount by @semyonmor in #498
• 6.5 | KE | readme fix & Notes.txt by @KoppulaRajender in #499
• Update kube-enforcer configMap support custom name for certs by @semyonmor in #501
• Fix scanner serviceAccount and pull secret to support different options by @semyonmor in #502
• 6.5 | scanner | fix server ssl certs by @KoppulaRajender in #505
• updating Jenkinsfile to run in the new Jenkins server by @yossig-aquasec in #507
• 6.5 | Fix server warning and ke variables by @semyonmor in #508
• 6.5 | KE | Comments for webhook certs by @KoppulaRajender in #509
• Add certsSecret.autoGenerate option + instruction for cert-manager by @semyonmor in #510
• Fix | Server | 6.5 | Typo, missing quotes in kube-enforcer deployment template by @andreazorzetto in #513
• 6.5 | Align labels, update Notes and other changes by @semyonmor in #515
• 6.5 | KE | updating KE with new probes by @KoppulaRajender in #517
• 6.5 | updating KE probes for KE advance by @KoppulaRajender in #518
• Fix extraEnvironmentVars in enforcer and KE charts by @semyonmor in #522
• Scanner | 6.5 | Improvement | Specify which registries this scanner is allowed to scan by @andreazorzetto in #520
• Update scanner CHANGELOG.md and increase the chart version by @semyonmor in #523
• Add KubeEnforcer with cert-manager guide to README by @ruzickap in #524
• Fix typo by @semyonmor in #525
• add certificates by @ebram-va in #512
• 6.5 | Update scanner and server charts by @semyonmor in #527
• Revert "6.5 | updating KE probes for KE advance" by @KoppulaRajender in #529
• Fix starboard annotation by @semyonmor in #531
• Fix aquaConsoleSecureAddress by @semyonmor in #533
• 6.5 | Tenant Manager | Update labels and NOTES.txt by @semyonmor in #534
• Update cyber-center chart by @semyonmor in #535
• Fix | 6.5 | KE | Health checks for old kube enforcers fails to render by @andreazorzetto in #540
• adding k3s support to tenanmanager by @KoppulaRajender in #541
• Update default version for starboard to be 0.14.1 by @semyonmor in #542
• 6.5 | Enforcer | fixing issues by @KoppulaRajender in #543
• 6.5 | server | enforcer | ke | fixing mTLS instructions by @KoppulaRajender in #546
• Add static label to main charts by @semyonmor in #545
• Adding Mstp tests. by @yossig-aquasec in #544
• Fix hostRunPath usage by @semyonmor in #547
• Update enforcer-daemonset.yaml by @semyonmor in #549
• Fix priorityClass by @semyonmor in #551
• Adding lock to the pipeline by @yossig-aquasec in #553
• Init commit for 2022.4 by @semyonmor in #554
• 2022.4 | KE Helm | Update cluster name environment variable by @sudhirsinghaqua in #557
• Enforcer Express Mode init commit by @semyonmor in #558
• Update tag version + minor fixes by @semyonmor in #563
• Fix quickstart chart by @semyonmor in #564
• Fix enforcer scc by @semyonmor in #565
• Update KE with temporary changes by @semyonmor in #567
• Update ke and enforcer charts by @semyonmor in #572
• 2022.4 | adding podlables by @KoppulaRajender in #574
• 2022.4 | removing envoy 8082 port by @KoppulaRajender in #578
• ke-crd-remove-categories by @BaruchBilanski in #579
• 2022 | ALL | update tags by @KoppulaRajender in #580
• 2022.4 | scanner | add token auth by @KoppulaRajender in #584
• Reduce KE replicas from 2 to 1 by @BaruchBilanski in #586
• 2022.4 | adding codesec-agent by @KoppulaRajender in #590
• Update enforcer with optional AQUA_OCP_FULL_VERSION by @semyonmor in #588
• Update codesec-agent doc by @semyonmor in #591
• SAAS-5317 [codesec/argon connect and scanner clients chart] 1.0.9 first release. by @amirb-argon in #594
• 2022.4 | Fix duplicated rolebinding name in case of tkg by @semyonmor in #593
• 2022.4 | Separate database volume size by @semyonmor in #596
• SAAS-5533 [codesec-agent] Add scan.replicas. by @amirb-argon in #598
• add resources to cloud connector by @chrisctl in #600
• 2022.4 | CC | adding token auth support by @KoppulaRajender in #602
• Handle kube-enforcer CRDs in a Helm3 friendly way by @stefansedich in #609
• Add resource definition for enforcer in express mode by @semyonmor in #607
• Add PodDisruptionBudget to kube-enforcer deployment by @stefansedich in #613
• 2022.4 | Server | KE | gh fixes by @KoppulaRajender in #612
• 2022.4 | KE | Add support to starboard 0.15.4 by @KoppulaRajender in #615
• 2022.4 | Fix gateway console.publicIp by @semyonmor in #618
• 2022.4 | All | Readme | adding note to mtls setup by @KoppulaRajender in #619
• Fix resources in case of expressMode by @semyonmor in #623
• 2022.4 | KE | adding KE 2022.4 update-3 envs by @KoppulaRajender in #624
• add hashicorp vault support to ae & ke by @KoppulaRajender in #626
• 2022.4 | Fix tkgi mounts issue by @semyonmor in #627
• 2022.4 | KE | add resource & podLables for starboard deployment by @KoppulaRajender in #633
• Add Trivy scan to the Pipeline by @BaruchBilanski in #631
• Updating pipeline to use: aquasec.azurecr.io by @yossig-aquasec in #636
• Exclude Nodes From Kube-Bench based on labels by @sm171190 in #635
• 2022.4 | Fix Mtls between external DB and Server/Gateway by @KoppulaRajender in #638
• Adding option to change automation branch by @yossig-aquasec in #639
• SAAS-8201 [codesec-agent] 1.2.0 Add extraEnv. by @amirb-argon in #640
• Fix | 2022.4 | Server/Gateway: pre-existing service account name is ignored by Gateway chart in custom namespaces by @andreazorzetto in #641
• 2022.4 | adding resources to CC and updating chart versions by @KoppulaRajender in #642
• SAAS-8690 [codesec-agent] remove client_url from validator by @rutmus in #648
• 2022.4 | Enforcer | Readme fix and comments in values.yaml file by @andreazorzetto in #647
• 2022.4 | Scanner | name Override support added by @BaruchBilanski in #651
• Editing the KE COnfigmap Key to Skip Kube BEnch On Nodes With Labels by @sm171190 in #644
• Update to use .Values by @daleront in #653
• Update codesec agent README.md by @rutmus in #656
• 2022.4 | Server | add rbac.create by @KoppulaRajender in #654
• 2022.4 | updating starboard to 0.15.10 by @KoppulaRajender in #657
• 2022.4 | fix external db certs by @KoppulaRajender in #659
• 2022.4 - Install commands added to general README by @BaruchBilanski in #645
• 2022.4 | Server | ClusterRoleBinding SA Name fix by @BaruchBilanski in #660
• update deployments to include missing envs by @rutmus in #665
• 2022.4 | Server | ClusterRoleBinding SA Name - Version Upgrade by @BaruchBilanski in #661
• fix certificates injection by @itaywol in #667
• [aqua-codesec] Fix helm chart values.yaml CA certificate example by @amirb-argon in #668
• Fix | 2022.4 | Server, Enforcer | PodSecurityPolicies by @andreazorzetto in #666
• 2022.4 | Kube Enforcer | Config Map added env variable for KubeBench + Openshift ClusterRole + Ndots + KE & Starboard Operator RBAC Modified by @BaruchBilanski in #669
• add capability for Azure Functions by @sleepyberto in #670
• 2022.4 | Kube Enforcer | KE & Starboard Operator Role Template Modified by @BaruchBilanski in #671
• add new capability and change volume mounts for tkg by @semyonmor in #672
• 2022.4 | Aqua Enforcer | Express mode AE DS name + /var/lib/containers for AE + Fix KE Cluster Role & Role + Custom AE DS name for KE CM by @BaruchBilanski in #674
• Add pre-upgrade hook job by @semyonmor in #679
• Fix labels in pre-upgrade hook job by @semyonmor in #680
• 2022.4 | KubeEnforcer | ClusterRole | Rules by @BaruchBilanski in #684
• 2022.4 | Gateway | Gateway Service | Added Support - loadBalancerSourceRanges by @BaruchBilanski in #685
• Add instructions for Bottlerocket OS by @semyonmor in #687
• kube-enforcer | ocp | creating and using own scc by @yossig-aquasec in #689
• 2022.4 | Server | add support for init + sidecar containers by @BaruchBilanski in #692
• 2022.4 | Kubeenforcer | Fix issue with starboard rolebinding not following custom namespace by @andreazorzetto in #696
• Allow the ApiVersion of the Ingress to be specified by @semyonmor in #700
• Fix #695 by @semyonmor in #703
• Fix Spaces Braces and Brackets by @alxvalentim in #704
• Update gate-headless-service.yaml by @spimmer in #706
• Fix gateway headless service & Add extraEnvironmentVars to cloud connector by @semyonmor in #708
• Update default resource limits for enforcers by @semyonmor in #707
• • Prevent starboard from been deployed on k8s earlier than v1.19 by @zivshits in #709
• Fix KE chart by @semyonmor in #712
• Fix KE chart -2 by @semyonmor in #713
• Update kube-bench version and set timeout for wenhooks by @semyonmor in #714
• Update policy API support + add gateway serviceAccount annotations by @semyonmor in #715
• 2022.4 || Scanner || added custom scanner token secret support by @BaruchBilanski in #718
• Fix tolerations and PDB for CloudConnector by @semyonmor in #727
• feat(codesec-agent-connector): add proxy preference rule by @itaywol in #732
• Fix tolerations by @semyonmor in #733
• change standard name for gateway serviceaccount by @spimmer in #725
• feat(kube-enforcer): Add ability to define extraVolumes by @mkilchhofer in #728
• SLK-62280 - Adjust resource requests and limits for aqua-enforcer and… by @zivshits in #729
• Add priorityClass to kube-enforcer by @blanchardma in #734
• feat(codesec): align proxy implementations to http/s_proxy, no_proxy environment variable standards by @itaywol in #736
• Update Changelog files and add changes to KE chart by @semyonmor in #737
• Increase enforcer memory limit in lightning to 1250Mi to allow AMP by @zivshits in #741
• Update Chanhelog files and update check-db-upgrade server job by @semyonmor in #742
• fix aqua server url for helm by @tzurielweisberg in #743
• Add persistence to scanner by @rickymulder in #738
• 2022.4 | Scanner | change log + docs updated by @BaruchBilanski in #746
• Slk 66884 add support app protocol in helm for l7 lb 2022.4 by @adishaull in #749
• Add support for external web secret by @adishaull in #750
• Add codesec-agent deployment tests by @adishaull in #751
• Add support for external codesec-agent secret by @adishaull in #752
• [doc] add gateway address hint for Sass deployment by @poggenpower in #756
• Remove categories from KE starboard crds by @semyonmor in #757
• 2022.4 | CloudConnector| Update README.md by @BaruchBilanski in #758
• add HashiCorp vault support to server - #753 by @qtasali in #754
• 2022.4 | server | increment server chart version by @KoppulaRajender in #760
• 2022.4 | server | rbac | fix openshift scc by @KoppulaRajender in #762
• 2022.4 | Enforcer | add windows enforcer support by @KoppulaRajender in #759
• Update kube-bench version to v0.6.15 by @adishaull in #761
• Fix Openshift SecurityContextConstraints by @semyonmor in #764
• 2022.4 | scanner | fix-scanner-volumes by @KoppulaRajender in #765
• Change Jenkins pipeline by @adishaull in #763
• Remove double sections in windows-enforcer template by @zivshits in #772
• KE | 2022.4 | upgrade starboard to 0.15.15 by @KoppulaRajender in #773
• 2022.4 | Enforcers | Fix PodSecurityPolicies privileged by @andreazorzetto in #755
• [server] updates to web server deployment for extra volumes / volumemounts by @bradenwright in #776
• Update pre-upgrade hook to support mtls with external DB + Readme by @semyonmor in #777
• Slk 70340 add trivy operator by @adishaull in #779
• Add rbac to scanner chart and update auto-generate-tls.yaml timeoutSeconds by @semyonmor in #781
• Add rbac to scanner chart by @semyonmor in #780
• feat(kube-enforcer): add certs secret to checksum/config of deployment by @sjoukedv in #784
• Add nodeSelector to trivy operator by @Toqn in #786
• SLK-74400 - Add support for resource definition by @adishaull in #793
• SLK-73499 - Add robustness to removal of windows-enforcer by @zivshits in #797
• SLK-74635 - Update README with mixed cluster deployment by @zivshits in #802
• 2022.4 | KE | Change Starboard as default operator by @KoppulaRajender in #801
• Fix containerized db crashing during helm upgrade by @semyonmor in #803
• offer to add option to enable/disable validating and mutating webhook by @ultramaxim in #805
• Allow the API version of PodDisruptionBudget to be overridden by @gezb in #807
• Update ReadMe by @semyonmor in #809
• 2022.4|Upgrade starboard version to 0.15.18 by @KiranBodipi in #811
• SLK-68752 - Change dnsNdots to global value by @adishaull in #813
• SLK-74691 - Fix indentation by @adishaull in #814
• Update envoy configuration by @semyonmor in #815
• Allow the API version of PodDisruptionBudget to be specified - Apply throughout the repo by @gezb in #812
• update trivy-operator version to 0.16.1 by @KiranBodipi in #816
• SLK-76594 - Support ArgoCD deployments by @adishaull in #818
• Bump gateway version by @adishaull in #819
• SLK-74693 - FIX README.md and descriptions by @adishaull in #820
• SLK-76863 - Support Security Context at Pod Level by @zivshits in #823
• Update KE versions by @semyonmor in #824
• SLK-73499 - Force remove windows-enforcer. Keep enforcer logs under C:\Temp\Aquasec by @zivshits in #827
• Include the sbom environment variable in the trivy-operator.yaml file within Helm. by @mjshastha in #828
• [cyber-center] Added a values parameter to assign Deployment annotations by @maik-d in #826
• Update versions by @semyonmor in #830
• added cluster role permissions required for openshift container platform kube-bench cis benchmark scans by @KiranBodipi in #831
• Slk 75732 helm ke add priority class to starboard operator by @adishaull in #833
• chore: Upgrade starboard and kube-bench version to latest by @KiranBodipi in #835
• Update README.md by @Josh-aqua in #836
• fix(): add brokerToken parameters codesec by @danielciuraru86 in #840
• Add a new environment variable AQUA_HEALTH_MONITOR_PORT by @semyonmor in #838
• SLK-79184 - Fix namespaceSelector for KE admission controller by @semyonmor in #842
• 2022.4 | CloudConnector SCC and ExtraEnvsFromSecret added by @BaruchBilanski in #843
• 2022.4 | CC | fixing cc deployment securitycontext to support latest CC release by @KoppulaRajender in #846
• add remediation by @MorAlon1 in #844
• SLK-74693 - Fix server/Chart.lock file by @zivshits in #849
• 2022.4 | cybercenter | reverting cc scc and fixing securitycontext by @KoppulaRajender in #850
• SLK-77315 - Support AKS 1.28 by @zivshits in #851
• Update versions by @semyonmor in #852
• [aqua server/db] Fixed aqua database passwort reference by @maik-d in #855
• SLK-79144 - Support gke-autopilot for aqua-enforcer by @zivshits in #858
• SLK-79144 - Update kube-enforcer chart to enforcer 2022.4.22 chart by @zivshits in #860
• SLK-79144 - Fix typo by @zivshits in #861
• SLK-79144 - Remove some permissions by @zivshits in #862
• 2022.4 | Scanner + Gateway | extraVolumeMounts + extraVolumes by @BaruchBilanski in #847
• Fix Typo by @poggenpower in #853
• add "global" as prefix for imageCredentials by @poggenpower in #854
• remove duplicate 'sideEffects' entries by @stan-yago in #857
• chore: kube-bench & trivy-operator version upgrade by @KiranBodipi in #863
• Update ke deployment with hostNetwork by @semyonmor in #865
• remove disable remediation by default by @MorAlon1 in #867
• KE proxy documentation by @poggenpower in #868
• ImagePullSecret to be optional for enforcer's Service Account by @nivyoo in #875
• Added livenessProbe configuration spec by @Racersclub in #871
• Fix indentation and formatting for external DB by @tnycum in #790
• #872 Add missing annotations field to values.yaml and scanner-deploym… by @Masoud-CSIRT in #873
• Support for Extra Environment Variables for Offline CC. by @ericgomes56 in #874
• Align Changelog files by @semyonmor in #876
• docs: update documentation links by @semyonmor in #877
• Fix job-check-db-upgrade job by @shay79il in #879
• RFE remove imagepullsecret from the service account by @shay79il in #881
• SAAS-25560 | Fix scan-deployment template by @shay79il in #882
• add bleed secrets onprem scanner to sscs helm chart by @tamirsinai in #880
• Fix scan-deployment template by @shay79il in #884
• BS enabled true by @tamirsinai in #892
• SLK-80942 - Fix: logicalName is not populated on windows enforcer by @zivshits in #894
• Update enforcer chart version by @semyonmor in #895
• Allow disabling the installation of starboard CRDs when starboard is enabled by @mustaphaaa in #887
• DEVOPS-227-HELM - Update helm to use aqua registry to pull KB and starboard image by @yariv-freifeld-aqua in #891
• change indent function to nindent function for bleedsecrets resources key by @orizerah in #901
• remove duplicate value KE by @semyonmor in #903
• update-tag-0.9.1 by @maxiitc in #904
• SLK-86284-aqua-helm-issue-with-job-check-db-upgrade-job-in-aqua-serve… by @yariv-freifeld-aqua in #902
• update-tag-0.9.1 by @yariv-freifeld-aqua in #905
• Changing role configuration according to SLK-87530 by @seanposner in #907
• Fixed enableLivenessProbe related errors by @varadaprakash in #912
• bump scanner version by @semyonmor in #913
• fix tolerations within bleedsecrets-deployment.yaml by @AnthonyPoschen in #911
• Bump codsec-agent version by @semyonmor in #917
• Update Kube-Bench Image by @sm171190 in #921
• UPdate Starboard Operator Image by @sm171190 in #920
• SLK-88407 Scanner additional cert fix by @seanposner in #919
• DEVOPS-788: Upgrade default kube-bench version by @tikolsky in #923
• Update kube-bench version and update OPERATOR_EXCLUDE_NAMESPACES env … by @tikolsky in #924
• Fix credential validation check for codesec-agent by @cinerea0 in #915
• chore: Upgrade default kube-bench and starboard version by @mjshastha in #926
• chore: Upgrade default kube-bench by @mjshastha in #928
• feat(saas-28699): support saas broker by @MorAlon1 in #930
• fix(saas-28699): support saas broker by @MorAlon1 in #931
• Deprecating cc-standard image by @ppandrangi in #932
• chore: Update KB image. by @mjshastha in #935
• SLK-88616 Adding dynamic varLibPath support by @seanposner in #929
• DEVOPS-1400 Updating Enforcer version by @seanposner in #936
• chore: Update starboard to 0.15.25 by @mjshastha in #934
• (Fixes #937) feat(db): Add dynamic /dev/shm sizing based on env_size by @giuseppeingoglia in #938
• Bump server chart version by @tikolsky in #940
• chore: Update KB to the latest. by @mjshastha in #942
• DT-12476: Align KE versions by @tikolsky in #944
• DT-12642 Upgrading starboard version to 0.15.26 by @seanposner in #947
• chore: Upgrade default kube-bench and starboard version by @mjshastha in #945
• DEVOPS-1584 Adding contributing guideline by @seanposner in #941
• Cluster name fix by @cpt-redbeard in #946
• chore: bump Trivy Operator version, add OPERATOR_CLUSTER_SBOM_CACHE_ENABLED, and conditionally render resources block by @mjshastha in #933
• DEVOPS-1708 Adding copilot instructions by @seanposner in #948
• chore: Upgrade default kube-bench. by @mjshastha in #952
• SLK-93661 Adding AQUA_K8S_CLUSTER_ID by @seanposner in #955
• DEVOPS-1747 Update Kube-Enforcer with new Enforcer dependency (.25) by @seanposner in #956
• aa by @tikolsky in #954
• SLK-95693 with valid user by @maxiitc in #961
• SLK-94741 Adding empty dir for scanner by @seanposner in #962
• SLK-99202 Adding conditional imagePullSecret attachement by @seanposner in #963
• DEVOPS-1762 Disable concurrent builds for PRs by @seanposner in #967
• DEVOPS-1763 Update chart dependency for gateway 2022.4.15 in server by @seanposner in #968
• revert changes for lower cases by @maxiitc in #969
• pipeline libs restore to master by @tikolsky in #971
• DEVOPS-1764 Remove update from gateway changelog by @seanposner in #970
• chore(rbac): add access to IDMS and ITMS by @mjshastha in #953
• SLK-97966: ImagePullSecret should not be mandatory for starboard as well by @tikolsky in #964
• SLK-99513 Adding README reference for imagePullSecret by @seanposner in #975
• Gateway charts to support lowercase proxy variables by @maxiitc in #974
• update per ticket by @maxiitc in #976
• SLK-99771 Adding DB Upgrade Job annotations by @seanposner in #977
• DEVOPS-1787 Adding CODEOWNERS by @seanposner in #980
• DEVOPS-1800 Align CODEOWNERS by @seanposner in #985
• Kube enforcer add deploymentAnnotations by @roei-avital in #983
• Issue #869 Updating to use PSP only when API version is supported by @seanposner in #984
• DEVOPS-1809 Updating gateway version in server to .17 by @seanposner in #986
• SLK-99523 Adding DB Upgrade Job image pull policy attachement enforcement by @seanposner in #987
• Issue 771 - Aligning default KE image credential secret name by @seanposner in #988

New Contributors

• @FrederikNJS made their first contribution in #12
• @jamsyoung made their first contribution in #33
• @kcorupe made their first contribution in #37
• @spencergilbert made their first contribution in #51
• @ap0phi5 made their first contribution in #45
• @kkleidal made their first contribution in #40
• @paaloeye made their first contribution in #70
• @mohatagarvit made their first contribution in #55
• @steffinstanly made their first contribution in #57
• @amalucelli made their first contribution in #71
• @danielpacak made their first contribution in #84
• @cpt-redbeard made their first contribution in #90
• @akin-ozer made their first contribution in #76
• @labaneilers made their first contribution in #77
• @agilgur5 made their first contribution in #108
• @Hefeweizen made their first contribution in #101
• @nafarlee made their first contribution in #127
• @ppandrangi made their first contribution in #135
• @guyyakir made their first contribution in #216
• @sudhirsingh-cloudbuilders made their first contribution in #387
• @patareis2 made their first contribution in #398
• @ruzickap made their first contribution in #524
• @ebram-va made their first contribution in #512
• @amirb-argon made their first contribution in #594
• @stefansedich made their first contribution in #609
• @sm171190 made their first contribution in #635
• @rutmus made their first contribution in #648
• @daleront made their first contribution in #653
• @itaywol made their first contribution in #667
• @sleepyberto made their first contribution in #670
• @alxvalentim made their first contribution in #704
• @spimmer made their first contribution in #706
• @zivshits made their first contribution in #709
• @mkilchhofer made their first contribution in #728
• @blanchardma made their first contribution in #734
• @tzurielweisberg made their first contribution in #743
• @rickymulder made their first contribution in #738
• @adishaull made their first contribution in #749
• @poggenpower made their first contribution in #756
• @qtasali made their first contribution in #754
• @bradenwright made their first contribution in #776
• @sjoukedv made their first contribution in #784
• @Toqn made their first contribution in #786
• @ultramaxim made their first contribution in #805
• @KiranBodipi made their first contribution in #811
• @mjshastha made their first contribution in #828
• @maik-d made their first contribution in #826
• @danielciuraru86 made their first contribution in #840
• @MorAlon1 made their first contribution in #844
• @stan-yago made their first contribution in #857
• @nivyoo made their first contribution in #875
• @Racersclub made their first contribution in #871
• @tnycum made their first contribution in #790
• @Masoud-CSIRT made their first contribution in #873
• @ericgomes56 made their first contribution in #874
• @shay79il made their first contribution in #879
• @tamirsinai made their first contribution in #880
• @mustaphaaa made their first contribution in #887
• @yariv-freifeld-aqua made their first contribution in #891
• @orizerah made their first contribution in #901
• @maxiitc made their first contribution in #904
• @seanposner made their first contribution in #907
• @varadaprakash made their first contribution in #912
• @AnthonyPoschen made their first contribution in #911
• @tikolsky made their first contribution in #923
• @cinerea0 made their first contribution in #915
• @giuseppeingoglia made their first contribution in #938
• @roei-avital made their first contribution in #983

Full Changelog: https://github.com/aquasecurity/aqua-helm/commits/2022.4.1