Skip to content

v1.1.0

Compare
Choose a tag to compare
@github-actions github-actions released this 12 Dec 02:35
· 592 commits to main since this release
7725e46

πŸ’₯ 🚨 CRD BREAKING CHANGES 🚨 πŸ’₯

  • Certificate Store is a namespaced CR. We have made a fix in this release so that Certificate Store CR can be uniquely referenced by Verifier CR. Please follow migration steps here

✨ New Features

  • Enables SBOM verifier improvements:
    • Add deny license and deny package properties to the existing SBOM verifier
    • Add SBOM verifier to Helm chart
  • Introduce new Vulnerability report verifier for Sarif reports generated by Trivy and Grype
    • Enforces report content to match Sarif schema
    • Enforces a MaximumAge duration (ex: '24h')
    • Enforces against existence of disallowedSeverity levels (ex: 'critical')
    • Enforces against existence of denylistCVEs (ex: CVE-2021-44228 log4shell)
    • Introduce a passthrough flag which will bypass all checks and append sarif content in verifier report
    • Adds vulnerability report verifier to Helm chart
    • For documentation on how to use refer to the docs
  • Introduce a verifier name and a verifier type (specName) to the existing VerifierConfig and VerifierPlugin. This enables support for multiple verifiers of the same verifier type. You can find more info here.
  • Introduce new –debug flag to Ratify CLI that sets the logger level to DEBUG.
  • Introduce support for notation-go logs with trace-id support

πŸ“„ Documentation

Note: We’ve moved most of our feature documentation to the Ratify Website.

πŸ§ͺ Tests

  • Added new E2E CLI test for SBOM verifier
  • Added unit tests and E2E tests for vulnerability report verifier
  • Add more unit tests to increase the test coverage for authProvider.

CLI

  • Verifier Scenarios
    • Notation
    • Cosign
      • Keyed
      • Keyless
    • SBOM
    • License Checker
    • JSON Schema Validation
    • All verifier types in one
    • Vulnerability Report
  • Dynamic OCI Plugins
    • Verifier Plugin
    • Store Plugin

Kubernetes

  • Verifier Scenarios
    • Notation
    • Cosign
    • SBOM
    • License Checker
    • JSON Schema Validation
    • All verifier types in one
    • Vulnerability Report
  • ORAS Store Authentication Providers
    • Docker
    • Kubernetes Secrets
    • Azure Workload Identity
    • Azure Managed Identity
  • Certificate Store Providers
    • Inline Certificate
    • Azure Key Vault Certificate
  • Mutation Provider
  • Dynamic OCI Plugins
    • Verifier Plugin
  • CertificateProvider CRD Status
  • TLS Certificate
    • TLS Certificate Watcher
    • TLS Certificate Rotation
  • High Availability Tests
    • 2 Replicas, Redis + Dapr, Notation
  • Quick Start helmfile.yaml test

πŸ› 🩹 Bug Fixes

  • fix: update auth cache miss error handling by @akashsinghal in #1105
  • fix: rename error for verifier plugins to be more generic by @akashsinghal in #1129
  • fix: set default certstore namespace in notation verifier to uniquely identify certificate store resource by @susanshi in #1134
  • fix: allow multiple notationCert in default chart by @susanshi in #1151
  • fix: add certificates to chart value by @susanshi in #1172
  • fix: remove trailing hyphen in notation template by @akashsinghal in #1197

πŸŽ‰ New Contributors

πŸ“ Changelog

Full Changelog: v1.0.0...v1.1.0