- Fixed missing success messages for resource requests/limits
- Added a few more exemptions
- Started checking exemptions based on controller name prefix
runAsUser != 0now passes therunAsNonRootcheck
- Added
--load-audit-fileflag to run the dashboard from an existing audit - Added an
IDfield to each check in the output - Skip health checks for jobs, cronjobs, initcontainers
- Added support for exemptions
- Fixed dashboard base path option
- Added additional Pod Controllers to scan PodSpec (
jobs,cronjobs,daemonsets,replicationcontrollers)
- Changed dashboard branding to refer to new org name Fairwinds
- Added
--set-exit-code-on-errorand--set-exit-code-below-scoreflags to better support CI/CD
- Fix: Fixed logic on RunAsNonRoot check to incorporate settings in podSpec
- Added
--output-formatflag for better CI/CD support - Added
--display-nameflag - Added support for StatefulSets
- Show error message if no kubeconfig is set
- Fix: details pages getting template errors
- Fix: support all auth providers
- Fix: Ignore readiness probe for initContainers
- Fix: dashboard not updating when running persistently
- Stored all third-party assets (e.g. Charts.js) to local files to support offline dashboard viewing
- Fix: custom configs in
ConfigMapnot respected
- Fix: missing
config.yamland dashboard assets in binary releases - Added some tests and better error handling
- Dashboard fully functional
- Validating webhook functional, but still considered beta
- Checks:
- Health
- readiness probe missing
- liveness probe missing
- Images
- tag not specified
- pull policy not always
- Networking
- host network set
- host port set
- Resources
- cpu/memory requests missing
- cpu/memory limits missing
- cpu/memory ranges exceeded
- Security
- security capabilities
- host IPC set
- host PID set
- not read-only fs
- privilege escalation allowed
- run as root allowed
- run as privileged
- Health