winget install --id kubescape.kubescapeAbout kubescape
Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources. Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including NSA-CISA, MITRE A...
What's new in 4.0.8
Changelog - 610154a Coderabbit findings - a70db61 Fix: back-propagate connector URLs to configObj in initializeCloudAPI - 70f095f Initial plan - fb367e8 Merge pull request #2021 from manmathbh/feat/vap-timeout - 48c40f2 Merge pull request #2056 from Ridhi-03Kumari/docs/fix-getting-started-output-formats - 963ec34 Merge pull request #2060 from yugal07/issue-2059 - d7539c2 Merge pull request #2064 from kubescape/copilot/fix-scan-results-submission - c8b067c feat(vap): add --timeout flag to deploy-library command - cfa9161 fix(vap): build MatchLabels from parsed requirements, not raw split - 00ea5ff fix(vap): create parent directories in writeOutput - aad2c83 fix(vap): fix K8s name and label selector validation - 8419ea8 fix(vap): reject DoubleEquals, downstream split on = would break - dc23f92 fix(vap): restrict label validation to equality selectors only - 1a618b7 fix(vap): use DNS label validation for namespace names - cd7ee69 fix(vap): use K8s upstream validation helpers for names and namespaces - 27fe1fe fix(vap): use k8s labels.Parse for label selector validation - cfa37ee suppress spurious interrupt signal log on graceful exit Released by GoReleaser.
Version history
| Version | Updated | Notes |
|---|---|---|
| 4.0.8 | Unknown | Changelog - 610154a Coderabbit findings - a70db61 Fix: back-propagate connector URLs to configObj in initializeCloudAPI - 70f095f Initial plan - fb367e8 Merge pull request #2021 from manmathbh/feat/vap-timeout - 48c40f2... |
| 4.0.7 | Unknown | Changelog - e2a8b62 Merge pull request #1960 from kubescape/service-disco - 4895194 Merge pull request #2018 from sahitya-chandra/fix/portforwarder-trimleft-host - 3e29e64 Merge pull request #2019 from manmathbh/master -... |
| 4.0.6 | Unknown | Changelog - dd1fba5 fix(opaprocessor): apply namespace filter in failedIDs pre-seed and surface rule eval errors - 4fa1084 Adding Cloud unavailable message - a14a698 CodeRabbit Suggestions - 7b65d41 Fix namespace filter... |
| 4.0.5 | Unknown | Changelog - 1d5520f build(deps): update Go version and bump dependencies Released by GoReleaser. |
| 4.0.3 | Unknown | Changelog - 5ffa06f Merge pull request #1945 from kubescape/dependabot/go_modules/github.com/go-git/go-git/v5-5.16.5 - 2edf348 Merge pull request #1948 from kubescape/dependabot/go_modules/go.opentelemetry.io/otel/sdk-1.... |
| 4.0.2 | Unknown | Changelog - 93ac65f Merge pull request #1944 from lpmi-13/pass-tag-for-runtime-version - bb2ef7d Pass tag for the runtime version - 9aba8e4 build(deps): Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5 Released by... |
| 4.0.1 | Unknown | Changelog - 9b29321 Enhance version testing in smoke tests to extract and validate output version - b167435 Merge pull request #1941 from kubescape/semver - 466a11f fix isRuleKubescapeVersionCompatible bug with version 4... |
| 4.0.0 | Unknown | Changelog - 01bb19b Add krew plugin manifest - 2759bee Fix broken README anchors - e0eeb69 Make version smoke test accept bytes and v-prefix - 222c1ec Merge pull request #1931 from Mujib-Ahasan/readmd-update - 3b4585a Me... |
| 3.0.46 | Unknown | What's Changed - Bump golang.org/x/crypto from 0.41.0 to 0.45.0 in /httphandler by @dependabot[bot] in #1892 - update from Debian 12 to 13 when building container images by @pfarikrispy in #1895 - Revamp documentation by... |
| 3.0.45 | Unknown | What's Changed - Bump github.com/opencontainers/selinux from 1.12.0 to 1.13.0 by @dependabot[bot] in #1890 Full Changelog: v3.0.44...v3.0.45 |
| 3.0.44 | Unknown | What's Changed - Bump github.com/containerd/containerd/v2 from 2.0.5 to 2.0.7 by @dependabot[bot] in #1888 - Bump github.com/containerd/containerd from 1.7.28 to 1.7.29 by @dependabot[bot] in #1889 Full Changelog: v3.0.4... |
| 3.0.43 | Unknown | What's Changed - Bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 by @dependabot[bot] in #1881 - fixed "404" URL issue for command $kubescape scan. by @Mujib-Ahasan in #1884 - host-scanner daemonset installation... |
| 3.0.42 | Unknown | What's Changed - fix: post release action does not take tag from GITHUB_REF env var by @amirmalka in #1879 - fix: improve error handling in hostscanner pod validation by @matthyx in #1880 Full Changelog: v3.0.41...v3.0.4... |
| 3.0.41 | Unknown | What's Changed - fix post-release workflow by @amirmalka in #1873 - Fixed issue #1800 : Added parameterNotFoundAction in spec.paramRef while creating policy binding by @cx-anjali-deore in #1876 - fix: Don't run scan in i... |
| 3.0.40 | Unknown | What's Changed - Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 by @dependabot[bot] in #1868 - Issue 1817 fix: Show container name in Assisted remediation by @cx-anjali-deore in #1867 - fix(imagescan): use all target... |
| 3.0.39 | Unknown | What's Changed - Issue 1284 fix: new approach implemented by @yehudahtor in #1863 - Bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 in /httphandler by @dependabot[bot] in #1864 Full Changelog: v3.0.38...v3.0.39 |
| 3.0.38 | Unknown | What's Changed - return error on image when severity threshold exceeded by @matthyx in #1860 - bump helm.sh/helm/v3 to 3.18.5 by @matthyx in #1862 Full Changelog: v3.0.37...v3.0.38 |
| 3.0.37 | Unknown | What's Changed - Fix/update links by @yehudahtor in #1846 - added urls hub.armo --> kubescape.io by @yehudahtor in #1849 - Bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.0 by @dependabot[bot] in #1833 - Bump git... |
| 3.0.36 | Unknown | What's Changed - check scanInfo.Submit in HandleResults to not submit by default by @matthyx in #1841 - fix: control-plane node taints check by @amirmalka in #1843 - do not fail version if update info cannot be fetched b... |
| 3.0.35 | Unknown | What's Changed - check for nil map in merge methods by @matthyx in #1813 - test: increase test coverage by @pixel365 in #1814 - upgrade open-policy-agent to 1.x by @matthyx in #1820 - merge labels and annotations in Retr... |