Kubernetes Scanner Release v.2.0.0 (03/08/2022) InsightCloudSec is pleased to announce Kubernetes Scanner Major Release 2.0.0. This major release includes enhancements to the Kubernetes harvesting to improve the analysis we can perform on the Kubernetes inventory data, including support for upcoming Production Container Vulnerability Assessment, planned for release in early April 2022.

Packages Included **Helm chart version - 2.0.0 **

Internal components and their versions are found in the chart value file. One can easily view the data using the following command:

helm show values <chart name> | grep -E 'Name:|Version:' New and Enhanced

• Implement GuardRails V2 - Guardrails scanner now uses API v2 of the BE and sends more data to the BE for processing, plus this API supports the vulnerability assessment feature for k8s. [ENG-12167]

• Support setting for resource request and limit. Added the ability to modify CPU and Memory resource limit and request to the K8s scanner manifest via the HELM values. By default no values are placed. [ENG-13307]

• Added the ability to specify resources limits and requests for Guardrails containers.

  The helm key to set should start with the following YAML hierarchy: “<container spec>.Resources.”

  following the wanted resources requests/limits, where <container spec> is one of “advisorSpec/mergerSpec/inventoryscannerSpec/exporterSpec/devopscurlSpec”

  advisorSpec.Resources.requests.cpu=200m
  advisorSpec.Resources.requests.memory=100Mi
  advisorSpec.Resources.limits.cpu=1
  advisorSpec.Resources.limits.memory=1Gi

For more info and how to configure refer to the Kubernetes documentation.  [ENG-13307] Bug Fixes

• [ENG-13500] In some cases Passed checks reported as failures - Guardrails scanner reports back to ICS platform checks results which are marked as “Pass” and adds them to the merged report instead of ignoring them