Kubernetes Scanner Release v.2.0.3 (07/21/2022) InsightCloudSec is pleased to announce Kubernetes Scanner Release 2.0.3. This release includes an update to ensure the use of a unique Certificate authority. Packages Include **Helm chart version - 2.0.3 **

Internal components and their versions are found in the chart value file. One can easily view the data using the following command:

helm show values <chart name> | grep -E 'Name:|Version:'

New and Enhanced ** [ENG-14690] Harden K8s Scanner containers ; Add runAsUser, runAsGroup, fsGroup properties to all containers ** k8s-scanner pod and containers will now run as non-privileged users (root permissions no longer required)

[ENG-17145] Update K8s Scanner with respect to deprecated chronjob api The Cronjob API path used in the Kubernetes Scanner manifest was updated and modified from batch/v1beta1 to batch/v1.

For more information about Kubernetes API change refer to: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#cronjob-v125 

**[ENG-17624] [k8s-scanner][helm] remove create subjectaccessreviews permission ** Removed the ‘create subjectaccessreviews’ permission. The permission was required for the checks:

• “Workload Read Secrets from Kubernetes API Server”
• “Ensure Workloads are not permitted to create or update Pods through Kubernetes API Server”

*Starting with the 2.0.3 release, the above 2 checks won’t be able to run properly unless the above permission is manually added by customers who want to use these checks. *

[ENG-18037] [k8s-scanner][helm] remove ‘proxy’ permission on nodes Removed the ‘proxy’ on the k8s nodes permission. The permission isn’t required anymore, no affect on k8s-scanner.