Release Summary
InsightCloudSec is pleased to announce Kubernetes Scanner Release v.4.0.7. This release includes new Insights and Guardrails checks. The following packages are included:
- Helm chart version - 4.0.7
Internal components and their versions are in the chart value file. You can easily view the data using the following command:
helm show values <chart name> | grep -E 'Name:|Version:'
New
- Added the following Guardrails checks and corresponding Insights to assist with correcting Kubernetes CVEs:
Bypassing policies imposed by the ImagePolicyWebhook admission pluginBypassing enforce mountable secrets policy imposed by the ServiceAccount admission pluginBypass of seccomp profile enforcementsecrets-store-csi-driver discloses service account tokens in logsInsufficient input sanitization on Windows nodes leads to privilege escalationInsufficient input sanitization in in-tree storage plugin leads to privilege escalation on Windows nodes
Upgrade the Kubernetes Local Scanner
These Insights require the latest version of the Kubernetes Local Scanner. If you are using the Kubernetes Local Scanner, please update it before running these Insights.