v1.1.1

Features

• add vuln count in logs (#758) #758 (ashnamehrotra)
• add manual label (#759) #759 (ashnamehrotra)

Bug Fixes

• fix quotations in release (#732) #732 (ashnamehrotra)
• add more disabled analyzers and handlers (#761) #761 (Sertaç Özercan)

Documentation

• fix versioned v1.1.x (#729) #729 (Sertaç Özercan)
• fix versioned v1.1.x sidebars (#731) #731 (Sertaç Özercan)
• fix horizontal rule syntax in trivy docs (#744) #744 (Anish Ramasekar)
• add demo (#683) #683 (ashnamehrotra)

Continuous Integration

• add k8s 1.27 test (#722) #722 (Sertaç Özercan)
• Fix flaking e2e test (imagelist_alias) (#735) #735 (Peter Engelbert)

Chores

• Prepare v1.1.0 release (#727) #727 (ashnamehrotra)
• bump golang from 995b84e to 2dc5c56 in /build/tooling (#734) #734 (dependabot[bot])
• bump step-security/harden-runner from 2.3.1 to 2.4.0 (#740) #740 (dependabot[bot])
• bump crazy-max/ghaction-github-runtime from 2.1.0 to 2.2.0 (#738) #738 (dependabot[bot])
• bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#739) #739 (dependabot[bot])
• bump actions/upload-artifact from 3.1.0 to 3.1.2 (#741) #741 (dependabot[bot])
• bump github/codeql-action from 2.3.2 to 2.3.3 (#742) #742 (dependabot[bot])
• bump prism-react-renderer from 1.3.5 to 2.0.4 in /docs (#743) #743 (dependabot[bot])
• bump golang from 2dc5c56 to 918857f in /build/tooling (#751) #751 (dependabot[bot])
• bump actions/setup-go from 4.0.0 to 4.0.1 (#745) #745 (dependabot[bot])
• bump codecov/codecov-action from 3.1.3 to 3.1.4 (#746) #746 (dependabot[bot])
• bump @docusaurus/preset-classic from 2.4.0 to 2.4.1 in /docs (#747) #747 (dependabot[bot])
• bump @docusaurus/core from 2.4.0 to 2.4.1 in /docs (#748) #748 (dependabot[bot])
• bump @docusaurus/module-type-aliases from 2.4.0 to 2.4.1 in /docs (#749) #749 (dependabot[bot])
• update modules (#756) #756 (ashnamehrotra)
• bump golangci/golangci-lint-action from 3.4.0 to 3.5.0 (#753) #753 (dependabot[bot])
• bump github/codeql-action from 2.3.3 to 2.3.6 (#754) #754 (dependabot[bot])
• bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#755) #755 (dependabot[bot])
• bump golang from 918857f to 419bc89 in /build/tooling (#757) #757 (dependabot[bot])
• bump github/codeql-action from 2.3.6 to 2.13.4 (#762) #762 (dependabot[bot])
• bump docker/login-action from 2.1.0 to 2.2.0 (#763) #763 (dependabot[bot])
• bump actions/checkout from 3.5.2 to 3.5.3 (#764) #764 (dependabot[bot])
• upgrade kubernetes to v1.26.5 (#778) #778 (ashnamehrotra)
• Prepare v1.1.1 release (#779) #779 (ashnamehrotra)

v1.1.0

Notable changes

• ✏️ collector pods are now called eraser and eraser containers are now called remover to simplify naming.
• 🚨 Update to default severity level for the Trivy scanner to include CRITICAL, HIGH, MEDIUM, LOW vulnerabilities. This behavior can be customized via eraser configmap .
• 💀 Eraser will now remove non-running end-of-life (EOL) images, by default. This behavior can be customized with deleteEOLImages flag in eraser configmap.

Features

• (e2e tests) Install helm from repo, then upgrade (#673) #673 (Peter Engelbert)
• add to default severity levels (#695) #695 (Sertaç Özercan)
• remove eol images (#696) #696 (Sertaç Özercan)
• create unversioned API version for EraserConfig (#708) #708 (Peter Engelbert)
• rename collector pods and eraser container (#675) #675 (ashnamehrotra)

Bug Fixes

• add pull secrets in image list job (#652) #652 (shaofan)
• fix lint (#672) #672 (Sertaç Özercan)
• restore ability to catch broken scanner (#706) #706 (Peter Engelbert)
• check delete eol flag (#712) #712 (Sertaç Özercan)

Documentation

• Add configmap docs (#645) #645 (Peter Engelbert)
• Fix broken links (#648) #648 (Peter Engelbert)
• update with v1 imagelist (#664) #664 (Sertaç Özercan)
• clarify support policy for managed version (#670) #670 (Xander Grzywinski)
• add roadmap link to readme (#680) #680 (Xander Grzywinski)
• add docs on how eraser is different from native garbage collection (#718) #718 (Xander Grzywinski)
• fix install v1.0.0 link (#723) #723 (Sertaç Özercan)
• update openssf scorecard badge (#700) #700 (Sertaç Özercan)

Continuous Integration

• Add e2e test for pull secrets in imagelist mode (#653) #653 (Peter Engelbert)
• remove k8s 1.23 from test matrix (#657) #657 (Sertaç Özercan)
• build images once (#681) #681 (Peter Engelbert)
• add openssf scorecard action (#685) #685 (Sertaç Özercan)
• [StepSecurity] Apply security best practices (#713) #713 (StepSecurity Bot)

Chores

• bump actions/cache from 3.2.5 to 3.2.6 (#650) #650 (dependabot[bot])
• bump step-security/harden-runner from 2.1.0 to 2.2.0 (#649) #649 (dependabot[bot])
• bump github/codeql-action from 2.2.4 to 2.2.5 (#651) #651 (dependabot[bot])
• bump step-security/harden-runner from 2.2.0 to 2.2.1 (#658) #658 (dependabot[bot])
• bump github/codeql-action from 2.2.5 to 2.2.6 (#659) #659 (dependabot[bot])
• bump @sideway/formula from 3.0.0 to 3.0.1 in /docs (#661) #661 (dependabot[bot])
• bump actions/cache from 3.2.6 to 3.3.1 (#662) #662 (dependabot[bot])
• bump webpack from 5.74.0 to 5.76.2 in /docs (#666) #666 (dependabot[bot])
• bump actions/setup-go from 3 to 4 (#667) #667 (dependabot[bot])
• bump github/codeql-action from 2.2.6 to 2.2.9 (#682) #682 (dependabot[bot])
• bump @docusaurus/core from 2.3.1 to 2.4.0 in /docs (#677) #677 (dependabot[bot])
• bump @docusaurus/preset-classic from 2.3.1 to 2.4.0 in /docs (#678) #678 (dependabot[bot])
• bump @docusaurus/module-type-aliases from 2.3.1 to 2.4.0 in /docs (#679) #679 (dependabot[bot])
• bump actions/dependency-review-action from 3.0.3 to 3.0.4 (#676) #676 (dependabot[bot])
• bump runc and buildkit deps (#698) #698 (Sertaç Özercan)
• bump go 1.20 (#699) #699 (Sertaç Özercan)
• bump actions/setup-go from 3 to 4 (#694) #694 (dependabot[bot])
• bump ossf/scorecard-action from 2.1.2 to 2.1.3 (#702) #702 (dependabot[bot])
• bump github/codeql-action from 2.2.9 to 2.3.0 (#710) #710 (dependabot[bot])
• bump codecov/codecov-action from 3.1.1 to 3.1.3 (#709) #709 (dependabot[bot])
• bump step-security/harden-runner from 2.2.1 to 2.3.1 (#711) #711 (dependabot[bot])
• bump peter-evans/create-pull-request from 4 to 5 (#693) #693 (dependabot[bot])
• bump actions/checkout from 3.0.2 to 3.5.2 (#714) #714 (dependabot[bot])
• bump github/codeql-action from 2.3.0 to 2.3.1 (#715) #715 (dependabot[bot])
• bump golang from 595c9af to d282e70 in /build/tooling (#720) #720 ([dependabot[bot]](htt...

v1.1.0-beta.0

This release is same as v1.0.0.

Features

• add priorityClass as a config flag (#605) #605 (Sertaç Özercan)

Bug Fixes

• default repo and tag (#616) #616 (Peter Engelbert)
• remove explicit id and group from docker call (#608) #608 (Peter Engelbert)
• Ensure windows nodes are excluded by default (#628) #628 (Peter Engelbert)

Documentation

• remove in development banner (#614) #614 (Sertaç Özercan)
• fix v1.0.x docs (#644) #644 (Sertaç Özercan)

Continuous Integration

• pin golang image to 1.19.4-bullseye (#627) #627 (Peter Engelbert)
• fix golang git safe path (#638) #638 (Sertaç Özercan)

Chores

• bump http-cache-semantics from 4.1.0 to 4.1.1 in /docs (#618) #618 (dependabot[bot])
• bump @docusaurus/core from 2.3.0 to 2.3.1 in /docs (#620) #620 (dependabot[bot])
• bump actions/cache from 3.2.3 to 3.2.5 (#631) #631 (dependabot[bot])
• bump github/codeql-action from 2.1.39 to 2.2.4 (#632) #632 (dependabot[bot])
• bump @docusaurus/preset-classic from 2.3.0 to 2.3.1 in /docs (#622) #622 (dependabot[bot])
• upgrade vulnerable packages (containerd, helm, go-getter, golang/x/net) (#635) #635 (ashnamehrotra)
• bump @docusaurus/module-type-aliases from 2.3.0 to 2.3.1 in /docs (#621) #621 (dependabot[bot])
• update k8s.gcr.io references to registry.k8s.io (#637) #637 (Sertaç Özercan)
• release v1.1.0-beta.0 (#646) #646 (Sertaç Özercan)

v1.0.0

Bug Fixes

• Ensure windows nodes are excluded by default (#628) #628

Chores

• chore: upgrade vulnerable packages (containerd, helm, go-getter, golang/x/net) #635
• Prepare v1.0.0 release (#643) #643 (ashnamehrotra)

v1.0.0-rc.2

Bug Fixes

• patch buildversion (#623) #623 (Peter Engelbert)

Chores

• cherry pick to enable rc.2 (#617) #617 (Peter Engelbert)
• Prepare v1.0.0-rc.2 release (#624) #624 (github-actions[bot])

v1.0.0-rc.1

Features

• add scanner timeouts (#564) #564 (ashnamehrotra)
• system-wide configmap (#581) #581 (Peter Engelbert)

Bug Fixes

• remove accidentally added code (#579) #579 (Peter Engelbert)
• imagejob fix (#546) #546 (ashnamehrotra)
• website versioned docs (#589) #589 (ashnamehrotra)
• set scanner/collector default to enabled in helm chart (#606) #606 (Peter Engelbert)
• repeat period starts when job deletion starts (#586) #586 (ashnamehrotra)
• remove path from url (#607) #607 (ashnamehrotra)

Documentation

• add tagging to release docs (#578) #578 (ashnamehrotra)
• fix github logo in site header (#587) #587 (Xander Grzywinski)

Continuous Integration

• bump release timeout to 60m (#577) #577 (Sertaç Özercan)
• generate sbom and provenance (#596) #596 (Sertaç Özercan)

Chores

• bump step-security/harden-runner from 2.0.0 to 2.1.0 (#582) #582 (dependabot[bot])
• bump actions/cache from 3.2.2 to 3.2.3 (#583) #583 (dependabot[bot])
• bump github/codeql-action from 2.1.37 to 2.1.38 (#584) #584 (dependabot[bot])
• bump actions/dependency-review-action from 3.0.2 to 3.0.3 (#585) #585 (dependabot[bot])
• bump github/codeql-action from 2.1.38 to 2.1.39 (#588) #588 (dependabot[bot])
• automate update of installation docs on release (#595) #595 (ashnamehrotra)
• bump ua-parser-js from 0.7.31 to 0.7.33 in /docs (#598) #598 (dependabot[bot])
• bump @docusaurus/preset-classic from 2.1.0 to 2.3.0 in /docs (#601) #601 (dependabot[bot])
• bump @docusaurus/core from 2.1.0 to 2.3.0 in /docs (#602) #602 (dependabot[bot])
• bump @docusaurus/module-type-aliases from 2.1.0 to 2.3.0 in /docs (#603) #603 (dependabot[bot])
• Prepare v1.0.0-rc.1 release (#609) #609 (github-actions[bot])

v1.0.0-beta.3

Features

• add vuln db flag (#548) #548 (Sertaç Özercan)
• disable sbom analyzer (#557) #557 (Sertaç Özercan)
• v1 api (#544) #544 (Peter Engelbert)
• Use PodTemplates to support ImageJobs (#555) #555 (Peter Engelbert)

Bug Fixes

• link to otelcollector in docs (#551) #551 (ashnamehrotra)
• check for otlp endpoint in scanner metrics (#550) #550 (ashnamehrotra)
• add image name to eraser logs (#559) #559 (ashnamehrotra)
• otel modules update (#569) #569 (ashnamehrotra)
• imagepullsecrets list (#572) #572 (Peter Engelbert)

Documentation

• update release docs (#565) #565 (ashnamehrotra)
• add anonymized google analytics on the docs site (#570) #570 (Xander Grzywinski)

Continuous Integration

• use main branch in release pr (#574) #574 (Sertaç Özercan)
• automate release (#542) #542 (ashnamehrotra)

Chores

• bump github/codeql-action from 2.1.36 to 2.1.37 (#553) #553 (dependabot[bot])
• bump actions/dependency-review-action from 3.0.1 to 3.0.2 (#554) #554 (dependabot[bot])
• update helm to v3.10.3 (#563) #563 (ashnamehrotra)
• bump json5 from 2.2.1 to 2.2.2 in /docs (#566) #566 (dependabot[bot])
• bump actions/cache from 3.0.11 to 3.2.2 (#567) #567 (dependabot[bot])
• bump oras.land/oras-go from 1.2.1 to 1.2.2 (#561) #561 (dependabot[bot])
• bump to controller runtime 0.14.1 (#558) #558 (Sertaç Özercan)
• Prepare v1.0.0-beta.3 release (#575) #575 (github-actions[bot])

v1.0.0-beta.2

Features

• scanner template (#507) #507 (ashnamehrotra)
• tolerate everything (#532) #532 (Peter Engelbert)

Bug Fixes

• guard against nil when connection to v1 CRI fails (#516) #516 (Peter Engelbert)
• additional nil guards on CRI v1alpha2 -> v1 conversion (#519) #519 (Peter Engelbert)
• Imagejob failed fix (#515) #515 (ashnamehrotra)
• consistently use test namespace for all e2e tests (#530) #530 (Peter Engelbert)
• metrics fixes (#510) #510 (ashnamehrotra)
• scanner permissions (#538) #538 (Peter Engelbert)
• Revert "fix: Imagejob failed fix (#515)" (#539) #539 (Peter Engelbert)

Tests

• add k8s 1.26 to test matrix (#533) #533 (Peter Engelbert)
• catch broken scanner (#540) #540 (Peter Engelbert)

Chores

• upgrade golang.org/x/net to v0.4.0 (#521) #521 (ashnamehrotra)
• bump github/codeql-action from 2.1.35 to 2.1.36 (#523) #523 (dependabot[bot])
• bump k8s.io/kubernetes from 1.25.4 to 1.25.5 (#524) #524 (dependabot[bot])
• update modules to v0.25.5 (#528) #528 (ashnamehrotra)
• scanner refactor (#531) #531 (Peter Engelbert)
• prepare v1.0.0-beta.2 release (#541) #541 (ashnamehrotra)

v1.0.0-beta.1

Features

• eraser metrics (#420) #420 (ashnamehrotra)
• pull secret (#493) #493 (Peter Engelbert)
• update modules to v0.25.4 (#500) #500 (ashnamehrotra)

Bug Fixes

• Remove tooling containers created in Makefile (#476) #476 (Peter Engelbert)
• readme for exclusion configmap (#482) #482 (ashnamehrotra)
• collector skip excluded test (#486) #486 (ashnamehrotra)
• unset cpu limits (#484) #484 (ashnamehrotra)
• image reference logic (#477) #477 (Peter Engelbert)
• use tmpfs and set readonlyrootfilesystem in securitycontext (#496) #496 (Peter Engelbert)
• add logs for collected images (#506) #506 (ashnamehrotra)
• add default tolerations for collector/eraser pods (#508) #508 (Peter Engelbert)

Documentation

• document docs search troubleshooting (#461) #461 (Sertaç Özercan)

Continuous Integration

• remove deprecated linters (#504) #504 (Sertaç Özercan)
• combine codegen and manifest gen (#511) #511 (Sertaç Özercan)

Chores

• bump github/codeql-action from 2.1.30 to 2.1.31 (#462) #462 (dependabot[bot])
• bump sigs.k8s.io/controller-runtime from 0.13.0 to 0.13.1 (#463) #463 (dependabot[bot])
• update trivy to v0.35.0 (#489) #489 (Peter Engelbert)
• bump stefanprodan/helm-gh-pages from 1.6.0 to 1.7.0 (#485) #485 (dependabot[bot])
• bump step-security/harden-runner from 1.5.0 to 2.0.0 (#473) #473 (dependabot[bot])
• bump github/codeql-action from 2.1.31 to 2.1.35 (#497) #497 (dependabot[bot])
• bump loader-utils from 2.0.2 to 2.0.4 in /docs (#478) #478 (dependabot[bot])
• bump actions/dependency-review-action from 2.5.1 to 3.0.1 (#495) #495 (dependabot[bot])
• bump k8s.io/kubernetes from 1.25.3 to 1.25.4 (#475) #475 (dependabot[bot])
• update CRI client runtime version to v1 (test with multiple k8s versions) (#499) #499 (Peter Engelbert)
• prepare v1.0.0-beta.1 release (#512) #512 (Peter Engelbert)

v0.5.0

Features

• multiple exclusion (#366) #366 (ashnamehrotra)
• test with non-helm deployment (#371) #371 (ashnamehrotra)
• upload logs (#377) #377 (ashnamehrotra)
• separate code for scanner named pipe communication (#384) #384 (ashnamehrotra)
• versioned docs (#386) #386 (ashnamehrotra)
• add scanner docs (#387) #387 (ashnamehrotra)

Bug Fixes

• change seconds to duration (#325) #325 (ashnamehrotra)
• add configmap watch rbac (#375) #375 (ashnamehrotra)
• add ReadHeaderTimeout for pprof profiling (#383) #383 (ashnamehrotra)
• update exclusion doc (#388) #388 (ashnamehrotra)
• revert "chore: bump @mdx-js/react from 1.6.22 to 2.1.3 in /docs" (#393) #393 (ashnamehrotra)
• multi-arch builds (#397) #397 (Sertaç Özercan)
• remove unused eraser-manager-config-configmap (#396) #396 (ashnamehrotra)
• fix CVE-2022-27664 andf CVE-2022-36085 (#408) #408 (Sertaç Özercan)
• versioned docs (#419) #419 (ashnamehrotra)
• e2e test image overrides using env vars (#424) #424 (Peter Engelbert)
• show pods as running during collect-scan-erase pipeline (#430) #430 (Peter Engelbert)
• typo in helm keys (#443) #443 (Peter Engelbert)
• label child imagejobs by owner (#457) #457 (Peter Engelbert)

Documentation

• update installation doc for v0.4.0 (#367) #367 (Sertaç Özercan)
• add faq section with vulnerable images section (#372) #372 (Xander Grzywinski)
• update slack link (#398) #398 (Rita Zhang)
• fix small type in quick start doc (#407) #407 (Xander Grzywinski)
• Add architecture diagram to website (#431) #431 (Peter Engelbert)

Tests

• prevent pulling default images in e2e test (#458) #458 (Peter Engelbert)

Continuous Integration

• publish arm images on release (#413) #413 (Sertaç Özercan)
• add k8s 1.25, drop 1.22 (#454) #454 (Sertaç Özercan)
• increase timeout for linter action (#459) #459 (Peter Engelbert)

Chores

• add npm packages to dependabot (#357) #357 (Sertaç Özercan)
• bump prism-react-renderer from 1.3.3 to 1.3.5 in /docs (#360) #360 (dependabot[bot])
• bump @docusaurus/core from 2.0.0-beta.21 to 2.0.1 in /docs (#362) #362 (dependabot[bot])
• bump @docusaurus/preset-classic from 2.0.0-beta.21 to 2.0.1 in /docs (#359) #359 (dependabot[bot])
• bump @docusaurus/module-type-aliases from 2.0.0-beta.21 to 2.0.1 in /docs (#361) #361 (dependabot[bot])
• bump ci to go 1.19 (#363) #363 (Sertaç Özercan)
• bump clsx from 1.1.1 to 1.2.1 in /docs (#370) #370 (dependabot[bot])
• bump step-security/harden-runner from 1.4.4 to 1.4.5 (#369) #369 (dependabot[bot])
• bump actions/dependency-review-action from 2.0.4 to 2.1.0 (#378) #378 (dependabot[bot])
• bump github/codeql-action from 2.1.18 to 2.1.19 (#379) #379 (dependabot[bot])
• bump @mdx-js/react from 1.6.22 to 2.1.3 in /docs (#382) #382 (dependabot[bot])
• bump k8s.io/kubernetes from 1.22.12 to 1.22.13 (#381) #381 (dependabot[bot])
• bump github/codeql-action from 2.1.19 to 2.1.21 (#385) #385 (dependabot[bot])
• bump github/codeql-action from 2.1.21 to 2.1.22 (#389) #389 (dependabot[bot])
• bump @docusaurus/module-type-aliases from 2.0.1 to 2.1.0 in /docs (#390) #390 (dependabot[bot])
• bump @docusaurus/core from 2.0.1 to 2.1.0 in /docs (#392) #392 (dependabot[bot])
• bump @docusaurus/preset-classic from 2.0.1 to 2.1.0 in /docs (#391) #391 (dependabot[bot])
• bump controller-runtime to v0.13.0 (#333) #333 (Sertaç Özercan)
• bump actions/cache from 3.0.4 to 3.0.8 (#400) #400 (dependabot[bot])
• bump k8s.io/kubernetes from 1.25.0 to 1.25.2 (#410) #410 (dependabot[bot])
• bump codecov/codecov-action from 3.1.0 to 3.1.1 (#411) #411 (dependabot[bot])
• bump github/codeql-action from 2.1.22 to 2.1.25 (#409) #409 (dependabot[bot])
• bump act...