RuntimeEnforcer v0.1.0

What's Changed

• feat: add finalizer to WorkloadPolicy by @kyledong-suse in #140
• fix: add generate-ebpf to operator make goal too by @dottorblaster in #146
• chore(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0 by @dependabot[bot] in #147
• feat: support WorkloadPolicy update when RulesByContainer are updated by @dottorblaster in #141
• chore: replace privileged mode with minimal eBPF capabilities by @kyledong-suse in #144
• chore(deps): bump go.opentelemetry.io/collector/pdata from 1.48.0 to 1.49.0 by @dependabot[bot] in #150
• chore: update PR template by @Andreagit97 in #156
• test: speedup bpf unit tests avoiding a timeout of 10s by @Andreagit97 in #157
• chore(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 by @dependabot[bot] in #161
• chore(deps): bump github.com/onsi/ginkgo/v2 from 2.27.3 to 2.27.4 by @dependabot[bot] in #160
• chore: tidy up Makefile by @holyspectral in #158
• chore(deps): bump github.com/onsi/gomega from 1.38.3 to 1.39.0 by @dependabot[bot] in #159
• support arm64 build by @holyspectral in #137
• fix(resolver): new pods are not protected by @holyspectral in #154
• docs: compatibility docs by @dottorblaster in #149
• chore(deps): bump github.com/onsi/ginkgo/v2 from 2.27.4 to 2.27.5 by @dependabot[bot] in #170
• chore(deps): bump actions/setup-go from 6.1.0 to 6.2.0 by @dependabot[bot] in #169
• chore(tilt): trigger update when bpf code changed by @holyspectral in #167
• chore: updage generated codes by @holyspectral in #168
• refactor: improve cri-client logging by @Andreagit97 in #178
• fix(ebpf): treat missing ebpf maps as a mismatch by @Andreagit97 in #166
• fix(charts): add SYS_ADMIN capability by @holyspectral in #180
• chore(deps): bump updatecli/updatecli-action from 2.98.0 to 2.99.0 by @dependabot[bot] in #184
• refactor: cleanup unused fields by @Andreagit97 in #185
• feat: expose policy name in otel traces by @Andreagit97 in #179
• chore: run with privileged:true by default by @Andreagit97 in #186
• fix: the noise when standalone pod is present by @holyspectral in #182
• refactor: remove selector from policySpec by @Andreagit97 in #189
• docs: add quickstart and uninstall pages by @Andreagit97 in #177
• fix: assorted bpf fixes on binary path construction by @Andreagit97 in #190
• deps(go): update Go to 1.25.6 version by @github-actions[bot] in #188
• docs: add automatic crd doc generation by @Andreagit97 in #191
• chore(deps): bump actions/cache from 5.0.1 to 5.0.2 by @dependabot[bot] in #197
• chore(deps): bump sigs.k8s.io/controller-runtime from 0.22.4 to 0.23.0 in the kubernetes group by @dependabot[bot] in #200
• feat: support NRI hook by @holyspectral in #183
• docs: document runtime-enforcer phases by @kyledong-suse in #196
• refactor: move GitHub Action to the same location by @flavio in #203
• chore(deps): bump go.opentelemetry.io/collector/pdata from 1.49.0 to 1.50.0 by @dependabot[bot] in #205
• fix: remove todo in e2e monitoring test by @kyledong-suse in #207
• feat: create e2e test for the policy per container feature by @kyledong-suse in #204
• refactor: use security.rancher.io/policy instead pod selectors by @Andreagit97 in #202
• chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in #210
• refactor: rename daemon to agent by @flavio in #212
• feat: implement NRI support as an alternative to the pod informer by @Andreagit97 in #208
• refactor: remove unused scheme by @Andreagit97 in #217
• feat: support CronJob learning by @holyspectral in #218
• chore(deps): bump sigs.k8s.io/controller-runtime from 0.23.0 to 0.23.1 in the kubernetes group by @dependabot[bot] in #221
• feat: make security.rancher.io/policy immutable by @kyledong-suse in #220
• chore: pod informer cleanup by @holyspectral in #219
• chore: update project location to rancher-sandbox by @holyspectral in #225
• chore(deps): bump actions/cache from 5.0.2 to 5.0.3 by @dependabot[bot] in #224
• chore(deps): bump github.com/onsi/ginkgo/v2 from 2.27.5 to 2.28.1 by @dependabot[bot] in #229
• docs: update docs to reflect new project location by @kyledong-suse in #227
• chore(deps): bump github.com/onsi/gomega from 1.39.0 to 1.39.1 by @dependabot[bot] in #230
• chore: fix github repo stats ignoring vmlinux files by @Andreagit97 in #231
• chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.40.0 by @dependabot[bot] in #233
• chore(deps): bump go.opentelemetry.io/otel/trace from 1.39.0 to 1.40.0 by @dependabot[bot] in #234
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 by @dependabot[bot] in #232
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc from 1.39.0 to 1.40.0 by @dependabot[bot] in #236
• chore(deps): bump go.opentelemetry.io/collector/pdata from 1.50.0 to 1.51.0 by @dependabot[bot] in #235
• feat: make agent protection persistent during rolling update by @holyspectral in #226

New Contributors

• @flavio made their first contribution in #203

Full Changelog: v0.0.1-rc1...v0.1.0

runtime-enforcer-chart-0.1.2

SUSE Security Runtime Enforcer helm chart

RuntimeEnforcer v0.0.1-rc1

What's Changed

• chore(deps): bump the kubernetes group with 4 updates by @dependabot[bot] in #32
• chore: pin helm version to 3.19.0 in CI by @dottorblaster in #35
• chore(deps): bump github.com/cilium/cilium from 1.18.3 to 1.18.4 by @dependabot[bot] in #33
• cleanup: remove deadlinks by @holyspectral in #30
• ci: ensure all the images we built are signed with cosign by @holyspectral in #31
• chore(deps): bump updatecli/updatecli-action from 2.94.0 to 2.96.0 by @dependabot[bot] in #36
• feat: disable learning of processes when the workload is a CronJob by @dottorblaster in #37
• chore(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 by @dependabot[bot] in #40
• chore(deps): bump actions/checkout from 5.0.0 to 5.0.1 by @dependabot[bot] in #38
• chore(deps): bump go.opentelemetry.io/collector/pdata from 1.45.0 to 1.46.0 by @dependabot[bot] in #39
• ci: fix release pipeline by @holyspectral in #43
• chore(deps): bump actions/setup-go from 6.0.0 to 6.1.0 by @dependabot[bot] in #44
• chore(deps): bump actions/checkout from 5.0.1 to 6.0.0 by @dependabot[bot] in #46
• chore(deps): bump golangci/golangci-lint-action from 9.0.0 to 9.1.0 by @dependabot[bot] in #47
• chore(deps): bump sigs.k8s.io/structured-merge-diff/v6 from 6.3.0 to 6.3.1 by @dependabot[bot] in #48
• fix: disable prometheus endpoint by @holyspectral in #58
• docs: add RFC about CRD naming and policy lifecycle by @dottorblaster in #45
• docs: rfc 0004 - WorkloadPolicyProposal dropped the selector field by @dottorblaster in #59
• chore(deps): bump docker/metadata-action from 5.9.0 to 5.10.0 by @dependabot[bot] in #60
• chore: remove obsolete ClusterWorkloadSecurityPolicy from the codebase by @kyledong-suse in #65
• chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #63
• chore(deps): bump github.com/onsi/gomega from 1.38.2 to 1.38.3 by @dependabot[bot] in #71
• chore(deps): bump github.com/onsi/ginkgo/v2 from 2.27.2 to 2.27.3 by @dependabot[bot] in #69
• chore(deps): bump golangci/golangci-lint-action from 9.1.0 to 9.2.0 by @dependabot[bot] in #64
• chore(deps): bump go.opentelemetry.io/collector/pdata from 1.46.0 to 1.47.0 by @dependabot[bot] in #62
• chore(deps): bump updatecli/updatecli-action from 2.96.0 to 2.97.0 by @dependabot[bot] in #61
• chore(deps): bump go.opentelemetry.io/otel/sdk from 1.38.0 to 1.39.0 by @dependabot[bot] in #70
• chore(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc from 1.38.0 to 1.39.0 by @dependabot[bot] in #66
• chore(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by @dependabot[bot] in #74
• chore(deps): bump the kubernetes group with 4 updates by @dependabot[bot] in #75
• deps(go): update Go to 1.25.5 version by @github-actions[bot] in #78
• chore: fix updatecli config by @holyspectral in #80
• chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #83
• chore(deps): bump actions/cache from 4.3.0 to 5.0.1 by @dependabot[bot] in #84
• chore(deps): bump actions/download-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] in #85
• feat!: replace agent implementation removing Tetragon dependency by @Andreagit97 in #79
• ci: fix updatecli by @Andreagit97 in #108
• deps(go): update Go to 1.25.5 version by @github-actions[bot] in #81
• fix: helm unittest CI step by @dottorblaster in #110
• chore(deps): bump github.com/cilium/ebpf from 0.19.0 to 0.20.0 by @dependabot[bot] in #105
• chore(deps): bump updatecli/updatecli-action from 2.97.0 to 2.98.0 by @dependabot[bot] in #102
• chore(deps): bump golang.org/x/sync from 0.18.0 to 0.19.0 by @dependabot[bot] in #104
• chore(deps): bump go.opentelemetry.io/collector/pdata from 1.47.0 to 1.48.0 by @dependabot[bot] in #103
• chore: cleanup ebpf objects by @holyspectral in #127
• fix: disable ebpf logs by default by @Andreagit97 in #98
• docs: remove leftover text from rfc by @holyspectral in #130
• chore: cleanup leftover text by @holyspectral in #129
• chore: allow revive dot-imports in test files by @kyledong-suse in #128
• chore: more cleanup about generated codes by @holyspectral in #132
• feat: rework the CRDs to implement the new label-based behavior by @dottorblaster in #97
• chore(deps): bump the kubernetes group with 4 updates by @dependabot[bot] in #133
• chore(deps): bump k8s.io/cri-api from 0.34.3 to 0.35.0 by @dependabot[bot] in #134
• fix: solve some verifier issues and introduce a bpf CI by @Andreagit97 in #135
• feat: signing container images and artifacts by @holyspectral in #136
• chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 by @dependabot[bot] in #139

New Contributors

• @dependabot[bot] made their first contribution in #32
• @github-actions[bot] made their first contribution in #78
• @Andreagit97 made their first contribution in #79

Full Changelog: runtime-enforcer-chart-0.1.1...v0.0.1-rc1

runtime-enforcer-chart-0.1.1

SUSE Security Runtime Enforcer helm chart