Release 1.32
March 14, 2024
The minimum Container Security Sensor version for GHCR repository scanning is 1.32.0.
The minimum Container Security Sensor version for all other types of scan is 1.22.0.
What’s New?
Support for "GitHub Container Registry"
A new registry type for the GitHub Container Registry (GHCR) is now available. Earlier, GHCR was supported under the "Docker V2- Private" category. GHCR option supports all GitHub accounts - Personal, Enterprise, and Organization.
Introducing "CI/CD Events" Tab
With this release, Container Security has introduced CI/CD Events tab for listing CI/CD events in your account.
Once policies are evaluated, you can see the events associated with the CI/CD in this new tab. The resultant build's policy evaluation is categorized as - AUDIT, ALLOW, or DENY.
You can view details of CI/CD events such as summary, policy details, rules associated with the policy, and more information about the resource. You can also edit details of the policy associated with the event.
Introducing a New Report for Images with Malware
A new report template called "CS_IMAGE_MALWARE" is available to generate a report of the malware data present in an image. This new template is in addition to existing report templates - "CS_IMAGE_VULNERABILITY", "CS_IMAGE_SECRETS", and "CS_CONTAINER_VULNERABILITY".
A malware report shows the details of all layers of a malicious image. In other words, if an image is determined to be malicious, its report shows details of both infected and non-infected layers of that image.
Dynamic List for Vulnerability Exception
With this release, a new list type called Dynamic is introduced in the Vulnerability Exception. You can create or update a Dynamic list per your requirement to filter vulnerabilities accordingly. Unlike a Static list, a Dynamic list gets updated periodically with the latest KnowledgeBase.
For example, Dynamic List can be configured to filter all vulnerabilities with severity 1 and severity 2. Therefore, this Dynamic List will be automatically updated with the latest vulnerabilities that match those severity conditions whenever the Vulnerability Exception is executed.
While creating a dynamic list, you should avoid modifying the criteria filter until all the QIDs that suffice the current criteria are mapped to the list under the QIDs section on the list details page. You should avoid scanning any assets until the mapping is done to prevent any issues in vulnerability processing for that particular asset.
Support for Backslash (\) in Regex
With this release, the Regex field of a secret detector supports the backslash (\) character. Backslash is used to mention special characters. For example, you can use characters such as - "\." , "\*" , "\\" (escaped special characters) in the Regex field.
Known Issues
The following are the Known issues in this release.
Category | Issue |
---|---|
Regex Validation | While creating or editing a secret detector, the Regex field accepts invalid Regex values due to issues in the regex validation. |
Regex Validation | Backend Regex Validation fails without any error. |