# 3.2.0

  • Add --format=pretty option for CLI output

# 3.1.6

  • Fix nil pointer issue with --only-output-failed-tests

# 3.1.5

  • Fix UI display of Ingress checks

# 3.1.4

  • Fixes for exemption annotations for the admission controller

# 3.1.3

  • Fixes for privilegeEscalationAllowed and insecureCapabilities checks to take Kubernetes defaults into account

# 3.1.2

  • Start checking deployment configuration using Fairwinds Insights

# 3.1.1

  • Updated to alpine:3.13

# 3.1.0

  • Added support for Ingress objects
  • Fixes for exemptions, including support for exempting entire namespaces

# 3.0.0

  • Breaking - fixed inconsistency in how controller-level checks are handled Custom checks with target: Controller should remove Object from the top-level of the JSON schema (see changes to ./checks/multipleReplicasForDeployment.yaml)

# 2.0.1

  • Fixed Polaris deployment process

# 2.0.0

  • Standardize categories of checks into Security, Reliability, and Efficiency
  • Changes to the dashboard UI
  • Update controller-runtime

# 1.2.1

  • Update date on dashboard footer

# 1.2.0

  • Add ability to audit a single workload
  • Enable pullPolicyAlways by default
  • Fix for finding parent resources

# 1.1.1

  • Show controller checks on dashboard
  • Fix for orphaned pods w/ controller checks

# 1.1.0

  • Add namespace filter in UI
  • Add priorityClass check
  • Support reading from STDIN
  • Ensure severity is set for all custom checks
  • Support audit files which use \r or \r\n as newline character
  • Add option to exempt an entire controller from checks via config file
  • Fixed case where parent resources trigger error
  • Fixed UI zero-state

# 1.0.3

  • Fixed case where parent resources trigger error
  • Fixed dashboard link when --base-path is set

# 1.0.2

  • Fixed case where custom CRDs are not covered by RBAC

# 1.0.1

  • Added ARM binaries to releases

# 1.0.0

# New Features

  • Added support for custom checks using JSON Schema
  • Added support for arbitrary controllers, rather than a pre-configured set
    • removed support for controllers_to_scan in config
  • Added the ability to exempt a particular controller from a particular check.
  • Docker image now includes the default config

# Breaking Changes

  • Breaking changes in both input and output formats. See Examples (opens new window) for examples of the new formats.
    • removed config-level configuration for checks like max/min memory settings
    • changed severity error to danger
  • Breaking changes to the CLI
    • CLI flag --set-exit-code-on-error is now --set-exit-code-on-danger
    • Flags --version, --dashboard, --webhook, and --audit are now arguments
    • Port flags are now just --port

# 0.6.0

  • Fixed webhook support in Kubernetes 1.16
    • this also removes support for 1.8
  • Added support for exemptions via controller annotations

# 0.5.2

  • Fixed missing success messages for resource requests/limits

# 0.5.1

  • Added a few more exemptions
  • Started checking exemptions based on controller name prefix
  • runAsUser != 0 now passes the runAsNonRoot check

# 0.5.0

  • Added --load-audit-file flag to run the dashboard from an existing audit
  • Added an ID field to each check in the output
  • Skip health checks for jobs, cronjobs, initcontainers
  • Added support for exemptions
  • Fixed dashboard base path option

# 0.4.0

  • Added additional Pod Controllers to scan PodSpec (jobs, cronjobs, daemonsets, replicationcontrollers)

# 0.3.1

  • Changed dashboard branding to refer to new org name Fairwinds

# 0.3.0

  • Added --set-exit-code-on-error and --set-exit-code-below-score flags to better support CI/CD

# 0.2.1

# 0.2.0

  • Added --output-format flag for better CI/CD support
  • Added --display-name flag
  • Added support for StatefulSets
  • Show error message if no kubeconfig is set

# 0.1.5

# 0.1.4

# 0.1.3

# 0.1.2

  • Stored all third-party assets (e.g. Charts.js) to local files to support offline dashboard viewing
  • Fix: custom configs in ConfigMap not respected

# 0.1.1

  • Fix (opens new window): missing config.yaml and dashboard assets in binary releases
  • Added some tests and better error handling

# 0.1.0

  • Dashboard fully functional
  • Validating webhook functional, but still considered beta
  • Checks:
    • Health
      • readiness probe missing
      • liveness probe missing
    • Images
      • tag not specified
      • pull policy not always
    • Networking
      • host network set
      • host port set
    • Resources
      • cpu/memory requests missing
      • cpu/memory limits missing
      • cpu/memory ranges exceeded
    • Security
      • security capabilities
      • host IPC set
      • host PID set
      • not read-only fs
      • privilege escalation allowed
      • run as root allowed
      • run as privileged