v1.8.2

What's Changed

• CMP-4077: Bump version to 1.8.2 by @yuumasato in #1066

Full Changelog: v1.8.1...v1.8.2

v1.8.1

What's Changed

• CMP-3635: Modernize user setup by @xiaojiey in #1037
• Bump version to CO 1.8.1 by @yuumasato in #1046

Full Changelog: v1.8.0...v1.8.1

v1.8.0

What's Changed

• OCPBUGS-50924: Bump up content pauser memory limit by @Vincent056 in #719
• CMP-3077: Migrate pipelines to new component -dev by @yuumasato in #725
• Update Konflux references by @red-hat-konflux[bot] in #644
• CMP-3138: Only build broken test content on master by @rhmdnd in #731
• Release v1.7.1 by @yuumasato in #729
• Build images for arm64 in Konflux by @yuumasato in #732
• Refactor image pull specs in update_csv.go by @Vincent056 in #730
• CMP-3340: Add required labels for release by @yuumasato in #741
• Fix bundle image blank version label by @yuumasato in #757
• Update Konflux references by @red-hat-konflux-kflux-prd-rh02[bot] in #749
• make deploy-local: Fix build of openscap image by @yuumasato in #774
• CMP-3539: Configure sast-snyk-check to upload reports to our org by @yuumasato in #780
• Update Konflux references by @red-hat-konflux-kflux-prd-rh02[bot] in #778
• CMP-3722: Do not use privileged container to scan the node by @yuumasato in #787
• Update konflux ContentPullSpec by @Vincent056 in #796
• Only build when relevant files changed by @yuumasato in #758
• Update version to 1.8.0-dev in Makefile and manifests for development by @Vincent056 in #794
• Fix on-cel-expression typo by @yuumasato in #797
• Update Konflux config for openscap by @Vincent056 in #803
• Migrate renovate config by @red-hat-konflux-kflux-prd-rh02[bot] in #795
• tutorials: update readability by @sebrandon1 in #722
• Update Konflux references by @red-hat-konflux-kflux-prd-rh02[bot] in #791
• Red Hat Konflux kflux-prd-rh02 update compliance-operator-openscap-dev by @red-hat-konflux-kflux-prd-rh02[bot] in #802
• OCPBUGS-11228: Check for duplicate variables in TailoredProfile by @Vincent056 in #695
• CMP-2963: Have optional result server by @Vincent056 in #590
• CMP-2870, CMP-2869, CMP-2870, CMP-2872, CMP-2868: Compliance SDK Compliance Operator Implementation by @Vincent056 in #811
• Update module github.com/gookit/color to v1.6.0 by @red-hat-konflux-kflux-prd-rh02[bot] in #784
• Update module github.com/stretchr/testify to v1.11.1 by @red-hat-konflux-kflux-prd-rh02[bot] in #785
• CMP-3756: Configure MintMaker updates on rpm lockfiles by @yuumasato in #815
• Update github.com/grafana/regexp digest to f7b3be9 by @red-hat-konflux-kflux-prd-rh02[bot] in #788
• Update module github.com/envoyproxy/go-control-plane/envoy to v1.35.0 by @red-hat-konflux-kflux-prd-rh02[bot] in #808
• Update Konflux references by @red-hat-konflux-kflux-prd-rh02[bot] in #821
• Update quay.io/konflux-ci/konflux-vanguard/task-rpms-signature-scan:0.2 Docker digest to 57d9107 by @red-hat-konflux-kflux-prd-rh02[bot] in #823
• chore(KONFLUX-6210): fix and set name and cpe label for CO by @yuumasato in #816
• CMP-3756: Tune in rpm lock files for automated updates by @yuumasato in #832
• CMP-3582,CMP-3557,CMP-3571,CMP-3767: Fix variables not listed in the annotations of rule issue by @xiaojiey in #706
• Use rpms-signature-scans from tekton-catalog by @yuumasato in #834
• CMP-3711: Migrate pipelines to release-1-8 by @yuumasato in #837
• Bump openscap image by @yuumasato in #853
• Fix OpenSCAP image nudge (release-1.8) by @yuumasato in #854
• Add sslcacert to repo file by @yuumasato in #883
• CMP-3756: Update repo file and regenerate lock file by @yuumasato in #886
• CMP-3920: Add missing permission needed to scan sysctl_net_core_bpf_jit_harden by @rhmdnd in #965
• Backport: Add runtime SSH configuration for compliance scans by @Vincent056 in #978

New Contributors

• @sebrandon1 made their first contribution in #722

Full Changelog: v1.7.0...v1.8.0

v1.7.0

What's Changed

• Add container files for konflux builds by @rhmdnd in #623
• Add operator dockerfile for Konflux builds by @rhmdnd in #622
• Fix rogue line in must-gather Containerfile by @rhmdnd in #625
• add subscriptions to OCP konflux builds work by @rhmdnd in #629
• Remove unnecessary subscription from operator Dockerfile by @rhmdnd in #631
• Red Hat Konflux update compliance-operator-openscap by @red-hat-konflux[bot] in #627
• Red Hat Konflux update compliance-operator by @red-hat-konflux[bot] in #630
• Red Hat Konflux update compliance-operator-must-gather by @red-hat-konflux[bot] in #628
• Update module golang.org/x/net to v0.33.0 [SECURITY] by @renovate[bot] in #637
• Update Konflux references by @red-hat-konflux[bot] in #636
• Update github.com/openshift/api digest to 361e35f by @renovate[bot] in #620
• Update github.com/openshift/client-go digest to 89709a4 by @renovate[bot] in #604
• Add bundle script for konflux by @Vincent056 in #621
• Red Hat Konflux update compliance-operator-bundle by @red-hat-konflux[bot] in #638
• Update golang Docker tag to v1.23 by @renovate[bot] in #598
• Fix OCP reference in golang builder image by @rhmdnd in #639
• Update Konflux docker file to use golang 1.23 by @rhmdnd in #645
• Update module github.com/antchfx/xmlquery to v1.4.3 by @renovate[bot] in #641
• Update module sigs.k8s.io/controller-runtime to v0.19.4 by @renovate[bot] in #643
• Update module github.com/onsi/gomega to v1.36.2 by @renovate[bot] in #611
• Update github.com/openshift/api digest to c1a063b by @renovate[bot] in #640
• Update module github.com/itchyny/gojq to v0.12.17 by @renovate[bot] in #642
• Update module sigs.k8s.io/controller-tools to v0.17.1 by @renovate[bot] in #612
• Update module github.com/prometheus-operator/prometheus-operator/pkg/client to v0.79.2 by @renovate[bot] in #480
• Update module github.com/onsi/ginkgo to v2 by @renovate[bot] in #607
• Update github.com/openshift/library-go digest to af5b21e by @renovate[bot] in #605
• Fix broken docs link in the Compliance Operator bundle by @rhmdnd in #646
• Update module sigs.k8s.io/controller-runtime to v0.20.0 by @renovate[bot] in #658
• Update module github.com/coreos/ignition/v2 to v2.20.0 by @renovate[bot] in #655
• Add lock file for RPMs to enable hermetic builds by @rhmdnd in #635
• Update github.com/openshift/api digest to 366ffb8 by @renovate[bot] in #650
• Update actions/checkout action to v4.2.2 by @renovate[bot] in #654
• Update module github.com/prometheus/prometheus to v0.301.0 by @renovate[bot] in #656
• Update kubernetes packages to v0.32.1 by @renovate[bot] in #652
• Update module open-cluster-management.io/api to v0.15.0 by @renovate[bot] in #657
• Update module github.com/cenkalti/backoff/v4 to v5 by @renovate[bot] in #659
• Update module github.com/onsi/ginkgo to v2 by @renovate[bot] in #666
• Update thollander/actions-comment-pull-request action to v3 by @renovate[bot] in #667
• bump co version 1.6.2 dev by @rhmdnd in #661
• 🧹 Remove double quotes in RBAC manifests by @rhmdnd in #573
• Build test content using arm64 by @rhmdnd in #676
• Run test-broken-content-latest action when updated by @rhmdnd in #677
• add read permission for kataconfig by @sluetze in #618
• Fix Release Image Action by @rhmdnd in #680
• Update release actions to build images for ARM64 by @rhmdnd in #679
• Revert arm64 support for must-gather image by @rhmdnd in #687
• OCPBUGS-48461: enhance error handling for PrometheusMetricTargets by @Vincent056 in #689
• CMP-3152: Implement an action to check PR titles by @rhmdnd in #691
• OCPBUGS-51267: Fix an issue in the ComplianceScan controller by @Vincent056 in #685
• CMP-3157: Fix check pr title action by @rhmdnd in #694
• Update module sigs.k8s.io/controller-runtime to v0.20.2 by @renovate[bot] in #664
• CMP-3121: Increase unit test timeout to 20 minutes by @rhmdnd in #688
• CMP-3149: Add content with a deprecated profile by @yuumasato in #704
• CMP-3155: Fix e2e test for checkcount by @Vincent056 in #701
• Add BSI reference parser by @yuumasato in #610
• Update module golang.org/x/net to v0.36.0 [SECURITY] by @renovate[bot] in #705
• CMP-3149: Handle profile deprecation by @yuumasato in #690
• OCPBUGS-54403: Update MCO dependency to support 3.5 ignition by @Vincent056 in #708
• OCPBUGS-54144: Update jwt library to 5.2.2 by @rhmdnd in #707
• CMP-3117: Add arm64 label to bundle CSV by @rhmdnd in #668
• MULTIARCH-4655: add rhcos4 for rhcos4-disa-stig by @prb112 in #669
• OCPBUGS-55181: Update NERC-CIP reference by @rhmdnd in #714
• CMP-2917: Release v1.7.0 by @rhmdnd in #709

Full Changelog: v1.6.2...v1.7.0

v1.6.0

• Remove SBOM workaround by @Vincent056 in #536
• OCPBUGS-17828: Fix rule instruction by @Vincent056 in #537
• OCPBUGS-19690: Enable host network to access host sysctls by @yuumasato in #497
• CMP-1096: Add must-gather image to relatedImages by @rhmdnd in #540
• Update must gather image workflow by @Vincent056 in #541
• CMP-2688: Document using relatedImages for must-gather by @rhmdnd in #542
• Update module github.com/itchyny/gojq to v0.12.16 by @renovate[bot] in #513
• Update docker/setup-qemu-action action to v3 by @renovate[bot] in #415
• 🧹 update golang to 1.21 by @rhmdnd in #491
• Update module golang.org/x/net to v0.23.0 [SECURITY] by @renovate[bot] in #505
• Update actions/checkout action to v4.1.7 by @renovate[bot] in #544
• Fix false positive trivy filesystem scan result by @rhmdnd in #548
• Update docker/login-action action to v3.3.0 by @renovate[bot] in #552
• Update module github.com/spf13/cobra to v1.8.1 by @renovate[bot] in #551
• CMP-2693: Use CLI image for base image in must-gather by @rhmdnd in #543
• Update module github.com/securego/gosec/v2 to v2.20.0 by @renovate[bot] in #444
• Update TailoredProfile title description in parallel e2e by @rhmdnd in #547
• Update docker/metadata-action action to v5 by @renovate[bot] in #413
• Update docker/setup-buildx-action action to v3 by @renovate[bot] in #414
• Update module github.com/go-logr/logr to v1.4.2 by @renovate[bot] in #550
• Add Makefile target for pushing must-gather image by @rhmdnd in #546
• 🧹 update golang to 1.22 by @rhmdnd in #553
• Update module github.com/antchfx/xmlquery to v1.4.1 by @renovate[bot] in #560
• Update module github.com/cenkalti/backoff/v4 to v4.3.0 by @renovate[bot] in #561
• Update module github.com/onsi/gomega to v1.34.1 by @renovate[bot] in #563
• Update github.com/openshift/library-go digest to 8bb8fe6 by @renovate[bot] in #523
• 🧹 remove downstream-specific Dockerfile by @rhmdnd in #545
• Update module github.com/coreos/ignition/v2 to v2.19.0 by @renovate[bot] in #562
• Update kubernetes packages to v0.30.3 by @renovate[bot] in #559
• Gather scan raw-results in must-gather image by @yuumasato in #556
• Add yuumasato to owners file by @rhmdnd in #565
• Update metrics navigation in documentation by @rhmdnd in #557
• CMP-2196: Update cluster role permissions for ingresscontrollers by @rhmdnd in #558
• Update github.com/openshift/library-go digest to 8211143 by @renovate[bot] in #567
• Update module github.com/prometheus/client_golang to v1.19.1 by @renovate[bot] in #569
• Update module go.uber.org/zap to v1.27.0 by @renovate[bot] in #571
• Update module github.com/prometheus/client_model to v0.6.1 by @renovate[bot] in #570
• 🧹 Fix golang formatting in scan.go by @rhmdnd in #566
• Update module sigs.k8s.io/controller-runtime to v0.18.4 by @renovate[bot] in #568
• Update module open-cluster-management.io/api to v0.14.0 by @renovate[bot] in #572
• Update github.com/openshift/api digest to 6b4a57e by @renovate[bot] in #482
• Update github.com/openshift/client-go digest to b054aa7 by @renovate[bot] in #483
• OCPBUGS-37697: Remove newline in metrics doc literal by @rhmdnd in #574
• Add must-gather image builds to release on each push by @rhmdnd in #575
• Fix must-gather base image by @rhmdnd in #576
• Update dependency go to v1.22.6 by @renovate[bot] in #580
• Update github.com/openshift/api digest to 7f2da4c by @renovate[bot] in #579
• Remove multi-arch support from must-gather image by @rhmdnd in #578
• Add kubedeschedulers to api_resource_collector_clusterrole by @sluetze in #587
• Sync ocp-1.0 branch with master by @Vincent056 in #577
• Update module github.com/onsi/ginkgo to v2 by @renovate[bot] in #586
• Add events to must-gather image by @rhmdnd in #589
• Add commit-sha into pr image build by @Vincent056 in #592
• Add PCI-DSS v4.0 reference parser by @yuumasato in #594
• Update github.com/openshift/api digest to 2c10e58 by @renovate[bot] in #595
• Update docker/build-push-action action to v6 by @renovate[bot] in #584
• Update github/codeql-action action to v3 by @renovate[bot] in #585
• Update bundle manifests by @rhmdnd in #601
• Fix make bundle target by @Vincent056 in #593
• Update module sigs.k8s.io/controller-tools to v0.16.1 by @renovate[bot] in #583
• Update module k8s.io/pod-security-admission to v0.31.0 by @renovate[bot] in #599
• Update github.com/openshift/library-go digest to ade3966 by @renovate[bot] in #596
• Fix GHA for bundle tests by @rhmdnd in #600
• Update bundle annotations to include must-gather image by @rhmdnd in #602
• Update bundle files by @Vincent056 in #608
• fix: makefile had an incorrect phony by @prb112 in #609
• chore(deps): update github.com/openshift/api digest to 85dc560 by @renovate[bot] in #603
• CMP-2614: Implement update timestamps on ComplianceCheckResults by @Vincent056 in #591
• CMP-2615: Add a check aggregate to the compliance scan metadata by @Vincent056 in #588
• OCPBUGS-39417: Add service account and token for service monitoring by @Vincent056 in #613
• Allow access to clusterlogforwarder in observability API by @yuumasato in #616
• Release v1.6.0 by @rhmdnd in #615

Full Changelog: v1.5.0...v1.6.0

v1.6.2

What's Changed

• OCPBUGS-46839: Bump x/net dependency by @rhmdnd in #702
• Release v1.6.2 by @rhmdnd in #703

Full Changelog: v1.6.0...v1.6.2

v1.5.0

What's Changed

• CMP-2547: Implement ROSA e2e test suite by @rhmdnd in #515
• Add unique profile ID by @Vincent056 in #502
• CMP-2524: Only load node profiles for managed OpenShift by @rhmdnd in #518
• CMP-2526: Disable automatic remediation for ROSA HCP environments by @Vincent056 in #520
• Fix panic due to logging issue by @rhmdnd in #521
• Reduce timeout from 30 minutes to 10 minutes in serial tests by @rhmdnd in #522
• Release v1.4.1 by @rhmdnd in #499
• Use git describe for finding operator version by @rhmdnd in #500
• OCPBUGS-34535: Ignore case when compare platform by @Vincent056 in #525

Full Changelog: v1.4.1...v1.5.0

v1.4.1

What's Changed

• [COMPLY-1339] add compare if image equals by @muellerfabi in #429
• Fix e2e error by @Vincent056 in #490
• Add GitHub action to build image on new PR by @Vincent056 in #488
• Release v1.4.0 by @rhmdnd in #487
• CMP-2176: Implement replaces in bundle CSV by @rhmdnd in #475
• Fix e2e for TestManualRulesTailoredProfile by @Vincent056 in #495
• Update action workflows on PR image generation by @Vincent056 in #496
• Remove product validation in ScanSettingBinding by @Vincent056 in #489
• OCPBUGS-29272: Delete scan when SSB remove a profile by @Vincent056 in #492
• CMP-2401: Add STIG reference parser by @yuumasato in #494
• OCPBUGS-32216: Stop deleting the kubeletconfiglink by @yuumasato in #503
• Support disable profile bundle based on Arch by @Vincent056 in #504
• Fix a small typo by @SimonBaeumer in #506
• Add test file needed for testing CaC content by @Vincent056 in #493
• OCPBUGS-32797: updates the skipMetrics to include all platforms by @prb112 in #508
• Update actions/checkout action to v4 by @renovate in #410
• Update module github.com/coreos/ignition/v2 to v2.18.0 by @renovate in #484
• OCPBUGS-33067: Don't fatal error when filter cannot iterate by @yuumasato in #509
• Fix platform role detection for Power and Z architecture by @rhmdnd in #516

New Contributors

• @muellerfabi made their first contribution in #429
• @SimonBaeumer made their first contribution in #506
• @prb112 made their first contribution in #508

Full Changelog: v1.4.0...v1.4.1

Release v1.4.0

What's Changed

• Bump controller-runtime, k8s libraries, openshift/library go, adjust CO to the new versions by @jhrozek in #337
• Release v1.2.0 by @rhmdnd in #371
• Update UBI image to keep pace with GLIBC version by @rhmdnd in #373
• fix(deps): update module golang.org/x/net to v0.13.0 by @renovate in #368
• fix(deps): update module github.com/coreos/ignition/v2 to v2.16.2 by @renovate in #369
• fix(deps): update github.com/openshift/library-go digest to e1dfb9b by @renovate in #324
• fix(deps): update module k8s.io/pod-security-admission to v0.27.4 by @renovate in #329
• fix(deps): update module github.com/onsi/gomega to v1.27.10 by @renovate in #374
• trivial: fix minor typo in test name and resources by @rhmdnd in #352
• fix(deps): update module go.uber.org/zap to v1.25.0 by @renovate in #380
• fix(deps): update module golang.org/x/net to v0.14.0 by @renovate in #381
• chore(deps): update golang docker tag to v1.21 by @renovate in #379
• fix(deps): update github.com/openshift/library-go digest to d7e7bec by @renovate in #378
• fix(deps): update module github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring to v0.67.1 by @renovate in #343
• fix(deps): update module github.com/prometheus-operator/prometheus-operator/pkg/client to v0.67.1 by @renovate in #344
• chore(deps): update github.com/openshift/api digest to d7f5a4c by @renovate in #364
• fix(deps): update module github.com/onsi/ginkgo to v2 by @renovate in #362
• chore(deps): update github.com/openshift/client-go digest to be5346f by @renovate in #366
• Optimize how we check runtime KubeletConfig by @Vincent056 in #292
• Grant permissions required metal-toolbox workflow by @yuumasato in #390
• Add test content for kubeletconfig by @Vincent056 in #399
• Fix kubeletconfig e2e test by @Vincent056 in #400
• Update Workshop instructions and outputs by @yuumasato in #397
• OCPBUGS-17494: Fix hostmount propagation by @Vincent056 in #377
• OCPBUGS 18025 MCO depdency bump by @Vincent056 in #402
• fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.0 by @renovate in #393
• fix(deps): update kubernetes packages to v0.28.2 by @renovate in #385
• fix(deps): update module github.com/onsi/ginkgo to v2 by @renovate in #388
• chore(deps): update github.com/openshift/api digest to 693d4b6 by @renovate in #384
• chore(deps): update actions/checkout action to v3.6.0 by @renovate in #392
• fix(deps): update module github.com/securego/gosec/v2 to v2.17.0 by @renovate in #386
• fix(deps): update module sigs.k8s.io/controller-tools to v0.13.0 by @renovate in #387
• chore(deps): update docker/build-push-action action to v5 by @renovate in #411
• fix(deps): update github.com/openshift/library-go digest to b753831 by @renovate in #404
• fix(deps): update module go.uber.org/zap to v1.26.0 by @renovate in #408
• chore(deps): update docker/login-action action to v3 by @renovate in #412
• fix(deps): update module golang.org/x/net to v0.15.0 by @renovate in #409
• chore(deps): update github.com/openshift/client-go digest to 53bd898 by @renovate in #406
• Fix minor formatting issues by @rhmdnd in #417
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.16.2 by @renovate in #376
• fix(deps): update github.com/openshift/library-go digest to 405c343 by @renovate in #422
• fix(deps): update module github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring to v0.68.0 by @renovate in #405
• chore(deps): update github.com/openshift/api digest to 174e989 by @renovate in #421
• fix(deps): update module github.com/prometheus-operator/prometheus-operator/pkg/client to v0.68.0 by @renovate in #407
• chore(deps): update github.com/openshift/client-go digest to 848405d by @renovate in #426
• fix(deps): update module github.com/antchfx/xmlquery to v1.3.18 by @renovate in #427
• Fix minor spelling mistakes in contributor documentation by @rhmdnd in #428
• Workshop: Add new section for common rules by @yuumasato in #403
• Document namespace prefix when scanning a hosted cluster by @yuumasato in #382
• Remove ginkgo v2 dependency by @rhmdnd in #418
• CMP-2132: Implement suspend and resume scan schedule by @rhmdnd in #396
• Add Bhargavi as reviewer by @Vincent056 in #440
• Add enhancement for suspending and resuming scan schedules by @rhmdnd in #375
• fix(deps): update github.com/openshift/library-go digest to c91dd97 by @renovate in #436
• fix(deps): update module github.com/onsi/gomega to v1.28.0 by @renovate in #437
• fix(deps): update module github.com/prometheus/client_golang to v1.17.0 by @renovate in #438
• fix(deps): update module golang.org/x/net to v0.17.0 [security] by @renovate in #439
• chore(deps): update github.com/openshift/api digest to 8f468d7 by @renovate in #432
• Extend workshop with a section about jq filters by @yuumasato in #431
• chore(deps): update github.com/openshift/client-go digest to e81400b by @renovate in #433
• Docs: Fix URI for must-gather image by @yuumasato in #389
• fix(deps): update module github.com/google/go-cmp to v0.6.0 by @renovate in #442
• fix(deps): update module github.com/prometheus/client_model to v0.5.0 by @renovate in #443
• fix(deps): update module golang.org/x/mod to v0.13.0 by @renovate in #445
• chore(deps): update github.com/openshift/api digest to 096c446 by @renovate in #441
• Correct "ScanSettings" typo by @gojeaqui in #446
• Use golang 1.20 by @rhmdnd in #448
• Disable HTTP2 for metrics and the results server by @rhmdnd in #449
• [Enhancements]: Add Profile Name in Rule by @Vincent056 in #395
• Add an integration test to verify HTTP version usage by @rhmdnd in #451
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.16.3 by @renovate in https://github.com/ComplianceAsCode/compliance-op...

Release v1.3.1

Full Changelog: v1.3.0...v1.3.1