The security-inspector component is a key component for performing security inspections. This topic describes the features, usage notes, and release notes for security-inspector.
Overview
You can use security-inspector to scan workload configurations from various dimensions. This helps you better understand the security risks of your workloads. The following figure shows the architecture of security-inspector.
Usage notes
security-inspector provides the following inspection features:
security-inspector uses Polaris to perform security inspections. This allows you to detect security risks of workload configurations in your cluster in real time.
NotePolaris is an open source project that is used to identify security risks of workload configurations in a Kubernetes cluster. For more information, see Polaris.
security-inspector can scan workload configurations from various dimensions and provide reports that contain the following information: health checks, images, networks, resources, and security. This allows you to better understand the security risks of your applications in real time and reinforce your system based on the suggestions that are provided by security-inspector. For more information, see Use the inspection feature to detect security risks in the workloads of an ACK cluster.
Release notes
October 2024
Version | Image address | Release date | Description | Impact |
v0.15.0.0-g4218661-aliyun | registry-cn-hangzhou.ack.aliyuncs.com/acs/security-inspector:v0.15.0.0-g4218661-aliyun | 2024-10-10 | You can verify whether plaintext AccessKey pairs are stored in the environment variables. | No impact on workloads |
August 2024
Version | Image address | Release date | Description | Impact |
v0.14.1.0-g829a93d-aliyun | registry-cn-hangzhou.ack.aliyuncs.com/acs/security-inspector:v0.14.1.0-g829a93d-aliyun | 2024-08-01 | Version compatibility is optimized. | No impact on workloads |
July 2024
Version | Image address | Release date | Description | Impact |
v0.14.0.0-gfc02c67-aliyun | registry-cn-hangzhou.ack.aliyuncs.com/acs/security-inspector:v0.14.0.0-gfc02c67-aliyun | 2024-07-26 | Inspection tasks are run in the security-inspector namespace since this version. | No impact on workloads |
March 2024
Version | Image address | Release date | Description | Impact |
v0.13.0.0-g88dfa8f-aliyun | registry-cn-hangzhou.ack.aliyuncs.com/acs/security-inspector:v0.13.0.0-g88dfa8f-aliyun | 2024-03-26 | Role-based access control (RBAC)-related inspection items are supported, including wildcard check, check on the cluster-admin role, and check on modifications to predefined roles, such as system:basic-user, system:discovery, and system:public-info-viewer. | No impact on workloads |
February 2024
Version | Image address | Release date | Description | Impact |
v0.12.0.7-g6f9d47f-aliyun | registry-cn-hangzhou.ack.aliyuncs.com/acs/security-inspector:v0.12.0.7-g6f9d47f-aliyun | 2024-02-21 | You can specify whether the component uses the host network on the Add-ons page and modify the health check port. | No impact on workloads |
December 2023
Version | Image address | Release date | Description | Impact |
v0.11.0.3-ga2fad87-aliyun | registry-cn-hangzhou.ack.aliyuncs.com/acs/security-inspector:v0.11.0.3-ga2fad87-aliyun | 2023-12-21 | Modifications to the ttlSecondsAfterFinished configuration item for security-inspector-polaris-cronjob can be retained during component updates. | No impact on workloads |
June 2023
Version | Image address | Release date | Description | Impact |
v0.10.1.2-g13c9de7-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.10.1.2-g13c9de7-aliyun | 2023-06-02 |
| No impact on workloads |
April 2023
Version | Image address | Release date | Description | Impact |
v0.10.0.3-g15b35c4-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.10.0.3-g15b35c4-aliyun | 2023-04-13 | Kubernetes 1.26 is supported. | No impact on workloads |
February 2023
Version | Image address | Release date | Description | Impact |
v0.9.1.0-gcdddfa7-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.9.1.0-gcdddfa7-aliyun | 2023-02-27 | CVE-2023-0286 is fixed in the base image used by the image of the component. | No impact on workloads |
December 2022
Version | Image address | Release date | Description | Impact |
v0.9.0.0-g1d38ec6-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.9.0.0-g1d38ec6-aliyun | 2022-12-22 |
| No impact on workloads |
v0.8.3.2-ge5496db-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.8.3.2-ge5496db-aliyun | 2022-12-13 | This version is in canary release. The initialization process of security-inspector is accelerated. Previously, it requires a few minutes to initialize security-inspector after you install security-inspector. security-inspector cannot perform security inspections during the initialization period. | No impact on workloads |
August 2022
Version | Image address | Release date | Description | Impact |
v0.8.3.1-gf7bf0e0-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.8.3.1-gf7bf0e0-aliyun | 2022-08-30 | The message content of the | No impact on workloads |
June 2022
Version | Image address | Release date | Description | Impact |
v0.8.2.16-gc84d60d-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.8.2.16-gc84d60d-aliyun | 2022-06-21 |
| No impact on workloads |
April 2022
Version | Image address | Release date | Description | Impact |
v0.8.1.0-g58d1a56-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.8.1.0-g58d1a56-aliyun | 2022-04-11 |
| No impact on workloads |
February 2022
Version | Image address | Release date | Description | Impact |
v0.8.0.0-gb0edd1d-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.8.0.0-gb0edd1d-aliyun | 2022-02-15 |
| No impact on workloads |
December 2021
Version | Image address | Release date | Description | Impact |
v0.7.0.5-g8cc37b6-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.7.0.5-g8cc37b6-aliyun | 2021-12-03 |
| No impact on workloads |
September 2021
Version | Image address | Release date | Description | Impact |
v0.6.0.4-gc12ad66-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.6.0.4-gc12ad66-aliyun | 2021-09-20 |
| No impact on workloads |
June 2021
Version | Image address | Release date | Description | Impact |
v0.5.0.2-g5e33765-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.5.0.2-g5e33765-aliyun | 2021-06-24 | The issue that inspection reports are not displayed as expected when one Simple Log Service project is shared among multiple clusters is fixed. | No impact on workloads |
March 2021
Version | Image address | Release date | Description | Impact |
v0.4.0.0-g541eb31-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.4.0.0-g541eb31-aliyun | 2021-03-15 |
| No impact on workloads |
January 2021
Version | Image address | Release date | Description | Impact |
v0.3.0.2-gcb49252-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.3.0.2-gcb49252-aliyun | 2021-01-05 | Permissions of anonymous users can be scanned to identify risky RBAC permissions that are granted to the users. | No impact on workloads |
December 2020
Version | Image address | Release date | Description | Impact |
v0.2.0.22-gd1fbaff-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.2.0.22-gd1fbaff-aliyun | 2020-12-16 |
| No impact on workloads |
July 2020
Version | Image address | Release date | Description | Impact |
v0.1.0.3-g69f71f6-aliyun | registry.cn-hangzhou.aliyuncs.com/acs/security-inspector:v0.1.0.3-g69f71f6-aliyun | 2020-07-06 | Inspection tasks can be manually triggered to inspect the workloads in your cluster and generate inspection reports. | No impact on workloads |