Skip to content

Releases: shinobistack/gokakashi

Test latest

03 Feb 10:37
@github-actions github-actions
latest
108cf9d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Test latest Latest
Latest

🚀

Assets 7
Loading

Release v0.0.4

12 Oct 14:15
@ashwiniag ashwiniag
v0.0.4
c84b539
Compare
Choose a tag to compare
Release v0.0.4

New Features:

Provides API endpoints for initiating image scans and tracking their status.

  • POST requests: http://<hostname>:<port>/api/v0/scan
curl -X POST "http://<host>:8000/api/v0/scan?image=<single image>&severity=CRITICAL&publish=<configured_webserver>" \
  -H "Authorization: Bearer <token>"
  • GET requests: /api/v0/scan/{scan_id}/status
curl -X GET "http://<host>:8000/api/v0/scan/scan-1728731994245877000/status" \
  -H "Authorization: Bearer  <token>"
  • List both directories and files in the specified report_sub_dir for each website configuration. Example The host:port/reports/ endpoint now displays both directories and files, making it easier for users to navigate and view scan results.

Enhancements:

  • The websites configuration section has been updated to allow users to define multiple host configuration and flexibility to utilise it.
  • Supports scenarios where multiple reports are generated for a single POST scan.
Assets 2
Loading

Release v0.0.3

30 Sep 06:06
@ashwiniag ashwiniag
v0.0.3
132b80d
Compare
Choose a tag to compare
Release v0.0.3

New Features:

1. GCR Support
Added support for Google Container Registry (GCR) using service account authentication, enabling secure, non-interactive image pulls, ideal for CI/CD pipelines.

2. Flexible Authentication
Introduced unified authentication support for basicAuth (DockerHub) and serviceAccount (GCR), with a config-driven approach to easily add future authentication methods.

3. Linear Issue Title Customization
Default Linear issue titles now include image name and tag for better traceability along with support for user-defined titles

Enhancements:

1. Config-Driven Flexibility
Authentication types are now configurable in config.yaml, making it easier to switch between registries without code changes.

2. Future-Ready Design
The new structure supports easy expansion to new registries and authentication methods with minimal refactoring.

Assets 2
Loading

goKakashi v0.0.1 - Initial Release

13 Sep 12:28
@ashwiniag ashwiniag
v0.0.1
1f167df
Compare
Choose a tag to compare
goKakashi v0.0.1 - Initial Release

We are excited to announce the first release of goKakashi, a tool designed to simplify vulnerability scanning for Docker images across multiple registries with integrated policy-based scanning and notifications.

Key Features:

Multi-Registry Support: Supports Docker Hub as of now. (AWS ECR, GCR, and more for future enhancements)
Automated Vulnerability Scanning: Uses Trivy to scan Docker images with customizable scan policies.
Notification Integration: Automatically create tickets in Linear for detected vulnerabilities based on scan severity. It creates unique linear issue and avoid de-duplication on executing frequently.
Report Hosting: Serve public and private reports via web servers.

How to Use:

Set up your configuration using YAML or .env.
Define scan policies for Docker images and registries.
Scan and generate reports, with notifications sent automatically to issue tracking tools.

Assets 2
Loading