Page Comparison

29.2.24

2.28.0: GitHub Registry, reduce URLs for Image Assurance

Type: New Feature + improvements

Description:

Image Assurance 2.29.0:

Release Github Container Registry Scanning support
Reduced the number of URLs that need to be accessed by the agents (relevant for Scan Engine Version 2.0.0 only). CloudGuard agents must have connectivity to these region-specific URLs:

Region	URLs accessed by Image Assurance agent
United States (US)	https://api-cpx.dome9.com https://api.dome9.com
Europe (EU)	https://api-cpx.eu1.dome9.com https://api.eu1.dome9.com
Australia (AU)	https://api-cpx.ap2.dome9.com https://api.ap2.dome9.com
Canada (CA)	https://api-cpx.cace1.dome9.com https://api.cace1.dome9.com
India (IN)	https://api-cpx.ap3.dome9.com https://api.ap3.dome9.com
Singapore (SG)	https://api-cpx.ap1.dome9.com https://api.ap1.dome9.com

Security enhancements - all agents:

Image Assurance 2.29.0
Admission Control: Enforcer 2.11.0 & Policy 1.8.0
Inventory 1.14.0
Flow-logs 0.14.0
Runtime Policy 1.8.0

Affected Components: CloudGuard Workload Protection agents

15.1.23

Workload Protection for Kubernetes:

Description:

UI changes-

Workload Protection Menu

◦ Rename “Image Assurance” -> “Vulnerabilities”, “Vulnerabilities” -> “Findings”

GSL Builder

◦ Rename “Image Assurance” to "Workload Vulnerability"
◦ Add Package, Malware and Insecure content
◦ Mark "Finding" and "ImageScan" as Deprecated

Notification

◦ Rename "Image Assurance - Image Scan only" to "Vulnerability Scanning"

19.11.23

Workload Protection for Kubernetes: helm 2.24.3

Description:

Image Assurance 2.25.0

support Sonatype Nexus Registry scan

All features: Inventory 1.13.0; Image Assurance 2.25.0; Admission Control: enforcer 2.9.0, policy 1.7.0; Runtime Protection: policy 1.7.0; Flow Logs 0.12.0

improved telemetry
security enhancements

Affected Components: CloudGuard Workload Protection agents

24.10.23

Workload Protection for Kubernetes: helm 2.23.0

...

Support for GKE Autopilot (except for Runtime Protection)
Configure agents with node-critical and cluster-critical priority classes by default (improved support for clusters with small nodes)
Helm installation speedup
Support multiple DaemonSet configurations per node pool
Runtime Protection: keep running if EBPF probe can't be built/loaded; multiple optimizations
Inventory: Improved support for large inventory of Kubernetes resources
Change imageScan.mountPodman default to false (reduce dependencies on node configuration)
[internal] agents built using Go 1.20
[internal] system metrics are aggregated and sent once an hour
[internal] Helm CI improvements (lint stage)[internal] fixed http requests retry in imagescan agent

1.6.23

Return time zone-

Due to a wrong timezone that was presented at the UI,
we should send the timezone (in iso date format) from the APIs

...

Versions Compared

Old Version 11

New Version Current

Key