Skip to content

v0.4.14

Choose a tag to compare

View all tags
@miki725 miki725 released this 11 Nov 17:46
· 189 commits to main since this release
v0.4.14
This tag was signed with the committer’s verified signature.
miki725 Miroslav Shubernetskiy
GPG key ID: 991175EBA30A4DAD
Verified
Learn about vigilant mode.
e71a215
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Download binaries at https://crashoverride.com/downloads

Breaking Changes

  • Changes in embed attestation provider configuration. Removed attestation_key_embed.location configuration. It is replaced with these configurations:

    • attestation_key_embed.filename
    • attestation_key_embed.save_path
    • attestation_key_embed.get_paths

    This allows to separate paths where chalk setup look-ups keys as well where chalk will save generated key. Also this allows to lookup keys relative to chalk binary which is better suited for CI workflows where it might not be desirable to add additional files in current working directory. (#445)

  • chalk setup requires interactive shell to generate new key-material. This will avoid accidentally generating new keys in CI. (#447)

Fixes

  • When running semgrep, its always added to PATH, as otherwise semgrep is not able to find pysemgrep folder. (#439)
  • Docker pushing non-chalked images did not report metsys plugin keys such as _EXIT_CODE, _CHALK_RUN_TIME. (#438)
  • External tools for non-file artifacts (e.g. docker image) sent duplicate keys in both report-level as well as chalk-mark level. For example SBOM key with equivalent content was duplicated twice. (#440)
  • Memory leak in HTTP wrappers in nimutils. This mostly manifested in chalk exec when heartbeats were enabled as roughly each heartbeat would increase memory footprint by ~1Mb. (#443)

New Features

  • _EXEC_ID key which is unique for each chalk execution for all commands while chalk process is alive. For example it will send consistent values for both exec and heartbeat reports hence allowing to tie both reports together.
  • heartbeat report template. It is a minimal reporting template which is now used as the default report template for all heartbeat reports. Main purpose of heartbeat is to indicate liveliness hence such a minimal report. All other metadata should be collected as part of exec report instead.

Commits since the previous tag: v0.4.13...v0.4.14

Assets 2
Loading