v2.17.8

Changelog

• 13da1ed Added part two of cloud run job reporting server/#4986 (#867)
• 586ed33 Cloud run: recover missing digests via registry lookup server/#4986 (#879)
• c4843b5 chore(deps): bump k8s.io/kubernetes in the go-dependencies group (#880)
• c64aa90 chore(deps): bump the go-dependencies group with 2 updates (#874)
• 4c7daa9 chore: add release Slack notifications (#881)
• 74cbbca chore: bump Golang to 1.26 (#877)
• 0655b5a chore: gofmt formatting (#872)
• 27cd0d7 docs: add make docs target for generating CLI reference docs (#868)
• b3e90dd feat: add hidden 'kosli attest override' command (#873)
• 9977a31 feat: add quiet flag to logger (#876)
• 80ca0c0 feat: support remote http(s) URLs for --policy in kosli evaluate (#875)
• 1c3c462 fix: bump Go from 1.25.9 to 1.25.10 to resolve Snyk vulnerabilities (#869)
• 60ff5d1 fix: prevent broken doc links from bare URLs in flag descriptions (#870)
• c2eb5d1 fix: use Mintlify MDX components in helm chart docs templates (#871)

v2.17.7

Changelog

• a387e8f Add Cloud Run Job support and clean up cloud-run wire format server/#4986 (#866)

v2.17.6

Changelog

• dfda890 Add Mintlify helm-docs template for k8s-reporter (#854)
• 0a56c39 Fixed bug when snapshot docker encounters an un-inspectable container server/#5597 (#863)
• 870a289 Update helm docs (#855)
• 3f890e7 chore(deps): bump google.golang.org/grpc in the go-dependencies group (#858)
• b1702a3 chore(deps): bump step-security/harden-runner (#859)
• ed4e2a2 chore(deps): bump the go-dependencies group with 5 updates (#865)
• 57afd5e chore: bump MongoDB to 5.0.32 (#850)
• d15f2ef chore: remove live-docs generation from CLI doc command (#862)
• 4a9eb54 chore: remove old Hugo docs generation (#856)
• cbc78dc chore: remove old Hugo docs generation (#856)
• 5215a94 fix: backtick http-proxy example URL to prevent broken doc links (#857)
• ed9e540 test(kube): tolerate IsNotFound on namespace cleanup (#860)

v2.17.5

Changelog

• 105c44c Added initial implementation of kosli snapshot cloud-run server/#4986 (#833)
• 2f6c27c Debug: expose Authorization, proxy, and response on errors (#852)
• 505a147 fix: suppress npm always-auth deprecation warning by upgrading to setup-node@v6 (#847)
• 224fe08 test: pin fingerprint capture cleanliness contract (#846)

v2.17.4

Changelog

• 3013750 chore(deps): bump github.com/open-policy-agent/opa (#844)
• aedfa70 chore(deps): bump kosli-dev/setup-cli-action from 4 to 5 (#841)
• bb9af43 chore(deps): bump the go-dependencies group with 9 updates (#842)
• 804ba44 fix: npm trusted publishing (#843)
• eb93aaa fix: remove version checks on all commands (#840)
• 8c75c0c fix: wire up Node 24 + setup-node for npm trusted publishing (#845)

v2.17.3

Changelog

• fad5e49 Added extra debug when doing kosli attest pullrequest github if the debug flag is set (#839)
• beda1fd Makefile: fixed setup_test_to_use_xxx to only clean up the cli containers and not all containers (#837)

v2.17.2

Changelog

• d4278e2 Allow Claude Code to push feature branches (#830)
• 60431e6 chore(deps): bump the go-dependencies group across 1 directory with 5 updates (#832)
• 5756662 contract testing adr (#808)
• 346ca39 docs: clarify --artifact-type=docker requires registry digest (#834)
• 475dd3d feat(evaluate): add --assert / --no-assert to make evaluate a policy decision point (#829)
• 6e52319 fix(ci): wait for versions json upload before dispatch (#835)
• a1a1f6e fix: update GitHub contract test fixture to a commit the API still associates with a PR (#836)
• 251f3bc fix: use json.Marshal instead of json.MarshalIndent for multipart data_json (#823)
• 2023a6e perf: use json.Marshal instead of json.MarshalIndent for non-multipart request bodies (#825) (#827)

v2.17.1

Changelog

• 8055fcb Fix: GitHub PR attestation misses PRs merged seconds before CI runs (#819)
• d91a7ca Introduce fakes and contract tests for AWS Lambda integration (#763)
• 1f6a8cd No hard coded values for sonar qube scan server/#5354 (#820)
• 7d1db1c ci: run AWS Lambda contract tests nightly (#806)
• ae1899a docs: clarify repo flag requirements and stable ID guidance (#791)
• 74fcf55 github fakes contract tests (#807)
• d8dfa94 test: remove credential-gated GitHub tests superseded by contract tests (#809)

v2.17.0

New features

• The CLI now checks for available updates after each command and prints a notice to stderr when a newer version is released. The notice is suppressed in debug mode and for commands with programmatic output (e.g. --output json).

Bug fixes

• Fixed attestation --name validation: names with a leading dot (e.g. .foo), trailing dot, or more than one dot (e.g. foo.bar.baz) are now rejected with a clear error message instead of being silently mishandled.

v2.16.0

What's Changed

• fix: skip legacy_ref self-references in checklinks plugin by @AlexKantor87 in #778
• feat(k8s-reporter): add extraVolumes, extraVolumeMounts, extraEnvVars, customCA by @AlexKantor87 in #777
• Remove dead Pipedrive chat widget from docs footer by @AlexKantor87 in #783
• 5348 sonar qube pr problem by @ToreMerkely in #780
• feat: use appVersion as a default CLI version by @mbevc1 in #785
• Enable retrieving sonarqube scan results for PRs by @FayeSGW in #784
• Update helm docs by @ci-signed-commit-bot[bot] in #786

Full Changelog: v2.15.3...v2.16.0