v0.1.9

What's Changed

CI:

• Fixed Codecov plugin issues
• Refresh container image every Sunday night
• Git auto CRLF set to false git config --global core.autocrlf false
• Bumped multiple actions
• Bash CI to automate go version bump from one source of truth (config/config)

Code:

• golang:1.22 as builder containerfile image
• The k8s service resource is now settable from the values.yaml
• Introduced Fuzz testing for profile filenames
• If POLL_TIME is set less than 1 it will default to 1 second

Project Security Fixes

• Signed commits: git config commit.gpgsign true
• Added repository Security policy
• Added OpenSSF scorecard workflow
• Least Privileged GitHub Actions Token Permissions: setting minimum token permissions for the GITHUB_TOKEN
• Pinning actions to full length commit
• Intergated Harden-Runner in the CI: it prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.
• Pinned image tags to digests in Dockerfiles.
• Closed 44 (!) security issues coming from Scorecard security scanner. Also with the help of stepsecurity.io

Full Changelog: v0.1.5...v0.1.9