Skip to content

Merge external#2

Merged
l-mb merged 38 commits intomainfrom
merge-external
Feb 10, 2026
Merged

Merge external#2
l-mb merged 38 commits intomainfrom
merge-external

Conversation

@l-mb
Copy link
Collaborator

@l-mb l-mb commented Jan 27, 2026

Was originally developed in "l-mb", now with this repo fully setup, merging in.

l-mb and others added 30 commits January 27, 2026 16:35
@l-mb
Initial commit
47aa7a6
@l-mb
Implement RKE2 security-responder component per ADR-010 (#1)
7cd77b5 
Initial prototype:

- Add Go application for collecting cluster metadata
- Add Helm chart for CronJob deployment
- Add Dockerfile for container image
- Add Makefile for building and testing
- Add package.yaml for RKE2 integration
- Update README with comprehensive documentation
- Gather some initial metrics from cluster
- Submit to endpoint with limited retry

- Precommit hooks, linters
@l-mb
Introduce --verbose and --debug options
dedfef4
@l-mb
Detect GPU operator and availability
dc0695f
@l-mb
Report OS & kernel version and architecture
a7f2c1d
@l-mb
Report cni, ingress, and GPU operator versions as well
a9ad78d 
Security/CVE is very version dependent.
@l-mb
Note if under Rancher Manager management
75a65c1 
This could impact if we need to surface issues or can rely on RMS
to resolve them, or potential version incompatibilities affect
security posture.
@l-mb
Process server response to log potentially available new versions
65e7cdd 
This is a very bare minimum and needs refinement: how should this
be exposed?
@l-mb
Fix CI pipeline
8084318
@l-mb
golangci fixes to workflow
ec7ac88
@l-mb
Move build to subdirectory, unmask charts directory
14a0b88
@l-mb
Draft tests for CI pipeline
235382d
@l-mb
README.md: document tests
388c654
@l-mb
Leverage upx to massively shrink resulting binary
1c70d93
@l-mb
E2E: mock endpoint + dev flag for server-side filtering
f655fa4 
- Add SECURITY_RESPONDER_DEV env var to force dev flag
- Deploy mock HTTP server in e2e tests for full Send() validation
- Add real endpoint test step (continue-on-error until available)
- Helm chart: add extraEnv/extraArgs support
@l-mb
Derive version from git tag
60e3f56
@l-mb
Add dependabot, prepare for DCO
0296787 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@dependabot @l-mb
ci: bump golangci/golangci-lint-action from 7 to 9 (#2)
e0986f5 
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 7 to 9.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](golangci/golangci-lint-action@v7...v9)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-version: '9'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @l-mb
ci: bump actions/setup-go from 5 to 6 (#3)
b2a9e01 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @l-mb
ci: bump actions/checkout from 4 to 6 (#4)
9f67d2b 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@v4...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @l-mb
ci: bump github/codeql-action from 3 to 4 (#5)
4c47482 
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3 to 4.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@v3...v4)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: '4'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @l-mb
deps: bump golang.org/x/oauth2 from 0.21.0 to 0.27.0 (#8)
0351034 
Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.21.0 to 0.27.0.
- [Commits](golang/oauth2@v0.21.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/oauth2
  dependency-version: 0.27.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @l-mb
deps: bump golang.org/x/net from 0.26.0 to 0.38.0 (#7)
e235683 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.38.0.
- [Commits](golang/net@v0.26.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@l-mb
Update go to 1.25.5
71a8607 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Amend go version use
22cc83c 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@dependabot @l-mb
deps: bump the k8s group with 2 updates (#6)
1e64561 
Bumps the k8s group with 2 updates: [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) and [k8s.io/client-go](https://github.com/kubernetes/client-go).


Updates `k8s.io/apimachinery` from 0.31.6 to 0.35.0
- [Commits](kubernetes/apimachinery@v0.31.6...v0.35.0)

Updates `k8s.io/client-go` from 0.31.6 to 0.35.0
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](kubernetes/client-go@v0.31.6...v0.35.0)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s
- dependency-name: k8s.io/client-go
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: k8s
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@l-mb
Replace deprecated fake.NewSimpleClientset with NewClientset
c2e1135 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Address required permissions for CodeQL/Trivy
35ba98b
@l-mb @github-advanced-security
Potential fix for code scanning alert no. 5: Workflow does not contai…
6d3c69a 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@l-mb @github-advanced-security
Potential fix for code scanning alert no. 4: Workflow does not contai…
fd8bd0a 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
l-mb added 8 commits January 27, 2026 16:35
@l-mb
Refactor API calls slightly
93d176e 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Convert from slog to logrus
130bf1e 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Add AGENTS.md
f2ca737 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Detect IPv4/v6/dual-stack
9bac879 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Include Operating System as well
e360b40 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Include totals for CPU and RAM for agent/server
74fc8b8 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Introduce recommended/minimal metric sharing modes
b55eec4 
Also consolidate how to disable the responder if not used in
one place and via one method only.

Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb
Update AGENTS.md guidance
8308c08 
Signed-off-by: Lars Marowsky-Bree <lmb@suse.com>
@l-mb l-mb self-assigned this Jan 27, 2026
@github-advanced-security
Copy link
Contributor

github-advanced-security bot commented Jan 27, 2026

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@l-mb l-mb merged commit 8b88096 into main Feb 10, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@l-mb l-mb

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@l-mb