"latest" agent side fixes
initial open-source release
We are constantly working on resolving limitations listed here and adding enhanced functionality.
- Declarative local management not supported yet, instead follow the installation steps to directly connect the open-appsec agent to WebUI (SaaS Management) until this is resolved, see documentation here or in WebUI
- (Kong only) Declarative configuration for open-appsec for Kong requires Ingress Resource where the open-appsec Annotation can be added to. Currently doesn't work if there's no ingress resources available and traffic is sent to Kong Gateway directly. (Workaround if there's no ingress resources: Use central management)
- only ingress resource rules which specify both keys are supported: host and path. Specifying just the path is not supported. In that case either add host key as temporary fix to your ingress rules if currently missing, or switch to WebUI (SaaS) management instead of local declarative management. This will be fixed soon. (Note: This does not impact the optional specific rules as defined in the open-appsec policy CRD.)
- Defining Snort signatures and API schema in open-appsec for K8s and NGINX is not supported yet (this is supported when using central Management via WebUI (SaaS))
- "Redirect" action in CustomResponse CRD/config is not supported (use "block-page" or "response-code-only" options until this is available)
- Creating a second tenant using same email address is not supported (user can be added to another tenant with another main email address as an additional user)
- You can only have a single asset using wildcard resource for each HTTP as well as HTTPS (e.g.: http://* and https://* ) per tenant. This will be resolved soon.
- Adding Google or GitHub users as additional users to a tenant is not supported (use regular users with email addresses instead)
- CLI tools for macOS are not available yet
- Envoy and Ambassador support not available yet