open-appsec [BETA]
WebsiteManagement PortalPlaygroundGitHub
Search…
⌃K
Links

Release Notes

Releases

Release
Date
Notes
1.2308-rc1
2023-02-24
"latest" agent side fixes
1.2303-rc1
2023-01-22
1.2301-rc1
2023-01-02
1.2245-rc3
2022-11-13
1.2243-rc2
2022-10-30
1.2242.1-rc1
2022-10-25
initial open-source release

Limitations

We are constantly working on resolving limitations listed here and adding enhanced functionality.
Let us know via the open-appsec GitHub or our Website Chat if you identified a potential issue/limitation or via our Website Chat as well if you have any ideas/requirements for additional features.
  • Declarative local management not supported yet, instead follow the installation steps to directly connect the open-appsec agent to WebUI (SaaS Management) until this is resolved, see documentation here or in WebUI

Declarative Management:

Kubernetes:
  • (Kong only) Declarative configuration for open-appsec for Kong requires Ingress Resource where the open-appsec Annotation can be added to. Currently doesn't work if there's no ingress resources available and traffic is sent to Kong Gateway directly. (Workaround if there's no ingress resources: Use central management)
  • only ingress resource rules which specify both keys are supported: host and path. Specifying just the path is not supported. In that case either add host key as temporary fix to your ingress rules if currently missing, or switch to WebUI (SaaS) management instead of local declarative management. This will be fixed soon. (Note: This does not impact the optional specific rules as defined in the open-appsec policy CRD.)
General:
  • Defining Snort signatures and API schema in open-appsec for K8s and NGINX is not supported yet (this is supported when using central Management via WebUI (SaaS))
  • "Redirect" action in CustomResponse CRD/config is not supported (use "block-page" or "response-code-only" options until this is available)

SaaS Management (WebUI):

  • Creating a second tenant using same email address is not supported (user can be added to another tenant with another main email address as an additional user)
  • You can only have a single asset using wildcard resource for each HTTP as well as HTTPS (e.g.: http://* and https://* ) per tenant. This will be resolved soon.
  • Adding Google or GitHub users as additional users to a tenant is not supported (use regular users with email addresses instead)

Tools:

  • CLI tools for macOS are not available yet

Platform support:

  • Envoy and Ambassador support not available yet
Previous
open-appsec Video Tutorials
Next - Getting started
Getting Started
Last modified 26d ago