This topic describes the changes, additions, known issues, and fixes for each version of the Kubernetes Connector. If Auto Upgrade is enabled in your Kubernetes Connector, you will automatically enjoy the latest released features without having to manually upgrade to the new version.
Kubernetes Connector releases
Cortex Cloud supports the following current Kubernetes Connector versions. Click the link to view the new features, addressed issues, and known issues per release.
Release version | Release notes | Release date |
|---|---|---|
2.0 | May 3, 2026 | |
1.4 | Jan 11, 2026 | |
1.3 | Nov 9, 2025 | |
1.2 | July 20, 2025 |
The following section describes the new features introduced in Kubernetes Connector version 2.0.
Feature | Description |
|---|---|
Agentless Kubernetes security | Expanded Agentless Kubernetes security helps eliminate security blind spots and reduces deployment friction by delivering visibility into inventory, compliance, and runtime images across AWS Kubernetes and containers. |
Unified Kubernetes cluster management | Manage your infrastructure from a single, streamlined interface. You can now access all controls directly from the Kubernetes Clusters page instead of navigating legacy connectivity screens. We consolidated these tools into a unified view to simplify your workflow and remove unnecessary navigation steps. |
Enhanced security and deployment for Kubernetes Connectors | Minimize your attack surface by applying stricter security controls to your Kubernetes connectors. Recent updates include:
|
Tag Kubernetes endpoints instantly | Automate your security deployment. Our new tag support for Kubernetes lets you seamlessly associate XDR security profiles with specific connectors during configuration. |
Enhanced KSPM Graph | We've introduced several design improvements to the KSPM Graph, focused on streamlining your user experience. You can now more intuitively explore the relationships between your workloads, nodes, and cloud resources to seamlessly map and manage your cluster topology and security posture. |
Maintain system availability | Maintain system availability during unexpected disruptions. You can now choose whether to allow or block requests if the admission controller is unreachable. We added a Failure Policy setting to give you full control over your environment's stability. |
On-demand Kubernetes cluster scans | Secure your environment instantly. You no longer have to wait for scheduled cycles to evaluate newly deployed resources, including your inventory, containers, and nodes. We added a "Request Scan" button and API support so you can trigger on-demand cluster scans and see results in minutes. |
Optimized resource usage | Optimize system performance by eliminating redundant security scans. Your devices run more efficiently because the XDR agent automatically disables Adaptive Vulnerability Assessment (AVA) when a KSPM connector is deployed. The KSPM posture module now handles the AVA scan directly to save local resources. |
Refer to KSPM limitations and system components for known limitations.
The following section describes the new features introduced in Kubernetes Connector version 1.4.
Feature | Description |
|---|---|
Secure OpenShift with container image scanning | Strengthen your software supply chain by identifying vulnerabilities earlier in the development lifecycle. Cortex Cloud KSPM now offers direct integration with the OpenShift Internal Registry, allowing you to automatically scan and secure images as soon as they are pushed to the registry . By leveraging the existing Kubernetes connector, you can now extend your security coverage to images stored in the registry. |
Interactive KSPM Graph (Beta) | Visualize your Kubernetes security posture across supported Kubernetes clusters using the new KSPM Graph. It provides an interactive visualization that maps relationships across your clusters, specifically illustrating Workload-to-Image relationships within Kubernetes Namespaces. It overlays critical security context, such as misconfigurations and detected vulnerabilities, directly onto the graph topology. This allows security and operations teams to quickly identify asset dependencies, correlate risk, and efficiently prioritize where to focus their response. |
Container image security scanning | Cortex Cloud expands its security coverage beyond agentless and agent-based scans with a Kubernetes-native container image and container drift scanning capability. Powered by the lightweight KSPM connector, it provides consistent detection of misconfigurations, vulnerabilities, malware, and exposed secrets across Kubernetes environments, managed or on-prem, where agentless disk scanning is not available. |
KSPM support for AWS EKS Fargate clusters | Gain comprehensive security visibility into container images, inventory, and compliance reporting for your nodeless clusters. We now support deploying the Kubernetes Connector directly onto AWS EKS Fargate environments. |
KSPM support for Rancher | Simplify security and gain central visibility across all your Rancher-managed Kubernetes clusters. The Kubernetes Connector now supports K3s, RKE, and RKE2 clusters. This allows you to unify security posture management, asset inventory, and compliance reporting for your Rancher-managed clusters alongside all other supported cloud and on-premises environments, ensuring consistent security policy enforcement across your entire infrastructure. |
Simplified navigation for Kubernetes Security | KSPM now has a dedicated navigation section under Modules. |
Refer to KSPM limitations and system components for known limitations.
The following section describes the new features introduced in Kubernetes Connector version 1.3.
Feature | Description |
|---|---|
Unified Kubernetes Onboarding | Streamlined Kubernetes onboarding process in a single, easy-to-use wizard. Now you can discover all available security capabilities based on your license, configure everything in one flow, and deploy your entire solution with one consolidated installer. |
Kubernetes Connector | Supports AKS, EKS, GKE, managed OpenShift, self-managed Kubernetes vanilla clusters, and self-managed OpenShift with a Kubernetes Native installation method of Helm Installer. For more details, see Supported Kubernetes distributions. |
KSPM Dashboard | A visual overview of your Kubernetes security posture. It includes inventory insights, protection coverage, most vulnerable clusters, malware and secrets detected, and more. |
Compliance standards | Enjoy out-of-the-box CIS compliance standards for Kubernetes environments (CIS EKS, CIS GKE, CIS AKS, CIS OpenShift, and CIS Kubernetes). |
Secrets, malware, and vulnerabilities | Generate secret, malware, and vulnerabilities posture issues by declaring policies on Kubernetes clusters |
The following table describes known limitations in the Kubernetes Connector release.
Feature | Description |
|---|---|
Connector onboarding and cluster identifier | The Kubernetes Connector automatically calculates the Kubernetes cluster cloud identifier by using the metadata service (for EKS and GKE) and cluster resources (for AKS).
|
The following section describes the new features introduced in Kubernetes Connector version 1.2.
Feature | Description |
|---|---|
Kubernetes Connector Onboarding | Supports AKS, EKS, GKE, managed OpenShift, and self-managed Kubernetes Vanilla clusters, with a Kubernetes Native installation method of Helm Installer. |
KSPM Dashboard | A visual overview of your Kubernetes security posture. It includes inventory insights, protection coverage, riskiest clusters, and more. |
Compliance standards | Enjoy out-of-the-box CIS compliance standards for Kubernetes environments (CIS EKS, CIS GKE, CIS AKS, CIS OpenShift, and CIS Kubernetes). |
Secrets, malware, and vulnerabilities | Generate secret, malware, and vulnerabilities posture issues by declaring policies on Kubernetes clusters |
AWS WAF Detection | Detect the presence of AWS WAF protecting Internet-exposed assets |
The following table describes known limitations in the Kubernetes Connector release.
Feature | Description |
|---|---|
Connector onboarding and cluster identifier | The Kubernetes Connector automatically calculates the Kubernetes cluster cloud identifier by using the metadata service (for EKS and GKE) and cluster resources (for AKS).
|