remove kubeconform again as it has critical CVEs

alexander-dammeier · alexander-dammeier · commit d5b3c64f6b94 · 2026-03-04T15:02:27.000Z
Some users were not allowed to use the image because of the CVEs
diff --git a/.github/actions/build-and-test/action.yml b/.github/actions/build-and-test/action.yml
@@ -32,10 +32,6 @@ runs:
       shell: bash
       run: docker run --rm helm-docker-test kubeval --version
 
-    - name: Test helm-kubeconform
-      shell: bash
-      run: docker run --rm helm-docker-test kubeconform --help
-
     - name: Cleanup
       shell: bash
       run: sudo rm -rf test-chart val1.yaml val2.yaml
diff --git a/.github/workflows/automaticRelease.yml b/.github/workflows/automaticRelease.yml
@@ -48,7 +48,6 @@ jobs:
 
             - [Helm](https://www.helm.sh):${{ steps.compare_releases.outputs.helmRelease }}
             - [Helm-kubeval](https://github.com/instrumenta/helm-kubeval):0.13.0
-            - [Helm-kubeconform](https://github.com/jtyr/kubeconform-helm):0.2.0
             - [Helm-values](https://github.com/shihyuho/helm-values):1.2.0
             
             The image can be pulled with `$ docker pull ghcr.io/cloudogu/helm:${{ steps.compare_releases.outputs.helmRelease }}-1`
diff --git a/Dockerfile b/Dockerfile
@@ -6,7 +6,6 @@ ARG HELM_VERSION=4.1.1
 # Kubeval does not have tags, so we use a commit
 ARG HELM_KUBEVAL_VERSION=7476464
 ARG HELM_VALUES_VERSION=1.2.0
-ARG HELM_KUBECONFORM_VERSION=v0.2.0
 
 # Make helm install everything in defined folder
 ENV HOME=/helm
@@ -32,9 +31,6 @@ RUN git clone -n https://github.com/instrumenta/helm-kubeval ${HOME}/.local/shar
     HELM_PLUGIN_DIR=$(pwd) scripts/install.sh && \
     rm -rf .git
 
-# install helm-kubeconform
-RUN helm plugin install https://github.com/jtyr/kubeconform-helm --version ${HELM_KUBECONFORM_VERSION} || helm plugin install https://github.com/jtyr/kubeconform-helm --version ${HELM_KUBECONFORM_VERSION} --verify=false
-
 # install helm-values
 RUN git clone --depth 1 --branch ${HELM_VALUES_VERSION} https://github.com/shihyuho/helm-values /tmp/helm-values
 # helm 3 removed the option "home" to get helms home-path, so "helm home" won't work with helm 3
@@ -61,9 +57,9 @@ ENV HELM_CACHE_HOME="/helm/.cache/helm" \
     HELM_REGISTRY_CONFIG="/helm/.config/helm/registry.json" \
     HELM_REPOSITORY_CACHE="/helm/.cache/helm/repository" \
     HELM_REPOSITORY_CONFIG="/helm/.config/helm/repositories.yaml" \
-    PATH="/helm/.local/share/helm/plugins/helm-kubeval/bin:/helm/.local/share/helm/plugins/kubeconform-helm/bin:$PATH"
+    PATH="/helm/.local/share/helm/plugins/helm-kubeval/bin:$PATH"
  
-RUN apk add --update --no-cache ca-certificates curl git openssl bash python3 py3-yaml
+RUN apk add --update --no-cache ca-certificates curl git openssl bash
 COPY --from=builder /dist /
 
 ENTRYPOINT ["helm"]
diff --git a/README.md b/README.md
@@ -7,7 +7,6 @@ Containerized Kubernetes Helm client with support for plugins
 
 ```bash
 helm kubeval
-helm kubeconform
 helm values 
 ```
 
