Helm Charts
Pre-patched wrapper Helm charts that override upstream image references with Verity's security-patched equivalents. Install a chart and every container image is already patched.
53
Charts
160
Image Overrides
655
Open CVEs
OCI
Registry
How it works
1. Wrapper chart
A thin Helm chart that declares the original chart as a dependency and overrides values.yaml to point image references at patched versions.
2. OCI registry
Wrapper charts are pushed to
oci://ghcr.io/verity-org/charts and can be installed directly via helm install.
3. Drop-in replace
Install the wrapper chart instead of the original. Helm resolves the dependency and applies all patched image overrides automatically.
Available Charts
prometheus
v29.7.0 0 CVE 11 overrides helm install prometheus oci://ghcr.io/verity-org/charts/prometheus --version 29.7.0
Original Type CVEs Patched Reference
registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.18.0
Patched
0 CVE
ghcr.io/verity-org/kube-state-metrics:2.18.0
quay.io/prometheus/pushgateway:v1.11.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/pushgateway:1.11
quay.io/prometheus/node-exporter:v1.11.1
Patched
0 CVE
ghcr.io/verity-org/prometheus/node-exporter:v1.11.1
quay.io/prometheus-operator/prometheus-config-reloader:v0.91.0
Patched
0 CVE
ghcr.io/verity-org/prometheus-operator/prometheus-config-reloader:v0.91.0
kube-state-metrics.image
prometheus-pushgateway.image
prometheus-node-exporter.image
alertmanager.configmapReload.image
kube-state-metrics.global.imageRegistry
prometheus-node-exporter.global.imageRegistry
prometheus-pushgateway.global.imageRegistry
victoria-logs-single
v0.12.4 0 CVE 0 overrides helm install victoria-logs-single oci://ghcr.io/verity-org/charts/victoria-logs-single --version 0.12.4
Original Type CVEs Patched Reference
postgres-operator
v1.15.1 0 CVE 2 overrides helm install postgres-operator oci://ghcr.io/verity-org/charts/postgres-operator --version 1.15.1
Original Type CVEs Patched Reference
ghcr.io/zalando/postgres-operator:v1.15.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/postgres-operator:1.15
image
kyverno
v3.7.2 0 CVE 12 overrides helm install kyverno oci://ghcr.io/verity-org/charts/kyverno --version 3.7.2
Original Type CVEs Patched Reference
reg.kyverno.io/kyverno/kyvernopre:v1.17.2
Patched
0 CVE
ghcr.io/verity-org/kyverno-kyvernopre:1.17
reg.kyverno.io/kyverno/kyverno:v1.17.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/kyverno:1.17
reg.kyverno.io/kyverno/background-controller:v1.17.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/kyverno-background-controller:1.17
reg.kyverno.io/kyverno/cleanup-controller:v1.17.2
Patched
0 CVE
ghcr.io/verity-org/kyverno-cleanup-controller:1.17
reg.kyverno.io/kyverno/reports-controller:v1.17.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/kyverno-reports-controller:1.17
ghcr.io/kyverno/readiness-checker:v0.1.0
Patched
0 CVE
ghcr.io/verity-org/kyverno-readiness-checker:1.17
admissionController.initContainer.image
admissionController.container.image
backgroundController.image
cleanupController.image
reportsController.image
test.image
argo-cd
v9.5.14 0 CVE 4 overrides helm install argo-cd oci://ghcr.io/verity-org/charts/argo-cd --version 9.5.14
Original Type CVEs Patched Reference
quay.io/argoproj/argocd:v3.4.2
Patched
0 CVE
ghcr.io/verity-org/argocd:3.3
ghcr.io/dexidp/dex:v2.45.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/dex:2
global.image
dex.image
dex
v0.24.0 0 CVE 2 overrides helm install dex oci://ghcr.io/verity-org/charts/dex --version 0.24.0
Original Type CVEs Patched Reference
ghcr.io/dexidp/dex:v2.44.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/dex:2
image
metrics-server
v3.13.0 0 CVE 2 overrides helm install metrics-server oci://ghcr.io/verity-org/charts/metrics-server --version 3.13.0
Original Type CVEs Patched Reference
registry.k8s.io/metrics-server/metrics-server:v0.8.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/metrics-server:0.8
image
opensearch
v3.6.0 0 CVE 2 overrides helm install opensearch oci://ghcr.io/verity-org/charts/opensearch --version 3.6.0
Original Type CVEs Patched Reference
opensearchproject/opensearch:3.6.0
Patched
0 CVE
ghcr.io/verity-org/opensearch:3
image
opensearch-dashboards
v3.6.0 0 CVE 2 overrides helm install opensearch-dashboards oci://ghcr.io/verity-org/charts/opensearch-dashboards --version 3.6.0
Original Type CVEs Patched Reference
opensearchproject/opensearch-dashboards:3.6.0
Patched
0 CVE
ghcr.io/verity-org/opensearch-dashboards:3
image
rabbitmq-cluster-operator
v0.2.3 0 CVE 7 overrides helm install rabbitmq-cluster-operator oci://ghcr.io/verity-org/charts/rabbitmq-cluster-operator --version 0.2.3
Original Type CVEs Patched Reference
docker.io/rabbitmqoperator/cluster-operator:2.19.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/rabbitmqoperator/cluster-operator:2.19.1
docker.io/rabbitmqoperator/default-user-credential-updater:1.0.9
Patched
0 CVE
ghcr.io/verity-org/rabbitmqoperator/default-user-credential-updater:1.0.9
docker.io/rabbitmqoperator/messaging-topology-operator:1.18.3
Patched
0 CVE
ghcr.io/verity-org/rabbitmqoperator/messaging-topology-operator:1.18.3
clusterOperator.image
credentialUpdaterImage
msgTopologyOperator.image
global.imageRegistry
cert-manager
v1.20.2 0 CVE 3 overrides helm install cert-manager oci://ghcr.io/verity-org/charts/cert-manager --version 1.20.2
Original Type CVEs Patched Reference
quay.io/jetstack/cert-manager-cainjector:v1.20.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-cainjector:1.20.2
quay.io/jetstack/cert-manager-controller:v1.20.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-controller:1.20.2
quay.io/jetstack/cert-manager-webhook:v1.20.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-webhook:1.20.2
ingress-nginx
v4.15.1 0 CVE 2 overrides helm install ingress-nginx oci://ghcr.io/verity-org/charts/ingress-nginx --version 4.15.1
Original Type CVEs Patched Reference
registry.k8s.io/ingress-nginx/controller:v1.15.1
Patched
0 CVE
ghcr.io/verity-org/kubernetes/ingress-nginx/controller:v1.15.1
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.9
Patched
0 CVE
ghcr.io/verity-org/kubernetes/ingress-nginx/kube-webhook-certgen:v1.6.9
external-dns
v1.21.1 0 CVE 2 overrides helm install external-dns oci://ghcr.io/verity-org/charts/external-dns --version 1.21.1
Original Type CVEs Patched Reference
registry.k8s.io/external-dns/external-dns:v0.21.0
Patched
0 CVE
ghcr.io/verity-org/external-dns:0.18
image
consul
v1.9.718
2 overrides helm install consul oci://ghcr.io/verity-org/charts/consul --version 1.9.7
Original Type CVEs Patched Reference
hashicorp/consul-k8s-control-plane:1.9.7
Patched
18
ghcr.io/verity-org/hashicorp/consul-k8s-control-plane:1.9.7
hashicorp/consul:1.22.7
Patched
0 CVE
ghcr.io/verity-org/hashicorp/consul:1.22.7
valkey
v0.20.2 0 CVE 0 overrides helm install valkey oci://ghcr.io/verity-org/charts/valkey --version 0.20.2
Original Type CVEs Patched Reference
etcd
v0.7.1 0 CVE 3 overrides helm install etcd oci://ghcr.io/verity-org/charts/etcd --version 0.7.1
Original Type CVEs Patched Reference
gcr.io/etcd-development/etcd:v3.6.11
Wolfi-Based
0 CVE
ghcr.io/verity-org/etcd:3.6
image
global.imageRegistry
velero
v12.0.1 0 CVE 2 overrides helm install velero oci://ghcr.io/verity-org/charts/velero --version 12.0.1
Original Type CVEs Patched Reference
docker.io/velero/velero:v1.18.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/velero:1.18.0
image
operator
v7.1.1 0 CVE 2 overrides helm install operator oci://ghcr.io/verity-org/charts/operator --version 7.1.1
Original Type CVEs Patched Reference
quay.io/minio/operator:v7.1.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/minio-operator:7.1.1
operator.image
loki
v7.0.0 0 CVE 4 overrides helm install loki oci://ghcr.io/verity-org/charts/loki --version 7.0.0
Original Type CVEs Patched Reference
docker.io/grafana/loki:3.6.7
Wolfi-Based
0 CVE
ghcr.io/verity-org/loki:3.6
docker.io/kiwigrid/k8s-sidecar:2.5.0
Patched
0 CVE
ghcr.io/verity-org/kiwigrid/k8s-sidecar:2.5.0
loki.image
sidecar.image
grafana
v10.5.15 0 CVE 2 overrides helm install grafana oci://ghcr.io/verity-org/charts/grafana --version 10.5.15
Original Type CVEs Patched Reference
docker.io/grafana/grafana:12.3.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/grafana:12.3
image
mimir-distributed
v6.0.6 0 CVE 2 overrides helm install mimir-distributed oci://ghcr.io/verity-org/charts/mimir-distributed --version 6.0.6
Original Type CVEs Patched Reference
grafana/mimir:3.0.4
Wolfi-Based
0 CVE
ghcr.io/verity-org/mimir:3.0
image
tempo-distributed
v1.61.3 0 CVE 2 overrides helm install tempo-distributed oci://ghcr.io/verity-org/charts/tempo-distributed --version 1.61.3
Original Type CVEs Patched Reference
ghcr.io/grafana/tempo:2.9.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/tempo:2
tempo.image
argo-rollouts
v2.40.9 0 CVE 2 overrides helm install argo-rollouts oci://ghcr.io/verity-org/charts/argo-rollouts --version 2.40.9
Original Type CVEs Patched Reference
quay.io/argoproj/argo-rollouts:v1.9.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/argo-rollouts:1
controller.image
jenkins
v5.9.19 0 CVE 4 overrides helm install jenkins oci://ghcr.io/verity-org/charts/jenkins --version 5.9.19
Original Type CVEs Patched Reference
docker.io/jenkins/jenkins:2.555.2-jdk21
Patched
0 CVE
ghcr.io/verity-org/jenkins:2
docker.io/kiwigrid/k8s-sidecar:2.6.0
Patched
0 CVE
ghcr.io/verity-org/kiwigrid/k8s-sidecar:2.6.0
controller.image
controller.sidecars.configAutoReload.image
traefik
v39.0.9 0 CVE 2 overrides helm install traefik oci://ghcr.io/verity-org/charts/traefik --version 39.0.9
Original Type CVEs Patched Reference
docker.io/traefik:v3.6.15
Wolfi-Based
0 CVE
ghcr.io/verity-org/traefik:3.6
image
alloy
v1.8.1117281
5 overrides helm install alloy oci://ghcr.io/verity-org/charts/alloy --version 1.8.1
Original Type CVEs Patched Reference
docker.io/grafana/alloy:v1.16.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/grafana-alloy:1
quay.io/prometheus-operator/prometheus-config-reloader:v0.81.0
Patched
117281
ghcr.io/verity-org/prometheus-operator/prometheus-config-reloader:v0.81.0
image
configReloader.image
global.image.registry
openbao
v0.28.2 0 CVE 4 overrides helm install openbao oci://ghcr.io/verity-org/charts/openbao --version 0.28.2
Original Type CVEs Patched Reference
docker.io/hashicorp/vault-k8s:1.7.2
Patched
0 CVE
docker.io/hashicorp/vault-k8s:1.7.2
quay.io/openbao/openbao:2.5.3
Patched
0 CVE
ghcr.io/verity-org/openbao:2
injector.image
csi.agent.image
airflow
v1.21.083212419314
6 overrides helm install airflow oci://ghcr.io/verity-org/charts/airflow --version 1.21.0
Original Type CVEs Patched Reference
apache/airflow:3.2.0
Patched
0 CVE
ghcr.io/verity-org/airflow:3
bitnamilegacy/postgresql:16.1.0-debian-11-r15
Patched
525871247
ghcr.io/verity-org/bitnamilegacy/postgresql:16.1.0-debian-11-r15
redis:7.2-bookworm
Patched
3737697
ghcr.io/verity-org/redis:7.2-bookworm
images.pgbouncerExporter
postgresql.image
images.redis
gitea
v12.6.0412501177
1 override helm install gitea oci://ghcr.io/verity-org/charts/gitea --version 12.6.0
Original Type CVEs Patched Reference
docker.io/bitnamilegacy/postgresql:17.6.0-debian-12-r4
Patched
412501177
ghcr.io/verity-org/bitnamilegacy/postgresql:17.6.0-debian-12-r4
crossplane
v2.2.1 0 CVE 2 overrides helm install crossplane oci://ghcr.io/verity-org/charts/crossplane --version 2.2.1
Original Type CVEs Patched Reference
xpkg.crossplane.io/crossplane/crossplane:v2.2.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/crossplane:2
image
minio
v5.4.0 0 CVE 2 overrides helm install minio oci://ghcr.io/verity-org/charts/minio --version 5.4.0
Original Type CVEs Patched Reference
quay.io/minio/minio:RELEASE.2024-12-18T13-15-44Z
Wolfi-Based
0 CVE
ghcr.io/verity-org/minio:RELEASE
image
chartmuseum
v3.10.4 0 CVE 2 overrides helm install chartmuseum oci://ghcr.io/verity-org/charts/chartmuseum --version 3.10.4
Original Type CVEs Patched Reference
ghcr.io/helm/chartmuseum:v0.16.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/chartmuseum:0
image
trivy-operator
v0.32.1 0 CVE 3 overrides helm install trivy-operator oci://ghcr.io/verity-org/charts/trivy-operator --version 0.32.1
Original Type CVEs Patched Reference
mirror.gcr.io/aquasec/trivy-operator:0.30.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/trivy-operator:0
image
global.image.registry
victoria-metrics-single
v0.38.0 0 CVE 2 overrides helm install victoria-metrics-single oci://ghcr.io/verity-org/charts/victoria-metrics-single --version 0.38.0
Original Type CVEs Patched Reference
victoriametrics/victoria-metrics:v1.143.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/victoriametrics:1
server.image
meilisearch
v0.32.0 0 CVE 2 overrides helm install meilisearch oci://ghcr.io/verity-org/charts/meilisearch --version 0.32.0
Original Type CVEs Patched Reference
getmeili/meilisearch:v1.42.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/meilisearch:1
image
weaviate
v17.8.0 0 CVE 2 overrides helm install weaviate oci://ghcr.io/verity-org/charts/weaviate --version 17.8.0
Original Type CVEs Patched Reference
cr.weaviate.io/semitechnologies/weaviate:1.37.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/weaviate:1
docker.io/alpine:latest
Patched
0 CVE
ghcr.io/verity-org/alpine:latest
atlantis
v6.4.0 0 CVE 2 overrides helm install atlantis oci://ghcr.io/verity-org/charts/atlantis --version 6.4.0
Original Type CVEs Patched Reference
ghcr.io/runatlantis/atlantis:v0.43.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/atlantis:0
image
vault
v0.32.0 0 CVE 4 overrides helm install vault oci://ghcr.io/verity-org/charts/vault --version 0.32.0
Original Type CVEs Patched Reference
hashicorp/vault-k8s:1.7.2
Patched
0 CVE
docker.io/hashicorp/vault-k8s:1.7.2
hashicorp/vault:1.21.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/vault:1
injector.image
csi.agent.image
falco
v8.0.5 0 CVE 6 overrides helm install falco oci://ghcr.io/verity-org/charts/falco --version 8.0.5
Original Type CVEs Patched Reference
docker.io/falcosecurity/falco:0.43.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/falco:0
docker.io/falcosecurity/falcoctl:0.12.2
Patched
0 CVE
docker.io/falcosecurity/falcoctl:0.12.2
docker.io/falcosecurity/falco-driver-loader:0.43.1
Patched
0 CVE
docker.io/falcosecurity/falco-driver-loader:0.43.1
image
falcoctl.image
driver.loader.initContainer.image
nats
v2.14.0 0 CVE 6 overrides helm install nats oci://ghcr.io/verity-org/charts/nats --version 2.14.0
Original Type CVEs Patched Reference
natsio/nats-box:0.19.5
Patched
0 CVE
docker.io/natsio/nats-box:0.19.5
nats:2.14.0-alpine
Wolfi-Based
0 CVE
ghcr.io/verity-org/nats:2
natsio/nats-server-config-reloader:0.23.0
Patched
0 CVE
docker.io/natsio/nats-server-config-reloader:0.23.0
natsBox.container.image
container.image
reloader.image
contour
v0.5.0 0 CVE 4 overrides helm install contour oci://ghcr.io/verity-org/charts/contour --version 0.5.0
Original Type CVEs Patched Reference
ghcr.io/projectcontour/contour:v1.33.4
Wolfi-Based
0 CVE
ghcr.io/verity-org/contour:1.33.4
docker.io/envoyproxy/envoy:v1.35.10
Wolfi-Based
0 CVE
ghcr.io/verity-org/envoy:1.35
contour.image
envoy.image
aws-load-balancer-controller
v1.17.1 0 CVE 2 overrides helm install aws-load-balancer-controller oci://ghcr.io/verity-org/charts/aws-load-balancer-controller --version 1.17.1
Original Type CVEs Patched Reference
public.ecr.aws/eks/aws-load-balancer-controller:v2.17.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/aws-load-balancer-controller:2
image
cert-manager-csi-driver
vv0.14.02108216
3 overrides helm install cert-manager-csi-driver oci://ghcr.io/verity-org/charts/cert-manager-csi-driver --version v0.14.0
Original Type CVEs Patched Reference
quay.io/jetstack/cert-manager-csi-driver:v0.14.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-csi-driver:0.14
quay.io/jetstack/csi-node-driver-registrar:v2.16.0
Patched
15418
ghcr.io/verity-org/jetstack/csi-node-driver-registrar:v2.16.0
quay.io/jetstack/livenessprobe:v2.18.0
Patched
15418
ghcr.io/verity-org/jetstack/livenessprobe:v2.18.0
descheduler
v0.35.1 0 CVE 2 overrides helm install descheduler oci://ghcr.io/verity-org/charts/descheduler --version 0.35.1
Original Type CVEs Patched Reference
registry.k8s.io/descheduler/descheduler:v0.35.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/descheduler:0.35
image
prometheus-blackbox-exporter
v11.10.0 0 CVE 3 overrides helm install prometheus-blackbox-exporter oci://ghcr.io/verity-org/charts/prometheus-blackbox-exporter --version 11.10.0
Original Type CVEs Patched Reference
quay.io/prometheus/blackbox-exporter:v0.28.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/blackbox-exporter:0.28.0
image
global.imageRegistry
cilium
v1.19.4 0 CVE 5 overrides helm install cilium oci://ghcr.io/verity-org/charts/cilium --version 1.19.4
Original Type CVEs Patched Reference
quay.io/cilium/cilium:v1.19.4
Wolfi-Based
0 CVE
ghcr.io/verity-org/cilium:1.19
quay.io/cilium/cilium-envoy:v1.36.6-1778235340-b87d1e32f522b33bd51701c6476d199326f01496
Patched
0 CVE
quay.io/cilium/cilium-envoy:v1.36.6-1778235340-b87d1e32f522b33bd51701c6476d199326f01496
quay.io/cilium/operator-generic:v1.19.4
Patched
0 CVE
ghcr.io/verity-org/cilium/operator-generic:v1.19.4
preflight.image
preflight.envoy.image
oauth2-proxy
v10.4.3 0 CVE 3 overrides helm install oauth2-proxy oci://ghcr.io/verity-org/charts/oauth2-proxy --version 10.4.3
Original Type CVEs Patched Reference
quay.io/oauth2-proxy/oauth2-proxy:v7.15.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/oauth2-proxy:7.15.2
image
global.imageRegistry
influxdb2
v2.1.2 0 CVE 2 overrides helm install influxdb2 oci://ghcr.io/verity-org/charts/influxdb2 --version 2.1.2
Original Type CVEs Patched Reference
influxdb:2.7.4-alpine
Wolfi-Based
0 CVE
ghcr.io/verity-org/influxdb:2.7
image
prometheus-nginx-exporter
v1.22.0 0 CVE 2 overrides helm install prometheus-nginx-exporter oci://ghcr.io/verity-org/charts/prometheus-nginx-exporter --version 1.22.0
Original Type CVEs Patched Reference
nginx/nginx-prometheus-exporter:1.5.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/nginx-prometheus-exporter:1.5.1
image
fluent-bit
v0.57.5 0 CVE 2 overrides helm install fluent-bit oci://ghcr.io/verity-org/charts/fluent-bit --version 0.57.5
Original Type CVEs Patched Reference
cr.fluentbit.io/fluent/fluent-bit:5.0.5
Wolfi-Based
0 CVE
ghcr.io/verity-org/fluent-bit:4.2
image
cluster-autoscaler
v9.57.0 0 CVE 2 overrides helm install cluster-autoscaler oci://ghcr.io/verity-org/charts/cluster-autoscaler --version 9.57.0
Original Type CVEs Patched Reference
registry.k8s.io/autoscaling/cluster-autoscaler:v1.35.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/cluster-autoscaler:1.35
image
nfs-subdir-external-provisioner
v4.0.18 0 CVE 2 overrides helm install nfs-subdir-external-provisioner oci://ghcr.io/verity-org/charts/nfs-subdir-external-provisioner --version 4.0.18
Original Type CVEs Patched Reference
registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/nfs-subdir-external-provisioner:4
image
workload-identity-webhook
v1.5.1 0 CVE 1 override helm install workload-identity-webhook oci://ghcr.io/verity-org/charts/workload-identity-webhook --version 1.5.1
Original Type CVEs Patched Reference
mcr.microsoft.com/oss/azure/workload-identity/webhook:v1.5.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/azure-workload-identity-webhook:1
Charts generated daily at 04:00 UTC. Powered by Verity chart-gen.