Skip to main content

Helm Charts

Pre-patched wrapper Helm charts that override upstream image references with Verity's security-patched equivalents. Install a chart and every container image is already patched.

53
Charts
154
Image Overrides
810
Open CVEs
OCI
Registry

How it works

1. Wrapper chart

A thin Helm chart that declares the original chart as a dependency and overrides values.yaml to point image references at patched versions.

2. OCI registry

Wrapper charts are pushed tooci://ghcr.io/verity-org/charts and can be installed directly via helm install.

3. Drop-in replace

Install the wrapper chart instead of the original. Helm resolves the dependency and applies all patched image overrides automatically.

Available Charts

prometheus

v29.14.00 CVE11 overrides
                    helm install prometheus oci://ghcr.io/verity-org/charts/prometheus --version 29.14.0
                  
registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.19.1
Patched
0 CVE
ghcr.io/verity-org/kube-state-metrics:2.18.0
quay.io/prometheus/pushgateway:v1.11.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/pushgateway:1.11
quay.io/prometheus/node-exporter:v1.11.1
Patched
0 CVE
ghcr.io/verity-org/prometheus/node-exporter:v1.11.1
quay.io/prometheus-operator/prometheus-config-reloader:v0.92.1
Patched
0 CVE
ghcr.io/verity-org/prometheus-operator/prometheus-config-reloader:v0.92.1
kube-state-metrics.image
prometheus-pushgateway.image
prometheus-node-exporter.image
alertmanager.configmapReload.image
kube-state-metrics.global.imageRegistry
prometheus-node-exporter.global.imageRegistry
prometheus-pushgateway.global.imageRegistry

victoria-logs-single

v0.13.80 CVE0 overrides
                    helm install victoria-logs-single oci://ghcr.io/verity-org/charts/victoria-logs-single --version 0.13.8
                  

postgres-operator

v1.15.10 CVE2 overrides
                    helm install postgres-operator oci://ghcr.io/verity-org/charts/postgres-operator --version 1.15.1
                  
ghcr.io/zalando/postgres-operator:v1.15.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/postgres-operator:1.15
image

argo-cd

v10.1.20 CVE4 overrides
                    helm install argo-cd oci://ghcr.io/verity-org/charts/argo-cd --version 10.1.2
                  
quay.io/argoproj/argocd:v3.4.4
Wolfi-Based
0 CVE
ghcr.io/verity-org/argocd:3.3
ghcr.io/dexidp/dex:v2.45.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/dex:2
global.image
dex.image

dex

v0.24.10 CVE2 overrides
                    helm install dex oci://ghcr.io/verity-org/charts/dex --version 0.24.1
                  
ghcr.io/dexidp/dex:v2.44.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/dex:2
image

metrics-server

v3.13.10 CVE2 overrides
                    helm install metrics-server oci://ghcr.io/verity-org/charts/metrics-server --version 3.13.1
                  
registry.k8s.io/metrics-server/metrics-server:v0.8.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/metrics-server:0.8
image

opensearch

v3.7.00 CVE2 overrides
                    helm install opensearch oci://ghcr.io/verity-org/charts/opensearch --version 3.7.0
                  
opensearchproject/opensearch:3.7.0
Patched
0 CVE
ghcr.io/verity-org/opensearch:3
image

opensearch-dashboards

v3.7.00 CVE2 overrides
                    helm install opensearch-dashboards oci://ghcr.io/verity-org/charts/opensearch-dashboards --version 3.7.0
                  
opensearchproject/opensearch-dashboards:3.7.0
Patched
0 CVE
ghcr.io/verity-org/opensearch-dashboards:3
image

rabbitmq-cluster-operator

v0.3.30 CVE7 overrides
                    helm install rabbitmq-cluster-operator oci://ghcr.io/verity-org/charts/rabbitmq-cluster-operator --version 0.3.3
                  
ghcr.io/rabbitmq/cluster-operator:2.21.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/rabbitmq-cluster-operator:2
ghcr.io/rabbitmq/default-user-credential-updater:1.0.14
Patched
0 CVE
ghcr.io/verity-org/rabbitmq/default-user-credential-updater:1.0.14
ghcr.io/rabbitmq/messaging-topology-operator:1.19.2
Patched
0 CVE
ghcr.io/verity-org/rabbitmq/messaging-topology-operator:1.19.2
clusterOperator.image
credentialUpdaterImage
msgTopologyOperator.image
global.imageRegistry

external-dns

v1.21.10 CVE2 overrides
                    helm install external-dns oci://ghcr.io/verity-org/charts/external-dns --version 1.21.1
                  
registry.k8s.io/external-dns/external-dns:v0.21.0
Patched
0 CVE
ghcr.io/verity-org/external-dns:0.18
image

consul

v2.0.1
21128
2 overrides
                    helm install consul oci://ghcr.io/verity-org/charts/consul --version 2.0.1
                  
hashicorp/consul-k8s-control-plane:2.0.1
Patched
21128
ghcr.io/verity-org/hashicorp/consul-k8s-control-plane:2.0.1
hashicorp/consul:2.0.1
Patched
0 CVE
ghcr.io/verity-org/hashicorp/consul:2.0.1

valkey

v0.23.00 CVE0 overrides
                    helm install valkey oci://ghcr.io/verity-org/charts/valkey --version 0.23.0
                  

etcd

v0.8.20 CVE3 overrides
                    helm install etcd oci://ghcr.io/verity-org/charts/etcd --version 0.8.2
                  
gcr.io/etcd-development/etcd:v3.6.12
Wolfi-Based
0 CVE
ghcr.io/verity-org/etcd:3.6
image
global.imageRegistry

velero

v12.1.00 CVE2 overrides
                    helm install velero oci://ghcr.io/verity-org/charts/velero --version 12.1.0
                  
docker.io/velero/velero:v1.18.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/velero:1.18.0
image

operator

v7.1.10 CVE2 overrides
                    helm install operator oci://ghcr.io/verity-org/charts/operator --version 7.1.1
                  
quay.io/minio/operator:v7.1.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/minio-operator:7.1.1
operator.image

loki

v7.0.00 CVE4 overrides
                    helm install loki oci://ghcr.io/verity-org/charts/loki --version 7.0.0
                  
docker.io/grafana/loki:3.6.7
Wolfi-Based
0 CVE
ghcr.io/verity-org/loki:3.6
docker.io/kiwigrid/k8s-sidecar:2.5.0
Patched
0 CVE
ghcr.io/verity-org/kiwigrid/k8s-sidecar:2.5.0
loki.image
sidecar.image

grafana

v10.5.150 CVE2 overrides
                    helm install grafana oci://ghcr.io/verity-org/charts/grafana --version 10.5.15
                  
docker.io/grafana/grafana:12.3.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/grafana:12.3
image

mimir-distributed

v6.1.00 CVE0 overrides
                    helm install mimir-distributed oci://ghcr.io/verity-org/charts/mimir-distributed --version 6.1.0
                  

tempo-distributed

v1.61.30 CVE2 overrides
                    helm install tempo-distributed oci://ghcr.io/verity-org/charts/tempo-distributed --version 1.61.3
                  
ghcr.io/grafana/tempo:2.9.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/tempo:2.10.0
tempo.image

argo-rollouts

v2.41.00 CVE2 overrides
                    helm install argo-rollouts oci://ghcr.io/verity-org/charts/argo-rollouts --version 2.41.0
                  
quay.io/argoproj/argo-rollouts:v1.9.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/argo-rollouts:1
controller.image

jenkins

v5.9.320 CVE4 overrides
                    helm install jenkins oci://ghcr.io/verity-org/charts/jenkins --version 5.9.32
                  
docker.io/jenkins/jenkins:2.555.3-jdk21
Patched
0 CVE
ghcr.io/verity-org/jenkins:2
docker.io/kiwigrid/k8s-sidecar:2.8.0
Patched
0 CVE
ghcr.io/verity-org/kiwigrid/k8s-sidecar:2.8.0
controller.image
controller.sidecars.configAutoReload.image

traefik

v41.0.20 CVE1 override
                    helm install traefik oci://ghcr.io/verity-org/charts/traefik --version 41.0.2
                  
ghcr.io/verity-org/traefik:3.7
Wolfi-Based
0 CVE
ghcr.io/verity-org/traefik:3.7

alloy

v1.10.00 CVE5 overrides
                    helm install alloy oci://ghcr.io/verity-org/charts/alloy --version 1.10.0
                  
docker.io/grafana/alloy:v1.17.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/grafana-alloy:1
quay.io/prometheus-operator/prometheus-config-reloader:v0.91.0
Patched
0 CVE
ghcr.io/verity-org/prometheus-operator/prometheus-config-reloader:v0.91.0
image
configReloader.image
global.image.registry

openbao

v0.28.40 CVE4 overrides
                    helm install openbao oci://ghcr.io/verity-org/charts/openbao --version 0.28.4
                  
docker.io/hashicorp/vault-k8s:1.7.2
Patched
0 CVE
docker.io/hashicorp/vault-k8s:1.7.2
quay.io/openbao/openbao:2.5.5
Patched
0 CVE
ghcr.io/verity-org/openbao:2
injector.image
csi.agent.image

airflow

v1.22.0
72313720332
4 overrides
                    helm install airflow oci://ghcr.io/verity-org/charts/airflow --version 1.22.0
                  
bitnamilegacy/postgresql:16.1.0-debian-11-r15
Patched
4147712615
ghcr.io/verity-org/bitnamilegacy/postgresql:16.1.0-debian-11-r15
redis:7.2-bookworm
Patched
39607717
ghcr.io/verity-org/redis:7.2-bookworm
postgresql.image
images.redis

gitea

v12.6.0
10299212320
1 override
                    helm install gitea oci://ghcr.io/verity-org/charts/gitea --version 12.6.0
                  
docker.io/bitnamilegacy/postgresql:17.6.0-debian-12-r4
Patched
10299212320
ghcr.io/verity-org/bitnamilegacy/postgresql:17.6.0-debian-12-r4

crossplane

v2.3.30 CVE2 overrides
                    helm install crossplane oci://ghcr.io/verity-org/charts/crossplane --version 2.3.3
                  
xpkg.crossplane.io/crossplane/crossplane:v2.3.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/crossplane:2
image

minio

v5.4.00 CVE2 overrides
                    helm install minio oci://ghcr.io/verity-org/charts/minio --version 5.4.0
                  
quay.io/minio/minio:RELEASE.2024-12-18T13-15-44Z
Wolfi-Based
0 CVE
ghcr.io/verity-org/minio:RELEASE
image

chartmuseum

v3.10.40 CVE2 overrides
                    helm install chartmuseum oci://ghcr.io/verity-org/charts/chartmuseum --version 3.10.4
                  
ghcr.io/helm/chartmuseum:v0.16.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/chartmuseum:0
image

trivy-operator

v0.33.20 CVE3 overrides
                    helm install trivy-operator oci://ghcr.io/verity-org/charts/trivy-operator --version 0.33.2
                  
mirror.gcr.io/aquasec/trivy-operator:0.31.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/trivy-operator:0
image
global.image.registry

victoria-metrics-single

v0.41.00 CVE2 overrides
                    helm install victoria-metrics-single oci://ghcr.io/verity-org/charts/victoria-metrics-single --version 0.41.0
                  
victoriametrics/victoria-metrics:v1.146.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/victoriametrics:1
server.image

meilisearch

v0.33.00 CVE2 overrides
                    helm install meilisearch oci://ghcr.io/verity-org/charts/meilisearch --version 0.33.0
                  
getmeili/meilisearch:v1.47.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/meilisearch:1
image

weaviate

v17.8.30 CVE2 overrides
                    helm install weaviate oci://ghcr.io/verity-org/charts/weaviate --version 17.8.3
                  
cr.weaviate.io/semitechnologies/weaviate:1.38.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/weaviate:1
docker.io/alpine:latest
Patched
0 CVE
ghcr.io/verity-org/alpine:latest

atlantis

v6.9.30 CVE2 overrides
                    helm install atlantis oci://ghcr.io/verity-org/charts/atlantis --version 6.9.3
                  
ghcr.io/runatlantis/atlantis:v0.46.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/atlantis:0
image

vault

v0.34.00 CVE4 overrides
                    helm install vault oci://ghcr.io/verity-org/charts/vault --version 0.34.0
                  
hashicorp/vault-k8s:1.7.5
Patched
0 CVE
docker.io/hashicorp/vault-k8s:1.7.5
hashicorp/vault:2.0.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/vault:1
injector.image
csi.agent.image

falco

v9.1.00 CVE4 overrides
                    helm install falco oci://ghcr.io/verity-org/charts/falco --version 9.1.0
                  
docker.io/falcosecurity/falcoctl:0.13.0
Patched
0 CVE
docker.io/falcosecurity/falcoctl:0.13.0
docker.io/falcosecurity/falco-driver-loader:0.44.1
Patched
0 CVE
docker.io/falcosecurity/falco-driver-loader:0.44.1
falcoctl.image
driver.loader.initContainer.image

nats

v2.14.20 CVE6 overrides
                    helm install nats oci://ghcr.io/verity-org/charts/nats --version 2.14.2
                  
natsio/nats-box:0.19.7
Patched
0 CVE
docker.io/natsio/nats-box:0.19.7
nats:2.14.2-alpine
Wolfi-Based
0 CVE
ghcr.io/verity-org/nats:2
natsio/nats-server-config-reloader:0.23.0
Patched
0 CVE
docker.io/natsio/nats-server-config-reloader:0.23.0
natsBox.container.image
container.image
reloader.image

contour

v0.6.00 CVE4 overrides
                    helm install contour oci://ghcr.io/verity-org/charts/contour --version 0.6.0
                  
ghcr.io/projectcontour/contour:v1.33.5
Wolfi-Based
0 CVE
ghcr.io/verity-org/contour:1.33.4
docker.io/envoyproxy/envoy:v1.35.10
Wolfi-Based
0 CVE
ghcr.io/verity-org/envoy:1.35
contour.image
envoy.image

aws-load-balancer-controller

v1.17.10 CVE2 overrides
                    helm install aws-load-balancer-controller oci://ghcr.io/verity-org/charts/aws-load-balancer-controller --version 1.17.1
                  
public.ecr.aws/eks/aws-load-balancer-controller:v2.17.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/aws-load-balancer-controller:2
image

descheduler

v0.36.00 CVE2 overrides
                    helm install descheduler oci://ghcr.io/verity-org/charts/descheduler --version 0.36.0
                  
registry.k8s.io/descheduler/descheduler:v0.36.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/descheduler:0.35
image

prometheus-blackbox-exporter

v11.15.10 CVE3 overrides
                    helm install prometheus-blackbox-exporter oci://ghcr.io/verity-org/charts/prometheus-blackbox-exporter --version 11.15.1
                  
quay.io/prometheus/blackbox-exporter:v0.28.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/blackbox-exporter:0.28.0
image
global.imageRegistry

oauth2-proxy

v10.7.00 CVE3 overrides
                    helm install oauth2-proxy oci://ghcr.io/verity-org/charts/oauth2-proxy --version 10.7.0
                  
quay.io/oauth2-proxy/oauth2-proxy:v7.15.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/oauth2-proxy:7.15.2
image
global.imageRegistry

influxdb2

v2.1.20 CVE2 overrides
                    helm install influxdb2 oci://ghcr.io/verity-org/charts/influxdb2 --version 2.1.2
                  
influxdb:2.7.4-alpine
Wolfi-Based
0 CVE
ghcr.io/verity-org/influxdb:2.7
image

prometheus-nginx-exporter

v1.22.50 CVE2 overrides
                    helm install prometheus-nginx-exporter oci://ghcr.io/verity-org/charts/prometheus-nginx-exporter --version 1.22.5
                  
nginx/nginx-prometheus-exporter:1.5.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/nginx-prometheus-exporter:1.5.1
image

fluent-bit

v0.57.90 CVE2 overrides
                    helm install fluent-bit oci://ghcr.io/verity-org/charts/fluent-bit --version 0.57.9
                  
cr.fluentbit.io/fluent/fluent-bit:5.0.9
Wolfi-Based
0 CVE
ghcr.io/verity-org/fluent-bit:4.2
image

cluster-autoscaler

v9.58.00 CVE2 overrides
                    helm install cluster-autoscaler oci://ghcr.io/verity-org/charts/cluster-autoscaler --version 9.58.0
                  
registry.k8s.io/autoscaling/cluster-autoscaler:v1.35.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/cluster-autoscaler:1.35
image

nfs-subdir-external-provisioner

v4.0.180 CVE2 overrides
                    helm install nfs-subdir-external-provisioner oci://ghcr.io/verity-org/charts/nfs-subdir-external-provisioner --version 4.0.18
                  
registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/nfs-subdir-external-provisioner:4
image

workload-identity-webhook

v1.6.00 CVE1 override
                    helm install workload-identity-webhook oci://ghcr.io/verity-org/charts/workload-identity-webhook --version 1.6.0
                  
mcr.microsoft.com/oss/v2/azure/workload-identity/webhook:v1.6.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/azure-workload-identity-webhook:1
Charts generated daily at 04:00 UTC. Powered by Verity chart-gen.