Helm Charts
Pre-patched wrapper Helm charts that override upstream image references with Verity's security-patched equivalents. Install a chart and every container image is already patched.
53
Charts
154
Image Overrides
810
Open CVEs
OCI
Registry
How it works
1. Wrapper chart
A thin Helm chart that declares the original chart as a dependency and overrides values.yaml to point image references at patched versions.
2. OCI registry
Wrapper charts are pushed tooci://ghcr.io/verity-org/charts and can be installed directly via helm install.
3. Drop-in replace
Install the wrapper chart instead of the original. Helm resolves the dependency and applies all patched image overrides automatically.
Available Charts
prometheus
v29.14.00 CVE11 overrides
helm install prometheus oci://ghcr.io/verity-org/charts/prometheus --version 29.14.0
OriginalTypeCVEsPatched Reference
registry.k8s.io/kube-state-metrics/kube-state-metrics:v2.19.1
Patched
0 CVE
ghcr.io/verity-org/kube-state-metrics:2.18.0
quay.io/prometheus/pushgateway:v1.11.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/pushgateway:1.11
quay.io/prometheus/node-exporter:v1.11.1
Patched
0 CVE
ghcr.io/verity-org/prometheus/node-exporter:v1.11.1
quay.io/prometheus-operator/prometheus-config-reloader:v0.92.1
Patched
0 CVE
ghcr.io/verity-org/prometheus-operator/prometheus-config-reloader:v0.92.1
kube-state-metrics.image
prometheus-pushgateway.image
prometheus-node-exporter.image
alertmanager.configmapReload.image
kube-state-metrics.global.imageRegistry
prometheus-node-exporter.global.imageRegistry
prometheus-pushgateway.global.imageRegistry
victoria-logs-single
v0.13.80 CVE0 overrides
helm install victoria-logs-single oci://ghcr.io/verity-org/charts/victoria-logs-single --version 0.13.8
OriginalTypeCVEsPatched Reference
postgres-operator
v1.15.10 CVE2 overrides
helm install postgres-operator oci://ghcr.io/verity-org/charts/postgres-operator --version 1.15.1
OriginalTypeCVEsPatched Reference
ghcr.io/zalando/postgres-operator:v1.15.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/postgres-operator:1.15
image
kyverno
v3.7.20 CVE12 overrides
helm install kyverno oci://ghcr.io/verity-org/charts/kyverno --version 3.7.2
OriginalTypeCVEsPatched Reference
reg.kyverno.io/kyverno/kyvernopre:v1.17.2
Patched
0 CVE
ghcr.io/verity-org/kyverno-kyvernopre:1.17
reg.kyverno.io/kyverno/kyverno:v1.17.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/kyverno:1.17
reg.kyverno.io/kyverno/background-controller:v1.17.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/kyverno-background-controller:1.17
reg.kyverno.io/kyverno/cleanup-controller:v1.17.2
Patched
0 CVE
ghcr.io/verity-org/kyverno-cleanup-controller:1.17
reg.kyverno.io/kyverno/reports-controller:v1.17.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/kyverno-reports-controller:1.17
ghcr.io/kyverno/readiness-checker:v0.1.0
Patched
0 CVE
ghcr.io/verity-org/kyverno-readiness-checker:1.17
admissionController.initContainer.image
admissionController.container.image
backgroundController.image
cleanupController.image
reportsController.image
test.image
argo-cd
v10.1.20 CVE4 overrides
helm install argo-cd oci://ghcr.io/verity-org/charts/argo-cd --version 10.1.2
OriginalTypeCVEsPatched Reference
quay.io/argoproj/argocd:v3.4.4
Wolfi-Based
0 CVE
ghcr.io/verity-org/argocd:3.3
ghcr.io/dexidp/dex:v2.45.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/dex:2
global.image
dex.image
dex
v0.24.10 CVE2 overrides
helm install dex oci://ghcr.io/verity-org/charts/dex --version 0.24.1
OriginalTypeCVEsPatched Reference
ghcr.io/dexidp/dex:v2.44.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/dex:2
image
metrics-server
v3.13.10 CVE2 overrides
helm install metrics-server oci://ghcr.io/verity-org/charts/metrics-server --version 3.13.1
OriginalTypeCVEsPatched Reference
registry.k8s.io/metrics-server/metrics-server:v0.8.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/metrics-server:0.8
image
opensearch
v3.7.00 CVE2 overrides
helm install opensearch oci://ghcr.io/verity-org/charts/opensearch --version 3.7.0
OriginalTypeCVEsPatched Reference
opensearchproject/opensearch:3.7.0
Patched
0 CVE
ghcr.io/verity-org/opensearch:3
image
opensearch-dashboards
v3.7.00 CVE2 overrides
helm install opensearch-dashboards oci://ghcr.io/verity-org/charts/opensearch-dashboards --version 3.7.0
OriginalTypeCVEsPatched Reference
opensearchproject/opensearch-dashboards:3.7.0
Patched
0 CVE
ghcr.io/verity-org/opensearch-dashboards:3
image
rabbitmq-cluster-operator
v0.3.30 CVE7 overrides
helm install rabbitmq-cluster-operator oci://ghcr.io/verity-org/charts/rabbitmq-cluster-operator --version 0.3.3
OriginalTypeCVEsPatched Reference
ghcr.io/rabbitmq/cluster-operator:2.21.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/rabbitmq-cluster-operator:2
ghcr.io/rabbitmq/default-user-credential-updater:1.0.14
Patched
0 CVE
ghcr.io/verity-org/rabbitmq/default-user-credential-updater:1.0.14
ghcr.io/rabbitmq/messaging-topology-operator:1.19.2
Patched
0 CVE
ghcr.io/verity-org/rabbitmq/messaging-topology-operator:1.19.2
clusterOperator.image
credentialUpdaterImage
msgTopologyOperator.image
global.imageRegistry
cert-manager
vv1.20.30 CVE3 overrides
helm install cert-manager oci://ghcr.io/verity-org/charts/cert-manager --version v1.20.3
OriginalTypeCVEsPatched Reference
quay.io/jetstack/cert-manager-cainjector:v1.20.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-cainjector:1.20.2
quay.io/jetstack/cert-manager-controller:v1.20.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-controller:1.20.2
quay.io/jetstack/cert-manager-webhook:v1.20.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-webhook:1.20.2
ingress-nginx
v4.15.11693
2 overrides
helm install ingress-nginx oci://ghcr.io/verity-org/charts/ingress-nginx --version 4.15.1
OriginalTypeCVEsPatched Reference
registry.k8s.io/ingress-nginx/controller:v1.15.1
Patched
0 CVE
ghcr.io/verity-org/kubernetes/ingress-nginx/controller:v1.15.1
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.9
Patched
1693
ghcr.io/verity-org/kubernetes/ingress-nginx/kube-webhook-certgen:v1.6.9
external-dns
v1.21.10 CVE2 overrides
helm install external-dns oci://ghcr.io/verity-org/charts/external-dns --version 1.21.1
OriginalTypeCVEsPatched Reference
registry.k8s.io/external-dns/external-dns:v0.21.0
Patched
0 CVE
ghcr.io/verity-org/external-dns:0.18
image
consul
v2.0.121128
2 overrides
helm install consul oci://ghcr.io/verity-org/charts/consul --version 2.0.1
OriginalTypeCVEsPatched Reference
hashicorp/consul-k8s-control-plane:2.0.1
Patched
21128
ghcr.io/verity-org/hashicorp/consul-k8s-control-plane:2.0.1
hashicorp/consul:2.0.1
Patched
0 CVE
ghcr.io/verity-org/hashicorp/consul:2.0.1
valkey
v0.23.00 CVE0 overrides
helm install valkey oci://ghcr.io/verity-org/charts/valkey --version 0.23.0
OriginalTypeCVEsPatched Reference
etcd
v0.8.20 CVE3 overrides
helm install etcd oci://ghcr.io/verity-org/charts/etcd --version 0.8.2
OriginalTypeCVEsPatched Reference
gcr.io/etcd-development/etcd:v3.6.12
Wolfi-Based
0 CVE
ghcr.io/verity-org/etcd:3.6
image
global.imageRegistry
velero
v12.1.00 CVE2 overrides
helm install velero oci://ghcr.io/verity-org/charts/velero --version 12.1.0
OriginalTypeCVEsPatched Reference
docker.io/velero/velero:v1.18.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/velero:1.18.0
image
operator
v7.1.10 CVE2 overrides
helm install operator oci://ghcr.io/verity-org/charts/operator --version 7.1.1
OriginalTypeCVEsPatched Reference
quay.io/minio/operator:v7.1.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/minio-operator:7.1.1
operator.image
loki
v7.0.00 CVE4 overrides
helm install loki oci://ghcr.io/verity-org/charts/loki --version 7.0.0
OriginalTypeCVEsPatched Reference
docker.io/grafana/loki:3.6.7
Wolfi-Based
0 CVE
ghcr.io/verity-org/loki:3.6
docker.io/kiwigrid/k8s-sidecar:2.5.0
Patched
0 CVE
ghcr.io/verity-org/kiwigrid/k8s-sidecar:2.5.0
loki.image
sidecar.image
grafana
v10.5.150 CVE2 overrides
helm install grafana oci://ghcr.io/verity-org/charts/grafana --version 10.5.15
OriginalTypeCVEsPatched Reference
docker.io/grafana/grafana:12.3.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/grafana:12.3
image
mimir-distributed
v6.1.00 CVE0 overrides
helm install mimir-distributed oci://ghcr.io/verity-org/charts/mimir-distributed --version 6.1.0
OriginalTypeCVEsPatched Reference
tempo-distributed
v1.61.30 CVE2 overrides
helm install tempo-distributed oci://ghcr.io/verity-org/charts/tempo-distributed --version 1.61.3
OriginalTypeCVEsPatched Reference
ghcr.io/grafana/tempo:2.9.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/tempo:2.10.0
tempo.image
argo-rollouts
v2.41.00 CVE2 overrides
helm install argo-rollouts oci://ghcr.io/verity-org/charts/argo-rollouts --version 2.41.0
OriginalTypeCVEsPatched Reference
quay.io/argoproj/argo-rollouts:v1.9.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/argo-rollouts:1
controller.image
jenkins
v5.9.320 CVE4 overrides
helm install jenkins oci://ghcr.io/verity-org/charts/jenkins --version 5.9.32
OriginalTypeCVEsPatched Reference
docker.io/jenkins/jenkins:2.555.3-jdk21
Patched
0 CVE
ghcr.io/verity-org/jenkins:2
docker.io/kiwigrid/k8s-sidecar:2.8.0
Patched
0 CVE
ghcr.io/verity-org/kiwigrid/k8s-sidecar:2.8.0
controller.image
controller.sidecars.configAutoReload.image
traefik
v41.0.20 CVE1 override
helm install traefik oci://ghcr.io/verity-org/charts/traefik --version 41.0.2
OriginalTypeCVEsPatched Reference
ghcr.io/verity-org/traefik:3.7
Wolfi-Based
0 CVE
ghcr.io/verity-org/traefik:3.7
alloy
v1.10.00 CVE5 overrides
helm install alloy oci://ghcr.io/verity-org/charts/alloy --version 1.10.0
OriginalTypeCVEsPatched Reference
docker.io/grafana/alloy:v1.17.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/grafana-alloy:1
quay.io/prometheus-operator/prometheus-config-reloader:v0.91.0
Patched
0 CVE
ghcr.io/verity-org/prometheus-operator/prometheus-config-reloader:v0.91.0
image
configReloader.image
global.image.registry
openbao
v0.28.40 CVE4 overrides
helm install openbao oci://ghcr.io/verity-org/charts/openbao --version 0.28.4
OriginalTypeCVEsPatched Reference
docker.io/hashicorp/vault-k8s:1.7.2
Patched
0 CVE
docker.io/hashicorp/vault-k8s:1.7.2
quay.io/openbao/openbao:2.5.5
Patched
0 CVE
ghcr.io/verity-org/openbao:2
injector.image
csi.agent.image
airflow
v1.22.072313720332
4 overrides
helm install airflow oci://ghcr.io/verity-org/charts/airflow --version 1.22.0
OriginalTypeCVEsPatched Reference
bitnamilegacy/postgresql:16.1.0-debian-11-r15
Patched
4147712615
ghcr.io/verity-org/bitnamilegacy/postgresql:16.1.0-debian-11-r15
redis:7.2-bookworm
Patched
39607717
ghcr.io/verity-org/redis:7.2-bookworm
postgresql.image
images.redis
gitea
v12.6.010299212320
1 override
helm install gitea oci://ghcr.io/verity-org/charts/gitea --version 12.6.0
OriginalTypeCVEsPatched Reference
docker.io/bitnamilegacy/postgresql:17.6.0-debian-12-r4
Patched
10299212320
ghcr.io/verity-org/bitnamilegacy/postgresql:17.6.0-debian-12-r4
crossplane
v2.3.30 CVE2 overrides
helm install crossplane oci://ghcr.io/verity-org/charts/crossplane --version 2.3.3
OriginalTypeCVEsPatched Reference
xpkg.crossplane.io/crossplane/crossplane:v2.3.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/crossplane:2
image
minio
v5.4.00 CVE2 overrides
helm install minio oci://ghcr.io/verity-org/charts/minio --version 5.4.0
OriginalTypeCVEsPatched Reference
quay.io/minio/minio:RELEASE.2024-12-18T13-15-44Z
Wolfi-Based
0 CVE
ghcr.io/verity-org/minio:RELEASE
image
chartmuseum
v3.10.40 CVE2 overrides
helm install chartmuseum oci://ghcr.io/verity-org/charts/chartmuseum --version 3.10.4
OriginalTypeCVEsPatched Reference
ghcr.io/helm/chartmuseum:v0.16.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/chartmuseum:0
image
trivy-operator
v0.33.20 CVE3 overrides
helm install trivy-operator oci://ghcr.io/verity-org/charts/trivy-operator --version 0.33.2
OriginalTypeCVEsPatched Reference
mirror.gcr.io/aquasec/trivy-operator:0.31.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/trivy-operator:0
image
global.image.registry
victoria-metrics-single
v0.41.00 CVE2 overrides
helm install victoria-metrics-single oci://ghcr.io/verity-org/charts/victoria-metrics-single --version 0.41.0
OriginalTypeCVEsPatched Reference
victoriametrics/victoria-metrics:v1.146.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/victoriametrics:1
server.image
meilisearch
v0.33.00 CVE2 overrides
helm install meilisearch oci://ghcr.io/verity-org/charts/meilisearch --version 0.33.0
OriginalTypeCVEsPatched Reference
getmeili/meilisearch:v1.47.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/meilisearch:1
image
weaviate
v17.8.30 CVE2 overrides
helm install weaviate oci://ghcr.io/verity-org/charts/weaviate --version 17.8.3
OriginalTypeCVEsPatched Reference
cr.weaviate.io/semitechnologies/weaviate:1.38.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/weaviate:1
docker.io/alpine:latest
Patched
0 CVE
ghcr.io/verity-org/alpine:latest
atlantis
v6.9.30 CVE2 overrides
helm install atlantis oci://ghcr.io/verity-org/charts/atlantis --version 6.9.3
OriginalTypeCVEsPatched Reference
ghcr.io/runatlantis/atlantis:v0.46.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/atlantis:0
image
vault
v0.34.00 CVE4 overrides
helm install vault oci://ghcr.io/verity-org/charts/vault --version 0.34.0
OriginalTypeCVEsPatched Reference
hashicorp/vault-k8s:1.7.5
Patched
0 CVE
docker.io/hashicorp/vault-k8s:1.7.5
hashicorp/vault:2.0.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/vault:1
injector.image
csi.agent.image
falco
v9.1.00 CVE4 overrides
helm install falco oci://ghcr.io/verity-org/charts/falco --version 9.1.0
OriginalTypeCVEsPatched Reference
docker.io/falcosecurity/falcoctl:0.13.0
Patched
0 CVE
docker.io/falcosecurity/falcoctl:0.13.0
docker.io/falcosecurity/falco-driver-loader:0.44.1
Patched
0 CVE
docker.io/falcosecurity/falco-driver-loader:0.44.1
falcoctl.image
driver.loader.initContainer.image
nats
v2.14.20 CVE6 overrides
helm install nats oci://ghcr.io/verity-org/charts/nats --version 2.14.2
OriginalTypeCVEsPatched Reference
natsio/nats-box:0.19.7
Patched
0 CVE
docker.io/natsio/nats-box:0.19.7
nats:2.14.2-alpine
Wolfi-Based
0 CVE
ghcr.io/verity-org/nats:2
natsio/nats-server-config-reloader:0.23.0
Patched
0 CVE
docker.io/natsio/nats-server-config-reloader:0.23.0
natsBox.container.image
container.image
reloader.image
contour
v0.6.00 CVE4 overrides
helm install contour oci://ghcr.io/verity-org/charts/contour --version 0.6.0
OriginalTypeCVEsPatched Reference
ghcr.io/projectcontour/contour:v1.33.5
Wolfi-Based
0 CVE
ghcr.io/verity-org/contour:1.33.4
docker.io/envoyproxy/envoy:v1.35.10
Wolfi-Based
0 CVE
ghcr.io/verity-org/envoy:1.35
contour.image
envoy.image
aws-load-balancer-controller
v1.17.10 CVE2 overrides
helm install aws-load-balancer-controller oci://ghcr.io/verity-org/charts/aws-load-balancer-controller --version 1.17.1
OriginalTypeCVEsPatched Reference
public.ecr.aws/eks/aws-load-balancer-controller:v2.17.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/aws-load-balancer-controller:2
image
cert-manager-csi-driver
vv0.15.02322226
4 overrides
helm install cert-manager-csi-driver oci://ghcr.io/verity-org/charts/cert-manager-csi-driver --version v0.15.0
OriginalTypeCVEsPatched Reference
quay.io/jetstack/cert-manager-csi-driver:v0.15.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/cert-manager-csi-driver:0.15
quay.io/jetstack/csi-node-driver-registrar:v2.16.0
Patched
1161113
ghcr.io/verity-org/jetstack/csi-node-driver-registrar:v2.16.0
quay.io/jetstack/livenessprobe:v2.18.0
Patched
1161113
ghcr.io/verity-org/jetstack/livenessprobe:v2.18.0
image
descheduler
v0.36.00 CVE2 overrides
helm install descheduler oci://ghcr.io/verity-org/charts/descheduler --version 0.36.0
OriginalTypeCVEsPatched Reference
registry.k8s.io/descheduler/descheduler:v0.36.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/descheduler:0.35
image
prometheus-blackbox-exporter
v11.15.10 CVE3 overrides
helm install prometheus-blackbox-exporter oci://ghcr.io/verity-org/charts/prometheus-blackbox-exporter --version 11.15.1
OriginalTypeCVEsPatched Reference
quay.io/prometheus/blackbox-exporter:v0.28.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/blackbox-exporter:0.28.0
image
global.imageRegistry
cilium
v1.19.51
5 overrides
helm install cilium oci://ghcr.io/verity-org/charts/cilium --version 1.19.5
OriginalTypeCVEsPatched Reference
quay.io/cilium/cilium:v1.19.5
Patched
0 CVE
ghcr.io/verity-org/cilium:1.19
quay.io/cilium/cilium-envoy:v1.36.8-1781157951-a7f42a3390781539911b5b9107881b35ecc4e752
Patched
0 CVE
quay.io/cilium/cilium-envoy:v1.36.8-1781157951-a7f42a3390781539911b5b9107881b35ecc4e752
quay.io/cilium/operator-generic:v1.19.5
Patched
1
ghcr.io/verity-org/cilium/operator-generic:v1.19.5
preflight.image
preflight.envoy.image
oauth2-proxy
v10.7.00 CVE3 overrides
helm install oauth2-proxy oci://ghcr.io/verity-org/charts/oauth2-proxy --version 10.7.0
OriginalTypeCVEsPatched Reference
quay.io/oauth2-proxy/oauth2-proxy:v7.15.3
Wolfi-Based
0 CVE
ghcr.io/verity-org/oauth2-proxy:7.15.2
image
global.imageRegistry
influxdb2
v2.1.20 CVE2 overrides
helm install influxdb2 oci://ghcr.io/verity-org/charts/influxdb2 --version 2.1.2
OriginalTypeCVEsPatched Reference
influxdb:2.7.4-alpine
Wolfi-Based
0 CVE
ghcr.io/verity-org/influxdb:2.7
image
prometheus-nginx-exporter
v1.22.50 CVE2 overrides
helm install prometheus-nginx-exporter oci://ghcr.io/verity-org/charts/prometheus-nginx-exporter --version 1.22.5
OriginalTypeCVEsPatched Reference
nginx/nginx-prometheus-exporter:1.5.1
Wolfi-Based
0 CVE
ghcr.io/verity-org/nginx-prometheus-exporter:1.5.1
image
fluent-bit
v0.57.90 CVE2 overrides
helm install fluent-bit oci://ghcr.io/verity-org/charts/fluent-bit --version 0.57.9
OriginalTypeCVEsPatched Reference
cr.fluentbit.io/fluent/fluent-bit:5.0.9
Wolfi-Based
0 CVE
ghcr.io/verity-org/fluent-bit:4.2
image
cluster-autoscaler
v9.58.00 CVE2 overrides
helm install cluster-autoscaler oci://ghcr.io/verity-org/charts/cluster-autoscaler --version 9.58.0
OriginalTypeCVEsPatched Reference
registry.k8s.io/autoscaling/cluster-autoscaler:v1.35.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/cluster-autoscaler:1.35
image
nfs-subdir-external-provisioner
v4.0.180 CVE2 overrides
helm install nfs-subdir-external-provisioner oci://ghcr.io/verity-org/charts/nfs-subdir-external-provisioner --version 4.0.18
OriginalTypeCVEsPatched Reference
registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
Wolfi-Based
0 CVE
ghcr.io/verity-org/nfs-subdir-external-provisioner:4
image
workload-identity-webhook
v1.6.00 CVE1 override
helm install workload-identity-webhook oci://ghcr.io/verity-org/charts/workload-identity-webhook --version 1.6.0
OriginalTypeCVEsPatched Reference
mcr.microsoft.com/oss/v2/azure/workload-identity/webhook:v1.6.0
Wolfi-Based
0 CVE
ghcr.io/verity-org/azure-workload-identity-webhook:1
Charts generated daily at 04:00 UTC. Powered by Verity chart-gen.