clarify

Signed-off-by: Michael Crenshaw <350466+crenshaw-dev@users.noreply.github.com>
clarify
2026-02-26 04:28:46 +01:00 · 2022-11-30 18:17:58 -05:00 · 2022-11-30 18:17:23 -05:00 · 2022-11-30 18:16:03 -05:00 · 2022-11-30 17:24:08 -05:00 · 2022-11-30 18:44:01 +00:00
231 changed files with 13384 additions and 17157 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,18 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "daily"
+    ignore:
+    - dependency-name: k8s.io/*
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+
+  - package-ecosystem: "npm"
+    directory: "/ui/"
+    schedule:
+      interval: "daily"
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -27,9 +27,9 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Download all Go modules
@@ -45,13 +45,13 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -69,13 +69,13 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Run golangci-lint
-        uses: golangci/golangci-lint-action@v3
+        uses: golangci/golangci-lint-action@0ad9a0988b3973e851ab0a07adf248ec2e100376 # v3.3.1
        with:
          version: v1.46.2
          args: --timeout 10m --exclude SA5011 --verbose
@@ -92,11 +92,11 @@ jobs:
      - name: Create checkout directory
        run: mkdir -p ~/go/src/github.com/argoproj
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -116,7 +116,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -133,12 +133,12 @@ jobs:
      - name: Run all unit tests
        run: make test-local
      - name: Generate code coverage artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: code-coverage
          path: coverage.out
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: test-results
          path: test-results/
@@ -155,11 +155,11 @@ jobs:
      - name: Create checkout directory
        run: mkdir -p ~/go/src/github.com/argoproj
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Create symlink in GOPATH
        run: ln -s $(pwd) ~/go/src/github.com/argoproj/argo-cd
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Install required packages
@@ -179,7 +179,7 @@ jobs:
        run: |
          echo "/usr/local/bin" >> $GITHUB_PATH
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -196,7 +196,7 @@ jobs:
      - name: Run all unit tests
        run: make test-race-local
      - name: Generate test results artifacts
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: race-results
          path: test-results/
@@ -206,9 +206,9 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: Create symlink in GOPATH
@@ -250,14 +250,14 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Setup NodeJS
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@8c91899e586c5b171469028077307d293428b516 # v3.5.1
        with:
          node-version: '12.18.4'
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -287,12 +287,12 @@ jobs:
      sonar_secret: ${{ secrets.SONAR_TOKEN }}
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
        with:
          fetch-depth: 0
      - name: Restore node dependency cache
        id: cache-dependencies
-        uses: actions/cache@v1
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ui/node_modules
          key: ${{ runner.os }}-node-dep-v2-${{ hashFiles('**/yarn.lock') }}
@@ -303,16 +303,16 @@ jobs:
        run: |
          mkdir -p test-results
      - name: Get code coverage artifiact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
        with:
          name: code-coverage
      - name: Get test result artifact
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@9782bd6a9848b53b110e712e20e42d89988822b7 # v3.0.1
        with:
          name: test-results
          path: test-results
      - name: Upload code coverage information to codecov.io
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # v3.1.1
        with:
          file: coverage.out
      - name: Perform static code analysis using SonarCloud
@@ -366,9 +366,9 @@ jobs:
      GITLAB_TOKEN: ${{ secrets.E2E_TEST_GITLAB_TOKEN }}  
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
      - name: GH actions workaround - Kill XSP4 process
@@ -386,7 +386,7 @@ jobs:
          sudo chown runner $HOME/.kube/config
          kubectl version
      - name: Restore go build cache
-        uses: actions/cache@v1
+        uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 # v3.0.11
        with:
          path: ~/.cache/go-build
          key: ${{ runner.os }}-go-build-v1-${{ github.run_id }}
@@ -412,7 +412,7 @@ jobs:
          git config --global user.email "john.doe@example.com"
      - name: Pull Docker image required for tests
        run: |
-          docker pull ghcr.io/dexidp/dex:v2.35.3-distroless
+          docker pull ghcr.io/dexidp/dex:v2.35.3
          docker pull argoproj/argo-cd-ci-builder:v1.0.0
          docker pull redis:7.0.5-alpine
      - name: Create target directory for binaries in the build-process
@@ -442,7 +442,7 @@ jobs:
          set -x
          make test-e2e-local
      - name: Upload e2e-server logs
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # v3.1.1
        with:
          name: e2e-server-k8s${{ matrix.k3s-version }}.log
          path: /tmp/e2e-server.log
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -29,11 +29,11 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
      
    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
      # Override language selection by uncommenting this and choosing your languages
      # with:
      #   languages: go, javascript, csharp, python, cpp, java
@@ -41,7 +41,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -55,4 +55,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@8aff97f12c99086bdb92ff62ae06dbbcdf07941b # v2.1.33
--- a/.github/workflows/image.yaml
+++ b/.github/workflows/image.yaml
@@ -23,37 +23,38 @@ jobs:
  publish:
    permissions:
      contents: write  # for git to push upgrade commit if not already deployed
+      packages: write  # for pushing packages to GHCR, which is used by cd.apps.argoproj.io to avoid polluting Quay with tags
    if: github.repository == 'argoproj/argo-cd'
    runs-on: ubuntu-22.04
    env:
      GOPATH: /home/runner/work/argo-cd/argo-cd
    steps:
-      - uses: actions/setup-go@v3
+      - uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}
-      - uses: actions/checkout@master
+      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
        with:
          path: src/github.com/argoproj/argo-cd

      # get image tag
-      - run: echo ::set-output name=tag::$(cat ./VERSION)-${GITHUB_SHA::8}
+      - run: echo "tag=$(cat ./VERSION)-${GITHUB_SHA::8}" >> $GITHUB_OUTPUT
        working-directory: ./src/github.com/argoproj/argo-cd
        id: image

      # login
      - run: |
-          docker login ghcr.io --username $USERNAME --password $PASSWORD
-          docker login quay.io --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker login ghcr.io --username $USERNAME --password-stdin <<< "$PASSWORD"
+          docker login quay.io --username "$DOCKER_USERNAME" --password-stdin <<< "$DOCKER_TOKEN"
        if: github.event_name == 'push'
        env:
-          USERNAME: ${{ secrets.USERNAME }}
-          PASSWORD: ${{ secrets.TOKEN }}
+          USERNAME: ${{ github.actor }}
+          PASSWORD: ${{ secrets.GITHUB_TOKEN }}
          DOCKER_USERNAME: ${{ secrets.RELEASE_QUAY_USERNAME }}
          DOCKER_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}

      # build
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
      - run: |
          IMAGE_PLATFORMS=linux/amd64
          if [[ "${{ github.event_name }}" == "push" || "${{ contains(github.event.pull_request.labels.*.name, 'test-arm-image') }}" == "true" ]]
@@ -62,13 +63,13 @@ jobs:
          fi
          echo "Building image for platforms: $IMAGE_PLATFORMS"
          docker buildx build --platform $IMAGE_PLATFORMS --push="${{ github.event_name == 'push' }}" \
-            -t ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }} \
+            -t ghcr.io/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }} \
            -t quay.io/argoproj/argocd:latest .
        working-directory: ./src/github.com/argoproj/argo-cd

      # sign container images
      - name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
        with:
          cosign-release: 'v1.13.0'

@@ -88,7 +89,7 @@ jobs:
        env:
          TOKEN: ${{ secrets.TOKEN }}
      - run: |
-          docker run -u $(id -u):$(id -g) -v $(pwd):/src -w /src --rm -t ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }} kustomize edit set image quay.io/argoproj/argocd=ghcr.io/argoproj/argocd:${{ steps.image.outputs.tag }}
+          docker run -u $(id -u):$(id -g) -v $(pwd):/src -w /src --rm -t ghcr.io/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }} kustomize edit set image quay.io/argoproj/argocd=ghcr.io/argoproj/argo-cd/argocd:${{ steps.image.outputs.tag }}
          git config --global user.email 'ci@argoproj.com'
          git config --global user.name 'CI'
          git diff --exit-code && echo 'Already deployed' || (git commit -am 'Upgrade argocd to ${{ steps.image.outputs.tag }}' && git push)
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -43,7 +43,7 @@ jobs:
      GIT_EMAIL: argoproj@gmail.com
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
        with:
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}
@@ -147,7 +147,7 @@ jobs:
          echo "RELEASE_NOTES=${RELEASE_NOTES}" >> $GITHUB_ENV

      - name: Setup Golang
-        uses: actions/setup-go@v3
+        uses: actions/setup-go@c4a742cab115ed795e34d4513e2cf7d472deb55f # v3.3.1
        with:
          go-version: ${{ env.GOLANG_VERSION }}

@@ -195,13 +195,13 @@ jobs:
          QUAY_TOKEN: ${{ secrets.RELEASE_QUAY_TOKEN }}
        run: |
          set -ue
-          docker login quay.io --username "${QUAY_USERNAME}" --password "${QUAY_TOKEN}"
+          docker login quay.io --username "${QUAY_USERNAME}" --password-stdin <<< "${QUAY_TOKEN}"
          # Remove the following when Docker Hub is gone
-          docker login --username "${DOCKER_USERNAME}" --password "${DOCKER_TOKEN}"
+          docker login --username "${DOCKER_USERNAME}" --password-stdin <<< "${DOCKER_TOKEN}"
        if: ${{ env.DRY_RUN != 'true' }}

-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
+      - uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # v2.1.0
+      - uses: docker/setup-buildx-action@8c0edbc76e98fa90f69d9a2c020dcb50019dc325 # v2.2.1
      - name: Build and push Docker image for release
        run: |
          set -ue
@@ -215,7 +215,7 @@ jobs:
        if: ${{ env.DRY_RUN != 'true' }}

      - name: Install cosign
-        uses: sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@9becc617647dfa20ae7b1151972e9b3a2c338a2b # v2.8.1
        with:
          cosign-release: 'v1.13.0'

@@ -232,7 +232,7 @@ jobs:

      - name: Read release notes file
        id: release-notes
-        uses: juliangruber/read-file-action@v1
+        uses: juliangruber/read-file-action@02bbba9876a8f870efd4ad64e3b9088d3fb94d4b # v1.1.6
        with:
          path: ${{ env.RELEASE_NOTES }}

@@ -243,7 +243,7 @@ jobs:
          git push origin ${RELEASE_TAG}

      - name: Dry run GitHub release
-        uses: actions/create-release@v1
+        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e # v1.1.4
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        id: create_release
@@ -295,7 +295,7 @@ jobs:
        if: ${{ env.DRY_RUN != 'true' }}

      - name: Create GitHub release
-        uses: softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@1e07f4398721186383de40550babbdf2b84acfc5 # v0.1.14
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
@@ -303,7 +303,6 @@ jobs:
          tag_name: ${{ env.RELEASE_TAG }}
          draft: ${{ env.DRAFT_RELEASE }}
          prerelease: ${{ env.PRE_RELEASE }}
-          generate_release_notes: true
          body: ${{ steps.release-notes.outputs.content }}  # Pre-pended to the generated notes
          files: |
            dist/argocd-*
@@ -314,7 +313,7 @@ jobs:
      - name: Update homebrew formula
        env:
          HOMEBREW_TOKEN: ${{ secrets.RELEASE_HOMEBREW_TOKEN }}
-        uses: dawidd6/action-homebrew-bump-formula@v3
+        uses: dawidd6/action-homebrew-bump-formula@02e79d9da43d79efa846d73695b6052cbbdbf48a # v3.8.3
        with:
          token: ${{env.HOMEBREW_TOKEN}}
          formula: argocd
--- a/.github/workflows/update-snyk.yaml
+++ b/.github/workflows/update-snyk.yaml
@@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
      - name: Build reports
--- a/4
+++ b/4
@@ -512,7 +512,7 @@ build-docs-local:

 .PHONY: build-docs
 build-docs:
-	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} build
+	docker run ${MKDOCS_RUN_ARGS} --rm -it -v ${CURRENT_DIR}:/docs --entrypoint "" ${MKDOCS_DOCKER_IMAGE} sh -c 'pip install -r docs/requirements.txt; mkdocs build'

 .PHONY: serve-docs-local
 serve-docs-local:
@@ -520,7 +520,7 @@ serve-docs-local:

 .PHONY: serve-docs
 serve-docs:
-	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}:/docs ${MKDOCS_DOCKER_IMAGE} serve -a 0.0.0.0:8000
+	docker run ${MKDOCS_RUN_ARGS} --rm -it -p 8000:8000 -v ${CURRENT_DIR}/site:/site -w /site --entrypoint "" ${MKDOCS_DOCKER_IMAGE} python3 -m http.server --bind 0.0.0.0 8000


 # Verify that kubectl can connect to your K8s cluster from Docker
--- a/2
+++ b/2
@@ -27,3 +27,5 @@ reviewers:
 - wanghong230
 - ciiay
 - saumeya
+- zachaller
+- 34fathombelow
--- a/README.md
+++ b/README.md
@@ -43,7 +43,6 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 ### Blogs and Presentations

 1. [Awesome-Argo: A Curated List of Awesome Projects and Resources Related to Argo](https://github.com/terrytangyuan/awesome-argo)
-1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://blog.akuity.io/unveil-the-secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argo-cd-7c5b4057ee49)
 1. [GitOps Without Pipelines With ArgoCD Image Updater](https://youtu.be/avPUQin9kzU)
 1. [Combining Argo CD (GitOps), Crossplane (Control Plane), And KubeVela (OAM)](https://youtu.be/eEcgn_gU3SM)
 1. [How to Apply GitOps to Everything - Combining Argo CD and Crossplane](https://youtu.be/yrj4lmScKHQ)
@@ -51,10 +50,8 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 1. [Automation of Everything - How To Combine Argo Events, Workflows & Pipelines, CD, and Rollouts](https://youtu.be/XNXJtxkUKeY)
 1. [Environments Based On Pull Requests (PRs): Using Argo CD To Apply GitOps Principles On Previews](https://youtu.be/cpAaI8p4R60)
 1. [Argo CD: Applying GitOps Principles To Manage Production Environment In Kubernetes](https://youtu.be/vpWQeoaiRM4)
-1. [Creating Temporary Preview Environments Based On Pull Requests With Argo CD And Codefresh](https://codefresh.io/continuous-deployment/creating-temporary-preview-environments-based-pull-requests-argo-cd-codefresh/)
 1. [Tutorial: Everything You Need To Become A GitOps Ninja](https://www.youtube.com/watch?v=r50tRQjisxw) 90m tutorial on GitOps and Argo CD.
 1. [Comparison of Argo CD, Spinnaker, Jenkins X, and Tekton](https://www.inovex.de/blog/spinnaker-vs-argo-cd-vs-tekton-vs-jenkins-x/)
-1. [Simplify and Automate Deployments Using GitOps with IBM Multicloud Manager 3.1.2](https://www.ibm.com/cloud/blog/simplify-and-automate-deployments-using-gitops-with-ibm-multicloud-manager-3-1-2)
 1. [GitOps for Kubeflow using Argo CD](https://v0-6.kubeflow.org/docs/use-cases/gitops-for-kubeflow/)
 1. [GitOps Toolsets on Kubernetes with CircleCI and Argo CD](https://www.digitalocean.com/community/tutorials/webinar-series-gitops-tool-sets-on-kubernetes-with-circleci-and-argo-cd)
 1. [CI/CD in Light Speed with K8s and Argo CD](https://www.youtube.com/watch?v=OdzH82VpMwI&feature=youtu.be)
@@ -63,7 +60,6 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 1. [Introduction to Argo CD : Kubernetes DevOps CI/CD](https://www.youtube.com/watch?v=2WSJF7d8dUg&feature=youtu.be)
 1. [GitOps Deployment and Kubernetes - using Argo CD](https://medium.com/riskified-technology/gitops-deployment-and-kubernetes-f1ab289efa4b)
 1. [Deploy Argo CD with Ingress and TLS in Three Steps: No YAML Yak Shaving Required](https://itnext.io/deploy-argo-cd-with-ingress-and-tls-in-three-steps-no-yaml-yak-shaving-required-bc536d401491)
-1. [GitOps Continuous Delivery with Argo and Codefresh](https://codefresh.io/events/cncf-member-webinar-gitops-continuous-delivery-argo-codefresh/)
 1. [Stay up to date with Argo CD and Renovate](https://mjpitz.com/blog/2020/12/03/renovate-your-gitops/)
 1. [Setting up Argo CD with Helm](https://www.arthurkoziel.com/setting-up-argocd-with-helm/)
 1. [Applied GitOps with Argo CD](https://thenewstack.io/applied-gitops-with-argocd/)
@@ -73,3 +69,10 @@ Participation in the Argo CD project is governed by the [CNCF Code of Conduct](h
 1. [Getting Started with ArgoCD for GitOps Deployments](https://youtu.be/AvLuplh1skA)
 1. [Using Argo CD & Datree for Stable Kubernetes CI/CD Deployments](https://youtu.be/17894DTru2Y)

+### Vendor-sponsored community resources
+
+The following links are to resources hosted by Argo CD vendors (companies which use Argo CD as part of their software offerings). 
+These resources are vendor-neutral (overwhelmingly _about_ Argo CD, but may briefly mention the vendor) and do not require providing information for marketing purposes.
+
+1. [Unveil the Secret Ingredients of Continuous Delivery at Enterprise Scale with Argo CD](https://blog.akuity.io/unveil-the-secret-ingredients-of-continuous-delivery-at-enterprise-scale-with-argo-cd-7c5b4057ee49)
+1. [Argo CD Sandbox (demo instance)](https://argocd.argo.opsmx.net/) (requires logging into the demo instance with a Google account)
--- a/USERS.md
+++ b/USERS.md
@@ -11,9 +11,11 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Adevinta](https://www.adevinta.com/)
 1. [Adfinis](https://adfinis.com)
 1. [Adventure](https://jp.adventurekk.com/)
+1. [AirQo](https://airqo.net/)
 1. [Akuity](https://akuity.io/)
 1. [Alibaba Group](https://www.alibabagroup.com/)
 1. [Allianz Direct](https://www.allianzdirect.de/)
+1. [Amadeus IT Group](https://amadeus.com/)
 1. [Ambassador Labs](https://www.getambassador.io/)
 1. [ANSTO - Australian Synchrotron](https://www.synchrotron.org.au/)
 1. [Ant Group](https://www.antgroup.com/)
@@ -35,6 +37,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Camptocamp](https://camptocamp.com)
 1. [Capital One](https://www.capitalone.com)
 1. [CARFAX](https://www.carfax.com)
+1. [CARFAX Europe](https://www.carfax.eu)
 1. [Casavo](https://casavo.com)
 1. [Celonis](https://www.celonis.com/)
 1. [CERN](https://home.cern/)
@@ -56,6 +59,8 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Deutsche Telekom AG](https://telekom.com)
 1. [Devopsi - Poland Software/DevOps Consulting](https://devopsi.pl/)
 1. [Devtron Labs](https://github.com/devtron-labs/devtron)
+1. [Divistant](https://divistant.com)
+1. [Doximity](https://www.doximity.com/)
 1. [EDF Renewables](https://www.edf-re.com/)
 1. [edX](https://edx.org)
 1. [Elastic](https://elastic.co/)
@@ -65,6 +70,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [END.](https://www.endclothing.com/)
 1. [Energisme](https://energisme.com/)
 1. [enigmo](https://enigmo.co.jp/)
+1. [Envoy](https://envoy.com/)
 1. [Faro](https://www.faro.com/)
 1. [Fave](https://myfave.com)
 1. [Flip](https://flip.id)
@@ -75,7 +81,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [G DATA CyberDefense AG](https://www.gdata-software.com/)
 1. [Garner](https://www.garnercorp.com)
 1. [Generali Deutschland AG](https://www.generali.de/)
-2. [Gepardec](https://gepardec.com/)
+1. [Gepardec](https://gepardec.com/)
 1. [Gitpod](https://www.gitpod.io)
 1. [Gllue](https://gllue.com)
 1. [gloat](https://gloat.com/)
@@ -116,6 +122,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Kurly](https://www.kurly.com/)
 1. [LexisNexis](https://www.lexisnexis.com/)
 1. [Lian Chu Securities](https://lczq.com)
+1. [Liatrio](https://www.liatrio.com)
 1. [Lightricks](https://www.lightricks.com/)
 1. [LINE](https://linecorp.com/en/)
 1. [Lytt](https://www.lytt.co/)
@@ -142,6 +149,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Nextdoor](https://nextdoor.com/)
 1. [Nikkei](https://www.nikkei.co.jp/nikkeiinfo/en/)
 1. [Nitro](https://gonitro.com)
+1. [Objective](https://www.objective.com.br/)
 1. [OCCMundial](https://occ.com.mx)
 1. [Octadesk](https://octadesk.com)
 1. [omegaUp](https://omegaUp.com)
@@ -159,9 +167,11 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [PagerDuty](https://www.pagerduty.com/)
 1. [PayPay](https://paypay.ne.jp/)
 1. [Peloton Interactive](https://www.onepeloton.com/)
+1. [Pigment](https://www.gopigment.com/)
 1. [Pipefy](https://www.pipefy.com/)
 1. [Pismo](https://pismo.io/)
 1. [Polarpoint.io](https://polarpoint.io)
+1. [PostFinance](https://github.com/postfinance)
 1. [Preferred Networks](https://preferred.jp/en/)
 1. [Productboard](https://www.productboard.com/)
 1. [Prudential](https://prudential.com.sg)
@@ -182,6 +192,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [Saloodo! GmbH](https://www.saloodo.com)
 1. [Sap Labs](http://sap.com)
 1. [Schwarz IT](https://jobs.schwarz/it-mission)
+1. [SI Analytics](https://si-analytics.ai)
 1. [Skit](https://skit.ai/)
 1. [Skyscanner](https://www.skyscanner.net/)
 1. [Smilee.io](https://smilee.io)
@@ -232,6 +243,7 @@ Currently, the following organizations are **officially** using Argo CD:
 1. [WeMo Scooter](https://www.wemoscooter.com/)
 1. [Whitehat Berlin](https://whitehat.berlin) by Guido Maria Serra +Fenaroli
 1. [Witick](https://witick.io/)
+1. [Wolffun Game](https://www.wolffungame.com/)
 1. [WooliesX](https://wooliesx.com.au/)
 1. [Woolworths Group](https://www.woolworthsgroup.com.au/)
 1. [WSpot](https://www.wspot.com.br/)
--- a/applicationset/utils/utils.go
+++ b/applicationset/utils/utils.go
@@ -12,7 +12,7 @@ import (
 	"text/template"
 	"unsafe"

-	"github.com/Masterminds/sprig"
+	"github.com/Masterminds/sprig/v3"
 	"github.com/valyala/fasttemplate"

 	log "github.com/sirupsen/logrus"
@@ -133,6 +133,16 @@ func (r *Render) deeplyReplace(copy, original reflect.Value, replaceMap map[stri
 			if err := r.deeplyReplace(copyValue, originalValue, replaceMap, useGoTemplate); err != nil {
 				return err
 			}
+
+			// Keys can be templated as well as values (e.g. to template something into an annotation).
+			if key.Kind() == reflect.String {
+				templatedKey, err := r.Replace(key.String(), replaceMap, useGoTemplate)
+				if err != nil {
+					return err
+				}
+				key = reflect.ValueOf(templatedKey)
+			}
+
 			copy.SetMapIndex(key, copyValue)
 		}

--- a/applicationset/utils/utils_test.go
+++ b/applicationset/utils/utils_test.go
@@ -7,6 +7,7 @@ import (
 	"github.com/sirupsen/logrus"
 	logtest "github.com/sirupsen/logrus/hooks/test"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
@@ -461,7 +462,49 @@ func TestRenderTemplateParamsGoTemplate(t *testing.T) {
 			}
 		})
 	}
+}

+func TestRenderTemplateKeys(t *testing.T) {
+	t.Run("fasttemplate", func(t *testing.T) {
+		application := &argoappsv1.Application{
+			ObjectMeta: metav1.ObjectMeta{
+				Annotations: map[string]string{
+					"annotation-{{key}}": "annotation-{{value}}",
+				},
+			},
+		}
+
+		params := map[string]interface{}{
+			"key":   "some-key",
+			"value": "some-value",
+		}
+
+		render := Render{}
+		newApplication, err := render.RenderTemplateParams(application, nil, params, false)
+		require.NoError(t, err)
+		require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key")
+		assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value")
+	})
+	t.Run("gotemplate", func(t *testing.T) {
+		application := &argoappsv1.Application{
+			ObjectMeta: metav1.ObjectMeta{
+				Annotations: map[string]string{
+					"annotation-{{ .key }}": "annotation-{{ .value }}",
+				},
+			},
+		}
+
+		params := map[string]interface{}{
+			"key":   "some-key",
+			"value": "some-value",
+		}
+
+		render := Render{}
+		newApplication, err := render.RenderTemplateParams(application, nil, params, true)
+		require.NoError(t, err)
+		require.Contains(t, newApplication.ObjectMeta.Annotations, "annotation-some-key")
+		assert.Equal(t, newApplication.ObjectMeta.Annotations["annotation-some-key"], "annotation-some-value")
+	})
 }

 func TestRenderTemplateParamsFinalizers(t *testing.T) {
--- a/assets/swagger.json
+++ b/assets/swagger.json
@@ -4097,6 +4097,9 @@
        "appLabelKey": {
          "type": "string"
        },
+        "appsInAnyNamespaceEnabled": {
+          "type": "boolean"
+        },
        "configManagementPlugins": {
          "type": "array",
          "items": {
@@ -4505,6 +4508,65 @@
        }
      }
    },
+    "repositoryParameterAnnouncement": {
+      "type": "object",
+      "properties": {
+        "array": {
+          "description": "array is the default value of the parameter if the parameter is an array.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "collectionType": {
+          "description": "collectionType is the type of value this parameter holds - either a single value (a string) or a collection\n(array or map). If collectionType is set, only the field with that type will be used. If collectionType is not\nset, `string` is the default. If collectionType is set to an invalid value, a validation error is thrown.",
+          "type": "string"
+        },
+        "itemType": {
+          "description": "itemType determines the primitive data type represented by the parameter. Parameters are always encoded as\nstrings, but this field lets them be interpreted as other primitive types.",
+          "type": "string"
+        },
+        "map": {
+          "description": "map is the default value of the parameter if the parameter is a map.",
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
+        "name": {
+          "description": "name is the name identifying a parameter.",
+          "type": "string"
+        },
+        "required": {
+          "description": "required defines if this given parameter is mandatory.",
+          "type": "boolean"
+        },
+        "string": {
+          "description": "string is the default value of the parameter if the parameter is a string.",
+          "type": "string"
+        },
+        "title": {
+          "description": "title is a human-readable text of the parameter name.",
+          "type": "string"
+        },
+        "tooltip": {
+          "description": "tooltip is a human-readable description of the parameter.",
+          "type": "string"
+        }
+      }
+    },
+    "repositoryPluginAppSpec": {
+      "type": "object",
+      "title": "PluginAppSpec contains details about a plugin-type Application",
+      "properties": {
+        "parametersAnnouncement": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/repositoryParameterAnnouncement"
+          }
+        }
+      }
+    },
    "repositoryRefs": {
      "type": "object",
      "title": "A subset of the repository's named refs",
@@ -4551,6 +4613,9 @@
        "kustomize": {
          "$ref": "#/definitions/repositoryKustomizeAppSpec"
        },
+        "plugin": {
+          "$ref": "#/definitions/repositoryPluginAppSpec"
+        },
        "type": {
          "type": "string"
        }
@@ -5772,6 +5837,39 @@
        },
        "name": {
          "type": "string"
+        },
+        "parameters": {
+          "type": "array",
+          "items": {
+            "$ref": "#/definitions/v1alpha1ApplicationSourcePluginParameter"
+          }
+        }
+      }
+    },
+    "v1alpha1ApplicationSourcePluginParameter": {
+      "type": "object",
+      "properties": {
+        "array": {
+          "description": "Array is the value of an array type parameter.",
+          "type": "array",
+          "items": {
+            "type": "string"
+          }
+        },
+        "map": {
+          "description": "Map is the value of a map type parameter.",
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
+        "name": {
+          "description": "Name is the name identifying a parameter.",
+          "type": "string"
+        },
+        "string": {
+          "description": "String_ is the value of a string type parameter.",
+          "type": "string"
        }
      }
    },
@@ -6544,6 +6642,23 @@
        }
      }
    },
+    "v1alpha1ManagedNamespaceMetadata": {
+      "type": "object",
+      "properties": {
+        "annotations": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        },
+        "labels": {
+          "type": "object",
+          "additionalProperties": {
+            "type": "string"
+          }
+        }
+      }
+    },
    "v1alpha1MatrixGenerator": {
      "description": "MatrixGenerator generates the cartesian product of two sets of parameters. The parameters are defined by two nested\ngenerators.",
      "type": "object",
@@ -7827,6 +7942,9 @@
        "automated": {
          "$ref": "#/definitions/v1alpha1SyncPolicyAutomated"
        },
+        "managedNamespaceMetadata": {
+          "$ref": "#/definitions/v1alpha1ManagedNamespaceMetadata"
+        },
        "retry": {
          "$ref": "#/definitions/v1alpha1RetryStrategy"
        },
--- a/cmd/argocd/commands/admin/admin.go
+++ b/cmd/argocd/commands/admin/admin.go
@@ -56,6 +56,7 @@ func NewAdminCommand() *cobra.Command {
 	command.AddCommand(NewExportCommand())
 	command.AddCommand(NewDashboardCommand())
 	command.AddCommand(NewNotificationsCommand())
+	command.AddCommand(NewInitialPasswordCommand())

 	command.Flags().StringVar(&cmdutil.LogFormat, "logformat", "text", "Set the logging format. One of: text|json")
 	command.Flags().StringVar(&cmdutil.LogLevel, "loglevel", "info", "Set the logging level. One of: debug|info|warn|error")
--- a/cmd/argocd/commands/admin/initial_password.go
+++ b/cmd/argocd/commands/admin/initial_password.go
@@ -0,0 +1,46 @@
+package admin
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/spf13/cobra"
+	v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/tools/clientcmd"
+
+	"github.com/argoproj/argo-cd/v2/util/cli"
+	"github.com/argoproj/argo-cd/v2/util/errors"
+)
+
+const initialPasswordSecretName = "argocd-initial-admin-secret"
+
+// NewInitialPasswordCommand defines a new command to retrieve Argo CD initial password.
+func NewInitialPasswordCommand() *cobra.Command {
+	var (
+		clientConfig clientcmd.ClientConfig
+	)
+	var command = cobra.Command{
+		Use:   "initial-password",
+		Short: "Prints initial password to log in to Argo CD for the first time",
+		Run: func(c *cobra.Command, args []string) {
+
+			config, err := clientConfig.ClientConfig()
+			errors.CheckError(err)
+			namespace, _, err := clientConfig.Namespace()
+			errors.CheckError(err)
+
+			kubeClientset := kubernetes.NewForConfigOrDie(config)
+			secret, err := kubeClientset.CoreV1().Secrets(namespace).Get(context.Background(), initialPasswordSecretName, v1.GetOptions{})
+			errors.CheckError(err)
+
+			if initialPass, ok := secret.Data["password"]; ok {
+				fmt.Println(string(initialPass))
+				fmt.Println("\n This password must be only used for first time login. We strongly recommend you update the password using `argocd account update-password`.")
+			}
+		},
+	}
+	clientConfig = cli.AddKubectlFlagsToCmd(&command)
+
+	return &command
+}
--- a/cmd/argocd/commands/admin/notifications.go
+++ b/cmd/argocd/commands/admin/notifications.go
@@ -33,7 +33,7 @@ func NewNotificationsCommand() *cobra.Command {
 	var argocdService service.Service
 	toolsCommand := cmd.NewToolsCommand(
 		"notifications",
-		"notifications",
+		"argocd admin notifications",
 		applications,
 		settings.GetFactorySettings(argocdService, "argocd-notifications-secret", "argocd-notifications-cm"), func(clientConfig clientcmd.ClientConfig) {
 			k8sCfg, err := clientConfig.ClientConfig()
--- a/cmpserver/apiclient/plugin.pb.go
+++ b/cmpserver/apiclient/plugin.pb.go
@@ -6,6 +6,7 @@ package apiclient
 import (
 	context "context"
 	fmt "fmt"
+	apiclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	proto "github.com/gogo/protobuf/proto"
 	grpc "google.golang.org/grpc"
 	codes "google.golang.org/grpc/codes"
@@ -362,6 +363,55 @@ func (m *RepositoryResponse) GetIsSupported() bool {
 	return false
 }

+// ParametersAnnouncementResponse contains a list of announcements. This list represents all the parameters which a CMP
+// is able to accept.
+type ParametersAnnouncementResponse struct {
+	ParameterAnnouncements []*apiclient.ParameterAnnouncement `protobuf:"bytes,1,rep,name=parameterAnnouncements,proto3" json:"parameterAnnouncements,omitempty"`
+	XXX_NoUnkeyedLiteral   struct{}                           `json:"-"`
+	XXX_unrecognized       []byte                             `json:"-"`
+	XXX_sizecache          int32                              `json:"-"`
+}
+
+func (m *ParametersAnnouncementResponse) Reset()         { *m = ParametersAnnouncementResponse{} }
+func (m *ParametersAnnouncementResponse) String() string { return proto.CompactTextString(m) }
+func (*ParametersAnnouncementResponse) ProtoMessage()    {}
+func (*ParametersAnnouncementResponse) Descriptor() ([]byte, []int) {
+	return fileDescriptor_b21875a7079a06ed, []int{5}
+}
+func (m *ParametersAnnouncementResponse) XXX_Unmarshal(b []byte) error {
+	return m.Unmarshal(b)
+}
+func (m *ParametersAnnouncementResponse) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+	if deterministic {
+		return xxx_messageInfo_ParametersAnnouncementResponse.Marshal(b, m, deterministic)
+	} else {
+		b = b[:cap(b)]
+		n, err := m.MarshalToSizedBuffer(b)
+		if err != nil {
+			return nil, err
+		}
+		return b[:n], nil
+	}
+}
+func (m *ParametersAnnouncementResponse) XXX_Merge(src proto.Message) {
+	xxx_messageInfo_ParametersAnnouncementResponse.Merge(m, src)
+}
+func (m *ParametersAnnouncementResponse) XXX_Size() int {
+	return m.Size()
+}
+func (m *ParametersAnnouncementResponse) XXX_DiscardUnknown() {
+	xxx_messageInfo_ParametersAnnouncementResponse.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_ParametersAnnouncementResponse proto.InternalMessageInfo
+
+func (m *ParametersAnnouncementResponse) GetParameterAnnouncements() []*apiclient.ParameterAnnouncement {
+	if m != nil {
+		return m.ParameterAnnouncements
+	}
+	return nil
+}
+
 type File struct {
 	Chunk                []byte   `protobuf:"bytes,1,opt,name=chunk,proto3" json:"chunk,omitempty"`
 	XXX_NoUnkeyedLiteral struct{} `json:"-"`
@@ -373,7 +423,7 @@ func (m *File) Reset()         { *m = File{} }
 func (m *File) String() string { return proto.CompactTextString(m) }
 func (*File) ProtoMessage()    {}
 func (*File) Descriptor() ([]byte, []int) {
-	return fileDescriptor_b21875a7079a06ed, []int{5}
+	return fileDescriptor_b21875a7079a06ed, []int{6}
 }
 func (m *File) XXX_Unmarshal(b []byte) error {
 	return m.Unmarshal(b)
@@ -415,44 +465,49 @@ func init() {
 	proto.RegisterType((*EnvEntry)(nil), "plugin.EnvEntry")
 	proto.RegisterType((*ManifestResponse)(nil), "plugin.ManifestResponse")
 	proto.RegisterType((*RepositoryResponse)(nil), "plugin.RepositoryResponse")
+	proto.RegisterType((*ParametersAnnouncementResponse)(nil), "plugin.ParametersAnnouncementResponse")
 	proto.RegisterType((*File)(nil), "plugin.File")
 }

 func init() { proto.RegisterFile("cmpserver/plugin/plugin.proto", fileDescriptor_b21875a7079a06ed) }

 var fileDescriptor_b21875a7079a06ed = []byte{
-	// 483 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x53, 0xd1, 0x8e, 0x12, 0x3d,
-	0x14, 0xa6, 0x3f, 0xec, 0x2e, 0x1c, 0x36, 0xf9, 0x49, 0x63, 0xe2, 0x84, 0xec, 0x22, 0x99, 0x2b,
-	0x6e, 0x84, 0x04, 0x8d, 0x77, 0x26, 0xba, 0x66, 0x75, 0xa3, 0xc1, 0x90, 0xe2, 0x95, 0x77, 0xdd,
-	0x72, 0x80, 0xba, 0x33, 0x6d, 0x6d, 0x3b, 0x93, 0xe0, 0x95, 0x6f, 0xe3, 0x2b, 0xf8, 0x08, 0x5e,
-	0xfa, 0x08, 0x86, 0x27, 0x31, 0x53, 0x66, 0x18, 0xe2, 0x46, 0xaf, 0x38, 0xdf, 0x77, 0xce, 0xf9,
-	0xf8, 0xbe, 0x4e, 0x0b, 0x97, 0x22, 0x35, 0x0e, 0x6d, 0x8e, 0x76, 0x62, 0x92, 0x6c, 0x2d, 0x55,
-	0xf9, 0x33, 0x36, 0x56, 0x7b, 0x4d, 0x4f, 0xf7, 0x28, 0xfe, 0x4a, 0xa0, 0xf7, 0xd2, 0x98, 0x85,
-	0xb7, 0xc8, 0x53, 0x86, 0x9f, 0x33, 0x74, 0x9e, 0x3e, 0x87, 0x76, 0x8a, 0x9e, 0x2f, 0xb9, 0xe7,
-	0x11, 0x19, 0x92, 0x51, 0x77, 0xfa, 0x68, 0x5c, 0x6e, 0xcf, 0xb8, 0x92, 0x2b, 0x74, 0xbe, 0x1c,
-	0x9d, 0x95, 0x63, 0x37, 0x0d, 0x76, 0x58, 0xa1, 0x31, 0xb4, 0x56, 0x32, 0xc1, 0xe8, 0xbf, 0xb0,
-	0x7a, 0x5e, 0xad, 0xbe, 0x96, 0x09, 0xde, 0x34, 0x58, 0xe8, 0x5d, 0x75, 0xe0, 0xcc, 0xee, 0x25,
-	0xe2, 0x6f, 0x04, 0x1e, 0xfe, 0x45, 0x96, 0x46, 0x70, 0xc6, 0x8d, 0x79, 0xcf, 0x53, 0x0c, 0x46,
-	0x3a, 0xac, 0x82, 0x74, 0x00, 0xc0, 0x8d, 0x61, 0x98, 0xcc, 0xb9, 0xdf, 0x84, 0xbf, 0xea, 0xb0,
-	0x23, 0x86, 0xf6, 0xa1, 0x2d, 0x36, 0x28, 0xee, 0x5c, 0x96, 0x46, 0xcd, 0xd0, 0x3d, 0x60, 0x4a,
-	0xa1, 0xe5, 0xe4, 0x17, 0x8c, 0x5a, 0x43, 0x32, 0x6a, 0xb2, 0x50, 0xd3, 0x18, 0x9a, 0xa8, 0xf2,
-	0xe8, 0x64, 0xd8, 0x1c, 0x75, 0xa7, 0xbd, 0xca, 0xf3, 0xb5, 0xca, 0xaf, 0x95, 0xb7, 0x5b, 0x56,
-	0x34, 0xe3, 0xa7, 0xd0, 0xae, 0x88, 0x42, 0x43, 0xd5, 0xb6, 0x42, 0x4d, 0x1f, 0xc0, 0x49, 0xce,
-	0x93, 0x0c, 0x4b, 0x3b, 0x7b, 0x10, 0xcf, 0xa1, 0x57, 0xc7, 0x73, 0x46, 0x2b, 0x87, 0xf4, 0x02,
-	0x3a, 0x69, 0xc9, 0xb9, 0x88, 0x0c, 0x9b, 0xa3, 0x0e, 0xab, 0x89, 0x22, 0x9b, 0xd3, 0x99, 0x15,
-	0xf8, 0x61, 0x6b, 0x2a, 0xb1, 0x23, 0x26, 0x7e, 0x06, 0x94, 0xa1, 0xd1, 0x4e, 0x7a, 0x6d, 0xb7,
-	0x07, 0xcd, 0x21, 0x74, 0xa5, 0x5b, 0x64, 0xc6, 0x68, 0xeb, 0x71, 0x19, 0x8c, 0xb5, 0xd9, 0x31,
-	0x15, 0x5f, 0x40, 0xab, 0xf8, 0x08, 0x85, 0x4f, 0xb1, 0xc9, 0xd4, 0x5d, 0x98, 0x39, 0x67, 0x7b,
-	0x30, 0xfd, 0x4e, 0xe0, 0xf2, 0x95, 0x56, 0x2b, 0xb9, 0x9e, 0x71, 0xc5, 0xd7, 0x98, 0xa2, 0xf2,
-	0xf3, 0x70, 0x0c, 0x0b, 0xb4, 0xb9, 0x14, 0x48, 0xdf, 0x42, 0xef, 0x0d, 0x2a, 0xb4, 0xdc, 0x63,
-	0x95, 0x88, 0x46, 0xd5, 0x51, 0xfd, 0x79, 0x8b, 0xfa, 0xd1, 0xfd, 0x3b, 0xb3, 0x77, 0x1a, 0x37,
-	0x46, 0x84, 0xbe, 0x83, 0xff, 0x67, 0xdc, 0x8b, 0x4d, 0x1d, 0xe4, 0x1f, 0x52, 0xfd, 0xaa, 0x73,
-	0x3f, 0x76, 0x21, 0x76, 0xf5, 0xe2, 0xc7, 0x6e, 0x40, 0x7e, 0xee, 0x06, 0xe4, 0xd7, 0x6e, 0x40,
-	0x3e, 0x4e, 0xd7, 0xd2, 0x6f, 0xb2, 0xdb, 0xb1, 0xd0, 0xe9, 0x84, 0xdb, 0xb5, 0x36, 0x56, 0x7f,
-	0x0a, 0xc5, 0x63, 0xb1, 0x9c, 0xe4, 0xd3, 0x49, 0xfd, 0x32, 0xb8, 0x91, 0x22, 0x91, 0xa8, 0xfc,
-	0xed, 0x69, 0x78, 0x16, 0x4f, 0x7e, 0x07, 0x00, 0x00, 0xff, 0xff, 0x83, 0x01, 0x5e, 0x48, 0x37,
-	0x03, 0x00, 0x00,
+	// 558 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x84, 0x54, 0xc1, 0x6e, 0xd3, 0x4c,
+	0x10, 0xae, 0x9b, 0xb4, 0x4d, 0x26, 0x95, 0xfe, 0x68, 0xf5, 0x0b, 0x4c, 0xd4, 0x86, 0xe0, 0x03,
+	0xca, 0x85, 0x44, 0x32, 0x88, 0x1b, 0x12, 0x2d, 0x2a, 0xad, 0x40, 0x41, 0xd1, 0x96, 0x0b, 0xdc,
+	0xb6, 0xce, 0x24, 0x59, 0x6a, 0xef, 0x2e, 0xeb, 0xb5, 0xa5, 0xc0, 0x85, 0xf7, 0xe0, 0x01, 0x78,
+	0x15, 0x8e, 0x3c, 0x02, 0xca, 0x93, 0x20, 0xaf, 0xed, 0xd8, 0xa2, 0x6d, 0x38, 0x79, 0xe6, 0x9b,
+	0x99, 0x6f, 0xbf, 0x9d, 0x99, 0x35, 0x1c, 0x07, 0x91, 0x8a, 0x51, 0xa7, 0xa8, 0xc7, 0x2a, 0x4c,
+	0x16, 0x5c, 0x14, 0x9f, 0x91, 0xd2, 0xd2, 0x48, 0xb2, 0x9f, 0x7b, 0xbd, 0xb3, 0x05, 0x37, 0xcb,
+	0xe4, 0x6a, 0x14, 0xc8, 0x68, 0xcc, 0xf4, 0x42, 0x2a, 0x2d, 0x3f, 0x59, 0xe3, 0x49, 0x30, 0x1b,
+	0xa7, 0xfe, 0x58, 0xa3, 0x92, 0x05, 0x8d, 0x35, 0xb9, 0x91, 0x7a, 0x55, 0x33, 0x73, 0x3a, 0xef,
+	0x9b, 0x03, 0xdd, 0x13, 0xa5, 0x2e, 0x8d, 0x46, 0x16, 0x51, 0xfc, 0x9c, 0x60, 0x6c, 0xc8, 0x0b,
+	0x68, 0x45, 0x68, 0xd8, 0x8c, 0x19, 0xe6, 0x3a, 0x03, 0x67, 0xd8, 0xf1, 0x1f, 0x8e, 0x0a, 0x11,
+	0x13, 0x26, 0xf8, 0x1c, 0x63, 0x53, 0xa4, 0x4e, 0x8a, 0xb4, 0x8b, 0x1d, 0xba, 0x29, 0x21, 0x1e,
+	0x34, 0xe7, 0x3c, 0x44, 0x77, 0xd7, 0x96, 0x1e, 0x96, 0xa5, 0xaf, 0x79, 0x88, 0x17, 0x3b, 0xd4,
+	0xc6, 0x4e, 0xdb, 0x70, 0xa0, 0x73, 0x0a, 0xef, 0x87, 0x03, 0xf7, 0xef, 0xa0, 0x25, 0x2e, 0x1c,
+	0x30, 0xa5, 0xde, 0xb1, 0x08, 0xad, 0x90, 0x36, 0x2d, 0x5d, 0xd2, 0x07, 0x60, 0x4a, 0x51, 0x0c,
+	0xa7, 0xcc, 0x2c, 0xed, 0x51, 0x6d, 0x5a, 0x43, 0x48, 0x0f, 0x5a, 0xc1, 0x12, 0x83, 0xeb, 0x38,
+	0x89, 0xdc, 0x86, 0x8d, 0x6e, 0x7c, 0x42, 0xa0, 0x19, 0xf3, 0x2f, 0xe8, 0x36, 0x07, 0xce, 0xb0,
+	0x41, 0xad, 0x4d, 0x3c, 0x68, 0xa0, 0x48, 0xdd, 0xbd, 0x41, 0x63, 0xd8, 0xf1, 0xbb, 0xa5, 0xe6,
+	0x33, 0x91, 0x9e, 0x09, 0xa3, 0x57, 0x34, 0x0b, 0x7a, 0xcf, 0xa0, 0x55, 0x02, 0x19, 0x87, 0xa8,
+	0x64, 0x59, 0x9b, 0xfc, 0x0f, 0x7b, 0x29, 0x0b, 0x13, 0x2c, 0xe4, 0xe4, 0x8e, 0x37, 0x85, 0x6e,
+	0x75, 0xbd, 0x58, 0x49, 0x11, 0x23, 0x39, 0x82, 0x76, 0x54, 0x60, 0xb1, 0xeb, 0x0c, 0x1a, 0xc3,
+	0x36, 0xad, 0x80, 0xec, 0x6e, 0xb1, 0x4c, 0x74, 0x80, 0xef, 0x57, 0xaa, 0x24, 0xab, 0x21, 0xde,
+	0x73, 0x20, 0x74, 0x33, 0xc8, 0x0d, 0xe7, 0x00, 0x3a, 0x3c, 0xbe, 0x4c, 0x94, 0x92, 0xda, 0xe0,
+	0xcc, 0x0a, 0x6b, 0xd1, 0x3a, 0xe4, 0x7d, 0x85, 0xfe, 0x94, 0x69, 0x16, 0xa1, 0x41, 0x1d, 0x9f,
+	0x08, 0x21, 0x13, 0x11, 0x60, 0x84, 0xa2, 0xd2, 0xf5, 0x01, 0xee, 0xa9, 0x32, 0xa3, 0x9e, 0x90,
+	0x8b, 0xec, 0xf8, 0x8f, 0x46, 0xb5, 0x0d, 0x9a, 0xde, 0x96, 0x49, 0xef, 0x20, 0xf0, 0x8e, 0xa0,
+	0x99, 0x6d, 0x40, 0xd6, 0xa4, 0x60, 0x99, 0x88, 0x6b, 0x2b, 0xf0, 0x90, 0xe6, 0x8e, 0xff, 0x7d,
+	0x17, 0x8e, 0x5f, 0x49, 0x31, 0xe7, 0x8b, 0x09, 0x13, 0x6c, 0x61, 0x6b, 0xa6, 0x76, 0x06, 0x97,
+	0xa8, 0x53, 0x1e, 0x20, 0x79, 0x03, 0xdd, 0x73, 0x14, 0xa8, 0x99, 0xc1, 0xb2, 0x9d, 0xc4, 0x2d,
+	0xe7, 0xf4, 0xf7, 0x0a, 0xf7, 0xdc, 0x9b, 0x0b, 0x9b, 0x5f, 0xd1, 0xdb, 0x19, 0x3a, 0xe4, 0x2d,
+	0xfc, 0x37, 0x61, 0x26, 0x58, 0x56, 0x5d, 0xdc, 0x42, 0xd5, 0x2b, 0x23, 0x37, 0x7b, 0x6e, 0xc9,
+	0x18, 0x3c, 0x38, 0x47, 0x73, 0x7b, 0x63, 0xb7, 0xd0, 0x3e, 0x2e, 0x23, 0xdb, 0x47, 0x92, 0x1d,
+	0x71, 0xfa, 0xf2, 0xe7, 0xba, 0xef, 0xfc, 0x5a, 0xf7, 0x9d, 0xdf, 0xeb, 0xbe, 0xf3, 0xd1, 0xff,
+	0xc7, 0xd3, 0xaf, 0x7e, 0x20, 0x4c, 0xf1, 0x20, 0xe4, 0x28, 0xcc, 0xd5, 0xbe, 0x7d, 0xee, 0x4f,
+	0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x33, 0x34, 0xb3, 0x95, 0x5e, 0x04, 0x00, 0x00,
 }

 // Reference imports to suppress errors if they are not otherwise used.
@@ -472,6 +527,8 @@ type ConfigManagementPluginServiceClient interface {
 	GenerateManifest(ctx context.Context, opts ...grpc.CallOption) (ConfigManagementPluginService_GenerateManifestClient, error)
 	// MatchRepository returns whether or not the given application is supported by the plugin
 	MatchRepository(ctx context.Context, opts ...grpc.CallOption) (ConfigManagementPluginService_MatchRepositoryClient, error)
+	// GetParametersAnnouncement gets a list of parameter announcements for the given app
+	GetParametersAnnouncement(ctx context.Context, opts ...grpc.CallOption) (ConfigManagementPluginService_GetParametersAnnouncementClient, error)
 }

 type configManagementPluginServiceClient struct {
@@ -550,6 +607,40 @@ func (x *configManagementPluginServiceMatchRepositoryClient) CloseAndRecv() (*Re
 	return m, nil
 }

+func (c *configManagementPluginServiceClient) GetParametersAnnouncement(ctx context.Context, opts ...grpc.CallOption) (ConfigManagementPluginService_GetParametersAnnouncementClient, error) {
+	stream, err := c.cc.NewStream(ctx, &_ConfigManagementPluginService_serviceDesc.Streams[2], "/plugin.ConfigManagementPluginService/GetParametersAnnouncement", opts...)
+	if err != nil {
+		return nil, err
+	}
+	x := &configManagementPluginServiceGetParametersAnnouncementClient{stream}
+	return x, nil
+}
+
+type ConfigManagementPluginService_GetParametersAnnouncementClient interface {
+	Send(*AppStreamRequest) error
+	CloseAndRecv() (*ParametersAnnouncementResponse, error)
+	grpc.ClientStream
+}
+
+type configManagementPluginServiceGetParametersAnnouncementClient struct {
+	grpc.ClientStream
+}
+
+func (x *configManagementPluginServiceGetParametersAnnouncementClient) Send(m *AppStreamRequest) error {
+	return x.ClientStream.SendMsg(m)
+}
+
+func (x *configManagementPluginServiceGetParametersAnnouncementClient) CloseAndRecv() (*ParametersAnnouncementResponse, error) {
+	if err := x.ClientStream.CloseSend(); err != nil {
+		return nil, err
+	}
+	m := new(ParametersAnnouncementResponse)
+	if err := x.ClientStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
 // ConfigManagementPluginServiceServer is the server API for ConfigManagementPluginService service.
 type ConfigManagementPluginServiceServer interface {
 	// GenerateManifests receive a stream containing a tgz archive with all required files necessary
@@ -557,6 +648,8 @@ type ConfigManagementPluginServiceServer interface {
 	GenerateManifest(ConfigManagementPluginService_GenerateManifestServer) error
 	// MatchRepository returns whether or not the given application is supported by the plugin
 	MatchRepository(ConfigManagementPluginService_MatchRepositoryServer) error
+	// GetParametersAnnouncement gets a list of parameter announcements for the given app
+	GetParametersAnnouncement(ConfigManagementPluginService_GetParametersAnnouncementServer) error
 }

 // UnimplementedConfigManagementPluginServiceServer can be embedded to have forward compatible implementations.
@@ -569,6 +662,9 @@ func (*UnimplementedConfigManagementPluginServiceServer) GenerateManifest(srv Co
 func (*UnimplementedConfigManagementPluginServiceServer) MatchRepository(srv ConfigManagementPluginService_MatchRepositoryServer) error {
 	return status.Errorf(codes.Unimplemented, "method MatchRepository not implemented")
 }
+func (*UnimplementedConfigManagementPluginServiceServer) GetParametersAnnouncement(srv ConfigManagementPluginService_GetParametersAnnouncementServer) error {
+	return status.Errorf(codes.Unimplemented, "method GetParametersAnnouncement not implemented")
+}

 func RegisterConfigManagementPluginServiceServer(s *grpc.Server, srv ConfigManagementPluginServiceServer) {
 	s.RegisterService(&_ConfigManagementPluginService_serviceDesc, srv)
@@ -626,6 +722,32 @@ func (x *configManagementPluginServiceMatchRepositoryServer) Recv() (*AppStreamR
 	return m, nil
 }

+func _ConfigManagementPluginService_GetParametersAnnouncement_Handler(srv interface{}, stream grpc.ServerStream) error {
+	return srv.(ConfigManagementPluginServiceServer).GetParametersAnnouncement(&configManagementPluginServiceGetParametersAnnouncementServer{stream})
+}
+
+type ConfigManagementPluginService_GetParametersAnnouncementServer interface {
+	SendAndClose(*ParametersAnnouncementResponse) error
+	Recv() (*AppStreamRequest, error)
+	grpc.ServerStream
+}
+
+type configManagementPluginServiceGetParametersAnnouncementServer struct {
+	grpc.ServerStream
+}
+
+func (x *configManagementPluginServiceGetParametersAnnouncementServer) SendAndClose(m *ParametersAnnouncementResponse) error {
+	return x.ServerStream.SendMsg(m)
+}
+
+func (x *configManagementPluginServiceGetParametersAnnouncementServer) Recv() (*AppStreamRequest, error) {
+	m := new(AppStreamRequest)
+	if err := x.ServerStream.RecvMsg(m); err != nil {
+		return nil, err
+	}
+	return m, nil
+}
+
 var _ConfigManagementPluginService_serviceDesc = grpc.ServiceDesc{
 	ServiceName: "plugin.ConfigManagementPluginService",
 	HandlerType: (*ConfigManagementPluginServiceServer)(nil),
@@ -641,6 +763,11 @@ var _ConfigManagementPluginService_serviceDesc = grpc.ServiceDesc{
 			Handler:       _ConfigManagementPluginService_MatchRepository_Handler,
 			ClientStreams: true,
 		},
+		{
+			StreamName:    "GetParametersAnnouncement",
+			Handler:       _ConfigManagementPluginService_GetParametersAnnouncement_Handler,
+			ClientStreams: true,
+		},
 	},
 	Metadata: "cmpserver/plugin/plugin.proto",
 }
@@ -911,6 +1038,47 @@ func (m *RepositoryResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
 	return len(dAtA) - i, nil
 }

+func (m *ParametersAnnouncementResponse) Marshal() (dAtA []byte, err error) {
+	size := m.Size()
+	dAtA = make([]byte, size)
+	n, err := m.MarshalToSizedBuffer(dAtA[:size])
+	if err != nil {
+		return nil, err
+	}
+	return dAtA[:n], nil
+}
+
+func (m *ParametersAnnouncementResponse) MarshalTo(dAtA []byte) (int, error) {
+	size := m.Size()
+	return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *ParametersAnnouncementResponse) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+	i := len(dAtA)
+	_ = i
+	var l int
+	_ = l
+	if m.XXX_unrecognized != nil {
+		i -= len(m.XXX_unrecognized)
+		copy(dAtA[i:], m.XXX_unrecognized)
+	}
+	if len(m.ParameterAnnouncements) > 0 {
+		for iNdEx := len(m.ParameterAnnouncements) - 1; iNdEx >= 0; iNdEx-- {
+			{
+				size, err := m.ParameterAnnouncements[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+				if err != nil {
+					return 0, err
+				}
+				i -= size
+				i = encodeVarintPlugin(dAtA, i, uint64(size))
+			}
+			i--
+			dAtA[i] = 0xa
+		}
+	}
+	return len(dAtA) - i, nil
+}
+
 func (m *File) Marshal() (dAtA []byte, err error) {
 	size := m.Size()
 	dAtA = make([]byte, size)
@@ -1085,6 +1253,24 @@ func (m *RepositoryResponse) Size() (n int) {
 	return n
 }

+func (m *ParametersAnnouncementResponse) Size() (n int) {
+	if m == nil {
+		return 0
+	}
+	var l int
+	_ = l
+	if len(m.ParameterAnnouncements) > 0 {
+		for _, e := range m.ParameterAnnouncements {
+			l = e.Size()
+			n += 1 + l + sovPlugin(uint64(l))
+		}
+	}
+	if m.XXX_unrecognized != nil {
+		n += len(m.XXX_unrecognized)
+	}
+	return n
+}
+
 func (m *File) Size() (n int) {
 	if m == nil {
 		return 0
@@ -1729,6 +1915,91 @@ func (m *RepositoryResponse) Unmarshal(dAtA []byte) error {
 	}
 	return nil
 }
+func (m *ParametersAnnouncementResponse) Unmarshal(dAtA []byte) error {
+	l := len(dAtA)
+	iNdEx := 0
+	for iNdEx < l {
+		preIndex := iNdEx
+		var wire uint64
+		for shift := uint(0); ; shift += 7 {
+			if shift >= 64 {
+				return ErrIntOverflowPlugin
+			}
+			if iNdEx >= l {
+				return io.ErrUnexpectedEOF
+			}
+			b := dAtA[iNdEx]
+			iNdEx++
+			wire |= uint64(b&0x7F) << shift
+			if b < 0x80 {
+				break
+			}
+		}
+		fieldNum := int32(wire >> 3)
+		wireType := int(wire & 0x7)
+		if wireType == 4 {
+			return fmt.Errorf("proto: ParametersAnnouncementResponse: wiretype end group for non-group")
+		}
+		if fieldNum <= 0 {
+			return fmt.Errorf("proto: ParametersAnnouncementResponse: illegal tag %d (wire type %d)", fieldNum, wire)
+		}
+		switch fieldNum {
+		case 1:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field ParameterAnnouncements", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowPlugin
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= int(b&0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			postIndex := iNdEx + msglen
+			if postIndex < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.ParameterAnnouncements = append(m.ParameterAnnouncements, &apiclient.ParameterAnnouncement{})
+			if err := m.ParameterAnnouncements[len(m.ParameterAnnouncements)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		default:
+			iNdEx = preIndex
+			skippy, err := skipPlugin(dAtA[iNdEx:])
+			if err != nil {
+				return err
+			}
+			if (skippy < 0) || (iNdEx+skippy) < 0 {
+				return ErrInvalidLengthPlugin
+			}
+			if (iNdEx + skippy) > l {
+				return io.ErrUnexpectedEOF
+			}
+			m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
+			iNdEx += skippy
+		}
+	}
+
+	if iNdEx > l {
+		return io.ErrUnexpectedEOF
+	}
+	return nil
+}
 func (m *File) Unmarshal(dAtA []byte) error {
 	l := len(dAtA)
 	iNdEx := 0
--- a/cmpserver/plugin/config.go
+++ b/cmpserver/plugin/config.go
@@ -7,6 +7,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	"github.com/argoproj/argo-cd/v2/common"
+	"github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	configUtil "github.com/argoproj/argo-cd/v2/util/config"
 )

@@ -21,10 +22,11 @@ type PluginConfig struct {
 }

 type PluginConfigSpec struct {
-	Version          string   `json:"version"`
-	Init             Command  `json:"init,omitempty"`
-	Generate         Command  `json:"generate"`
-	Discover         Discover `json:"discover"`
+	Version          string     `json:"version"`
+	Init             Command    `json:"init,omitempty"`
+	Generate         Command    `json:"generate"`
+	Discover         Discover   `json:"discover"`
+	Parameters       Parameters `yaml:"parameters"`
 }

 //Discover holds find and fileName
@@ -45,6 +47,17 @@ type Find struct {
 	Glob string `json:"glob"`
 }

+// Parameters holds static and dynamic configurations
+type Parameters struct {
+	Static  []*apiclient.ParameterAnnouncement `yaml:"static"`
+	Dynamic Command                            `yaml:"dynamic"`
+}
+
+// Dynamic hold the dynamic announcements for CMP's
+type Dynamic struct {
+	Command
+}
+
 func ReadPluginConfig(filePath string) (*PluginConfig, error) {
 	path := fmt.Sprintf("%s/%s", strings.TrimRight(filePath, "/"), common.PluginConfigFileName)

--- a/cmpserver/plugin/plugin.go
+++ b/cmpserver/plugin/plugin.go
@@ -3,6 +3,7 @@ package plugin
 import (
 	"bytes"
 	"context"
+	"encoding/json"
 	"errors"
 	"fmt"
 	"os"
@@ -13,7 +14,9 @@ import (

 	"github.com/argoproj/pkg/rand"

+	"github.com/argoproj/argo-cd/v2/cmpserver/apiclient"
 	"github.com/argoproj/argo-cd/v2/common"
+	repoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/util/buffered_context"
 	"github.com/argoproj/argo-cd/v2/util/cmp"
 	"github.com/argoproj/argo-cd/v2/util/io/files"
@@ -21,8 +24,6 @@ import (
 	"github.com/argoproj/gitops-engine/pkg/utils/kube"
 	"github.com/mattn/go-zglob"
 	log "github.com/sirupsen/logrus"
-
-	"github.com/argoproj/argo-cd/v2/cmpserver/apiclient"
 )

 // cmpTimeoutBuffer is the amount of time before the request deadline to timeout server-side work. It makes sure there's
@@ -45,15 +46,14 @@ func NewService(initConstants CMPServerInitConstants) *Service {
 	}
 }

-func (s *Service) Init() error {
-	workDir := common.GetCMPWorkDir()
+func (s *Service) Init(workDir string) error {
 	err := os.RemoveAll(workDir)
 	if err != nil {
-		return fmt.Errorf("error removing workdir %q: %s", workDir, err)
+		return fmt.Errorf("error removing workdir %q: %w", workDir, err)
 	}
 	err = os.MkdirAll(workDir, 0700)
 	if err != nil {
-		return fmt.Errorf("error creating workdir %q: %s", workDir, err)
+		return fmt.Errorf("error creating workdir %q: %w", workDir, err)
 	}
 	return nil
 }
@@ -143,24 +143,50 @@ func environ(envVars []*apiclient.EnvEntry) []string {
 	return environ
 }

+// getTempDirMustCleanup creates a temporary directory and returns a cleanup function.
+func getTempDirMustCleanup(baseDir string) (workDir string, cleanup func(), err error) {
+	workDir, err = files.CreateTempDir(baseDir)
+	if err != nil {
+		return "", nil, fmt.Errorf("error creating temp dir: %w", err)
+	}
+	cleanup = func() {
+		if err := os.RemoveAll(workDir); err != nil {
+			log.WithFields(map[string]interface{}{
+				common.SecurityField:    common.SecurityHigh,
+				common.SecurityCWEField: 459,
+			}).Errorf("Failed to clean up temp directory: %s", err)
+		}
+	}
+	return workDir, cleanup, nil
+}
+
+type Stream interface {
+	Recv() (*apiclient.AppStreamRequest, error)
+	Context() context.Context
+}
+
+type GenerateManifestStream interface {
+	Stream
+	SendAndClose(response *apiclient.ManifestResponse) error
+}
+
 // GenerateManifest runs generate command from plugin config file and returns generated manifest files
 func (s *Service) GenerateManifest(stream apiclient.ConfigManagementPluginService_GenerateManifestServer) error {
+	return s.generateManifestGeneric(stream)
+}
+
+func (s *Service) generateManifestGeneric(stream GenerateManifestStream) error {
 	ctx, cancel := buffered_context.WithEarlierDeadline(stream.Context(), cmpTimeoutBuffer)
 	defer cancel()
-	workDir, err := files.CreateTempDir(common.GetCMPWorkDir())
+	workDir, cleanup, err := getTempDirMustCleanup(common.GetCMPWorkDir())
 	if err != nil {
-		return fmt.Errorf("error creating temp dir: %s", err)
+		return fmt.Errorf("error creating workdir for manifest generation: %w", err)
 	}
-	defer func() {
-		if err := os.RemoveAll(workDir); err != nil {
-			// we panic here as the workDir may contain sensitive information
-			panic(fmt.Sprintf("error removing generate manifest workdir: %s", err))
-		}
-	}()
+	defer cleanup()

 	metadata, err := cmp.ReceiveRepoStream(ctx, stream, workDir)
 	if err != nil {
-		return fmt.Errorf("generate manifest error receiving stream: %s", err)
+		return fmt.Errorf("generate manifest error receiving stream: %w", err)
 	}

 	appPath := filepath.Clean(filepath.Join(workDir, metadata.AppRelPath))
@@ -169,11 +195,11 @@ func (s *Service) GenerateManifest(stream apiclient.ConfigManagementPluginServic
 	}
 	response, err := s.generateManifest(ctx, appPath, metadata.GetEnv())
 	if err != nil {
-		return fmt.Errorf("error generating manifests: %s", err)
+		return fmt.Errorf("error generating manifests: %w", err)
 	}
 	err = stream.SendAndClose(response)
 	if err != nil {
-		return fmt.Errorf("error sending manifest response: %s", err)
+		return fmt.Errorf("error sending manifest response: %w", err)
 	}
 	return nil
 }
@@ -203,6 +229,11 @@ func (s *Service) generateManifest(ctx context.Context, appDir string, envEntrie

 	manifests, err := kube.SplitYAMLToString([]byte(out))
 	if err != nil {
+		sanitizedManifests := manifests
+		if len(sanitizedManifests) > 1000 {
+			sanitizedManifests = manifests[:1000]
+		}
+		log.Debugf("Failed to split generated manifests. Beginning of generated manifests: %q", sanitizedManifests)
 		return &apiclient.ManifestResponse{}, err
 	}

@@ -211,42 +242,46 @@ func (s *Service) generateManifest(ctx context.Context, appDir string, envEntrie
 	}, err
 }

+type MatchRepositoryStream interface {
+	Stream
+	SendAndClose(response *apiclient.RepositoryResponse) error
+}
+
 // MatchRepository receives the application stream and checks whether
 // its repository type is supported by the config management plugin
 // server.
-//The checks are implemented in the following order:
-//   1. If spec.Discover.FileName is provided it finds for a name match in Applications files
-//   2. If spec.Discover.Find.Glob is provided if finds for a glob match in Applications files
-//   3. Otherwise it runs the spec.Discover.Find.Command
+// The checks are implemented in the following order:
+//  1. If spec.Discover.FileName is provided it finds for a name match in Applications files
+//  2. If spec.Discover.Find.Glob is provided if finds for a glob match in Applications files
+//  3. Otherwise it runs the spec.Discover.Find.Command
 func (s *Service) MatchRepository(stream apiclient.ConfigManagementPluginService_MatchRepositoryServer) error {
+	return s.matchRepositoryGeneric(stream)
+}
+
+func (s *Service) matchRepositoryGeneric(stream MatchRepositoryStream) error {
 	bufferedCtx, cancel := buffered_context.WithEarlierDeadline(stream.Context(), cmpTimeoutBuffer)
 	defer cancel()

-	workDir, err := files.CreateTempDir(common.GetCMPWorkDir())
+	workDir, cleanup, err := getTempDirMustCleanup(common.GetCMPWorkDir())
 	if err != nil {
-		return fmt.Errorf("error creating match repository workdir: %s", err)
+		return fmt.Errorf("error creating workdir for repository matching: %w", err)
 	}
-	defer func() {
-		if err := os.RemoveAll(workDir); err != nil {
-			// we panic here as the workDir may contain sensitive information
-			panic(fmt.Sprintf("error removing match repository workdir: %s", err))
-		}
-	}()
+	defer cleanup()

 	metadata, err := cmp.ReceiveRepoStream(bufferedCtx, stream, workDir)
 	if err != nil {
-		return fmt.Errorf("match repository error receiving stream: %s", err)
+		return fmt.Errorf("match repository error receiving stream: %w", err)
 	}

 	isSupported, err := s.matchRepository(bufferedCtx, workDir, metadata.GetEnv())
 	if err != nil {
-		return fmt.Errorf("match repository error: %s", err)
+		return fmt.Errorf("match repository error: %w", err)
 	}
 	repoResponse := &apiclient.RepositoryResponse{IsSupported: isSupported}

 	err = stream.SendAndClose(repoResponse)
 	if err != nil {
-		return fmt.Errorf("error sending match repository response: %s", err)
+		return fmt.Errorf("error sending match repository response: %w", err)
 	}
 	return nil
 }
@@ -258,7 +293,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie
 		pattern := filepath.Join(workdir, config.Spec.Discover.FileName)
 		matches, err := filepath.Glob(pattern)
 		if err != nil {
-			e := fmt.Errorf("error finding filename match for pattern %q: %s", pattern, err)
+			e := fmt.Errorf("error finding filename match for pattern %q: %w", pattern, err)
 			log.Debug(e)
 			return false, e
 		}
@@ -272,7 +307,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie
 		// https://github.com/golang/go/issues/11862
 		matches, err := zglob.Glob(pattern)
 		if err != nil {
-			e := fmt.Errorf("error finding glob match for pattern %q: %s", pattern, err)
+			e := fmt.Errorf("error finding glob match for pattern %q: %w", pattern, err)
 			log.Debug(e)
 			return false, e
 		}
@@ -288,7 +323,7 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie

 	find, err := runCommand(ctx, config.Spec.Discover.Find.Command, workdir, env)
 	if err != nil {
-		return false, fmt.Errorf("error running find command: %s", err)
+		return false, fmt.Errorf("error running find command: %w", err)
 	}

 	if find != "" {
@@ -296,3 +331,66 @@ func (s *Service) matchRepository(ctx context.Context, workdir string, envEntrie
 	}
 	return false, nil
 }
+
+// ParametersAnnouncementStream defines an interface able to send/receive a stream of parameter announcements.
+type ParametersAnnouncementStream interface {
+	Stream
+	SendAndClose(response *apiclient.ParametersAnnouncementResponse) error
+}
+
+// GetParametersAnnouncement gets parameter announcements for a given Application and repo contents.
+func (s *Service) GetParametersAnnouncement(stream apiclient.ConfigManagementPluginService_GetParametersAnnouncementServer) error {
+	bufferedCtx, cancel := buffered_context.WithEarlierDeadline(stream.Context(), cmpTimeoutBuffer)
+	defer cancel()
+
+	workDir, cleanup, err := getTempDirMustCleanup(common.GetCMPWorkDir())
+	if err != nil {
+		return fmt.Errorf("error creating workdir for generating parameter announcements: %w", err)
+	}
+	defer cleanup()
+
+	metadata, err := cmp.ReceiveRepoStream(bufferedCtx, stream, workDir)
+	if err != nil {
+		return fmt.Errorf("parameters announcement error receiving stream: %w", err)
+	}
+	appPath := filepath.Clean(filepath.Join(workDir, metadata.AppRelPath))
+	if !strings.HasPrefix(appPath, workDir) {
+		return fmt.Errorf("illegal appPath: out of workDir bound")
+	}
+
+	repoResponse, err := getParametersAnnouncement(bufferedCtx, appPath, s.initConstants.PluginConfig.Spec.Parameters.Static, s.initConstants.PluginConfig.Spec.Parameters.Dynamic)
+	if err != nil {
+		return fmt.Errorf("get parameters announcement error: %w", err)
+	}
+
+	err = stream.SendAndClose(repoResponse)
+	if err != nil {
+		return fmt.Errorf("error sending parameters announcement response: %w", err)
+	}
+	return nil
+}
+
+func getParametersAnnouncement(ctx context.Context, appDir string, announcements []*repoclient.ParameterAnnouncement, command Command) (*apiclient.ParametersAnnouncementResponse, error) {
+	augmentedAnnouncements := announcements
+
+	if len(command.Command) > 0 {
+		stdout, err := runCommand(ctx, command, appDir, os.Environ())
+		if err != nil {
+			return nil, fmt.Errorf("error executing dynamic parameter output command: %w", err)
+		}
+
+		var dynamicParamAnnouncements []*repoclient.ParameterAnnouncement
+		err = json.Unmarshal([]byte(stdout), &dynamicParamAnnouncements)
+		if err != nil {
+			return nil, fmt.Errorf("error unmarshaling dynamic parameter output into ParametersAnnouncementResponse: %w", err)
+		}
+
+		// dynamic goes first, because static should take precedence by being later.
+		augmentedAnnouncements = append(dynamicParamAnnouncements, announcements...)
+	}
+
+	repoResponse := &apiclient.ParametersAnnouncementResponse{
+		ParameterAnnouncements: augmentedAnnouncements,
+	}
+	return repoResponse, nil
+}
--- a/cmpserver/plugin/plugin.proto
+++ b/cmpserver/plugin/plugin.proto
@@ -3,6 +3,8 @@ option go_package = "github.com/argoproj/argo-cd/v2/cmpserver/apiclient";

 package plugin;

+import "github.com/argoproj/argo-cd/v2/reposerver/repository/repository.proto";
+
 // AppStreamRequest is the request object used to send the application's
 // files over a stream.
 message AppStreamRequest {
@@ -44,6 +46,12 @@ message RepositoryResponse {
    bool isSupported = 1;
 }

+// ParametersAnnouncementResponse contains a list of announcements. This list represents all the parameters which a CMP
+// is able to accept.
+message ParametersAnnouncementResponse {
+    repeated repository.ParameterAnnouncement parameterAnnouncements = 1;
+}
+
 message File {
    bytes chunk = 1;
 }
@@ -58,4 +66,8 @@ service ConfigManagementPluginService {
    // MatchRepository returns whether or not the given application is supported by the plugin
    rpc MatchRepository(stream AppStreamRequest) returns (RepositoryResponse) {
    }
+
+    // GetParametersAnnouncement gets a list of parameter announcements for the given app
+    rpc GetParametersAnnouncement(stream AppStreamRequest) returns (ParametersAnnouncementResponse) {
+    }
 }
--- a/cmpserver/plugin/plugin_test.go
+++ b/cmpserver/plugin/plugin_test.go
@@ -1,17 +1,27 @@
 package plugin

 import (
+	"bytes"
 	"context"
+	"fmt"
+	"io"
+	"os"
+	"path"
 	"path/filepath"
 	"testing"
 	"time"

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/grpc/metadata"
+	"gopkg.in/yaml.v2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	"github.com/argoproj/argo-cd/v2/cmpserver/apiclient"
+	repoclient "github.com/argoproj/argo-cd/v2/reposerver/apiclient"
 	"github.com/argoproj/argo-cd/v2/test"
+	"github.com/argoproj/argo-cd/v2/util/cmp"
+	"github.com/argoproj/argo-cd/v2/util/tgzstream"
 )

 func newService(configFilePath string) (*Service, error) {
@@ -30,6 +40,11 @@ func newService(configFilePath string) (*Service, error) {
 	return service, nil
 }

+func (s *Service) WithGenerateCommand(command Command) *Service {
+	s.initConstants.PluginConfig.Spec.Generate = command
+	return s
+}
+
 type pluginOpt func(*CMPServerInitConstants)

 func withDiscover(d Discover) pluginOpt {
@@ -104,6 +119,19 @@ func TestMatchRepository(t *testing.T) {
 		assert.NoError(t, err)
 		assert.False(t, match)
 	})
+	t.Run("will not match a pattern with a syntax error", func(t *testing.T) {
+		// given
+		d := Discover{
+			FileName: "[",
+		}
+		f := setup(t, withDiscover(d))
+
+		// when
+		_, err := f.service.matchRepository(context.Background(), f.path, f.env)
+
+		// then
+		assert.ErrorContains(t, err, "syntax error")
+	})
 	t.Run("will match plugin by glob", func(t *testing.T) {
 		// given
 		d := Discover{
@@ -136,6 +164,21 @@ func TestMatchRepository(t *testing.T) {
 		assert.NoError(t, err)
 		assert.False(t, match)
 	})
+	t.Run("will throw an error for a bad pattern", func(t *testing.T) {
+		// given
+		d := Discover{
+			Find: Find{
+				Glob: "does-not-exist",
+			},
+		}
+		f := setup(t, withDiscover(d))
+
+		// when
+		_, err := f.service.matchRepository(context.Background(), f.path, f.env)
+
+		// then
+		assert.ErrorContains(t, err, "error finding glob match for pattern")
+	})
 	t.Run("will match plugin by command when returns any output", func(t *testing.T) {
 		// given
 		d := Discover{
@@ -238,17 +281,49 @@ func Test_Negative_ConfigFile_DoesnotExist(t *testing.T) {

 func TestGenerateManifest(t *testing.T) {
 	configFilePath := "./testdata/kustomize/config"
+
+	t.Run("successful generate", func(t *testing.T) {
+		service, err := newService(configFilePath)
+		require.NoError(t, err)
+
+		res1, err := service.generateManifest(context.Background(), "testdata/kustomize", nil)
+		require.NoError(t, err)
+		require.NotNil(t, res1)
+
+		expectedOutput := "{\"apiVersion\":\"v1\",\"data\":{\"foo\":\"bar\"},\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"my-map\"}}"
+		if res1 != nil {
+			require.Equal(t, expectedOutput, res1.Manifests[0])
+		}
+	})
+	t.Run("bad generate command", func(t *testing.T) {
+		service, err := newService(configFilePath)
+		require.NoError(t, err)
+		service.WithGenerateCommand(Command{Command: []string{"bad-command"}})
+
+		res, err := service.generateManifest(context.Background(), "testdata/kustomize", nil)
+		assert.ErrorContains(t, err, "executable file not found")
+		assert.Nil(t, res.Manifests)
+	})
+	t.Run("bad yaml output", func(t *testing.T) {
+		service, err := newService(configFilePath)
+		require.NoError(t, err)
+		service.WithGenerateCommand(Command{Command: []string{"echo", "invalid yaml: }"}})
+
+		res, err := service.generateManifest(context.Background(), "testdata/kustomize", nil)
+		assert.ErrorContains(t, err, "failed to unmarshal manifest")
+		assert.Nil(t, res.Manifests)
+	})
+}
+
+func TestGenerateManifest_deadline_exceeded(t *testing.T) {
+	configFilePath := "./testdata/kustomize/config"
 	service, err := newService(configFilePath)
 	require.NoError(t, err)

-	res1, err := service.generateManifest(context.Background(), "", nil)
-	require.NoError(t, err)
-	require.NotNil(t, res1)
-
-	expectedOutput := "{\"apiVersion\":\"v1\",\"data\":{\"foo\":\"bar\"},\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"my-map\"}}"
-	if res1 != nil {
-		require.Equal(t, expectedOutput, res1.Manifests[0])
-	}
+	expiredCtx, cancel := context.WithTimeout(context.Background(), time.Second*0)
+	defer cancel()
+	_, err = service.generateManifest(expiredCtx, "", nil)
+	assert.ErrorContains(t, err, "context deadline exceeded")
 }

 // TestRunCommandContextTimeout makes sure the command dies at timeout rather than sleeping past the timeout.
@@ -266,3 +341,388 @@ func TestRunCommandContextTimeout(t *testing.T) {
 	assert.Error(t, err) // The command should time out, causing an error.
 	assert.Less(t, after.Sub(before), 1*time.Second)
 }
+
+func TestRunCommandEmptyCommand(t *testing.T) {
+	_, err := runCommand(context.Background(), Command{}, "", nil)
+	assert.ErrorContains(t, err, "Command is empty")
+}
+
+func Test_getParametersAnnouncement_empty_command(t *testing.T) {
+	staticYAML := `
+- name: static-a
+- name: static-b
+`
+	static := &[]*repoclient.ParameterAnnouncement{}
+	err := yaml.Unmarshal([]byte(staticYAML), static)
+	require.NoError(t, err)
+	command := Command{
+		Command: []string{"echo"},
+		Args:    []string{`[]`},
+	}
+	res, err := getParametersAnnouncement(context.Background(), "", *static, command)
+	require.NoError(t, err)
+	assert.Equal(t, []*repoclient.ParameterAnnouncement{{Name: "static-a"}, {Name: "static-b"}}, res.ParameterAnnouncements)
+}
+
+func Test_getParametersAnnouncement_no_command(t *testing.T) {
+	staticYAML := `
+- name: static-a
+- name: static-b
+`
+	static := &[]*repoclient.ParameterAnnouncement{}
+	err := yaml.Unmarshal([]byte(staticYAML), static)
+	require.NoError(t, err)
+	command := Command{}
+	res, err := getParametersAnnouncement(context.Background(), "", *static, command)
+	require.NoError(t, err)
+	assert.Equal(t, []*repoclient.ParameterAnnouncement{{Name: "static-a"}, {Name: "static-b"}}, res.ParameterAnnouncements)
+}
+
+func Test_getParametersAnnouncement_static_and_dynamic(t *testing.T) {
+	staticYAML := `
+- name: static-a
+- name: static-b
+`
+	static := &[]*repoclient.ParameterAnnouncement{}
+	err := yaml.Unmarshal([]byte(staticYAML), static)
+	require.NoError(t, err)
+	command := Command{
+		Command: []string{"echo"},
+		Args:    []string{`[{"name": "dynamic-a"}, {"name": "dynamic-b"}]`},
+	}
+	res, err := getParametersAnnouncement(context.Background(), "", *static, command)
+	require.NoError(t, err)
+	expected := []*repoclient.ParameterAnnouncement{
+		{Name: "dynamic-a"},
+		{Name: "dynamic-b"},
+		{Name: "static-a"},
+		{Name: "static-b"},
+	}
+	assert.Equal(t, expected, res.ParameterAnnouncements)
+}
+
+func Test_getParametersAnnouncement_invalid_json(t *testing.T) {
+	command := Command{
+		Command: []string{"echo"},
+		Args:    []string{`[`},
+	}
+	_, err := getParametersAnnouncement(context.Background(), "", []*repoclient.ParameterAnnouncement{}, command)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "unexpected end of JSON input")
+}
+
+func Test_getParametersAnnouncement_bad_command(t *testing.T) {
+	command := Command{
+		Command: []string{"exit"},
+		Args:    []string{"1"},
+	}
+	_, err := getParametersAnnouncement(context.Background(), "", []*repoclient.ParameterAnnouncement{}, command)
+	assert.Error(t, err)
+	assert.Contains(t, err.Error(), "error executing dynamic parameter output command")
+}
+
+func Test_getTempDirMustCleanup(t *testing.T) {
+	tempDir := t.TempDir()
+
+	// Induce a directory create error to verify error handling.
+	err := os.Chmod(tempDir, 0000)
+	require.NoError(t, err)
+	_, _, err = getTempDirMustCleanup(path.Join(tempDir, "test"))
+	assert.ErrorContains(t, err, "error creating temp dir")
+
+	err = os.Chmod(tempDir, 0700)
+	require.NoError(t, err)
+	workDir, cleanup, err := getTempDirMustCleanup(tempDir)
+	require.NoError(t, err)
+	require.DirExists(t, workDir)
+	cleanup()
+	assert.NoDirExists(t, workDir)
+}
+
+func TestService_Init(t *testing.T) {
+	// Set up a base directory containing a test directory and a test file.
+	tempDir := t.TempDir()
+	workDir := path.Join(tempDir, "workDir")
+	err := os.MkdirAll(workDir, 0700)
+	require.NoError(t, err)
+	testfile := path.Join(workDir, "testfile")
+	file, err := os.Create(testfile)
+	require.NoError(t, err)
+	err = file.Close()
+	require.NoError(t, err)
+
+	// Make the base directory read-only so Init's cleanup fails.
+	err = os.Chmod(tempDir, 0000)
+	require.NoError(t, err)
+	s := NewService(CMPServerInitConstants{PluginConfig: PluginConfig{}})
+	err = s.Init(workDir)
+	assert.ErrorContains(t, err, "error removing workdir", "Init must throw an error if it can't remove the work directory")
+
+	// Make the base directory writable so Init's cleanup succeeds.
+	err = os.Chmod(tempDir, 0700)
+	require.NoError(t, err)
+	err = s.Init(workDir)
+	assert.NoError(t, err)
+	assert.DirExists(t, workDir)
+	assert.NoFileExists(t, testfile)
+}
+
+func TestEnviron(t *testing.T) {
+	t.Run("empty environ", func(t *testing.T) {
+		env := environ([]*apiclient.EnvEntry{})
+		assert.Nil(t, env)
+	})
+	t.Run("env vars with empty names or values", func(t *testing.T) {
+		env := environ([]*apiclient.EnvEntry{
+			{Value: "test"},
+			{Name: "test"},
+		})
+		assert.Nil(t, env)
+	})
+	t.Run("proper env vars", func(t *testing.T) {
+		env := environ([]*apiclient.EnvEntry{
+			{Name: "name1", Value: "value1"},
+			{Name: "name2", Value: "value2"},
+		})
+		assert.Equal(t, []string{"name1=value1", "name2=value2"}, env)
+	})
+}
+
+type MockGenerateManifestStream struct {
+	metadataSent    bool
+	fileSent        bool
+	metadataRequest *apiclient.AppStreamRequest
+	fileRequest     *apiclient.AppStreamRequest
+	response        *apiclient.ManifestResponse
+}
+
+func NewMockGenerateManifestStream(repoPath, appPath string, env []string) (*MockGenerateManifestStream, error) {
+	tgz, mr, err := cmp.GetCompressedRepoAndMetadata(repoPath, appPath, env, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer tgzstream.CloseAndDelete(tgz)
+
+	tgzBuffer := bytes.NewBuffer(nil)
+	_, err = io.Copy(tgzBuffer, tgz)
+	if err != nil {
+		return nil, fmt.Errorf("failed to copy manifest targz to a byte buffer: %w", err)
+	}
+
+	return &MockGenerateManifestStream{
+		metadataRequest: mr,
+		fileRequest:     cmp.AppFileRequest(tgzBuffer.Bytes()),
+	}, nil
+}
+
+func (m *MockGenerateManifestStream) SendAndClose(response *apiclient.ManifestResponse) error {
+	m.response = response
+	return nil
+}
+
+func (m *MockGenerateManifestStream) Recv() (*apiclient.AppStreamRequest, error) {
+	if !m.metadataSent {
+		m.metadataSent = true
+		return m.metadataRequest, nil
+	}
+
+	if !m.fileSent {
+		m.fileSent = true
+		return m.fileRequest, nil
+	}
+	return nil, io.EOF
+}
+
+func (m *MockGenerateManifestStream) Context() context.Context {
+	return context.Background()
+}
+
+func TestService_GenerateManifest(t *testing.T) {
+	configFilePath := "./testdata/kustomize/config"
+	service, err := newService(configFilePath)
+	require.NoError(t, err)
+
+	t.Run("successful generate", func(t *testing.T) {
+		s, err := NewMockGenerateManifestStream("./testdata/kustomize", "./testdata/kustomize", nil)
+		require.NoError(t, err)
+		err = service.generateManifestGeneric(s)
+		require.NoError(t, err)
+		require.NotNil(t, s.response)
+		assert.Equal(t, []string{"{\"apiVersion\":\"v1\",\"data\":{\"foo\":\"bar\"},\"kind\":\"ConfigMap\",\"metadata\":{\"name\":\"my-map\"}}"}, s.response.Manifests)
+	})
+
+	t.Run("out-of-bounds app path", func(t *testing.T) {
+		s, err := NewMockGenerateManifestStream("./testdata/kustomize", "./testdata/kustomize", nil)
+		require.NoError(t, err)
+		// set a malicious app path on the metadata
+		s.metadataRequest.Request.(*apiclient.AppStreamRequest_Metadata).Metadata.AppRelPath = "../out-of-bounds"
+		err = service.generateManifestGeneric(s)
+		require.ErrorContains(t, err, "illegal appPath")
+		assert.Nil(t, s.response)
+	})
+}
+
+type MockMatchRepositoryStream struct {
+	metadataSent    bool
+	fileSent        bool
+	metadataRequest *apiclient.AppStreamRequest
+	fileRequest     *apiclient.AppStreamRequest
+	response        *apiclient.RepositoryResponse
+}
+
+func NewMockMatchRepositoryStream(repoPath, appPath string, env []string) (*MockMatchRepositoryStream, error) {
+	tgz, mr, err := cmp.GetCompressedRepoAndMetadata(repoPath, appPath, env, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer tgzstream.CloseAndDelete(tgz)
+
+	tgzBuffer := bytes.NewBuffer(nil)
+	_, err = io.Copy(tgzBuffer, tgz)
+	if err != nil {
+		return nil, fmt.Errorf("failed to copy manifest targz to a byte buffer: %w", err)
+	}
+
+	return &MockMatchRepositoryStream{
+		metadataRequest: mr,
+		fileRequest:     cmp.AppFileRequest(tgzBuffer.Bytes()),
+	}, nil
+}
+
+func (m *MockMatchRepositoryStream) SendAndClose(response *apiclient.RepositoryResponse) error {
+	m.response = response
+	return nil
+}
+
+func (m *MockMatchRepositoryStream) Recv() (*apiclient.AppStreamRequest, error) {
+	if !m.metadataSent {
+		m.metadataSent = true
+		return m.metadataRequest, nil
+	}
+
+	if !m.fileSent {
+		m.fileSent = true
+		return m.fileRequest, nil
+	}
+	return nil, io.EOF
+}
+
+func (m *MockMatchRepositoryStream) Context() context.Context {
+	return context.Background()
+}
+
+func TestService_MatchRepository(t *testing.T) {
+	configFilePath := "./testdata/kustomize/config"
+	service, err := newService(configFilePath)
+	require.NoError(t, err)
+
+	t.Run("supported app", func(t *testing.T) {
+		s, err := NewMockMatchRepositoryStream("./testdata/kustomize", "./testdata/kustomize", nil)
+		require.NoError(t, err)
+		err = service.matchRepositoryGeneric(s)
+		require.NoError(t, err)
+		require.NotNil(t, s.response)
+		assert.True(t, s.response.IsSupported)
+	})
+
+	t.Run("unsupported app", func(t *testing.T) {
+		s, err := NewMockMatchRepositoryStream("./testdata/ksonnet", "./testdata/ksonnet", nil)
+		require.NoError(t, err)
+		err = service.matchRepositoryGeneric(s)
+		require.NoError(t, err)
+		require.NotNil(t, s.response)
+		assert.False(t, s.response.IsSupported)
+	})
+}
+
+type MockParametersAnnouncementStream struct {
+	metadataSent    bool
+	fileSent        bool
+	metadataRequest *apiclient.AppStreamRequest
+	fileRequest     *apiclient.AppStreamRequest
+	response        *apiclient.ParametersAnnouncementResponse
+}
+
+func NewMockParametersAnnouncementStream(repoPath, appPath string, env []string) (*MockParametersAnnouncementStream, error) {
+	tgz, mr, err := cmp.GetCompressedRepoAndMetadata(repoPath, appPath, env, nil, nil)
+	if err != nil {
+		return nil, err
+	}
+	defer tgzstream.CloseAndDelete(tgz)
+
+	tgzBuffer := bytes.NewBuffer(nil)
+	_, err = io.Copy(tgzBuffer, tgz)
+	if err != nil {
+		return nil, fmt.Errorf("failed to copy manifest targz to a byte buffer: %w", err)
+	}
+
+	return &MockParametersAnnouncementStream{
+		metadataRequest: mr,
+		fileRequest:     cmp.AppFileRequest(tgzBuffer.Bytes()),
+	}, nil
+}
+
+func (m *MockParametersAnnouncementStream) SendAndClose(response *apiclient.ParametersAnnouncementResponse) error {
+	m.response = response
+	return nil
+}
+
+func (m *MockParametersAnnouncementStream) Recv() (*apiclient.AppStreamRequest, error) {
+	if !m.metadataSent {
+		m.metadataSent = true
+		return m.metadataRequest, nil
+	}
+
+	if !m.fileSent {
+		m.fileSent = true
+		return m.fileRequest, nil
+	}
+	return nil, io.EOF
+}
+
+func (m *MockParametersAnnouncementStream) SetHeader(metadata.MD) error {
+	return nil
+}
+
+func (m *MockParametersAnnouncementStream) SendHeader(metadata.MD) error {
+	return nil
+}
+
+func (m *MockParametersAnnouncementStream) SetTrailer(metadata.MD) {}
+
+func (m *MockParametersAnnouncementStream) Context() context.Context {
+	return context.Background()
+}
+
+func (m *MockParametersAnnouncementStream) SendMsg(interface{}) error {
+	return nil
+}
+
+func (m *MockParametersAnnouncementStream) RecvMsg(interface{}) error {
+	return nil
+}
+
+func TestService_GetParametersAnnouncement(t *testing.T) {
+	configFilePath := "./testdata/kustomize/config"
+	service, err := newService(configFilePath)
+	require.NoError(t, err)
+
+	t.Run("successful response", func(t *testing.T) {
+		s, err := NewMockParametersAnnouncementStream("./testdata/kustomize", "./testdata/kustomize", nil)
+		require.NoError(t, err)
+		err = service.GetParametersAnnouncement(s)
+		require.NoError(t, err)
+		require.NotNil(t, s.response)
+		require.Len(t, s.response.ParameterAnnouncements, 1)
+		assert.Equal(t, repoclient.ParameterAnnouncement{Name: "test-param", String_: "test-value"}, *s.response.ParameterAnnouncements[0])
+	})
+	t.Run("out of bounds app", func(t *testing.T) {
+		s, err := NewMockParametersAnnouncementStream("./testdata/kustomize", "./testdata/kustomize", nil)
+		require.NoError(t, err)
+		// set a malicious app path on the metadata
+		s.metadataRequest.Request.(*apiclient.AppStreamRequest_Metadata).Metadata.AppRelPath = "../out-of-bounds"
+		err = service.GetParametersAnnouncement(s)
+		require.ErrorContains(t, err, "illegal appPath")
+		require.Nil(t, s.response)
+	})
+}
--- a/cmpserver/plugin/testdata/kustomize/config/plugin.yaml
+++ b/cmpserver/plugin/testdata/kustomize/config/plugin.yaml
@@ -7,8 +7,12 @@ spec:
  init:
    command: [kustomize, version]
  generate:
-    command: [sh, -c, "cd testdata/kustomize && kustomize build"]
+    command: [sh, -c, "kustomize build"]
  discover:
    find:
      command: [sh, -c, find . -name kustomization.yaml]
-      glob: "**/*/kustomization.yaml"
+      glob: "**/kustomization.yaml"
+  parameters:
+    static:
+      - name: test-param
+        string: test-value
--- a/cmpserver/server.go
+++ b/cmpserver/server.go
@@ -108,7 +108,7 @@ func (a *ArgoCDCMPServer) CreateGRPC() (*grpc.Server, error) {
 		return true, nil
 	}))
 	pluginService := plugin.NewService(a.initConstants)
-	err := pluginService.Init()
+	err := pluginService.Init(common.GetCMPWorkDir())
 	if err != nil {
 		return nil, fmt.Errorf("error initializing plugin service: %s", err)
 	}
--- a/controller/appcontroller.go
+++ b/controller/appcontroller.go
@@ -1497,17 +1497,7 @@ func (ctrl *ApplicationController) refreshAppConditions(app *appv1.Application)
 	errorConditions := make([]appv1.ApplicationCondition, 0)
 	proj, err := ctrl.getAppProj(app)
 	if err != nil {
-		if apierr.IsNotFound(err) {
-			errorConditions = append(errorConditions, appv1.ApplicationCondition{
-				Type:    appv1.ApplicationConditionInvalidSpecError,
-				Message: fmt.Sprintf("Application referencing project %s which does not exist", app.Spec.Project),
-			})
-		} else {
-			errorConditions = append(errorConditions, appv1.ApplicationCondition{
-				Type:    appv1.ApplicationConditionUnknownError,
-				Message: err.Error(),
-			})
-		}
+		errorConditions = append(errorConditions, ctrl.projectErrorToCondition(err, app))
 	} else {
 		specConditions, err := argo.ValidatePermissions(context.Background(), &app.Spec, proj, ctrl.db)
 		if err != nil {
@@ -1798,7 +1788,7 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar
 					// If the application is not allowed to use the project,
 					// log an error.
 					if _, err := ctrl.getAppProj(app); err != nil {
-						ctrl.setAppCondition(app, appv1.ApplicationCondition{Type: appv1.ApplicationConditionUnknownError, Message: err.Error()})
+						ctrl.setAppCondition(app, ctrl.projectErrorToCondition(err, app))
 					}
 				}

@@ -1869,6 +1859,19 @@ func (ctrl *ApplicationController) newApplicationInformerAndLister() (cache.Shar
 	return informer, lister
 }

+func (ctrl *ApplicationController) projectErrorToCondition(err error, app *appv1.Application) appv1.ApplicationCondition {
+	var condition appv1.ApplicationCondition
+	if apierr.IsNotFound(err) {
+		condition = appv1.ApplicationCondition{
+			Type:    appv1.ApplicationConditionInvalidSpecError,
+			Message: fmt.Sprintf("Application referencing project %s which does not exist", app.Spec.Project),
+		}
+	} else {
+		condition = appv1.ApplicationCondition{Type: appv1.ApplicationConditionUnknownError, Message: err.Error()}
+	}
+	return condition
+}
+
 func (ctrl *ApplicationController) RegisterClusterSecretUpdater(ctx context.Context) {
 	updater := NewClusterInfoUpdater(ctrl.stateCache, ctrl.db, ctrl.appLister.Applications(""), ctrl.cache, ctrl.clusterFilter, ctrl.getAppProj, ctrl.namespace)
 	go updater.Run(ctx)
--- a/controller/appcontroller_test.go
+++ b/controller/appcontroller_test.go
@@ -1068,6 +1068,34 @@ func TestUpdateReconciledAt(t *testing.T) {

 }

+func TestProjectErrorToCondition(t *testing.T) {
+	app := newFakeApp()
+	app.Spec.Project = "wrong project"
+	ctrl := newFakeController(&fakeData{
+		apps: []runtime.Object{app, &defaultProj},
+		manifestResponse: &apiclient.ManifestResponse{
+			Manifests: []string{},
+			Namespace: test.FakeDestNamespace,
+			Server:    test.FakeClusterURL,
+			Revision:  "abc123",
+		},
+		managedLiveObjs: make(map[kube.ResourceKey]*unstructured.Unstructured),
+	})
+	key, _ := cache.MetaNamespaceKeyFunc(app)
+	ctrl.appRefreshQueue.Add(key)
+	ctrl.requestAppRefresh(app.Name, CompareWithRecent.Pointer(), nil)
+
+	ctrl.processAppRefreshQueueItem()
+
+	obj, ok, err := ctrl.appInformer.GetIndexer().GetByKey(key)
+	assert.True(t, ok)
+	assert.NoError(t, err)
+	updatedApp := obj.(*argoappv1.Application)
+	assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type)
+	assert.Equal(t, "Application referencing project wrong project which does not exist", updatedApp.Status.Conditions[0].Message)
+	assert.Equal(t, argoappv1.ApplicationConditionInvalidSpecError, updatedApp.Status.Conditions[0].Type)
+}
+
 func TestFinalizeProjectDeletion_HasApplications(t *testing.T) {
 	app := newFakeApp()
 	proj := &argoappv1.AppProject{ObjectMeta: metav1.ObjectMeta{Name: "default", Namespace: test.FakeArgoCDNamespace}}
--- a/controller/cache/cache.go
+++ b/controller/cache/cache.go
@@ -389,6 +389,11 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e
 		return nil, fmt.Errorf("controller is configured to ignore cluster %s", cluster.Server)
 	}

+	resourceCustomLabels, err := c.settingsMgr.GetResourceCustomLabels()
+	if err != nil {
+		return nil, fmt.Errorf("error getting custom label: %w", err)
+	}
+
 	clusterCacheOpts := []clustercache.UpdateSettingsFunc{
 		clustercache.SetListSemaphore(semaphore.NewWeighted(clusterCacheListSemaphoreSize)),
 		clustercache.SetListPageSize(clusterCacheListPageSize),
@@ -400,7 +405,7 @@ func (c *liveStateCache) getCluster(server string) (clustercache.ClusterCache, e
 		clustercache.SetClusterResources(cluster.ClusterResources),
 		clustercache.SetPopulateResourceInfoHandler(func(un *unstructured.Unstructured, isRoot bool) (interface{}, bool) {
 			res := &ResourceInfo{}
-			populateNodeInfo(un, res)
+			populateNodeInfo(un, res, resourceCustomLabels)
 			c.lock.RLock()
 			cacheSettings := c.cacheSettings
 			c.lock.RUnlock()
--- a/controller/cache/info.go
+++ b/controller/cache/info.go
@@ -19,12 +19,21 @@ import (
 	"github.com/argoproj/argo-cd/v2/util/resource"
 )

-func populateNodeInfo(un *unstructured.Unstructured, res *ResourceInfo) {
+func populateNodeInfo(un *unstructured.Unstructured, res *ResourceInfo, customLabels []string) {
 	gvk := un.GroupVersionKind()
 	revision := resource.GetRevision(un)
 	if revision > 0 {
 		res.Info = append(res.Info, v1alpha1.InfoItem{Name: "Revision", Value: fmt.Sprintf("Rev:%v", revision)})
 	}
+	if len(customLabels) > 0 {
+		if labels := un.GetLabels(); labels != nil {
+			for _, customLabel := range customLabels {
+				if value, ok := labels[customLabel]; ok {
+					res.Info = append(res.Info, v1alpha1.InfoItem{Name: customLabel, Value: value})
+				}
+			}
+		}
+	}
 	switch gvk.Group {
 	case "":
 		switch gvk.Kind {
--- a/controller/cache/info_test.go
+++ b/controller/cache/info_test.go
@@ -271,7 +271,7 @@ func TestGetPodInfo(t *testing.T) {
 `)

 	info := &ResourceInfo{}
-	populateNodeInfo(pod, info)
+	populateNodeInfo(pod, info, []string{})
 	assert.Equal(t, []v1alpha1.InfoItem{
 		{Name: "Node", Value: "minikube"},
 		{Name: "Containers", Value: "0/1"},
@@ -302,7 +302,7 @@ status:
 `)

 	info := &ResourceInfo{}
-	populateNodeInfo(node, info)
+	populateNodeInfo(node, info, []string{})
 	assert.Equal(t, &NodeInfo{
 		Name:       "minikube",
 		Capacity:   v1.ResourceList{v1.ResourceMemory: resource.MustParse("6091320Ki"), v1.ResourceCPU: resource.MustParse("6")},
@@ -312,7 +312,7 @@ status:

 func TestGetServiceInfo(t *testing.T) {
 	info := &ResourceInfo{}
-	populateNodeInfo(testService, info)
+	populateNodeInfo(testService, info, []string{})
 	assert.Equal(t, 0, len(info.Info))
 	assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{
 		TargetLabels: map[string]string{"app": "guestbook"},
@@ -322,7 +322,7 @@ func TestGetServiceInfo(t *testing.T) {

 func TestGetLinkAnnotatedServiceInfo(t *testing.T) {
 	info := &ResourceInfo{}
-	populateNodeInfo(testLinkAnnotatedService, info)
+	populateNodeInfo(testLinkAnnotatedService, info, []string{})
 	assert.Equal(t, 0, len(info.Info))
 	assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{
 		TargetLabels: map[string]string{"app": "guestbook"},
@@ -333,7 +333,7 @@ func TestGetLinkAnnotatedServiceInfo(t *testing.T) {

 func TestGetIstioVirtualServiceInfo(t *testing.T) {
 	info := &ResourceInfo{}
-	populateNodeInfo(testIstioVirtualService, info)
+	populateNodeInfo(testIstioVirtualService, info, []string{})
 	assert.Equal(t, 0, len(info.Info))
 	require.NotNil(t, info.NetworkingInfo)
 	require.NotNil(t, info.NetworkingInfo.TargetRefs)
@@ -363,7 +363,7 @@ func TestGetIngressInfo(t *testing.T) {
 	}
 	for _, tc := range tests {
 		info := &ResourceInfo{}
-		populateNodeInfo(tc.Ingress, info)
+		populateNodeInfo(tc.Ingress, info, []string{})
 		assert.Equal(t, 0, len(info.Info))
 		sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool {
 			return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0
@@ -388,7 +388,7 @@ func TestGetIngressInfo(t *testing.T) {

 func TestGetLinkAnnotatedIngressInfo(t *testing.T) {
 	info := &ResourceInfo{}
-	populateNodeInfo(testLinkAnnotatedIngress, info)
+	populateNodeInfo(testLinkAnnotatedIngress, info, []string{})
 	assert.Equal(t, 0, len(info.Info))
 	sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool {
 		return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0
@@ -412,7 +412,7 @@ func TestGetLinkAnnotatedIngressInfo(t *testing.T) {

 func TestGetIngressInfoWildCardPath(t *testing.T) {
 	info := &ResourceInfo{}
-	populateNodeInfo(testIngressWildCardPath, info)
+	populateNodeInfo(testIngressWildCardPath, info, []string{})
 	assert.Equal(t, 0, len(info.Info))
 	sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool {
 		return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0
@@ -436,7 +436,7 @@ func TestGetIngressInfoWildCardPath(t *testing.T) {

 func TestGetIngressInfoWithoutTls(t *testing.T) {
 	info := &ResourceInfo{}
-	populateNodeInfo(testIngressWithoutTls, info)
+	populateNodeInfo(testIngressWithoutTls, info, []string{})
 	assert.Equal(t, 0, len(info.Info))
 	sort.Slice(info.NetworkingInfo.TargetRefs, func(i, j int) bool {
 		return strings.Compare(info.NetworkingInfo.TargetRefs[j].Name, info.NetworkingInfo.TargetRefs[i].Name) < 0
@@ -481,7 +481,7 @@ func TestGetIngressInfoWithHost(t *testing.T) {
      - ip: 107.178.210.11`)

 	info := &ResourceInfo{}
-	populateNodeInfo(ingress, info)
+	populateNodeInfo(ingress, info, []string{})

 	assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{
 		Ingress: []v1.LoadBalancerIngress{{IP: "107.178.210.11"}},
@@ -514,7 +514,7 @@ func TestGetIngressInfoNoHost(t *testing.T) {
      `)

 	info := &ResourceInfo{}
-	populateNodeInfo(ingress, info)
+	populateNodeInfo(ingress, info, []string{})

 	assert.Equal(t, &v1alpha1.ResourceNetworkingInfo{
 		TargetRefs: []v1alpha1.ResourceRef{{
@@ -549,7 +549,7 @@ func TestExternalUrlWithSubPath(t *testing.T) {
      - ip: 107.178.210.11`)

 	info := &ResourceInfo{}
-	populateNodeInfo(ingress, info)
+	populateNodeInfo(ingress, info, []string{})

 	expectedExternalUrls := []string{"https://107.178.210.11/my/sub/path/"}
 	assert.Equal(t, expectedExternalUrls, info.NetworkingInfo.ExternalURLs)
@@ -585,7 +585,7 @@ func TestExternalUrlWithMultipleSubPaths(t *testing.T) {
      - ip: 107.178.210.11`)

 	info := &ResourceInfo{}
-	populateNodeInfo(ingress, info)
+	populateNodeInfo(ingress, info, []string{})

 	expectedExternalUrls := []string{"https://helm-guestbook.com/my/sub/path/", "https://helm-guestbook.com/my/sub/path/2", "https://helm-guestbook.com"}
 	actualURLs := info.NetworkingInfo.ExternalURLs
@@ -615,7 +615,7 @@ func TestExternalUrlWithNoSubPath(t *testing.T) {
      - ip: 107.178.210.11`)

 	info := &ResourceInfo{}
-	populateNodeInfo(ingress, info)
+	populateNodeInfo(ingress, info, []string{})

 	expectedExternalUrls := []string{"https://107.178.210.11"}
 	assert.Equal(t, expectedExternalUrls, info.NetworkingInfo.ExternalURLs)
@@ -643,8 +643,54 @@ func TestExternalUrlWithNetworkingApi(t *testing.T) {
      - ip: 107.178.210.11`)

 	info := &ResourceInfo{}
-	populateNodeInfo(ingress, info)
+	populateNodeInfo(ingress, info, []string{})

 	expectedExternalUrls := []string{"https://107.178.210.11"}
 	assert.Equal(t, expectedExternalUrls, info.NetworkingInfo.ExternalURLs)
 }
+
+func TestCustomLabel(t *testing.T) {
+	configmap := strToUnstructured(`
+  apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: cm`)
+
+	info := &ResourceInfo{}
+	populateNodeInfo(configmap, info, []string{"my-label"})
+
+	assert.Equal(t, 0, len(info.Info))
+
+	configmap = strToUnstructured(`
+  apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: cm
+    labels:
+      my-label: value`)
+
+	info = &ResourceInfo{}
+	populateNodeInfo(configmap, info, []string{"my-label", "other-label"})
+
+	assert.Equal(t, 1, len(info.Info))
+	assert.Equal(t, "my-label", info.Info[0].Name)
+	assert.Equal(t, "value", info.Info[0].Value)
+
+	configmap = strToUnstructured(`
+  apiVersion: v1
+  kind: ConfigMap
+  metadata:
+    name: cm
+    labels:
+      my-label: value
+      other-label: value2`)
+
+	info = &ResourceInfo{}
+	populateNodeInfo(configmap, info, []string{"my-label", "other-label"})
+
+	assert.Equal(t, 2, len(info.Info))
+	assert.Equal(t, "my-label", info.Info[0].Name)
+	assert.Equal(t, "value", info.Info[0].Value)
+	assert.Equal(t, "other-label", info.Info[1].Name)
+	assert.Equal(t, "value2", info.Info[1].Value)
+}
--- a/controller/state.go
+++ b/controller/state.go
@@ -514,7 +514,7 @@ func (m *appStateManager) CompareAppState(app *v1alpha1.Application, project *ap
 		}
 		gvk := obj.GroupVersionKind()

-		isSelfReferencedObj := m.isSelfReferencedObj(liveObj, appLabelKey, trackingMethod)
+		isSelfReferencedObj := m.isSelfReferencedObj(liveObj, targetObj, app.GetName(), appLabelKey, trackingMethod)

 		resState := v1alpha1.ResourceStatus{
 			Namespace:       obj.GetNamespace(),
@@ -699,12 +699,13 @@ func NewAppStateManager(
 }

 // isSelfReferencedObj returns whether the given obj is managed by the application
-// according to the values in the tracking annotation. It returns true when all
-// of the properties in the annotation (name, namespace, group and kind) match
-// the properties of the inspected object, or if the tracking method used does
-// not provide the required properties for matching.
-func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool {
-	if obj == nil {
+// according to the values of the tracking id (aka app instance value) annotation.
+// It returns true when all of the properties of the tracking id (app name, namespace,
+// group and kind) match the properties of the live object, or if the tracking method
+// used does not provide the required properties for matching.
+// Reference: https://github.com/argoproj/argo-cd/issues/8683
+func (m *appStateManager) isSelfReferencedObj(live, config *unstructured.Unstructured, appName, appLabelKey string, trackingMethod v1alpha1.TrackingMethod) bool {
+	if live == nil {
 		return true
 	}

@@ -714,17 +715,42 @@ func (m *appStateManager) isSelfReferencedObj(obj *unstructured.Unstructured, ap
 		return true
 	}

-	// In order for us to assume obj to be managed by this application, the
-	// values from the annotation have to match the properties from the live
-	// object. Cluster scoped objects carry the app's destination namespace
-	// in the tracking annotation, but are unique in GVK + name combination.
-	appInstance := m.resourceTracking.GetAppInstance(obj, appLabelKey, trackingMethod)
-	if appInstance != nil {
-		return (obj.GetNamespace() == appInstance.Namespace || obj.GetNamespace() == "") &&
-			obj.GetName() == appInstance.Name &&
-			obj.GetObjectKind().GroupVersionKind().Group == appInstance.Group &&
-			obj.GetObjectKind().GroupVersionKind().Kind == appInstance.Kind
+	// config != nil is the best-case scenario for constructing an accurate
+	// Tracking ID. `config` is the "desired state" (from git/helm/etc.).
+	// Using the desired state is important when there is an ApiGroup upgrade.
+	// When upgrading, the comparison must be made with the new tracking ID.
+	// Example:
+	//     live resource annotation will be:
+	//        ingress-app:extensions/Ingress:default/some-ingress
+	//     when it should be:
+	//        ingress-app:networking.k8s.io/Ingress:default/some-ingress
+	// More details in: https://github.com/argoproj/argo-cd/pull/11012
+	var aiv argo.AppInstanceValue
+	if config != nil {
+		aiv = argo.UnstructuredToAppInstanceValue(config, appName, "")
+		return isSelfReferencedObj(live, aiv)
 	}

+	// If config is nil then compare the live resource with the value
+	// of the annotation. In this case, in order to validate if obj is
+	// managed by this application, the values from the annotation have
+	// to match the properties from the live object. Cluster scoped objects
+	// carry the app's destination namespace in the tracking annotation,
+	// but are unique in GVK + name combination.
+	appInstance := m.resourceTracking.GetAppInstance(live, appLabelKey, trackingMethod)
+	if appInstance != nil {
+		return isSelfReferencedObj(live, *appInstance)
+	}
 	return true
 }
+
+// isSelfReferencedObj returns true if the given Tracking ID (`aiv`) matches
+// the given object. It returns false when the ID doesn't match. This sometimes
+// happens when a tracking label or annotation gets accidentally copied to a
+// different resource.
+func isSelfReferencedObj(obj *unstructured.Unstructured, aiv argo.AppInstanceValue) bool {
+	return (obj.GetNamespace() == aiv.Namespace || obj.GetNamespace() == "") &&
+		obj.GetName() == aiv.Name &&
+		obj.GetObjectKind().GroupVersionKind().Group == aiv.Group &&
+		obj.GetObjectKind().GroupVersionKind().Kind == aiv.Kind
+}
--- a/controller/state_test.go
+++ b/controller/state_test.go
@@ -13,6 +13,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	v1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	networkingv1 "k8s.io/api/networking/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -852,6 +853,19 @@ func TestIsLiveResourceManaged(t *testing.T) {
 			},
 		},
 	})
+	managedWrongAPIGroup := kube.MustToUnstructured(&networkingv1.Ingress{
+		TypeMeta: metav1.TypeMeta{
+			APIVersion: "networking.k8s.io/v1",
+			Kind:       "Ingress",
+		},
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      "some-ingress",
+			Namespace: "default",
+			Annotations: map[string]string{
+				common.AnnotationKeyAppInstance: "guestbook:extensions/Ingress:default/some-ingress",
+			},
+		},
+	})
 	ctrl := newFakeController(&fakeData{
 		apps: []runtime.Object{app, &defaultProj},
 		manifestResponse: &apiclient.ManifestResponse{
@@ -870,30 +884,69 @@ func TestIsLiveResourceManaged(t *testing.T) {
 	})

 	manager := ctrl.appStateManager.(*appStateManager)
+	appName := "guestbook"

-	// Managed resource w/ annotations
-	assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
-	assert.True(t, manager.isSelfReferencedObj(managedObj, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+	t.Run("will return true if trackingid matches the resource", func(t *testing.T) {
+		// given
+		t.Parallel()
+		configObj := managedObj.DeepCopy()

-	// Managed resource w/ label
-	assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
+		// then
+		assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
+		assert.True(t, manager.isSelfReferencedObj(managedObj, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+	})
+	t.Run("will return true if tracked with label", func(t *testing.T) {
+		// given
+		t.Parallel()
+		configObj := managedObjWithLabel.DeepCopy()

-	// Wrong resource name
-	assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
-	assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+		// then
+		assert.True(t, manager.isSelfReferencedObj(managedObjWithLabel, configObj, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
+	})
+	t.Run("will handle if trackingId has wrong resource name and config is nil", func(t *testing.T) {
+		// given
+		t.Parallel()

-	// Wrong resource group
-	assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
-	assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+		// then
+		assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
+		assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongName, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+	})
+	t.Run("will handle if trackingId has wrong resource group and config is nil", func(t *testing.T) {
+		// given
+		t.Parallel()

-	// Wrong resource kind
-	assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
-	assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+		// then
+		assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
+		assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongGroup, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+	})
+	t.Run("will handle if trackingId has wrong kind and config is nil", func(t *testing.T) {
+		// given
+		t.Parallel()

-	// Wrong resource namespace
-	assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
-	assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel))
+		// then
+		assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
+		assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongKind, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+	})
+	t.Run("will handle if trackingId has wrong namespace and config is nil", func(t *testing.T) {
+		// given
+		t.Parallel()

-	// Nil resource
-	assert.True(t, manager.isSelfReferencedObj(nil, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+		// then
+		assert.True(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodLabel))
+		assert.False(t, manager.isSelfReferencedObj(unmanagedObjWrongNamespace, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotationAndLabel))
+	})
+	t.Run("will return true if live is nil", func(t *testing.T) {
+		t.Parallel()
+		assert.True(t, manager.isSelfReferencedObj(nil, nil, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+	})
+
+	t.Run("will handle upgrade in desired state APIGroup", func(t *testing.T) {
+		// given
+		t.Parallel()
+		config := managedWrongAPIGroup.DeepCopy()
+		delete(config.GetAnnotations(), common.AnnotationKeyAppInstance)
+
+		// then
+		assert.True(t, manager.isSelfReferencedObj(managedWrongAPIGroup, config, appName, common.AnnotationKeyAppInstance, argo.TrackingMethodAnnotation))
+	})
 }
--- a/controller/sync.go
+++ b/controller/sync.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
+	cdcommon "github.com/argoproj/argo-cd/v2/common"
 	"os"
 	"strconv"
 	"sync/atomic"
@@ -20,7 +21,6 @@ import (
 	"k8s.io/apimachinery/pkg/util/managedfields"
 	"k8s.io/kubectl/pkg/util/openapi"

-	cdcommon "github.com/argoproj/argo-cd/v2/common"
 	"github.com/argoproj/argo-cd/v2/controller/metrics"
 	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
 	listersv1alpha1 "github.com/argoproj/argo-cd/v2/pkg/client/listers/application/v1alpha1"
@@ -212,14 +212,7 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 	}
 	trackingMethod := argo.GetTrackingMethod(m.settingsMgr)

-	syncCtx, cleanup, err := sync.NewSyncContext(
-		compareResult.syncStatus.Revision,
-		reconciliationResult,
-		restConfig,
-		rawConfig,
-		m.kubectl,
-		app.Spec.Destination.Namespace,
-		openAPISchema,
+	opts := []sync.SyncOpt{
 		sync.WithLogr(logutils.NewLogrusLogger(logEntry)),
 		sync.WithHealthOverride(lua.ResourceHealthOverrides(resourceOverrides)),
 		sync.WithPermissionValidator(func(un *unstructured.Unstructured, res *v1.APIResource) error {
@@ -246,16 +239,9 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		sync.WithResourcesFilter(func(key kube.ResourceKey, target *unstructured.Unstructured, live *unstructured.Unstructured) bool {
 			return (len(syncOp.Resources) == 0 ||
 				argo.ContainsSyncResource(key.Name, key.Namespace, schema.GroupVersionKind{Kind: key.Kind, Group: key.Group}, syncOp.Resources)) &&
-				m.isSelfReferencedObj(live, appLabelKey, trackingMethod)
+				m.isSelfReferencedObj(live, target, app.GetName(), appLabelKey, trackingMethod)
 		}),
 		sync.WithManifestValidation(!syncOp.SyncOptions.HasOption(common.SyncOptionsDisableValidation)),
-		sync.WithNamespaceCreation(syncOp.SyncOptions.HasOption("CreateNamespace=true"), func(un *unstructured.Unstructured) bool {
-			if un != nil && kube.GetAppInstanceLabel(un, cdcommon.LabelKeyAppInstance) != "" {
-				kube.UnsetLabel(un, cdcommon.LabelKeyAppInstance)
-				return true
-			}
-			return false
-		}),
 		sync.WithSyncWaveHook(delayBetweenSyncWaves),
 		sync.WithPruneLast(syncOp.SyncOptions.HasOption(common.SyncOptionPruneLast)),
 		sync.WithResourceModificationChecker(syncOp.SyncOptions.HasOption("ApplyOutOfSyncOnly=true"), compareResult.diffResultList),
@@ -263,6 +249,21 @@ func (m *appStateManager) SyncAppState(app *v1alpha1.Application, state *v1alpha
 		sync.WithReplace(syncOp.SyncOptions.HasOption(common.SyncOptionReplace)),
 		sync.WithServerSideApply(syncOp.SyncOptions.HasOption(common.SyncOptionServerSideApply)),
 		sync.WithServerSideApplyManager(cdcommon.ArgoCDSSAManager),
+	}
+
+	if syncOp.SyncOptions.HasOption("CreateNamespace=true") {
+		opts = append(opts, sync.WithNamespaceModifier(syncNamespace(m.resourceTracking, appLabelKey, trackingMethod, app.Name, app.Spec.SyncPolicy)))
+	}
+
+	syncCtx, cleanup, err := sync.NewSyncContext(
+		compareResult.syncStatus.Revision,
+		reconciliationResult,
+		restConfig,
+		rawConfig,
+		m.kubectl,
+		app.Spec.Destination.Namespace,
+		openAPISchema,
+		opts...,
 	)

 	if err != nil {
--- a/controller/sync_namespace.go
+++ b/controller/sync_namespace.go
@@ -0,0 +1,55 @@
+package controller
+
+import (
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v2/util/argo"
+	gitopscommon "github.com/argoproj/gitops-engine/pkg/sync/common"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+)
+
+// syncNamespace determine if Argo CD should create and/or manage the namespace
+// where the application will be deployed.
+func syncNamespace(resourceTracking argo.ResourceTracking, appLabelKey string, trackingMethod v1alpha1.TrackingMethod, appName string, syncPolicy *v1alpha1.SyncPolicy) func(m, l *unstructured.Unstructured) (bool, error) {
+	// This function must return true for the managed namespace to be synced.
+	return func(managedNs, liveNs *unstructured.Unstructured) (bool, error) {
+		if managedNs == nil {
+			return false, nil
+		}
+
+		isNewNamespace := liveNs == nil
+		isManagedNamespace := syncPolicy != nil && syncPolicy.ManagedNamespaceMetadata != nil
+
+		// should only sync the namespace if it doesn't exist in k8s or if
+		// syncPolicy is defined to manage the metadata
+		if !isManagedNamespace && !isNewNamespace {
+			return false, nil
+		}
+
+		if isManagedNamespace {
+			managedNamespaceMetadata := syncPolicy.ManagedNamespaceMetadata
+			managedNs.SetLabels(managedNamespaceMetadata.Labels)
+			// managedNamespaceMetadata relies on SSA in order to avoid overriding
+			// existing labels and annotations in namespaces
+			managedNs.SetAnnotations(appendSSAAnnotation(managedNamespaceMetadata.Annotations))
+		}
+
+		// TODO: https://github.com/argoproj/argo-cd/issues/11196
+		// err := resourceTracking.SetAppInstance(managedNs, appLabelKey, appName, "", trackingMethod)
+		// if err != nil {
+		// 	return false, fmt.Errorf("failed to set app instance tracking on the namespace %s: %s", managedNs.GetName(), err)
+		// }
+
+		return true, nil
+	}
+}
+
+// appendSSAAnnotation will set the managed namespace to be synced
+// with server-side apply
+func appendSSAAnnotation(in map[string]string) map[string]string {
+	r := map[string]string{}
+	for k, v := range in {
+		r[k] = v
+	}
+	r[gitopscommon.AnnotationSyncOptions] = gitopscommon.SyncOptionServerSideApply
+	return r
+}
--- a/controller/sync_namespace_test.go
+++ b/controller/sync_namespace_test.go
@@ -0,0 +1,261 @@
+package controller
+
+import (
+	"github.com/argoproj/argo-cd/v2/common"
+	"github.com/argoproj/argo-cd/v2/pkg/apis/application/v1alpha1"
+	"github.com/argoproj/argo-cd/v2/util/argo"
+	"github.com/stretchr/testify/assert"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/types"
+	"testing"
+)
+
+func createFakeNamespace(uid string, resourceVersion string, labels map[string]string, annotations map[string]string) *unstructured.Unstructured {
+	un := unstructured.Unstructured{}
+	un.SetUID(types.UID(uid))
+	un.SetResourceVersion(resourceVersion)
+	un.SetLabels(labels)
+	un.SetAnnotations(annotations)
+	un.SetKind("Namespace")
+	un.SetName("some-namespace")
+	return &un
+}
+
+func Test_shouldNamespaceSync(t *testing.T) {
+	tests := []struct {
+		name                string
+		syncPolicy          *v1alpha1.SyncPolicy
+		managedNs           *unstructured.Unstructured
+		liveNs              *unstructured.Unstructured
+		expected            bool
+		expectedLabels      map[string]string
+		expectedAnnotations map[string]string
+	}{
+		{
+			name:       "liveNs is nil and syncPolicy is nil",
+			expected:   false,
+			managedNs:  nil,
+			liveNs:     nil,
+			syncPolicy: nil,
+		},
+		{
+			name:      "liveNs is nil and syncPolicy is not nil",
+			expected:  false,
+			managedNs: nil,
+			liveNs:    nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: nil,
+			},
+		},
+		{
+			name:                "liveNs is nil and syncPolicy has labels and annotations",
+			expected:            false,
+			managedNs:           nil,
+			liveNs:              nil,
+			expectedLabels:      map[string]string{"my-cool-label": "some-value"},
+			expectedAnnotations: map[string]string{"my-cool-annotation": "some-value"},
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{"my-cool-label": "some-value"},
+					Annotations: map[string]string{"my-cool-annotation": "some-value"},
+				},
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata nil",
+			expected:            true,
+			expectedLabels:      map[string]string{},
+			expectedAnnotations: map[string]string{},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: nil,
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata not nil",
+			expected:            true,
+			expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{},
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata has empty labels map",
+			expected:            true,
+			expectedLabels:      map[string]string{},
+			expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels: map[string]string{},
+				},
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata has empty annotations map",
+			expected:            true,
+			expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Annotations: map[string]string{},
+				},
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata has empty annotations and labels map",
+			expected:            true,
+			expectedLabels:      map[string]string{},
+			expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{},
+					Annotations: map[string]string{},
+				},
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata has labels",
+			expected:            true,
+			expectedLabels:      map[string]string{"my-cool-label": "some-value"},
+			expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{"my-cool-label": "some-value"},
+					Annotations: nil,
+				},
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata has annotations",
+			expected:            true,
+			expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      nil,
+					Annotations: map[string]string{"my-cool-annotation": "some-value"},
+				},
+			},
+		},
+		{
+			name:                "namespace does not yet exist and managedNamespaceMetadata has annotations and labels",
+			expected:            true,
+			expectedLabels:      map[string]string{"my-cool-label": "some-value"},
+			expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              nil,
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{"my-cool-label": "some-value"},
+					Annotations: map[string]string{"my-cool-annotation": "some-value"},
+				},
+			},
+		},
+		{
+			name:                "namespace exists with no labels or annotations and managedNamespaceMetadata has labels",
+			expected:            true,
+			expectedLabels:      map[string]string{"my-cool-label": "some-value"},
+			expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              createFakeNamespace("something", "1", map[string]string{}, map[string]string{}),
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels: map[string]string{"my-cool-label": "some-value"},
+				},
+			},
+		},
+		{
+			name:                "namespace exists with no labels or annotations and managedNamespaceMetadata has annotations",
+			expected:            true,
+			expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              createFakeNamespace("something", "1", map[string]string{}, map[string]string{}),
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Annotations: map[string]string{"my-cool-annotation": "some-value"},
+				},
+			},
+		},
+		{
+			name:                "namespace exists with no labels or annotations and managedNamespaceMetadata has annotations and labels",
+			expected:            true,
+			expectedLabels:      map[string]string{"my-cool-label": "some-value"},
+			expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              createFakeNamespace("something", "1", map[string]string{}, map[string]string{}),
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{"my-cool-label": "some-value"},
+					Annotations: map[string]string{"my-cool-annotation": "some-value"},
+				},
+			},
+		},
+		{
+			name:                "namespace exists with labels and managedNamespaceMetadata has mismatching labels",
+			expected:            true,
+			expectedAnnotations: map[string]string{"argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			expectedLabels:      map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{}),
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"},
+					Annotations: map[string]string{},
+				},
+			},
+		},
+		{
+			name:                "namespace exists with annotations and managedNamespaceMetadata has mismatching annotations",
+			expected:            true,
+			expectedLabels:      map[string]string{},
+			expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              createFakeNamespace("something", "1", map[string]string{}, map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value"}),
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{},
+					Annotations: map[string]string{"my-cool-annotation": "some-value"},
+				},
+			},
+		},
+		{
+			name:                "namespace exists with annotations and labels managedNamespaceMetadata has mismatching annotations and labels",
+			expected:            true,
+			expectedLabels:      map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"},
+			expectedAnnotations: map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value", "argocd.argoproj.io/sync-options": "ServerSideApply=true"},
+			managedNs:           createFakeNamespace("", "", map[string]string{}, map[string]string{}),
+			liveNs:              createFakeNamespace("something", "1", map[string]string{"my-cool-label": "some-value"}, map[string]string{"my-cool-annotation": "some-value"}),
+			syncPolicy: &v1alpha1.SyncPolicy{
+				ManagedNamespaceMetadata: &v1alpha1.ManagedNamespaceMetadata{
+					Labels:      map[string]string{"my-cool-label": "some-value", "my-other-label": "some-other-value"},
+					Annotations: map[string]string{"my-cool-annotation": "some-value", "my-other-annotation": "some-other-value"},
+				},
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			actual, err := syncNamespace(argo.NewResourceTracking(), common.LabelKeyAppInstance, argo.TrackingMethodAnnotation, "some-app", tt.syncPolicy)(tt.managedNs, tt.liveNs)
+			assert.NoError(t, err)
+
+			if tt.managedNs != nil {
+				assert.Equal(t, tt.expectedLabels, tt.managedNs.GetLabels())
+				assert.Equal(t, tt.expectedAnnotations, tt.managedNs.GetAnnotations())
+			}
+
+			assert.Equalf(t, tt.expected, actual, "syncNamespace(%v)", tt.syncPolicy)
+		})
+	}
+}
--- a/docs/developer-guide/ci.md
+++ b/docs/developer-guide/ci.md
@@ -65,12 +65,12 @@ make builder-image IMAGE_NAMESPACE=argoproj IMAGE_TAG=v1.0.0

 ## Public CD

-Every commit to master is built and published to `ghcr.io/argoproj/argocd:<version>-<short-sha>`. The list of images is available at
+Every commit to master is built and published to `ghcr.io/argoproj/argo-cd/argocd:<version>-<short-sha>`. The list of images is available at
 https://github.com/argoproj/argo-cd/packages.

 !!! note
    GitHub docker registry [requires](https://github.community/t5/GitHub-Actions/docker-pull-from-public-GitHub-Package-Registry-fail-with-quot/m-p/32888#M1294) authentication to read
    even publicly available packages. Follow the steps from Kubernetes [documentation](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry)
-    to configure image pull secret if you want to use `ghcr.io/argoproj/argocd` image.
+    to configure image pull secret if you want to use `ghcr.io/argoproj/argo-cd/argocd` image.

 The image is automatically deployed to the dev Argo CD instance: [https://cd.apps.argoproj.io/](https://cd.apps.argoproj.io/)
--- a/docs/developer-guide/code-contributions.md
+++ b/docs/developer-guide/code-contributions.md
@@ -103,7 +103,7 @@ Design documents are usually submitted as PR and use [this template](https://git

 Our community regularly meets virtually to discuss issues, ideas and enhancements around Argo CD. We do invite you to join this virtual meetings if you want to bring up certain things (including your enhancement proposals), participate in our triaging or just want to get to know other contributors.

-The current cadence of our meetings is weekly, every Thursday at 4pm UTC (9am Pacific, 12pm Eastern, 6pm Central European, 9:30pm Indian). We use Zoom to conduct these meetings.
+The current cadence of our meetings is weekly, every Thursday at 4:15pm UTC (8:15am Pacific, 11:15am Eastern, 5:15pm Central European, 9:45pm Indian). We use Zoom to conduct these meetings.

 * [Agenda document (Google Docs, includes Zoom link)](https://docs.google.com/document/d/1xkoFkVviB70YBzSEa4bDnu-rUZ1sIFtwKKG1Uw8XsY8)

--- a/docs/developer-guide/contributors-quickstart.md
+++ b/docs/developer-guide/contributors-quickstart.md
@@ -0,0 +1,112 @@
+# Contributors Quick-Start 
+
+This guide is a starting point for first-time contributors running Argo CD locally for the first time.
+
+It skips advanced topics such as codegen, which are covered in the [running locally guide](running-locally.md)
+and the [toolchain guide](toolchain-guide.md).
+
+## Getting Started
+
+### Install Go
+
+- Install version 1.18 or newer (Verify version by running `go version`)
+
+- Get current value of `GOPATH` env:
+   ```shell
+   go env | grep path
+   ```
+- Change directory into that path
+   ```shell
+   cd <path>
+   ```
+
+### Clone the Argo CD repo
+
+```shell
+mkdir -p src/github.com/argoproj/ &&
+cd src/github.com/argoproj &&
+git clone https://github.com/argoproj/argo-cd.git
+```
+
+### Install Docker
+
+<https://docs.docker.com/engine/install/>
+
+### Install or Upgrade `kind` (Optional - Should work with any local cluster)
+
+<https://kind.sigs.k8s.io/docs/user/quick-start/>
+
+### Start Your Local Cluster
+
+```shell
+kind create cluster
+```
+
+### Install Argo CD
+
+```shell
+kubectl create namespace argocd &&
+kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/master/manifests/install.yaml
+```
+
+Set kubectl config to avoid specifying the namespace in every kubectl command.  
+All following commands in this guide assume the namespace is already set.
+
+```shell
+kubectl config set-context --current --namespace=argocd
+```
+
+### Install `yarn`
+
+<https://classic.yarnpkg.com/lang/en/docs/install/>
+
+### Install `goreman`
+
+<https://github.com/mattn/goreman#getting-started>
+
+### Run Argo CD
+
+```shell
+cd argo-cd
+make start-local ARGOCD_GPG_ENABLED=false
+```
+
+- Navigate to <localhost:4000> to the ArgoCD UI on browser
+- It may take a few minutes for the UI to be responsive
+
+!!! note
+    If the UI is not working, check the logs from `make start-local`. The logs are `DEBUG` level by default. If the logs are
+    too noisy to find the problem, try editing log levels for the commands in the `Procfile` in the root of the Argo CD repo.
+
+## Making Changes
+
+### UI Changes
+
+Modifying the User-Interface (by editing .tsx or .scss files) auto-reloads the changes on port 4000.
+
+### Backend Changes
+
+Modifying the API server, repo server, or a controller requires restarting the current `make start-local` session to reflect the changes.
+
+### CLI Changes
+
+Modifying the CLI requires restarting the current `make start-local` session to reflect the changes.
+
+To test most CLI commands, you will need to log in.
+
+First, get the auto-generated secret:
+
+```shell
+kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
+```
+
+Then log in using that password and username `admin`:
+
+```shell
+dist/argocd login localhost:8080
+```
+
+---
+Congrats on making it to the end of this runbook! 🚀
+
+For more on Argo CD, find us in Slack - <https://slack.cncf.io/> [#argo-contributors](https://cloud-native.slack.com/archives/C020XM04CUW)
--- a/docs/developer-guide/debugging-remote-environment.md
+++ b/docs/developer-guide/debugging-remote-environment.md
@@ -20,13 +20,15 @@ curl -sSfL https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/i
 ## Connect
 Connect to one of the services, for example, to debug the main ArgoCD server run:
 ```shell
+kubectl config set-context --current --namespace argocd
 telepresence helm install # Installs telepresence into your cluster
-telepresence connect # Starts the connection to your cluster
-telepresence intercept argocd-server --port 8083:8083 --port 8080:8080 --env-file .envrc.remote --namespace argocd # Starts the interception
+telepresence connect # Starts the connection to your cluster (bound to the current namespace)
+telepresence intercept argocd-server --port 8080:http --env-file .envrc.remote # Starts the interception
 ```
-* `--port` forwards traffic of remote ports 8080 and 8083 to the same ports locally
+* `--port` forwards traffic of remote port http to 8080 locally (use `--port 8080:https` if argocd-server terminates TLS)
 * `--env-file` writes all the environment variables of the remote pod into a local file, the variables are also set on the subprocess of the `--run` command
-* `--namespace` specifies that the `argocd-server` is located in the `argocd` namespace
+
+With this, any traffic that hits your argocd-server service in the cluster (e.g through a LB / ingress) will be forwarded to your laptop on port 8080. So that you can now start argocd-server locally to debug or test new code. If you launch argocd-server using the environment variables in `.envrc.remote`, he is able to fetch all the configmaps, secrets and so one from the cluster and transparently connect to the other microservices so that no further configuration should be neccesary and he behaves exactly the same as in the cluster.

 List current status of Telepresence using:
 ```shell
@@ -63,11 +65,11 @@ Once a connection is established, use your favorite tools to start the server lo
 * Run `./dist/argocd-server`

 ### VSCode
-In VSCode use the integrated terminal to run the Telepresence command to connect. Then, to run argocd-server service use the following configuration.
-Update the configuration file to point to kubeconfig file: `KUBECONFIG=` (required)
+In VSCode use the following launch configuration to run argocd-server:
+
 ```json
        {
-            "name": "Launch",
+            "name": "Launch argocd-server",
            "type": "go",
            "request": "launch",
            "mode": "auto",
@@ -82,3 +84,4 @@ Update the configuration file to point to kubeconfig file: `KUBECONFIG=` (requir
            }
        }
 ```
+
--- a/docs/getting_started.md
+++ b/docs/getting_started.md
@@ -78,10 +78,10 @@ The API server can then be accessed using https://localhost:8080
 The initial password for the `admin` account is auto-generated and stored as
 clear text in the field `password` in a secret named `argocd-initial-admin-secret`
 in your Argo CD installation namespace. You can simply retrieve this password
-using `kubectl`:
+using the `argocd` CLI:

 ```bash
-kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
+argocd admin initial-password
 ```

 !!! warning
--- a/docs/operator-manual/application.yaml
+++ b/docs/operator-manual/application.yaml
@@ -108,6 +108,7 @@ spec:

    # plugin specific config
    plugin:
+      # NOTE: this field is deprecated in v2.5 and must be removed to use sidecar-based plugins.
      # Only set the plugin name if the plugin is defined in argocd-cm.
      # If the plugin is defined as a sidecar, omit the name. The plugin will be automatically matched with the
      # Application according to the plugin's discovery rules.
@@ -116,6 +117,15 @@ spec:
      env:
        - name: FOO
          value: bar
+      # Plugin parameters are new in v2.5.
+      parameters:
+        - name: string-param
+          string: example-string
+        - name: array-param
+          array: [item1, item2]
+        - name: map-param
+          map:
+            param-name: param-value

  # Destination cluster and namespace to deploy the application
  destination:
@@ -134,6 +144,15 @@ spec:
    - CreateNamespace=true # Namespace Auto-Creation ensures that namespace specified as the application destination exists in the destination cluster.
    - PrunePropagationPolicy=foreground # Supported policies are background, foreground and orphan.
    - PruneLast=true # Allow the ability for resource pruning to happen as a final, implicit wave of a sync operation
+    managedNamespaceMetadata: # Sets the metadata for the application namespace. Only valid if CreateNamespace=true (see above), otherwise it's a no-op.
+      labels: # The labels to set on the application namespace
+        any: label
+        you: like
+      annotations: # The annotations to set on the application namespace
+        the: same
+        applies: for
+        annotations: on-the-namespace
+
    # The retry feature is available since v1.7
    retry:
      limit: 5 # number of failed sync attempt retries; unlimited number of attempts if less than 0
--- a/docs/operator-manual/applicationset/GoTemplate.md
+++ b/docs/operator-manual/applicationset/GoTemplate.md
@@ -74,6 +74,13 @@ All your templates must replace parameters with GoTemplate Syntax:

 Example: `{{ some.value }}` becomes `{{ .some.value }}`

+### Cluster Generators
+
+By activating Go Templating, `{{ .metadata }}` becomes an object.
+
+- `{{ metadata.labels.my-label }}` becomes `{{ index .metadata.labels "my-label" }}`
+- `{{ metadata.annotations.my/annotation }}` becomes `{{ index .metadata.annotations "my/annotation" }}`
+
 ### Git Generators

 By activating Go Templating, `{{ .path }}` becomes an object. Therefore, some changes must be made to the Git 
--- a/docs/operator-manual/argocd-cm.yaml
+++ b/docs/operator-manual/argocd-cm.yaml
@@ -190,6 +190,9 @@ data:
      clusters:
      - "*.local"

+  # An optional comma-separated list of metadata.labels to observe in the UI.
+  resource.customLabels: tier
+
  resource.compareoptions: |
    # if ignoreAggregatedRoles set to true then differences caused by aggregated roles in RBAC resources are ignored.
    ignoreAggregatedRoles: true
--- a/docs/operator-manual/custom-styles.md
+++ b/docs/operator-manual/custom-styles.md
@@ -100,7 +100,7 @@ experience, you may wish to build a separate project using the [Argo CD UI dev s

 ## Banners

-Argo CD can optionally display a banner that can be used to notify your users of upcoming maintenance and operational changes. This feature can be enabled by specifying the banner message using the `ui.bannercontent` field in the `argocd-cm` ConfigMap and Argo CD will display this message at the top of every UI page. You can optionally add a link to this message by setting `ui.bannerurl`.
+Argo CD can optionally display a banner that can be used to notify your users of upcoming maintenance and operational changes. This feature can be enabled by specifying the banner message using the `ui.bannercontent` field in the `argocd-cm` ConfigMap and Argo CD will display this message at the top of every UI page. You can optionally add a link to this message by setting `ui.bannerurl`. You can also make the banner sticky (permanent) by setting `ui.bannerpermanent` to `true` and change it's position to the bottom by using `ui.bannerposition: "bottom"` 

 ### argocd-cm
 ```yaml
@@ -113,6 +113,8 @@ metadata:
 data:
    ui.bannercontent: "Banner message linked to a URL"
    ui.bannerurl: "www.bannerlink.com"
+    ui.bannerpermanent: "true"
+    ui.bannerposition: "bottom"
 ```

 ![banner with link](../assets/banner.png)
--- a/docs/operator-manual/declarative-setup.md
+++ b/docs/operator-manual/declarative-setup.md
@@ -178,7 +178,7 @@ Consider using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sea
 Each repository must have a `url` field and, depending on whether you connect using HTTPS, SSH, or GitHub App, `username` and `password` (for HTTPS), `sshPrivateKey` (for SSH), or `githubAppPrivateKey` (for GitHub App).

 !!!warning
-    When using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) the labels will be removed and have to be readded as descibed here: https://github.com/bitnami-labs/sealed-secrets#sealedsecrets-as-templates-for-secrets
+    When using [bitnami-labs/sealed-secrets](https://github.com/bitnami-labs/sealed-secrets) the labels will be removed and have to be readded as described here: https://github.com/bitnami-labs/sealed-secrets#sealedsecrets-as-templates-for-secrets

 Example for HTTPS:

@@ -682,6 +682,10 @@ Notes:
 * Invalid globs result in the whole rule being ignored.
 * If you add a rule that matches existing resources, these will appear in the interface as `OutOfSync`.

+## Resource Custom Labels
+
+Custom Labels configured with `resource.customLabels` (comma separated string) will be displayed in the UI (for any resource that defines them).
+
 ## SSO & RBAC

 * SSO configuration details: [SSO](./user-management/index.md)
--- a/docs/operator-manual/health.md
+++ b/docs/operator-manual/health.md
@@ -36,19 +36,21 @@ metadata:
    app.kubernetes.io/name: argocd-cm
    app.kubernetes.io/part-of: argocd
 data:
-  resource.customizations.health.argoproj.io_Application: |
-    hs = {}
-    hs.status = "Progressing"
-    hs.message = ""
-    if obj.status ~= nil then
-      if obj.status.health ~= nil then
-        hs.status = obj.status.health.status
-        if obj.status.health.message ~= nil then
-          hs.message = obj.status.health.message
+  resource.customizations: |
+    argoproj.io/Application:
+      health.lua: |  
+        hs = {}
+        hs.status = "Progressing"
+        hs.message = ""
+        if obj.status ~= nil then
+          if obj.status.health ~= nil then
+            hs.status = obj.status.health.status
+            if obj.status.health.message ~= nil then
+              hs.message = obj.status.health.message
+            end
+          end
        end
-      end
-    end
-    return hs
+        return hs
 ```

 ## Custom Health Checks
@@ -62,34 +64,50 @@ There are two ways to configure a custom health check. The next two sections des

 ### Way 1. Define a Custom Health Check in `argocd-cm` ConfigMap

-Custom health checks can be defined in `resource.customizations.health.<group_kind>` field of `argocd-cm`. If you are using argocd-operator, this is overridden by [the argocd-operator resourceCustomizations](https://argocd-operator.readthedocs.io/en/latest/reference/argocd/#resource-customizations).
+Custom health checks can be defined in 
+```yaml
+  resource.customizations: |
+    <group/kind>:
+      health.lua: | 
+```
+field of `argocd-cm`. If you are using argocd-operator, this is overridden by [the argocd-operator resourceCustomizations](https://argocd-operator.readthedocs.io/en/latest/reference/argocd/#resource-customizations).

 The following example demonstrates a health check for `cert-manager.io/Certificate`.

 ```yaml
 data:
-  resource.customizations.health.cert-manager.io_Certificate: |
-    hs = {}
-    if obj.status ~= nil then
-      if obj.status.conditions ~= nil then
-        for i, condition in ipairs(obj.status.conditions) do
-          if condition.type == "Ready" and condition.status == "False" then
-            hs.status = "Degraded"
-            hs.message = condition.message
-            return hs
-          end
-          if condition.type == "Ready" and condition.status == "True" then
-            hs.status = "Healthy"
-            hs.message = condition.message
-            return hs
+  resource.customizations: |
+    cert-manager.io/Certificate:
+      health.lua: |
+        hs = {}
+        if obj.status ~= nil then
+          if obj.status.conditions ~= nil then
+            for i, condition in ipairs(obj.status.conditions) do
+              if condition.type == "Ready" and condition.status == "False" then
+                hs.status = "Degraded"
+                hs.message = condition.message
+                return hs
+              end
+              if condition.type == "Ready" and condition.status == "True" then
+                hs.status = "Healthy"
+                hs.message = condition.message
+                return hs
+              end
+            end
          end
        end
-      end
-    end

-    hs.status = "Progressing"
-    hs.message = "Waiting for certificate"
-    return hs
+        hs.status = "Progressing"
+        hs.message = "Waiting for certificate"
+        return hs
+```
+In order to prevent duplication of the same custom health check for potentially multiple resources, it is also possible to specify a wildcard in the resource kind, like this:
+
+```yaml
+  resource.customizations: |
+    ec2.aws.crossplane.io/*:
+      health.lua: | 
+        ...
 ```

 The `obj` is a global variable which contains the resource. The script must return an object with status and optional message field.
@@ -139,3 +157,5 @@ tests:
 To test the implemented custom health checks, run `go test -v ./util/lua/`.

 The [PR#1139](https://github.com/argoproj/argo-cd/pull/1139) is an example of Cert Manager CRDs custom health check.
+
+Please note that bundled health checks with wildcards are not supported.
--- a/docs/operator-manual/metrics.md
+++ b/docs/operator-manual/metrics.md
@@ -67,8 +67,7 @@ Scraped at the `argocd-server-metrics:8083/metrics` endpoint.
 | Metric | Type | Description |
 |--------|:----:|-------------|
 | `argocd_redis_request_duration` | histogram | Redis requests duration. |
-| `argocd_redis_request_total` | counter | Number of kubernetes requests executed during application
-reconciliation. |
+| `argocd_redis_request_total` | counter | Number of kubernetes requests executed during application reconciliation. |
 | `grpc_server_handled_total` | counter | Total number of RPCs completed on the server, regardless of success or failure. |
 | `grpc_server_msg_sent_total` | counter | Total number of gRPC stream messages sent by the server. |

--- a/docs/operator-manual/notifications/troubleshooting-commands.md
+++ b/docs/operator-manual/notifications/troubleshooting-commands.md
@@ -1,9 +1,9 @@
-## notifications template get
+## argocd admin notifications template get

 Prints information about configured templates

 ```
-notifications template get [flags]
+argocd admin notifications template get [flags]
 ```

 ### Examples
@@ -11,9 +11,9 @@ notifications template get [flags]
 ```

 # prints all templates
-notifications template get
+argocd admin notifications template get
 # print YAML formatted app-sync-succeeded template definition
-notifications template get app-sync-succeeded -o=yaml
+argocd admin notifications template get app-sync-succeeded -o=yaml

 ```

@@ -53,12 +53,12 @@ notifications template get app-sync-succeeded -o=yaml
      --username string                 Username for basic authentication to the API server
 ```

-## notifications template notify
+## argocd admin notifications template notify

 Generates notification using the specified template and send it to specified recipients

 ```
-notifications template notify NAME RESOURCE_NAME [flags]
+argocd admin notifications template notify NAME RESOURCE_NAME [flags]
 ```

 ### Examples
@@ -66,10 +66,10 @@ notifications template notify NAME RESOURCE_NAME [flags]
 ```

 # Trigger notification using in-cluster config map and secret
-notifications template notify app-sync-succeeded guestbook --recipient slack:my-slack-channel
+argocd admin notifications template notify app-sync-succeeded guestbook --recipient slack:my-slack-channel

 # Render notification render generated notification in console
-notifications template notify app-sync-succeeded guestbook
+argocd admin notifications template notify app-sync-succeeded guestbook

 ```

@@ -109,12 +109,12 @@ notifications template notify app-sync-succeeded guestbook
      --username string                 Username for basic authentication to the API server
 ```

-## notifications trigger get
+## argocd admin notifications trigger get

 Prints information about configured triggers

 ```
-notifications trigger get [flags]
+argocd admin notifications trigger get [flags]
 ```

 ### Examples
@@ -122,9 +122,9 @@ notifications trigger get [flags]
 ```

 # prints all triggers
-notifications trigger get
+argocd admin notifications trigger get
 # print YAML formatted on-sync-failed trigger definition
-notifications trigger get on-sync-failed -o=yaml
+argocd admin notifications trigger get on-sync-failed -o=yaml

 ```

@@ -164,12 +164,12 @@ notifications trigger get on-sync-failed -o=yaml
      --username string                 Username for basic authentication to the API server
 ```

-## notifications trigger run
+## argocd admin notifications trigger run

 Evaluates specified trigger condition and prints the result

 ```
-notifications trigger run NAME RESOURCE_NAME [flags]
+argocd admin notifications trigger run NAME RESOURCE_NAME [flags]
 ```

 ### Examples
@@ -177,10 +177,10 @@ notifications trigger run NAME RESOURCE_NAME [flags]
 ```

 # Execute trigger configured in 'argocd-notification-cm' ConfigMap
-notifications trigger run on-sync-status-unknown ./sample-app.yaml
+argocd admin notifications trigger run on-sync-status-unknown ./sample-app.yaml

 # Execute trigger using my-config-map.yaml instead of 'argocd-notifications-cm' ConfigMap
-notifications trigger run on-sync-status-unknown ./sample-app.yaml \
+argocd admin notifications trigger run on-sync-status-unknown ./sample-app.yaml \
    --config-map ./my-config-map.yaml
 ```

--- a/docs/operator-manual/notifications/troubleshooting.md
+++ b/docs/operator-manual/notifications/troubleshooting.md
@@ -1,6 +1,6 @@
 ## Troubleshooting

-The `argocd-notifications` binary includes a set of CLI commands that helps to configure the controller
+The `argocd admin notifications` is a CLI command group that helps to configure the controller
 settings and troubleshoot issues.

 ## Global flags
@@ -17,15 +17,15 @@ Additionally, you can specify `:empty` value to use empty secret with no notific
 * Get list of triggers configured in the local config map:

 ```bash
-argocd-notifications trigger get \
-  --config-map ./argocd-notifications-cm.yaml --secret :empty
+argocd admin notifications trigger get \
+  --config-map ./argocd admin notifications-cm.yaml --secret :empty
 ```

 * Trigger notification using in-cluster config map and secret:

 ```bash
-argocd-notifications template notify \
-  app-sync-succeeded guestbook --recipient slack:argocd-notifications
+argocd admin notifications template notify \
+  app-sync-succeeded guestbook --recipient slack:argocd admin notifications
 ```

 ## Kustomize
@@ -44,18 +44,18 @@ kustomize build ./argocd-notifications | \

 ### On your laptop

-You can download `argocd-notifications` from the github [release](https://github.com/argoproj-labs/argocd-notifications/releases)
+You can download the `argocd` CLI from the github [release](https://github.com/argoproj/argo-cd/releases)
 attachments.

-The binary is available in `argoprojlabs/argocd-notifications` image. Use the `docker run` and volume mount
+The binary is available in `argoproj/argo-cd` image. Use the `docker run` and volume mount
 to execute binary on any platform. 

 **Example:**

 ```bash
 docker run --rm -it -w /src -v $(pwd):/src \
-  argoprojlabs/argocd-notifications:<version> \
-  /app/argocd-notifications trigger get \
+  argoproj/argo-cd:<version> \
+  /app/argocd admin notifications trigger get \
  --config-map ./argocd-notifications-cm.yaml --secret :empty
 ```

@@ -67,7 +67,7 @@ configuration.
 **Example**
 ```bash
 kubectl exec -it argocd-notifications-controller-<pod-hash> \
-  /app/argocd-notifications trigger get
+  /app/argocd admin notifications trigger get
 ```

 ## Commands
--- a/docs/operator-manual/upgrading/2.5-2.6.md
+++ b/docs/operator-manual/upgrading/2.5-2.6.md
@@ -0,0 +1,8 @@
+# v2.5 to 2.6
+
+## ApplicationSets: `^` behavior change in Sprig's semver functions
+Argo CD 2.5 introduced [Go templating in ApplicationSets](https://argo-cd.readthedocs.io/en/stable/operator-manual/applicationset/GoTemplate/). Go templates have access to the Sprig function library.
+
+Argo CD 2.6 upgrades Sprig to v3. That upgrade includes an upgrade of [Masterminds/semver](https://github.com/Masterminds/semver/releases) to v3.
+
+Masterminds/semver v3 changed the behavior of the `^` prefix in semantic version constraints. If you are using Go-templated ApplicationSets which include references to [Sprig's semver functions](https://masterminds.github.io/sprig/semver.html) and use the `^` prefix, read the [Masterminds/semver changelog](https://github.com/Masterminds/semver/releases/tag/v3.0.0) to understand how your ApplicationSets' behavior may change.
--- a/docs/proposals/deep-links.md
+++ b/docs/proposals/deep-links.md
@@ -0,0 +1,133 @@
+---
+title: Deep Links
+
+authors:
+- "@gdsoumya"
+- "@alexmt"
+
+sponsors:
+- TBD
+
+reviewers:
+- TBD
+
+approvers:
+- TBD
+
+creation-date: 2022-08-01
+
+---
+
+# Deep Links
+
+Deep links allow end users to quickly redirect to third-party systems such as Splunk, DataDog etc. from the Argo CD
+user interface.
+
+
+## Summary
+
+Argo CD administrator will be able to configure links that redirect users to third-party systems such as Splunk,
+DataDog etc. The template should be able to reference different types of resources relating to where the links show up,
+this includes projects, applications, or individual resources(pods, services etc.) that are part of the application.
+
+Deep Link is a generic integration solution for third-party systems which enables users to integrate any system -  not
+only popular solutions but also custom/private systems that can leverage the data available in Argo CD.
+
+## Motivation
+
+Argo CD UI with deep links to third-party integrations will provide a unified solution for users making it easier for
+them to switch between relevant systems without having to separately navigate and correlate the information.
+
+
+## Proposal
+
+The configuration for Deep Links will be present in the `argocd-cm`, we will add new `<location>.links` fields in the
+cm to list all the deep links that will be displayed in the provided location. The possible values for `<location>`
+currently are :
+- `project` : all links under this field will show up in the project tab in the Argo CD UI.
+- `application` : all links under this field will show up in the application summary tab.
+- `resource` : all links under this field will show up in the individual resource(deployments, pods, services etc.)
+  summary tab.
+
+Each link in the list has five subfields :
+1. `title` : title/tag that will be displayed in the UI corresponding to that link
+2. `url` : the actual URL where the deep link will redirect to, this field can be templated to use data from the
+   application, project or resource objects (depending on where it is located)
+3. `description` (optional) : a description for what the deep link is about
+4. `icon.class` (optional) : a font-awesome icon class to be used when displaying the links in dropdown menus.
+5. `if` (optional) : a conditional statement that results in either `true` or `false`, it also has access to the same
+   data as the `url` field. If the condition resolves to `true` the deep link will be displayed else it will be hidden. If
+   the field is omitted by default the deep links will be displayed.
+
+
+An example `argocd-cm.yaml` file with deep links and its variations :
+
+```yaml
+data:
+  # project level links
+  project.links: |
+    - url: https://myaudit-system.com?project={{proj.metadata.name}}
+      title: Audit
+  # application level links
+  application.links: |
+    - url: https://mycompany.splunk.com?search={{app.spec.destination.namespace}}
+      title: Splunk
+    # conditionally show link e.g. for specific project
+    - url: https://mycompany.splunk.com?search={{app.spec.destination.namespace}}
+      title: Splunk
+      if: app.spec.proj == "abc"
+    - url: https://{{project.metadata.annotations.splunkhost}}?search={{app.spec.destination.namespace}}
+      title: Splunk
+      if: project.metadata.annotations.splunkhost
+    
+  # resource level links
+  resource.links: |
+    - url: https://mycompany.splunk.com?search={{res.metadata.namespace}}
+      title: Splunk
+      if: res.kind == "Pod" || res.kind == "Deployment"
+
+```
+
+The argocd server will expose new APIs for rendering deep links in the UI, the server will handle the templating and
+conditional rendering logic and will provide the UI with the final list of links that need to be displayed for a
+particular location/resource.
+
+The following API methods are proposed:
+
+```protobuf
+message LinkInfo {
+  required string name = 1;
+  required string url = 2;
+  optional string description = 3;
+  optional string iconClass = 4;
+}
+
+message LinksResponse {
+  repeated LinkInfo items = 1;
+}
+
+service ApplicationService {
+  rpc ListLinks(google.protobuf.Empty) returns (LinksResponse) {
+    option (google.api.http).get = "/api/v1/applications/{name}/links";
+  }
+
+  rpc ListResourceLinks(ApplicationResourceRequest) returns (LinksResponse) {
+    option (google.api.http).get = "/api/v1/applications/{name}/resource/links";
+  }
+}
+
+service ProjectService {
+  
+  rpc ListLinks(google.protobuf.Empty) returns (LinksResponse) {
+    option (google.api.http).get = "/api/v1/projects/{name}/links";
+  }
+}
+```
+
+### Use cases
+
+Some example use cases this enhancement intends to take care of -
+
+#### Use case 1:
+As a user, I would like to quickly open a splunk/datadog UI with a query that retrieves all logs of application
+namespace or metrics for specific applications etc.
--- a/docs/requirements.txt
+++ b/docs/requirements.txt
@@ -1,5 +1,5 @@
 mkdocs==1.2.3
-mkdocs-material==7.1.7
+mkdocs-material==7.1.8
 markdown_include==0.6.0
 pygments==2.7.4
 jinja2==3.0.3
--- a/docs/snyk/index.md
+++ b/docs/snyk/index.md
@@ -15,62 +15,49 @@ recent minor releases.
 |---:|:--------:|:----:|:------:|:---:|
 | [go.mod](master/argocd-test.html) | 0 | 0 | 2 | 0 |
 | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 3 | 0 |
-| [dex:v2.35.3-distroless](master/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
+| [dex:v2.35.3](master/ghcr.io_dexidp_dex_v2.35.3.html) | 0 | 0 | 0 | 0 |
 | [haproxy:2.6.2-alpine](master/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 1 | 13 |
+| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 3 | 12 |
 | [redis:7.0.5-alpine](master/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 |
 | [install.yaml](master/argocd-iac-install.html) | - | - | - | - |
 | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - |

-### v2.5.0-rc3
+### v2.5.2

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.5.0-rc3/argocd-test.html) | 0 | 0 | 2 | 0 |
-| [ui/yarn.lock](v2.5.0-rc3/argocd-test.html) | 0 | 0 | 3 | 0 |
-| [dex:v2.35.3-distroless](v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
-| [haproxy:2.6.2-alpine](v2.5.0-rc3/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.5.0-rc3](v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html) | 0 | 1 | 8 | 13 |
-| [redis:7.0.5-alpine](v2.5.0-rc3/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.5.0-rc3/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.5.0-rc3/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.5.2/argocd-test.html) | 0 | 0 | 2 | 0 |
+| [ui/yarn.lock](v2.5.2/argocd-test.html) | 0 | 0 | 3 | 0 |
+| [dex:v2.35.3-distroless](v2.5.2/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
+| [haproxy:2.6.2-alpine](v2.5.2/haproxy_2.6.2-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v2.5.2](v2.5.2/quay.io_argoproj_argocd_v2.5.2.html) | 0 | 0 | 4 | 12 |
+| [redis:7.0.5-alpine](v2.5.2/redis_7.0.5-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.5.2/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.5.2/argocd-iac-namespace-install.html) | - | - | - | - |

-### v2.4.15
+### v2.4.17

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.4.15/argocd-test.html) | 0 | 0 | 3 | 0 |
-| [ui/yarn.lock](v2.4.15/argocd-test.html) | 0 | 0 | 3 | 0 |
-| [dex:v2.35.3-distroless](v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
-| [haproxy:2.0.29-alpine](v2.4.15/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.4.15](v2.4.15/quay.io_argoproj_argocd_v2.4.15.html) | 0 | 1 | 7 | 13 |
-| [redis:7.0.4-alpine](v2.4.15/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.4.15/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.4.15/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.4.17/argocd-test.html) | 0 | 0 | 3 | 0 |
+| [ui/yarn.lock](v2.4.17/argocd-test.html) | 0 | 0 | 3 | 0 |
+| [dex:v2.35.3-distroless](v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
+| [haproxy:2.0.29-alpine](v2.4.17/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd:v2.4.17](v2.4.17/quay.io_argoproj_argocd_v2.4.17.html) | 0 | 0 | 4 | 12 |
+| [redis:7.0.4-alpine](v2.4.17/redis_7.0.4-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.4.17/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.4.17/argocd-iac-namespace-install.html) | - | - | - | - |

-### v2.3.10
+### v2.3.11

 |    | Critical | High | Medium | Low |
 |---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.3.10/argocd-test.html) | 0 | 0 | 3 | 0 |
-| [ui/yarn.lock](v2.3.10/argocd-test.html) | 0 | 1 | 5 | 0 |
-| [dex:v2.35.3-distroless](v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
-| [haproxy:2.0.29-alpine](v2.3.10/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd-applicationset:v0.4.1](v2.3.10/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 |
-| [argocd:v2.3.10](v2.3.10/quay.io_argoproj_argocd_v2.3.10.html) | 0 | 1 | 7 | 13 |
-| [redis:6.2.7-alpine](v2.3.10/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.3.10/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.3.10/argocd-iac-namespace-install.html) | - | - | - | - |
-
-### v2.2.15
-
-|    | Critical | High | Medium | Low |
-|---:|:--------:|:----:|:------:|:---:|
-| [go.mod](v2.2.15/argocd-test.html) | 0 | 0 | 4 | 0 |
-| [ui/yarn.lock](v2.2.15/argocd-test.html) | 0 | 1 | 5 | 0 |
-| [dex:v2.35.3-distroless](v2.2.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
-| [haproxy:2.0.29-alpine](v2.2.15/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
-| [argocd:v2.2.15](v2.2.15/quay.io_argoproj_argocd_v2.2.15.html) | 0 | 1 | 7 | 23 |
-| [redis:6.2.7-alpine](v2.2.15/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 |
-| [install.yaml](v2.2.15/argocd-iac-install.html) | - | - | - | - |
-| [namespace-install.yaml](v2.2.15/argocd-iac-namespace-install.html) | - | - | - | - |
+| [go.mod](v2.3.11/argocd-test.html) | 0 | 0 | 3 | 0 |
+| [ui/yarn.lock](v2.3.11/argocd-test.html) | 0 | 1 | 5 | 0 |
+| [dex:v2.35.3-distroless](v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html) | 0 | 0 | 0 | 0 |
+| [haproxy:2.0.29-alpine](v2.3.11/haproxy_2.0.29-alpine.html) | 0 | 0 | 0 | 0 |
+| [argocd-applicationset:v0.4.1](v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html) | 0 | 4 | 38 | 29 |
+| [argocd:v2.3.11](v2.3.11/quay.io_argoproj_argocd_v2.3.11.html) | 0 | 0 | 4 | 12 |
+| [redis:6.2.7-alpine](v2.3.11/redis_6.2.7-alpine.html) | 0 | 0 | 0 | 0 |
+| [install.yaml](v2.3.11/argocd-iac-install.html) | - | - | - | - |
+| [namespace-install.yaml](v2.3.11/argocd-iac-namespace-install.html) | - | - | - | - |
--- a/docs/snyk/master/argocd-iac-install.html
+++ b/docs/snyk/master/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:21:01 am</p>
+                <p class="timestamp">November 13th 2022, 12:17:45 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
@@ -783,7 +783,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10481
+                              Line number: 10725
                          </li>
                      </ul>
              
@@ -841,7 +841,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 9950
+                              Line number: 10194
                          </li>
                      </ul>
              
@@ -899,7 +899,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10117
+                              Line number: 10361
                          </li>
                      </ul>
              
@@ -957,7 +957,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10083
+                              Line number: 10327
                          </li>
                      </ul>
              
@@ -1015,7 +1015,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10173
+                              Line number: 10417
                          </li>
                      </ul>
              
@@ -1073,7 +1073,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10247
+                              Line number: 10491
                          </li>
                      </ul>
              
@@ -1131,7 +1131,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10481
+                              Line number: 10725
                          </li>
                      </ul>
              
@@ -1189,7 +1189,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10303
+                              Line number: 10547
                          </li>
                      </ul>
              
@@ -1247,7 +1247,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10566
+                              Line number: 10810
                          </li>
                      </ul>
              
@@ -1305,7 +1305,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10864
+                              Line number: 11108
                          </li>
                      </ul>
              
@@ -1357,7 +1357,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10097
+                              Line number: 10341
                          </li>
                      </ul>
              
@@ -1413,7 +1413,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10257
+                              Line number: 10501
                          </li>
                      </ul>
              
@@ -1465,7 +1465,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 9950
+                              Line number: 10194
                          </li>
                      </ul>
              
@@ -1517,7 +1517,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10083
+                              Line number: 10327
                          </li>
                      </ul>
              
@@ -1569,7 +1569,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10117
+                              Line number: 10361
                          </li>
                      </ul>
              
@@ -1621,7 +1621,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10247
+                              Line number: 10491
                          </li>
                      </ul>
              
@@ -1673,7 +1673,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10481
+                              Line number: 10725
                          </li>
                      </ul>
              
@@ -1731,7 +1731,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 9950
+                              Line number: 10194
                          </li>
                      </ul>
              
@@ -1789,7 +1789,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10083
+                              Line number: 10327
                          </li>
                      </ul>
              
@@ -1847,7 +1847,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10117
+                              Line number: 10361
                          </li>
                      </ul>
              
@@ -1905,7 +1905,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10173
+                              Line number: 10417
                          </li>
                      </ul>
              
@@ -1963,7 +1963,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10247
+                              Line number: 10491
                          </li>
                      </ul>
              
@@ -2021,7 +2021,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10481
+                              Line number: 10725
                          </li>
                      </ul>
              
@@ -2079,7 +2079,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10303
+                              Line number: 10547
                          </li>
                      </ul>
              
@@ -2137,7 +2137,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10566
+                              Line number: 10810
                          </li>
                      </ul>
              
@@ -2195,7 +2195,7 @@
                          </li>
              
                          <li class="card__meta__item">
-                              Line number: 10864
+                              Line number: 11108
                          </li>
                      </ul>
              
--- a/docs/snyk/master/argocd-iac-namespace-install.html
+++ b/docs/snyk/master/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:21:12 am</p>
+                <p class="timestamp">November 13th 2022, 12:17:56 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/master/argocd-test.html
+++ b/docs/snyk/master/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:19:12 am</p>
+                <p class="timestamp">November 13th 2022, 12:15:47 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html
+++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.35.3.html
@@ -456,19 +456,19 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:28:35 am</p>
+                <p class="timestamp">November 13th 2022, 12:15:59 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
                <ul>
-                  <li class="paths">haproxy:2.0.29-alpine (apk)</li>
+                  <li class="paths">ghcr.io/dexidp/dex:v2.35.3/dexidp/dex (apk)</li>
                </ul>
              </div>
    
              <div class="meta-counts">
                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>17</span> <span>dependencies</span></div>
+                <div class="meta-count"><span>14</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
          </header><!-- .project__header -->
@@ -476,8 +476,8 @@
      <section class="layout-container">
          <table class="metatable">
              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|haproxy</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">haproxy:2.0.29-alpine</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|ghcr.io/dexidp/dex</td></tr>
+              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">ghcr.io/dexidp/dex:v2.35.3/dexidp/dex</td></tr>
              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
              
              </tbody>
--- a/docs/snyk/master/haproxy_2.6.2-alpine.html
+++ b/docs/snyk/master/haproxy_2.6.2-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:19:33 am</p>
+                <p class="timestamp">November 13th 2022, 12:16:05 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html
+++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html
@@ -7,7 +7,7 @@
  <meta name="viewport" content="width=device-width, initial-scale=1.0">
  <meta http-equiv="X-UA-Compatible" content="IE=edge">
  <title>Snyk test report</title>
-  <meta name="description" content="14 known vulnerabilities found in 84 vulnerable dependency paths.">
+  <meta name="description" content="15 known vulnerabilities found in 86 vulnerable dependency paths.">
  <base target="_blank">
  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
    sizes="194x194">
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:19:54 am</p>
+                <p class="timestamp">November 13th 2022, 12:16:28 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -466,8 +466,8 @@
              </div>
    
              <div class="meta-counts">
-                <div class="meta-count"><span>14</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>84 vulnerable dependency paths</span></div>
+                <div class="meta-count"><span>15</span> <span>known vulnerabilities</span></div>
+                <div class="meta-count"><span>86 vulnerable dependency paths</span></div>
                <div class="meta-count"><span>162</span> <span>dependencies</span></div>
              </div><!-- .meta-counts -->
            </div><!-- .layout-container--short -->
@@ -486,7 +486,7 @@
    <div class="layout-container" style="padding-top: 35px;">
      <div class="cards--vuln filter--patch filter--ignore">
        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
-            <h2 class="card__title">Improper Validation of Array Index</h2>
+            <h2 class="card__title">CVE-2022-42800</h2>
            <div class="card__section">
        
                <div class="label label--medium">
@@ -502,13 +502,13 @@
                    <li class="card__meta__item">
                            Vulnerable module:
        
-                            sqlite3/libsqlite3-0
+                            zlib/zlib1g
                    </li>
        
                    <li class="card__meta__item">Introduced through:
        
        
-                                    docker-image|quay.io/argoproj/argocd@latest, gnupg2/gpg@2.2.27-3ubuntu2.1 and others
+                                    docker-image|quay.io/argoproj/argocd@latest, meta-common-packages@meta and others
                    </li>
                </ul>
        
@@ -522,9 +522,9 @@
                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
                                        docker-image|quay.io/argoproj/argocd@latest
                                         <span class="list-paths__item__arrow">›</span> 
-                                        gnupg2/gpg@2.2.27-3ubuntu2.1
+                                        meta-common-packages@meta
                                         <span class="list-paths__item__arrow">›</span> 
-                                        sqlite3/libsqlite3-0@3.37.2-2
+                                        zlib/zlib1g@1:1.2.11.dfsg-2ubuntu9.2
                                        
                                </span>
        
@@ -536,24 +536,259 @@
              <hr/>
              <!-- Overview -->
              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>sqlite3</code> package.</em></p>
-        <p>SQLite 1.0.12 through 3.39.x before 3.39.2 sometimes allows an array-bounds overflow if billions of bytes are used in a string argument to a C API.</p>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>zlib</code> package.</em></p>
+        <p>This issue was addressed with improved checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A user may be able to cause unexpected app termination or arbitrary code execution.</p>
        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>sqlite3</code>.</p>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>zlib</code>.</p>
        <h2 id="references">References</h2>
        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-35737">ADVISORY</a></li>
-        <li><a href="https://kb.cert.org/vuls/id/720344">MISC</a></li>
-        <li><a href="https://www.sqlite.org/cves.html">MISC</a></li>
-        <li><a href="https://sqlite.org/releaselog/3_39_2.html">CONFIRM</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0009/">CONFIRM</a></li>
-        <li><a href="https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/">MISC</a></li>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-42800">ADVISORY</a></li>
+        <li><a href="https://support.apple.com/en-us/HT213488">MISC</a></li>
+        <li><a href="https://support.apple.com/en-us/HT213494">MISC</a></li>
+        <li><a href="https://support.apple.com/en-us/HT213493">MISC</a></li>
+        <li><a href="https://support.apple.com/en-us/HT213490">MISC</a></li>
+        <li><a href="https://support.apple.com/en-us/HT213491">MISC</a></li>
+        <li><a href="https://support.apple.com/en-us/HT213489">MISC</a></li>
        </ul>
        
              <hr/>
        
            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-SQLITE3-2961525">More about this vulnerability</a></p>
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-ZLIB-3098559">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">Off-by-one Error</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            systemd/libsystemd0
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and systemd/libsystemd0@249.11-0ubuntu3.6
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.4.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        procps/libprocps8@2:3.3.17-6ubuntu2
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.37.2-4ubuntu3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux/bsdutils@1:2.37.2-4ubuntu3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.4.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt/libapt-pkg6.0@2.4.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libsystemd0@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        libfido2/libfido2-1@1.10.0-1
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        util-linux@2.37.2-4ubuntu3
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt@2.4.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        apt/libapt-pkg6.0@2.4.8
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        systemd/libudev1@249.11-0ubuntu3.6
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>systemd</code> package.</em></p>
+        <p>An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service.</p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>systemd</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3821">ADVISORY</a></li>
+        <li><a href="https://github.com/systemd/systemd/issues/23928">MISC</a></li>
+        <li><a href="https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e">MISC</a></li>
+        <li><a href="https://github.com/systemd/systemd/pull/23933">MISC</a></li>
+        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2139327">MISC</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-SYSTEMD-3098846">More about this vulnerability</a></p>
+            </div>
+        
+        </div><!-- .card -->
+        <div class="card card--vuln  disclosure--not-new severity--medium" data-snyk-test="medium">
+            <h2 class="card__title">CVE-2022-3715</h2>
+            <div class="card__section">
+        
+                <div class="label label--medium">
+                    <span class="label__text">medium severity</span>
+                </div>
+        
+                <hr/>
+        
+                <ul class="card__meta">
+                    <li class="card__meta__item">
+                        Package Manager: ubuntu:22.04
+                    </li>
+                    <li class="card__meta__item">
+                            Vulnerable module:
+        
+                            bash
+                    </li>
+        
+                    <li class="card__meta__item">Introduced through:
+        
+                                docker-image|quay.io/argoproj/argocd@latest and bash@5.1-6ubuntu1
+        
+                    </li>
+                </ul>
+        
+                <hr/>
+        
+        
+                        <h3 class="card__section__title">Detailed paths</h3>
+        
+                    <ul class="card__meta__paths">
+                                <li>
+                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
+                                        docker-image|quay.io/argoproj/argocd@latest
+                                         <span class="list-paths__item__arrow">›</span> 
+                                        bash@5.1-6ubuntu1
+                                        
+                                </span>
+        
+                            </li>
+                    </ul><!-- .list-paths -->
+        
+            </div><!-- .card__section -->
+        
+              <hr/>
+              <!-- Overview -->
+              <h2 id="nvd-description">NVD Description</h2>
+        <p><em>This vulnerability has not been analyzed by NVD yet.</em></p>
+        <h2 id="remediation">Remediation</h2>
+        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>bash</code>.</p>
+        <h2 id="references">References</h2>
+        <ul>
+        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3715">ADVISORY</a></li>
+        </ul>
+        
+              <hr/>
+        
+            <div class="cta card__cta">
+                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-BASH-3098342">More about this vulnerability</a></p>
            </div>
        
        </div><!-- .card -->
@@ -648,6 +883,7 @@
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">RedHat Bugzilla Bug</a></li>
        <li><a href="https://access.redhat.com/security/cve/cve-2013-4235">RedHat CVE Database</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202210-26">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -874,178 +1110,6 @@
                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-PATCH-2784568">More about this vulnerability</a></p>
            </div>
        
-        </div><!-- .card -->
-        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
-            <h2 class="card__title">NULL Pointer Dereference</h2>
-            <div class="card__section">
-        
-                <div class="label label--low">
-                    <span class="label__text">low severity</span>
-                </div>
-        
-                <hr/>
-        
-                <ul class="card__meta">
-                    <li class="card__meta__item">
-                        Package Manager: ubuntu:22.04
-                    </li>
-                    <li class="card__meta__item">
-                            Vulnerable module:
-        
-                            openssl/libssl3
-                    </li>
-        
-                    <li class="card__meta__item">Introduced through:
-        
-                                docker-image|quay.io/argoproj/argocd@latest and openssl/libssl3@3.0.2-0ubuntu1.6
-        
-                    </li>
-                </ul>
-        
-                <hr/>
-        
-        
-                        <h3 class="card__section__title">Detailed paths</h3>
-        
-                    <ul class="card__meta__paths">
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        cyrus-sasl2/libsasl2-modules@2.1.27+dfsg2-3ubuntu1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libfido2/libfido2-1@1.10.0-1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssh/openssh-client@1:8.9p1-3
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20211016
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.2-0ubuntu1.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        git@1:2.34.1-1ubuntu1.5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        curl/libcurl3-gnutls@7.81.0-1ubuntu1.6
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libssh/libssh-4@0.9.6-2build1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        adduser@3.118ubuntu5
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        shadow/passwd@1:4.8.1-2ubuntu2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        pam/libpam-modules@1.4.0-11ubuntu2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libnsl/libnsl2@1.3.0-2build2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        libtirpc/libtirpc3@1.3.2-2ubuntu0.1
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libgssapi-krb5-2@1.19.2-2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        krb5/libkrb5-3@1.19.2-2
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl/libssl3@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                                <li>
-                                <span class="list-paths__item__introduced"><em>Introduced through</em>:
-                                        docker-image|quay.io/argoproj/argocd@latest
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        ca-certificates@20211016
-                                         <span class="list-paths__item__arrow">›</span> 
-                                        openssl@3.0.2-0ubuntu1.6
-                                        
-                                </span>
-        
-                            </li>
-                    </ul><!-- .list-paths -->
-        
-            </div><!-- .card__section -->
-        
-              <hr/>
-              <!-- Overview -->
-              <h2 id="nvd-description">NVD Description</h2>
-        <p><strong><em>Note:</em></strong> <em>Versions mentioned in the description apply to the upstream <code>openssl</code> package.</em></p>
-        <p>OpenSSL supports creating a custom cipher via the legacy EVP_CIPHER_meth_new() function and associated function calls. This function was deprecated in OpenSSL 3.0 and application authors are instead encouraged to use the new provider mechanism in order to implement custom ciphers. OpenSSL versions 3.0.0 to 3.0.5 incorrectly handle legacy custom ciphers passed to the EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() and EVP_CipherInit_ex2() functions (as well as other similarly named encryption and decryption initialisation functions). Instead of using the custom cipher directly it incorrectly tries to fetch an equivalent cipher from the available providers. An equivalent cipher is found based on the NID passed to EVP_CIPHER_meth_new(). This NID is supposed to represent the unique NID for a given cipher. However it is possible for an application to incorrectly pass NID_undef as this value in the call to EVP_CIPHER_meth_new(). When NID_undef is used in this way the OpenSSL encryption/decryption initialisation function will match the NULL cipher as being equivalent and will fetch this from the available providers. This will succeed if the default provider has been loaded (or if a third party provider has been loaded that offers this cipher). Using the NULL cipher means that the plaintext is emitted as the ciphertext. Applications are only affected by this issue if they call EVP_CIPHER_meth_new() using NID_undef and subsequently use it in a call to an encryption/decryption initialisation function. Applications that only use SSL/TLS are not impacted by this issue. Fixed in OpenSSL 3.0.6 (Affected 3.0.0-3.0.5).</p>
-        <h2 id="remediation">Remediation</h2>
-        <p>There is no fixed version for <code>Ubuntu:22.04</code> <code>openssl</code>.</p>
-        <h2 id="references">References</h2>
-        <ul>
-        <li><a href="http://people.ubuntu.com/~ubuntu-security/cve/CVE-2022-3358">ADVISORY</a></li>
-        <li><a href="https://www.openssl.org/news/secadv/20221011.txt">CONFIRM</a></li>
-        <li><a href="https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5485c56679d7c49b96e8fc8ca708b0b7e7c03c4b">CONFIRM</a></li>
-        <li><a href="https://security.netapp.com/advisory/ntap-20221028-0014/">CONFIRM</a></li>
-        </ul>
-        
-              <hr/>
-        
-            <div class="cta card__cta">
-                <p><a href="https://snyk.io/vuln/SNYK-UBUNTU2204-OPENSSL-3043317">More about this vulnerability</a></p>
-            </div>
-        
        </div><!-- .card -->
        <div class="card card--vuln  disclosure--not-new severity--low" data-snyk-test="low">
            <h2 class="card__title">CVE-2021-41617</h2>
@@ -1446,6 +1510,8 @@
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">MISC</a></li>
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">MISC</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
+        <li><a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html">MLIST</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/master/redis_7.0.5-alpine.html
+++ b/docs/snyk/master/redis_7.0.5-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:19:59 am</p>
+                <p class="timestamp">November 13th 2022, 12:16:34 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.2.15/argocd-iac-install.html
+++ b/docs/snyk/v2.2.15/argocd-iac-install.html
--- a/docs/snyk/v2.2.15/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.2.15/argocd-iac-namespace-install.html
--- a/docs/snyk/v2.2.15/argocd-test.html
+++ b/docs/snyk/v2.2.15/argocd-test.html
--- a/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html
+++ b/docs/snyk/v2.2.15/quay.io_argoproj_argocd_v2.2.15.html
--- a/docs/snyk/v2.2.15/redis_6.2.7-alpine.html
+++ b/docs/snyk/v2.2.15/redis_6.2.7-alpine.html
@@ -1,492 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">October 30th 2022, 12:29:23 am</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">redis:6.2.7-alpine (apk)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>17</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|redis</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">redis:6.2.7-alpine</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">apk</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
--- a/docs/snyk/v2.3.11/argocd-iac-install.html
+++ b/docs/snyk/v2.3.11/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:27:23 am</p>
+                <p class="timestamp">November 13th 2022, 12:24:38 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.11/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.3.11/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:28:00 am</p>
+                <p class="timestamp">November 13th 2022, 12:25:19 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.11/argocd-test.html
+++ b/docs/snyk/v2.3.11/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:25:27 am</p>
+                <p class="timestamp">November 13th 2022, 12:22:26 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html
+++ b/docs/snyk/v2.3.11/ghcr.io_dexidp_dex_v2.35.3-distroless.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:19:27 am</p>
+                <p class="timestamp">November 13th 2022, 12:22:32 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html
+++ b/docs/snyk/v2.3.11/haproxy_2.0.29-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:25:35 am</p>
+                <p class="timestamp">November 13th 2022, 12:22:35 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html
+++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd-applicationset_v0.4.1.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:25:50 am</p>
+                <p class="timestamp">November 13th 2022, 12:22:50 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
@@ -1034,6 +1034,7 @@
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JZZPTWRYQULAOL3AW7RZJNVZ2UONXCV4/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCZFIJBJTZ7CL5QXBFKTQ22Q26VINRUF/">FEDORA</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html">MLIST</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202210-42">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -3197,6 +3198,7 @@
        <li><a href="https://security-tracker.debian.org/tracker/CVE-2021-3999">MISC</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=2024637">MISC</a></li>
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html">MLIST</a></li>
+        <li><a href="https://security.netapp.com/advisory/ntap-20221104-0001/">CONFIRM</a></li>
        </ul>
        
              <hr/>
@@ -3475,6 +3477,8 @@
        <li><a href="http://www.openwall.com/lists/oss-security/2022/07/14/1">MLIST</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TRZG5CDUQ27OWTPC5MQOR4UASNXHWEZS/">FEDORA</a></li>
        <li><a href="https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DDI325LOO2XBDDKLINOAQJEG6MHAURZE/">FEDORA</a></li>
+        <li><a href="https://support.apple.com/kb/HT213496">CONFIRM</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Nov/1">FULLDISC</a></li>
        </ul>
        
              <hr/>
@@ -4948,6 +4952,7 @@
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
@@ -5021,6 +5026,7 @@
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
@@ -5095,6 +5101,7 @@
        <li><a href="https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html">MLIST</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
@@ -5168,6 +5175,7 @@
        <li><a href="https://www.debian.org/security/2022/dsa-5197">DEBIAN</a></li>
        <li><a href="https://security.netapp.com/advisory/ntap-20220915-0003/">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
@@ -5316,6 +5324,11 @@
        <li><a href="https://support.apple.com/kb/HT213446">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213486">CONFIRM</a></li>
        <li><a href="https://support.apple.com/kb/HT213487">CONFIRM</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/28">FULLDISC</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/39">FULLDISC</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/47">FULLDISC</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/49">FULLDISC</a></li>
        </ul>
        
              <hr/>
@@ -5579,6 +5592,7 @@
        <li><a href="https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E">MLIST</a></li>
        <li><a href="https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-4235">RedHat Bugzilla Bug</a></li>
        <li><a href="https://access.redhat.com/security/cve/cve-2013-4235">RedHat CVE Database</a></li>
+        <li><a href="https://security.gentoo.org/glsa/202210-26">GENTOO</a></li>
        </ul>
        
              <hr/>
@@ -6441,6 +6455,8 @@
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00016.html">MISC</a></li>
        <li><a href="https://lists.gnu.org/archive/html/bug-ncurses/2022-04/msg00014.html">MISC</a></li>
        <li><a href="https://support.apple.com/kb/HT213488">CONFIRM</a></li>
+        <li><a href="https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html">MLIST</a></li>
+        <li><a href="http://seclists.org/fulldisclosure/2022/Oct/41">FULLDISC</a></li>
        </ul>
        
              <hr/>
--- a/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html
+++ b/docs/snyk/v2.3.11/quay.io_argoproj_argocd_v2.3.11.html
--- a/docs/snyk/v2.3.11/redis_6.2.7-alpine.html
+++ b/docs/snyk/v2.3.11/redis_6.2.7-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:26:25 am</p>
+                <p class="timestamp">November 13th 2022, 12:23:36 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html
+++ b/docs/snyk/v2.4.15/ghcr.io_dexidp_dex_v2.35.3-distroless.html
@@ -1,492 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">October 30th 2022, 12:23:36 am</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex (deb)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>3</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|ghcr.io/dexidp/dex</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">deb</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
--- a/docs/snyk/v2.4.17/argocd-iac-install.html
+++ b/docs/snyk/v2.4.17/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:25:04 am</p>
+                <p class="timestamp">November 13th 2022, 12:22:02 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.17/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.4.17/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:25:13 am</p>
+                <p class="timestamp">November 13th 2022, 12:22:13 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.17/argocd-test.html
+++ b/docs/snyk/v2.4.17/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:23:29 am</p>
+                <p class="timestamp">November 13th 2022, 12:20:21 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html
+++ b/docs/snyk/v2.4.17/ghcr.io_dexidp_dex_v2.35.3-distroless.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:28:32 am</p>
+                <p class="timestamp">November 13th 2022, 12:20:26 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html
+++ b/docs/snyk/v2.4.17/haproxy_2.0.29-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:23:42 am</p>
+                <p class="timestamp">November 13th 2022, 12:20:31 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html
+++ b/docs/snyk/v2.4.17/quay.io_argoproj_argocd_v2.4.17.html
--- a/docs/snyk/v2.4.17/redis_7.0.4-alpine.html
+++ b/docs/snyk/v2.4.17/redis_7.0.4-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:24:06 am</p>
+                <p class="timestamp">November 13th 2022, 12:20:59 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html
+++ b/docs/snyk/v2.5.0-rc3/ghcr.io_dexidp_dex_v2.35.3-distroless.html
@@ -1,492 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-
-<head>
-  <meta http-equiv="Content-type" content="text/html; charset=utf-8">
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="X-UA-Compatible" content="IE=edge">
-  <title>Snyk test report</title>
-  <meta name="description" content="0 known vulnerabilities found in 0 vulnerable dependency paths.">
-  <base target="_blank">
-  <link rel="icon" type="image/png" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.png"
-    sizes="194x194">
-  <link rel="shortcut icon" href="https://res.cloudinary.com/snyk/image/upload/v1468845142/favicon/favicon.ico">
-  <style type="text/css">
-  
-    body {
-      -moz-font-feature-settings: "pnum";
-      -webkit-font-feature-settings: "pnum";
-      font-variant-numeric: proportional-nums;
-      display: flex;
-      flex-direction: column;
-      font-feature-settings: "pnum";
-      font-size: 100%;
-      line-height: 1.5;
-      min-height: 100vh;
-      -webkit-text-size-adjust: 100%;
-      margin: 0;
-      padding: 0;
-      background-color: #F5F5F5;
-      font-family: 'Arial', 'Helvetica', Calibri, sans-serif;
-    }
-  
-    h1,
-    h2,
-    h3,
-    h4,
-    h5,
-    h6 {
-      font-weight: 500;
-    }
-  
-    a,
-    a:link,
-    a:visited {
-      border-bottom: 1px solid #4b45a9;
-      text-decoration: none;
-      color: #4b45a9;
-    }
-  
-    a:hover,
-    a:focus,
-    a:active {
-      border-bottom: 1px solid #4b45a9;
-    }
-  
-    hr {
-      border: none;
-      margin: 1em 0;
-      border-top: 1px solid #c5c5c5;
-    }
-  
-    ul {
-      padding: 0 1em;
-      margin: 1em 0;
-    }
-  
-    code {
-      background-color: #EEE;
-      color: #333;
-      padding: 0.25em 0.5em;
-      border-radius: 0.25em;
-    }
-  
-    pre {
-      background-color: #333;
-      font-family: monospace;
-      padding: 0.5em 1em 0.75em;
-      border-radius: 0.25em;
-      font-size: 14px;
-    }
-  
-    pre code {
-      padding: 0;
-      background-color: transparent;
-      color: #fff;
-    }
-  
-    a code {
-      border-radius: .125rem .125rem 0 0;
-      padding-bottom: 0;
-      color: #4b45a9;
-    }
-  
-    a[href^="http://"]:after,
-    a[href^="https://"]:after {
-      background-image: linear-gradient(transparent,transparent),url("data:image/svg+xml,%3Csvg%20xmlns%3D%22http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%22%20viewBox%3D%220%200%20112%20109%22%3E%3Cg%20id%3D%22Page-1%22%20fill%3D%22none%22%20fill-rule%3D%22evenodd%22%3E%3Cg%20id%3D%22link-external%22%3E%3Cg%20id%3D%22arrow%22%3E%3Cpath%20id%3D%22Line%22%20stroke%3D%22%234B45A9%22%20stroke-width%3D%2215%22%20d%3D%22M88.5%2021l-43%2042.5%22%20stroke-linecap%3D%22square%22%2F%3E%3Cpath%20id%3D%22Triangle%22%20fill%3D%22%234B45A9%22%20d%3D%22M111.2%200v50L61%200z%22%2F%3E%3C%2Fg%3E%3Cpath%20id%3D%22square%22%20fill%3D%22%234B45A9%22%20d%3D%22M66%2015H0v94h94V44L79%2059v35H15V30h36z%22%2F%3E%3C%2Fg%3E%3C%2Fg%3E%3C%2Fsvg%3E");
-      background-repeat: no-repeat;
-      background-size: .75rem;
-      content: "";
-      display: inline-block;
-      height: .75rem;
-      margin-left: .25rem;
-      width: .75rem;
-    }
-  
-  
-  /* Layout */
-  
-    [class*=layout-container] {
-      margin: 0 auto;
-      max-width: 71.25em;
-      padding: 1.9em 1.3em;
-      position: relative;
-    }
-    .layout-container--short {
-      padding-top: 0;
-      padding-bottom: 0;
-      max-width: 48.75em;
-    }
-  
-    .layout-container--short:after {
-      display: block;
-      content: "";
-      clear: both;
-    }
-  
-  /* Header */
-  
-    .header {
-      padding-bottom: 1px;
-    }
-  
-    .paths {
-      margin-left: 8px;
-    }
-    .header-wrap {
-      display: flex;
-      flex-direction: row;
-      justify-content: space-between;
-      padding-top: 2em;
-    }
-    .project__header {
-      background-color: #4b45a9;
-      color: #fff;
-      margin-bottom: -1px;
-      padding-top: 1em;
-      padding-bottom: 0.25em;
-      border-bottom: 2px solid #BBB;
-    }
-  
-    .project__header__title {
-      overflow-wrap: break-word;
-      word-wrap: break-word;
-      word-break: break-all;
-      margin-bottom: .1em;
-      margin-top: 0;
-    }
-  
-    .timestamp {
-      float: right;
-      clear: none;
-      margin-bottom: 0;
-    }
-  
-    .meta-counts {
-      clear: both;
-      display: block;
-      flex-wrap: wrap;
-      justify-content: space-between;
-      margin: 0 0 1.5em;
-      color: #fff;
-      clear: both;
-      font-size: 1.1em;
-    }
-  
-    .meta-count {
-      display: block;
-      flex-basis: 100%;
-      margin: 0 1em 1em 0;
-      float: left;
-      padding-right: 1em;
-      border-right: 2px solid #fff;
-    }
-  
-    .meta-count:last-child {
-      border-right: 0;
-      padding-right: 0;
-      margin-right: 0;
-    }
-  
-  /* Card */
-  
-    .card {
-      background-color: #fff;
-      border: 1px solid #c5c5c5;
-      border-radius: .25rem;
-      margin: 0 0 2em 0;
-      position: relative;
-      min-height: 40px;
-      padding: 1.5em;
-    }
-  
-    .card .label {
-      background-color: #767676;
-      border: 2px solid #767676;
-      color: white;
-      padding: 0.25rem 0.75rem;
-      font-size: 0.875rem;
-      text-transform: uppercase;
-      display: inline-block;
-      margin: 0;
-      border-radius: 0.25rem;
-    }
-  
-    .card .label__text {
-      vertical-align: text-top;
-        font-weight: bold;
-    }
-  
-    .card .label--critical {
-      background-color: #AB1A1A;
-      border-color: #AB1A1A;
-    }
-  
-    .card .label--high {
-      background-color: #CE5019;
-      border-color: #CE5019;
-    }
-  
-    .card .label--medium {
-      background-color: #D68000;
-      border-color: #D68000;
-    }
-  
-    .card .label--low {
-      background-color: #88879E;
-      border-color: #88879E;
-    }
-  
-    .severity--low {
-      border-color: #88879E;
-    }
-  
-    .severity--medium {
-      border-color: #D68000;
-    }
-  
-    .severity--high {
-      border-color: #CE5019;
-    }
-  
-    .severity--critical {
-      border-color: #AB1A1A;
-    }
-  
-    .card--vuln {
-      padding-top: 4em;
-    }
-  
-    .card--vuln .label {
-      left: 0;
-      position: absolute;
-      top: 1.1em;
-      padding-left: 1.9em;
-      padding-right: 1.9em;
-      border-radius: 0 0.25rem 0.25rem 0;
-    }
-  
-    .card--vuln .card__section h2 {
-      font-size: 22px;
-      margin-bottom: 0.5em;
-    }
-  
-    .card--vuln .card__section p {
-      margin: 0 0 0.5em 0;
-    }
-  
-    .card--vuln .card__meta {
-      padding: 0 0 0 1em;
-      margin: 0;
-      font-size: 1.1em;
-    }
-  
-    .card .card__meta__paths {
-      font-size: 0.9em;
-    }
-  
-    .card--vuln .card__title {
-      font-size: 28px;
-      margin-top: 0;
-    }
-  
-    .card--vuln .card__cta p {
-      margin: 0;
-      text-align: right;
-    }
-  
-    .source-panel {
-      clear: both;
-      display: flex;
-      justify-content: flex-start;
-      flex-direction: column;
-      align-items: flex-start;
-      padding: 0.5em 0;
-      width: fit-content;
-    }
-  
-  
-  
-  </style>
-  <style type="text/css">
-    .metatable {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      margin-top: 12px;
-      border-collapse: collapse;
-      border-spacing: 0;
-      font-variant-numeric: tabular-nums;
-      max-width: 51.75em;
-    }
-  
-    tbody {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      flex-wrap: wrap;
-    }
-  
-    .meta-row {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      outline: none;
-      text-align: left;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-      display: flex;
-      align-items: start;
-      border-top: 1px solid #d3d3d9;
-      padding: 8px 0 0 0;
-      border-bottom: none;
-      margin: 8px;
-      width: 47.75%;
-    }
-  
-    .meta-row-label {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      color: #4c4a73;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      margin: 0;
-      outline: none;
-      text-decoration: none;
-      z-index: auto;
-      align-self: start;
-      flex: 1;
-      font-size: 1rem;
-      line-height: 1.5rem;
-      padding: 0;
-      text-align: left;
-      vertical-align: top;
-      text-transform: none;
-      letter-spacing: 0;
-    }
-  
-    .meta-row-value {
-      text-size-adjust: 100%;
-      -webkit-font-smoothing: antialiased;
-      -webkit-box-direction: normal;
-      color: inherit;
-      font-feature-settings: "pnum";
-      border-collapse: collapse;
-      border-spacing: 0;
-      word-break: break-word;
-      box-sizing: border-box;
-      background: transparent;
-      border: 0;
-      font: inherit;
-      font-size: 100%;
-      margin: 0;
-      outline: none;
-      padding: 0;
-      text-align: right;
-      text-decoration: none;
-      vertical-align: baseline;
-      z-index: auto;
-    }
-  </style>
-</head>
-
-<body class="section-projects">
-  <main class="layout-stacked">
-        <div class="layout-stacked__header header">
-          <header class="project__header">
-            <div class="layout-container">
-              <a class="brand" href="https://snyk.io" title="Snyk">
-                <svg width="68px" height="35px" viewBox="0 0 68 35" version="1.1" xmlns="http://www.w3.org/2000/svg" role="img">
-                  <title>Snyk - Open Source Security</title>
-                  <g stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-                    <g fill="#fff">
-                      <path d="M5.732,27.278 C3.445,27.278 1.589,26.885 0,26.124 L0.483,22.472 C2.163,23.296 4.056,23.689 5.643,23.689 C6.801,23.689 7.563,23.295 7.563,22.599 C7.563,20.594 0.333,21.076 0.333,15.839 C0.333,12.491 3.407,10.729 7.259,10.729 C9.179,10.729 11.161,11.249 12.444,11.704 L11.924,15.294 C10.577,14.774 8.747,14.291 7.222,14.291 C6.282,14.291 5.518,14.621 5.518,15.231 C5.518,17.208 12.903,16.815 12.903,21.925 C12.903,25.325 9.877,27.277 5.733,27.277 L5.732,27.278 Z M25.726,26.936 L25.726,17.894 C25.726,15.827 24.811,14.85 23.069,14.85 C22.219,14.85 21.329,15.09 20.719,15.46 L20.719,26.936 L15.352,26.936 L15.352,11.262 L20.602,10.83 L20.474,13.392 L20.652,13.392 C21.784,11.87 23.702,10.716 25.992,10.716 C28.736,10.716 31.112,12.416 31.112,16.436 L31.112,26.936 L25.724,26.936 L25.726,26.936 Z M61.175,26.936 L56.879,19.479 L56.446,19.479 L56.446,26.935 L51.082,26.935 L51.082,8.37 L56.447,0 L56.447,17.323 C57.515,16.017 61.112,11.059 61.112,11.059 L67.732,11.059 L61.454,17.689 L67.949,26.95 L61.175,26.95 L61.175,26.938 L61.175,26.936 Z M44.13,11.11 L41.93,18.262 C41.5,19.606 41.08,22.079 41.08,22.079 C41.08,22.079 40.75,19.516 40.292,18.172 L37.94,11.108 L31.928,11.108 L38.462,26.935 C37.572,29.04 36.199,30.815 34.369,30.815 C34.039,30.815 33.709,30.802 33.389,30.765 L31.255,34.061 C31.928,34.441 33.212,34.835 34.737,34.835 C38.703,34.835 41.359,31.627 43.215,26.885 L49.443,11.108 L44.132,11.108 L44.13,11.11 Z"></path>
-                    </g>
-                  </g>
-                </svg>
-              </a>
-              <div class="header-wrap">
-                  <h1 class="project__header__title">Snyk test report</h1>
-    
-                <p class="timestamp">October 30th 2022, 12:21:29 am</p>
-              </div>
-              <div class="source-panel">
-                <span>Scanned the following path:</span>
-                <ul>
-                  <li class="paths">ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex (deb)</li>
-                </ul>
-              </div>
-    
-              <div class="meta-counts">
-                <div class="meta-count"><span>0</span> <span>known vulnerabilities</span></div>
-                <div class="meta-count"><span>0 vulnerable dependency paths</span></div>
-                <div class="meta-count"><span>3</span> <span>dependencies</span></div>
-              </div><!-- .meta-counts -->
-            </div><!-- .layout-container--short -->
-          </header><!-- .project__header -->
-        </div><!-- .layout-stacked__header -->
-      <section class="layout-container">
-          <table class="metatable">
-              <tbody>
-              <tr class="meta-row"><th class="meta-row-label">Project</th> <td class="meta-row-value">docker-image|ghcr.io/dexidp/dex</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Path</th> <td class="meta-row-value">ghcr.io/dexidp/dex:v2.35.3-distroless/dexidp/dex</td></tr>
-              <tr class="meta-row"><th class="meta-row-label">Package Manager</th> <td class="meta-row-value">deb</td></tr>
-              
-              </tbody>
-          </table>
-      </section>
-    <div class="layout-container" style="padding-top: 35px;">
-      No known vulnerabilities detected.
-    </div>
-  </main><!-- .layout-stacked__content -->
-</body>
-
-</html>
--- a/docs/snyk/v2.5.0-rc3/argocd-iac-install.html
+++ b/docs/snyk/v2.5.0-rc3/argocd-iac-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:22:59 am</p>
+                <p class="timestamp">November 13th 2022, 12:19:49 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html
+++ b/docs/snyk/v2.5.0-rc3/argocd-iac-namespace-install.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:23:10 am</p>
+                <p class="timestamp">November 13th 2022, 12:20:00 am</p>
              </div>
                <div class="source-panel">
                  <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.0-rc3/argocd-test.html
+++ b/docs/snyk/v2.5.0-rc3/argocd-test.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:21:25 am</p>
+                <p class="timestamp">November 13th 2022, 12:18:10 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following paths:</span>
--- a/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html
+++ b/docs/snyk/v2.3.10/ghcr.io_dexidp_dex_v2.35.3-distroless.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:25:32 am</p>
+                <p class="timestamp">November 13th 2022, 12:18:18 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html
+++ b/docs/snyk/v2.5.0-rc3/haproxy_2.6.2-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:21:31 am</p>
+                <p class="timestamp">November 13th 2022, 12:18:21 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html
+++ b/docs/snyk/v2.5.0-rc3/quay.io_argoproj_argocd_v2.5.0-rc3.html
--- a/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html
+++ b/docs/snyk/v2.5.0-rc3/redis_7.0.5-alpine.html
@@ -456,7 +456,7 @@
              <div class="header-wrap">
                  <h1 class="project__header__title">Snyk test report</h1>
    
-                <p class="timestamp">October 30th 2022, 12:21:58 am</p>
+                <p class="timestamp">November 13th 2022, 12:18:45 am</p>
              </div>
              <div class="source-panel">
                <span>Scanned the following path:</span>
--- a/docs/user-guide/auto_sync.md
+++ b/docs/user-guide/auto_sync.md
@@ -88,3 +88,4 @@ which is controlled by `--self-heal-timeout-seconds` flag of `argocd-application
  and parameters had failed.

 * Rollback cannot be performed against an application with automated sync enabled.
+* The automatic sync interval is determined by [the `timeout.reconciliation` value in the `argocd-cm` ConfigMap](../faq.md#how-often-does-argo-cd-check-for-changes-to-my-git-or-helm-repository), which defaults to `180s` (3 minutes).
--- a/docs/user-guide/build-environment.md
+++ b/docs/user-guide/build-environment.md
@@ -2,14 +2,16 @@

 [Custom tools](config-management-plugins.md), [Helm](helm.md), [Jsonnet](jsonnet.md), and [Kustomize](kustomize.md) support the following build env vars:

-* `ARGOCD_APP_NAME` - name of application
-* `ARGOCD_APP_NAMESPACE` - destination application namespace.
-* `ARGOCD_APP_REVISION` - the resolved revision, e.g. `f913b6cbf58aa5ae5ca1f8a2b149477aebcbd9d8`
-* `ARGOCD_APP_SOURCE_PATH` - the path of the app within the repo
-* `ARGOCD_APP_SOURCE_REPO_URL` the repo's URL
-* `ARGOCD_APP_SOURCE_TARGET_REVISION` - the target revision from the spec, e.g. `master`.
-* `KUBE_VERSION` - the version of kubernetes
-* `KUBE_API_VERSIONS` = the version of kubernetes API
+| Variable                            | Description                                                             |
+| ----------------------------------- | ----------------------------------------------------------------------- |
+| `ARGOCD_APP_NAME`                   | The name of the application.                                            |
+| `ARGOCD_APP_NAMESPACE`              | The destination namespace of the application.                           |
+| `ARGOCD_APP_REVISION`               | The resolved revision, e.g. `f913b6cbf58aa5ae5ca1f8a2b149477aebcbd9d8`. |
+| `ARGOCD_APP_SOURCE_PATH`            | The path of the app within the source repo.                             |
+| `ARGOCD_APP_SOURCE_REPO_URL`        | The source repo URL.                                                    |
+| `ARGOCD_APP_SOURCE_TARGET_REVISION` | The target revision from the spec, e.g. `master`.                       |
+| `KUBE_VERSION`                      | The version of Kubernetes.                                              |
+| `KUBE_API_VERSIONS`                 | The version of the Kubernetes API.                                      |

 In case you don't want a variable to be interpolated, `$` can be escaped via `$$`.

--- a/docs/user-guide/commands/argocd_admin.md
+++ b/docs/user-guide/commands/argocd_admin.md
@@ -9,7 +9,9 @@ argocd admin [flags]
 ### Options

 ```
-  -h, --help   help for admin
+  -h, --help               help for admin
+      --logformat string   Set the logging format. One of: text|json (default "text")
+      --loglevel string    Set the logging level. One of: debug|info|warn|error (default "info")
 ```

 ### Options inherited from parent commands
@@ -26,8 +28,6 @@ argocd admin [flags]
      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
      --insecure                        Skip server certificate and domain verification
      --kube-context string             Directs the command to the given kube-context
-      --logformat string                Set the logging format. One of: text|json (default "text")
-      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
@@ -43,6 +43,7 @@ argocd admin [flags]
 * [argocd admin dashboard](argocd_admin_dashboard.md)	 - Starts Argo CD Web UI locally
 * [argocd admin export](argocd_admin_export.md)	 - Export all Argo CD data to stdout (default) or a file
 * [argocd admin import](argocd_admin_import.md)	 - Import Argo CD data from stdin (specify `-') or a file
+* [argocd admin initial-password](argocd_admin_initial-password.md)	 - Prints initial password to log in to Argo CD for the first time
 * [argocd admin notifications](argocd_admin_notifications.md)	 - Set of CLI commands that helps manage notifications settings
 * [argocd admin proj](argocd_admin_proj.md)	 - Manage projects configuration
 * [argocd admin repo](argocd_admin_repo.md)	 - Manage repositories configuration
--- a/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md
+++ b/docs/user-guide/commands/argocd_admin_app_get-reconcile-results.md
@@ -28,6 +28,7 @@ argocd admin app get-reconcile-results PATH [flags]
      --refresh                        If set to true then recalculates apps reconciliation
      --repo-server string             Repo server address.
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use
@@ -53,7 +54,6 @@ argocd admin app get-reconcile-results PATH [flags]
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --server string                   Argo CD server address
      --server-crt string               Server certificate file
 ```

--- a/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md
+++ b/docs/user-guide/commands/argocd_admin_cluster_kubeconfig.md
@@ -24,6 +24,7 @@ argocd admin cluster kubeconfig CLUSTER_URL OUTPUT_PATH [flags]
      --password string                Password for basic authentication to the API server
      --proxy-url string               If provided, this URL will be used to connect via proxy
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use
@@ -49,7 +50,6 @@ argocd admin cluster kubeconfig CLUSTER_URL OUTPUT_PATH [flags]
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --server string                   Argo CD server address
      --server-crt string               Server certificate file
 ```

--- a/docs/user-guide/commands/argocd_admin_cluster_namespaces.md
+++ b/docs/user-guide/commands/argocd_admin_cluster_namespaces.md
@@ -24,6 +24,7 @@ argocd admin cluster namespaces [flags]
      --password string                Password for basic authentication to the API server
      --proxy-url string               If provided, this URL will be used to connect via proxy
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use
@@ -49,7 +50,6 @@ argocd admin cluster namespaces [flags]
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --server string                   Argo CD server address
      --server-crt string               Server certificate file
 ```

--- a/docs/user-guide/commands/argocd_admin_cluster_namespaces_disable-namespaced-mode.md
+++ b/docs/user-guide/commands/argocd_admin_cluster_namespaces_disable-namespaced-mode.md
@@ -9,49 +9,49 @@ argocd admin cluster namespaces disable-namespaced-mode PATTERN [flags]
 ### Options

 ```
-      --dry-run   Print what will be performed (default true)
-  -h, --help      help for disable-namespaced-mode
+      --as string                      Username to impersonate for the operation
+      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --as-uid string                  UID to impersonate for the operation
+      --certificate-authority string   Path to a cert file for the certificate authority
+      --client-certificate string      Path to a client certificate file for TLS
+      --client-key string              Path to a client key file for TLS
+      --cluster string                 The name of the kubeconfig cluster to use
+      --context string                 The name of the kubeconfig context to use
+      --dry-run                        Print what will be performed (default true)
+  -h, --help                           help for disable-namespaced-mode
+      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
+  -n, --namespace string               If present, the namespace scope for this CLI request
+      --password string                Password for basic authentication to the API server
+      --proxy-url string               If provided, this URL will be used to connect via proxy
+      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
+      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
+      --token string                   Bearer token for authentication to the API server
+      --user string                    The name of the kubeconfig user to use
+      --username string                Username for basic authentication to the API server
 ```

 ### Options inherited from parent commands

 ```
-      --as string                       Username to impersonate for the operation
-      --as-group stringArray            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                   UID to impersonate for the operation
      --auth-token string               Authentication token
-      --certificate-authority string    Path to a cert file for the certificate authority
-      --client-certificate string       Path to a client certificate file for TLS
      --client-crt string               Client certificate file
      --client-crt-key string           Client certificate key file
-      --client-key string               Path to a client key file for TLS
-      --cluster string                  The name of the kubeconfig cluster to use
      --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")
-      --context string                  The name of the kubeconfig context to use
      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
      --insecure                        Skip server certificate and domain verification
-      --insecure-skip-tls-verify        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kube-context string             Directs the command to the given kube-context
-      --kubeconfig string               Path to a kube config. Only required if out-of-cluster
      --logformat string                Set the logging format. One of: text|json (default "text")
      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
-  -n, --namespace string                If present, the namespace scope for this CLI request
-      --password string                 Password for basic authentication to the API server
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --proxy-url string                If provided, this URL will be used to connect via proxy
-      --request-timeout string          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --server string                   The address and port of the Kubernetes API server
      --server-crt string               Server certificate file
-      --tls-server-name string          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --token string                    Bearer token for authentication to the API server
-      --user string                     The name of the kubeconfig user to use
-      --username string                 Username for basic authentication to the API server
 ```

 ### SEE ALSO
--- a/docs/user-guide/commands/argocd_admin_cluster_namespaces_enable-namespaced-mode.md
+++ b/docs/user-guide/commands/argocd_admin_cluster_namespaces_enable-namespaced-mode.md
@@ -9,51 +9,51 @@ argocd admin cluster namespaces enable-namespaced-mode PATTERN [flags]
 ### Options

 ```
-      --cluster-resources         Indicates if cluster level resources should be managed.
-      --dry-run                   Print what will be performed (default true)
-  -h, --help                      help for enable-namespaced-mode
-      --max-namespace-count int   Max number of namespaces that cluster should managed managed namespaces is less or equal to specified count
+      --as string                      Username to impersonate for the operation
+      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --as-uid string                  UID to impersonate for the operation
+      --certificate-authority string   Path to a cert file for the certificate authority
+      --client-certificate string      Path to a client certificate file for TLS
+      --client-key string              Path to a client key file for TLS
+      --cluster string                 The name of the kubeconfig cluster to use
+      --cluster-resources              Indicates if cluster level resources should be managed.
+      --context string                 The name of the kubeconfig context to use
+      --dry-run                        Print what will be performed (default true)
+  -h, --help                           help for enable-namespaced-mode
+      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
+      --max-namespace-count int        Max number of namespaces that cluster should managed managed namespaces is less or equal to specified count
+  -n, --namespace string               If present, the namespace scope for this CLI request
+      --password string                Password for basic authentication to the API server
+      --proxy-url string               If provided, this URL will be used to connect via proxy
+      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
+      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
+      --token string                   Bearer token for authentication to the API server
+      --user string                    The name of the kubeconfig user to use
+      --username string                Username for basic authentication to the API server
 ```

 ### Options inherited from parent commands

 ```
-      --as string                       Username to impersonate for the operation
-      --as-group stringArray            Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
-      --as-uid string                   UID to impersonate for the operation
      --auth-token string               Authentication token
-      --certificate-authority string    Path to a cert file for the certificate authority
-      --client-certificate string       Path to a client certificate file for TLS
      --client-crt string               Client certificate file
      --client-crt-key string           Client certificate key file
-      --client-key string               Path to a client key file for TLS
-      --cluster string                  The name of the kubeconfig cluster to use
      --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")
-      --context string                  The name of the kubeconfig context to use
      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
      --insecure                        Skip server certificate and domain verification
-      --insecure-skip-tls-verify        If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
      --kube-context string             Directs the command to the given kube-context
-      --kubeconfig string               Path to a kube config. Only required if out-of-cluster
      --logformat string                Set the logging format. One of: text|json (default "text")
      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
-  -n, --namespace string                If present, the namespace scope for this CLI request
-      --password string                 Password for basic authentication to the API server
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --proxy-url string                If provided, this URL will be used to connect via proxy
-      --request-timeout string          The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-      --server string                   The address and port of the Kubernetes API server
      --server-crt string               Server certificate file
-      --tls-server-name string          If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
-      --token string                    Bearer token for authentication to the API server
-      --user string                     The name of the kubeconfig user to use
-      --username string                 Username for basic authentication to the API server
 ```

 ### SEE ALSO
--- a/docs/user-guide/commands/argocd_admin_cluster_shards.md
+++ b/docs/user-guide/commands/argocd_admin_cluster_shards.md
@@ -38,6 +38,7 @@ argocd admin cluster shards [flags]
      --request-timeout string                The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
      --sentinel stringArray                  Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
      --sentinelmaster string                 Redis sentinel master group name. (default "master")
+      --server string                         The address and port of the Kubernetes API server
      --shard int                             Cluster shard filter (default -1)
      --tls-server-name string                If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
      --token string                          Bearer token for authentication to the API server
@@ -64,7 +65,6 @@ argocd admin cluster shards [flags]
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --server string                   Argo CD server address
      --server-crt string               Server certificate file
 ```

--- a/docs/user-guide/commands/argocd_admin_cluster_stats.md
+++ b/docs/user-guide/commands/argocd_admin_cluster_stats.md
@@ -38,6 +38,7 @@ argocd admin cluster stats [flags]
      --request-timeout string                The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
      --sentinel stringArray                  Redis sentinel hostname and port (e.g. argocd-redis-ha-announce-0:6379). 
      --sentinelmaster string                 Redis sentinel master group name. (default "master")
+      --server string                         The address and port of the Kubernetes API server
      --shard int                             Cluster shard filter (default -1)
      --tls-server-name string                If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
      --token string                          Bearer token for authentication to the API server
@@ -64,7 +65,6 @@ argocd admin cluster stats [flags]
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --server string                   Argo CD server address
      --server-crt string               Server certificate file
 ```

--- a/docs/user-guide/commands/argocd_admin_export.md
+++ b/docs/user-guide/commands/argocd_admin_export.md
@@ -25,6 +25,7 @@ argocd admin export [flags]
      --password string                Password for basic authentication to the API server
      --proxy-url string               If provided, this URL will be used to connect via proxy
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
      --token string                   Bearer token for authentication to the API server
      --user string                    The name of the kubeconfig user to use
@@ -50,7 +51,6 @@ argocd admin export [flags]
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --server string                   Argo CD server address
      --server-crt string               Server certificate file
 ```

--- a/docs/user-guide/commands/argocd_admin_import.md
+++ b/docs/user-guide/commands/argocd_admin_import.md
@@ -26,6 +26,7 @@ argocd admin import SOURCE [flags]
      --proxy-url string               If provided, this URL will be used to connect via proxy
      --prune                          Prune secrets, applications and projects which do not appear in the backup
      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
      --stop-operation                 Stop any existing operations
      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
      --token string                   Bearer token for authentication to the API server
@@ -53,7 +54,6 @@ argocd admin import SOURCE [flags]
      --plaintext                       Disable TLS
      --port-forward                    Connect to a random argocd-server port using port forwarding
      --port-forward-namespace string   Namespace name which should be used for port forwarding
-      --server string                   Argo CD server address
      --server-crt string               Server certificate file
 ```

--- a/docs/user-guide/commands/argocd_admin_initial-password.md
+++ b/docs/user-guide/commands/argocd_admin_initial-password.md
@@ -0,0 +1,59 @@
+## argocd admin initial-password
+
+Prints initial password to log in to Argo CD for the first time
+
+```
+argocd admin initial-password [flags]
+```
+
+### Options
+
+```
+      --as string                      Username to impersonate for the operation
+      --as-group stringArray           Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
+      --as-uid string                  UID to impersonate for the operation
+      --certificate-authority string   Path to a cert file for the certificate authority
+      --client-certificate string      Path to a client certificate file for TLS
+      --client-key string              Path to a client key file for TLS
+      --cluster string                 The name of the kubeconfig cluster to use
+      --context string                 The name of the kubeconfig context to use
+  -h, --help                           help for initial-password
+      --insecure-skip-tls-verify       If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
+      --kubeconfig string              Path to a kube config. Only required if out-of-cluster
+  -n, --namespace string               If present, the namespace scope for this CLI request
+      --password string                Password for basic authentication to the API server
+      --proxy-url string               If provided, this URL will be used to connect via proxy
+      --request-timeout string         The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
+      --server string                  The address and port of the Kubernetes API server
+      --tls-server-name string         If provided, this name will be used to validate server certificate. If this is not provided, hostname used to contact the server is used.
+      --token string                   Bearer token for authentication to the API server
+      --user string                    The name of the kubeconfig user to use
+      --username string                Username for basic authentication to the API server
+```
+
+### Options inherited from parent commands
+
+```
+      --auth-token string               Authentication token
+      --client-crt string               Client certificate file
+      --client-crt-key string           Client certificate key file
+      --config string                   Path to Argo CD config (default "/home/user/.config/argocd/config")
+      --core                            If set to true then CLI talks directly to Kubernetes instead of talking to Argo CD API server
+      --grpc-web                        Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2.
+      --grpc-web-root-path string       Enables gRPC-web protocol. Useful if Argo CD server is behind proxy which does not support HTTP2. Set web root.
+  -H, --header strings                  Sets additional header to all requests made by Argo CD CLI. (Can be repeated multiple times to add multiple headers, also supports comma separated headers)
+      --http-retry-max int              Maximum number of retries to establish http connection to Argo CD server
+      --insecure                        Skip server certificate and domain verification
+      --kube-context string             Directs the command to the given kube-context
+      --logformat string                Set the logging format. One of: text|json (default "text")
+      --loglevel string                 Set the logging level. One of: debug|info|warn|error (default "info")
+      --plaintext                       Disable TLS
+      --port-forward                    Connect to a random argocd-server port using port forwarding
+      --port-forward-namespace string   Namespace name which should be used for port forwarding
+      --server-crt string               Server certificate file
+```
+
+### SEE ALSO
+
+* [argocd admin](argocd_admin.md)	 - Contains a set of commands useful for Argo CD administrators and requires direct Kubernetes access
+
--- a/Show More
+++ b/Show More