diff --git a/.semgrepignore b/.semgrepignore
new file mode 100644
index 000000000..ac89c5897
--- /dev/null
+++ b/.semgrepignore
@@ -0,0 +1 @@
+tools/k8s_collectors/k8s-splunk-collector-helper.py
diff --git a/docs/index.yaml b/docs/index.yaml
index d21cb07ab..49ccc8b33 100644
--- a/docs/index.yaml
+++ b/docs/index.yaml
@@ -3,14 +3,14 @@ entries:
   splunk-enterprise:
   - apiVersion: v2
     appVersion: 2.3.0
-    created: "2023-07-07T15:18:57.351488-07:00"
+    created: "2023-07-25T15:50:32.734375-07:00"
     dependencies:
     - condition: splunk-operator.enabled
       name: splunk-operator
       repository: file://splunk-operator/helm-chart/splunk-operator
       version: 2.3.0
     description: A Helm chart for Splunk Enterprise managed by the Splunk Operator
-    digest: 2fa1bf4cc3bb2223a19fb583d12eac7e8bf4b9ad8e97370e2cfbb11e31e7a7e1
+    digest: 589aeff022db846bb284d2c74ada95a7dd79949546238d7854f8e80163445d56
     maintainers:
     - email: vivekr@splunk.com
       name: Vivek Reddy
@@ -25,7 +25,7 @@ entries:
     version: 2.3.0
   - apiVersion: v2
     appVersion: 2.2.1
-    created: "2023-07-07T15:18:57.32849-07:00"
+    created: "2023-07-25T15:50:32.719883-07:00"
     dependencies:
     - condition: splunk-operator.enabled
       name: splunk-operator
@@ -40,7 +40,7 @@ entries:
     version: 2.2.1
   - apiVersion: v2
     appVersion: 2.2.0
-    created: "2023-07-07T15:18:57.315879-07:00"
+    created: "2023-07-25T15:50:32.704801-07:00"
     dependencies:
     - condition: splunk-operator.enabled
       name: splunk-operator
@@ -55,7 +55,7 @@ entries:
     version: 2.2.0
   - apiVersion: v2
     appVersion: 2.1.0
-    created: "2023-07-07T15:18:57.293892-07:00"
+    created: "2023-07-25T15:50:32.677517-07:00"
     dependencies:
     - condition: splunk-operator.enabled
       name: splunk-operator
@@ -71,9 +71,9 @@ entries:
   splunk-operator:
   - apiVersion: v2
     appVersion: 2.3.0
-    created: "2023-07-07T15:18:57.398576-07:00"
+    created: "2023-07-25T15:50:32.785117-07:00"
     description: A Helm chart for the Splunk Operator for Kubernetes
-    digest: 60ff3c0f8c1bd6e1edb8cd977a3e03672dc356707d15f876e7740f782d1fa9aa
+    digest: f2f9ef0149f093bb56f69c967388086ab799d40a543ea1ea4e398fe16a99927e
     maintainers:
     - email: vivekr@splunk.com
       name: Vivek Reddy
@@ -88,7 +88,7 @@ entries:
     version: 2.3.0
   - apiVersion: v2
     appVersion: 2.2.1
-    created: "2023-07-07T15:18:57.385543-07:00"
+    created: "2023-07-25T15:50:32.772364-07:00"
     description: A Helm chart for the Splunk Operator for Kubernetes
     digest: 8868b9ae2ebde0c667b13c97d71d904a31b5a9f2c803b199bc77324f1727e1fd
     name: splunk-operator
@@ -98,7 +98,7 @@ entries:
     version: 2.2.1
   - apiVersion: v2
     appVersion: 2.2.0
-    created: "2023-07-07T15:18:57.371568-07:00"
+    created: "2023-07-25T15:50:32.759549-07:00"
     description: A Helm chart for the Splunk Operator for Kubernetes
     digest: 49c72276bd7ff93465b0545d8b0814f684cade7d2cd191b6d73d4c3660bd1fb4
     name: splunk-operator
@@ -108,7 +108,7 @@ entries:
     version: 2.2.0
   - apiVersion: v2
     appVersion: 2.1.0
-    created: "2023-07-07T15:18:57.36171-07:00"
+    created: "2023-07-25T15:50:32.747409-07:00"
     description: A Helm chart for the Splunk Operator for Kubernetes
     digest: 34e5463f8f5442655d05cb616b50391b738a0827b30d8440b4c7fce99a291d9a
     name: splunk-operator
@@ -116,4 +116,4 @@ entries:
     urls:
     - https://splunk.github.io/splunk-operator/splunk-operator-1.0.0.tgz
     version: 1.0.0
-generated: "2023-07-07T15:18:57.277398-07:00"
+generated: "2023-07-25T15:50:32.661115-07:00"
diff --git a/docs/splunk-enterprise-2.3.0.tgz b/docs/splunk-enterprise-2.3.0.tgz
index 3b99921f6..7ed8aab71 100644
Binary files a/docs/splunk-enterprise-2.3.0.tgz and b/docs/splunk-enterprise-2.3.0.tgz differ
diff --git a/docs/splunk-operator-2.3.0.tgz b/docs/splunk-operator-2.3.0.tgz
index 0d2ad5d81..92293439b 100644
Binary files a/docs/splunk-operator-2.3.0.tgz and b/docs/splunk-operator-2.3.0.tgz differ
diff --git a/helm-chart/splunk-enterprise/charts/splunk-operator-2.3.0.tgz b/helm-chart/splunk-enterprise/charts/splunk-operator-2.3.0.tgz
index 0d2ad5d81..92293439b 100644
Binary files a/helm-chart/splunk-enterprise/charts/splunk-operator-2.3.0.tgz and b/helm-chart/splunk-enterprise/charts/splunk-operator-2.3.0.tgz differ
diff --git a/helm-chart/splunk-enterprise/charts/splunk-operator-2.3.tgz b/helm-chart/splunk-enterprise/charts/splunk-operator-2.3.tgz
deleted file mode 100644
index 0826d3988..000000000
Binary files a/helm-chart/splunk-enterprise/charts/splunk-operator-2.3.tgz and /dev/null differ
diff --git a/pkg/splunk/enterprise/cp.go b/pkg/splunk/enterprise/cp.go
index e498d23cb..8bb0284e8 100644
--- a/pkg/splunk/enterprise/cp.go
+++ b/pkg/splunk/enterprise/cp.go
@@ -19,6 +19,7 @@ import (
 	"archive/tar"
 	"io"
 	"os"
+	"path/filepath"
 )
 
 var cpMakeTar = func(src localPath, dest remotePath, writer io.Writer) error {
@@ -85,7 +86,7 @@ func recursiveTar(srcDir, srcFile localPath, destDir, destFile remotePath, tw *t
 			if err := tw.WriteHeader(hdr); err != nil {
 				return err
 			}
-
+			fpath = filepath.Clean(fpath)
 			f, err := os.Open(fpath)
 			if err != nil {
 				return err
diff --git a/pkg/splunk/enterprise/util.go b/pkg/splunk/enterprise/util.go
index 35c1f3cbf..ec9199f4b 100644
--- a/pkg/splunk/enterprise/util.go
+++ b/pkg/splunk/enterprise/util.go
@@ -427,7 +427,7 @@ func createAppDownloadDir(ctx context.Context, path string) error {
 	scopedLog := reqLogger.WithName("createAppDownloadDir").WithValues("path", path)
 	_, err := os.Stat(path)
 	if errors.Is(err, os.ErrNotExist) {
-		errDir := os.MkdirAll(path, 0755)
+		errDir := os.MkdirAll(path, 0700)
 		if errDir != nil {
 			scopedLog.Error(errDir, "Unable to create directory at path")
 			return errDir
@@ -447,7 +447,7 @@ func getAvailableDiskSpace(ctx context.Context) (uint64, error) {
 	if err != nil {
 		scopedLog.Error(err, "There is no default volume configured for the App framework, use the temporary location", "dir", TmpAppDownloadDir)
 		splcommon.AppDownloadVolume = TmpAppDownloadDir
-		err = os.MkdirAll(splcommon.AppDownloadVolume, 0755)
+		err = os.MkdirAll(splcommon.AppDownloadVolume, 0700)
 		if err != nil {
 			scopedLog.Error(err, "Unable to create the directory", "dir", splcommon.AppDownloadVolume)
 			return 0, err
diff --git a/tools/k8s_collectors/k8s-splunk-collector-helper.py b/tools/k8s_collectors/k8s-splunk-collector-helper.py
index f9b5edf87..6807b2fed 100755
--- a/tools/k8s_collectors/k8s-splunk-collector-helper.py
+++ b/tools/k8s_collectors/k8s-splunk-collector-helper.py
@@ -1,16 +1,17 @@
 from __future__ import print_function
 import os
+import shlex
 import sys, getopt
 import subprocess
 
-def executeShellCommand(command):
-   stream = subprocess.popen(command).wait()
+def executeKubectlCommand(command):
+   stream = subprocess.Popen(["kubectl", command]).wait()
    output = stream.read()
    return output
 
 
 def runAndCollectDiag(collectDir, podDiagsDir, pod):
-    output = executeShellCommand("kubectl exec --stdin %s -- /opt/splunk/bin/splunk diag;" % pod)
+    output = executeKubectlCommand("exec --stdin %s -- /opt/splunk/bin/splunk diag;" % pod)
     for line in output.splitlines():
         words = line.split()
         if len(words) > 4 and "Splunk diagnosis file created:" in line:
@@ -21,11 +22,11 @@ def runAndCollectDiag(collectDir, podDiagsDir, pod):
             if len(dirs) >= 2 and len(dirs[3]) > 0:
                 diagFile = dirs[3]
 
-            #Copy the diag over            
-            executeShellCommand("kubectl cp %s:%s %s/%s/%s" % (pod, diagFileFullPath, collectDir, podDiagsDir, diagFile))
+            #Copy the diag over
+            executeKubectlCommand("cp %s:%s %s/%s/%s" % (pod, diagFileFullPath, collectDir, podDiagsDir, diagFile))
 
             #Delete the diag
-            executeShellCommand("kubectl exec --stdin %s -- rm -rf %s" % (pod, diagFileFullPath))
+            executeKubectlCommand("exec --stdin %s -- rm -rf %s" % (pod, diagFileFullPath))
 
 def main(argv):
     #Define required variables
@@ -49,10 +50,10 @@ def main(argv):
             collectDir = arg
 
     # Collect logs from the operator
-    output = executeShellCommand("kubectl logs deployment/splunk-operator-controller-manager manager > %s/%s/operator.log" % (collectDir, podLogsDir))
-    output = executeShellCommand("kubectl logs -l app.kubernetes.io/managed-by=splunk-operator --tail -1 > %s/%s/splunkEnterprisePods.log" % (collectDir, podLogsDir))
+    output = executeKubectlCommand("logs deployment/splunk-operator-controller-manager manager > %s/%s/operator.log" % (collectDir, podLogsDir))
+    output = executeKubectlCommand("logs -l app.kubernetes.io/managed-by=splunk-operator --tail -1 > %s/%s/splunkEnterprisePods.log" % (collectDir, podLogsDir))
 
-    output = executeShellCommand("kubectl get pods")
+    output = executeKubectlCommand("kubectl get pods")
     for line in output.splitlines():
         words = line.split()
         if "splunk" in words[0]:
@@ -61,11 +62,11 @@ def main(argv):
             #ensure container is specified for the operator
             if "operator" in pod:
                 opPod = pod + " -c manager"
-                executeShellCommand("kubectl logs %s > %s/%s/%s.log" % (opPod, collectDir, podLogsDir, pod))
+                executeKubectlCommand("logs %s > %s/%s/%s.log" % (opPod, collectDir, podLogsDir, pod))
                 continue
 
             # Collect logs from pod
-            executeShellCommand("kubectl logs %s > %s/%s/%s.log" % (pod, collectDir, podLogsDir, pod))
+            executeKubectlCommand("logs %s > %s/%s/%s.log" % (pod, collectDir, podLogsDir, pod))
 
             # Collect diag and save diag from all Splunk Instances
             if collectDiag == "true":