diff --git a/CHANGELOG.md b/CHANGELOG.md
index 0cc235cee1426d99d44a87192cab9cc733686497..937cd7a66372e4a77610a29ca8b24d7ba68b5663 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,11 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [1.12.16-bb.0]
+### Changed
+- Bumped upstream chart version to 1.12.16
+- Fixed insecure SAML configuration issue
+
 ## [1.12.15-bb.1]
 ### Changed
 - Updated Redis dependency to 14.1.0-bb.0
diff --git a/chart/Chart.lock b/chart/Chart.lock
index 72874de0a0d2a3890815a4e8501a1c8d3811a56b..e7dfcb40965ae5a5cfae76e0c897df24a25e3204 100644
--- a/chart/Chart.lock
+++ b/chart/Chart.lock
@@ -10,6 +10,6 @@ dependencies:
   version: 14.1.0-bb.0
 - name: bb-test-lib
   repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates
-  version: 0.4.0
-digest: sha256:95fc02eb4c73428f58530043f2ccea983eb2de36c3e2bed6566deaff6552285c
-generated: "2021-06-11T14:51:29.578969-04:00"
+  version: 0.5.2
+digest: sha256:4b0f80a6ef5cabb741367909dc3f5c970844b55aeead2f7ce5fee46d515416b4
+generated: "2021-06-12T15:47:28.997659-04:00"
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 5f0ac866799cd3694e72aa866857fb49fe19e58f..c096a17ca371f3689e2826cb5bd82a76e754ee2c 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: anchore-engine
-version: 1.12.15-bb.1
+version: 1.12.16-bb.0
 appVersion: 0.9.4
 description: Anchore container analysis and policy evaluation engine service
 keywords:
@@ -38,5 +38,5 @@ dependencies:
    condition: anchore-ui-redis.enabled,anchoreEnterpriseGlobal.enabled
    alias: anchore-ui-redis
  - name: bb-test-lib
-   version: "0.4.0"
+   version: "0.5.2"
    repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates"
diff --git a/chart/Kptfile b/chart/Kptfile
index e44bd5e89d21e18a689cc3fc3f6ec9b66ffb47f9..81dc50d32e4e90f86bcab8f2776ce4df682356ff 100644
--- a/chart/Kptfile
+++ b/chart/Kptfile
@@ -5,7 +5,7 @@ metadata:
 upstream:
   type: git
   git:
-    commit: f50573427adb8d582eaea20c968bb0391cb79c48
+    commit: e2f7ea00c4fa078b93608c95b31ce71a4038aa96
     repo: https://github.com/anchore/anchore-charts
     directory: /stable/anchore-engine
-    ref: anchore-engine-1.12.15
+    ref: anchore-engine-1.12.16
diff --git a/chart/charts/bb-test-lib-0.4.0.tgz b/chart/charts/bb-test-lib-0.4.0.tgz
deleted file mode 100644
index 47269ecab02fec984f282a766ce13a2f7df2b98e..0000000000000000000000000000000000000000
Binary files a/chart/charts/bb-test-lib-0.4.0.tgz and /dev/null differ
diff --git a/chart/charts/bb-test-lib-0.5.2.tgz b/chart/charts/bb-test-lib-0.5.2.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..8dfbf00fe39fb381984557d13c29343c509f86b5
Binary files /dev/null and b/chart/charts/bb-test-lib-0.5.2.tgz differ
diff --git a/chart/charts/postgresql-1.0.1.tgz b/chart/charts/postgresql-1.0.1.tgz
index 89672a7c32ceaa26730e7451a05490010a0a6dcc..6e0d9b2e68dc0e8a9b6d4b8812e01d1171d029fd 100644
Binary files a/chart/charts/postgresql-1.0.1.tgz and b/chart/charts/postgresql-1.0.1.tgz differ
diff --git a/chart/charts/redis-14.1.0-bb.0.tgz b/chart/charts/redis-14.1.0-bb.0.tgz
index 17bf82418273919f219a9f3e18ebf21b8e9268ed..2315733aa09a5dabe1d7bb3c819c1e492f43b1d4 100644
Binary files a/chart/charts/redis-14.1.0-bb.0.tgz and b/chart/charts/redis-14.1.0-bb.0.tgz differ
diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index 53458ee65810988eba85f294bb831015d34a2f32..579c16794e19f6422d9a58b1b772178ee1aaa551 100755
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -166,15 +166,4 @@ Create chart name and version as used by the chart label.
 */}}
 {{- define "anchore.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Generate certificates for Anchore
-*/}}
-{{- define "anchore.gen-certs" -}}
-{{- $altNames := list ( printf "%s.%s" (include "anchore.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "anchore.name" .) .Release.Namespace ) -}}
-{{- $ca := genCA "anchore-ca" 365 -}}
-{{- $cert := genSignedCert ( include "anchore.name" . ) nil $altNames 365 $ca -}}
-tls.crt: {{ $cert.Cert | b64enc }}
-tls.key: {{ $cert.Key | b64enc }}
-{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/chart/templates/bigbang/anchore-cert.yaml b/chart/templates/bigbang/anchore-cert.yaml
deleted file mode 100644
index f6a604f21b944f35483897c47e76daf43cc54453..0000000000000000000000000000000000000000
--- a/chart/templates/bigbang/anchore-cert.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-{{- if .Values.anchoreGlobal.oauthEnabled }}
-{{- $component := "certs" -}}
-apiVersion: v1
-kind: Secret
-type: kubernetes.io/tls
-metadata:
-  name: anchore-certs
-  labels:
-    app: {{ template "anchore.name" . }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    release: {{ .Release.Name }}
-    heritage: {{ .Release.Service }}
-    component: {{ $component }}
-    {{- with .Values.anchoreGlobal.labels }}
-    {{ toYaml . | nindent 4 }}
-    {{- end }}
-  annotations:
-    "helm.sh/hook": "pre-install,pre-upgrade"
-    "helm.sh/hook-delete-policy": "before-hook-creation"
-data:
-{{ ( include "anchore.gen-certs" . ) | indent 2 }}
-{{- end }}
\ No newline at end of file
diff --git a/chart/templates/bigbang/anchore-vs.yaml b/chart/templates/bigbang/anchore-vs.yaml
index bd0327138ca947800ad86e62c78208aac4d8e80e..f1fcb17b10778805385c1f7a93da01b515bd008d 100644
--- a/chart/templates/bigbang/anchore-vs.yaml
+++ b/chart/templates/bigbang/anchore-vs.yaml
@@ -29,7 +29,7 @@ spec:
       route:
         - destination:
             port:
-              number: 80
+              number: {{ .Values.anchoreEnterpriseUi.service.port }}
             host: {{ .Release.Name }}-anchore-engine-enterprise-ui
 {{- end }}
 ---
@@ -63,7 +63,7 @@ spec:
       route:
         - destination:
             port:
-              number: 8228
+              number: {{ .Values.anchoreApi.service.port }} 
             host: {{ .Release.Name }}-anchore-engine-api
       fault:
         abort:
@@ -76,6 +76,6 @@ spec:
       route:
         - destination:
             port:
-              number: 8228
+              number: {{ .Values.anchoreApi.service.port }} 
             host: {{ .Release.Name }}-anchore-engine-api
 {{- end }}
diff --git a/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml b/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml
index dc1db2a6526b55d4e5bcd6d810b27f34ba3fab16..17d27b14f0f76711882ded3cff22c6525ac3948c 100644
--- a/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml
+++ b/chart/templates/bigbang/networkpolicies/allow-kube-dns.yaml
@@ -16,4 +16,7 @@ spec:
     - namespaceSelector: {} # all namespaces
     ports:
     - port: 53 # dns port
+      protocol: UDP
+    - port: 443
+      protocol: TCP
 {{- end }}
\ No newline at end of file
diff --git a/chart/templates/engine_configmap.yaml b/chart/templates/engine_configmap.yaml
index f2a3c85b4a86fd4e1c37b370851bf5ae0436b34a..8046f5d743fffde9cd05fcb6e6217a9f9cd46e27 100644
--- a/chart/templates/engine_configmap.yaml
+++ b/chart/templates/engine_configmap.yaml
@@ -231,7 +231,13 @@ data:
         ssl_key: "/home/anchore/certs/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretKeyName }}"
         {{- end }}
         runtime_inventory:
-          image_ttl_days: {{ .Values.anchoreCatalog.runtime_inventory.image_ttl_days }}
+          image_ttl_days: {{ .Values.anchoreCatalog.runtimeInventory.imageTTLDays }}
+          kubernetes:
+            report_anchore_cluster:
+              enabled: {{ .Values.anchoreCatalog.runtimeInventory.reportAnchoreCluster.enabled }}
+              anchore_cluster_name: {{ .Values.anchoreCatalog.runtimeInventory.reportAnchoreCluster.clusterName }}
+              namespaces:
+                {{- toYaml .Values.anchoreCatalog.runtimeInventory.reportAnchoreCluster.namespaces | nindent 16 }}
       simplequeue:
         enabled: true
         require_auth: true
diff --git a/chart/values.yaml b/chart/values.yaml
index da6a28fe06ff961bb78c62f7f04ae9549937c364..3a07a25f672666008a13f0894ec6403b32f2fbb9 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -251,7 +251,7 @@ anchoreGlobal:
   saml:
     # Locations for keys used for signing and encryption. Only one of 'secret' or 'privateKeyName'/'publicKeyName' needs to be set. If all are set then the keys take precedence over the secret value
     # Secret is for a shared secret and if set, all components in anchore should have the exact same value in their configs.
-    secret: anchore-certs
+    secret: Null
     # If set to true, use the secret specified in anchoreGlobal.existingSecret to set the ANCHORE_SAML_SECRET env variable
     useExistingSecret: false
     privateKeyName: Null
@@ -621,12 +621,21 @@ anchoreCatalog:
   tolerations: []
   affinity: {}
 
-  runtime_inventory:
+  runtimeInventory:
     # This setting tells Anchore how long an image can be missing from an inventory report before it is removed from
     # The working set. Note: The image will still have a historical record in the reports service, subject to data history
     # constraints as part of that service.
     # Note: if a runtime inventory image's digest is also in anchore for regular image analysis, it won't be removed.
-    image_ttl_days: 1
+    imageTTLDays: 1
+
+    # Since Anchore is running in Kubernetes, we can collect runtime inventory data out of the box
+    reportAnchoreCluster:
+      # If set to true, Anchore will use its own service-account to try and collect runtime inventory data for all namespaces
+      # Note: requires a value for clusterName to populate inventory image context
+      enabled: true
+      clusterName: anchore-k8s
+      namespaces:
+        - all
 
 # Pod configuration for the anchore engine policy service.
 anchorePolicyEngine:
diff --git a/docs/BBCHANGES.md b/docs/BBCHANGES.md
index 61d229d3840eb7cc396a1bedad7552c7f04708a3..32ec614b12373701bcb1a36355f1911265c6e1f4 100644
--- a/docs/BBCHANGES.md
+++ b/docs/BBCHANGES.md
@@ -146,14 +146,6 @@ anchoreEnterpriseRbac:
 
 ## Other Modifications
 
-To support the BigBang wrapper to simplify SSO setup the following global saml option needs to bet set:
-
-```yaml
-anchoreGlobal:
-  saml:
-    secret: anchore-certs
-```
-
 The following block needs to be added to the end of the _helpers.tpl file:
 
 ```yaml
@@ -170,17 +162,6 @@ Create chart name and version as used by the chart label.
 {{- define "anchore.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
-
-{{/*
-Generate certificates for Anchore
-*/}}
-{{- define "anchore.gen-certs" -}}
-{{- $altNames := list ( printf "%s.%s" (include "anchore.name" .) .Release.Namespace ) ( printf "%s.%s.svc" (include "anchore.name" .) .Release.Namespace ) -}}
-{{- $ca := genCA "anchore-ca" 365 -}}
-{{- $cert := genSignedCert ( include "anchore.name" . ) nil $altNames 365 $ca -}}
-tls.crt: {{ $cert.Cert | b64enc }}
-tls.key: {{ $cert.Key | b64enc }}
-{{- end -}}
 ```
 
 In `chart/templates/engine_configmap.yaml`, modify the metrics lines as such:
diff --git a/tests/test-values.yml b/tests/test-values.yml
index ef17dcd2a7717339381d31d6ec3088c3fc3c020a..c6eabfa38d27f1e5feccc50eab997f004ba250d1 100644
--- a/tests/test-values.yml
+++ b/tests/test-values.yml
@@ -23,7 +23,9 @@ bbtests:
 postgresql:
   enabled: true
 
-# anchoreGlobal:
+anchoreGlobal:
+  saml:
+    secret: ci-testing-only
 
 anchoreAnalyzer:
   replicaCount: 1