2021-06-09 08:17:54 +00:00
<!doctype html>
< html lang = "en" class = "no-js" >
< head >
< meta charset = "utf-8" >
< meta name = "viewport" content = "width=device-width,initial-scale=1" >
< meta name = "description" content = "Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark" >
< link rel = "canonical" href = "https://aquasecurity.github.io/kube-bench/dev/" >
< link rel = "icon" href = "assets/images/favicon.png" >
< meta name = "generator" content = "mkdocs-1.2, mkdocs-material-7.1.7+insiders-2.9.2" >
< title > Kube-bench< / title >
< link rel = "stylesheet" href = "assets/stylesheets/main.92048cb8.min.css" >
< link rel = "stylesheet" href = "assets/stylesheets/palette.73e53a79.min.css" >
< link rel = "preconnect" href = "https://fonts.gstatic.com" crossorigin >
< link rel = "stylesheet" href = "https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback" >
< style > : root { --md-text-font-family : "Roboto" ; --md-code-font-family : "Roboto Mono" } < / style >
< / head >
< body dir = "ltr" data-md-color-scheme = "" data-md-color-primary = "none" data-md-color-accent = "none" >
< script > function _ _scope ( t , e = "." ) { return new URL ( e , location ) . pathname + "." + t } function _ _get ( t , e = localStorage , n ) { return JSON . parse ( e . getItem ( _ _scope ( t , n ) ) ) } function _ _set ( t , e , n = localStorage , o ) { try { n . setItem ( _ _scope ( t , o ) , JSON . stringify ( e ) ) } catch ( t ) { } } < / script >
< input class = "md-toggle" data-md-toggle = "drawer" type = "checkbox" id = "__drawer" autocomplete = "off" >
< input class = "md-toggle" data-md-toggle = "search" type = "checkbox" id = "__search" autocomplete = "off" >
< label class = "md-overlay" for = "__drawer" > < / label >
< div data-md-component = "skip" >
< a href = "#kube-bench" class = "md-skip" >
Skip to content
< / a >
< / div >
< div data-md-component = "announce" >
< / div >
< div data-md-component = "outdated" hidden >
< aside class = "md-banner md-banner--warning" >
< / aside >
< / div >
< header class = "md-header" data-md-component = "header" >
< nav class = "md-header__inner md-grid" aria-label = "Header" >
< a href = "." title = "Kube-bench" class = "md-header__button md-logo" aria-label = "Kube-bench" data-md-component = "logo" >
< img src = "images/kube-bench-logo-only.png" alt = "logo" >
< / a >
< label class = "md-header__button md-icon" for = "__drawer" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z" / > < / svg >
< / label >
< div class = "md-header__title" data-md-component = "header-title" >
< div class = "md-header__ellipsis" >
< div class = "md-header__topic" >
< span class = "md-ellipsis" >
Kube-bench
< / span >
< / div >
< div class = "md-header__topic" data-md-component = "header-topic" >
< span class = "md-ellipsis" >
Overview
< / span >
< / div >
< / div >
< / div >
< label class = "md-header__button md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg >
< / label >
< div class = "md-search" data-md-component = "search" role = "dialog" >
< label class = "md-search__overlay" for = "__search" > < / label >
< div class = "md-search__inner" role = "search" >
< form class = "md-search__form" name = "search" >
< input type = "text" class = "md-search__input" name = "query" aria-label = "Search" placeholder = "Search" autocapitalize = "off" autocorrect = "off" autocomplete = "off" spellcheck = "false" data-md-component = "search-query" required >
< label class = "md-search__icon md-icon" for = "__search" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z" / > < / svg >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z" / > < / svg >
< / label >
< nav class = "md-search__options" aria-label = "Search" >
< button type = "reset" class = "md-search__icon md-icon" aria-label = "Clear" tabindex = "-1" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z" / > < / svg >
< / button >
< / nav >
< / form >
< div class = "md-search__output" >
< div class = "md-search__scrollwrap" data-md-scrollfix >
< div class = "md-search-result" data-md-component = "search-result" >
< div class = "md-search-result__meta" >
Initializing search
< / div >
< ol class = "md-search-result__list" > < / ol >
< / div >
< / div >
< / div >
< / div >
< / div >
< div class = "md-header__source" >
< a href = "https://github.com/aquasecurity/kube-bench/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z" / > < / svg >
< / div >
< div class = "md-source__repository" >
GitHub
< / div >
< / a >
< / div >
< / nav >
< / header >
< div class = "md-container" data-md-component = "container" >
< main class = "md-main" data-md-component = "main" >
< div class = "md-main__inner md-grid" >
< div class = "md-sidebar md-sidebar--primary" data-md-component = "sidebar" data-md-type = "navigation" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--primary" aria-label = "Navigation" data-md-level = "0" >
< label class = "md-nav__title" for = "__drawer" >
< a href = "." title = "Kube-bench" class = "md-nav__button md-logo" aria-label = "Kube-bench" data-md-component = "logo" >
< img src = "images/kube-bench-logo-only.png" alt = "logo" >
< / a >
Kube-bench
< / label >
< div class = "md-nav__source" >
< a href = "https://github.com/aquasecurity/kube-bench/" title = "Go to repository" class = "md-source" data-md-component = "source" >
< div class = "md-source__icon md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 448 512" > < path d = "M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81z" / > < / svg >
< / div >
< div class = "md-source__repository" >
GitHub
< / div >
< / a >
< / div >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item md-nav__item--active" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "toc" type = "checkbox" id = "__toc" >
< a href = "." class = "md-nav__link md-nav__link--active" >
Overview
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_2" type = "checkbox" id = "__nav_2" >
< label class = "md-nav__link" for = "__nav_2" >
Getting Started
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Getting Started" data-md-level = "1" >
< label class = "md-nav__title" for = "__nav_2" >
< span class = "md-nav__icon md-icon" > < / span >
Getting Started
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
2021-06-09 11:56:03 +00:00
< a href = "installation/" class = "md-nav__link" >
2021-06-09 08:17:54 +00:00
Installation
< / a >
< / li >
< li class = "md-nav__item" >
2021-06-09 11:56:03 +00:00
< a href = "platforms/" class = "md-nav__link" >
2021-06-09 08:17:54 +00:00
Platforms
< / a >
< / li >
< li class = "md-nav__item" >
2021-06-09 11:56:03 +00:00
< a href = "running/" class = "md-nav__link" >
2021-06-09 08:17:54 +00:00
How to run
< / a >
< / li >
< li class = "md-nav__item" >
< a href = "asff/" class = "md-nav__link" >
ASFF
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
2021-06-09 11:56:03 +00:00
< a href = "flags_and_commands.md" class = "md-nav__link" >
2021-06-09 08:17:54 +00:00
Flags
< / a >
< / li >
< li class = "md-nav__item md-nav__item--nested" >
< input class = "md-nav__toggle md-toggle" data-md-toggle = "__nav_4" type = "checkbox" id = "__nav_4" >
< label class = "md-nav__link" for = "__nav_4" >
Configuration Options
< span class = "md-nav__icon md-icon" > < / span >
< / label >
< nav class = "md-nav" aria-label = "Configuration Options" data-md-level = "1" >
< label class = "md-nav__title" for = "__nav_4" >
< span class = "md-nav__icon md-icon" > < / span >
Configuration Options
< / label >
< ul class = "md-nav__list" data-md-scrollfix >
< li class = "md-nav__item" >
2021-06-09 11:56:03 +00:00
< a href = "controls/" class = "md-nav__link" >
2021-06-09 08:17:54 +00:00
Understanding the yamls
< / a >
< / li >
< li class = "md-nav__item" >
2021-06-09 11:56:03 +00:00
< a href = "architecture/" class = "md-nav__link" >
2021-06-09 08:17:54 +00:00
Architecture
< / a >
< / li >
< / ul >
< / nav >
< / li >
< li class = "md-nav__item" >
2021-06-09 11:56:03 +00:00
< a href = "contributing.md" class = "md-nav__link" >
2021-06-09 08:17:54 +00:00
Contributing
< / a >
< / li >
< / ul >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-sidebar md-sidebar--secondary" data-md-component = "sidebar" data-md-type = "toc" >
< div class = "md-sidebar__scrollwrap" >
< div class = "md-sidebar__inner" >
< nav class = "md-nav md-nav--secondary" aria-label = "Table of contents" >
< / nav >
< / div >
< / div >
< / div >
< div class = "md-content" data-md-component = "content" >
< article class = "md-content__inner md-typeset" >
< p > < img alt = "Kube-bench Logo" src = "images/kube-bench.jpg" / >
< a href = "https://github.com/aquasecurity/kube-bench/releases" > < img alt = "GitHub Release" src = "https://img.shields.io/github/release/aquasecurity/kube-bench.svg?logo=github" / > < / a >
< img alt = "Downloads" src = "https://img.shields.io/github/downloads/aquasecurity/kube-bench/total?logo=github" / >
< img alt = "Docker Pulls" src = "https://img.shields.io/docker/pulls/aquasec/kube-bench?logo=docker&label=docker%20pulls%20%2F%20kube-bench" / >
[< img alt = "Go Report Card" src = "https://goreportcard.com/badge/github.com/aquasecurity/kube-bench" / > ]< a href = "https://goreportcard.com/report/github.com/aquasecurity/kube-bench" > report-card< / a >
< a href = "https://github.com/aquasecurity/kube-bench/actions" > < img alt = "Build Status" src = "https://github.com/aquasecurity/kube-bench/workflows/Build/badge.svg?branch=main" / > < / a >
< a href = "https://github.com/aquasecurity/kube-bench/blob/main/LICENSE" > < img alt = "License" src = "https://img.shields.io/badge/License-Apache%202.0-blue.svg" / > < / a >
< a href = "https://microbadger.com/images/aquasec/kube-bench" title = "Get your own image badge on microbadger.com" > < img alt = "Docker image" src = "https://images.microbadger.com/badges/image/aquasec/kube-bench.svg" / > < / a >
< a href = "https://microbadger.com/images/aquasec/kube-bench" > < img alt = "Source commit" src = "https://images.microbadger.com/badges/commit/aquasec/kube-bench.svg" / > < / a >
< a href = "https://codecov.io/github/aquasecurity/kube-bench" > < img alt = "Coverage Status" src = "https://codecov.io/github/aquasecurity/kube-bench/branch/main/graph/badge.svg" / > < / a > < / p >
< h1 id = "kube-bench" > Kube-bench< / h1 >
< p > kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the < a href = "https://www.cisecurity.org/benchmark/kubernetes/" > CIS Kubernetes Benchmark< / a > .< / p >
< p > Tests are configured with YAML files, making this tool easy to update as test specifications evolve.< / p >
< ol >
< li >
< p > kube-bench implements the < a href = "https://www.cisecurity.org/benchmark/kubernetes/" > CIS Kubernetes Benchmark< / a > as closely as possible. Please raise issues here if kube-bench is not correctly implementing the test as described in the Benchmark. To report issues in the Benchmark itself (for example, tests that you believe are inappropriate), please join the < a href = "https://cisecurity.org" > CIS community< / a > .< / p >
< / li >
< li >
< p > There is not a one-to-one mapping between releases of Kubernetes and releases of the CIS benchmark. See < a href = "#cis-kubernetes-benchmark-support" > CIS Kubernetes Benchmark support< / a > to see which releases of Kubernetes are covered by different releases of the benchmark.< / p >
< / li >
< li >
< p > It is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS, AKS and ACK, using kube-bench as one does not have access to such nodes, although it is still possible to use kube-bench to check worker node configuration in these environments.< / p >
< / li >
< / ol >
< p > For help and more information go to our < a href = "https://github.com/aquasecurity/kube-bench/discussions/categories/q-a" > github discussions q& a< / a > < / p >
< / article >
< / div >
< / div >
< / main >
< footer class = "md-footer" >
< nav class = "md-footer__inner md-grid" aria-label = "Footer" >
2021-06-09 11:56:03 +00:00
< a href = "installation/" class = "md-footer__link md-footer__link--next" aria-label = "Next: Installation" rel = "next" >
2021-06-09 08:17:54 +00:00
< div class = "md-footer__title" >
< div class = "md-ellipsis" >
< span class = "md-footer__direction" >
Next
< / span >
2021-06-09 11:56:03 +00:00
Installation
2021-06-09 08:17:54 +00:00
< / div >
< / div >
< div class = "md-footer__button md-icon" >
< svg xmlns = "http://www.w3.org/2000/svg" viewBox = "0 0 24 24" > < path d = "M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z" / > < / svg >
< / div >
< / a >
< / nav >
< div class = "md-footer-meta md-typeset" >
< div class = "md-footer-meta__inner md-grid" >
< div class = "md-footer-copyright" >
< / div >
< / div >
< / div >
< / footer >
< / div >
< div class = "md-dialog" data-md-component = "dialog" >
< div class = "md-dialog__inner md-typeset" > < / div >
< / div >
< script id = "__config" type = "application/json" > { "base" : "." , "features" : [ ] , "translations" : { "clipboard.copy" : "Copy to clipboard" , "clipboard.copied" : "Copied to clipboard" , "search.config.lang" : "en" , "search.config.pipeline" : "trimmer, stopWordFilter" , "search.config.separator" : "[\\s\\-]+" , "search.placeholder" : "Search" , "search.result.placeholder" : "Type to start searching" , "search.result.none" : "No matching documents" , "search.result.one" : "1 matching document" , "search.result.other" : "# matching documents" , "search.result.more.one" : "1 more on this page" , "search.result.more.other" : "# more on this page" , "search.result.term.missing" : "Missing" , "select.version.title" : "Select version" } , "search" : "assets/javascripts/workers/search.df8cae7d.min.js" , "version" : { "method" : "mike" , "provider" : "mike" } } < / script >
< script src = "assets/javascripts/bundle.82217815.min.js" > < / script >
< / body >
< / html >
