Merge branch 'main' into dependabot/go_modules/github.com/golang/glog-1.1.2

8 months ago · 3ca24ff322
parent cb47726d67 2b466ab239
commit 3ca24ff322
8 changed files with 18 additions and 13 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@ -95,7 +95,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: Dry-run release snapshot
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser
          version: v1.7.0
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@ -17,7 +17,7 @@ jobs:
      - name: Check Out Repo
        uses: actions/checkout@v3
      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        id: buildx
        uses: docker/setup-buildx-action@v2
@ -41,7 +41,7 @@ jobs:
          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
      - name: Get version
        id: get_version
-        uses: crazy-max/ghaction-docker-meta@v4
+        uses: crazy-max/ghaction-docker-meta@v5
        with:
          images: ${{ env.REP }}
          tag-semver: |
@ -49,7 +49,7 @@ jobs:

      - name: Build and push - Docker/ECR
        id: docker_build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
@ -67,7 +67,7 @@ jobs:

      - name: Build and push ubi image - Docker/ECR
        id: docker_build_ubi
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
@ -86,7 +86,7 @@ jobs:

      - name: Build and push fips ubi image - Docker/ECR
        id: docker_build_fips_ubi
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -44,7 +44,7 @@ jobs:
          second_file_path: integration/testdata/Expected_output.data
          expected_result: PASSED
      - name: Release
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser
          version: v1.7.0
--- a/4
+++ b/4
@ -1,4 +1,4 @@
-FROM golang:1.20.6 AS build
+FROM golang:1.21.1 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
@ -9,7 +9,7 @@ COPY internal/ internal/
 ARG KUBEBENCH_VERSION
 RUN make build && cp kube-bench /go/bin/kube-bench

-FROM alpine:3.18.2 AS run
+FROM alpine:3.18.3 AS run
 WORKDIR /opt/kube-bench/
 # add GNU ps for -C, -o cmd, and --no-headers support
 # https://github.com/aquasecurity/kube-bench/issues/109
--- a/Dockerfile.fips.ubi
+++ b/Dockerfile.fips.ubi
@ -1,4 +1,4 @@
-FROM golang:1.20.6 AS build
+FROM golang:1.21.1 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
--- a/Dockerfile.ubi
+++ b/Dockerfile.ubi
@ -1,4 +1,4 @@
-FROM golang:1.20.6 AS build
+FROM golang:1.21.1 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
--- a/README.md
+++ b/README.md
@ -24,7 +24,12 @@ Tests are configured with YAML files, making this tool easy to update as test sp

 ![Kubernetes Bench for Security](/docs/images/output.png "Kubernetes Bench for Security")

-### Quick start
+## CIS Scanning as part of Trivy and the Trivy Operator
+
+[Trivy](https://github.com/aquasecurity/trivy), the all in one cloud native security scanner, can be deployed as a [Kubernetes Operator](https://github.com/aquasecurity/trivy-operator) inside a cluster.
+Both, the [Trivy CLI](https://github.com/aquasecurity/trivy), and the [Trivy Operator](https://github.com/aquasecurity/trivy-operator) support CIS Kubernetes Benchmark scanning among several other features.
+
+## Quick start

 There are multiple ways to run kube-bench.
 You can run kube-bench inside a pod, but it will need access to the host's PID namespace in order to check the running processes, as well as access to some directories on the host where config files and other files are stored.
--- a/job.yaml
+++ b/job.yaml
@ -11,7 +11,7 @@ spec:
    spec:
      containers:
        - command: ["kube-bench"]
-          image: docker.io/aquasec/kube-bench:v0.6.17
+          image: docker.io/aquasec/kube-bench:v0.6.19
          name: kube-bench
          volumeMounts:
            - mountPath: /var/lib/etcd