dependabot[bot]
e2e1566a35
Bump github.com/aws/aws-sdk-go from 1.40.14 to 1.40.18 ( #957 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.40.14 to 1.40.18.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.14...v1.40.18 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-11 12:45:13 +03:00
dependabot[bot]
ee1fd825a7
Bump alpine from 3.14.0 to 3.14.1 ( #956 )
...
Bumps alpine from 3.14.0 to 3.14.1.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-10 12:04:15 +03:00
Matthieu MOREL
b1119f588e
chore(ci) update k8s.io/client-go and github.com/spf13/cobra to latest ( #955 )
...
* Update github.com/spf13/cobra
* chore(ci) update k8s.io/client-go and github.com/spf13/cobra to latest
2021-08-09 17:40:21 +03:00
Matthieu MOREL
c91a9434c0
Update Gorm ( #950 )
...
* Migrate from github.com/jinzhu/gorm to gorm.io/gorm
* apply gofmt
* github.com/aws/aws-sdk-go
* fix
2021-08-09 11:40:01 +03:00
dependabot[bot]
42da8c681c
Bump github.com/aws/aws-sdk-go from 1.40.13 to 1.40.14 ( #949 )
...
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.40.13 to 1.40.14.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.13...v1.40.14 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 17:07:56 +03:00
Matthieu MOREL
8ac8ebfc2a
Update Dependencies ( #941 )
...
* Create dependabot.yml
* Bump crazy-max/ghaction-docker-meta from 1 to 3.4.0 (#1 )
Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta ) from 1 to 3.4.0.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases )
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md )
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v1...v3.4.0 )
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update .yamllint.yaml
* Update .yamllint.yaml
* Update dependabot.yml
* Update dependabot.yml
* Bump github.com/onsi/ginkgo from 1.10.1 to 1.16.4 (#2 )
Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo ) from 1.10.1 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases )
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md )
- [Commits](https://github.com/onsi/ginkgo/compare/v1.10.1...v1.16.4 )
---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/stretchr/testify from 1.4.0 to 1.7.0 (#4 )
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify ) from 1.4.0 to 1.7.0.
- [Release notes](https://github.com/stretchr/testify/releases )
- [Commits](https://github.com/stretchr/testify/compare/v1.4.0...v1.7.0 )
---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/fatih/color from 1.5.0 to 1.12.0 (#6 )
Bumps [github.com/fatih/color](https://github.com/fatih/color ) from 1.5.0 to 1.12.0.
- [Release notes](https://github.com/fatih/color/releases )
- [Commits](https://github.com/fatih/color/compare/v1.5.0...v1.12.0 )
---
updated-dependencies:
- dependency-name: github.com/fatih/color
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/magiconair/properties from 1.8.0 to 1.8.5 (#3 )
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties ) from 1.8.0 to 1.8.5.
- [Release notes](https://github.com/magiconair/properties/releases )
- [Changelog](https://github.com/magiconair/properties/blob/main/CHANGELOG.md )
- [Commits](https://github.com/magiconair/properties/compare/v1.8.0...v1.8.5 )
---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/aws/aws-sdk-go from 1.35.28 to 1.39.6 (#7 )
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.35.28 to 1.39.6.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.35.28...v1.39.6 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#8 )
Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml ) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/go-yaml/yaml/releases )
- [Commits](https://github.com/go-yaml/yaml/compare/v2.3.0...v2.4.0 )
---
updated-dependencies:
- dependency-name: gopkg.in/yaml.v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/spf13/viper from 1.4.0 to 1.8.1 (#9 )
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.4.0 to 1.8.1.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.4.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/spf13/cobra from 0.0.3 to 0.0.7 (#10 )
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 0.0.3 to 0.0.7.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md )
- [Commits](https://github.com/spf13/cobra/compare/v0.0.3...0.0.7 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/aws/aws-sdk-go from 1.39.6 to 1.40.0 (#11 )
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.39.6 to 1.40.0.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.39.6...v1.40.0 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump crazy-max/ghaction-docker-meta from 3.4.0 to 3.4.1 (#12 )
Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta ) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases )
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v3.4.0...v3.4.1 )
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/aws/aws-sdk-go from 1.40.0 to 1.40.1 (#13 )
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.40.0 to 1.40.1.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.0...v1.40.1 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/aws/aws-sdk-go from 1.40.1 to 1.40.7 (#21 )
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.40.1 to 1.40.7.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.1...v1.40.7 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump codecov/codecov-action from 1 to 2.0.2 (#20 )
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v2.0.2 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update build.yml
* Update mkdocs-deploy.yaml
* Update publish.yml
* Update mkdocs-deploy.yaml
* Bump github.com/aws/aws-sdk-go from 1.40.7 to 1.40.9 (#23 )
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.40.7 to 1.40.9.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.7...v1.40.9 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Update .github/workflows/publish.yml
* Update .github/workflows/build.yml
* Update mkdocs-deploy.yaml
* Update build.yml
* Update dependabot.yml
* Update dependabot.yml
* Bump alpine from 3.13 to 3.14.0 (#27 )
Bumps alpine from 3.13 to 3.14.0.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump github.com/aws/aws-sdk-go from 1.40.9 to 1.40.13 (#28 )
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go ) from 1.40.9 to 1.40.13.
- [Release notes](https://github.com/aws/aws-sdk-go/releases )
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.9...v1.40.13 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 11:38:18 +03:00
Dave Hay
222e696934
Upgrading apk-tools ( #944 )
...
Upgrading apk-tools to remediate CVE-2021-36159
( https://snyk.io/vuln/SNYK-ALPINE314-APKTOOLS-1533752 )
Fixes #943
Signed-off-by: Dave Hay <david_hay@uk.ibm.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-03 17:21:24 +03:00
Yoav Rotem
25ba9e2fad
New integration testing ( #947 )
...
* Fix Junit missing testsuites
Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls
* test new integration
* Update build.yml
* add wait for job to be ready
* Update build.yml
* Update build.yml
* Update build.yml
* test
* Update job.yaml
* Add wait
* test for logs
* Update job.yaml
* Create Expected_output.data
* Update build.yml
* Update build.yml
* remove empty line
* Add new line at the end
* add ---
* Delete docker.go
* Delete integration.go
* Delete integration_test.go
* Delete integration/testdata/cis-1.20 directory
* Delete integration/testdata/cis-1.6 directory
* Update integration testing
* Remove integration tests
Removed integration testing to github action
* Update build.yml
2021-08-03 17:10:50 +03:00
Yoav Rotem
f74149d4ab
Update goreleaser ( #929 )
...
* Fix Junit missing testsuites
Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls
* Deprecated files command
* Update .goreleaser.yml
Remove deprecated files, and fix https://github.com/aquasecurity/kube-bench/issues/925
2021-07-14 15:50:12 +03:00
Nick
cb7ee765a3
K8s Job Command Clean ( #923 )
...
* Update commands
* oopsy on run command
* update reference version for iks to be 120
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-07-07 18:21:30 +03:00
Hacks4Snacks
016d67bade
cis-1.20 section 1.1.10 command revision. ( #922 )
...
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-07-07 18:06:50 +03:00
Dave Hay
42f479596c
doc(install): Adding detail and example for build ( #928 )
...
- Added to the `Installing from sources`
- Includes `git clone` etc.
- Also includes comments
Signed-off-by: Dave Hay <david_hay@uk.ibm.com>
2021-07-07 10:56:33 +03:00
Yoav Rotem
14aef408e8
Fix Junit missing testsuites ( #920 )
...
Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls
2021-06-23 18:01:24 +03:00
Yoav Rotem
aedc2942bd
Check string size ( #915 )
...
ASFF ProductFields[] string can't be longer than 1024 characters, could explain https://github.com/aquasecurity/kube-bench/issues/903
`Message:Finding does not adhere to Amazon Finding Format. data.Remediation.Recommendation.Text should NOT be longer than 512 characters.
Error Code:InvalidInput`
2021-06-20 14:28:22 +03:00
Huang Huang
1173667622
Add docs for cis v1.20 ( #914 )
...
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-06-20 12:56:56 +03:00
Huang Huang
e5e2804dfa
Fix values of version field in cfg/cis-1.20 were wrong ( #913 )
2021-06-20 11:23:24 +03:00
Yoav Rotem
2d033edc96
New cis v1.20 ( #912 )
...
* Add files via upload
* Add new cis support v1.20!
* Fix issue with 1.1.9 and 1.1.10 tests
Tests in some cases stat empty path which will return error.
* Add tests for kubernetes 1.20 and retire 1.15 tests
kubernetes 1.15 is not supported anymore and we shouldn't keep testing it.
* Kubernetes 1.15 is not supported anymore
* Tests for kubernetes 1.20
* Fix yamllint errors
Removed trailing spaces (trailing-spaces)
* Add tests for v1.20
* Remove extra spaces
* Change cis test functions names
2021-06-16 20:55:04 +03:00
Yoav Rotem
6ca3ce6754
Update go modules 1.16 ( #910 )
...
* Update to go 1.16
* Update go modules to 1.16
2021-06-16 17:26:51 +03:00
Yoav Rotem
7bbcaeba04
Fix issue tests 1.1.9 and 1.1.10 ( #911 )
...
Issue https://github.com/aquasecurity/kube-bench/issues/909
2021-06-16 17:14:20 +03:00
Yoav Rotem
53752487b6
Add git config user ( #901 )
...
* Add git config user
* Create mkdocs-deploy.yaml
* Delete mkdocs-latest.yaml
* Delete mkdocs-dev.yaml
2021-06-14 12:13:48 +03:00
Yoav Rotem
75fe5d0048
Fix ocp job issues ( #893 )
...
* Fix openshift missing glibc
Fixing issues #891 #890
* Update goreleaser
Change release to build, no need to release while building (when pushed to main) but only when publishing (release new version)
* Update goreleaser version to 0.169.0
* Change from release to build
* Try day run on release
It used to be released to docker hub each push, the issue was that docker hub had a automation for it, now test if its not releasing every git push.
2021-06-09 15:34:39 +03:00
Yoav Rotem
fdf0bbd960
Fixing typos ( #899 )
2021-06-09 15:11:05 +03:00
Yoav Rotem
dd68e8f000
Change files names to start with lowercase ( #898 )
2021-06-09 14:55:28 +03:00
Yoav Rotem
0d1bd2bbd9
mkdocs support and update docs ( #884 )
...
* Delete README.md
* Edit readme and separate into different files
* Update README.md
* Update Running.md
* Update CONTRIBUTING.md
* Create Contributing.md
* Add files via upload
* Update Index.md
* Rename Flags and Commands.md to Flags_and_commands.md
* Rename Index.md to index.md
* Create mkdocs.yml
* Delete images directory
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Update README.md
* Create mkdocs-dev.yaml
* Create mkdocs-latest.yaml
* Update mkdocs.yml
* Update mkdocs.yml
* Update mkdocs.yml
Add yamllint ---
* Make it yamllint comply
* Make Yamllint comply
* Make Yamllint comply
* Change description
Co-authored-by: Itay Shakury <itay@itaysk.com>
* Fix syntax
Co-authored-by: Itay Shakury <itay@itaysk.com>
* Update docs/Architecture.md
Co-authored-by: Itay Shakury <itay@itaysk.com>
* Update docs/Architecture.md
Co-authored-by: Itay Shakury <itay@itaysk.com>
* Update example for test files
* Update contributing
* Delete Contributing.md
* Update Flags_and_commands.md
* Change syntax and add source
* Update Platforms.md
* lower case file names
* lower case file names
* Lower case file names
* Lower case file names
* Lower case file names
* Lower case file names
* Add note about inspect master in some platforms
* Add quick start
* Lower case files names
* Lower case files names
* Fixing typo
* Remove section about old ocp
* Fix typos
Co-authored-by: Itay Shakury <itay@itaysk.com>
2021-06-09 11:17:16 +03:00
Ed Robinson
4b28c84b97
Allow kube-bench to scan Bottlerocket OS ( #889 )
2021-06-08 12:23:43 +03:00
tonyqui
6605ff8844
False positive when running rh-0.7 benchmarks ( #886 )
2021-06-07 12:18:59 +03:00
Dave Hay
fb92680702
Issue 867: Updating CIS 1.1.9 and 1.1.10 ( #877 )
...
Mitigating "No such file or directory" related to CNI config directory
Signed-off by: Dave Hay <david_hay@uk.ibm.com>
2021-05-23 11:46:36 +03:00
Yoav Rotem
62d9045ec6
Fix issue with missing 'Maintainer' field ( #875 )
...
Issue #840 missing 'Maintainer' field in package
2021-05-20 11:21:04 +03:00
Yoav Rotem
1f4b941c51
Fix test request timeout ( #874 )
...
* Test 1.2.24 should be manual
* Test 1.2.26 should be manual
* Test 1.2.26 should be manual
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
* Change test 1.2.26
2021-05-18 16:53:50 +03:00
Yoav Rotem
9820da9579
Update gke-1.0 ( #873 )
...
* Create controlplane.yaml
* Update and tidy yaml
* Update and tidy yaml
* Update and tidy yaml
2021-05-18 16:37:55 +03:00
hbc
e4d9455820
cfg: add /etc/default/kubeletconfig.json
for AKS ( #865 )
...
* cfg: add `/etc/default/kubeletconfig.json`
* fix(cfg): search kubeletconfig.json first
* feat: mount `/etc/default` from host for AKS cluster
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-05-11 12:37:25 +03:00
Huang Huang
47c2494728
Support CIS ACK 1.0.0 benchmark ( #841 )
...
* Support CIS ACK 1.0.0 benchmark
* fix yaml lint
* Fix TestMakeSubsitutions may failed when order of map changed
* Support auto-detect platform when running on ACK
* Apply suggestions from code review
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-05-11 11:52:24 +03:00
Yoav Rotem
887965d31f
Add detected kubernetes version ( #869 )
...
* Add detected kubernetes version to controls
* Refactore NewControls function
Now new Control function is expecting detected version argument.
* Refactore NewControls function
Now new Control function is expecting detected version argument.
* Refactore NewControls function
New Control function is expecting detected version argument.
* Add detected kube version
* add detecetedKubeVersion
* Add detecetedKubeVersion
* Add detectedKubeVersion
* Add detecetedKubeVersion
* Fix missing version
* Change version
Change version from 3.10 to rh-0.7
* fix version: "cis-1.5"
* fix version: "cis-1.5"
* fix version: "cis-1.5"
* Fix version: "cis-1.5"
* Fix version: "cis-1.5"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
2021-05-09 14:48:34 +03:00
Huang Huang
182e64753e
mount /etc/passwd and /etc/group for etcd ownership related checks ( #868 )
2021-05-09 14:25:14 +03:00
Yoav Rotem
a1bd51db99
Add rh-1.0 ( #863 )
2021-05-02 19:31:03 +03:00
Gábor Lipták
af4999ac0e
Bring Go to 1.16 ( #859 )
...
* Bring Go to 1.16
* Bring Go to 1.16
* Bump actions/setup-go to v2
* Bump actions/setup-go to v2
2021-05-02 12:47:30 +03:00
Yoav Rotem
68c2ee2ebf
Add support for Redhat openshift 4.0 cis 1.1.0 ( #860 )
2021-04-29 17:08:41 +03:00
Dmytro Oboznyi
d528400881
Fix file permissions false positive ( #800 )
...
* Fix file permissions false positive
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Added kops files to config path list
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Automated CNI files checks
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fixed linting
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fixed to right folder CNI test
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Changed Automated to manual
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Removed changes from remediation
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Added path to config files
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Update cfg/cis-1.6/master.yaml
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fix
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Fix to job.yaml
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Add extra mountpoints
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
* Revert audit scripts changes
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-04-08 17:02:27 +03:00
Yoav Rotem
f2386c0386
Update ocp 3.11 ( #849 )
...
* Add OCP auto-detection
* Add test for openshift
* update and fix bugs
update file to match with new kube-bench features and fix bugs
* Update file and fix bugs
update file to match with new kube-bench features and fix bugs
* Remove specific configs
Those configs could be set in main config.yaml
* Update to include openshift files
* fix typos
* fix typo
* Remove trailing spaces
* Update util.go
* Add tests for getOcpValidVersion
2021-03-24 18:06:54 +02:00
Yoav Rotem
0cb302761c
Add logging ( #822 )
...
* Add more logging
The old logging could was lacking and in some cases misleading
* Add Logging
Add more logs and change some old messages, the important part is make each test log more readable by adding ------ test id ------ section in logs
* Fix typos
* more info
add more info in comment about the function and it use cases
Co-authored-by: Liz Rice <liz@lizrice.com>
* Use switch case
Change the logic from if to switch and tidy up the code
2021-03-22 17:33:53 +02:00
Neha Viswanathan
9030532263
upgrade base image versions in Dockerfile ( #831 )
2021-03-21 22:53:39 +02:00
Yoav Rotem
50fce51da7
Fix fallback to default version ( #834 )
...
* Fix fallback to default version
In some cases kube-bench will crush instead of fallback to default version.
Fix it to only log that couldn't auto-detect version and used default.
* Fix case with fallback to default version
2021-03-02 16:27:34 +02:00
Yoav Rotem
e308bc1eba
Add version logging ( #817 )
...
* Add more logging
issue #816 add more logging for better debug and information about version auto-detection and fix typo
* Fix typo
* Add more logging
issue #816 add more logging for better debug and information about version auto-detection and fix typo
* tidy logging output
Co-authored-by: Liz Rice <liz@lizrice.com>
* tidy logging output
Co-authored-by: Liz Rice <liz@lizrice.com>
* tidy logging output
Co-authored-by: Liz Rice <liz@lizrice.com>
* tidy logging output
Co-authored-by: Liz Rice <liz@lizrice.com>
* tidy logging output
Co-authored-by: Liz Rice <liz@lizrice.com>
* tidy logging output
Co-authored-by: Liz Rice <liz@lizrice.com>
* tidy logging output
Co-authored-by: Liz Rice <liz@lizrice.com>
* Remove extra logging
Co-authored-by: Liz Rice <liz@lizrice.com>
2021-02-23 14:24:14 +00:00
Neha Viswanathan
b2d481812f
deprecate master and node subcommands ( #812 )
...
* deprecate master and node subcommands
* deprecate master and node subcommands
2021-02-23 14:23:55 +00:00
Naoki Oketani
bc21212980
chore: fix an invalid markdown syntax ( #815 )
2021-02-23 14:23:38 +00:00
Takahiro Tsuruda
4d6de1e2a5
chore: fix defer func in for-loop ( #825 )
...
* chore: call defer func for each iteration
Signed-off-by: TakahiroTsuruda <isrgnoe@gmail.com>
* chore: error check
2021-02-23 14:22:15 +00:00
Liz Rice
baf05eca3b
docs: remove deprecated subcommands master / node ( #827 )
...
* docs: remove references to deprecated subcommands
Removing master / node since it's better to autodetect, or to use
--target
Signed-off-by: Liz Rice <liz@lizrice.com>
* docs: specifying kubernetes or benchmark version
Signed-off-by: Liz Rice <liz@lizrice.com>
2021-02-23 14:05:34 +00:00
Liz Rice
92ebc493ac
chore: fix YAML lint errors ( #826 )
...
* chore: fix YAML lint
* chore: fix YAML lint
2021-02-23 14:04:45 +00:00
Michael Kandelaars
3e9b5a7b49
Refactor of EKS and ASFF integration Job and instructions ( #794 )
...
* Refactor to use Configmap for EKS and ASFF integration
* newline
* markdown fix
* formatting fix
* Update docs/asff.md
Co-authored-by: Liz Rice <liz@lizrice.com>
* typo
* docs: remove section about rebuilding
* docs: reminder to specify kube-bench image for ASFF
Co-authored-by: Liz Rice <liz@lizrice.com>
2021-02-22 14:28:36 +00:00
Liz Rice
ade7fb0759
chore: improve bug report template ( #821 )
...
Ask for more details that we usually need to request anyway, like the
list of currently running processes
Signed-off-by: Liz Rice <liz@lizrice.com>
2021-02-22 11:00:59 +02:00