Devendra Turkar
b29ed6b6ed
chore: add fips compliant images ( #1473 )
...
For fips complaince we need to generate fips compliant images.
As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips
1 year ago
Andy Pitcher
aa16551811
Fix node.yaml - 4.1.7 and 4.1.8 audit by adding uniq ( #1472 )
1 year ago
Andy Pitcher
40cdc1bfbb
Fix test_items in cis-1.7 - node - 4.2.12 ( #1469 )
...
Related issue: https://github.com/aquasecurity/kube-bench/issues/1468
1 year ago
dependabot[bot]
e2e353a81a
build(deps): bump actions/setup-go from 3 to 4 ( #1402 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
1 year ago
dependabot[bot]
a727d73e8a
build(deps): bump golang from 1.19.4 to 1.20.4 ( #1436 )
...
Bumps golang from 1.19.4 to 1.20.4.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
chenk
76c25b2db2
release: prepare v0.6.15 ( #1455 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
1 year ago
KiranBodipi
ca8743c1f7
add support VMware Tanzu(TKGI) Benchmarks v1.2.53 ( #1452 )
...
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
1 year ago
dependabot[bot]
84f80b59b8
build(deps): bump alpine from 3.17 to 3.18 ( #1443 )
...
Bumps alpine from 3.17 to 3.18.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
Huang Huang
60dde65d72
support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 ( #1449 )
...
closes #1448
1 year ago
Huang Huang
124c57c6f4
support CIS Kubernetes Benchmark v1.7.0 ( #1424 )
1 year ago
Huang Huang
e41755ba90
cis-1.24: fix tests of 1.1.1 and 4.2.9 were wrong ( #1423 )
...
fixes #1410
fixes #1421
1 year ago
dependabot[bot]
6de03bbd7d
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.17.6 to 1.18.0 ( #1433 )
...
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) from 1.17.6 to 1.18.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.6...v1.18.0 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
1 year ago
chenk
c2880848f0
release: prepare v0.6.14 ( #1446 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
1 year ago
wangxiaoer
968ee5814e
replace with constant ( #1445 )
1 year ago
chenk
29c8f16167
release: prepare v0.6.14-rc ( #1442 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
1 year ago
Devendra Turkar
b0e49c8789
fix: ignore the error from findConfigFile ( #1440 )
...
When we are trying to access a file from a directory which is not present then we get different error.
We dont have standard error method to check the msg so added string match for this case
1 year ago
dependabot[bot]
e38c829dbc
build(deps): bump gorm.io/gorm from 1.24.2 to 1.25.1 ( #1437 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.24.2 to 1.25.1.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.24.2...v1.25.1 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
1 year ago
chenk
8098489433
release: prepare v0.6.13 ( #1429 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
1 year ago
Murali Paluru
b43f58dcda
add darwin builds ( #1428 )
1 year ago
chenk
dd6573f3ed
release: prepare v0.6.13-rc2 ( #1426 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
1 year ago
Devendra Turkar
0ff5dd0b8e
chore: Add license file for ubi image ( #1425 )
1 year ago
chenk
124a8b3a5a
release: prepare v0.6.13-rc ( #1416 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
1 year ago
Rayan Das
c3b6871766
Fix version in policies.yaml ( #1415 )
2 years ago
Devendra Turkar
96c6b385ef
chore: publish ubi based image ( #1412 )
...
* chore: publish ubi based image
- added publish step to publish ubi image
- updated base image for alpine based dockerfile
* chore: update pipeline image to ubuntu-latest
2 years ago
dependabot[bot]
9e41099cec
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub ( #1397 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2 ) from 1.23.5 to 1.29.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.23.5...service/s3/v1.29.1 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2 years ago
Jack Henschel
0decc8a53f
docs: Clarify how to run Job on OpenShift ( #1401 )
...
Signed-off-by: Jack Henschel <jackdev@mailbox.org>
2 years ago
dependabot[bot]
7aeb6c3977
build(deps): bump github.com/fatih/color from 1.13.0 to 1.14.1 ( #1363 )
...
Bumps [github.com/fatih/color](https://github.com/fatih/color ) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/fatih/color/releases )
- [Commits](https://github.com/fatih/color/compare/v1.13.0...v1.14.1 )
---
updated-dependencies:
- dependency-name: github.com/fatih/color
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
chenk
7d0d8ca993
release: prepare v0.6.12 ( #1387 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2 years ago
chenk
823f3e1064
release: prepare v0.6.12-rc ( #1385 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2 years ago
Devendra Turkar
fc72a8a620
bugfix: false negative when audit_config file not found ( #1376 )
...
In case of RKE, env error comes with exit status 1, so added OR codition to match with error text as well.
resolve : #1364
2 years ago
chenk
c17b4dd2ba
release: prepare v0.6.11 ( #1371 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2 years ago
dependabot[bot]
edff7f45a9
build(deps): bump gorm.io/driver/postgres from 1.4.5 to 1.4.6 ( #1355 )
...
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres ) from 1.4.5 to 1.4.6.
- [Release notes](https://github.com/go-gorm/postgres/releases )
- [Commits](https://github.com/go-gorm/postgres/compare/v1.4.5...v1.4.6 )
---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
Devendra Turkar
b942ed3f0b
bugfix: false negative when audit_config is defined along with audit and config file not found ( #1367 )
...
Suppress the file not found error only when we have audit or auditEnv is defined and they have valid output captured.
As, we already have output from audit command. So we can proceed for our tests even though we didnt find config file.
file not found error: `failed to run: "/test/config.yaml", output: "/bin/sh: line 1: /test/config.yaml: No such file or directory\n", error: exit status 127`
Resolve : #1364
2 years ago
Derek Nola
e1d1053358
Fix to empty grep and other cis-1.6-k3s checks ( #1352 )
...
* Fix to empty grep and other k3s checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Lint fix
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: Derek Nola <derek.nola@suse.com>
2 years ago
dependabot[bot]
07cd55da9c
build(deps): bump k8s.io/client-go from 0.25.4 to 0.26.0 ( #1354 )
...
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go ) from 0.25.4 to 0.26.0.
- [Release notes](https://github.com/kubernetes/client-go/releases )
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kubernetes/client-go/compare/v0.25.4...v0.26.0 )
---
updated-dependencies:
- dependency-name: k8s.io/client-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
e6d0056b8e
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.17.2 to 1.17.3 ( #1348 )
...
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) from 1.17.2 to 1.17.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.2...v1.17.3 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
9991268c85
build(deps): bump goreleaser/goreleaser-action from 3 to 4 ( #1347 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 3 to 4.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
465c16fe4b
build(deps): bump golang from 1.19.3 to 1.19.4 ( #1345 )
...
Bumps golang from 1.19.3 to 1.19.4.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
e08cf54cb0
build(deps): bump github.com/magiconair/properties from 1.8.6 to 1.8.7 ( #1344 )
...
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties ) from 1.8.6 to 1.8.7.
- [Release notes](https://github.com/magiconair/properties/releases )
- [Changelog](https://github.com/magiconair/properties/blob/main/CHANGELOG.md )
- [Commits](https://github.com/magiconair/properties/compare/v1.8.6...v1.8.7 )
---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
8f654a9fc6
build(deps): bump github.com/spf13/cobra from 1.6.0 to 1.6.1 ( #1341 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.6.0 to 1.6.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.6.0...v1.6.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
4ccffb8fdd
build(deps): bump github.com/spf13/viper from 1.13.0 to 1.14.0 ( #1339 )
...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.13.0...v1.14.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
ec51394eb7
build(deps): bump github.com/aws/aws-sdk-go-v2/config ( #1337 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.17.8 to 1.18.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.17.8...config/v1.18.4 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
e096229a5a
build(deps): bump alpine from 3.16.2 to 3.17.0 ( #1332 )
...
Bumps alpine from 3.16.2 to 3.17.0.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
98742f014e
build(deps): bump k8s.io/client-go from 0.25.2 to 0.25.4 ( #1322 )
...
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go ) from 0.25.2 to 0.25.4.
- [Release notes](https://github.com/kubernetes/client-go/releases )
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kubernetes/client-go/compare/v0.25.2...v0.25.4 )
---
updated-dependencies:
- dependency-name: k8s.io/client-go
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
f959abe0da
build(deps): bump ubi8/ubi-minimal from 8.6 to 8.7 ( #1320 )
...
Bumps ubi8/ubi-minimal from 8.6 to 8.7.
---
updated-dependencies:
- dependency-name: ubi8/ubi-minimal
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
d5039002af
build(deps): bump golang from 1.19.2 to 1.19.3 ( #1318 )
...
Bumps golang from 1.19.2 to 1.19.3.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
dependabot[bot]
ba23ef534a
build(deps): bump gorm.io/driver/postgres from 1.3.10 to 1.4.5 ( #1312 )
...
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres ) from 1.3.10 to 1.4.5.
- [Release notes](https://github.com/go-gorm/postgres/releases )
- [Commits](https://github.com/go-gorm/postgres/compare/v1.3.10...v1.4.5 )
---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2 years ago
Huang Huang
bd8dd3adcc
use $etcddatadir in more etcd related checks ( #1331 )
2 years ago
Huang Huang
865817dfda
support customize datadir locations of etcd ( #1330 )
2 years ago
Huang Huang
3ccafa7be1
support CIS Kubernetes V1.24 Benchmark v1.0.0 ( #1329 )
2 years ago