Konstantinos Tsakalozos
39dfe93b68
Ensure 127.0.0.1 for the --bind-address parameter ( #1723 )
2024-11-18 09:56:28 +06:00
afdesk
4de7b2095a
release: prepare v0.9.2 ( #1730 )
2024-11-16 16:05:57 +06:00
Saurabh Misra
5eccb498c1
FIX| RKE-CIS-1.24- CHECK 1.1.19 ( #1722 )
...
We have added the missing script required for check 1.1.19 in rke-cis-1.24 and made it available to the kube-bench file system(https://github.com/rancher/security-scan/blob/master/package/helper_scripts/check_files_owner_in_dir.sh ).
2024-11-15 18:32:24 +06:00
dependabot[bot]
7ce327f1db
build(deps): bump github.com/aws/aws-sdk-go-v2/config ( #1728 )
...
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2 ) from 1.27.37 to 1.28.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.37...config/v1.28.4 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 18:21:14 +06:00
dependabot[bot]
8656945200
build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.3 ( #1726 )
...
Bumps [github.com/golang/glog](https://github.com/golang/glog ) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/golang/glog/releases )
- [Commits](https://github.com/golang/glog/compare/v1.2.2...v1.2.3 )
---
updated-dependencies:
- dependency-name: github.com/golang/glog
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 17:53:09 +06:00
dependabot[bot]
702107daff
build(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 ( #1720 )
...
Bumps [github.com/spf13/viper](https://github.com/spf13/viper ) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/spf13/viper/releases )
- [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0 )
---
updated-dependencies:
- dependency-name: github.com/spf13/viper
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 17:34:30 +06:00
dependabot[bot]
5fac7f626b
build(deps): bump github.com/fatih/color from 1.16.0 to 1.18.0 ( #1719 )
...
Bumps [github.com/fatih/color](https://github.com/fatih/color ) from 1.16.0 to 1.18.0.
- [Release notes](https://github.com/fatih/color/releases )
- [Commits](https://github.com/fatih/color/compare/v1.16.0...v1.18.0 )
---
updated-dependencies:
- dependency-name: github.com/fatih/color
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 16:14:30 +06:00
dependabot[bot]
27a1942bcc
build(deps): bump golang from 1.23.2 to 1.23.3 ( #1727 )
...
Bumps golang from 1.23.2 to 1.23.3.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 15:39:05 +06:00
dependabot[bot]
9f0f5567ae
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub ( #1724 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2 ) from 1.54.4 to 1.54.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.4...service/lambda/v1.54.6 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-15 11:32:36 +06:00
dependabot[bot]
ea24d0e240
build(deps): bump engineerd/setup-kind from 0.5.0 to 0.6.2 ( #1721 )
...
Bumps [engineerd/setup-kind](https://github.com/engineerd/setup-kind ) from 0.5.0 to 0.6.2.
- [Release notes](https://github.com/engineerd/setup-kind/releases )
- [Commits](https://github.com/engineerd/setup-kind/compare/v0.5.0...v0.6.2 )
---
updated-dependencies:
- dependency-name: engineerd/setup-kind
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-06 10:15:05 +06:00
dependabot[bot]
74f5c8b800
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub ( #1716 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2 ) from 1.53.3 to 1.54.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.53.3...service/s3/v1.54.4 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 11:14:40 +06:00
dependabot[bot]
e2a97f49f5
build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 ( #1718 )
...
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra ) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/spf13/cobra/releases )
- [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1 )
---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-11-01 10:31:03 +06:00
dependabot[bot]
b4000f677b
build(deps): bump gorm.io/gorm from 1.25.10 to 1.25.12 ( #1714 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.25.10 to 1.25.12.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.10...v1.25.12 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 15:37:35 +06:00
dependabot[bot]
86c6a27cc4
build(deps): bump golang from 1.22.7 to 1.23.2 ( #1697 )
...
Bumps golang from 1.22.7 to 1.23.2.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 14:08:26 +06:00
dependabot[bot]
8a695eb8d1
build(deps): bump k8s.io/client-go from 0.29.3 to 0.31.2 ( #1712 )
...
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go ) from 0.29.3 to 0.31.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md )
- [Commits](https://github.com/kubernetes/client-go/compare/v0.29.3...v0.31.2 )
---
updated-dependencies:
- dependency-name: k8s.io/client-go
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 10:26:08 +06:00
dependabot[bot]
e48c3dd7b5
build(deps): bump golangci/golangci-lint-action from 5 to 6 ( #1707 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-25 10:05:00 +06:00
dependabot[bot]
ddb586d441
build(deps): bump k8s.io/apimachinery from 0.29.3 to 0.31.1 ( #1681 )
...
* build(deps): bump k8s.io/apimachinery from 0.29.3 to 0.31.1
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery ) from 0.29.3 to 0.31.1.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.3...v0.31.1 )
---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
* skip go toolchain
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-24 12:51:14 +06:00
afdesk
5568895095
chore: add go toolchain version ( #1710 )
...
* chore: add go toolchain version
* bump up toolchain to 1.22.7
2024-10-24 12:40:41 +06:00
dependabot[bot]
d5ba5edca0
build(deps): bump actions/setup-python from 4 to 5 ( #1536 )
...
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-22 11:30:08 +06:00
dependabot[bot]
0e3dbfa985
build(deps): bump docker/build-push-action from 5 to 6 ( #1631 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-21 23:30:31 +06:00
dependabot[bot]
e9ea1dbb74
build(deps): bump golangci/golangci-lint-action from 4 to 5 ( #1604 )
...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action ) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases )
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-21 15:47:43 +06:00
afdesk
c5dc28ee6f
release: prepare v0.9.1 ( #1705 )
2024-10-16 19:48:17 +06:00
Omar kamoun
fa478ce238
fix: correct TLSCipherSuites to tlsCipherSuites ( #1703 )
2024-10-16 11:50:10 +06:00
dependabot[bot]
1d8f80e846
build(deps): bump github.com/golang/glog from 1.2.0 to 1.2.2 ( #1702 )
...
Bumps [github.com/golang/glog](https://github.com/golang/glog ) from 1.2.0 to 1.2.2.
- [Release notes](https://github.com/golang/glog/releases )
- [Commits](https://github.com/golang/glog/compare/v1.2.0...v1.2.2 )
---
updated-dependencies:
- dependency-name: github.com/golang/glog
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-15 11:14:14 +06:00
Abubakr-Sadik Nii Nai Davis
a15e8acaa3
Add GKE 1.6 CIS benchmark for GCP environment ( #1672 )
...
* Add config entries for GKE 1.6 controls
* Add gke1.6 control plane recommendations
* Add gke-1.6.0 worker node recommendations
* Add gke-1.6.0 policy recommendations
* Add managed services and policy recommendation
* Add master recommendations
* Fix formatting across gke-1.6.0 files
* Add gke-1.6.0 benchmark selection based on k8s version
* Workaround: hardcode kubelet config path for gke-1.6.0
* Fix tests for makeIPTablesUtilChaings
* Change scored field for all node tests to true
* Fix kubelet file permission to check for
---------
Co-authored-by: afdesk <work@afdesk.com>
2024-10-11 10:49:35 +06:00
dependabot[bot]
e47725299e
build(deps): bump gorm.io/driver/postgres from 1.5.6 to 1.5.9 ( #1698 )
...
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres ) from 1.5.6 to 1.5.9.
- [Commits](https://github.com/go-gorm/postgres/compare/v1.5.6...v1.5.9 )
---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-10 10:37:41 +06:00
Matthias Muth
e8562f2944
Extend default kubelet configlist to fit AWS EKS ( #1637 )
...
- the latest default Kubernetes setup of AWS has
its kubelet config path in the added location.
Proposing to extend the list of scanned paths in
order to make kube-bench execution more painless
and "quick start like" in default setups.
2024-10-04 14:08:03 +06:00
Arano-kai
3a0ccc440c
fix: rh-1.0 check 4.1.3 typo ( #1652 )
...
Co-authored-by: Arano-kai <captcha.is(dot)evil(meov)gmail.com>
2024-10-04 13:42:56 +06:00
dependabot[bot]
c683e93968
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub ( #1696 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2 ) from 1.53.1 to 1.53.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.53.1...service/iot/v1.53.3 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-04 12:21:07 +06:00
jdesouza
e75cd6bbc8
Updated KUBECTL_VERSION to 1.31.0 for fixing vulnerabilities ( #1690 )
...
* Bumped Go to 1.22.7 for fixing Critical/High vulberabilities
* Bumped Go to 1.22.7 for fixing Critical/High vulberabilities
* Bumped kubectl version for fixing vulnerabilities
* Fixed kubectl version
* Update go.mod
2024-10-03 22:43:01 +06:00
dependabot[bot]
d8f041a826
build(deps): bump alpine from 3.20.0 to 3.20.3 ( #1676 )
...
Bumps alpine from 3.20.0 to 3.20.3.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-10-03 09:20:12 +06:00
Winnerson Kharsunai
7ea1d59bb1
update audit script for cis-1.9 kubernetes policies id 5.1.6 ( #1655 )
2024-10-01 11:48:02 +06:00
Winnerson Kharsunai
89842dcaaa
update dockerfile to add package findutils ( #1657 )
2024-10-01 11:32:23 +06:00
za
674d8e8bb7
Update command to build docker to run in EKS cluster ( #1648 )
...
because with the previous command unable to get the argument.
Issue: https://github.com/aquasecurity/kube-bench/issues/1647
Co-authored-by: za <za@noreply.users.github.com>
2024-09-30 12:13:10 +06:00
Andy Pitcher
4b4c1ce709
Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set
in CIS-1.7/1.8 ( #1607 )
...
* Modify 1.2.3 Ensure that the DenyServiceExternalIPs is set
- op changed from `have` to `has` and removed bin_op: or
- remediation description changed to only include --enable-admission-plugins
* Apply changes for CIS-1.9
2024-09-30 10:30:59 +06:00
Andy Pitcher
b85ec78a84
Fix CIS-1.9 policies 5.1.1/5.1.5 typos ( #1658 )
...
* Fix CIS-1.9 policies 5.1.1 typo
* Fix typo CIS-1.9 5.1.5
* Add new lines to CIS-1.9
2024-09-30 09:54:45 +06:00
Wolfgang Reichert
f6877e3c17
Fix issue 1595: failed to output to ASFF ( #1691 )
...
A breaking change was introduced in aws-sdk-go-v2.
See https://github.com/aws/aws-sdk-go-v2/issues/2370#issuecomment-1953308268 .
Mixing aws-sdk-go-v2 packages from versions before and after the breaking change causes kube-bench to fail. This issue occurs when it attempts to access AWS Security Hub.
Addressed issue: https://github.com/aquasecurity/kube-bench/issues/1595
Supersedes bot PR: https://github.com/aquasecurity/kube-bench/pull/1689
Besides upgrading to latest SDK version, some variable types need to be adapted.
2024-09-28 13:36:44 +06:00
Andy Pitcher
2751f87034
Fix audit and remediation for CIS-1.9 master 1.1.13/1.1.14 ( #1649 )
...
* Fix audit and remediation for CIS-1.9 master 1.1.13/1.1.14
* Fix loop syntax for file paths
---------
Co-authored-by: afdesk <work@afdesk.com>
2024-09-26 10:45:48 +06:00
Derek Nola
a9422a6623
Overhaul of K3s scans ( #1659 )
...
* Overhaul K3s 1.X checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Overhaul K3s 2.X Checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Overhaul K3s 4.X checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Overhaul K3s 5.X checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Add K3s cis-1.8 scan
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Fix K3s 1.1.10 check
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Merge journalctl checks for K3s
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Matched Manual/Automated to correct scoring (false/true)
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Remove incorrect use of check_for_default_sa.sh script
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
Co-authored-by: afdesk <work@afdesk.com>
2024-09-25 13:12:02 +06:00
mjshastha
f8b6f2fc19
chore: fixed vulns - bump Go version ( #1687 )
2024-09-24 12:12:40 +06:00
Saurabh Misra
c533d68bad
FIXING RKE-2-CIS-1.24 Checks ( #1688 )
...
MASTER:
Checks 1.1.10,1.1.20 are manual
NODE:
a. Check 4.2.12 is the node-level equivalent of the master-level check 1.3.6 and is treated the same way.
2024-09-24 11:56:58 +06:00
dependabot[bot]
5a3fd1d896
build(deps): bump golang from 1.22.2 to 1.22.4 ( #1629 )
...
Bumps golang from 1.22.2 to 1.22.4.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-07-04 08:46:34 +03:00
chenk
366e79ddda
release: prepare v0.8.0 ( #1639 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2024-07-02 10:35:09 +03:00
dependabot[bot]
871027447f
build(deps): bump goreleaser/goreleaser-action from 5 to 6 ( #1628 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 5 to 6.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v5...v6 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-06-29 15:53:49 +03:00
Andy Pitcher
7027b6b2ec
Add CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 ( #1617 )
...
* Create cis-1.9 yamls and Update info
- policies.yaml
- 5.1.1 to 5.1.6 were adapted from Manual to Automated
- 5.1.3 got broken down into 5.1.3.1 and 5.1.3.2
- 5.1.6 got broken down into 5.1.6.1 and 5.1.6.2
- version was set to cis-1.9
- node.yaml master.yaml controlplane.yaml etcd.yaml
- version was set to cis-1.9
* Adapt master.yaml
- Expand 1.1.13/1.1.14 checks by adding super-admin.conf to the permission and ownership verification
- Remove 1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual)
- Adjust numbering from 1.2.12 to 1.2.29
* Adjust policies.yaml
- Check 5.2.3 to 5.2.9 Title Automated to Manual
* Append node.yaml
- Create 4.3 kube-config group
- Create 4.3.1 Ensure that the kube-proxy metrics service is bound to localhost (Automated)
* Adjust policies 5.1.3 and 5.1.6
- Merge 5.1.3.1 and 5.1.3.2 into 5.1.3 (use role_is_compliant and clusterrole_is_compliant)
- Remove 5.1.6.1 and promote 5.1.6.2 to 5.1.6 since it natively covered 5.1.6.1 artifacts
* Add kubectl dependency and update publish
- Download kubectl (build stage) based on version and architecture
- Add binary checksum verification
- Use go env GOARCH for ARCH
2024-06-26 15:53:57 +03:00
dependabot[bot]
d8fc37649a
build(deps): bump alpine from 3.19.1 to 3.20.0 ( #1621 )
...
Bumps alpine from 3.19.1 to 3.20.0.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-31 17:28:56 +03:00
Paulo Gomes
0f8dfaf115
Statically link binaries and remove debug information ( #1615 )
...
Signed-off-by: Paulo Gomes <pjbgf@linux.com>
2024-05-22 08:37:36 +03:00
Derek Nola
ed51191d7c
Replace custom k3s etcd script checks with vanilla grep checks ( #1601 )
...
* Replace custom k3s etcd script checks with vanilla grep checks
Signed-off-by: Derek Nola <derek.nola@suse.com>
* Rework etcd grep, remove etcd ENV checks (no-op), add correct k3s etcddatadir
Signed-off-by: Derek Nola <derek.nola@suse.com>
* chore: update go-linter version
Signed-off-by: chenk <hen.keinan@gmail.com>
* Use etcddatadir variable
Signed-off-by: Derek Nola <derek.nola@suse.com>
---------
Signed-off-by: Derek Nola <derek.nola@suse.com>
Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-05-20 13:47:15 +03:00
dependabot[bot]
2a8615befd
build(deps): bump golang from 1.22.1 to 1.22.2 ( #1596 )
...
Bumps golang from 1.22.1 to 1.22.2.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-05-03 19:35:58 +03:00
chenk
ff9341a5d0
release: prepare-v0.7.3 ( #1599 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2024-04-18 09:58:44 +03:00