arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-04-18 00:09:01 +00:00
Code Issues Releases Wiki Activity
646 Commits 11 Branches 89 Tags 160 MiB
4557ca00f1
Commit Graph

94 Commits

Author SHA1 Message Date
Paul McCarthy
582ce02ce6
Removed references to dep from README.md (#607) 
Looks like this project now uses Go modules so `dep` steps are not needed.

Co-authored-by: Liz Rice <liz@lizrice.com>
 2020-05-14 17:34:47 +01:00
Liz Rice
7e87c980b2
docs: CIS benchmarks are not frequent (#617) 
Correct misleading comment about anticipated CIS benchmarks for every Kubernetes release - bad assumption!
 2020-05-06 14:42:40 +01:00
Liz Rice
7cd6b32ebb
docs: notes in README for common misunderstandings (#602) 
Added a Please Note section to document common misunderstandings that often lead to incorrect issue filings
 2020-04-07 14:04:42 +01:00
Liz Rice
451721a1cf
Add GKE into list of support tests (#597) 
Also adds links to the Kubernetes benchmarks

Fixes #596
 2020-03-11 17:48:07 +02:00
Abubakr-Sadik Nii Nai Davis
d988b81540
CIS GKE 1.0.0 benchmark (#570) 
* Add initial commit for CIS GKE 1.0 benchmark

* Update README with GKE instructions

* Fix YAML linter issues

* Set GKE benchmark k8s version to gke-1.0

* Add tests for gke-1.0

Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
 2020-03-03 09:51:48 -05:00
Huang Huang
17cd104788
Fixes issue #574: change the PATH in container (#577) 
* Fixes issue #574: change the PATH in container

And change to use `/usr/local/mount-from-host/bin` as mount path.
Fixes #574

* Fix integration tests
 2020-02-12 12:18:44 -05:00
Murali Paluru
b677c86868 remove always true for logtostderr (#548) 
* remove always true for logtostderr

* update README for log collection instructions

Co-authored-by: Liz Rice <liz@lizrice.com>
 2020-01-07 13:04:06 +00:00
Saurya Das
ca749ccb32 Adding a section for Azure Kubernetes Service (#495) 
* Adding a section for Azure Kubernetes Service

steps to run kube bench on AKS worker nodes

* Update README.md

* Update README.md

Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
 2019-12-20 12:17:00 +00:00
Zeid Marouf
299ab36a13 doc: fix ECR image build instructions for EKS mode (#531) 2019-12-20 12:00:38 +00:00
Roberto Rojas
af976e6f50
Fixes Issue #494 - add tests for CIS 1.5 (#530) 
* Initial commit.

* Add master and node config.

* Add section 5 of CIS 1.5.1.

* Split sections into section files

* Fix YAML issues.

* adds target translation

* adds target translation

* adds cis-1.5 mapping

* fixed tests

* fixes are per PR

* fixed intergration test

* integration kind test file to appropriate ks8 version

* fixed etcd text

* fixed README

* fixed text

* etcd: fixed grep path

* etcd: fixes

* fixed error message bug

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review
 2019-12-05 15:55:44 -05:00
Jonathan Rau
51aa10e354 Update EKS Config & Create EKS Guide (#489) 
* Change EKS Readme

* Fix readme formatting

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md
 2019-11-06 07:34:43 +01:00
Soumyadeep Sinha
8e4da53006 Fixed some typos (#446) 
* Fixed some typos

* Fixed some typos

* Fixed typo and capitalization of Kubernetes

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update docs/README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* docs: trivial, reinstate capital K

* docs: trivial, reinstate backticks

* docs: trivial, reinstate "in order" for clarity

* docs: trivial, reinstate capital K
 2019-11-05 14:59:29 -08:00
Roberto Rojas
7ca438b618
Fixes Issue 269 - Numbering to use CIS Versions (#511) 
* starting benchmark flag

* Revert "starting benchmark flag"

This reverts commit 58fc948626.

* fixes issue #269

* add more unit tests

* fix bug

* Update cmd/common.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review

* fixes as per PR review

* adds more tests

* fixed tests

* changes as per PR Review

* changes as per PR Review

* updated README

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes are per PR review
 2019-11-05 16:31:27 -05:00
Alexey Pyltsyn
7a2cc3f554 Improve docs (#437) 2019-10-24 09:15:29 +01:00
Mohan Sha
b009520ea3 Added table of contents for navigation (#455) 2019-10-23 19:08:04 +01:00
Itay Shakury
3964377a80
add contribution guidelines (#454) 2019-10-16 17:51:33 +03:00
Liz Rice
1b49050974 docs: Clarify the meaning of WARN state (#430) 
* docs: Clarify the meaning of WARN state

* Update README.md
 2019-10-15 10:04:18 -04:00
Roberto Rojas
a6ee61fd08
Fixes issue #289: removed versions prior to 1.11 (#429) 
* removed version prior to 1.11

* removed references to kubernetes versions prior to 1.11
 2019-10-14 10:52:43 -04:00
James George
050145f6b3 docs: minor tweak (#438) 2019-10-11 15:47:10 +01:00
Liz Rice
16beb3e616
docs: note that you may need to be root (#412) 2019-09-21 15:07:16 +01:00
Liz Rice
d0d4e95d93
Updated version support (#385) 
Strictly, we don't have the changes in 1.13-json but we do have them in 1.13
 2019-08-30 12:09:11 +01:00
Abubakr-Sadik Nii Nai Davis
92df9cb36c Read kubernetes version from environment (#390) 
* Read kubernetes version from environment

Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.

The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.

* Add info about KUBE_BENCH_VERSION to README
 2019-08-27 09:04:11 +01:00
Abubakr-Sadik Nii Nai Davis
2e27d681f7 Remove duplicate documentation. (#373) 
* Remove duplicate documentation.

* Add test configuration header back in main README.

* Add missing regex operator in docs/README.

* Fix incorrect description of configuration options bins, confs etc.

* Move description of version auto-detection to main README.

* Use 1.13 in examples since cfg/1.12 doesn't exist

* Remove duplicate sentence about regex

This sentence is now in the docs/README

* Add link to the docs for test YAML definitions
 2019-08-07 03:43:51 -07:00
yoavrotems
7c97f6a490 Add codecov (#336) 
* Update .gitignore

* Update .travis.yml

* Update makefile

* Update .travis.yml

* Update .travis.yml

* Update .travis.yml

* Update README.md

* Update README.md

* Update README.md

* Update makefile

* Update .travis.yml
 2019-07-16 14:11:51 -04:00
Liz Rice
08097d2211
Need credentials in order to run kubectl version (#332) 
Without passing in kubeconfig credentials:

```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683    6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822    6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:

```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122    7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961    7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
 2019-07-08 22:22:48 +01:00
Liz Rice
9a900db021
docs: update WIP to draft (#324) 2019-07-03 08:27:28 +01:00
Liz Rice
0ab09a85e8
Add pull requests section 
Add pull requests section
Include instructions for kube-bench version
Other small wording changes
 2019-06-25 14:44:02 +01:00
Abubakr-Sadik Nii Nai Davis
7affbc83d8 Add github issue creation instructions. 2019-06-24 20:33:24 +00:00
Liz Rice
c76369fe2c
Add missing quote 2019-06-10 20:29:58 -07:00
Liz Rice
7f2e9b5231
Merge branch 'master' into op-regex 2019-06-11 04:28:03 +01:00
wwwil
7efa7b2c35 Add regex to list of compare ops 2019-06-05 15:29:40 +01:00
Liz Rice
81f0d9c6e3
Merge branch 'master' into Config-doc 2019-06-05 11:41:15 +02:00
Liz Rice
27df1f60ed
Clarification about worker nodes in managed k8s 
Because we don’t want to put people off running kube-bench altogether in these environments
 2019-06-01 18:17:09 +02:00
030
9d0e3491a0 [GH-191] explained that master nodes cannot be inspected in managed k8s 2019-06-01 16:40:50 +02:00
Liz Rice
df3577519c
Document version-specific config files 
Values in the version-specific files override the main file
 2019-05-30 22:55:48 +01:00
Liz Rice
a800ac6ccc
Merge branch 'master' into json-config 2019-04-24 09:29:18 +01:00
Liz Rice
ceb44583dd
Tidy up a couple of things 2019-04-23 16:07:27 +01:00
Liz Rice
f9d0f4acc1
Add OCP info into the README 2019-04-23 11:59:54 +01:00
Liz Rice
a613f6f028
Document job for EKS 2019-04-11 19:00:17 +01:00
Liz Rice
902a10f1c7
Just have one path for both json and yaml 2019-04-11 17:09:33 +01:00
Liz Rice
c887794807
Merge branch 'master' into feature/json-config 2019-04-11 10:03:07 +01:00
Liz Rice
b5f3299e92
Merge branch 'master' into document-output 2019-04-11 09:04:04 +01:00
Liz Rice
df556c2f42
Add CIS & Kubernetes version mapping to README 2019-03-27 14:21:22 +00:00
Liz Rice
488f5221ef
Document output states 
Also describe how tests can be omitted by editing the YAML
 2019-03-26 10:37:17 +00:00
Florent Delannoy
abfc38d672 Update documentation after review 2019-03-21 15:05:20 +00:00
Florent Delannoy
4d3144ca21 Support JSON and YAML configuration 
Support new configuration options besides --flags:
- JSON file through `jsonpath`
- YAML file through `yamlpath`

These new options are fully backwards-compatible with the existing
tests.

Added a new profile, 1.11-json, that expects a JSON kubelet
configuration file and scores accordingly. This profile is compatible
with EKS.
 2019-03-21 12:13:31 +00:00
Cyril Tovena
5baf81a70a Adds master node detection and a root command that automatically detect checks to run. 
The root command will run node checks and if possible master checks.
I've also added some Makefile targets to improve local testing and improve the documentation.
 2019-03-12 19:32:05 -04:00
Liz Rice
79427e185e
Merge branch 'master' into patch-1 2019-01-15 11:05:27 +00:00
Liz Rice
6b9ceae9d4
True for Windows too 2019-01-15 11:05:04 +00:00
Spencer Owen
2a9a02f25b
warn osx limitation 2019-01-14 10:41:19 -07:00