* Rename workflow to workflows
* Add integration tests to Actions
* Upload code coverage after unit test
* don't need code coverage when we do a release
* Use same Go version as in go.mod
* Use same Go version as go.mod
* Add example IAM policy
* Pass RotateKubeletServerCertificate related checks if it's not found (#767)
* Allow for environment variables to be checked in tests (#755)
* Initial commit for checking environment variables for etcd
* Revert config changes
* Remove redundant struct data
* Fix issues with failing tests
* Initial changes based on code review
* Add option to disable envTesting + Update docs
* Initial tests
* Finished testing
* Fix broken tests
* Add a total summary and always show all tests. (#759)
Whether the total summary is shown can be specified with an option.
Fixes#528
Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>
* Update Readme.md file with link to Contribution guide (#754)
* Update License with the year and the owner name
Please add this to make your license agreement strong
* Updated Readme.md file with license and proper documentation links
I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.
* Update LICENSE
* Update README.md
* Update README.md
* Remove erroneous license info
Co-authored-by: Liz Rice <liz@lizrice.com>
* Support auto-detect platform when running on EKS or GKE (#683)
* Support auto-detect platform when running on EKS or GKE
* Change to get platform name from `kubectl version`
* fix regexp and add test
* Update Server Version match for EKS
* try to get version info from api sever at first
* Refactor group skip
changed group 'skip' from being a bool to be 'type' string as done in check
* Change skip: true -> type: skip
Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* add aasf
* add AASF format
* credentials provider
* add finding publisher
* add finding publisher
* add write AASF path
* add testing
* read config from file
* update docker file
* refactor
* remove sample
* add comments
* Add comment in EKS config.yaml
* Fix comment typo
* Fix spelling of ASFF
* Fix typo and other small code review suggestions
* Limit length of Actual result field
Avoids this message seen in testing:
Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters.
* Add comment for ASFF schema
* Add Security Hub documentation
* go mod tidy
* remove dupe lines in docs
* support integration in any region
* fix README link
* fix README links
Co-authored-by: Liz Rice <liz@lizrice.com>
* First draft of AKS configuration checks.
* Updated Azure Configurations. Added more policy checks.
* Finalized cfg components for AKS.
* Fixed targets for aks-1.0 in common_test.go
* Fixed yaml linting issues.
* Fixed white space yaml linkting issues in policies.yaml
* Fixed white space yaml linting issues in policies.yaml
* Fix go vet issues
* to omit the property from JSON parsing one should use "-". "omit" in
that case would use omit tag
* The error was not reachable in the tests, so I moved it to the place
where it make sense for me (but maybe it was just unnecessary)
* Run all go vet linters in CI
* This return breaks the test
* Changes for 1.5
* Update cis-1.3 through 1.6 to also work with configmaps.
* Switch on if proxykubeconfig is set, instead of setting a variable in the script.
* permissons -> proxykubeconfig for 2.2.5/4.1.3 to keep these tests locked with 2.2.6/4.1.4
* Updating test output? Maybe?
* Copy integration test output files into docker image?
* Make entrypoint move integration folder to host, print 1.5 node info.
* Change the order of tests in travis to load files before testing.
* Return tests to place
Those tests comes first since there is more likely to fail with them and then the test will fail "faster" which will save time
* Remove copy integration
When running in a container we don't need to test, only when build and running in Travis to make sure everything is working fine.
* Add $ mark before proxykubeconfig
If not having $ before the parameter then it won't get substituted
* Add $ mark before proxykubeconfig
If not having $ before the parameter then it won't get substituted
* Remove test relate lines
We don't test while running, only integration testing when building and unit testing
* Add spaces
* Change 4.1.3 4.1.4
Those tests now should pass.
* Change tests 4.1.3 and 4.1.4
Those tests now should PASS
* Update job.data with more accurate counts. Thanks to @yoavrotems for getting the project this far!
* Thanks for linting, yamllint!
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* Add condition to make docker
Build and push Docker image only when pushing to master.
* Update to Golang 1.15
As https://github.com/aquasecurity/kube-bench/pull/706 did, just doing it in my fork to test Travis changes about the build
- id: 4.6
text: "Verify the scheduler pod specification file ownership set by OpenShift"
audit: "stat -c %u:%g /etc/origin/node/pods/controller.yaml" -- (lower case u and g ) it returns the uID and gID in numeric i.e 0:0 not root:root.
it supposed to be Uppercase: audit: "stat -c %U:%G /etc/origin/node/pods/controller.yaml"
* Code quality improvements such -
1. Improves empty string test (len vs str == "")
2. Converts fmt.Sprintf to string literal and Printf to Print where possible (as the dynamic args are missing!)
* Delete .deepsource.toml
Co-authored-by: DeepSource Bot <bot@deepsource.io>
Co-authored-by: Liz Rice <liz@lizrice.com>
* read-only-port defaults are correct
* Tests that should catch good read-only-port
* Rework checks & tests
* Linting on issue template YAML
* More explicit test for 4.2.4
* Remove verbosity for ease of reading results
* Use subtests
* Tidy more test cases
* read-only-port defaults are correct
* Tests that should catch good read-only-port
* Rework checks & tests
* Linting on issue template YAML
* More explicit test for 4.2.4
* Add tests for 1.1.19、1.1.20 and 1.1.21 of cis-1.5
* Avoid division by 0
* Use bitmask instead of lte
* Change to use multiple values via `use_multiple_values: true`
* Use find in 1.1.20 and 1.1.21