1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-23 15:18:07 +00:00
Commit Graph

785 Commits

Author SHA1 Message Date
brainfair
548b021340
Add node kubelet config path (#961)
In kubespray tool we have another path for kubelet config, add them to kube-bench config on top

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-30 16:02:26 +03:00
Nick Keenan
946a48ca74
Fix 4.1.9, skip irremediable checks, add /home/kubernetes mount (#976)
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-30 15:33:59 +03:00
dependabot[bot]
ed484cae83
Bump github.com/aws/aws-sdk-go from 1.40.18 to 1.40.28 (#975)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.18 to 1.40.28.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.18...v1.40.28)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-30 14:58:58 +03:00
dependabot[bot]
a985e6bdf6
Bump k8s.io/client-go from 0.22.0 to 0.22.1 (#974)
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.22.0 to 0.22.1.
- [Release notes](https://github.com/kubernetes/client-go/releases)
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.22.0...v0.22.1)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-30 13:56:32 +03:00
dependabot[bot]
89a7e7a82d
Bump golang from 1.16 to 1.17.0 (#973)
Bumps golang from 1.16 to 1.17.0.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-30 11:47:18 +03:00
dependabot[bot]
f20539930e
Bump gorm.io/gorm from 1.21.12 to 1.21.13 (#966)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.21.12 to 1.21.13.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.21.12...v1.21.13)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-30 11:38:07 +03:00
dependabot[bot]
e2e1566a35
Bump github.com/aws/aws-sdk-go from 1.40.14 to 1.40.18 (#957)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.14 to 1.40.18.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.14...v1.40.18)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-11 12:45:13 +03:00
dependabot[bot]
ee1fd825a7
Bump alpine from 3.14.0 to 3.14.1 (#956)
Bumps alpine from 3.14.0 to 3.14.1.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-10 12:04:15 +03:00
Matthieu MOREL
b1119f588e
chore(ci) update k8s.io/client-go and github.com/spf13/cobra to latest (#955)
* Update github.com/spf13/cobra

* chore(ci) update k8s.io/client-go and github.com/spf13/cobra to latest
2021-08-09 17:40:21 +03:00
Matthieu MOREL
c91a9434c0
Update Gorm (#950)
* Migrate from github.com/jinzhu/gorm to gorm.io/gorm

* apply gofmt

* github.com/aws/aws-sdk-go

* fix
2021-08-09 11:40:01 +03:00
dependabot[bot]
42da8c681c
Bump github.com/aws/aws-sdk-go from 1.40.13 to 1.40.14 (#949)
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.13 to 1.40.14.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.13...v1.40.14)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 17:07:56 +03:00
Matthieu MOREL
8ac8ebfc2a
Update Dependencies (#941)
* Create dependabot.yml

* Bump crazy-max/ghaction-docker-meta from 1 to 3.4.0 (#1)

Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 1 to 3.4.0.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v1...v3.4.0)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update .yamllint.yaml

* Update .yamllint.yaml

* Update dependabot.yml

* Update dependabot.yml

* Bump github.com/onsi/ginkgo from 1.10.1 to 1.16.4 (#2)

Bumps [github.com/onsi/ginkgo](https://github.com/onsi/ginkgo) from 1.10.1 to 1.16.4.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v1.10.1...v1.16.4)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/stretchr/testify from 1.4.0 to 1.7.0 (#4)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.4.0 to 1.7.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.4.0...v1.7.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/fatih/color from 1.5.0 to 1.12.0 (#6)

Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.5.0 to 1.12.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.5.0...v1.12.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/magiconair/properties from 1.8.0 to 1.8.5 (#3)

Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.0 to 1.8.5.
- [Release notes](https://github.com/magiconair/properties/releases)
- [Changelog](https://github.com/magiconair/properties/blob/main/CHANGELOG.md)
- [Commits](https://github.com/magiconair/properties/compare/v1.8.0...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/magiconair/properties
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.35.28 to 1.39.6 (#7)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.35.28 to 1.39.6.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.35.28...v1.39.6)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#8)

Bumps [gopkg.in/yaml.v2](https://github.com/go-yaml/yaml) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/go-yaml/yaml/releases)
- [Commits](https://github.com/go-yaml/yaml/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: gopkg.in/yaml.v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/spf13/viper from 1.4.0 to 1.8.1 (#9)

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.4.0 to 1.8.1.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.4.0...v1.8.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/spf13/cobra from 0.0.3 to 0.0.7 (#10)

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 0.0.3 to 0.0.7.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Changelog](https://github.com/spf13/cobra/blob/master/CHANGELOG.md)
- [Commits](https://github.com/spf13/cobra/compare/v0.0.3...0.0.7)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.39.6 to 1.40.0 (#11)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.39.6 to 1.40.0.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.39.6...v1.40.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump crazy-max/ghaction-docker-meta from 3.4.0 to 3.4.1 (#12)

Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 3.4.0 to 3.4.1.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v3.4.0...v3.4.1)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.40.0 to 1.40.1 (#13)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.0 to 1.40.1.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.0...v1.40.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.40.1 to 1.40.7 (#21)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.1 to 1.40.7.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.1...v1.40.7)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump codecov/codecov-action from 1 to 2.0.2 (#20)

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 1 to 2.0.2.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v1...v2.0.2)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update build.yml

* Update mkdocs-deploy.yaml

* Update publish.yml

* Update mkdocs-deploy.yaml

* Bump github.com/aws/aws-sdk-go from 1.40.7 to 1.40.9 (#23)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.7 to 1.40.9.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.7...v1.40.9)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update .github/workflows/publish.yml

* Update .github/workflows/build.yml

* Update mkdocs-deploy.yaml

* Update build.yml

* Update dependabot.yml

* Update dependabot.yml

* Bump alpine from 3.13 to 3.14.0 (#27)

Bumps alpine from 3.13 to 3.14.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/aws/aws-sdk-go from 1.40.9 to 1.40.13 (#28)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.40.9 to 1.40.13.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.40.9...v1.40.13)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2021-08-04 11:38:18 +03:00
Dave Hay
222e696934
Upgrading apk-tools (#944)
Upgrading apk-tools to remediate CVE-2021-36159
( https://snyk.io/vuln/SNYK-ALPINE314-APKTOOLS-1533752 )

Fixes #943

Signed-off-by: Dave Hay <david_hay@uk.ibm.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-08-03 17:21:24 +03:00
Yoav Rotem
25ba9e2fad
New integration testing (#947)
* Fix Junit missing testsuites 

Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls

* test new integration

* Update build.yml

* add wait for job to be ready

* Update build.yml

* Update build.yml

* Update build.yml

* test

* Update job.yaml

* Add wait

* test for logs

* Update job.yaml

* Create Expected_output.data

* Update build.yml

* Update build.yml

* remove empty line

* Add new line at the end

* add ---

* Delete docker.go

* Delete integration.go

* Delete integration_test.go

* Delete integration/testdata/cis-1.20 directory

* Delete integration/testdata/cis-1.6 directory

* Update integration testing

* Remove integration tests

Removed integration testing to github action

* Update build.yml
2021-08-03 17:10:50 +03:00
Yoav Rotem
f74149d4ab
Update goreleaser (#929)
* Fix Junit missing testsuites 

Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls

* Deprecated files command

* Update .goreleaser.yml

Remove deprecated files, and fix https://github.com/aquasecurity/kube-bench/issues/925
2021-07-14 15:50:12 +03:00
Nick
cb7ee765a3
K8s Job Command Clean (#923)
* Update commands

* oopsy on run command

* update reference version for iks to be 120

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-07-07 18:21:30 +03:00
Hacks4Snacks
016d67bade
cis-1.20 section 1.1.10 command revision. (#922)
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-07-07 18:06:50 +03:00
Dave Hay
42f479596c
doc(install): Adding detail and example for build (#928)
- Added to the `Installing from sources`
- Includes `git clone` etc.
- Also includes comments

Signed-off-by: Dave Hay <david_hay@uk.ibm.com>
2021-07-07 10:56:33 +03:00
Yoav Rotem
14aef408e8
Fix Junit missing testsuites (#920)
Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls
2021-06-23 18:01:24 +03:00
Yoav Rotem
aedc2942bd
Check string size (#915)
ASFF ProductFields[] string can't be longer than 1024 characters, could explain https://github.com/aquasecurity/kube-bench/issues/903
`Message:Finding does not adhere to Amazon Finding Format. data.Remediation.Recommendation.Text should NOT be longer than 512 characters.
Error Code:InvalidInput`
2021-06-20 14:28:22 +03:00
Huang Huang
1173667622
Add docs for cis v1.20 (#914)
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-06-20 12:56:56 +03:00
Huang Huang
e5e2804dfa
Fix values of version field in cfg/cis-1.20 were wrong (#913) 2021-06-20 11:23:24 +03:00
Yoav Rotem
2d033edc96
New cis v1.20 (#912)
* Add files via upload

* Add new cis support v1.20!

* Fix issue with 1.1.9 and 1.1.10 tests

Tests in some cases stat empty path which will return error.

* Add tests for kubernetes 1.20 and retire 1.15 tests

kubernetes 1.15 is not supported anymore and we shouldn't keep testing it.

* Kubernetes 1.15 is not supported anymore

* Tests for kubernetes 1.20

* Fix yamllint errors

Removed trailing spaces (trailing-spaces)

* Add tests for v1.20

* Remove extra spaces

* Change cis test functions names
2021-06-16 20:55:04 +03:00
Yoav Rotem
6ca3ce6754
Update go modules 1.16 (#910)
* Update to go 1.16

* Update go modules to 1.16
2021-06-16 17:26:51 +03:00
Yoav Rotem
7bbcaeba04
Fix issue tests 1.1.9 and 1.1.10 (#911)
Issue https://github.com/aquasecurity/kube-bench/issues/909
2021-06-16 17:14:20 +03:00
Yoav Rotem
53752487b6
Add git config user (#901)
* Add git config user

* Create mkdocs-deploy.yaml

* Delete mkdocs-latest.yaml

* Delete mkdocs-dev.yaml
2021-06-14 12:13:48 +03:00
Yoav Rotem
75fe5d0048
Fix ocp job issues (#893)
* Fix openshift missing glibc

Fixing issues #891  #890

* Update goreleaser

Change release to build, no need to release while building (when pushed to main) but only when publishing (release new version)

* Update goreleaser version to 0.169.0

* Change from release to build

* Try day run on release

It used to be released to docker hub each push, the issue was that docker hub had a automation for it, now test if its not releasing every git push.
2021-06-09 15:34:39 +03:00
Yoav Rotem
fdf0bbd960
Fixing typos (#899) 2021-06-09 15:11:05 +03:00
Yoav Rotem
dd68e8f000
Change files names to start with lowercase (#898) 2021-06-09 14:55:28 +03:00
Yoav Rotem
0d1bd2bbd9
mkdocs support and update docs (#884)
* Delete README.md

* Edit readme and separate into different files

* Update README.md

* Update Running.md

* Update CONTRIBUTING.md

* Create Contributing.md

* Add files via upload

* Update Index.md

* Rename Flags and Commands.md to Flags_and_commands.md

* Rename Index.md to index.md

* Create mkdocs.yml

* Delete images directory

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Update README.md

* Create mkdocs-dev.yaml

* Create mkdocs-latest.yaml

* Update mkdocs.yml

* Update mkdocs.yml

* Update mkdocs.yml

Add yamllint ---

* Make it yamllint comply

* Make Yamllint comply

* Make Yamllint comply

* Change description

Co-authored-by: Itay Shakury <itay@itaysk.com>

* Fix syntax

Co-authored-by: Itay Shakury <itay@itaysk.com>

* Update docs/Architecture.md

Co-authored-by: Itay Shakury <itay@itaysk.com>

* Update docs/Architecture.md

Co-authored-by: Itay Shakury <itay@itaysk.com>

* Update example for test files

* Update contributing

* Delete Contributing.md

* Update Flags_and_commands.md

* Change syntax and add source

* Update Platforms.md

* lower case file names

* lower case file names

* Lower case file names

* Lower case file names

* Lower case file names

* Lower case file names

* Add note about inspect master in some platforms

* Add quick start

* Lower case files names

* Lower case files names

* Fixing typo

* Remove section about old ocp

* Fix typos

Co-authored-by: Itay Shakury <itay@itaysk.com>
2021-06-09 11:17:16 +03:00
Ed Robinson
4b28c84b97
Allow kube-bench to scan Bottlerocket OS (#889) 2021-06-08 12:23:43 +03:00
tonyqui
6605ff8844
False positive when running rh-0.7 benchmarks (#886) 2021-06-07 12:18:59 +03:00
Dave Hay
fb92680702
Issue 867: Updating CIS 1.1.9 and 1.1.10 (#877)
Mitigating "No such file or directory" related to CNI config directory

Signed-off by: Dave Hay <david_hay@uk.ibm.com>
2021-05-23 11:46:36 +03:00
Yoav Rotem
62d9045ec6
Fix issue with missing 'Maintainer' field (#875)
Issue #840 missing 'Maintainer' field in package
2021-05-20 11:21:04 +03:00
Yoav Rotem
1f4b941c51
Fix test request timeout (#874)
* Test 1.2.24 should be manual

* Test 1.2.26 should be manual

* Test 1.2.26 should be manual

* Change test 1.2.26

* Change test 1.2.26

* Change test 1.2.26

* Change test 1.2.26

* Change test 1.2.26
2021-05-18 16:53:50 +03:00
Yoav Rotem
9820da9579
Update gke-1.0 (#873)
* Create controlplane.yaml

* Update and tidy yaml

* Update and tidy yaml

* Update and tidy yaml
2021-05-18 16:37:55 +03:00
hbc
e4d9455820
cfg: add /etc/default/kubeletconfig.json for AKS (#865)
* cfg: add `/etc/default/kubeletconfig.json`

* fix(cfg): search kubeletconfig.json first

* feat: mount `/etc/default` from host for AKS cluster

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-05-11 12:37:25 +03:00
Huang Huang
47c2494728
Support CIS ACK 1.0.0 benchmark (#841)
* Support CIS ACK 1.0.0 benchmark

* fix yaml lint

* Fix TestMakeSubsitutions may failed when order of map changed

* Support auto-detect platform when running on ACK

* Apply suggestions from code review

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-05-11 11:52:24 +03:00
Yoav Rotem
887965d31f
Add detected kubernetes version (#869)
* Add detected kubernetes version to controls

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

New Control function is expecting detected version argument.

* Add detected kube version

* add detecetedKubeVersion

* Add detecetedKubeVersion

* Add detectedKubeVersion

* Add detecetedKubeVersion

* Fix missing version

* Change version

Change version from 3.10 to rh-0.7

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"
2021-05-09 14:48:34 +03:00
Huang Huang
182e64753e
mount /etc/passwd and /etc/group for etcd ownership related checks (#868) 2021-05-09 14:25:14 +03:00
Yoav Rotem
a1bd51db99
Add rh-1.0 (#863) 2021-05-02 19:31:03 +03:00
Gábor Lipták
af4999ac0e
Bring Go to 1.16 (#859)
* Bring Go to 1.16

* Bring Go to 1.16

* Bump actions/setup-go to v2

* Bump actions/setup-go to v2
2021-05-02 12:47:30 +03:00
Yoav Rotem
68c2ee2ebf
Add support for Redhat openshift 4.0 cis 1.1.0 (#860) 2021-04-29 17:08:41 +03:00
Dmytro Oboznyi
d528400881
Fix file permissions false positive (#800)
* Fix file permissions false positive

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Added kops files to config path list

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Automated CNI files checks

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fixed linting

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fixed to right folder CNI test

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed Automated to manual

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Removed changes from remediation

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Added path to config files

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Update cfg/cis-1.6/master.yaml

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fix

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fix to job.yaml

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Add extra mountpoints

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Revert audit scripts changes

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-04-08 17:02:27 +03:00
Yoav Rotem
f2386c0386
Update ocp 3.11 (#849)
* Add OCP auto-detection

* Add test for openshift

* update and fix bugs

update file to match with new kube-bench features and fix bugs

* Update file and fix bugs

update file to match with new kube-bench features and fix bugs

* Remove specific configs

Those configs could be set in main config.yaml

* Update to include openshift files

* fix typos

* fix typo

* Remove trailing spaces

* Update util.go

* Add tests for getOcpValidVersion
2021-03-24 18:06:54 +02:00
Yoav Rotem
0cb302761c
Add logging (#822)
* Add more logging

The old logging could was lacking and in some cases misleading

* Add Logging

Add more logs and change some old messages, the important part is make each test log more readable by adding ------ test id ------ section in logs

* Fix typos

* more info

add more info in comment about the function and it use cases

Co-authored-by: Liz Rice <liz@lizrice.com>

* Use switch case

Change the logic from if to switch and tidy up the code
2021-03-22 17:33:53 +02:00
Neha Viswanathan
9030532263
upgrade base image versions in Dockerfile (#831) 2021-03-21 22:53:39 +02:00
Yoav Rotem
50fce51da7
Fix fallback to default version (#834)
* Fix fallback to default version

In some cases kube-bench will crush instead of fallback to default version. 
Fix it to only log that couldn't auto-detect version and used default.

* Fix case with fallback to default version
2021-03-02 16:27:34 +02:00
Yoav Rotem
e308bc1eba
Add version logging (#817)
* Add more logging

issue #816  add more logging for better debug and information about version auto-detection and fix typo

* Fix typo

* Add more logging

issue #816  add more logging for better debug and information about version auto-detection and fix typo

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* Remove extra logging

Co-authored-by: Liz Rice <liz@lizrice.com>
2021-02-23 14:24:14 +00:00
Neha Viswanathan
b2d481812f
deprecate master and node subcommands (#812)
* deprecate master and node subcommands

* deprecate master and node subcommands
2021-02-23 14:23:55 +00:00