kube-bench

mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-15 20:39:08 +00:00

Author	SHA1	Message	Date
Borko	f213918552	Updated documentation with section on downloading and installing kube-bench on Linux. (#716 ) Added section on manually downloading and installing kube-bench	2020-10-09 15:46:57 +01:00
Neha Viswanathan	82421e5838	retire cis 1.3 and 1.4 (#693 )	2020-10-03 11:23:28 +01:00
yoavrotems	7280438eb5	Add cis 1.6 (#678 ) * Add new cis version yamls Add new cis version yamls * Add new cis version yamls * Add cis-1.6 to versions table * support version mapping cis-1.6 * support version mapping cis-1.6 * Update controlplane.yaml * Update etcd.yaml * Update node.yaml * Update policies.yaml * Create job.data * Create job-node.data * Create job-master.data * Create add-tls-kind.yaml * Change node version to 1.15.0 * Add tests for cis-1.6 * Delete node_only.yaml * Change tests 1.1.19-1.1.21 Change 1.1.19-1.1.21 because failing tests * Update job.data * Update job-master.data * Update job-master.data * Update job.data * fix 1.2.35 remediation tabs instead of spaces * Update job-master.data * Remove extra space * Update job.data * Create node_only.yaml * Add tests for cis-1.6 Add tests for cis-1.6 and change some from 1,5 to 1.6 * Fix typo * Add mapping for cis-1.6 * Remove extra space in 1.2.35 remediation * Update job.data * Update job-master.data * Fix type 1.2.35 * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Remove trailing spaces * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support * Add version 1.19 kubernetes support	2020-09-17 16:54:43 +01:00
Liz Rice	1899f26bc1	Note about OpenShift OCP 4.* (#700 ) - Add note about why we don't support OCP 4.* - Move GKE & OpenShift sub-sections next to EKS and AKS - Minor corrections	2020-09-14 09:27:49 +03:00
Huang Huang	456d9b62e2	Default log output to stderr (#696 )	2020-09-09 13:46:35 +01:00
Liz Rice	a8a59d3bd8	docs: more clarification on output states (#691 )	2020-09-06 10:46:29 +03:00
Huang Huang	2d548597ae	Support CIS v1.5.1 (#673 )	2020-08-12 21:57:51 +03:00
Matthieu ANTOINE	ea4eaa6fd5	Fix supported targets for EKS benchmark (#648 ) * Fix supported targets for EKS benchmark * docs: heading at wrong level in README * docs: remove duplicate TOC heading * Fix invalid argument for gem install Co-authored-by: Liz Rice <liz@lizrice.com>	2020-07-29 14:40:59 +01:00
Liz Rice	4e00954485	docs: add Troubleshooting (#638 ) * docs: add Troubleshooting Adding basic instructions for running with debug logs * docs: remember --logtostderr * docs: note about cfg requirement Note that installing a binary release is not sufficient - you also need the config and test files Fixes #613	2020-07-15 14:41:35 +01:00
Paavan	20ec5d14f2	added eks-1.0 cfg and modified job-eks.yaml for node checks (#639 ) * added eks-1.0 cfg and modified job-eks.yaml for node checks * fixed yamllint errors and README updates	2020-07-10 16:14:41 +01:00
Neha Viswanathan	2cf2876a10	Update `Running in an EKS cluster` documentation (#621 ) Co-authored-by: Neha Viswanathan <nviswanathan@axway.com> Co-authored-by: Liz Rice <liz@lizrice.com>	2020-05-15 09:53:24 +01:00
Craig Jellick	305283f9d4	Fix OpenShift table layout (#612 ) Co-authored-by: Liz Rice <liz@lizrice.com>	2020-05-14 18:04:14 +01:00
Paul McCarthy	582ce02ce6	Removed references to `dep` from README.md (#607 ) Looks like this project now uses Go modules so `dep` steps are not needed. Co-authored-by: Liz Rice <liz@lizrice.com>	2020-05-14 17:34:47 +01:00
Liz Rice	7e87c980b2	docs: CIS benchmarks are not frequent (#617 ) Correct misleading comment about anticipated CIS benchmarks for every Kubernetes release - bad assumption!	2020-05-06 14:42:40 +01:00
Liz Rice	7cd6b32ebb	docs: notes in README for common misunderstandings (#602 ) Added a Please Note section to document common misunderstandings that often lead to incorrect issue filings	2020-04-07 14:04:42 +01:00
Liz Rice	451721a1cf	Add GKE into list of support tests (#597 ) Also adds links to the Kubernetes benchmarks Fixes #596	2020-03-11 17:48:07 +02:00
Abubakr-Sadik Nii Nai Davis	d988b81540	CIS GKE 1.0.0 benchmark (#570 ) * Add initial commit for CIS GKE 1.0 benchmark * Update README with GKE instructions * Fix YAML linter issues * Set GKE benchmark k8s version to gke-1.0 * Add tests for gke-1.0 Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>	2020-03-03 09:51:48 -05:00
Huang Huang	17cd104788	Fixes issue #574 : change the PATH in container (#577 ) * Fixes issue #574: change the PATH in container And change to use `/usr/local/mount-from-host/bin` as mount path. Fixes #574 * Fix integration tests	2020-02-12 12:18:44 -05:00
Murali Paluru	b677c86868	remove always true for logtostderr (#548 ) * remove always true for logtostderr * update README for log collection instructions Co-authored-by: Liz Rice <liz@lizrice.com>	2020-01-07 13:04:06 +00:00
Saurya Das	ca749ccb32	Adding a section for Azure Kubernetes Service (#495 ) * Adding a section for Azure Kubernetes Service steps to run kube bench on AKS worker nodes * Update README.md * Update README.md Co-authored-by: Roberto Rojas <robertojrojas@gmail.com> Co-authored-by: Liz Rice <liz@lizrice.com>	2019-12-20 12:17:00 +00:00
Zeid Marouf	299ab36a13	doc: fix ECR image build instructions for EKS mode (#531 )	2019-12-20 12:00:38 +00:00
Roberto Rojas	af976e6f50	Fixes Issue #494 - add tests for CIS 1.5 (#530 ) * Initial commit. * Add master and node config. * Add section 5 of CIS 1.5.1. * Split sections into section files * Fix YAML issues. * adds target translation * adds target translation * adds cis-1.5 mapping * fixed tests * fixes are per PR * fixed intergration test * integration kind test file to appropriate ks8 version * fixed etcd text * fixed README * fixed text * etcd: fixed grep path * etcd: fixes * fixed error message bug * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review	2019-12-05 15:55:44 -05:00
Jonathan Rau	51aa10e354	Update EKS Config & Create EKS Guide (#489 ) * Change EKS Readme * Fix readme formatting * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md	2019-11-06 07:34:43 +01:00
Soumyadeep Sinha	8e4da53006	Fixed some typos (#446 ) * Fixed some typos * Fixed some typos * Fixed typo and capitalization of Kubernetes * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update docs/README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update docs/README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update docs/README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * docs: trivial, reinstate capital K * docs: trivial, reinstate backticks * docs: trivial, reinstate "in order" for clarity * docs: trivial, reinstate capital K	2019-11-05 14:59:29 -08:00
Roberto Rojas	7ca438b618	Fixes Issue 269 - Numbering to use CIS Versions (#511 ) * starting benchmark flag * Revert "starting benchmark flag" This reverts commit `58fc948626`. * fixes issue #269 * add more unit tests * fix bug * Update cmd/common.go Co-Authored-By: Liz Rice <liz@lizrice.com> * fixes as per PR review * fixes as per PR review * adds more tests * fixed tests * changes as per PR Review * changes as per PR Review * updated README * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * Update README.md Co-Authored-By: Liz Rice <liz@lizrice.com> * changes are per PR review	2019-11-05 16:31:27 -05:00
Alexey Pyltsyn	7a2cc3f554	Improve docs (#437 )	2019-10-24 09:15:29 +01:00
Mohan Sha	b009520ea3	Added table of contents for navigation (#455 )	2019-10-23 19:08:04 +01:00
Itay Shakury	3964377a80	add contribution guidelines (#454 )	2019-10-16 17:51:33 +03:00
Liz Rice	1b49050974	docs: Clarify the meaning of WARN state (#430 ) * docs: Clarify the meaning of WARN state * Update README.md	2019-10-15 10:04:18 -04:00
Roberto Rojas	a6ee61fd08	Fixes issue #289 : removed versions prior to 1.11 (#429 ) * removed version prior to 1.11 * removed references to kubernetes versions prior to 1.11	2019-10-14 10:52:43 -04:00
James George	050145f6b3	docs: minor tweak (#438 )	2019-10-11 15:47:10 +01:00
Liz Rice	16beb3e616	docs: note that you may need to be root (#412 )	2019-09-21 15:07:16 +01:00
Liz Rice	d0d4e95d93	Updated version support (#385 ) Strictly, we don't have the changes in 1.13-json but we do have them in 1.13	2019-08-30 12:09:11 +01:00
Abubakr-Sadik Nii Nai Davis	92df9cb36c	Read kubernetes version from environment (#390 ) * Read kubernetes version from environment Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line. The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined. * Add info about KUBE_BENCH_VERSION to README	2019-08-27 09:04:11 +01:00
Abubakr-Sadik Nii Nai Davis	2e27d681f7	Remove duplicate documentation. (#373 ) * Remove duplicate documentation. * Add test configuration header back in main README. * Add missing regex operator in docs/README. * Fix incorrect description of configuration options bins, confs etc. * Move description of version auto-detection to main README. * Use 1.13 in examples since cfg/1.12 doesn't exist * Remove duplicate sentence about regex This sentence is now in the docs/README * Add link to the docs for test YAML definitions	2019-08-07 03:43:51 -07:00
yoavrotems	7c97f6a490	Add codecov (#336 ) * Update .gitignore * Update .travis.yml * Update makefile * Update .travis.yml * Update .travis.yml * Update .travis.yml * Update README.md * Update README.md * Update README.md * Update makefile * Update .travis.yml	2019-07-16 14:11:51 -04:00
Liz Rice	08097d2211	Need credentials in order to run kubectl version (#332 ) Without passing in kubeconfig credentials: ```bash $ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1 I0628 16:52:06.591683 6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6 I0628 16:52:06.591822 6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml ... ``` As updated in the README with this fix: ```bash docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1 I0628 16:53:26.784122 7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13 I0628 16:53:26.784961 7224 common.go:228] Using config file: cfg/1.13/config.yaml ... ```	2019-07-08 22:22:48 +01:00
Liz Rice	9a900db021	docs: update WIP to draft (#324 )	2019-07-03 08:27:28 +01:00
Liz Rice	0ab09a85e8	Add pull requests section Add pull requests section Include instructions for kube-bench version Other small wording changes	2019-06-25 14:44:02 +01:00
Abubakr-Sadik Nii Nai Davis	7affbc83d8	Add github issue creation instructions.	2019-06-24 20:33:24 +00:00
Liz Rice	c76369fe2c	Add missing quote	2019-06-10 20:29:58 -07:00
Liz Rice	7f2e9b5231	Merge branch 'master' into op-regex	2019-06-11 04:28:03 +01:00
wwwil	7efa7b2c35	Add regex to list of compare ops	2019-06-05 15:29:40 +01:00
Liz Rice	81f0d9c6e3	Merge branch 'master' into Config-doc	2019-06-05 11:41:15 +02:00
Liz Rice	27df1f60ed	Clarification about worker nodes in managed k8s Because we don’t want to put people off running kube-bench altogether in these environments	2019-06-01 18:17:09 +02:00
030	9d0e3491a0	[GH-191] explained that master nodes cannot be inspected in managed k8s	2019-06-01 16:40:50 +02:00
Liz Rice	df3577519c	Document version-specific config files Values in the version-specific files override the main file	2019-05-30 22:55:48 +01:00
Liz Rice	a800ac6ccc	Merge branch 'master' into json-config	2019-04-24 09:29:18 +01:00
Liz Rice	ceb44583dd	Tidy up a couple of things	2019-04-23 16:07:27 +01:00
Liz Rice	f9d0f4acc1	Add OCP info into the README	2019-04-23 11:59:54 +01:00

1 2 3

106 Commits