1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-30 11:58:11 +00:00
Commit Graph

1023 Commits

Author SHA1 Message Date
dependabot[bot]
623ec41f14 build(deps): bump golang from 1.21.1 to 1.21.3 (#1507)
Bumps golang from 1.21.1 to 1.21.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
66979f29bd build(deps): bump github.com/golang/glog from 1.0.0 to 1.1.2 (#1489)
Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.0.0 to 1.1.2.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.0.0...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
b1ffa151de build(deps): bump docker/setup-qemu-action from 2 to 3 (#1503)
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
chenk
0c7e4818a6 release: prepare-0.6.19 (#1511)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
8b2912830f build(deps): bump docker/build-push-action from 4 to 5 (#1498)
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
chenk
96f13701ce release: prepare v0.6.18 (#1509)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
chenk
25dbe6048b release: prepare v0.6.18-rc (#1508)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
AnaisUrlichs
54f5b9793e updates to the readme
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
2a570b0f24 build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 (#1499)
Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 4 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v4...v5)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
fc4ef87a7b build(deps): bump golang from 1.20.6 to 1.21.1 (#1494)
Bumps golang from 1.20.6 to 1.21.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
44eb962e92 build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#1495)
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
941968c257 build(deps): bump alpine from 3.18.2 to 3.18.3 (#1487)
Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
Darius Mejeras
651f12d21c Add latest CIS benchmarks 2023-08-09 14:49:43 +03:00
dependabot[bot]
d70459b77c
build(deps): bump golang from 1.20.4 to 1.20.6 (#1475)
Bumps golang from 1.20.4 to 1.20.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-28 12:12:45 +03:00
Jonas-Taha El Sesiy
20ad80577c
Bump docker base images (#1465)
During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE.

```
grype aquasec/kube-bench:v0.6.15
 ✔ Vulnerability DB        [no update available]
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [73 packages]
 ✔ Scanning image...       [4 vulnerabilities]
   ├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible
   └── 4 fixed
NAME        INSTALLED  FIXED-IN  TYPE  VULNERABILITY  SEVERITY
libcrypto3  3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
libssl3     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
openssl     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
```

The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html), hence updating the dockerfiles accordingly
2023-07-26 18:22:19 +03:00
chenk
456684462a
release: prepare v0.6.17 (#1480)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-25 12:41:24 +03:00
Guille Vigil
c8cabc4b14
Update job.yaml (#1477)
* Update job.yaml

Fix on typo for image version

* chore: sync with upstream

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-07-25 12:30:14 +03:00
chenk
8c6915c478
release: prepare v0.6.16 official (#1479)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-25 10:33:54 +03:00
chenk
9363cdf8ef
release: prepare v0.6.16-rc (#1476)
* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-24 11:01:43 +03:00
Devendra Turkar
b29ed6b6ed
chore: add fips compliant images (#1473)
For fips complaince we need to generate fips compliant images.
As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips
2023-07-24 10:02:19 +03:00
Andy Pitcher
aa16551811
Fix node.yaml - 4.1.7 and 4.1.8 audit by adding uniq (#1472) 2023-07-11 11:45:06 +03:00
Andy Pitcher
40cdc1bfbb
Fix test_items in cis-1.7 - node - 4.2.12 (#1469)
Related issue: https://github.com/aquasecurity/kube-bench/issues/1468
2023-07-02 10:50:07 +03:00
dependabot[bot]
e2e353a81a
build(deps): bump actions/setup-go from 3 to 4 (#1402)
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-06-24 19:42:03 +03:00
dependabot[bot]
a727d73e8a
build(deps): bump golang from 1.19.4 to 1.20.4 (#1436)
Bumps golang from 1.19.4 to 1.20.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-10 18:07:26 +03:00
chenk
76c25b2db2
release: prepare v0.6.15 (#1455)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-06-06 17:40:44 +03:00
KiranBodipi
ca8743c1f7
add support VMware Tanzu(TKGI) Benchmarks v1.2.53 (#1452)
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397

* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
2023-06-01 16:37:50 +03:00
dependabot[bot]
84f80b59b8
build(deps): bump alpine from 3.17 to 3.18 (#1443)
Bumps alpine from 3.17 to 3.18.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 13:41:30 +03:00
Huang Huang
60dde65d72
support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 (#1449)
closes #1448
2023-05-21 17:53:58 +03:00
Huang Huang
124c57c6f4
support CIS Kubernetes Benchmark v1.7.0 (#1424) 2023-05-21 15:46:16 +03:00
Huang Huang
e41755ba90
cis-1.24: fix tests of 1.1.1 and 4.2.9 were wrong (#1423)
fixes #1410
fixes #1421
2023-05-21 11:39:51 +03:00
dependabot[bot]
6de03bbd7d
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.17.6 to 1.18.0 (#1433)
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.17.6 to 1.18.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.6...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-05-20 18:45:31 +03:00
chenk
c2880848f0
release: prepare v0.6.14 (#1446)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-05-18 10:32:39 +03:00
wangxiaoer
968ee5814e
replace with constant (#1445) 2023-05-16 11:41:49 +03:00
chenk
29c8f16167
release: prepare v0.6.14-rc (#1442)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-05-15 15:34:00 +03:00
Devendra Turkar
b0e49c8789
fix: ignore the error from findConfigFile (#1440)
When we are trying to access a file from a directory which is not present then we get different error.
We dont have standard error method to check the msg so added string match for this case
2023-05-15 15:01:30 +03:00
dependabot[bot]
e38c829dbc
build(deps): bump gorm.io/gorm from 1.24.2 to 1.25.1 (#1437)
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.24.2 to 1.25.1.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.24.2...v1.25.1)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-13 19:37:45 +03:00
chenk
8098489433
release: prepare v0.6.13 (#1429)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-24 11:02:19 +03:00
Murali Paluru
b43f58dcda
add darwin builds (#1428) 2023-04-18 21:15:05 +03:00
chenk
dd6573f3ed
release: prepare v0.6.13-rc2 (#1426)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-17 16:19:37 +03:00
Devendra Turkar
0ff5dd0b8e
chore: Add license file for ubi image (#1425) 2023-04-17 16:07:31 +03:00
chenk
124a8b3a5a
release: prepare v0.6.13-rc (#1416)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-10 13:59:13 +03:00
Rayan Das
c3b6871766
Fix version in policies.yaml (#1415) 2023-04-07 17:33:52 +03:00
Devendra Turkar
96c6b385ef
chore: publish ubi based image (#1412)
* chore: publish ubi based image

- added publish step to publish ubi image
- updated base image for alpine based dockerfile

* chore: update pipeline image to ubuntu-latest
2023-04-05 13:02:36 +03:00
dependabot[bot]
9e41099cec
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1397)
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.23.5 to 1.29.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.23.5...service/s3/v1.29.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-03-25 12:34:54 +03:00
Jack Henschel
0decc8a53f
docs: Clarify how to run Job on OpenShift (#1401)
Signed-off-by: Jack Henschel <jackdev@mailbox.org>
2023-03-18 19:30:19 +02:00
dependabot[bot]
7aeb6c3977
build(deps): bump github.com/fatih/color from 1.13.0 to 1.14.1 (#1363)
Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.13.0...v1.14.1)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-11 09:29:38 +02:00
chenk
7d0d8ca993
release: prepare v0.6.12 (#1387)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-02-23 13:30:56 +02:00
chenk
823f3e1064
release: prepare v0.6.12-rc (#1385)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-02-23 09:09:31 +02:00
Devendra Turkar
fc72a8a620
bugfix: false negative when audit_config file not found (#1376)
In case of RKE, env error comes with exit status 1, so added OR codition to match with error text as well.

resolve: #1364
2023-02-14 10:32:02 +02:00
chenk
c17b4dd2ba
release: prepare v0.6.11 (#1371)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-02-05 11:44:23 +02:00