1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-23 15:18:07 +00:00
Commit Graph

38 Commits

Author SHA1 Message Date
afdesk
4de7b2095a
release: prepare v0.9.2 (#1730) 2024-11-16 16:05:57 +06:00
afdesk
c5dc28ee6f
release: prepare v0.9.1 (#1705) 2024-10-16 19:48:17 +06:00
chenk
366e79ddda
release: prepare v0.8.0 (#1639)
Signed-off-by: chenk <hen.keinan@gmail.com>
2024-07-02 10:35:09 +03:00
chenk
ff9341a5d0
release: prepare-v0.7.3 (#1599)
Signed-off-by: chenk <hen.keinan@gmail.com>
2024-04-18 09:58:44 +03:00
chenk
abfa7d9613
release: prepare v0.7.2 (#1578)
Signed-off-by: chenk <hen.keinan@gmail.com>
2024-02-29 13:37:20 +02:00
Andrey Polovov
faeceb5dfa
job.yaml: Adding /var/lib/cni mounts for proper CIS 1.1.9 and 1.1.0 checking (#1547)
Signed-off-by: Andrey Polovov <andrey.polovov@flant.com>
Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: Andrey Pavlov <andrey.pavlov@flant.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2024-02-11 11:23:17 +02:00
chenk
445c1160cf
release: prepare v0.7.1 (#1559)
Signed-off-by: chenk <hen.keinan@gmail.com>
2024-01-31 11:57:16 +02:00
chenk
58a49da713
release: prepare v0.7.0 (#1543)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-12-19 09:08:02 +02:00
chenk
55a18aed87
release: prepare-0.6.19 (#1511)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-10-23 10:03:22 +03:00
chenk
18f8456abd
release: prepare v0.6.18 (#1509)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-10-17 16:28:52 +03:00
chenk
8bc4daae10
release: prepare v0.6.18-rc (#1508)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-10-17 11:34:53 +03:00
chenk
456684462a
release: prepare v0.6.17 (#1480)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-25 12:41:24 +03:00
Guille Vigil
c8cabc4b14
Update job.yaml (#1477)
* Update job.yaml

Fix on typo for image version

* chore: sync with upstream

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-07-25 12:30:14 +03:00
chenk
8c6915c478
release: prepare v0.6.16 official (#1479)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-25 10:33:54 +03:00
chenk
9363cdf8ef
release: prepare v0.6.16-rc (#1476)
* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-24 11:01:43 +03:00
chenk
76c25b2db2
release: prepare v0.6.15 (#1455)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-06-06 17:40:44 +03:00
chenk
c2880848f0
release: prepare v0.6.14 (#1446)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-05-18 10:32:39 +03:00
chenk
29c8f16167
release: prepare v0.6.14-rc (#1442)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-05-15 15:34:00 +03:00
chenk
8098489433
release: prepare v0.6.13 (#1429)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-24 11:02:19 +03:00
chenk
dd6573f3ed
release: prepare v0.6.13-rc2 (#1426)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-17 16:19:37 +03:00
chenk
124a8b3a5a
release: prepare v0.6.13-rc (#1416)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-10 13:59:13 +03:00
chenk
7d0d8ca993
release: prepare v0.6.12 (#1387)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-02-23 13:30:56 +02:00
chenk
823f3e1064
release: prepare v0.6.12-rc (#1385)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-02-23 09:09:31 +02:00
chenk
c17b4dd2ba
release: prepare v0.6.11 (#1371)
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-02-05 11:44:23 +02:00
chenk
55688aa62d
release: v0.6.10 (#1306)
Signed-off-by: chenk <hen.keinan@gmail.com>

Signed-off-by: chenk <hen.keinan@gmail.com>
2022-10-16 10:01:44 +03:00
Jose Donizetti
93a167a917
release: prepare v0.6.9 (#1241)
Signed-off-by: Jose Donizetti <jdbjunior@gmail.com>

Signed-off-by: Jose Donizetti <jdbjunior@gmail.com>
2022-08-10 14:38:24 -03:00
rhtenhove
ebdfba55cc
fix: fully qualified image names (#1206) 2022-06-17 18:01:32 +03:00
chenk
d190cbcaf6
release: prepare v0.6.8 (#1160)
Signed-off-by: chenk <hen.keinan@gmail.com>
2022-04-24 13:47:41 +03:00
chenk
fbc89e1275
release: prepare v0.6.8-rc1 (#1159)
Signed-off-by: chenk <hen.keinan@gmail.com>
2022-04-24 13:12:40 +03:00
chenk
10ab72abfb
release: v0.6.7 (#1137)
Signed-off-by: chenk <hen.keinan@gmail.com>
2022-04-03 14:27:06 +03:00
chenk
faa1e88d0d
release: prepare v0.6.7-rc1 (#1136)
Signed-off-by: chenk <hen.keinan@gmail.com>
2022-04-03 12:00:08 +03:00
Shubham Deshmukh
e73c07d86f
Update kube bench docker image tag to v0.6.6 (#1085)
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2022-01-30 10:38:03 +02:00
Yoav Rotem
25ba9e2fad
New integration testing (#947)
* Fix Junit missing testsuites 

Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls

* test new integration

* Update build.yml

* add wait for job to be ready

* Update build.yml

* Update build.yml

* Update build.yml

* test

* Update job.yaml

* Add wait

* test for logs

* Update job.yaml

* Create Expected_output.data

* Update build.yml

* Update build.yml

* remove empty line

* Add new line at the end

* add ---

* Delete docker.go

* Delete integration.go

* Delete integration_test.go

* Delete integration/testdata/cis-1.20 directory

* Delete integration/testdata/cis-1.6 directory

* Update integration testing

* Remove integration tests

Removed integration testing to github action

* Update build.yml
2021-08-03 17:10:50 +03:00
Dmytro Oboznyi
d528400881
Fix file permissions false positive (#800)
* Fix file permissions false positive

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Added kops files to config path list

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Automated CNI files checks

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fixed linting

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fixed to right folder CNI test

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Changed Automated to manual

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Removed changes from remediation

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Added path to config files

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Update cfg/cis-1.6/master.yaml

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fix

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Fix to job.yaml

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Add extra mountpoints

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

* Revert audit scripts changes

Signed-off-by: Dmytro Oboznyi <dmytro.oboznyi@syncier.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-04-08 17:02:27 +03:00
Huang Huang
17cd104788
Fixes issue #574: change the PATH in container (#577)
* Fixes issue #574: change the PATH in container

And change to use `/usr/local/mount-from-host/bin` as mount path.
Fixes #574

* Fix integration tests
2020-02-12 12:18:44 -05:00
Nick Smith
77f66511e7 Set all host-mounted volumes to be read-only. (#569)
By setting all host-mounted volumes to be read-only we reduce the likelihood
any host filesystem is modified by running kube-bench.
2020-01-28 10:45:31 -05:00
James Ward
5f34058dc7 Support Linting YAML as part of Travis CI build (#554)
* add yamllint command to travis CI

installs and runs a linter across the YAML in the
project to ensure consistency in the written YAML.

this uses yamllint and the default yamllint config with
"truthy" and "line-length" disabled.

* run dos2unix on CRLF files

* YAMLLINT: remove trailing spaces

* YAMLLint: add YAML document start

* YAMLLint: too many spaces around bracket

* YAMLLint: fix indentation

* YAMLLint: remove duplicate key

* YAMLLint: newline at end of file

* YAMLLint: Too few spaces after comma

* YAMLLint: too many spaces after colon
2020-01-06 09:18:25 +00:00
Cyril Tovena
5baf81a70a Adds master node detection and a root command that automatically detect checks to run.
The root command will run node checks and if possible master checks.
I've also added some Makefile targets to improve local testing and improve the documentation.
2019-03-12 19:32:05 -04:00