1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-11-25 01:18:12 +00:00
Commit Graph

26 Commits

Author SHA1 Message Date
Wolfgang Reichert
f6877e3c17
Fix issue 1595: failed to output to ASFF (#1691)
A breaking change was introduced in aws-sdk-go-v2.
See https://github.com/aws/aws-sdk-go-v2/issues/2370#issuecomment-1953308268.

Mixing aws-sdk-go-v2 packages from versions before and after the breaking change causes kube-bench to fail. This issue occurs when it attempts to access AWS Security Hub.

Addressed issue: https://github.com/aquasecurity/kube-bench/issues/1595

Supersedes bot PR: https://github.com/aquasecurity/kube-bench/pull/1689
Besides upgrading to latest SDK version, some variable types need to be adapted.
2024-09-28 13:36:44 +06:00
j-k
a1e2870e83
Migrate to aws-sdk-go-v2 (#1268)
* Migrate to aws-sdk-go-v2

* Update dependencies

Minimum go version increased due to k8s.io/client-go
2022-10-03 08:52:06 +03:00
Huang Huang
907d952fb3
ASFF: add node name to the finding id (#1214) 2022-06-19 11:48:40 +03:00
Huang Huang
181d621456
ASFF: add cluster arn to the finding ID (#1185) 2022-05-21 18:06:30 +02:00
Huang Huang
e0fe5698a0
chore(lint): setup golangci-lint (#1144)
* chore(lint): setup golangci-lint

* linters: gofmt, goimports and misspell

* Update build.yml

Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2022-04-05 16:25:45 +03:00
Huang Huang
be157a8a5a
ASFF: no longer include timestamp in the finding ID (#1127) 2022-03-27 09:36:24 +03:00
Yoav Rotem
aedc2942bd
Check string size (#915)
ASFF ProductFields[] string can't be longer than 1024 characters, could explain https://github.com/aquasecurity/kube-bench/issues/903
`Message:Finding does not adhere to Amazon Finding Format. data.Remediation.Recommendation.Text should NOT be longer than 512 characters.
Error Code:InvalidInput`
2021-06-20 14:28:22 +03:00
Yoav Rotem
887965d31f
Add detected kubernetes version (#869)
* Add detected kubernetes version to controls

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

New Control function is expecting detected version argument.

* Add detected kube version

* add detecetedKubeVersion

* Add detecetedKubeVersion

* Add detectedKubeVersion

* Add detecetedKubeVersion

* Fix missing version

* Change version

Change version from 3.10 to rh-0.7

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"
2021-05-09 14:48:34 +03:00
Liz Rice
e4d6ed2e8e
Refactor group skip (#783)
* Add example IAM policy

* Pass RotateKubeletServerCertificate related checks if it's not found (#767)

* Allow for environment variables to be checked in tests (#755)

* Initial commit for checking environment variables for etcd

* Revert config changes

* Remove redundant struct data

* Fix issues with failing tests

* Initial changes based on code review

* Add option to disable envTesting + Update docs

* Initial tests

* Finished testing

* Fix broken tests

* Add a total summary and always show all tests. (#759)

Whether the total summary is shown can be specified with an option.

Fixes #528

Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>

* Update Readme.md file with link to Contribution guide (#754)

* Update License with the year and the owner name

Please add this to make your license agreement strong

* Updated Readme.md file with license and proper documentation links

I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.

* Update LICENSE

* Update README.md

* Update README.md

* Remove erroneous license info

Co-authored-by: Liz Rice <liz@lizrice.com>

* Support auto-detect platform when running on EKS or GKE (#683)

* Support auto-detect platform when running on EKS or GKE

* Change to get platform name from `kubectl version`

* fix regexp and add test

* Update Server Version match for EKS

* try to get version info from api sever at first

* Refactor group skip

changed group 'skip' from being a bool to be 'type' string as done in check

* Change skip: true -> type: skip

Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2020-12-21 13:18:54 +02:00
Brian Terry
c3f94dd89f
Aws asff (#770)
* add aasf

* add AASF format

* credentials provider

* add finding publisher

* add finding publisher

* add write AASF path

* add testing

* read config from file

* update docker file

* refactor

* remove sample

* add comments

* Add comment in EKS config.yaml

* Fix comment typo

* Fix spelling of ASFF

* Fix typo and other small code review suggestions

* Limit length of Actual result field

Avoids this message seen in testing:
  Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters.

* Add comment for ASFF schema

* Add Security Hub documentation

* go mod tidy

* remove dupe lines in docs

* support integration in any region

* fix README link

* fix README links

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-11-23 19:43:53 +00:00
Wicked
3a35c039e5
Add --skip command to skip groups and checks (#751) 2020-10-29 12:03:41 +02:00
Wicked
9474472194
Allow for skip to be defined on a group-level skipping all checks inside (#736)
* Allow for skip to be defined on a group-level skipping all checks inside

* Refactor skip code to not run skipped checks
2020-10-19 10:51:33 +03:00
Huang Huang
c7b518e76b
Run audit as shell script instead of as single line command (#610)
* Run audit as shell script instead of as single line command

* Rename runExecCommands to runAudit

* Fix tests

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-06-22 10:45:31 +03:00
John Schnake
6ffd382711 Add option to output in JUnit format (#516)
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.

Fixes #460

Signed-off-by: John Schnake <jschnake@vmware.com>
2019-11-13 08:03:04 -05:00
Roberto Rojas
3aa41db166
Issue #353: Merges JSON and Exec Params files (#426)
* starts fixes #353

* new approach to minize duplications

* applied merged yaml files for v1.11 and v1.13

* yaml files json/params merged

* fixes to remove double quotes from numbers and booleans

* fixed bug

* fixed certificate check

* removed -json files

* changes based on PR review

* Update check/check_test.go

Yay more tests!

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes as PR review

* fixed bug when scored check is missing tests

* attempt to improve the code

* fixed list breaks

* removes handleError function

* Update check/check.go

Accepting suggested log level.

Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Daniel Pacak
5fb133cd02 Adjust the semantics of scored and unscored flags 2019-05-01 22:52:56 +02:00
Daniel Pacak
306e1960af Add flags to further filter CIS checks to run 2019-05-01 22:52:56 +02:00
Yoav Hizkiahou
49f745af8e Support new check type - skip:
If a check is marked with type "skip", it will be marked as Info.

Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.
2019-01-29 19:05:12 +02:00
Itai Ben-Natan
e9076233dd Support actual result in json output.
This commit adds the actual value of the result
of the value which was returned by the test.
2018-07-30 14:19:18 +00:00
nazemu
017a9836ce Result structure changes
Changes to the json structure and field names
2017-11-29 19:04:05 +02:00
Steven Logue
d79a2a5478 added support for saving scan results to pgsql 2017-10-31 13:08:46 -07:00
Abubakr-Sadik Nii Nai Davis
8ea0892437 Update controls to support multiple Kubernetes versions. 2017-09-17 00:09:02 +00:00
Abubakr-Sadik Nii Nai Davis
f88de572f6 Improve error handling. 2017-07-25 00:34:07 +00:00
Abubakr-Sadik Nii Nai Davis
bd53529387 Fix issue #16 about supporting verbosity. 2017-07-07 17:01:30 +00:00
Liz Rice
b4237ccb73 Better error handling when reading YAML files 2017-06-23 12:04:46 +01:00
Amir Jerbi
154a140f74 Initial commit 2017-06-19 17:01:57 +03:00