Darius Mejeras
865ce7cb54
Update new cis configurations
2023-11-20 15:12:48 +02:00
Benjamin Schimke
53bc12229a
feat(cis-1.24-microk8s): Add support to CIS-1.24 for microk8s distro ( #1510 )
2023-11-20 15:12:48 +02:00
dependabot[bot]
5bb01786cd
build(deps): bump github.com/fatih/color from 1.14.1 to 1.16.0 ( #1520 )
...
Bumps [github.com/fatih/color](https://github.com/fatih/color ) from 1.14.1 to 1.16.0.
- [Release notes](https://github.com/fatih/color/releases )
- [Commits](https://github.com/fatih/color/compare/v1.14.1...v1.16.0 )
---
updated-dependencies:
- dependency-name: github.com/fatih/color
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
623ec41f14
build(deps): bump golang from 1.21.1 to 1.21.3 ( #1507 )
...
Bumps golang from 1.21.1 to 1.21.3.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
66979f29bd
build(deps): bump github.com/golang/glog from 1.0.0 to 1.1.2 ( #1489 )
...
Bumps [github.com/golang/glog](https://github.com/golang/glog ) from 1.0.0 to 1.1.2.
- [Release notes](https://github.com/golang/glog/releases )
- [Commits](https://github.com/golang/glog/compare/v1.0.0...v1.1.2 )
---
updated-dependencies:
- dependency-name: github.com/golang/glog
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
b1ffa151de
build(deps): bump docker/setup-qemu-action from 2 to 3 ( #1503 )
...
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action ) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases )
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3 )
---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
chenk
0c7e4818a6
release: prepare-0.6.19 ( #1511 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
8b2912830f
build(deps): bump docker/build-push-action from 4 to 5 ( #1498 )
...
Bumps [docker/build-push-action](https://github.com/docker/build-push-action ) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases )
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: docker/build-push-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
chenk
96f13701ce
release: prepare v0.6.18 ( #1509 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
chenk
25dbe6048b
release: prepare v0.6.18-rc ( #1508 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-11-20 15:12:48 +02:00
AnaisUrlichs
54f5b9793e
updates to the readme
...
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
2a570b0f24
build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 ( #1499 )
...
Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta ) from 4 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases )
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md )
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
fc4ef87a7b
build(deps): bump golang from 1.20.6 to 1.21.1 ( #1494 )
...
Bumps golang from 1.20.6 to 1.21.1.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
44eb962e92
build(deps): bump goreleaser/goreleaser-action from 4 to 5 ( #1495 )
...
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action ) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases )
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
dependabot[bot]
941968c257
build(deps): bump alpine from 3.18.2 to 3.18.3 ( #1487 )
...
Bumps alpine from 3.18.2 to 3.18.3.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-11-20 15:12:48 +02:00
Darius Mejeras
651f12d21c
Add latest CIS benchmarks
2023-08-09 14:49:43 +03:00
dependabot[bot]
d70459b77c
build(deps): bump golang from 1.20.4 to 1.20.6 ( #1475 )
...
Bumps golang from 1.20.4 to 1.20.6.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-07-28 12:12:45 +03:00
Jonas-Taha El Sesiy
20ad80577c
Bump docker base images ( #1465 )
...
During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE.
```
grype aquasec/kube-bench:v0.6.15
✔ Vulnerability DB [no update available]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [73 packages]
✔ Scanning image... [4 vulnerabilities]
├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible
└── 4 fixed
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
libcrypto3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High
libssl3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High
openssl 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High
```
The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html ), hence updating the dockerfiles accordingly
2023-07-26 18:22:19 +03:00
chenk
456684462a
release: prepare v0.6.17 ( #1480 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-25 12:41:24 +03:00
Guille Vigil
c8cabc4b14
Update job.yaml ( #1477 )
...
* Update job.yaml
Fix on typo for image version
* chore: sync with upstream
Signed-off-by: chenk <hen.keinan@gmail.com>
---------
Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-07-25 12:30:14 +03:00
chenk
8c6915c478
release: prepare v0.6.16 official ( #1479 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-25 10:33:54 +03:00
chenk
9363cdf8ef
release: prepare v0.6.16-rc ( #1476 )
...
* release: prepare v0.6.16-rc
Signed-off-by: chenk <hen.keinan@gmail.com>
* release: prepare v0.6.16-rc
Signed-off-by: chenk <hen.keinan@gmail.com>
---------
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-07-24 11:01:43 +03:00
Devendra Turkar
b29ed6b6ed
chore: add fips compliant images ( #1473 )
...
For fips complaince we need to generate fips compliant images.
As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips
2023-07-24 10:02:19 +03:00
Andy Pitcher
aa16551811
Fix node.yaml - 4.1.7 and 4.1.8 audit by adding uniq ( #1472 )
2023-07-11 11:45:06 +03:00
Andy Pitcher
40cdc1bfbb
Fix test_items in cis-1.7 - node - 4.2.12 ( #1469 )
...
Related issue: https://github.com/aquasecurity/kube-bench/issues/1468
2023-07-02 10:50:07 +03:00
dependabot[bot]
e2e353a81a
build(deps): bump actions/setup-go from 3 to 4 ( #1402 )
...
Bumps [actions/setup-go](https://github.com/actions/setup-go ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases )
- [Commits](https://github.com/actions/setup-go/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-go
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-06-24 19:42:03 +03:00
dependabot[bot]
a727d73e8a
build(deps): bump golang from 1.19.4 to 1.20.4 ( #1436 )
...
Bumps golang from 1.19.4 to 1.20.4.
---
updated-dependencies:
- dependency-name: golang
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-06-10 18:07:26 +03:00
chenk
76c25b2db2
release: prepare v0.6.15 ( #1455 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-06-06 17:40:44 +03:00
KiranBodipi
ca8743c1f7
add support VMware Tanzu(TKGI) Benchmarks v1.2.53 ( #1452 )
...
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
2023-06-01 16:37:50 +03:00
dependabot[bot]
84f80b59b8
build(deps): bump alpine from 3.17 to 3.18 ( #1443 )
...
Bumps alpine from 3.17 to 3.18.
---
updated-dependencies:
- dependency-name: alpine
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-26 13:41:30 +03:00
Huang Huang
60dde65d72
support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 ( #1449 )
...
closes #1448
2023-05-21 17:53:58 +03:00
Huang Huang
124c57c6f4
support CIS Kubernetes Benchmark v1.7.0 ( #1424 )
2023-05-21 15:46:16 +03:00
Huang Huang
e41755ba90
cis-1.24: fix tests of 1.1.1 and 4.2.9 were wrong ( #1423 )
...
fixes #1410
fixes #1421
2023-05-21 11:39:51 +03:00
dependabot[bot]
6de03bbd7d
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.17.6 to 1.18.0 ( #1433 )
...
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2 ) from 1.17.6 to 1.18.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.6...v1.18.0 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-05-20 18:45:31 +03:00
chenk
c2880848f0
release: prepare v0.6.14 ( #1446 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-05-18 10:32:39 +03:00
wangxiaoer
968ee5814e
replace with constant ( #1445 )
2023-05-16 11:41:49 +03:00
chenk
29c8f16167
release: prepare v0.6.14-rc ( #1442 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-05-15 15:34:00 +03:00
Devendra Turkar
b0e49c8789
fix: ignore the error from findConfigFile ( #1440 )
...
When we are trying to access a file from a directory which is not present then we get different error.
We dont have standard error method to check the msg so added string match for this case
2023-05-15 15:01:30 +03:00
dependabot[bot]
e38c829dbc
build(deps): bump gorm.io/gorm from 1.24.2 to 1.25.1 ( #1437 )
...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm ) from 1.24.2 to 1.25.1.
- [Release notes](https://github.com/go-gorm/gorm/releases )
- [Commits](https://github.com/go-gorm/gorm/compare/v1.24.2...v1.25.1 )
---
updated-dependencies:
- dependency-name: gorm.io/gorm
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-05-13 19:37:45 +03:00
chenk
8098489433
release: prepare v0.6.13 ( #1429 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-24 11:02:19 +03:00
Murali Paluru
b43f58dcda
add darwin builds ( #1428 )
2023-04-18 21:15:05 +03:00
chenk
dd6573f3ed
release: prepare v0.6.13-rc2 ( #1426 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-17 16:19:37 +03:00
Devendra Turkar
0ff5dd0b8e
chore: Add license file for ubi image ( #1425 )
2023-04-17 16:07:31 +03:00
chenk
124a8b3a5a
release: prepare v0.6.13-rc ( #1416 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-04-10 13:59:13 +03:00
Rayan Das
c3b6871766
Fix version in policies.yaml ( #1415 )
2023-04-07 17:33:52 +03:00
Devendra Turkar
96c6b385ef
chore: publish ubi based image ( #1412 )
...
* chore: publish ubi based image
- added publish step to publish ubi image
- updated base image for alpine based dockerfile
* chore: update pipeline image to ubuntu-latest
2023-04-05 13:02:36 +03:00
dependabot[bot]
9e41099cec
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub ( #1397 )
...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2 ) from 1.23.5 to 1.29.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases )
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md )
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.23.5...service/s3/v1.29.1 )
---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-03-25 12:34:54 +03:00
Jack Henschel
0decc8a53f
docs: Clarify how to run Job on OpenShift ( #1401 )
...
Signed-off-by: Jack Henschel <jackdev@mailbox.org>
2023-03-18 19:30:19 +02:00
dependabot[bot]
7aeb6c3977
build(deps): bump github.com/fatih/color from 1.13.0 to 1.14.1 ( #1363 )
...
Bumps [github.com/fatih/color](https://github.com/fatih/color ) from 1.13.0 to 1.14.1.
- [Release notes](https://github.com/fatih/color/releases )
- [Commits](https://github.com/fatih/color/compare/v1.13.0...v1.14.1 )
---
updated-dependencies:
- dependency-name: github.com/fatih/color
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-03-11 09:29:38 +02:00
chenk
7d0d8ca993
release: prepare v0.6.12 ( #1387 )
...
Signed-off-by: chenk <hen.keinan@gmail.com>
2023-02-23 13:30:56 +02:00