arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-07-30 02:18:07 +00:00
Code Issues Releases Wiki Activity
1,190 Commits 7 Branches 94 Tags 161 MiB
8e151b75c0
Commit Graph

1190 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Carter Williamson
8e151b75c0 Completed testing for GCP SCC publisher, documentation, test updates and deployment scripts. Added helper script for creating the SCC Source 2025-03-21 14:14:14 -07:00
Carter Williamson
414f456de7 Merge branch 'gke-stigs' into gcp-scc-publisher 2025-03-19 15:50:51 -07:00
Carter Williamson
7e411a8773 Initial code done, ready for testing 2025-03-19 15:50:22 -07:00
Carter Williamson
9541943576
Merge branch 'main' into gke-stigs 2025-03-18 13:40:52 -07:00
Carter Williamson
cd80b85f0a Found the definition for 242401 so added that back in 2025-03-18 13:37:47 -07:00
Carter Williamson
f9b204bbc6 Moving 242390 to correct file 2025-03-18 13:36:18 -07:00
Carter Williamson
bc5a907828 Cleanup k8s manifest 2025-03-18 13:21:36 -07:00
Carter Williamson
b6304d41ff Removing some unwanted changes 2025-03-18 13:18:51 -07:00
Carter Williamson
5cff2b0a4b Removing some unwanted changes 2025-03-18 13:18:08 -07:00
Carter Williamson
d249137e7d Done with first passes over k8s stig, still a few issues 2025-03-18 12:47:34 -07:00
dependabot[bot]
6edf7e590c
build(deps): bump k8s.io/client-go from 0.32.2 to 0.32.3 (#1833) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.2 to 0.32.3.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.32.2...v0.32.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-18 17:13:33 +06:00
dependabot[bot]
a686691252
build(deps): bump k8s.io/apimachinery from 0.32.2 to 0.32.3 (#1834) 
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.32.2 to 0.32.3.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.2...v0.32.3)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-18 16:55:05 +06:00
dependabot[bot]
486272f8db
build(deps): bump golang.org/x/net from 0.33.0 to 0.36.0 (#1830) 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.33.0 to 0.36.0.
- [Commits](https://github.com/golang/net/compare/v0.33.0...v0.36.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-18 13:51:13 +06:00
Carter Williamson
db6528ab80 Making lots of progress 2025-03-14 15:43:21 -07:00
Carter Williamson
82ebcac31f Done going through k8s stig file from DOD, now to work on failure cases 2025-03-12 17:14:37 -07:00
afdesk
152d0e7528
release: prepare v0.10.4 (#1829) 2025-03-11 22:33:47 +06:00
mjshastha
c74ce3a813
fix: address vulnerabilities in kubectl (#1828) 
kubectl has vulnerabilities in the stable version, it was fixed in 1.33.0-alpha.3
 2025-03-11 18:06:25 +06:00
dependabot[bot]
594eb2cf18
build(deps): bump golang from 1.23.6 to 1.24.0 (#1805) 
Bumps golang from 1.23.6 to 1.24.0.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afdesk <work@afdesk.com>
 2025-03-11 12:14:58 +06:00
dependabot[bot]
eb375f4d9d
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1826) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.56.1 to 1.57.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.56.1...service/s3/v1.57.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-11 11:43:18 +06:00
dependabot[bot]
8c385ffb08
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1827) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.8 to 1.29.9.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.8...config/v1.29.9)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-11 11:24:39 +06:00
afdesk
b6a88e8282
release: prepare v0.10.3 (#1825) 2025-03-05 16:27:10 +06:00
dependabot[bot]
01afe91352
build(deps): bump github.com/spf13/cobra from 1.8.1 to 1.9.1 (#1809) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.1 to 1.9.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.1...v1.9.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-05 14:49:20 +06:00
dependabot[bot]
d85a765a00
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1824) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.8 to 1.56.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/wafv2/v1.55.8...service/s3/v1.56.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-05 14:28:05 +06:00
dependabot[bot]
99d3eb6a9e
build(deps): bump k8s.io/client-go from 0.32.1 to 0.32.2 (#1811) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.1 to 0.32.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.32.1...v0.32.2)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-05 14:16:31 +06:00
dependabot[bot]
bd6eae0c97
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1821) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.4 to 1.29.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.29.4...config/v1.29.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afdesk <work@afdesk.com>
 2025-03-05 13:54:22 +06:00
mjshastha
b0cb472482
fix: Add default case to CIS benchmark version selection (#1823) 
This commit adds a default case to the switch statements for both "rancher" and "rke2" platforms. This ensures that a fallback CIS benchmark version ("rke-cis-1.7" and "rke2-cis-1.7" respectively) is returned when the Kubernetes version does not match any of the explicitly defined cases.
 2025-03-05 13:43:06 +06:00
dependabot[bot]
7f2f0f3227
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.36.0 to 1.36.3 (#1822) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.36.0 to 1.36.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.36.0...v1.36.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-03-04 17:58:09 +06:00
dependabot[bot]
c8d80e6354
build(deps): bump alpine from 3.21.2 to 3.21.3 (#1806) 
Bumps alpine from 3.21.2 to 3.21.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: afdesk <work@afdesk.com>
 2025-03-04 13:32:03 +06:00
Simon Alexander Alsing
c40b2a72e2
fix: typo of applicaions which should have been applications (#1819) 2025-03-04 12:27:13 +06:00
Lihiz
949999145e
DEVOPS-934: Fix UBI image labels in order to be able to pass Red Hat pre-flight checks (#1812) 
* DEVOPS-934: Fix UBI image labels in order to be able to pass Red Hat pre-flight checks
 2025-02-19 15:25:31 +02:00
afdesk
422a7fc5b1
release: prepare v0.10.2 (#1803) 2025-02-12 20:41:39 +06:00
afdesk
18e7e35919
fix: suppress vulnerabilities in kubectl (#1802) 2025-02-12 20:26:50 +06:00
afdesk
f9e2c77967
ci: bump up Go version to 1.23.6 in Github workflows (#1801) 2025-02-12 20:13:43 +06:00
Grischa Ekart
2de22f84fc
Updated version in documentation and using a version var (#1799) 2025-02-12 12:15:11 +06:00
Masashi Honma
fcb6517b8b
Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 (#1800) 
This is the scan result of Trivy.

usr/local/bin/kube-bench (gobinary)
===================================
Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version         │                   Title                    │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤
│ stdlib  │ CVE-2025-22866 │ UNKNOWN  │ fixed  │ 1.23.5            │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │
│         │                │          │        │                   │                              │ crypto/internal/nistec                     │
│         │                │          │        │                   │                              │ https://avd.aquasec.com/nvd/cve-2025-22866 │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2025-02-10 12:11:21 +06:00
afdesk
60d1842d0d
release: prepare v0.10.1 (#1797) 2025-02-04 22:08:07 +06:00
Abubakr-Sadik Nii Nai Davis
26aaeecc0f
fix: required fixes for rke-cis 1.7 / 1.28 / 1.29 (#1792) 2025-02-04 18:19:05 +06:00
dependabot[bot]
c04b700d8a
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1794) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.3 to 1.55.8.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.55.3...service/wafv2/v1.55.8)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 18:01:51 +06:00
dependabot[bot]
4d82ee7f9a
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1795) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.10 to 1.29.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.10...config/v1.29.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 17:43:45 +06:00
dependabot[bot]
62a54424cb
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.32.8 to 1.36.0 (#1796) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.8 to 1.36.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.8...v1.36.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 17:30:37 +06:00
dependabot[bot]
a7bd33cd02
build(deps): bump k8s.io/client-go from 0.32.0 to 0.32.1 (#1785) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.0 to 0.32.1.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.32.0...v0.32.1)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 17:18:32 +06:00
Masashi Honma
c9985a6e9b
Bump golang from 1.23.4 to 1.23.5 to fix vulnerabilities. (#1793) 
This is the scan result of Trivy.

usr/local/bin/kube-bench (gobinary)

Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0)

┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability  │ Severity │ Status │ Installed Version │        Fixed Version        │                            Title                             │
├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤
│ stdlib  │ CVE-2024-45336 │ MEDIUM   │ fixed  │ v1.23.4           │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly    │
│         │                │          │        │                   │                             │ sent after cross-domain redirect                             │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45336                   │
│         ├────────────────┤          │        │                   │                             ├──────────────────────────────────────────────────────────────┤
│         │ CVE-2024-45341 │          │        │                   │                             │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │
│         │                │          │        │                   │                             │ bypass URI name...                                           │
│         │                │          │        │                   │                             │ https://avd.aquasec.com/nvd/cve-2024-45341                   │
└─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
 2025-02-04 17:06:14 +06:00
dependabot[bot]
368a8b5017
build(deps): bump k8s.io/apimachinery from 0.32.0 to 0.32.1 (#1782) 
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.32.0 to 0.32.1.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.0...v0.32.1)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 16:55:04 +06:00
dependabot[bot]
b1547c0b6b
build(deps): bump golang from 1.23.4 to 1.23.5 (#1787) 
Bumps golang from 1.23.4 to 1.23.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-02-04 16:42:00 +06:00
afdesk
fcfb537ac1
fix(ci): add missed args for building docker images (#1788) 2025-01-21 22:36:54 +06:00
Lihiz
5557601134
DEVOPS-788: in order to pass RedHat operator certification, labels mu… (#1781) 
* DEVOPS-788: in order to pass RedHat operator certification, labels must be set on images

---------

Co-authored-by: Lihi Zitzer <lihi.zitzer@aquasec.com>
 2025-01-20 17:47:55 +02:00
afdesk
5967494a5e
release: prepare v0.10.0 (#1777) 2025-01-16 09:50:56 +06:00
afdesk
08574d779f
chore: bump up Go version to 1.23.4 (#1776) 
* chore; bump up Go version to 1.23.4

* chore(ci): set up a timeout for go linter

* chore: remove deprecated linter checks

* chore: bump up golinter timeout to 10sec

* chore: bump up golinter action version to v1.61

* chore: fix linter errors

* chore: set up a timeout for golinter in Github action
 2025-01-15 23:02:16 +06:00
dependabot[bot]
4e70640598
build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1770) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.0 to 1.55.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.55.0...service/iot/v1.55.3)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-15 15:46:30 +06:00
dependabot[bot]
362e95a219
build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1769) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.6 to 1.28.10.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.6...config/v1.28.10)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-01-15 15:01:02 +06:00