* Support CIS ACK 1.0.0 benchmark
* fix yaml lint
* Fix TestMakeSubsitutions may failed when order of map changed
* Support auto-detect platform when running on ACK
* Apply suggestions from code review
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* docs: remove references to deprecated subcommands
Removing master / node since it's better to autodetect, or to use
--target
Signed-off-by: Liz Rice <liz@lizrice.com>
* docs: specifying kubernetes or benchmark version
Signed-off-by: Liz Rice <liz@lizrice.com>
* Add example IAM policy
* Pass RotateKubeletServerCertificate related checks if it's not found (#767)
* Allow for environment variables to be checked in tests (#755)
* Initial commit for checking environment variables for etcd
* Revert config changes
* Remove redundant struct data
* Fix issues with failing tests
* Initial changes based on code review
* Add option to disable envTesting + Update docs
* Initial tests
* Finished testing
* Fix broken tests
* Add a total summary and always show all tests. (#759)
Whether the total summary is shown can be specified with an option.
Fixes#528
Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>
* Update Readme.md file with link to Contribution guide (#754)
* Update License with the year and the owner name
Please add this to make your license agreement strong
* Updated Readme.md file with license and proper documentation links
I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.
* Update LICENSE
* Update README.md
* Update README.md
* Remove erroneous license info
Co-authored-by: Liz Rice <liz@lizrice.com>
* Support auto-detect platform when running on EKS or GKE (#683)
* Support auto-detect platform when running on EKS or GKE
* Change to get platform name from `kubectl version`
* fix regexp and add test
* Update Server Version match for EKS
* try to get version info from api sever at first
* Refactor group skip
changed group 'skip' from being a bool to be 'type' string as done in check
* Change skip: true -> type: skip
Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* add aasf
* add AASF format
* credentials provider
* add finding publisher
* add finding publisher
* add write AASF path
* add testing
* read config from file
* update docker file
* refactor
* remove sample
* add comments
* Add comment in EKS config.yaml
* Fix comment typo
* Fix spelling of ASFF
* Fix typo and other small code review suggestions
* Limit length of Actual result field
Avoids this message seen in testing:
Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters.
* Add comment for ASFF schema
* Add Security Hub documentation
* go mod tidy
* remove dupe lines in docs
* support integration in any region
* fix README link
* fix README links
Co-authored-by: Liz Rice <liz@lizrice.com>
* docs: add Troubleshooting
Adding basic instructions for running with debug logs
* docs: remember --logtostderr
* docs: note about cfg requirement
Note that installing a binary release is not sufficient - you also need the config and test files
Fixes#613
* Adding a section for Azure Kubernetes Service
steps to run kube bench on AKS worker nodes
* Update README.md
* Update README.md
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: Liz Rice <liz@lizrice.com>
* Read kubernetes version from environment
Set kubernetes version to the value of the environment variable `KUBE_BENCH_VERSION` if it is defined and the flag `--version` is not specified on the kube-bench command line.
The command line flag `--version` takes precedence of the environment variable `KUBE_BENCH_VERSION` if both are defined.
* Add info about KUBE_BENCH_VERSION to README
* Remove duplicate documentation.
* Add test configuration header back in main README.
* Add missing regex operator in docs/README.
* Fix incorrect description of configuration options bins, confs etc.
* Move description of version auto-detection to main README.
* Use 1.13 in examples since cfg/1.12 doesn't exist
* Remove duplicate sentence about regex
This sentence is now in the docs/README
* Add link to the docs for test YAML definitions
Without passing in kubeconfig credentials:
```bash
$ docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:52:06.591683 6099 util.go:367] Unable to get Kubernetes version from kubectl, using default version: 1.6
I0628 16:52:06.591822 6099 common.go:74] Using benchmark file: cfg/1.6/master.yaml
...
```
As updated in the README with this fix:
```bash
docker run --pid=host -v /etc:/etc:ro -v /var:/var:ro -v $(which kubectl):/usr/bin/kubectl -v ~/.kube:/.kube -e KUBECONFIG=/.kube/config -t lizrice/kube-bench:5e6cdfd master -v 1
I0628 16:53:26.784122 7224 util.go:131] No test file found for 1.14 - using tests for Kubernetes 1.13
I0628 16:53:26.784961 7224 common.go:228] Using config file: cfg/1.13/config.yaml
...
```
