1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-01 20:38:09 +00:00
Commit Graph

14 Commits

Author SHA1 Message Date
Devendra Turkar
b942ed3f0b
bugfix: false negative when audit_config is defined along with audit and config file not found (#1367)
Suppress the file not found error only when we have audit or auditEnv is defined and they have valid output captured.
As, we already have output from audit command. So we can proceed for our tests even though we didnt find config file.
file not found error: `failed to run: "/test/config.yaml", output: "/bin/sh: line 1: /test/config.yaml: No such file or directory\n", error: exit status 127`

Resolve: #1364
2023-02-02 10:32:27 +02:00
Huang Huang
e0fe5698a0
chore(lint): setup golangci-lint (#1144)
* chore(lint): setup golangci-lint

* linters: gofmt, goimports and misspell

* Update build.yml

Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2022-04-05 16:25:45 +03:00
Matthieu MOREL
c91a9434c0
Update Gorm (#950)
* Migrate from github.com/jinzhu/gorm to gorm.io/gorm

* apply gofmt

* github.com/aws/aws-sdk-go

* fix
2021-08-09 11:40:01 +03:00
Liz Rice
e4d6ed2e8e
Refactor group skip (#783)
* Add example IAM policy

* Pass RotateKubeletServerCertificate related checks if it's not found (#767)

* Allow for environment variables to be checked in tests (#755)

* Initial commit for checking environment variables for etcd

* Revert config changes

* Remove redundant struct data

* Fix issues with failing tests

* Initial changes based on code review

* Add option to disable envTesting + Update docs

* Initial tests

* Finished testing

* Fix broken tests

* Add a total summary and always show all tests. (#759)

Whether the total summary is shown can be specified with an option.

Fixes #528

Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>

* Update Readme.md file with link to Contribution guide (#754)

* Update License with the year and the owner name

Please add this to make your license agreement strong

* Updated Readme.md file with license and proper documentation links

I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.

* Update LICENSE

* Update README.md

* Update README.md

* Remove erroneous license info

Co-authored-by: Liz Rice <liz@lizrice.com>

* Support auto-detect platform when running on EKS or GKE (#683)

* Support auto-detect platform when running on EKS or GKE

* Change to get platform name from `kubectl version`

* fix regexp and add test

* Update Server Version match for EKS

* try to get version info from api sever at first

* Refactor group skip

changed group 'skip' from being a bool to be 'type' string as done in check

* Change skip: true -> type: skip

Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2020-12-21 13:18:54 +02:00
Liz Rice
01c77b2315
chore: improve test clarity (#675)
* read-only-port defaults are correct

* Tests that should catch good read-only-port

* Rework checks & tests

* Linting on issue template YAML

* More explicit test for 4.2.4

* Remove verbosity for ease of reading results

* Use subtests

* Tidy more test cases
2020-08-13 11:01:30 +03:00
Liz Rice
07f3c40dc7
Better handling of parameters and config audits (#674)
* read-only-port defaults are correct

* Tests that should catch good read-only-port

* Rework checks & tests

* Linting on issue template YAML

* More explicit test for 4.2.4
2020-08-12 14:32:42 +01:00
Huang Huang
db109daf43
Support multiple values flag when check the audit output (#652) 2020-08-03 10:31:54 +03:00
Huang Huang
c7b518e76b
Run audit as shell script instead of as single line command (#610)
* Run audit as shell script instead of as single line command

* Rename runExecCommands to runAudit

* Fix tests

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-06-22 10:45:31 +03:00
Liz Rice
dc14cb14b0
Update tests for check states (#550)
- Tests that did not increase coverage and were redundant are removed.
- New tests reflecting the meaning of the state as explained in the
  README are added.

Co-authored-by: s-nirali <25746945+s-nirali@users.noreply.github.com>
2020-01-03 14:02:49 +00:00
Roberto Rojas
3aa41db166
Issue #353: Merges JSON and Exec Params files (#426)
* starts fixes #353

* new approach to minize duplications

* applied merged yaml files for v1.11 and v1.13

* yaml files json/params merged

* fixes to remove double quotes from numbers and booleans

* fixed bug

* fixed certificate check

* removed -json files

* changes based on PR review

* Update check/check_test.go

Yay more tests!

Co-Authored-By: Liz Rice <liz@lizrice.com>

* changes as PR review

* fixed bug when scored check is missing tests

* attempt to improve the code

* fixed list breaks

* removes handleError function

* Update check/check.go

Accepting suggested log level.

Co-Authored-By: Liz Rice <liz@lizrice.com>
2019-10-14 10:37:10 -04:00
Liz Rice
0d57a9dff3
Update copyright date 2019-05-02 18:13:25 -07:00
Daniel Pacak
5fb133cd02 Adjust the semantics of scored and unscored flags 2019-05-01 22:52:56 +02:00
Daniel Pacak
306e1960af Add flags to further filter CIS checks to run 2019-05-01 22:52:56 +02:00
Yoav Hizkiahou
49f745af8e Support new check type - skip:
If a check is marked with type "skip", it will be marked as Info.

Support scored property:
If a check is not scored and is not marked with type skip, it will be marked as Warn.
2019-01-29 19:05:12 +02:00