1
0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2024-12-02 04:48:14 +00:00
Commit Graph

195 Commits

Author SHA1 Message Date
Abubakr-Sadik Nii Nai Davis
a15e8acaa3
Add GKE 1.6 CIS benchmark for GCP environment (#1672)
* Add config entries for GKE 1.6 controls

* Add gke1.6 control plane recommendations

* Add gke-1.6.0 worker node recommendations

* Add gke-1.6.0 policy recommendations

* Add managed services and policy recommendation

* Add master recommendations

* Fix formatting across gke-1.6.0 files

* Add gke-1.6.0 benchmark selection based on k8s version

* Workaround: hardcode kubelet config path for gke-1.6.0

* Fix tests for makeIPTablesUtilChaings

* Change scored field for all node tests to true

* Fix kubelet file permission to check for

---------

Co-authored-by: afdesk <work@afdesk.com>
2024-10-11 10:49:35 +06:00
Andy Pitcher
7027b6b2ec
Add CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 (#1617)
* Create cis-1.9 yamls and Update info
      - policies.yaml
          - 5.1.1 to 5.1.6 were adapted from Manual to Automated
          - 5.1.3 got broken down into 5.1.3.1 and 5.1.3.2
          - 5.1.6 got broken down into 5.1.6.1 and 5.1.6.2
          - version was set to cis-1.9
       - node.yaml master.yaml controlplane.yaml etcd.yaml
          - version was set to cis-1.9

* Adapt master.yaml
    - Expand 1.1.13/1.1.14 checks by adding super-admin.conf to the permission and ownership verification
    - Remove 1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual)
    - Adjust numbering from 1.2.12 to 1.2.29

* Adjust policies.yaml
   - Check 5.2.3 to 5.2.9 Title Automated to Manual

* Append node.yaml
   - Create 4.3 kube-config group
   - Create 4.3.1 Ensure that the kube-proxy metrics service is bound to localhost (Automated)

* Adjust policies 5.1.3 and 5.1.6

   - Merge 5.1.3.1 and 5.1.3.2 into 5.1.3 (use role_is_compliant and clusterrole_is_compliant)
   - Remove 5.1.6.1 and promote 5.1.6.2 to 5.1.6 since it natively covered 5.1.6.1 artifacts

* Add kubectl dependency and update publish
   - Download kubectl (build stage) based on version and architecture
   - Add binary checksum verification
   - Use go env GOARCH for ARCH
2024-06-26 15:53:57 +03:00
guangwu
c3e3c4c31c
chore: remove refs to deprecated io/ioutil (#1504)
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
2023-12-05 10:52:24 +02:00
Huang Huang
92a18e7dfd
support CIS Kubernetes Benchmark v1.8.0 (#1527)
* support CIS Kubernetes Benchmark v1.8.0

* update version info
2023-12-02 09:59:30 +02:00
Kiran Bodipi
f8fe5ee173
Add CIS Benchmarks support to Rancher Distributions RKE/RKE2/K3s (#1523)
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397

* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397

* release: prepare v0.6.15 (#1455)

Signed-off-by: chenk <hen.keinan@gmail.com>

* build(deps): bump golang from 1.19.4 to 1.20.4 (#1436)

Bumps golang from 1.19.4 to 1.20.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump actions/setup-go from 3 to 4 (#1402)

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>

* Fix test_items in cis-1.7 - node - 4.2.12 (#1469)

Related issue: https://github.com/aquasecurity/kube-bench/issues/1468

* Fix node.yaml - 4.1.7 and 4.1.8 audit by adding uniq (#1472)

* chore: add fips compliant images (#1473)

For fips complaince we need to generate fips compliant images.
As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips

* release: prepare v0.6.16-rc (#1476)

* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>

* release: prepare v0.6.16 official (#1479)

Signed-off-by: chenk <hen.keinan@gmail.com>

* Update job.yaml (#1477)

* Update job.yaml

Fix on typo for image version

* chore: sync with upstream

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: chenk <hen.keinan@gmail.com>

* release: prepare v0.6.17 (#1480)

Signed-off-by: chenk <hen.keinan@gmail.com>

* Bump docker base images (#1465)

During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE.

```
grype aquasec/kube-bench:v0.6.15
 ✔ Vulnerability DB        [no update available]
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [73 packages]
 ✔ Scanning image...       [4 vulnerabilities]
   ├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible
   └── 4 fixed
NAME        INSTALLED  FIXED-IN  TYPE  VULNERABILITY  SEVERITY
libcrypto3  3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
libssl3     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
openssl     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
```

The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html), hence updating the dockerfiles accordingly

* build(deps): bump golang from 1.20.4 to 1.20.6 (#1475)

Bumps golang from 1.20.4 to 1.20.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add CIS Benchmarks support to Rancher Distributions RKE/RKE2/K3s
Based on the information furnished in https://ranchermanager.docs.rancher.com/v2.7/pages-for-subheaders/rancher-hardening-guides
kube-bench executes CIS-1.23 (Kubernetes v1.23) , CIS-1.24(Kubernetes v1.24),CIS-1.7 (Kubernetes v1.25,v1.26,v1.27) CIS Benchmarks of respective distributions.

* RKE/RKE2 CIS Benchmarks
Updated the order of checks for RKE and RKE2 Platforms.

* fixed vulnerabilities|upgraded package golang.org/x/net to version v0.17.0

* Error handling for RKE Detection Pre-requisites

* Based on the information furnished in https://ranchermanager.docs.rancher.com/v2.7/pages-for-subheaders/rancher-hardening-guides#hardening-guides-and-benchmark-versions, kube-bench executes CIS-1.23 (Kubernetes v1.23) , CIS-1.24(Kubernetes v1.24),CIS-1.7 (Kubernetes v1.25,v1.26,v1.27) CIS Benchmarks of respective distributions.
updated documentation specific to added rancher platforms

* addressed review comments
1.Implemented IsRKE functionality in kube-bench
2. Removed containerd from global level config and accommodated in individual config file
3. Corrected the control id from 1.2.25 to 1.2.23 in master.yaml(k3s-cis-1.23 and k3s-cis-1.24)

* Removed unncessary dependency - kubernetes-provider-detector

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Andy Pitcher <andy.pitcher@suse.com>
Co-authored-by: Devendra Turkar <devendra.turkar@gmail.com>
Co-authored-by: Guille Vigil <contact@guillermotti.com>
Co-authored-by: Jonas-Taha El Sesiy <jonas-taha.elsesiy@snowflake.com>
2023-11-26 12:27:38 +02:00
KiranBodipi
ca8743c1f7
add support VMware Tanzu(TKGI) Benchmarks v1.2.53 (#1452)
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397

* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
2023-06-01 16:37:50 +03:00
Huang Huang
60dde65d72
support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 (#1449)
closes #1448
2023-05-21 17:53:58 +03:00
Huang Huang
124c57c6f4
support CIS Kubernetes Benchmark v1.7.0 (#1424) 2023-05-21 15:46:16 +03:00
wangxiaoer
968ee5814e
replace with constant (#1445) 2023-05-16 11:41:49 +03:00
Devendra Turkar
b0e49c8789
fix: ignore the error from findConfigFile (#1440)
When we are trying to access a file from a directory which is not present then we get different error.
We dont have standard error method to check the msg so added string match for this case
2023-05-15 15:01:30 +03:00
Huang Huang
865817dfda
support customize datadir locations of etcd (#1330) 2022-11-25 15:32:49 +02:00
Huang Huang
3ccafa7be1
support CIS Kubernetes V1.24 Benchmark v1.0.0 (#1329) 2022-11-24 15:23:10 +02:00
olcuhu
9660e7842d
fixed issue #1295 by making chavacava's suggestion (#1304)
* fixed issue 1295 by making chavacava's suggestion & ran tests

* removed outer if statement as wasn't checking anything
2022-10-13 17:17:13 +03:00
j-k
a1e2870e83
Migrate to aws-sdk-go-v2 (#1268)
* Migrate to aws-sdk-go-v2

* Update dependencies

Minimum go version increased due to k8s.io/client-go
2022-10-03 08:52:06 +03:00
Huang Huang
07e01cf38c
Support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.1.0 (#1222)
* Support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.1.0

* fix yaml lint error
2022-09-15 09:04:54 +03:00
Huang Huang
41e3e64472
use log instead of print (#1186) 2022-05-22 06:44:07 +02:00
Qiming Teng
02fd0d4be2
Add support to CIS-1.23 1.0.0 (#1148) 2022-04-18 09:27:33 +03:00
Huang Huang
436141eac9
Remove a needless debug log (#1145) 2022-04-05 16:54:17 +03:00
Huang Huang
e0fe5698a0
chore(lint): setup golangci-lint (#1144)
* chore(lint): setup golangci-lint

* linters: gofmt, goimports and misspell

* Update build.yml

Co-authored-by: Matthieu MOREL <mmorel-35@users.noreply.github.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2022-04-05 16:25:45 +03:00
Luis Serra
70a544e916
chore(message): fix wrong PGSQL_DBNAME error message (#1128) 2022-03-28 17:40:04 +03:00
Nick Gibbon
67f8b338d5
fix: remove master and node Commands (#960)
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2022-02-22 18:10:51 +02:00
Huang Huang
9f92e81361
Update docs about the --outputfile flag (#1094) 2022-02-14 19:05:48 +02:00
Huang Huang
d232ae0fb9
Fix the --exit-code flag doesn't work when run with subcommand (#1084) 2022-01-23 09:40:59 +02:00
Huang Huang
1fad8f5083
Update auto-detection codes to support check platform version (#1074)
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2022-01-10 15:25:15 +02:00
Huang Huang
2d6bf55ab2
Support CIS Google Kubernetes Engine (GKE) Benchmark v1.2.0 (#1050)
* Support CIS Google Kubernetes Engine (GKE) Benchmark v1.2.0

* restore gke-1.0

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-12-09 12:04:38 +02:00
Huang Huang
6589eb16e1
Support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.0.1 (#1045)
* Update eks-1.0 to support CIS EKS Benchmark v1.0.1

* add "No remediation"

* rename eks-1.0 to eks-1.0.1

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-11-18 10:42:53 +02:00
ycabrer
7a47197d8b
Allow for usage of env var K8S_HOST in psql (#1026)
* Allow for usage of env var `K8S_HOST` in psql

* small typo fix

* typo fix
2021-10-27 13:32:10 +03:00
Matthieu MOREL
c91a9434c0
Update Gorm (#950)
* Migrate from github.com/jinzhu/gorm to gorm.io/gorm

* apply gofmt

* github.com/aws/aws-sdk-go

* fix
2021-08-09 11:40:01 +03:00
Yoav Rotem
14aef408e8
Fix Junit missing testsuites (#920)
Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls
2021-06-23 18:01:24 +03:00
Yoav Rotem
2d033edc96
New cis v1.20 (#912)
* Add files via upload

* Add new cis support v1.20!

* Fix issue with 1.1.9 and 1.1.10 tests

Tests in some cases stat empty path which will return error.

* Add tests for kubernetes 1.20 and retire 1.15 tests

kubernetes 1.15 is not supported anymore and we shouldn't keep testing it.

* Kubernetes 1.15 is not supported anymore

* Tests for kubernetes 1.20

* Fix yamllint errors

Removed trailing spaces (trailing-spaces)

* Add tests for v1.20

* Remove extra spaces

* Change cis test functions names
2021-06-16 20:55:04 +03:00
Huang Huang
47c2494728
Support CIS ACK 1.0.0 benchmark (#841)
* Support CIS ACK 1.0.0 benchmark

* fix yaml lint

* Fix TestMakeSubsitutions may failed when order of map changed

* Support auto-detect platform when running on ACK

* Apply suggestions from code review

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2021-05-11 11:52:24 +03:00
Yoav Rotem
887965d31f
Add detected kubernetes version (#869)
* Add detected kubernetes version to controls

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

New Control function is expecting detected version argument.

* Add detected kube version

* add detecetedKubeVersion

* Add detecetedKubeVersion

* Add detectedKubeVersion

* Add detecetedKubeVersion

* Fix missing version

* Change version

Change version from 3.10 to rh-0.7

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"
2021-05-09 14:48:34 +03:00
Yoav Rotem
68c2ee2ebf
Add support for Redhat openshift 4.0 cis 1.1.0 (#860) 2021-04-29 17:08:41 +03:00
Yoav Rotem
f2386c0386
Update ocp 3.11 (#849)
* Add OCP auto-detection

* Add test for openshift

* update and fix bugs

update file to match with new kube-bench features and fix bugs

* Update file and fix bugs

update file to match with new kube-bench features and fix bugs

* Remove specific configs

Those configs could be set in main config.yaml

* Update to include openshift files

* fix typos

* fix typo

* Remove trailing spaces

* Update util.go

* Add tests for getOcpValidVersion
2021-03-24 18:06:54 +02:00
Yoav Rotem
50fce51da7
Fix fallback to default version (#834)
* Fix fallback to default version

In some cases kube-bench will crush instead of fallback to default version. 
Fix it to only log that couldn't auto-detect version and used default.

* Fix case with fallback to default version
2021-03-02 16:27:34 +02:00
Yoav Rotem
e308bc1eba
Add version logging (#817)
* Add more logging

issue #816  add more logging for better debug and information about version auto-detection and fix typo

* Fix typo

* Add more logging

issue #816  add more logging for better debug and information about version auto-detection and fix typo

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* Remove extra logging

Co-authored-by: Liz Rice <liz@lizrice.com>
2021-02-23 14:24:14 +00:00
Neha Viswanathan
b2d481812f
deprecate master and node subcommands (#812)
* deprecate master and node subcommands

* deprecate master and node subcommands
2021-02-23 14:23:55 +00:00
Takahiro Tsuruda
4d6de1e2a5
chore: fix defer func in for-loop (#825)
* chore: call defer func for each iteration

Signed-off-by: TakahiroTsuruda <isrgnoe@gmail.com>

* chore: error check
2021-02-23 14:22:15 +00:00
Liz Rice
e4d6ed2e8e
Refactor group skip (#783)
* Add example IAM policy

* Pass RotateKubeletServerCertificate related checks if it's not found (#767)

* Allow for environment variables to be checked in tests (#755)

* Initial commit for checking environment variables for etcd

* Revert config changes

* Remove redundant struct data

* Fix issues with failing tests

* Initial changes based on code review

* Add option to disable envTesting + Update docs

* Initial tests

* Finished testing

* Fix broken tests

* Add a total summary and always show all tests. (#759)

Whether the total summary is shown can be specified with an option.

Fixes #528

Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>

* Update Readme.md file with link to Contribution guide (#754)

* Update License with the year and the owner name

Please add this to make your license agreement strong

* Updated Readme.md file with license and proper documentation links

I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.

* Update LICENSE

* Update README.md

* Update README.md

* Remove erroneous license info

Co-authored-by: Liz Rice <liz@lizrice.com>

* Support auto-detect platform when running on EKS or GKE (#683)

* Support auto-detect platform when running on EKS or GKE

* Change to get platform name from `kubectl version`

* fix regexp and add test

* Update Server Version match for EKS

* try to get version info from api sever at first

* Refactor group skip

changed group 'skip' from being a bool to be 'type' string as done in check

* Change skip: true -> type: skip

Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
2020-12-21 13:18:54 +02:00
Brian Terry
c3f94dd89f
Aws asff (#770)
* add aasf

* add AASF format

* credentials provider

* add finding publisher

* add finding publisher

* add write AASF path

* add testing

* read config from file

* update docker file

* refactor

* remove sample

* add comments

* Add comment in EKS config.yaml

* Fix comment typo

* Fix spelling of ASFF

* Fix typo and other small code review suggestions

* Limit length of Actual result field

Avoids this message seen in testing:
  Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters.

* Add comment for ASFF schema

* Add Security Hub documentation

* go mod tidy

* remove dupe lines in docs

* support integration in any region

* fix README link

* fix README links

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-11-23 19:43:53 +00:00
Borko
ab3881420c
Created config and test files for Azure Kubernetes Service (AKS). (#733)
* First draft of AKS configuration checks.

* Updated Azure Configurations. Added more policy checks.

* Finalized cfg components for AKS.

* Fixed targets for aks-1.0 in common_test.go

* Fixed yaml linting issues.

* Fixed white space yaml linkting issues in policies.yaml

* Fixed white space yaml linting issues in policies.yaml
2020-11-16 14:35:57 +02:00
Wicked
aa2a6f08f3
Add exit-code parameter for when checks have failed (#734)
* Add int command to specify exit code wih a default of 0

* Re-structured to add tests

* Refactor exit code selection
2020-10-29 12:12:45 +02:00
Wicked
3a35c039e5
Add --skip command to skip groups and checks (#751) 2020-10-29 12:03:41 +02:00
Yoav Rotem
714430c7fc
Not exiting when executable not found (#702)
Regrading https://github.com/aquasecurity/kube-bench/issues/701 where kube bench is crushing when not finding components
2020-10-03 11:51:13 +01:00
Neha Viswanathan
82421e5838
retire cis 1.3 and 1.4 (#693) 2020-10-03 11:23:28 +01:00
yoavrotems
7280438eb5
Add cis 1.6 (#678)
* Add new cis version yamls

Add new cis version yamls

* Add new cis version yamls

* Add cis-1.6 to versions table

* support version mapping cis-1.6

* support version mapping cis-1.6

* Update controlplane.yaml

* Update etcd.yaml

* Update node.yaml

* Update policies.yaml

* Create job.data

* Create job-node.data

* Create job-master.data

* Create add-tls-kind.yaml

* Change node version to 1.15.0

* Add tests for cis-1.6

* Delete node_only.yaml

* Change tests 1.1.19-1.1.21

Change 1.1.19-1.1.21 because failing tests

* Update job.data

* Update job-master.data

* Update job-master.data

* Update job.data

* fix 1.2.35 remediation 

tabs instead of spaces

* Update job-master.data

* Remove extra space

* Update job.data

* Create node_only.yaml

* Add tests for cis-1.6

Add tests for cis-1.6 and change some from 1,5 to 1.6

* Fix typo

* Add mapping for cis-1.6

* Remove extra space in 1.2.35 remediation

* Update job.data

* Update job-master.data

* Fix type 1.2.35

* Remove trailing spaces

* Remove trailing spaces

* Remove trailing spaces

* Remove trailing spaces

* Add version 1.19 kubernetes support

* Add version 1.19 kubernetes support

* Add version 1.19 kubernetes support
2020-09-17 16:54:43 +01:00
Huang Huang
456d9b62e2
Default log output to stderr (#696) 2020-09-09 13:46:35 +01:00
Satya Pawan
33f6773a43
Code quality improvements (#677)
* Code quality improvements such -

1. Improves empty string test (len vs str == "")
2. Converts fmt.Sprintf to string literal and Printf to Print where possible (as the dynamic args are missing!)

* Delete .deepsource.toml

Co-authored-by: DeepSource Bot <bot@deepsource.io>
Co-authored-by: Liz Rice <liz@lizrice.com>
2020-09-01 14:50:04 +01:00
Liz Rice
772839fc92
move target mapping to config.yaml - updated version (#682)
* move target mapping to config.yaml

* Update config.yaml

* Update common.go

* Add support for eks-1.0

Add also eks-1.0 to map

* chore: merge correction

* Move file only used for testing

* Tidier logs

* Add target mapping for GKE and EKS

* fingers cross this finishes target mapping

Co-authored-by: Murali Paluru <leodotcloud@gmail.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: yoavrotems <yoavrotems97@gmail.com>
2020-08-30 10:16:21 +03:00
yoavrotems
4b9453bb83
Refactor: remove ContinueWithError (#630)
* Update util.go

Remove Continue with error function

* Update cmd/util.go

Co-authored-by: Liz Rice <liz@lizrice.com>

* Update util.go

* Update util.go

Remove unnecessary ')'

* Update util.go

removed fmt.Fprintf(os.Stderr, "%s: %s", cmd.Args, err) since it wasn't suppose to print.

* Update util.go

* Update .travis.yml

option --no-ri and --no-doc are deprecated we have to use --no-document instead.
https://github.com/rubygems/heroku-buildpack-bundler2/pull/1#issuecomment-451654992

Co-authored-by: Liz Rice <liz@lizrice.com>
2020-08-10 10:12:57 +01:00