arno/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2025-01-05 21:30:54 +00:00
Code Issues Releases Wiki Activity
1,042 Commits 9 Branches 84 Tags 158 MiB
ddba9859dd
Commit Graph

1042 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Darius Mejeras
ddba9859dd Merge branch 'official' into newcis 2023-11-20 15:29:14 +02:00
Darius Mejeras
d1c2c0746b Update EKS 1.3 benchmark 2023-11-20 15:27:09 +02:00
Darius Mejeras
865ce7cb54 Update new cis configurations 2023-11-20 15:12:48 +02:00
Benjamin Schimke
53bc12229a feat(cis-1.24-microk8s): Add support to CIS-1.24 for microk8s distro (#1510) 2023-11-20 15:12:48 +02:00
dependabot[bot]
5bb01786cd build(deps): bump github.com/fatih/color from 1.14.1 to 1.16.0 (#1520) 
Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.14.1 to 1.16.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.14.1...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
623ec41f14 build(deps): bump golang from 1.21.1 to 1.21.3 (#1507) 
Bumps golang from 1.21.1 to 1.21.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
66979f29bd build(deps): bump github.com/golang/glog from 1.0.0 to 1.1.2 (#1489) 
Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.0.0 to 1.1.2.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.0.0...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
b1ffa151de build(deps): bump docker/setup-qemu-action from 2 to 3 (#1503) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-11-20 15:12:48 +02:00
chenk
0c7e4818a6 release: prepare-0.6.19 (#1511) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
8b2912830f build(deps): bump docker/build-push-action from 4 to 5 (#1498) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-11-20 15:12:48 +02:00
chenk
96f13701ce release: prepare v0.6.18 (#1509) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-11-20 15:12:48 +02:00
chenk
25dbe6048b release: prepare v0.6.18-rc (#1508) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-11-20 15:12:48 +02:00
AnaisUrlichs
54f5b9793e updates to the readme 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
2a570b0f24 build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 (#1499) 
Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 4 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v4...v5)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
fc4ef87a7b build(deps): bump golang from 1.20.6 to 1.21.1 (#1494) 
Bumps golang from 1.20.6 to 1.21.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
44eb962e92 build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#1495) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-20 15:12:48 +02:00
dependabot[bot]
941968c257 build(deps): bump alpine from 3.18.2 to 3.18.3 (#1487) 
Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-20 15:12:48 +02:00
Benjamin Schimke
fac90f756e
feat(cis-1.24-microk8s): Add support to CIS-1.24 for microk8s distro (#1510) 2023-11-20 12:59:32 +02:00
dependabot[bot]
63055a7332
build(deps): bump github.com/fatih/color from 1.14.1 to 1.16.0 (#1520) 
Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.14.1 to 1.16.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.14.1...v1.16.0)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-11-12 10:47:01 +02:00
dependabot[bot]
dc0580cebe
build(deps): bump golang from 1.21.1 to 1.21.3 (#1507) 
Bumps golang from 1.21.1 to 1.21.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-11-03 18:33:42 +02:00
dependabot[bot]
0918b41eca
build(deps): bump github.com/golang/glog from 1.0.0 to 1.1.2 (#1489) 
Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.0.0 to 1.1.2.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.0.0...v1.1.2)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-10-27 21:45:30 +03:00
dependabot[bot]
2b466ab239
build(deps): bump docker/setup-qemu-action from 2 to 3 (#1503) 
Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3.
- [Release notes](https://github.com/docker/setup-qemu-action/releases)
- [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: docker/setup-qemu-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-10-27 21:35:49 +03:00
chenk
55a18aed87
release: prepare-0.6.19 (#1511) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-10-23 10:03:22 +03:00
dependabot[bot]
7f5a2eb78b
build(deps): bump docker/build-push-action from 4 to 5 (#1498) 
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-10-20 19:31:35 +03:00
chenk
18f8456abd
release: prepare v0.6.18 (#1509) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-10-17 16:28:52 +03:00
chenk
8bc4daae10
release: prepare v0.6.18-rc (#1508) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-10-17 11:34:53 +03:00
AnaisUrlichs
7ad0f2fee6 updates to the readme 
Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>
 2023-10-02 12:39:24 +03:00
dependabot[bot]
276d30ad75
build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 (#1499) 
Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 4 to 5.
- [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases)
- [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md)
- [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v4...v5)

---
updated-dependencies:
- dependency-name: crazy-max/ghaction-docker-meta
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-30 19:34:22 +03:00
dependabot[bot]
e1c6c80d02
build(deps): bump golang from 1.20.6 to 1.21.1 (#1494) 
Bumps golang from 1.20.6 to 1.21.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-16 12:59:20 +03:00
dependabot[bot]
34ef478b41
build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#1495) 
Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5.
- [Release notes](https://github.com/goreleaser/goreleaser-action/releases)
- [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5)

---
updated-dependencies:
- dependency-name: goreleaser/goreleaser-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-12 08:11:27 +03:00
dependabot[bot]
3ef3e9a861
build(deps): bump alpine from 3.18.2 to 3.18.3 (#1487) 
Bumps alpine from 3.18.2 to 3.18.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-09-09 21:37:29 +03:00
Darius Mejeras
651f12d21c Add latest CIS benchmarks 2023-08-09 14:49:43 +03:00
dependabot[bot]
d70459b77c
build(deps): bump golang from 1.20.4 to 1.20.6 (#1475) 
Bumps golang from 1.20.4 to 1.20.6.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-07-28 12:12:45 +03:00
Jonas-Taha El Sesiy
20ad80577c
Bump docker base images (#1465) 
During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE.

```
grype aquasec/kube-bench:v0.6.15
 ✔ Vulnerability DB        [no update available]
 ✔ Loaded image
 ✔ Parsed image
 ✔ Cataloged packages      [73 packages]
 ✔ Scanning image...       [4 vulnerabilities]
   ├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible
   └── 4 fixed
NAME        INSTALLED  FIXED-IN  TYPE  VULNERABILITY  SEVERITY
libcrypto3  3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
libssl3     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
openssl     3.1.0-r4   3.1.1-r0  apk   CVE-2023-2650  High
```

The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html), hence updating the dockerfiles accordingly
 2023-07-26 18:22:19 +03:00
chenk
456684462a
release: prepare v0.6.17 (#1480) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-07-25 12:41:24 +03:00
Guille Vigil
c8cabc4b14
Update job.yaml (#1477) 
* Update job.yaml

Fix on typo for image version

* chore: sync with upstream

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-07-25 12:30:14 +03:00
chenk
8c6915c478
release: prepare v0.6.16 official (#1479) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-07-25 10:33:54 +03:00
chenk
9363cdf8ef
release: prepare v0.6.16-rc (#1476) 
* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

* release: prepare v0.6.16-rc

Signed-off-by: chenk <hen.keinan@gmail.com>

---------

Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-07-24 11:01:43 +03:00
Devendra Turkar
b29ed6b6ed
chore: add fips compliant images (#1473) 
For fips complaince we need to generate fips compliant images.
As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips
 2023-07-24 10:02:19 +03:00
Andy Pitcher
aa16551811
Fix node.yaml - 4.1.7 and 4.1.8 audit by adding uniq (#1472) 2023-07-11 11:45:06 +03:00
Andy Pitcher
40cdc1bfbb
Fix test_items in cis-1.7 - node - 4.2.12 (#1469) 
Related issue: https://github.com/aquasecurity/kube-bench/issues/1468
 2023-07-02 10:50:07 +03:00
dependabot[bot]
e2e353a81a
build(deps): bump actions/setup-go from 3 to 4 (#1402) 
Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-06-24 19:42:03 +03:00
dependabot[bot]
a727d73e8a
build(deps): bump golang from 1.19.4 to 1.20.4 (#1436) 
Bumps golang from 1.19.4 to 1.20.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-06-10 18:07:26 +03:00
chenk
76c25b2db2
release: prepare v0.6.15 (#1455) 
Signed-off-by: chenk <hen.keinan@gmail.com>
 2023-06-06 17:40:44 +03:00
KiranBodipi
ca8743c1f7
add support VMware Tanzu(TKGI) Benchmarks v1.2.53 (#1452) 
* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397

* add Support VMware Tanzu(TKGI) Benchmarks v1.2.53
with this change, we are adding
1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53
2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks.
3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster
Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397
 2023-06-01 16:37:50 +03:00
dependabot[bot]
84f80b59b8
build(deps): bump alpine from 3.17 to 3.18 (#1443) 
Bumps alpine from 3.17 to 3.18.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2023-05-26 13:41:30 +03:00
Huang Huang
60dde65d72
support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.2.0 (#1449) 
closes #1448
 2023-05-21 17:53:58 +03:00
Huang Huang
124c57c6f4
support CIS Kubernetes Benchmark v1.7.0 (#1424) 2023-05-21 15:46:16 +03:00
Huang Huang
e41755ba90
cis-1.24: fix tests of 1.1.1 and 4.2.9 were wrong (#1423) 
fixes #1410
fixes #1421
 2023-05-21 11:39:51 +03:00
dependabot[bot]
6de03bbd7d
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.17.6 to 1.18.0 (#1433) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.17.6 to 1.18.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/CHANGELOG.md)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.17.6...v1.18.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: chenk <hen.keinan@gmail.com>
 2023-05-20 18:45:31 +03:00