* Create cis-1.9 yamls and Update info
- policies.yaml
- 5.1.1 to 5.1.6 were adapted from Manual to Automated
- 5.1.3 got broken down into 5.1.3.1 and 5.1.3.2
- 5.1.6 got broken down into 5.1.6.1 and 5.1.6.2
- version was set to cis-1.9
- node.yaml master.yaml controlplane.yaml etcd.yaml
- version was set to cis-1.9
* Adapt master.yaml
- Expand 1.1.13/1.1.14 checks by adding super-admin.conf to the permission and ownership verification
- Remove 1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual)
- Adjust numbering from 1.2.12 to 1.2.29
* Adjust policies.yaml
- Check 5.2.3 to 5.2.9 Title Automated to Manual
* Append node.yaml
- Create 4.3 kube-config group
- Create 4.3.1 Ensure that the kube-proxy metrics service is bound to localhost (Automated)
* Adjust policies 5.1.3 and 5.1.6
- Merge 5.1.3.1 and 5.1.3.2 into 5.1.3 (use role_is_compliant and clusterrole_is_compliant)
- Remove 5.1.6.1 and promote 5.1.6.2 to 5.1.6 since it natively covered 5.1.6.1 artifacts
* Add kubectl dependency and update publish
- Download kubectl (build stage) based on version and architecture
- Add binary checksum verification
- Use go env GOARCH for ARCH
For fips complaince we need to generate fips compliant images.
As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips
* chore: publish ubi based image
- added publish step to publish ubi image
- updated base image for alpine based dockerfile
* chore: update pipeline image to ubuntu-latest
* Update makefile
Support ppc64le (IBM Power) architecture
* Update .goreleaser.yml
Added support for ppc64le cpu arch
* Update publish.yml
Added support for ppc64le cpu arch
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* Fix Junit missing testsuites
Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls
* test new integration
* Update build.yml
* add wait for job to be ready
* Update build.yml
* Update build.yml
* Update build.yml
* test
* Update job.yaml
* Add wait
* test for logs
* Update job.yaml
* Create Expected_output.data
* Update build.yml
* Update build.yml
* remove empty line
* Add new line at the end
* add ---
* Delete docker.go
* Delete integration.go
* Delete integration_test.go
* Delete integration/testdata/cis-1.20 directory
* Delete integration/testdata/cis-1.6 directory
* Update integration testing
* Remove integration tests
Removed integration testing to github action
* Update build.yml
* Fix go vet issues
* to omit the property from JSON parsing one should use "-". "omit" in
that case would use omit tag
* The error was not reachable in the tests, so I moved it to the place
where it make sense for me (but maybe it was just unnecessary)
* Run all go vet linters in CI
* This return breaks the test
* read-only-port defaults are correct
* Tests that should catch good read-only-port
* Rework checks & tests
* Linting on issue template YAML
* More explicit test for 4.2.4
* Remove verbosity for ease of reading results
* Use subtests
* Tidy more test cases
* Remove unnecessary whitespaces
* Fix a typo
* Add integration tests for cis 1.3 and cis 1.5
* Change the timeout of integration tests from 600s to 1200s
* Avoid repeated codes
* Fixes issue #439: Adds integration testing using KIND
* try integration tests
* started using ticker and timeouts
* trying built container image
* adds load image into KIND
* adds comparison
* fixes as per PR review
The root command will run node checks and if possible master checks.
I've also added some Makefile targets to improve local testing and improve the documentation.
* Replace the default help text
* Readme file, including the test config format documentation
* Typo
* Warn if config files / executables aren't found
* Ignore original name of executable (as per current README)
* Update tests to avoid failing on stat of a non-existant file
* Add a makefile for ease of build
