* Add detected kubernetes version to controls
* Refactore NewControls function
Now new Control function is expecting detected version argument.
* Refactore NewControls function
Now new Control function is expecting detected version argument.
* Refactore NewControls function
New Control function is expecting detected version argument.
* Add detected kube version
* add detecetedKubeVersion
* Add detecetedKubeVersion
* Add detectedKubeVersion
* Add detecetedKubeVersion
* Fix missing version
* Change version
Change version from 3.10 to rh-0.7
* fix version: "cis-1.5"
* fix version: "cis-1.5"
* fix version: "cis-1.5"
* Fix version: "cis-1.5"
* Fix version: "cis-1.5"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
* Fix version: "cis-1.6"
* Add example IAM policy
* Pass RotateKubeletServerCertificate related checks if it's not found (#767)
* Allow for environment variables to be checked in tests (#755)
* Initial commit for checking environment variables for etcd
* Revert config changes
* Remove redundant struct data
* Fix issues with failing tests
* Initial changes based on code review
* Add option to disable envTesting + Update docs
* Initial tests
* Finished testing
* Fix broken tests
* Add a total summary and always show all tests. (#759)
Whether the total summary is shown can be specified with an option.
Fixes#528
Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>
* Update Readme.md file with link to Contribution guide (#754)
* Update License with the year and the owner name
Please add this to make your license agreement strong
* Updated Readme.md file with license and proper documentation links
I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.
* Update LICENSE
* Update README.md
* Update README.md
* Remove erroneous license info
Co-authored-by: Liz Rice <liz@lizrice.com>
* Support auto-detect platform when running on EKS or GKE (#683)
* Support auto-detect platform when running on EKS or GKE
* Change to get platform name from `kubectl version`
* fix regexp and add test
* Update Server Version match for EKS
* try to get version info from api sever at first
* Refactor group skip
changed group 'skip' from being a bool to be 'type' string as done in check
* Change skip: true -> type: skip
Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>
* add aasf
* add AASF format
* credentials provider
* add finding publisher
* add finding publisher
* add write AASF path
* add testing
* read config from file
* update docker file
* refactor
* remove sample
* add comments
* Add comment in EKS config.yaml
* Fix comment typo
* Fix spelling of ASFF
* Fix typo and other small code review suggestions
* Limit length of Actual result field
Avoids this message seen in testing:
Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters.
* Add comment for ASFF schema
* Add Security Hub documentation
* go mod tidy
* remove dupe lines in docs
* support integration in any region
* fix README link
* fix README links
Co-authored-by: Liz Rice <liz@lizrice.com>
If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.
Fixes#460
Signed-off-by: John Schnake <jschnake@vmware.com>
This improves the TestControls_RunChecks() test by making
more comprehensive assertions on a more fully fledged input yaml
Fixes: https://github.com/aquasecurity/kube-bench/issues/304
Signed-off-by: Simarpreet Singh <simar@linux.com>
Support new configuration options besides --flags:
- JSON file through `jsonpath`
- YAML file through `yamlpath`
These new options are fully backwards-compatible with the existing
tests.
Added a new profile, 1.11-json, that expects a JSON kubelet
configuration file and scores accordingly. This profile is compatible
with EKS.
