mirror of
https://github.com/aquasecurity/kube-bench.git
synced 2025-01-12 08:40:57 +00:00
0d1bd2bbd9
* Delete README.md * Edit readme and separate into different files * Update README.md * Update Running.md * Update CONTRIBUTING.md * Create Contributing.md * Add files via upload * Update Index.md * Rename Flags and Commands.md to Flags_and_commands.md * Rename Index.md to index.md * Create mkdocs.yml * Delete images directory * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Update README.md * Create mkdocs-dev.yaml * Create mkdocs-latest.yaml * Update mkdocs.yml * Update mkdocs.yml * Update mkdocs.yml Add yamllint --- * Make it yamllint comply * Make Yamllint comply * Make Yamllint comply * Change description Co-authored-by: Itay Shakury <itay@itaysk.com> * Fix syntax Co-authored-by: Itay Shakury <itay@itaysk.com> * Update docs/Architecture.md Co-authored-by: Itay Shakury <itay@itaysk.com> * Update docs/Architecture.md Co-authored-by: Itay Shakury <itay@itaysk.com> * Update example for test files * Update contributing * Delete Contributing.md * Update Flags_and_commands.md * Change syntax and add source * Update Platforms.md * lower case file names * lower case file names * Lower case file names * Lower case file names * Lower case file names * Lower case file names * Add note about inspect master in some platforms * Add quick start * Lower case files names * Lower case files names * Fixing typo * Remove section about old ocp * Fix typos Co-authored-by: Itay Shakury <itay@itaysk.com>
36 lines
2.8 KiB
Markdown
36 lines
2.8 KiB
Markdown
[download]: https://img.shields.io/github/downloads/aquasecurity/kube-bench/total?logo=github
|
|
[release-img]: https://img.shields.io/github/release/aquasecurity/kube-bench.svg?logo=github
|
|
[release]: https://github.com/aquasecurity/kube-bench/releases
|
|
[docker-pull]: https://img.shields.io/docker/pulls/aquasec/kube-bench?logo=docker&label=docker%20pulls%20%2F%20kube-bench
|
|
[cov-img]: https://codecov.io/github/aquasecurity/kube-bench/branch/main/graph/badge.svg
|
|
[cov]: https://codecov.io/github/aquasecurity/kube-bench
|
|
[report-card-img]: https://goreportcard.com/badge/github.com/aquasecurity/kube-bench
|
|
[report-card]: https://goreportcard.com/report/github.com/aquasecurity/kube-bench
|
|
|
|
![Kube-bench Logo](images/kube-bench.jpg)
|
|
[![GitHub Release][release-img]][release]
|
|
![Downloads][download]
|
|
![Docker Pulls][docker-pull]
|
|
[![Go Report Card][report-card-img]][report-card]
|
|
[![Build Status](https://github.com/aquasecurity/kube-bench/workflows/Build/badge.svg?branch=main)](https://github.com/aquasecurity/kube-bench/actions)
|
|
[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/aquasecurity/kube-bench/blob/main/LICENSE)
|
|
[![Docker image](https://images.microbadger.com/badges/image/aquasec/kube-bench.svg)](https://microbadger.com/images/aquasec/kube-bench "Get your own image badge on microbadger.com")
|
|
[![Source commit](https://images.microbadger.com/badges/commit/aquasec/kube-bench.svg)](https://microbadger.com/images/aquasec/kube-bench)
|
|
[![Coverage Status][cov-img]][cov]
|
|
|
|
|
|
# Kube-bench
|
|
|
|
kube-bench is a Go application that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/).
|
|
|
|
Tests are configured with YAML files, making this tool easy to update as test specifications evolve.
|
|
|
|
|
|
1. kube-bench implements the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/) as closely as possible. Please raise issues here if kube-bench is not correctly implementing the test as described in the Benchmark. To report issues in the Benchmark itself (for example, tests that you believe are inappropriate), please join the [CIS community](https://cisecurity.org).
|
|
|
|
1. There is not a one-to-one mapping between releases of Kubernetes and releases of the CIS benchmark. See [CIS Kubernetes Benchmark support](#cis-kubernetes-benchmark-support) to see which releases of Kubernetes are covered by different releases of the benchmark.
|
|
|
|
1. It is impossible to inspect the master nodes of managed clusters, e.g. GKE, EKS, AKS and ACK, using kube-bench as one does not have access to such nodes, although it is still possible to use kube-bench to check worker node configuration in these environments.
|
|
|
|
For help and more information go to our [github discussions q&a](https://github.com/aquasecurity/kube-bench/discussions/categories/q-a)
|