github/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2026-02-14 18:10:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: add CIS-1.12 support (#2035)

Browse Source 
- Update master to 1.2.29 and purge CBC ciphers: https://workbench.cisecurity.org/tickets/24968
- Remove TLS_RSA_WITH_AES_256_GCM_SHA384 & TLS_RSA_WITH_AES_128_GCM_SHA256 (CBC support) for node 4.2.12: https://workbench.cisecurity.org/tickets/24968
- Remove node check 4.2.15: https://workbench.cisecurity.org/tickets/24915
- Remove policy 5.2.9 "Minimize the admission of containers with added capabilities" (Manual): https://workbench.cisecurity.org/benchmarks/21709/tickets/25337
- Update "Minimize the admission of containers with capabilities assigned" policies to remove PodSecurityPolicy (PSP) references

Signed-off-by: Andy Pitcher <andy.pitcher@suse.com>
This commit is contained in:
Andy Pitcher
2026-02-12 06:34:08 +01:00
committed by GitHub
parent c1bee59a02
commit f1807bb192
10 changed files with 2151 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/common_test.go
View File

@@ -247,7 +247,9 @@ func TestMapToCISVersion(t *testing.T) {
{kubeVersion: "1.29", succeed: true, exp: "cis-1.11"},
{kubeVersion: "1.30", succeed: true, exp: "cis-1.11"},
{kubeVersion: "1.31", succeed: true, exp: "cis-1.11"},
{kubeVersion: "1.32", succeed: true, exp: "cis-1.11"},
{kubeVersion: "1.32", succeed: true, exp: "cis-1.12"},
{kubeVersion: "1.33", succeed: true, exp: "cis-1.12"},
{kubeVersion: "1.34", succeed: true, exp: "cis-1.12"},
{kubeVersion: "gke-1.2.0", succeed: true, exp: "gke-1.2.0"},
{kubeVersion: "ocp-3.10", succeed: true, exp: "rh-0.7"},
{kubeVersion: "ocp-3.11", succeed: true, exp: "rh-0.7"},