github/kube-bench
1
0
Fork 0
mirror of https://github.com/aquasecurity/kube-bench.git synced 2026-02-14 10:00:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,276 Commits 5 Branches 99 Tags
462a50341abe1160214d140bb164c23a67112548
Commit Graph

1276 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
LaibaBareera
462a50341a fix: Checks of rke2-1.8 (#2010) 
* fix: Checks of rke2-1.8

* fix the check 1.1.7 and 1.1.8 in all rke2 versions

* fix the mentioned issues

* fix the check 1.1.11

---------
 2025-12-22 14:00:43 +06:00
dependabot[bot]
60eb8104ad build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#2012) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.66.1 to 1.67.2.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.66.1...service/ecs/v1.67.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-version: 1.67.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-18 16:04:49 +06:00
dependabot[bot]
6eb894633a build(deps): bump github.com/aws/aws-sdk-go-v2/config (#2013) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.32.2 to 1.32.5.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.2...v1.32.5)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-18 15:24:21 +06:00
dependabot[bot]
428f433fae build(deps): bump actions/cache from 4 to 5 (#2011) 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-18 14:50:50 +06:00
dependabot[bot]
8a3701577b build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.40.0 to 1.41.0 (#2014) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.40.0 to 1.41.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.40.0...v1.41.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.41.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-18 14:26:19 +06:00
dependabot[bot]
e3e9e7d390 build(deps): bump github.com/spf13/cobra from 1.10.1 to 1.10.2 (#2005) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.10.1 to 1.10.2.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.10.1...v1.10.2)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-18 14:12:47 +06:00
dependabot[bot]
e25d283dd1 build(deps): bump k8s.io/apimachinery from 0.34.2 to 0.34.3 (#2015) 
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.34.2 to 0.34.3.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.34.2...v0.34.3)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-version: 0.34.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-18 10:16:19 +06:00
jdesouza
b48ee8511f CVE-2025-61729: (#2003) 2025-12-11 18:02:09 +06:00
dependabot[bot]
315817617b build(deps): bump golang from 1.25.4 to 1.25.5 (#2004) 
Bumps golang from 1.25.4 to 1.25.5.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-11 17:21:47 +06:00
dependabot[bot]
227665c9e8 build(deps): bump alpine from 3.22.2 to 3.23.0 (#2006) 
Bumps alpine from 3.22.2 to 3.23.0.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-12-11 14:04:35 +06:00
dependabot[bot]
4fc9c0e7a8 build(deps): bump gorm.io/gorm from 1.31.0 to 1.31.1 (#1995) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.31.0 to 1.31.1.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.31.0...v1.31.1)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-version: 1.31.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 17:41:00 +06:00
dependabot[bot]
1f401b1a50 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1997) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.31.17 to 1.31.20.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.31.17...config/v1.31.20)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.31.20
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 17:27:08 +06:00
dependabot[bot]
10e0a78701 build(deps): bump golang from 1.25.3 to 1.25.4 (#1994) 
Bumps golang from 1.25.3 to 1.25.4.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 17:10:32 +06:00
dependabot[bot]
182cbaa71d build(deps): bump actions/checkout from 5 to 6 (#2001) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 16:32:01 +06:00
dependabot[bot]
7793925b22 build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1998) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.65.2 to 1.65.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.65.2...service/ecs/v1.65.4)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-version: 1.65.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 16:19:28 +06:00
dependabot[bot]
1cf0f8cd92 build(deps): bump k8s.io/client-go from 0.34.1 to 0.34.2 (#1999) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.34.1 to 0.34.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.34.1...v0.34.2)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-27 15:57:25 +06:00
dependabot[bot]
c9382e4e96 build(deps): bump golang.org/x/crypto from 0.36.0 to 0.45.0 (#2000) 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.36.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.36.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-26 10:57:01 +06:00
LaibaBareera
ec1005509f release: prepare-0.14.0 (#1990) 
Co-authored-by: afdesk <work@afdesk.com>
v0.14.0 		2025-11-05 13:50:58 +06:00
LaibaBareera
5678009fae chore: bump up kubectl version to 1.35.0-alpha.2 (#1991) 2025-11-05 13:37:29 +06:00
dependabot[bot]
25f773b279 build(deps): bump k8s.io/client-go from 0.33.4 to 0.34.1 (#1967) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.33.4 to 0.34.1.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.33.4...v0.34.1)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-version: 0.34.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-05 12:56:21 +06:00
dependabot[bot]
e044dcaffb build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1985) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.31.11 to 1.31.15.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.31.11...config/v1.31.15)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.31.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-05 12:36:25 +06:00
dependabot[bot]
6a39a2e516 build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1987) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.64.5 to 1.65.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.64.5...service/s3/v1.65.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-version: 1.65.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-11-05 12:19:10 +06:00
LaibaBareera
496ec149bc fix: update checks 5.1.1, 5.1.2 and 5.1.4 for CIS 1.9 / CIS 1.10 (#1989) 
* Fix the issue 1982

* remove the type manual and revert changes of test in each check

* fix linter error

* changed scored to false for check 5.1.3, 5.1.5, 5.1.6
 2025-11-04 20:05:33 +06:00
LaibaBareera
c7d9863e57 add cis benchmark for rke2-cis-1.8 (#1983) 
* add cis benchmark for rke2-cis-1.8

* fix check 1.1.11, 1.1.7, 1.1.8, 4.1.9 and 4.1.10

* fix the issue in all rke2 versions

---------

Co-authored-by: afdesk <work@afdesk.com>
 2025-11-03 13:18:29 +06:00
dependabot[bot]
0990df031b build(deps): bump actions/setup-python from 5 to 6 (#1951) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 18:53:29 +06:00
dependabot[bot]
c64cf3d19d build(deps): bump actions/checkout from 4 to 5 (#1925) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 18:37:54 +06:00
dependabot[bot]
a983f0c9de build(deps): bump alpine from 3.22.1 to 3.22.2 (#1974) 
Bumps alpine from 3.22.1 to 3.22.2.

---
updated-dependencies:
- dependency-name: alpine
  dependency-version: 3.22.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 16:31:22 +06:00
dependabot[bot]
691afc028c build(deps): bump github.com/spf13/cobra from 1.9.1 to 1.10.1 (#1968) 
Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.9.1 to 1.10.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.9.1...v1.10.1)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-version: 1.10.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 12:33:50 +06:00
dependabot[bot]
02305b2e7a build(deps): bump github.com/spf13/viper from 1.20.1 to 1.21.0 (#1969) 
Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.20.1 to 1.21.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.20.1...v1.21.0)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 12:19:37 +06:00
dependabot[bot]
6d234c5155 build(deps): bump golang from 1.25.1 to 1.25.3 (#1980) 
Bumps golang from 1.25.1 to 1.25.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 12:02:19 +06:00
dependabot[bot]
506198ce97 build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1981) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.64.2 to 1.64.5.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/ecs/v1.64.2...service/iot/v1.64.5)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-version: 1.64.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-10-21 11:01:42 +06:00
Tyler Auerbeck
fd531a75a7 Update golangci lint to v2 (#1972) 
* chore: migrate golangcilint to v2 config

Signed-off-by: Tyler Auerbeck <tylerauerbeck@users.noreply.github.com>

* chore: update golangci-lint version in build workflow

Signed-off-by: Tyler Auerbeck <tylerauerbeck@users.noreply.github.com>

* bump golagci-lint action to v8

Signed-off-by: Tyler Auerbeck <tylerauerbeck@users.noreply.github.com>

---------

Signed-off-by: Tyler Auerbeck <tylerauerbeck@users.noreply.github.com>
Co-authored-by: Tyler Auerbeck <tylerauerbeck@users.noreply.github.com>
 2025-10-07 15:11:10 +06:00
LaibaBareera
295b5e6aa9 release: prepare-0.13 (#1965) v0.13.0 2025-09-29 17:25:11 +06:00
dependabot[bot]
6943f0690a build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1 (#1939) 
Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.10.0 to 1.11.1.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.10.0...v1.11.1)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-version: 1.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 16:32:53 +06:00
dependabot[bot]
f52c5acbe6 build(deps): bump golang from 1.25.0 to 1.25.1 (#1946) 
Bumps golang from 1.25.0 to 1.25.1.

---
updated-dependencies:
- dependency-name: golang
  dependency-version: 1.25.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 15:11:46 +06:00
dependabot[bot]
0fd581935e build(deps): bump gorm.io/gorm from 1.30.1 to 1.31.0 (#1956) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.30.1 to 1.31.0.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.30.1...v1.31.0)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-version: 1.31.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 14:39:18 +06:00
dependabot[bot]
c4dc17c96c build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1960) 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.31.0 to 1.31.9.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.31.0...config/v1.31.9)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.31.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-29 12:13:22 +06:00
LaibaBareera
76804bf7fa feat: add cis benchmark for gke v1.8.0 (#1958) 
* add cis benchmark for gke v1.8.0

* fix linter error

* fix checks for managed services
 2025-09-26 12:18:40 +06:00
Markus Boehme
014ac455b5 eks-1.7.0: allow default value for eventRecordQPS rule (#1954) 
The CIS Benchmark for Amazon EKS v1.7.0, recommendation 3.2.7 asks to
"Ensure that the --eventRecordQPS argument is set to 0 or a level which
ensures appropriate event capture". The --event-qps option on the
command line and the eventRecordQPS option in the configuration file
both have the same default value of 5, but differ in how they treat the
an explicitly set value of 0:

  - The --event-qps command line option treats 0 as the default
    value of 5 QPS.
  - The eventRecordQPS configuration file option treats 0 as unlimited
    (and the absence of the option as the default value of 5 QPS).

Since setting --event-qps=0, using the default value, is acceptable for
the command line option, using the default value for eventRecordQPS by
not explicitly setting the option should be allowed as well. Note that
this is already the case in the configuration for the generic Kubernetes
CIS Benchmark.
 2025-09-26 12:06:18 +06:00
dependabot[bot]
844a28b3fd build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1959) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.62.0 to 1.64.2.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.62.0...service/iot/v1.64.2)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-version: 1.64.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-24 11:37:14 +06:00
LaibaBareera
21dd168736 add checks for cis benchmarks of rh-1.8 (#1945) 
Co-authored-by: afdesk <work@afdesk.com>
 2025-09-16 14:00:14 +06:00
Andy Pitcher
e3becc9f19 Create cis-1.11 (#1944) 
First yamls and Update info
	- Modify yaml versions from 1.10 to 1.11
	- Adapt configmap to cover cis-1.11
	- Adapt docs and cmd files
	- Fix version_mapping in global configMap and common_test.go: Kuberversion for cis-1.11
	- doc: improve version mapping in platforms
Adapt master.yaml
	- modify: 1.1.20 https://workbench.cisecurity.org/benchmarks/19519/tickets/24017 permissions changed from 600 to 644
	- create: 1.2.30 Ensure that the --service-account-extend-token-expiration parameter is set to false (Automated)
Adapt node.yaml
	- Add: 4.2.14 Ensure that the --seccomp-default parameter is set to true (Manual)
	- Add: 4.2.15 Ensure that the --IPAddressDeny is set to any (Manual) - this check is to be removed in CIS-1.1.12, I suggest we discard it.
	- Modify: 4.1.7 Ensure that the certificate authorities file permissions are set to 644 or more restrictive (Manual) - (changed from 600 to 644) https://workbench.cisecurity.org/community/43/discussions/11786
	- Modify: 4.2.4 Verify that if defined, readOnlyPort is set to 0 (Manual) - Added "if defined"
Adapt policies.yaml
	- Modify: 5.1.1 to 5.1.6 from (Automated) to (Manual)
	- Modify: section titled "General Policies" was renumbered from 5.7 in v1.10 to 5.6
 2025-09-09 15:00:43 +06:00
LaibaBareera
52a646c2a3 Add rh 1.4 (#1922) 
* add CIS Benchmark for eks-v1.7

* fix failed test cases

* added eks 1.7 for supported kubernetes version

* added eks 1.7 for supported kubernetes version

* fix failed test cases

* add test cases for it

* fix

* add test case for eks 1.5

* change methodoloy

* fix the issue mentioned in pr

* fix linter error

* Update cmd/util.go

Co-authored-by: afdesk <work@afdesk.com>

* fix the failed test

* add cis benchmark for red hat openshift containre v1.4

* fix failed test cases

* fix checks for rh-1.4

* mark scored true to manual test if they have test cases

* fix check 1.2.4

* rebase the changes in go.sum

---------

Co-authored-by: afdesk <work@afdesk.com>
 2025-09-02 22:28:03 +06:00
dependabot[bot]
0333e55b63 build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.38.0 to 1.38.1 (#1934) 
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.38.0 to 1.38.1.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.38.0...v1.38.1)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2
  dependency-version: 1.38.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-26 15:05:54 +06:00
LaibaBareera
abca29520b release: prepare-0.12 (#1929) 
* release: prepare-0.12

* fix
v0.12.0 		2025-08-22 13:56:21 +06:00
LaibaBareera
858c15c999 update kubectl version (#1933) 2025-08-22 13:38:37 +06:00
dependabot[bot]
2df3826789 build(deps): bump github.com/go-viper/mapstructure/v2 (#1932) 
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.3.0 to 2.4.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.3.0...v2.4.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.4.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-22 12:59:06 +06:00
dependabot[bot]
e9c0f3c8a6 build(deps): bump k8s.io/client-go from 0.33.3 to 0.33.4 (#1931) 
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.33.3 to 0.33.4.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.33.3...v0.33.4)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-version: 0.33.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-19 17:50:58 +06:00
dependabot[bot]
77a5aba051 build(deps): bump gorm.io/gorm from 1.30.0 to 1.30.1 (#1921) 
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.30.0 to 1.30.1.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.30.0...v1.30.1)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-version: 1.30.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-18 14:39:02 +06:00
dependabot[bot]
47b782d4d5 build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1924) 
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.58.2 to 1.62.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.58.2...service/s3/v1.62.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-version: 1.62.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-18 13:18:57 +06:00