kube-bench

mirror of https://github.com/aquasecurity/kube-bench.git synced 2026-02-14 18:10:00 +00:00

Author	SHA1	Message	Date
dependabot[bot]	6d234c5155	build(deps): bump golang from 1.25.1 to 1.25.3 (#1980 ) Bumps golang from 1.25.1 to 1.25.3. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-21 12:02:19 +06:00
dependabot[bot]	f52c5acbe6	build(deps): bump golang from 1.25.0 to 1.25.1 (#1946 ) Bumps golang from 1.25.0 to 1.25.1. --- updated-dependencies: - dependency-name: golang dependency-version: 1.25.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-09-29 15:11:46 +06:00
dependabot[bot]	7a18d0bddf	build(deps): bump golang from 1.24.5 to 1.24.6 (#1926 ) Bumps golang from 1.24.5 to 1.24.6. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-08-18 12:21:48 +06:00
dependabot[bot]	77eff279ce	build(deps): bump golang from 1.24.4 to 1.24.5 (#1906 ) Bumps golang from 1.24.4 to 1.24.5. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-07-28 21:59:34 +06:00
dependabot[bot]	666e0aae71	build(deps): bump golang from 1.24.3 to 1.24.4 (#1888 ) Bumps golang from 1.24.3 to 1.24.4. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-06-17 12:48:00 +06:00
dependabot[bot]	ad826cd83c	build(deps): bump golang from 1.24.2 to 1.24.3 (#1873 ) Bumps golang from 1.24.2 to 1.24.3. --- updated-dependencies: - dependency-name: golang dependency-version: 1.24.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-05-13 09:58:58 +06:00
Masashi Honma	6e454a1dd5	Fix CVEs (#1857 ) Resolves #1852. usr/local/bin/kube-bench (gobinary) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) ┌──────────────────┬────────────────┬──────────┬────────┬───────────────────┬────────────────┬──────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├──────────────────┼────────────────┼──────────┼────────┼───────────────────┼────────────────┼──────────────────────────────────────────────────────────┤ │ golang.org/x/net │ CVE-2025-22872 │ MEDIUM │ fixed │ v0.36.0 │ 0.38.0 │ The tokenizer incorrectly interprets tags with unquoted │ │ │ │ │ │ │ │ attribute valu ... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22872 │ ├──────────────────┼────────────────┤ │ ├───────────────────┼────────────────┼──────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22871 │ │ │ v1.24.1 │ 1.23.8, 1.24.2 │ net/http: Request smuggling due to acceptance of invalid │ │ │ │ │ │ │ │ chunked data in net/http... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22871 │ └──────────────────┴────────────────┴──────────┴────────┴───────────────────┴────────────────┴──────────────────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2025-04-23 12:54:40 +06:00
dependabot[bot]	594eb2cf18	build(deps): bump golang from 1.23.6 to 1.24.0 (#1805 ) Bumps golang from 1.23.6 to 1.24.0. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: afdesk <work@afdesk.com>	2025-03-11 12:14:58 +06:00
Masashi Honma	fcb6517b8b	Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 (#1800 ) This is the scan result of Trivy. usr/local/bin/kube-bench (gobinary) =================================== Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22866 │ UNKNOWN │ fixed │ 1.23.5 │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │ │ │ │ │ │ │ │ crypto/internal/nistec │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22866 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2025-02-10 12:11:21 +06:00
dependabot[bot]	b1547c0b6b	build(deps): bump golang from 1.23.4 to 1.23.5 (#1787 ) Bumps golang from 1.23.4 to 1.23.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-02-04 16:42:00 +06:00
afdesk	fcfb537ac1	fix(ci): add missed args for building docker images (#1788 )	2025-01-21 22:36:54 +06:00
Lihiz	5557601134	DEVOPS-788: in order to pass RedHat operator certification, labels mu… (#1781 ) * DEVOPS-788: in order to pass RedHat operator certification, labels must be set on images --------- Co-authored-by: Lihi Zitzer <lihi.zitzer@aquasec.com>	2025-01-20 17:47:55 +02:00
dependabot[bot]	84fb69d65e	build(deps): bump golang from 1.23.3 to 1.23.4 (#1752 ) Bumps golang from 1.23.3 to 1.23.4. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-12-12 13:23:48 +06:00
Saurabh Misra	5eccb498c1	FIX\| RKE-CIS-1.24- CHECK 1.1.19 (#1722 ) We have added the missing script required for check 1.1.19 in rke-cis-1.24 and made it available to the kube-bench file system(https://github.com/rancher/security-scan/blob/master/package/helper_scripts/check_files_owner_in_dir.sh).	2024-11-15 18:32:24 +06:00
dependabot[bot]	27a1942bcc	build(deps): bump golang from 1.23.2 to 1.23.3 (#1727 ) Bumps golang from 1.23.2 to 1.23.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-11-15 15:39:05 +06:00
dependabot[bot]	86c6a27cc4	build(deps): bump golang from 1.22.7 to 1.23.2 (#1697 ) Bumps golang from 1.22.7 to 1.23.2. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-10-25 14:08:26 +06:00
mjshastha	f8b6f2fc19	chore: fixed vulns - bump Go version (#1687 )	2024-09-24 12:12:40 +06:00
dependabot[bot]	5a3fd1d896	build(deps): bump golang from 1.22.2 to 1.22.4 (#1629 ) Bumps golang from 1.22.2 to 1.22.4. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-07-04 08:46:34 +03:00
Andy Pitcher	7027b6b2ec	Add CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 (#1617 ) * Create cis-1.9 yamls and Update info - policies.yaml - 5.1.1 to 5.1.6 were adapted from Manual to Automated - 5.1.3 got broken down into 5.1.3.1 and 5.1.3.2 - 5.1.6 got broken down into 5.1.6.1 and 5.1.6.2 - version was set to cis-1.9 - node.yaml master.yaml controlplane.yaml etcd.yaml - version was set to cis-1.9 * Adapt master.yaml - Expand 1.1.13/1.1.14 checks by adding super-admin.conf to the permission and ownership verification - Remove 1.2.12 Ensure that the admission control plugin SecurityContextDeny is set if PodSecurityPolicy is not used (Manual) - Adjust numbering from 1.2.12 to 1.2.29 * Adjust policies.yaml - Check 5.2.3 to 5.2.9 Title Automated to Manual * Append node.yaml - Create 4.3 kube-config group - Create 4.3.1 Ensure that the kube-proxy metrics service is bound to localhost (Automated) * Adjust policies 5.1.3 and 5.1.6 - Merge 5.1.3.1 and 5.1.3.2 into 5.1.3 (use role_is_compliant and clusterrole_is_compliant) - Remove 5.1.6.1 and promote 5.1.6.2 to 5.1.6 since it natively covered 5.1.6.1 artifacts * Add kubectl dependency and update publish - Download kubectl (build stage) based on version and architecture - Add binary checksum verification - Use go env GOARCH for ARCH	2024-06-26 15:53:57 +03:00
dependabot[bot]	2a8615befd	build(deps): bump golang from 1.22.1 to 1.22.2 (#1596 ) Bumps golang from 1.22.1 to 1.22.2. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-05-03 19:35:58 +03:00
dependabot[bot]	dc7441620f	build(deps): bump golang from 1.22.0 to 1.22.1 (#1583 ) Bumps golang from 1.22.0 to 1.22.1. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-03-29 14:10:34 +03:00
dependabot[bot]	f297da6603	build(deps): bump golang from 1.21.6 to 1.22.0 (#1569 ) Bumps golang from 1.21.6 to 1.22.0. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-19 09:51:35 +02:00
Devendra Turkar	57fba224fa	chore: update base image to ubi9 (#1556 )	2024-01-31 09:51:08 +02:00
dependabot[bot]	628999c9c5	build(deps): bump golang from 1.21.5 to 1.21.6 (#1549 ) Bumps golang from 1.21.5 to 1.21.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-01-26 13:12:14 +02:00
dependabot[bot]	f353bc4cba	build(deps): bump golang from 1.21.3 to 1.21.5 (#1534 ) Bumps golang from 1.21.3 to 1.21.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 09:28:12 +02:00
dependabot[bot]	dc0580cebe	build(deps): bump golang from 1.21.1 to 1.21.3 (#1507 ) Bumps golang from 1.21.1 to 1.21.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-11-03 18:33:42 +02:00
dependabot[bot]	e1c6c80d02	build(deps): bump golang from 1.20.6 to 1.21.1 (#1494 ) Bumps golang from 1.20.6 to 1.21.1. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-16 12:59:20 +03:00
dependabot[bot]	d70459b77c	build(deps): bump golang from 1.20.4 to 1.20.6 (#1475 ) Bumps golang from 1.20.4 to 1.20.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-28 12:12:45 +03:00
Devendra Turkar	b29ed6b6ed	chore: add fips compliant images (#1473 ) For fips complaince we need to generate fips compliant images. As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips	2023-07-24 10:02:19 +03:00

29 Commits