kube-bench

mirror of https://github.com/aquasecurity/kube-bench.git synced 2026-02-14 18:10:00 +00:00

Author	SHA1	Message	Date
dependabot[bot]	3db3f736f8	build(deps): bump golangci/golangci-lint-action from 3 to 4 (#1568 ) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3 to 4. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v3...v4) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-19 13:12:30 +02:00
dependabot[bot]	57132a69fd	build(deps): bump gorm.io/driver/postgres from 1.5.4 to 1.5.6 (#1567 ) Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.4 to 1.5.6. - [Commits](https://github.com/go-gorm/postgres/compare/v1.5.4...v1.5.6) --- updated-dependencies: - dependency-name: gorm.io/driver/postgres dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-19 10:27:44 +02:00
dependabot[bot]	f297da6603	build(deps): bump golang from 1.21.6 to 1.22.0 (#1569 ) Bumps golang from 1.21.6 to 1.22.0. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-19 09:51:35 +02:00
dependabot[bot]	66a215189e	build(deps): bump codecov/codecov-action from 3 to 4 (#1561 ) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 3 to 4. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/v3...v4) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-19 09:31:45 +02:00
dependabot[bot]	72eee4b7a4	build(deps): bump alpine from 3.19.0 to 3.19.1 (#1557 ) Bumps alpine from 3.19.0 to 3.19.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-19 09:15:28 +02:00
Kiran Bodipi	ee5e4aff51	update rke-cis-1.24 benchmarks: corrected errors and tests (#1570 ) corrected few benchmarks with title and respective tests Handled type and title mismatch Added missing audit commands	2024-02-15 11:34:31 +02:00
Kiran Bodipi	2374e7b07f	Rancher checks correction (#1563 ) 1. Have modified test criteria such that it produces right output in case of there is no file exists. 2. Have modified the tests wherever root:root is checked multiple times.	2024-02-12 15:29:36 +02:00
Andrey Polovov	faeceb5dfa	job.yaml: Adding /var/lib/cni mounts for proper CIS 1.1.9 and 1.1.0 checking (#1547 ) Signed-off-by: Andrey Polovov <andrey.polovov@flant.com> Signed-off-by: Andrey Pavlov <andrey.pavlov@flant.com> Co-authored-by: Andrey Pavlov <andrey.pavlov@flant.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-11 11:23:17 +02:00
dependabot[bot]	30217061ac	build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1554 ) Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.18.4 to 1.26.6. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.18.4...config/v1.26.6) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-02-03 09:35:10 +02:00
chenk	445c1160cf	release: prepare v0.7.1 (#1559 ) Signed-off-by: chenk <hen.keinan@gmail.com> v0.7.1	2024-01-31 11:57:16 +02:00
Devendra Turkar	57fba224fa	chore: update base image to ubi9 (#1556 )	2024-01-31 09:51:08 +02:00
dependabot[bot]	a93b19f0c0	build(deps): bump k8s.io/client-go from 0.29.0 to 0.29.1 (#1552 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.0 to 0.29.1. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.29.0...v0.29.1) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-28 12:21:47 +02:00
dependabot[bot]	b17aa709b3	build(deps): bump k8s.io/apimachinery from 0.29.0 to 0.29.1 (#1553 ) Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.0 to 0.29.1. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.0...v0.29.1) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-01-27 11:18:39 +02:00
dependabot[bot]	faa1b4be3d	build(deps): bump actions/cache from 3 to 4 (#1551 ) Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-01-26 13:40:45 +02:00
dependabot[bot]	628999c9c5	build(deps): bump golang from 1.21.5 to 1.21.6 (#1549 ) Bumps golang from 1.21.5 to 1.21.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-01-26 13:12:14 +02:00
Kiran Bodipi	13da372a87	Updating the rh-1.0 OCP checks (#1548 ) 1. Added audit commands wherever required. 2. Updated the scripts with type to manual to match the title. 3. Updated the scripts with test_items wherever required. 4. Fixed a typo.	2024-01-23 08:56:40 +02:00
dependabot[bot]	38949874d1	build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.18.0 to 1.24.1 (#1550 ) Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.18.0 to 1.24.1. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.18.0...v1.24.1) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-20 12:22:18 +02:00
dependabot[bot]	39c29fb07a	build(deps): bump alpine from 3.18.3 to 3.19.0 (#1535 ) Bumps alpine from 3.18.3 to 3.19.0. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-01-12 08:01:55 +02:00
dependabot[bot]	cc6c091b41	build(deps): bump gorm.io/driver/postgres from 1.4.6 to 1.5.4 (#1514 ) Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.4.6 to 1.5.4. - [Commits](https://github.com/go-gorm/postgres/compare/v1.4.6...v1.5.4) --- updated-dependencies: - dependency-name: gorm.io/driver/postgres dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-11 11:02:00 +02:00
dependabot[bot]	7efba2b94d	build(deps): bump k8s.io/client-go from 0.26.0 to 0.29.0 (#1540 ) Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.26.0 to 0.29.0. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.26.0...v0.29.0) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-11 10:34:21 +02:00
Devendra Turkar	a4b46f50de	chore: update go version to 1.21 (#1546 ) Updating go version to 1.21	2024-01-10 14:26:50 +02:00
dependabot[bot]	221ff4fd42	build(deps): bump actions/setup-go from 4 to 5 (#1537 ) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 4 to 5. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2024-01-06 11:12:57 +02:00
dependabot[bot]	8c47d59e99	build(deps): bump github.com/spf13/viper from 1.14.0 to 1.18.2 (#1541 ) Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.14.0 to 1.18.2. - [Release notes](https://github.com/spf13/viper/releases) - [Commits](https://github.com/spf13/viper/compare/v1.14.0...v1.18.2) --- updated-dependencies: - dependency-name: github.com/spf13/viper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-01-05 07:59:17 +02:00
dependabot[bot]	151efc3494	build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#1542 ) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.14.0 to 0.17.0. - [Commits](https://github.com/golang/crypto/compare/v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-12-29 20:57:02 +02:00
chenk	58a49da713	release: prepare v0.7.0 (#1543 ) Signed-off-by: chenk <hen.keinan@gmail.com> v0.7.0	2023-12-19 09:08:02 +02:00
dependabot[bot]	64c0492401	build(deps): bump docker/login-action from 2 to 3 (#1500 ) Bumps [docker/login-action](https://github.com/docker/login-action) from 2 to 3. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-12-19 08:42:25 +02:00
mjshastha	7a55d5d57c	Issue: The initial command produces "root:root" as its output only when the file is present. However, if the file is missing, the command will still run successfully, though the desired output of "root:root" won't be obtained. (#1538 ) Fix: To address this, we've modified the command to achieve the following: Verify the existence of the file. If the file is found, show the user and group ownership in the "username:groupname" format. If the file is not found, display the message "File not found." To accommodate this change, we've integrated the expected output "File not found" for instances where the file is absent. This adjustment ensures the successful execution of the test. Co-authored-by: mjshastha <manojshastha.madriki@aquasec.com>	2023-12-18 09:10:07 +02:00
dependabot[bot]	f353bc4cba	build(deps): bump golang from 1.21.3 to 1.21.5 (#1534 ) Bumps golang from 1.21.3 to 1.21.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-13 09:28:12 +02:00
dependabot[bot]	1393449298	build(deps): bump docker/setup-buildx-action from 2 to 3 (#1497 ) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-12-10 14:07:09 +02:00
dependabot[bot]	875fbc7f20	build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.8.0 (#1530 ) Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.6.1 to 1.8.0. - [Release notes](https://github.com/spf13/cobra/releases) - [Commits](https://github.com/spf13/cobra/compare/v1.6.1...v1.8.0) --- updated-dependencies: - dependency-name: github.com/spf13/cobra dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-12-08 08:07:14 +02:00
guangwu	c3e3c4c31c	chore: remove refs to deprecated io/ioutil (#1504 ) Signed-off-by: guoguangwu <guoguangwu@magic-shield.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-12-05 10:52:24 +02:00
dependabot[bot]	292678a907	build(deps): bump actions/checkout from 3 to 4 (#1492 ) Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-12-04 14:18:41 +02:00
Huang Huang	0c553cd2f6	fix wrong use of flag in test_items found in 4.13 and 4.14 (#1528 ) * fix wrong use of flag in test_items found in 4.13 and 4.14 Fixes #1491 * fix for more benchmarks * update integration test * fix test	2023-12-03 09:06:35 +02:00
Huang Huang	92a18e7dfd	support CIS Kubernetes Benchmark v1.8.0 (#1527 ) * support CIS Kubernetes Benchmark v1.8.0 * update version info	2023-12-02 09:59:30 +02:00
dependabot[bot]	ade7cef969	build(deps): bump gorm.io/gorm from 1.25.1 to 1.25.5 (#1516 ) Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.1 to 1.25.5. - [Release notes](https://github.com/go-gorm/gorm/releases) - [Commits](https://github.com/go-gorm/gorm/compare/v1.25.1...v1.25.5) --- updated-dependencies: - dependency-name: gorm.io/gorm dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-12-01 20:11:43 +02:00
Kiran Bodipi	f8fe5ee173	Add CIS Benchmarks support to Rancher Distributions RKE/RKE2/K3s (#1523 ) * add Support VMware Tanzu(TKGI) Benchmarks v1.2.53 with this change, we are adding 1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53 2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks. 3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397 * add Support VMware Tanzu(TKGI) Benchmarks v1.2.53 with this change, we are adding 1. latest kubernetes cis benchmarks for VMware Tanzu1.2.53 2. logic to kube-bench so that kube-bench can auto detect vmware platform, will be able to execute the respective vmware tkgi compliance checks. 3. job-tkgi.yaml file to run the benchmark as a job in tkgi cluster Reference Document for checks: https://network.pivotal.io/products/p-compliance-scanner/#/releases/1248397 * release: prepare v0.6.15 (#1455) Signed-off-by: chenk <hen.keinan@gmail.com> * build(deps): bump golang from 1.19.4 to 1.20.4 (#1436) Bumps golang from 1.19.4 to 1.20.4. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump actions/setup-go from 3 to 4 (#1402) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 3 to 4. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com> * Fix test_items in cis-1.7 - node - 4.2.12 (#1469) Related issue: https://github.com/aquasecurity/kube-bench/issues/1468 * Fix node.yaml - 4.1.7 and 4.1.8 audit by adding uniq (#1472) * chore: add fips compliant images (#1473) For fips complaince we need to generate fips compliant images. As part of this change, we will create new kube-bench image which will be fips compliant. Image name follows this tag pattern <version>-ubi-fips * release: prepare v0.6.16-rc (#1476) * release: prepare v0.6.16-rc Signed-off-by: chenk <hen.keinan@gmail.com> * release: prepare v0.6.16-rc Signed-off-by: chenk <hen.keinan@gmail.com> --------- Signed-off-by: chenk <hen.keinan@gmail.com> * release: prepare v0.6.16 official (#1479) Signed-off-by: chenk <hen.keinan@gmail.com> * Update job.yaml (#1477) * Update job.yaml Fix on typo for image version * chore: sync with upstream Signed-off-by: chenk <hen.keinan@gmail.com> --------- Signed-off-by: chenk <hen.keinan@gmail.com> Co-authored-by: chenk <hen.keinan@gmail.com> * release: prepare v0.6.17 (#1480) Signed-off-by: chenk <hen.keinan@gmail.com> * Bump docker base images (#1465) During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE. ``` grype aquasec/kube-bench:v0.6.15 ✔ Vulnerability DB [no update available] ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [73 packages] ✔ Scanning image... [4 vulnerabilities] ├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible └── 4 fixed NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY libcrypto3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High libssl3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High openssl 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High ``` The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html), hence updating the dockerfiles accordingly * build(deps): bump golang from 1.20.4 to 1.20.6 (#1475) Bumps golang from 1.20.4 to 1.20.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add CIS Benchmarks support to Rancher Distributions RKE/RKE2/K3s Based on the information furnished in https://ranchermanager.docs.rancher.com/v2.7/pages-for-subheaders/rancher-hardening-guides kube-bench executes CIS-1.23 (Kubernetes v1.23) , CIS-1.24(Kubernetes v1.24),CIS-1.7 (Kubernetes v1.25,v1.26,v1.27) CIS Benchmarks of respective distributions. * RKE/RKE2 CIS Benchmarks Updated the order of checks for RKE and RKE2 Platforms. * fixed vulnerabilities\|upgraded package golang.org/x/net to version v0.17.0 * Error handling for RKE Detection Pre-requisites * Based on the information furnished in https://ranchermanager.docs.rancher.com/v2.7/pages-for-subheaders/rancher-hardening-guides#hardening-guides-and-benchmark-versions, kube-bench executes CIS-1.23 (Kubernetes v1.23) , CIS-1.24(Kubernetes v1.24),CIS-1.7 (Kubernetes v1.25,v1.26,v1.27) CIS Benchmarks of respective distributions. updated documentation specific to added rancher platforms * addressed review comments 1.Implemented IsRKE functionality in kube-bench 2. Removed containerd from global level config and accommodated in individual config file 3. Corrected the control id from 1.2.25 to 1.2.23 in master.yaml(k3s-cis-1.23 and k3s-cis-1.24) * Removed unncessary dependency - kubernetes-provider-detector --------- Signed-off-by: chenk <hen.keinan@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: chenk <hen.keinan@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Andy Pitcher <andy.pitcher@suse.com> Co-authored-by: Devendra Turkar <devendra.turkar@gmail.com> Co-authored-by: Guille Vigil <contact@guillermotti.com> Co-authored-by: Jonas-Taha El Sesiy <jonas-taha.elsesiy@snowflake.com>	2023-11-26 12:27:38 +02:00
Benjamin Schimke	fac90f756e	feat(cis-1.24-microk8s): Add support to CIS-1.24 for microk8s distro (#1510 )	2023-11-20 12:59:32 +02:00
dependabot[bot]	63055a7332	build(deps): bump github.com/fatih/color from 1.14.1 to 1.16.0 (#1520 ) Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.14.1 to 1.16.0. - [Release notes](https://github.com/fatih/color/releases) - [Commits](https://github.com/fatih/color/compare/v1.14.1...v1.16.0) --- updated-dependencies: - dependency-name: github.com/fatih/color dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-11-12 10:47:01 +02:00
dependabot[bot]	dc0580cebe	build(deps): bump golang from 1.21.1 to 1.21.3 (#1507 ) Bumps golang from 1.21.1 to 1.21.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-11-03 18:33:42 +02:00
dependabot[bot]	0918b41eca	build(deps): bump github.com/golang/glog from 1.0.0 to 1.1.2 (#1489 ) Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.0.0 to 1.1.2. - [Release notes](https://github.com/golang/glog/releases) - [Commits](https://github.com/golang/glog/compare/v1.0.0...v1.1.2) --- updated-dependencies: - dependency-name: github.com/golang/glog dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-10-27 21:45:30 +03:00
dependabot[bot]	2b466ab239	build(deps): bump docker/setup-qemu-action from 2 to 3 (#1503 ) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 2 to 3. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v2...v3) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-10-27 21:35:49 +03:00
chenk	55a18aed87	release: prepare-0.6.19 (#1511 ) Signed-off-by: chenk <hen.keinan@gmail.com> v0.6.19	2023-10-23 10:03:22 +03:00
dependabot[bot]	7f5a2eb78b	build(deps): bump docker/build-push-action from 4 to 5 (#1498 ) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-10-20 19:31:35 +03:00
chenk	18f8456abd	release: prepare v0.6.18 (#1509 ) Signed-off-by: chenk <hen.keinan@gmail.com> v0.6.18	2023-10-17 16:28:52 +03:00
chenk	8bc4daae10	release: prepare v0.6.18-rc (#1508 ) Signed-off-by: chenk <hen.keinan@gmail.com> v0.6.18-rc	2023-10-17 11:34:53 +03:00
AnaisUrlichs	7ad0f2fee6	updates to the readme Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>	2023-10-02 12:39:24 +03:00
dependabot[bot]	276d30ad75	build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 (#1499 ) Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 4 to 5. - [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v4...v5) --- updated-dependencies: - dependency-name: crazy-max/ghaction-docker-meta dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-30 19:34:22 +03:00
dependabot[bot]	e1c6c80d02	build(deps): bump golang from 1.20.6 to 1.21.1 (#1494 ) Bumps golang from 1.20.6 to 1.21.1. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-16 12:59:20 +03:00
dependabot[bot]	34ef478b41	build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#1495 ) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-12 08:11:27 +03:00
dependabot[bot]	3ef3e9a861	build(deps): bump alpine from 3.18.2 to 3.18.3 (#1487 ) Bumps alpine from 3.18.2 to 3.18.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-09 21:37:29 +03:00

... 3 4 5 6 7 ...

1260 Commits