release: prepare v0.10.2 (#1803 )

fix: suppress vulnerabilities in kubectl (#1802 )
ci: bump up Go version to 1.23.6 in Github workflows (#1801 )
2026-03-02 17:50:37 +00:00 · 2025-02-12 20:41:39 +06:00 · 2025-02-12 20:26:50 +06:00 · 2025-02-12 20:13:43 +06:00 · 2025-02-12 12:15:11 +06:00 · 2025-02-10 12:11:21 +06:00
9 changed files with 20 additions and 14 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,7 +14,7 @@ on:
      - "LICENSE"
      - "NOTICE"
 env:
-  GO_VERSION: "1.23.5"
+  GO_VERSION: "1.23.6"
  KIND_VERSION: "v0.11.1"
  KIND_IMAGE: "kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6"

--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -5,7 +5,7 @@ on:
    tags:
      - "v*"
 env:
-  GO_VERSION: "1.22.7"
+  GO_VERSION: "1.23.6"
  KIND_VERSION: "v0.11.1"
  KIND_IMAGE: "kindest/node:v1.21.1@sha256:69860bda5563ac81e3c0057d654b5253219618a22ec3a346306239bba8cfa1a6"

--- a/2
+++ b/2
@@ -1,4 +1,4 @@
-FROM golang:1.23.5 AS build
+FROM golang:1.23.6 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
--- a/Dockerfile.fips.ubi
+++ b/Dockerfile.fips.ubi
@@ -1,4 +1,4 @@
-FROM golang:1.23.5 AS build
+FROM golang:1.23.6 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
--- a/Dockerfile.ubi
+++ b/Dockerfile.ubi
@@ -1,4 +1,4 @@
-FROM golang:1.23.5 AS build
+FROM golang:1.23.6 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
--- a/docs/installation.md
+++ b/docs/installation.md
@@ -18,25 +18,31 @@ Install kube-bench binary for your platform using the commands below. Note that
 Ubuntu/Debian:

 ```
-curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.deb -o kube-bench_0.6.2_linux_amd64.deb
+KUBE_BENCH_VERSION=0.10.1

-sudo apt install ./kube-bench_0.6.2_linux_amd64.deb -f
+curl -L https://github.com/aquasecurity/kube-bench/releases/download/v${KUBE_BENCH_VERSION}/kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.deb -o kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.deb
+
+sudo apt install ./kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.deb -f
 ```

 RHEL:

 ```
-curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.rpm -o kube-bench_0.6.2_linux_amd64.rpm
+KUBE_BENCH_VERSION=0.10.1

-sudo yum install kube-bench_0.6.2_linux_amd64.rpm -y
+curl -L https://github.com/aquasecurity/kube-bench/releases/download/v${KUBE_BENCH_VERSION}/kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.rpm -o kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.rpm
+
+sudo yum install kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.rpm -y
 ```

 Alternatively, you can manually download and extract the kube-bench binary:

 ```
-curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.tar.gz -o kube-bench_0.6.2_linux_amd64.tar.gz
+KUBE_BENCH_VERSION=0.10.1

-tar -xvf kube-bench_0.6.2_linux_amd64.tar.gz
+curl -L https://github.com/aquasecurity/kube-bench/releases/download/v${KUBE_BENCH_VERSION}/kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.tar.gz -o kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.tar.gz
+
+tar -xvf kube-bench_${KUBE_BENCH_VERSION}_linux_amd64.tar.gz
 ```

 You can then run kube-bench directly:
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/aquasecurity/kube-bench

-go 1.23.5
+go 1.23.6

 require (
 	github.com/aws/aws-sdk-go-v2 v1.36.0
--- a/job.yaml
+++ b/job.yaml
@@ -11,7 +11,7 @@ spec:
    spec:
      containers:
        - command: ["kube-bench"]
-          image: docker.io/aquasec/kube-bench:v0.10.1
+          image: docker.io/aquasec/kube-bench:v0.10.2
          name: kube-bench
          volumeMounts:
            - name: var-lib-cni
--- a/2
+++ b/2
@@ -11,7 +11,7 @@ uname := $(shell uname -s)
 BUILDX_PLATFORM ?= linux/amd64,linux/arm64,linux/arm,linux/ppc64le,linux/s390x
 DOCKER_ORGS ?= aquasec public.ecr.aws/aquasecurity
 GOARCH ?= $@
-KUBECTL_VERSION ?= 1.31.0
+KUBECTL_VERSION ?= 1.33.0-alpha.1
 ARCH ?= $(shell go env GOARCH)

 ifneq ($(findstring Microsoft,$(shell uname -r)),)
Author	SHA1	Message	Date
afdesk	422a7fc5b1	release: prepare v0.10.2 (#1803 )	2025-02-12 20:41:39 +06:00
afdesk	18e7e35919	fix: suppress vulnerabilities in kubectl (#1802 )	2025-02-12 20:26:50 +06:00
afdesk	f9e2c77967	ci: bump up Go version to 1.23.6 in Github workflows (#1801 )	2025-02-12 20:13:43 +06:00
Grischa Ekart	2de22f84fc	Updated version in documentation and using a version var (#1799 )	2025-02-12 12:15:11 +06:00
Masashi Honma	fcb6517b8b	Bump golang from 1.23.5 to 1.23.6 to fix CVE-2025-22866 (#1800 ) This is the scan result of Trivy. usr/local/bin/kube-bench (gobinary) =================================== Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22866 │ UNKNOWN │ fixed │ 1.23.5 │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │ │ │ │ │ │ │ │ crypto/internal/nistec │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22866 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘ Signed-off-by: Masashi Honma <masashi.honma@gmail.com>	2025-02-10 12:11:21 +06:00