release: prepare-0.6.19 (#1511 )

Signed-off-by: chenk <hen.keinan@gmail.com>
build(deps): bump docker/build-push-action from 4 to 5 (#1498 )
2026-03-01 09:10:25 +00:00 · 2023-10-23 10:03:22 +03:00 · 2023-10-20 19:31:35 +03:00 · 2023-10-17 16:28:52 +03:00 · 2023-10-17 11:34:53 +03:00 · 2023-10-02 12:39:24 +03:00
8 changed files with 17 additions and 12 deletions
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -95,7 +95,7 @@ jobs:
        with:
          fetch-depth: 0
      - name: Dry-run release snapshot
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser
          version: v1.7.0
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -41,7 +41,7 @@ jobs:
          password: ${{ secrets.ECR_SECRET_ACCESS_KEY }}
      - name: Get version
        id: get_version
-        uses: crazy-max/ghaction-docker-meta@v4
+        uses: crazy-max/ghaction-docker-meta@v5
        with:
          images: ${{ env.REP }}
          tag-semver: |
@@ -49,7 +49,7 @@ jobs:

      - name: Build and push - Docker/ECR
        id: docker_build
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
@@ -67,7 +67,7 @@ jobs:

      - name: Build and push ubi image - Docker/ECR
        id: docker_build_ubi
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
@@ -86,7 +86,7 @@ jobs:

      - name: Build and push fips ubi image - Docker/ECR
        id: docker_build_fips_ubi
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/amd64,linux/arm64,linux/ppc64le,linux/s390x
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,7 +44,7 @@ jobs:
          second_file_path: integration/testdata/Expected_output.data
          expected_result: PASSED
      - name: Release
-        uses: goreleaser/goreleaser-action@v4
+        uses: goreleaser/goreleaser-action@v5
        with:
          distribution: goreleaser
          version: v1.7.0
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-FROM golang:1.20.4 AS build
+FROM golang:1.21.1 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
@@ -9,7 +9,7 @@ COPY internal/ internal/
 ARG KUBEBENCH_VERSION
 RUN make build && cp kube-bench /go/bin/kube-bench

-FROM alpine:3.18 AS run
+FROM alpine:3.18.3 AS run
 WORKDIR /opt/kube-bench/
 # add GNU ps for -C, -o cmd, and --no-headers support
 # https://github.com/aquasecurity/kube-bench/issues/109
--- a/Dockerfile.fips.ubi
+++ b/Dockerfile.fips.ubi
@@ -1,4 +1,4 @@
-FROM golang:1.20.4 AS build
+FROM golang:1.21.1 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
--- a/Dockerfile.ubi
+++ b/Dockerfile.ubi
@@ -1,4 +1,4 @@
-FROM golang:1.20.4 AS build
+FROM golang:1.21.1 AS build
 WORKDIR /go/src/github.com/aquasecurity/kube-bench/
 COPY makefile makefile
 COPY go.mod go.sum ./
--- a/README.md
+++ b/README.md
@@ -24,7 +24,12 @@ Tests are configured with YAML files, making this tool easy to update as test sp

 ![Kubernetes Bench for Security](/docs/images/output.png "Kubernetes Bench for Security")

-### Quick start
+## CIS Scanning as part of Trivy and the Trivy Operator
+
+[Trivy](https://github.com/aquasecurity/trivy), the all in one cloud native security scanner, can be deployed as a [Kubernetes Operator](https://github.com/aquasecurity/trivy-operator) inside a cluster.
+Both, the [Trivy CLI](https://github.com/aquasecurity/trivy), and the [Trivy Operator](https://github.com/aquasecurity/trivy-operator) support CIS Kubernetes Benchmark scanning among several other features.
+
+## Quick start

 There are multiple ways to run kube-bench.
 You can run kube-bench inside a pod, but it will need access to the host's PID namespace in order to check the running processes, as well as access to some directories on the host where config files and other files are stored.
--- a/job.yaml
+++ b/job.yaml
@@ -11,7 +11,7 @@ spec:
    spec:
      containers:
        - command: ["kube-bench"]
-          image: docker.io/aquasec/kube-bench:v0.6.17
+          image: docker.io/aquasec/kube-bench:v0.6.19
          name: kube-bench
          volumeMounts:
            - mountPath: /var/lib/etcd
Author	SHA1	Message	Date
chenk	55a18aed87	release: prepare-0.6.19 (#1511 ) Signed-off-by: chenk <hen.keinan@gmail.com>	2023-10-23 10:03:22 +03:00
dependabot[bot]	7f5a2eb78b	build(deps): bump docker/build-push-action from 4 to 5 (#1498 ) Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 4 to 5. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v4...v5) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: chenk <hen.keinan@gmail.com>	2023-10-20 19:31:35 +03:00
chenk	18f8456abd	release: prepare v0.6.18 (#1509 ) Signed-off-by: chenk <hen.keinan@gmail.com>	2023-10-17 16:28:52 +03:00
chenk	8bc4daae10	release: prepare v0.6.18-rc (#1508 ) Signed-off-by: chenk <hen.keinan@gmail.com>	2023-10-17 11:34:53 +03:00
AnaisUrlichs	7ad0f2fee6	updates to the readme Signed-off-by: AnaisUrlichs <urlichsanais@gmail.com>	2023-10-02 12:39:24 +03:00
dependabot[bot]	276d30ad75	build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 (#1499 ) Bumps [crazy-max/ghaction-docker-meta](https://github.com/crazy-max/ghaction-docker-meta) from 4 to 5. - [Release notes](https://github.com/crazy-max/ghaction-docker-meta/releases) - [Upgrade guide](https://github.com/docker/metadata-action/blob/master/UPGRADE.md) - [Commits](https://github.com/crazy-max/ghaction-docker-meta/compare/v4...v5) --- updated-dependencies: - dependency-name: crazy-max/ghaction-docker-meta dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-30 19:34:22 +03:00
dependabot[bot]	e1c6c80d02	build(deps): bump golang from 1.20.6 to 1.21.1 (#1494 ) Bumps golang from 1.20.6 to 1.21.1. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-16 12:59:20 +03:00
dependabot[bot]	34ef478b41	build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#1495 ) Bumps [goreleaser/goreleaser-action](https://github.com/goreleaser/goreleaser-action) from 4 to 5. - [Release notes](https://github.com/goreleaser/goreleaser-action/releases) - [Commits](https://github.com/goreleaser/goreleaser-action/compare/v4...v5) --- updated-dependencies: - dependency-name: goreleaser/goreleaser-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-12 08:11:27 +03:00
dependabot[bot]	3ef3e9a861	build(deps): bump alpine from 3.18.2 to 3.18.3 (#1487 ) Bumps alpine from 3.18.2 to 3.18.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-09-09 21:37:29 +03:00
dependabot[bot]	d70459b77c	build(deps): bump golang from 1.20.4 to 1.20.6 (#1475 ) Bumps golang from 1.20.4 to 1.20.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2023-07-28 12:12:45 +03:00
Jonas-Taha El Sesiy	20ad80577c	Bump docker base images (#1465 ) During a recent CVE scan we found kube-bench to use `alpine:3.18` as the final image which has a known high CVE. ``` grype aquasec/kube-bench:v0.6.15 ✔ Vulnerability DB [no update available] ✔ Loaded image ✔ Parsed image ✔ Cataloged packages [73 packages] ✔ Scanning image... [4 vulnerabilities] ├── 0 critical, 4 high, 0 medium, 0 low, 0 negligible └── 4 fixed NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY libcrypto3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High libssl3 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High openssl 3.1.0-r4 3.1.1-r0 apk CVE-2023-2650 High ``` The CVE in question was addressed in the latest [alpine release](https://www.alpinelinux.org/posts/Alpine-3.15.9-3.16.6-3.17.4-3.18.2-released.html), hence updating the dockerfiles accordingly	2023-07-26 18:22:19 +03:00