Commits · 20604a5f86da406a22fbccfc95cf6f1bc83797a6 · GitHub Mirror / aquasecurity / kube-bench

Dec 09, 2024
- fix: change the folder name for certificate files in rke-cis-1.7 · 20604a5f
  Abubakr-Sadik Nii Nai Davis authored 3 months ago
  
  20604a5f
Dec 06, 2024
- fix: k3s-cis-*- CHECK 4.2.1-4.2.3 (#1739) · 64bc0535
  lizhang96 authored 3 months ago
  
  * fix the node kubelet related tests * update the tests
  64bc0535
Dec 05, 2024

build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1743) · 3ee8299b

dependabot[bot] authored 3 months ago

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.4 to 1.28.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.4...config/v1.28.6

)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

3ee8299b

build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1745) · 6aa242e2

dependabot[bot] authored 3 months ago

Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.54.6 to 1.55.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/kendra/v1.54.6...service/s3/v1.55.0

)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

6aa242e2

build(deps): bump gorm.io/driver/postgres from 1.5.9 to 1.5.11 (#1742) · 6da5ff40

dependabot[bot] authored 3 months ago

Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.9 to 1.5.11.
- [Commits](https://github.com/go-gorm/postgres/compare/v1.5.9...v1.5.11

)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

6da5ff40

Nov 29, 2024

build(deps): bump github.com/stretchr/testify from 1.9.0 to 1.10.0 (#1736) · 09aa59e0

dependabot[bot] authored 3 months ago

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.9.0 to 1.10.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.9.0...v1.10.0

)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

09aa59e0

build(deps): bump k8s.io/client-go from 0.31.2 to 0.31.3 (#1738) · 2500ceed

dependabot[bot] authored 3 months ago

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.31.2 to 0.31.3.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.31.2...v0.31.3

)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

2500ceed

Nov 19, 2024

build(deps): bump codecov/codecov-action from 4 to 5 (#1733) · 0eae00cf

dependabot[bot] authored 3 months ago

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4 to 5.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v4...v5

)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

0eae00cf

Nov 18, 2024
- Ensure 127.0.0.1 for the --bind-address parameter (#1723) · 39dfe93b
  Konstantinos Tsakalozos authored 3 months ago
  
  39dfe93b
Nov 16, 2024
- release: prepare v0.9.2 (#1730) · 4de7b209
  afdesk authored 3 months ago
  
  View commits for tag v0.9.2 v0.9.2
  
  4de7b209
Nov 15, 2024

FIX| RKE-CIS-1.24- CHECK 1.1.19 (#1722) · 5eccb498

Saurabh Misra authored 3 months ago

We have added the missing script required for check 1.1.19 in rke-cis-1.24 and made it available to the kube-bench file system(https://github.com/rancher/security-scan/blob/master/package/helper_scripts/check_files_owner_in_dir.sh).

5eccb498

build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1728) · 7ce327f1

dependabot[bot] authored 3 months ago

Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.27.37 to 1.28.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.27.37...config/v1.28.4

)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

7ce327f1

build(deps): bump github.com/golang/glog from 1.2.2 to 1.2.3 (#1726) · 86569452

dependabot[bot] authored 3 months ago

Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.2 to 1.2.3.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.2.2...v1.2.3

)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

86569452

build(deps): bump github.com/spf13/viper from 1.18.2 to 1.19.0 (#1720) · 702107da

dependabot[bot] authored 3 months ago

Bumps [github.com/spf13/viper](https://github.com/spf13/viper) from 1.18.2 to 1.19.0.
- [Release notes](https://github.com/spf13/viper/releases)
- [Commits](https://github.com/spf13/viper/compare/v1.18.2...v1.19.0

)

---
updated-dependencies:
- dependency-name: github.com/spf13/viper
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

702107da

build(deps): bump github.com/fatih/color from 1.16.0 to 1.18.0 (#1719) · 5fac7f62

dependabot[bot] authored 3 months ago

Bumps [github.com/fatih/color](https://github.com/fatih/color) from 1.16.0 to 1.18.0.
- [Release notes](https://github.com/fatih/color/releases)
- [Commits](https://github.com/fatih/color/compare/v1.16.0...v1.18.0

)

---
updated-dependencies:
- dependency-name: github.com/fatih/color
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

5fac7f62

build(deps): bump golang from 1.23.2 to 1.23.3 (#1727) · 27a1942b

dependabot[bot] authored 3 months ago


Bumps golang from 1.23.2 to 1.23.3.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

27a1942b

build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1724) · 9f0f5567

dependabot[bot] authored 3 months ago

Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.54.4 to 1.54.6.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.54.4...service/lambda/v1.54.6

)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

9f0f5567

Nov 06, 2024

build(deps): bump engineerd/setup-kind from 0.5.0 to 0.6.2 (#1721) · ea24d0e2

dependabot[bot] authored 4 months ago

Bumps [engineerd/setup-kind](https://github.com/engineerd/setup-kind) from 0.5.0 to 0.6.2.
- [Release notes](https://github.com/engineerd/setup-kind/releases)
- [Commits](https://github.com/engineerd/setup-kind/compare/v0.5.0...v0.6.2

)

---
updated-dependencies:
- dependency-name: engineerd/setup-kind
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

ea24d0e2

Nov 01, 2024

build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1716) · 74f5c8b8

dependabot[bot] authored 4 months ago

Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.53.3 to 1.54.4.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.53.3...service/s3/v1.54.4

)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

74f5c8b8

build(deps): bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#1718) · e2a97f49

dependabot[bot] authored 4 months ago

Bumps [github.com/spf13/cobra](https://github.com/spf13/cobra) from 1.8.0 to 1.8.1.
- [Release notes](https://github.com/spf13/cobra/releases)
- [Commits](https://github.com/spf13/cobra/compare/v1.8.0...v1.8.1

)

---
updated-dependencies:
- dependency-name: github.com/spf13/cobra
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

e2a97f49

Oct 25, 2024

build(deps): bump gorm.io/gorm from 1.25.10 to 1.25.12 (#1714) · b4000f67

dependabot[bot] authored 4 months ago

Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.10 to 1.25.12.
- [Release notes](https://github.com/go-gorm/gorm/releases)
- [Commits](https://github.com/go-gorm/gorm/compare/v1.25.10...v1.25.12

)

---
updated-dependencies:
- dependency-name: gorm.io/gorm
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

b4000f67

build(deps): bump golang from 1.22.7 to 1.23.2 (#1697) · 86c6a27c

dependabot[bot] authored 4 months ago


Bumps golang from 1.22.7 to 1.23.2.

---
updated-dependencies:
- dependency-name: golang
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

86c6a27c

build(deps): bump k8s.io/client-go from 0.29.3 to 0.31.2 (#1712) · 8a695eb8

dependabot[bot] authored 4 months ago

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.3 to 0.31.2.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.29.3...v0.31.2

)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

8a695eb8

build(deps): bump golangci/golangci-lint-action from 5 to 6 (#1707) · e48c3dd7

dependabot[bot] authored 4 months ago

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5 to 6.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v5...v6

)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

e48c3dd7

Oct 24, 2024

build(deps): bump k8s.io/apimachinery from 0.29.3 to 0.31.1 (#1681) · ddb586d4

dependabot[bot] authored 4 months ago

* build(deps): bump k8s.io/apimachinery from 0.29.3 to 0.31.1

Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.3 to 0.31.1.
- [Commits](https://github.com/kubernetes/apimachinery/compare/v0.29.3...v0.31.1

)

---
updated-dependencies:
- dependency-name: k8s.io/apimachinery
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* skip go toolchain

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

ddb586d4

chore: add go toolchain version (#1710) · 55688950
afdesk authored 4 months ago
```
* chore: add go toolchain version

* bump up toolchain to 1.22.7
```
55688950

Oct 22, 2024

build(deps): bump actions/setup-python from 4 to 5 (#1536) · d5ba5edc

dependabot[bot] authored 4 months ago

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5

)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

d5ba5edc

Oct 21, 2024

build(deps): bump docker/build-push-action from 5 to 6 (#1631) · 0e3dbfa9

dependabot[bot] authored 4 months ago

Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6.
- [Release notes](https://github.com/docker/build-push-action/releases)
- [Commits](https://github.com/docker/build-push-action/compare/v5...v6

)

---
updated-dependencies:
- dependency-name: docker/build-push-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

0e3dbfa9

build(deps): bump golangci/golangci-lint-action from 4 to 5 (#1604) · e9ea1dbb

dependabot[bot] authored 4 months ago

Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4 to 5.
- [Release notes](https://github.com/golangci/golangci-lint-action/releases)
- [Commits](https://github.com/golangci/golangci-lint-action/compare/v4...v5

)

---
updated-dependencies:
- dependency-name: golangci/golangci-lint-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

e9ea1dbb

Oct 16, 2024
- release: prepare v0.9.1 (#1705) · c5dc28ee
  afdesk authored 4 months ago
  
  View commits for tag v0.9.1 v0.9.1
  
  c5dc28ee
- fix: correct TLSCipherSuites to tlsCipherSuites (#1703) · fa478ce2
  Omar kamoun authored 4 months ago
  
  fa478ce2
Oct 15, 2024

build(deps): bump github.com/golang/glog from 1.2.0 to 1.2.2 (#1702) · 1d8f80e8

dependabot[bot] authored 5 months ago

Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.0 to 1.2.2.
- [Release notes](https://github.com/golang/glog/releases)
- [Commits](https://github.com/golang/glog/compare/v1.2.0...v1.2.2

)

---
updated-dependencies:
- dependency-name: github.com/golang/glog
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

1d8f80e8

Oct 11, 2024

Add GKE 1.6 CIS benchmark for GCP environment (#1672) · a15e8aca

Abubakr-Sadik Nii Nai Davis authored 5 months ago


* Add config entries for GKE 1.6 controls

* Add gke1.6 control plane recommendations

* Add gke-1.6.0 worker node recommendations

* Add gke-1.6.0 policy recommendations

* Add managed services and policy recommendation

* Add master recommendations

* Fix formatting across gke-1.6.0 files

* Add gke-1.6.0 benchmark selection based on k8s version

* Workaround: hardcode kubelet config path for gke-1.6.0

* Fix tests for makeIPTablesUtilChaings

* Change scored field for all node tests to true

* Fix kubelet file permission to check for

---------

Co-authored-by: afdesk <work@afdesk.com>

a15e8aca

Oct 10, 2024

build(deps): bump gorm.io/driver/postgres from 1.5.6 to 1.5.9 (#1698) · e4772529

dependabot[bot] authored 5 months ago

Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.6 to 1.5.9.
- [Commits](https://github.com/go-gorm/postgres/compare/v1.5.6...v1.5.9

)

---
updated-dependencies:
- dependency-name: gorm.io/driver/postgres
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

e4772529

Oct 04, 2024

Extend default kubelet configlist to fit AWS EKS (#1637) · e8562f29

Matthias Muth authored 5 months ago

- the latest default Kubernetes setup of AWS has
  its kubelet config path in the added location.
  Proposing to extend the list of scanned paths in
  order to make kube-bench execution more painless
  and "quick start like" in default setups.

e8562f29

fix: rh-1.0 check 4.1.3 typo (#1652) · 3a0ccc44
Arano-kai authored 5 months ago
```
Co-authored-by: Arano-kai <captcha.is(dot)evil(meov)gmail.com>
```
3a0ccc44

build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1696) · c683e939

dependabot[bot] authored 5 months ago

Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.53.1 to 1.53.3.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.53.1...service/iot/v1.53.3

)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

c683e939

Oct 03, 2024

Updated KUBECTL_VERSION to 1.31.0 for fixing vulnerabilities (#1690) · e75cd6bb

jdesouza authored 5 months ago

* Bumped Go to 1.22.7 for fixing Critical/High vulberabilities

* Bumped Go to 1.22.7 for fixing Critical/High vulberabilities

* Bumped kubectl version for fixing vulnerabilities

* Fixed kubectl version

* Update go.mod

e75cd6bb

build(deps): bump alpine from 3.20.0 to 3.20.3 (#1676) · d8f041a8

dependabot[bot] authored 5 months ago


Bumps alpine from 3.20.0 to 3.20.3.

---
updated-dependencies:
- dependency-name: alpine
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

d8f041a8

Oct 01, 2024
- update audit script for cis-1.9 kubernetes policies id 5.1.6 (#1655) · 7ea1d59b
  Winnerson Kharsunai authored 5 months ago
  
  7ea1d59b