- Feb 12, 2025
-
-
-
afdesk authored
-
afdesk authored
-
Grischa Ekart authored
-
- Feb 10, 2025
-
-
Masashi Honma authored
This is the scan result of Trivy. usr/local/bin/kube-bench (gobinary) =================================== Total: 1 (UNKNOWN: 1, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬──────────────────────────────┬────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼──────────────────────────────┼────────────────────────────────────────────┤ │ stdlib │ CVE-2025-22866 │ UNKNOWN │ fixed │ 1.23.5 │ 1.22.12, 1.23.6, 1.24.0-rc.3 │ Timing sidechannel for P-256 on ppc64le in │ │ │ │ │ │ │ │ crypto/internal/nistec │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2025-22866 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴──────────────────────────────┴────────────────────────────────────────────┘ Signed-off-by:
Masashi Honma <masashi.honma@gmail.com>
-
- Feb 04, 2025
-
-
-
Abubakr-Sadik Nii Nai Davis authored
-
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.3 to 1.55.8. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/iot/v1.55.3...service/wafv2/v1.55.8 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
dependabot[bot] <support@github.com> Co-authored-by:
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
-
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.10 to 1.29.4. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.10...config/v1.29.4 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
-
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.8 to 1.36.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.8...v1.36.0 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
-
dependabot[bot] authored
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.32.0 to 0.32.1. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](https://github.com/kubernetes/client-go/compare/v0.32.0...v0.32.1 ) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
Masashi Honma authored
This is the scan result of Trivy. usr/local/bin/kube-bench (gobinary) Total: 2 (UNKNOWN: 0, LOW: 0, MEDIUM: 2, HIGH: 0, CRITICAL: 0) ┌─────────┬────────────────┬──────────┬────────┬───────────────────┬─────────────────────────────┬──────────────────────────────────────────────────────────────┐ │ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │ ├─────────┼────────────────┼──────────┼────────┼───────────────────┼─────────────────────────────┼──────────────────────────────────────────────────────────────┤ │ stdlib │ CVE-2024-45336 │ MEDIUM │ fixed │ v1.23.4 │ 1.22.11, 1.23.5, 1.24.0-rc2 │ golang: net/http: net/http: sensitive headers incorrectly │ │ │ │ │ │ │ │ sent after cross-domain redirect │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45336 │ │ ├────────────────┤ │ │ │ ├──────────────────────────────────────────────────────────────┤ │ │ CVE-2024-45341 │ │ │ │ │ golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can │ │ │ │ │ │ │ │ bypass URI name... │ │ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-45341 │ └─────────┴────────────────┴──────────┴────────┴───────────────────┴─────────────────────────────┴──────────────────────────────────────────────────────────────┘ Signed-off-by:
-
dependabot[bot] authored
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.32.0 to 0.32.1. - [Commits](https://github.com/kubernetes/apimachinery/compare/v0.32.0...v0.32.1 ) --- updated-dependencies: - dependency-name: k8s.io/apimachinery dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
dependabot[bot] authored
Bumps golang from 1.23.4 to 1.23.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
- Jan 21, 2025
-
-
afdesk authored
-
- Jan 20, 2025
-
-
Lihiz authored
* DEVOPS-788: in order to pass RedHat operator certification, labels must be set on images --------- Co-authored-by:Lihi Zitzer <lihi.zitzer@aquasec.com>
-
- Jan 16, 2025
-
-
- Jan 15, 2025
-
-
afdesk authored
* chore; bump up Go version to 1.23.4 * chore(ci): set up a timeout for go linter * chore: remove deprecated linter checks * chore: bump up golinter timeout to 10sec * chore: bump up golinter action version to v1.61 * chore: fix linter errors * chore: set up a timeout for golinter in Github action
-
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.55.0 to 1.55.3. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/s3/v1.55.0...service/iot/v1.55.3 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.6 to 1.28.10. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.6...config/v1.28.10 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
- Jan 14, 2025
-
-
dependabot[bot] authored
Bumps [github.com/golang/glog](https://github.com/golang/glog) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/golang/glog/releases) - [Commits](https://github.com/golang/glog/compare/v1.2.3...v1.2.4 ) --- updated-dependencies: - dependency-name: github.com/golang/glog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
dependabot[bot] authored
Bumps alpine from 3.21.0 to 3.21.2. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
- Jan 13, 2025
-
-
Andy Pitcher authored
* Create cis-1.10 yamls and Update info - Modify yaml versions from 1.9 to 1.10 - Adapt configmap to cover cis-1.10 - Adapt docs and cmd files * Adapt master.yaml - 1.2.29 update cipher list to remove the following insecure ones (RC4-Based, 3DES-Based, RSA-Based AES CBC): TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA ticket: https://workbench.cisecurity.org/community/43/tickets/21760 * Adapt policies.yaml - 5.1.11 typo in sub-resource name 'certificatesigningrequest' https://workbench.cisecurity.org/tickets/21352 - 5.2.2 new audit to verify if a container is privileged or not. https://workbench.cisecurity.org/tickets/20919 - 5.2.3 new audit to verify the presence of hostPID opt-in across all pods. https://workbench.cisecurity.org/tickets/20919 - 5.2.4 new audit to verify the presence of hostIPC opt-in across all pods. https://workbench.cisecurity.org/tickets/20923 - 5.2.5 new audit to verify the presence of hostNetwork opt-in across all pods. https://workbench.cisecurity.org/tickets/20921 - 5.2.6 new audit to verify the presence of 'allowPrivilegeEscalation' to true across all pods' container(s) - 5.2.6 the 'allowPrivilegeEscalation' setting is moved from 'spec' to 'securityContext' https://workbench.cisecurity.org/tickets/20922 - 5.2.9 new audit to verify the presence of added capabilities across all pods' container(s) * Fix 5.2.6 remediation -
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.32.6 to 1.32.8. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Changelog](https://github.com/aws/aws-sdk-go-v2/blob/main/changelog-template.json) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/v1.32.6...v1.32.8 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
jdesouza authored
-
Guilherme Macedo authored
Signed-off-by:Guilherme Macedo <guilherme@gmacedo.com>
-
- Jan 10, 2025
-
-
Peter Balogh authored
* feat(cfg): add EKS 1.5.0 * fix(cfg): target map * fix: update eks job * fix: target mapping * feat: use CIS EKS 1.5.0 by default * fix: scored in node.yaml Signed-off-by:
Peter Balogh <p.balogh.sa@gmail.com> * doc: add CIS EKS 1.5.0 Signed-off-by:
-
- Dec 16, 2024
-
-
afdesk authored
-
Abubakr-Sadik Nii Nai Davis authored
-
Abubakr-Sadik Nii Nai Davis authored
-
- Dec 12, 2024
-
-
dependabot[bot] authored
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.24.0 to 0.31.0. - [Commits](https://github.com/golang/crypto/compare/v0.24.0...v0.31.0 ) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: indirect ... Signed-off-by:
-
dependabot[bot] authored
Bumps [github.com/magiconair/properties](https://github.com/magiconair/properties) from 1.8.7 to 1.8.9. - [Release notes](https://github.com/magiconair/properties/releases) - [Commits](https://github.com/magiconair/properties/compare/v1.8.7...v1.8.9 ) --- updated-dependencies: - dependency-name: github.com/magiconair/properties dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
dependabot[bot] authored
Bumps golang from 1.23.3 to 1.23.4. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
- Dec 11, 2024
-
-
dependabot[bot] authored
Bumps alpine from 3.20.3 to 3.21.0. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
-
- Dec 09, 2024
-
-
afdesk authored
-
Abubakr-Sadik Nii Nai Davis authored
-
- Dec 06, 2024
-
-
lizhang96 authored
* fix the node kubelet related tests * update the tests
-
- Dec 05, 2024
-
-
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.28.4 to 1.28.6. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/config/v1.28.4...config/v1.28.6 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/config dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
dependabot[bot] authored
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.54.6 to 1.55.0. - [Release notes](https://github.com/aws/aws-sdk-go-v2/releases) - [Commits](https://github.com/aws/aws-sdk-go-v2/compare/service/kendra/v1.54.6...service/s3/v1.55.0 ) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go-v2/service/securityhub dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by:
-
dependabot[bot] authored
Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.5.9 to 1.5.11. - [Commits](https://github.com/go-gorm/postgres/compare/v1.5.9...v1.5.11 ) --- updated-dependencies: - dependency-name: gorm.io/driver/postgres dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by:
-
![dependabot[bot]'s avatar](https://avatars.shivering-isles.com/avatar/bd5a8d6c673b738d52b0ac42a110045f3f964b3ebfc1d60ea805af743b1dc0e6?s=64&d=identicon "dependabot[bot]")
