* Migrate from github.com/jinzhu/gorm to gorm.io/gorm

* apply gofmt

* github.com/aws/aws-sdk-go

* fix

Fix issue https://github.com/aquasecurity/kube-bench/issues/883 but also bug with overriding output when --outputfile is effective and only write the last controls

* Add files via upload

* Add new cis support v1.20!

* Fix issue with 1.1.9 and 1.1.10 tests

Tests in some cases stat empty path which will return error.

* Add tests for kubernetes 1.20 and retire 1.15 tests

kubernetes 1.15 is not supported anymore and we shouldn't keep testing it.

* Kubernetes 1.15 is not supported anymore

* Tests for kubernetes 1.20

* Fix yamllint errors

Removed trailing spaces (trailing-spaces)

* Add tests for v1.20

* Remove extra spaces

* Change cis test functions names

* Support CIS ACK 1.0.0 benchmark

* fix yaml lint

* Fix TestMakeSubsitutions may failed when order of map changed

* Support auto-detect platform when running on ACK

* Apply suggestions from code review

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>

Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>

* Add detected kubernetes version to controls

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

Now new Control function is expecting detected version argument.

* Refactore NewControls function

New Control function is expecting detected version argument.

* Add detected kube version

* add detecetedKubeVersion

* Add detecetedKubeVersion

* Add detectedKubeVersion

* Add detecetedKubeVersion

* Fix missing version

* Change version

Change version from 3.10 to rh-0.7

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.5"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Fix version: "cis-1.6"

* Add OCP auto-detection

* Add test for openshift

* update and fix bugs

update file to match with new kube-bench features and fix bugs

* Update file and fix bugs

update file to match with new kube-bench features and fix bugs

* Remove specific configs

Those configs could be set in main config.yaml

* Update to include openshift files

* fix typos

* fix typo

* Remove trailing spaces

* Update util.go

* Add tests for getOcpValidVersion

* Fix fallback to default version

In some cases kube-bench will crush instead of fallback to default version. 
Fix it to only log that couldn't auto-detect version and used default.

* Fix case with fallback to default version

* Add more logging

issue #816  add more logging for better debug and information about version auto-detection and fix typo

* Fix typo

* Add more logging

issue #816  add more logging for better debug and information about version auto-detection and fix typo

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* tidy logging output

Co-authored-by: Liz Rice <liz@lizrice.com>

* Remove extra logging

Co-authored-by: Liz Rice <liz@lizrice.com>

* deprecate master and node subcommands

* deprecate master and node subcommands

* chore: call defer func for each iteration

Signed-off-by: TakahiroTsuruda <isrgnoe@gmail.com>

* chore: error check

* Add example IAM policy

* Pass RotateKubeletServerCertificate related checks if it's not found (#767)

* Allow for environment variables to be checked in tests (#755)

* Initial commit for checking environment variables for etcd

* Revert config changes

* Remove redundant struct data

* Fix issues with failing tests

* Initial changes based on code review

* Add option to disable envTesting + Update docs

* Initial tests

* Finished testing

* Fix broken tests

* Add a total summary and always show all tests. (#759)

Whether the total summary is shown can be specified with an option.

Fixes #528

Signed-off-by: Christian Zunker <christian.zunker@codecentric.cloud>

* Update Readme.md file with link to Contribution guide (#754)

* Update License with the year and the owner name

Please add this to make your license agreement strong

* Updated Readme.md file with license and proper documentation links

I have added a proper license agreement to the documentation. Also shortened the links to the issues so that it does not break in any on the forks.

* Update LICENSE

* Update README.md

* Update README.md

* Remove erroneous license info

Co-authored-by: Liz Rice <liz@lizrice.com>

* Support auto-detect platform when running on EKS or GKE (#683)

* Support auto-detect platform when running on EKS or GKE

* Change to get platform name from `kubectl version`

* fix regexp and add test

* Update Server Version match for EKS

* try to get version info from api sever at first

* Refactor group skip

changed group 'skip' from being a bool to be 'type' string as done in check

* Change skip: true -> type: skip

Co-authored-by: Huang Huang <mozillazg101@gmail.com>
Co-authored-by: Wicked <jason_attwood@hotmail.co.uk>
Co-authored-by: Christian Zunker <827818+czunker@users.noreply.github.com>
Co-authored-by: Kaiwalya Koparkar <kaiwalyakoparkar@gmail.com>
Co-authored-by: Yoav Rotem <yoavrotems97@gmail.com>

* add aasf

* add AASF format

* credentials provider

* add finding publisher

* add finding publisher

* add write AASF path

* add testing

* read config from file

* update docker file

* refactor

* remove sample

* add comments

* Add comment in EKS config.yaml

* Fix comment typo

* Fix spelling of ASFF

* Fix typo and other small code review suggestions

* Limit length of Actual result field

Avoids this message seen in testing:
  Message:Finding does not adhere to Amazon Finding Format. data.ProductFields['Actual result'] should NOT be longer than 1024 characters.

* Add comment for ASFF schema

* Add Security Hub documentation

* go mod tidy

* remove dupe lines in docs

* support integration in any region

* fix README link

* fix README links

Co-authored-by: Liz Rice <liz@lizrice.com>

* First draft of AKS configuration checks.

* Updated Azure Configurations. Added more policy checks.

* Finalized cfg components for AKS.

* Fixed targets for aks-1.0 in common_test.go

* Fixed yaml linting issues.

* Fixed white space yaml linkting issues in policies.yaml

* Fixed white space yaml linting issues in policies.yaml

* Add int command to specify exit code wih a default of 0

* Re-structured to add tests

* Refactor exit code selection

Regrading https://github.com/aquasecurity/kube-bench/issues/701 where kube bench is crushing when not finding components

* Add new cis version yamls

Add new cis version yamls

* Add new cis version yamls

* Add cis-1.6 to versions table

* support version mapping cis-1.6

* support version mapping cis-1.6

* Update controlplane.yaml

* Update etcd.yaml

* Update node.yaml

* Update policies.yaml

* Create job.data

* Create job-node.data

* Create job-master.data

* Create add-tls-kind.yaml

* Change node version to 1.15.0

* Add tests for cis-1.6

* Delete node_only.yaml

* Change tests 1.1.19-1.1.21

Change 1.1.19-1.1.21 because failing tests

* Update job.data

* Update job-master.data

* Update job-master.data

* Update job.data

* fix 1.2.35 remediation 

tabs instead of spaces

* Update job-master.data

* Remove extra space

* Update job.data

* Create node_only.yaml

* Add tests for cis-1.6

Add tests for cis-1.6 and change some from 1,5 to 1.6

* Fix typo

* Add mapping for cis-1.6

* Remove extra space in 1.2.35 remediation

* Update job.data

* Update job-master.data

* Fix type 1.2.35

* Remove trailing spaces

* Remove trailing spaces

* Remove trailing spaces

* Remove trailing spaces

* Add version 1.19 kubernetes support

* Add version 1.19 kubernetes support

* Add version 1.19 kubernetes support

* Code quality improvements such -

1. Improves empty string test (len vs str == "")
2. Converts fmt.Sprintf to string literal and Printf to Print where possible (as the dynamic args are missing!)

* Delete .deepsource.toml

Co-authored-by: DeepSource Bot <bot@deepsource.io>
Co-authored-by: Liz Rice <liz@lizrice.com>

* move target mapping to config.yaml

* Update config.yaml

* Update common.go

* Add support for eks-1.0

Add also eks-1.0 to map

* chore: merge correction

* Move file only used for testing

* Tidier logs

* Add target mapping for GKE and EKS

* fingers cross this finishes target mapping

Co-authored-by: Murali Paluru <leodotcloud@gmail.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>
Co-authored-by: yoavrotems <yoavrotems97@gmail.com>

* Update util.go

Remove Continue with error function

* Update cmd/util.go

Co-authored-by: Liz Rice <liz@lizrice.com>

* Update util.go

* Update util.go

Remove unnecessary ')'

* Update util.go

removed fmt.Fprintf(os.Stderr, "%s: %s", cmd.Args, err) since it wasn't suppose to print.

* Update util.go

* Update .travis.yml

option --no-ri and --no-doc are deprecated we have to use --no-document instead.
https://github.com/rubygems/heroku-buildpack-bundler2/pull/1#issuecomment-451654992



Co-authored-by: Liz Rice <liz@lizrice.com>

* Add warning if lacking kubeconfig for auto-detect

* Only run getbenchmarkVersion once

* Remove call to continueWithError

* Update default Kubernetes to 1.18

* Add missing mapping

* Show pod logs on failure

* Fix supported targets for EKS benchmark

* docs: heading at wrong level in README

* docs: remove duplicate TOC heading

* Fix invalid argument for gem install

Co-authored-by: Liz Rice <liz@lizrice.com>

* Fix invalid JSON output

Fixes #622

* Apply suggestions from code review

Co-authored-by: Liz Rice <liz@lizrice.com>

* Add tests

Co-authored-by: Liz Rice <liz@lizrice.com>

* Closes #551

* Closes #551

* Update cmd/kubernetes_version.go

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Closes #551

Co-authored-by: Liz Rice <liz@lizrice.com>

* Update check.go

Added new warn_reason value which gives a brief explanation about why the not scored tests failed

* Update common.go

Changed when a not scored test fails because it has a wrong syntax audit command or just running something that can't be run the print the failure. but if the test just fails because it doesn't line up with the cis hardening recommendations then print the remediation text.

* Update check/check.go

fix typo

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update check.go

* Update common.go

* Update check.go

added back os.Exit(1) to  exitWithError

* Update job-master.data

Change some tests output to fit warn reason. (No change to the summary)

* Update job-node.data

Changed some tests output to fit warn reason. (No change to the summary)

* Update job.data

Change some tests output to fit warn reason. (No change to the summary)

* Update common.go

Keep to old way to print manual test output

Co-authored-by: Liz Rice <liz@lizrice.com>
Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>

* Add initial commit for CIS GKE 1.0 benchmark

* Update README with GKE instructions

* Fix YAML linter issues

* Set GKE benchmark k8s version to gke-1.0

* Add tests for gke-1.0

Co-authored-by: Roberto Rojas <robertojrojas@gmail.com>

* Fixes issue #574: change the PATH in container

And change to use `/usr/local/mount-from-host/bin` as mount path.
Fixes #574

* Fix integration tests

* remove always true for logtostderr

* update README for log collection instructions

Co-authored-by: Liz Rice <liz@lizrice.com>

* Adds openshift to autodetect node type

* detect okd node units

* OCP fixes

* isEtcd should not run on openshift 3.10/3.11

* adds openssl

* fixed tests

* fixes bugs

* adds isEtcd tests

* Initial commit.

* Add master and node config.

* Add section 5 of CIS 1.5.1.

* Split sections into section files

* Fix YAML issues.

* adds target translation

* adds target translation

* adds cis-1.5 mapping

* fixed tests

* fixes are per PR

* fixed intergration test

* integration kind test file to appropriate ks8 version

* fixed etcd text

* fixed README

* fixed text

* etcd: fixed grep path

* etcd: fixes

* fixed error message bug

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* Update README.md

Co-Authored-By: Liz Rice <liz@lizrice.com>

* fixes as per PR review

* test: fix TestGetConfigFilePath

This test wasn't correctly creating the test file due to the wrong directory permissions on the temp file. This wasn't detected due to a lack of error checking.

Also, the code was only checking for file not exist rather than lack of permission to read file (or any other error).

The combination of these two things means the test wasn't checking what it thought it was checking, and passed more by luck than judgment.

* add getYamlFilesFromDir

* add getTestYamlFiles and test

* docs: Update master / node help text

* return path + filename from getYamlFilesFromDir

* subcommand run to run specific section files

If running these checks in a CI system it may be beneficial
to output in a more standardized format such as JUnit for
parsing by other tools in a consistent manner.

Fixes #460

Signed-off-by: John Schnake <jschnake@vmware.com>

* Fixes issue #517: Determines Kubernetes version using the REST API

* fixes

* fixes

* adds tests

* fixes

* added more tests

* kubernetes_version_test: Add a missing case for invalid certs

Signed-off-by: Simarpreet Singh <simar@linux.com>

* kubernetes_version_test: Remove un-needed casts

Signed-off-by: Simarpreet Singh <simar@linux.com>

* fixes as per PR review

* fixes as per PR review