Releases: aquasecurity/kube-bench
v0.5.0
Significant changes
- Send kube-bench output to AWS Security Hub in ASFF format
- Job for running on Azure Kubernetes Service
- --skip parameter
- --exit-code parameter
- Customize kubeconfig locations for kube-scheduler and kube-controller
Changelog
ebcb742 Fix 1.1.7 1.1.8 (#798)
9782bee Remove Travis CI related contents (#792)
58c614c Update master.yaml (#797)
06ab5df Rename master branch to main (#778)
888c912 chore: build and push action for ecr and docker (#790)
6452df7 Expected result pattern not always shows (#784)
b6f619c GitHub Actions in correct directory (#787)
e4d6ed2 Refactor group skip (#783)
abe0954 feat: github actions to publish ecr and docker (#782)
ecdd0b4 Fix AWS ECR authentication docs (#781)
4ebfe68 Rename master branch to main
c3f94dd Aws asff (#770)
054c401 Support case which run etcd as systemd service instead of pod (#762)
bd0f59a Added Kubernetes Job for AKS-1.0 tests. (#735)
ab38814 Created config and test files for Azure Kubernetes Service (AKS). (#733)
83b80a5 automate check 3.2.1 Ensure that a minimal audit policy is created (#742)
aa2a6f0 Add exit-code parameter for when checks have failed (#734)
3a35c03 Add --skip command to skip groups and checks (#751)
519f632 Fix command on extract kube-bench binary (#750)
a4c3ce9 Update policies.yaml (#757)
dc84ae3 Fix defaultkubeconfig in config.yaml to resolve variable exposure in remediation when conf is missing (#758)
9474472 Allow for skip to be defined on a group-level skipping all checks inside (#736)
724cea4 Customize kubeconfig location for kube-scheduler and kube-controller-manager (#738)
d026e04 Check tls-cipher-suites using valid_elements op (#739)
58bea9c Fix go vet issues (#720)
f213918 Updated documentation with section on downloading and installing kube-bench on Linux. (#716)
ff0ce66 Fix typo of 1.1.19 in cis-1.6 (#728)
8207532 Since the 1.3 and 1.4 tests were removed, these files are unnecessary. (#727)
a7aa21f Improve Proxykubeconfig tests (#708)
v0.4.0
Changelog
714430c Not exiting when executable not found (#702)
90b7ae6 upgrade to go 1.15 (#706)
82421e5 retire cis 1.3 and 1.4 (#693)
deecf62 Test Travis build condition (#713)
cf305ee Update .travis.yml
7280438 Add cis 1.6 (#678)
041c437 Set actualResult (#703)
1899f26 Note about OpenShift OCP 4.* (#700)
d6de4f7 Multi-arch build (#690)
456d9b6 Default log output to stderr (#696)
41a4059 Create codecov.yml
6702300 Fix remediation typo in 3.1.1 and 4.1.1 (#692)
a8a59d3 docs: more clarification on output states (#691)
f0e30ce Add a trailing slash to find directory path (#687)
3488c83 Updating section id 4.6 (#689)
4e43c9a Update makefile to create kubeconfig (#685)
33f6773 Code quality improvements (#677)
772839f move target mapping to config.yaml - updated version (#682)
01c77b2 chore: improve test clarity (#675)
2d54859 Support CIS v1.5.1 (#673)
07f3c40 Better handling of parameters and config audits (#674)
5d138f6 Fix YAML Linting issue (#672)
10f4e6c Refactor testitem-set (#668)
68c8764 Create bug_report.md
56770b1 Ideas and questions go to Discussions
4b9453b Refactor: remove ContinueWithError (#630)
6684979 Add tests for 1.1.19、1.1.20 and 1.1.21 of cis-1.5 (#641)
a6161aa Warn if kubectl can't autodetect the version (#656)
b0d175b Update default Kubernetes to 1.18 (#657)
e69b2fe Add mappings for eks-1.0 and Kubernetes 1.18 (#654)
5ff32e5 Check PodSecurityPolicy when test 1.2.13 of cis-1.5 (#651)
db109da Support multiple values flag when check the audit output (#652)
ea4eaa6 Fix supported targets for EKS benchmark (#648)
2a325bd make the kubelet cafile test posix compliant (#643)
6669295 4.1.7 of cis-1.5 should not be marked as manual (#640)
50a9dca Dockerfile: Update to alpine-3.12 (#645)
4e00954 docs: add Troubleshooting (#638)
v0.3.1
Note the change to make JSON output valid JSON (#629)
Changelog
20ec5d1 added eks-1.0 cfg and modified job-eks.yaml for node checks (#639)
3e6a41a Try to search the right ca file of kubelet (#633)
1b5b6c2 Remove os.exit When not needed (#631)
52ebfa5 Fix invalid JSON output (#629)
5cf3821 .goreleaser: Create binaries for arm/arm64 (#628)
c7b518e Run audit as shell script instead of as single line command (#610)
122bc4b Fix misspelling - identied / identified (#626)
35cf28c Add integration tests for cis 1.3 and cis 1.5 (#609)
2cf2876 Update Running in an EKS cluster documentation (#621)
305283f Fix OpenShift table layout (#612)
4557ca0 Fix a typo in 1.1.11 of cis-1.5 (#605)
582ce02 Removed references to dep from README.md (#607)
82614d9 Correct typo (#616)
d8234ff docs: update params for logging to screen (#618)
7e87c98 docs: CIS benchmarks are not frequent (#617)
7cd6b32 docs: notes in README for common misunderstandings (#602)
v0.3.0
Changelog
71bc8f5 bumped to gloang 1.14.0 (#594)
9efd942 Add config paths for microk8s (#556)
60f2fb5 Add option to do bitmask (#565)
451721a Add GKE into list of support tests (#597)
b403b36 Get Kubernetes Version: Adds Retry Logic (#593)
06303f6 Add warn reason (#547)
7098835 Support config files which use .yml file extension (#586)
0b07f40 Support parse boolean flag with no value (#579)
d988b81 CIS GKE 1.0.0 benchmark (#570)
237f8cf fix small typo (#592)
65fb352 Change to checking --disable-admission-plugins for cis-1.4-1.1.27 and cis-1.5-1.2.14 (#584)
17cd104 Fixes issue #574: change the PATH in container (#577)
77f6651 Set all host-mounted volumes to be read-only. (#569)
v0.2.3
Changelog
037bb14 added 444, 440, 400 and 000 file permission checks for all benchmarks (#563)
89f8e45 Resolved bug in master.yml for cis-1.5 for the apiserverbin variable name (#567)
813dc6e Integration Tests: Adds generateDiff Function (#561)
27d3266 Dockerfile: Use go 1.13 and alpine 3.11 bases (#560)
4925adb Update .goreleaser.yml (#549)
efcd63a Integration Test: Improves performance and Reliability (#555)
b677c86 remove always true for logtostderr (#548)
48e33d3 fix mismatching checks, tests (#544)
5f34058 Support Linting YAML as part of Travis CI build (#554)
dc14cb1 Update tests for check states (#550)
v0.2.2
v0.2.1
v0.2.0
v0.1.0
Major changes in this release:
- Support for configuration by JSON or executable parameters
- Renaming YAML files to reflect the benchmark numbering rather than Kubernetes version (back-compatible)
Changelog
d7b5422 Fix detection of encryption-provider-config (#513)
7ca438b Fixes Issue 269 - Numbering to use CIS Versions (#511)
13fe1cd Fixes issue #501: specifying absolute path for both ps and cat (#508)
d5a02f7 Fixes Issue #331: Changes the Error Message When Programs are Missing (#497)
56fa231 Remove redundant nil check (#493)
b9be7da Directly convert buffer to string (#492)
09fb3c4 Check error before deferring db.Close() (#491)
51aa10e Update EKS Config & Create EKS Guide (#489)
bf383ec Added .DS_Store and thumbs.db to .gitignore (#463)
01ee110 Fix repetitive flags in some ocp-3.11 tests (#462)
2657c2f Use newer kind load docker-image command (#459)
146de15 removed deprecated field in Travis config (#452)
8276e52 Change 1.3.3 to pass for --use-service-account-credentials=true and --use-service-account-credentials (#442)
d77eab2 master.yaml: Add --audit-policy-file check for 1.1.37. (#440)
37f626d cfg: Make proxy checks optional (#436)
89afda1 Add [Manual test] to remediation in all the manual tests (#435)
d12a45b Properly initialize viper library when checking for master components (#434)
c22f816 Fixes issue #257: removes federated option (#431)
a6ee61f Fixes issue #289: removed versions prior to 1.11 (#429)
91dfeb7 Fixes issue #391: passes KUBEBENCH_VERSION down to Dockerfile (#428)
3aa41db Issue #353: Merges JSON and Exec Params files (#426)
39d9ef9 usr-bin volume mount not required (#424)
04946a4 add snap component paths to default config (#414)
27261d1 Change Kind version (#411)
v0.0.34
Changelog
ea9089b update the yaml according (#410)
ec3b107 Fixes issue #407 (#409)
13dfa15 Fixes Issue #396 - Replaces $kubeletconf for $kubeletsvc (#399)
a2466da Correct 1.1.13 to match CIS spec (#406)
d0d4e95 Updated version support (#385)
7a53806 fixes issue #346 by explicitly only checking read-only property (#404)
4b5a877 Remove some tests from been manual (#398)
f343d36 hyperkube v1.15 renamed "proxy" to "kube-proxy" (#400)
3e5d02e fixes issue #386 (#397)
92df9cb Read kubernetes version from environment (#390)
a3b8ba5 Fix error converting from string to integer (#392)
0d81ef1 Update config.yaml to add Azure AKS file locations for kubelet (#383)
3fba5f4 Fix version command failing because of missing config file it does not need. (#377)
787bf6c Updated check to pass if flag isn't set (#379)
f8b2f6c Correct 1.4.21 text (#356)
136e9cd Remove federated from ocp (#381)
2e27d68 Remove duplicate documentation. (#373)
b8a463f Correction to 1.13 and 1.13-json test 2.1.5 (#380)
22b971a fixes-according-kube-cis1.4.1 (#376)
0422368 issue #369: fixes RotateKubeletServerCertificate tests in 1.13-json (#371)
893aa35 Updated check to pass if flag isn't set (#375)
937bfc7 issue #344: Adds support for array comparison. Every element in the s… (#367)
dab5e92 Issue #363: Adds Unit Tests for Test Comparisons (#366)
7c97f6a Add codecov (#336)
86e3456 issue #243: Changes condition so that score: false tests are performed (#357)
b86dd92 Issue #348: Refactor getFiles into getFiles (#359)
c87c5cf Fixes bugs on tests 2.1.4 and 2.1.5 - 1.13-json (#365)