kube-bench
kube-bench copied to clipboard
aquasecurity
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
There are some vulnerabilities in kube-bench image: ``` $ tar zxf kube-bench_0.9.1_linux_amd64.tar.gz $ go version ./kube-bench ./kube-bench: go1.22.7 $ trivy version Version: 0.56.2 Vulnerability DB: Version: 2 UpdatedAt: 2024-10-24 00:22:57.860059738...
https://nvd.nist.gov/vuln/detail/CVE-2024-41110 https://nvd.nist.gov/vuln/detail/CVE-2024-5535
This adds support of CIS OpenShift 1.6 Benchmark. Closes #1457 ### CIS Benchmark Link https://workbench.cisecurity.org/benchmarks/16094 ### CIS Blog mentioning the OpenShift 4.15 release version https://www.cisecurity.org/insights/blog/cis-benchmarks-july-2024-update#CISRedHatOpenShiftContainerPlatformBenchmarkv1.6.0 ### Sample Run #### Command...
**Overview** Got connection refused error from both the checks. ``` "actual_value": "E0822 05:42:06.618603 2911167 memcache.go:265] couldn't get current server API group list: Get \"http://localhost:8080/api?timeout=32s\": dial tcp [::1]:8080: connect: connection refused\nE0822...
Bumps [engineerd/setup-kind](https://github.com/engineerd/setup-kind) from 0.5.0 to 0.6.0. Release notes Sourced from engineerd/setup-kind's releases. Update default KinD version to v0.24.0 This is a maintenance release that updates the default KinD version to...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
The benchmarks are derived using this file [CIS Google Kubernetes Engine (GKE) Benchmark v1.6.0 PDF.pdf](https://github.com/user-attachments/files/16944939/CIS.Google.Kubernetes.Engine.GKE.Benchmark.v1.6.0.PDF.pdf)
Adding AKS 1.5.0 benchmark [CIS_Azure_Kubernetes_Service_(AKS)_Benchmark_V1.5.0_PDF.pdf](https://github.com/user-attachments/files/17005094/CIS_Azure_Kubernetes_Service_.AKS._Benchmark_V1.5.0_PDF.pdf)
Bumps golang from 1.22.7 to 1.23.2. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
**Overview** [A clear and concise description of what the bug is] **How did you run kube-bench?** I modified the permissions of admin.conf and super_admin.conf on all Kubernetes control nodes to...
This PR adds CIS EKS 1.5.0 support for kube-bench. Related issue: https://github.com/aquasecurity/kube-bench/issues/1620
Metadata
Owner
Metadata
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark