kube-bench
kube-bench copied to clipboard
aquasecurity
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
### Discussed in https://github.com/aquasecurity/kube-bench/discussions/1694 Originally posted by **heitzflorian** September 27, 2024 Actually the kube-apiserver --request-timeout is a "manual" type check with the following specifications: ```yaml= - id: 1.2.20 text: "Ensure...
## Description [CIS Kubernetes Benchmark v1.10.0](https://workbench.cisecurity.org/benchmarks/17568) (targets k8s v1.28 - v1.31) has been released in CIS Workbench. ### Discussed in https://github.com/aquasecurity/kube-bench/discussions/1692
**Overview** Got this result after the run: ``` [WARN] 1.1.9 Ensure that the Container Network Interface file permissions are set to 600 or more restrictive (Manual) [WARN] 1.1.10 Ensure that...
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.2.1 to 2.3.0. Release notes Sourced from github.com/go-viper/mapstructure/v2's releases. v2.3.0 What's Changed build(deps): bump actions/checkout from 4.1.7 to 4.2.0 by @dependabot in go-viper/mapstructure#46 build(deps): bump golangci/golangci-lint-action from...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.29.16 to 1.29.17. Commits fe7486f Release 2025-06-17 1b6cafd Regenerated Clients 8db1137 Update API model 3c5cc0e Bump smithy go version (#3115) 6746486 Release 2025-06-16 f536b0d Regenerated Clients b014b35...
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.33.1 to 0.33.2. Commits f2e6cad Update dependencies to v0.33.2 tag See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR...
Bumps [github.com/aws/aws-sdk-go-v2](https://github.com/aws/aws-sdk-go-v2) from 1.36.4 to 1.36.5. Commits fe7486f Release 2025-06-17 1b6cafd Regenerated Clients 8db1137 Update API model 3c5cc0e Bump smithy go version (#3115) 6746486 Release 2025-06-16 f536b0d Regenerated Clients b014b35...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.57.5 to 1.58.0. Commits 66f75b6 Release 2024-07-02 607ebbf Regenerated Clients 2307971 Update API model 59bb031 Release 2024-07-01 bdced9d Regenerated Clients ee8f044 Update endpoints model 0eeba41 Update API...
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.33.1 to 0.33.2. Commits See full diff in compare view [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...
**Overview** When running on nodes that don't have checked files (e.g. `/etc/kubernetes/scheduler.conf`) the check says the permissions fail even though the file doesn't exst. **How did you run kube-bench?** Via...
Metadata
Owner
Metadata
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark