kube-bench
kube-bench copied to clipboard
aquasecurity
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Add the constraints functionality as we have in bench-common, to a single test in "test_item" and the entire group as well.
**Overview** We have a custom Etcd cluster that setup with systemd and bash scripts. We can't pass the 'Etcd Node Configuration' check. **Environment** Kubernetes v1.18.6 Kube-bench: v0.5.0 **Running processes** ```bash...
After [Add new statuses](#916) kube-bench will have 7 different statuses [PASS] [FAIL] [WARN] [INFO] [MANU] [SKIP] [ERRO] It only make sense to have a new output manipulation flag --status which...
Hello there, I'd like to run kube-bench regularly and have the reports made available on a S3 compatible storage (minio). Do you have this feature in your roadmap ?
At the moment the config.yaml file has a `confs` section with a series of candidate file names and locations for the pod configuration for each component. If these components are...
The file `/etc/kubernetes/manifests/etcd.yaml` does not exist on my master node because `etcd` is running on a separate server. I don't know the correct way to determine this situation but my...
Thanks for this tool! We at AWS have a change we’d like to suggest and would love community input and participation in implementing this. The CIS Kubernetes Benchmark is a...
See discussion started under issue #56. It would be great to use kube-bench as part of kubeadm testing to ensure sensible defaults.
We could add support for the Rancher 2.2.x hardening guide. This would require a set of test files under a new `cfg/rancher-2.2` directory.
We have a bunch of audit tools like kube-bench and docker-bench that uses common utilities so bench-common holds these commonalities so improvemnts are in a single location
Metadata
Owner
Metadata
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark