kube-bench icon indicating copy to clipboard operation
kube-bench copied to clipboard

verified publisher icon aquasecurity

Metadata

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Results 132 kube-bench issues
Sort by recently updated
recently updated
newest added

Search config or bin file via ps when possible

TODO: * [ ] `$apiserverbin` * [ ] `$apiserverconf` * [ ] `$controllermanagerbin` * [ ] `$controllermanagerconf` * [ ] `$etcdbin` * [ ] `$etcdconf` * [ ] `$kubeletbin` *...

mozillazg avatar mozillazg

enhancement

The etcd data directory related checkes support relative path

https://github.com/aquasecurity/kube-bench/blob/77f66511e70c4b2c1f83988786e3de04ec7349db/cfg/cis-1.5/master.yaml#L283-L292 How about support the case that the value of `--data-dir` is relative path: ``` etcd --data-dir=data.etcd ... ```

mozillazg avatar mozillazg

Add support for storing/fetching YAML config(s) and Benchmarks in etcd.

5 comment

Would this feature be desirable? I would be happy to add...

bitvector2 avatar bitvector2

enhancement

Check 4.17

1 comment

Check 4.1.7 is based on flag --ca-file, but CA FILE can be passed in kubelet-config.yaml

SeryioGonzalez avatar SeryioGonzalez

build(deps): bump gorm.io/driver/postgres from 1.3.10 to 1.4.4

Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.3.10 to 1.4.4. Commits e6551c7 Fix autoincrement check, close #88 d3403e4 Allow disable returning from dialector config, close #88 0d0e3a2 Fix possible panic when comment not quoted,...

dependabot[bot] avatar dependabot[bot]

dependencies
go

build(deps): bump gorm.io/gorm from 1.23.10 to 1.24.0

Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.23.10 to 1.24.0. Commits 34fbe84 Add TableName with NamingStrategy support, close #5726 e8f48b5 fix: limit=0 results (#5735) (#5736) 4b22a55 fix: primaryFields are overwritten (#5721) 9564b82 Fix OnConstraint...

dependabot[bot] avatar dependabot[bot]

dependencies
go

build(deps): bump golang from 1.19.0 to 1.19.2

Bumps golang from 1.19.0 to 1.19.2. [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=golang&package-manager=docker&previous-version=1.19.0&new-version=1.19.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot] avatar dependabot[bot]

dependencies
docker

EKS checks for benchmark (1.0.1 and 1.1.0) are not correct

1 comment

Lot of checks which are having Keyword '(Automated)' in the text description is actually having type 'manual' We should check with official benchmark and update those checks accordingly https://downloads.cisecurity.org/#/

anupamtamrakar avatar anupamtamrakar

`if` statement with identical `then` and `else` branches

https://github.com/aquasecurity/kube-bench/blob/dd39b19ffcd26d27b790916e844e3abf87b4a970/cmd/kubernetes_version_test.go#L267-L275 Could be simplified to just ```go if k8sURL != c.expected { t.Errorf("Expected %q but Got %q", k8sURL, c.expected) } ``` ? Found with [revive](https://github.com/mgechev/revive)

chavacava avatar chavacava

Permission error when using SecurityHub

4 comment

**Overview** [A clear and concise description of what the bug is] **How did you run kube-bench?** Creating a cronjob with these args: ``` command: [ "kube-bench", "run", "--targets", "node", "--benchmark",...

ichasco-heytrade avatar ichasco-heytrade

Metadata

6.7k
Stars
1.2k
Forks
Watchers

Owner

verified publisher icon aquasecurity

Metadata

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Back