kube-bench
kube-bench copied to clipboard
aquasecurity
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
Kube bench node reported: [FAIL] 4.2.1 Ensure that the anonymous-auth argument is set to false (Automated) [FAIL] 4.2.2 Ensure that the --authorization-mode argument is not set to AlwaysAllow (Automated) [FAIL]...
Changes to job-master.yaml are also needed in job.yaml to properly check ownership of etcd data dir Issue: https://github.com/aquasecurity/kube-bench/issues/1275 Related to issue: https://github.com/aquasecurity/kube-bench/issues/842 fix the same as in https://github.com/aquasecurity/kube-bench/pull/868
**Overview** ETCD ownership related checks will always failed when running in container. Issue similar to https://github.com/aquasecurity/kube-bench/issues/842 which related to job-master.yaml Mounting directories from host in job.yaml helps with the issue:...
I downloaded the package from https://github.com/aquasecurity/kube-bench/releases/download/v0.6.2/kube-bench_0.6.2_linux_amd64.rpm -o kube-bench_0.6.2_linux_amd64.rpm following the documentation - https://github.com/aquasecurity/kube-bench/blob/main/docs/installation.md After successful download, I fired the following command and it gives me the following vm2047:~/vinod # zypper...
I am trying to run the kube-bench eks yaml, https://github.com/aquasecurity/kube-bench/blob/main/job-eks-asff.yaml. It creates the Service Account, the ConfigMap, and the pod is able to pull the image with no problem. However,...
Bumps [gorm.io/gorm](https://github.com/go-gorm/gorm) from 1.25.5 to 1.25.7. Commits 8fb9a31 refactor: part 2 of distinguish between Unique and UniqueIndex (#6822) 9514d5f let limit and offset use bind parameter (#6806) 46816ad refactor: distinguish...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.1 to 0.29.3. Commits 46588f2 Update dependencies to v0.29.3 tag 403b37f Merge pull request #123763 from liggitt/proto-1.29 92199ae [CVE-2024-24786] Bump github.com/golang/protobuf v1.5.4, google.golang.org/pr... See full diff in...
Bumps [github.com/jackc/pgx/v5](https://github.com/jackc/pgx) from 5.4.3 to 5.5.4. Changelog Sourced from github.com/jackc/pgx/v5's changelog. 5.5.4 (March 4, 2024) Fix CVE-2024-27304 SQL injection can occur if an attacker can cause a single query or...
I copied latest AKS(1.0.0), EKS(1.2.0), GKE(1.2.0) config files and adjusted them to match latest published CIS benchmarks (AKS 1.3, EKS 1.3, GKE 1.4). EKS changes: - 4.5 was removed (was...
Bumps google.golang.org/protobuf from 1.31.0 to 1.33.0. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) You can trigger a rebase of this PR by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- Dependabot commands...
Metadata
Owner
Metadata
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark