kube-bench
kube-bench copied to clipboard
aquasecurity
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
## Description Support CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 - Related #1613
Per offical CIS benchmark PDFs, the cis versions are slightly off in the docs CIS v1.7.1 calls out > This document provides prescriptive guidance for establishing a secure configuration >...
Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4 to 5. Release notes Sourced from golangci/golangci-lint-action's releases. v5.0.0 What's Changed skip-pkg-cache and skip-build-cache have been removed because the cache related to Go itself is already...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps golang from 1.22.2 to 1.22.3. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [k8s.io/apimachinery](https://github.com/kubernetes/apimachinery) from 0.29.3 to 0.30.0. Commits 37988e5 Merge remote-tracking branch 'origin/master' into release-1.30 c857a38 Update x/net for CVE-2023-45288 0407311 followup to allow special characters 25164f7 Merge pull request #123435...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.29.1 to 1.48.1. Commits efd9c26 Release 2024-01-24 0e5a5b4 Regenerated Clients c694229 Update API model 7365edd codegen: normalize adding of sigv4a config based on trait presence (#2465) 982db6d...
**Parent:** https://github.com/aquasecurity/kube-bench/issues/1606 **Context:** In CIS-1.7 and CIS-1.8 (master `1.2.3 Ensure that the DenyServiceExternalIPs is set`) the operand is wrong and makes the check to **WARN** even if `--enable-admission-plugins=DenyServiceExternalIPs` is properly...
### Overview **Impacted versions:** all since its implementation in CIS-1.23. The check `1.2.3 Ensure that the DenyServiceExternalIPs is set` since CIS-1.7, and in previous CIS versions 1.23/1.24 (described as `1.2.3...
Bumps alpine from 3.20.0 to 3.20.1. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...
Bumps [github.com/aws/aws-sdk-go-v2/service/securityhub](https://github.com/aws/aws-sdk-go-v2) from 1.29.1 to 1.51.1. Commits 7095341 Release 2024-02-23 bcf04e6 Regenerated Clients ca190b0 Update API model 6397a64 move common middleware stack ops to service client modules (#2516) e9b00e2 Release...
Metadata
Owner
Metadata
Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark