cis-docker-benchmark
cis-docker-benchmark copied to clipboard
dev-sec
CIS Docker Benchmark - InSpec Profile
**Is your feature request related to a problem? Please describe.** overuse of `describe docker.object(id) do`, this is a simple line but causes up to 10000 chars to be included in...
**Describe the bug** `controls/container_images.rb` uses `docker history` to inspect commands, and the command looks like this: ``` command("docker --no-trunc history #{id}| grep -e 'update'") ``` **Expected behavior** The output without...
**Is your feature request related to a problem? Please describe.** Update the benchmark to the latest [CIS Docker Benchmark 1.2.0](https://www.cisecurity.org/benchmark/docker/) **Describe the solution you'd like** - Find missing controls compared...
we check the configuration in the daemon.json, but not the configuration of the running daemon process
thinking out loud 💭 We should look at making them go into at least 2 or 3 buckets? .3 .5 .9 would make sense to me but if they are...
Hi, is it possible to test running dokcer with this profile? I'm trying to run it via docker and point different container. `docker run -it --rm -v $(pwd):/share -v /var/run/docker.sock:/var/run/docker.sock...
The `ausearch --input-logs -k docker ...` commands in _cis-docker-benchmark-5.22_ and _cis-docker-benchmark-5.23_ take a bit too long to execute. May want to find an alternative searching mechanisms.
### Description Control docker-4.7 "Do not use update instructions alone in the Dockerfile" fails when running tests on environment with redhat/ubi9-minimal. The ubi9-minimal image has an image description that includes...
