docker-bench
docker-bench copied to clipboard
aquasecurity
Checks whether Docker is deployed according to security best practices as defined in the CIS Docker Benchmark
Hi. I'm currently using your very nice tool and I noticed that it was still using benchmark checks against 1.3.1 for current docker version 20.10.20+. I wanted to create the...
Hi, It is no more possible to get and install the project as one of the library is retracted (k8s.io) ``` ➔ go get github.com/aquasecurity/docker-bench go: warning: k8s.io/[email protected]+incompatible: retracted by...
Dear reader, Thank you for taking your time to read this. This is a CRI-O runtime security benchmark based on de Aquasecurity Docker-Benchmark. We are a group of 4 students...
- If I execute the remediation in 1.1.8 of cis-1.3.1 which is auditing `containerd.sock` ,the check 1.1.4 will also pass. Because the path of `containerd.sock` contains the `/run/containerd` ```bash -w...
 This is the container information when I mounted the/etc directory, but this detection passed. When I set the - flag: Source:/etc Destination in the rule Set: false to -...
# Observation The problem seems to be due to the format of the output returned by the audit command, which contains the container Id. For example ``` docker ps --quiet...
Those changes could only take effect after officially approved by CIS currently status is https://github.com/aquasecurity/docker-bench/issues/63
Some test has two ways to test them in CIS, for example test 2.12: > Run docker info and ensure that the Logging Driverproperty set as appropriate. `docker info --format...
eg. the configuration can be set via command line args or daemon.json, can it be one items while check. [FAIL] 2.14.a Ensure Userland Proxy is Disabled (Scored) [PASS] 2.14.b Disable...
Metadata
Owner
Metadata
Checks whether Docker is deployed according to security best practices as defined in the CIS Docker Benchmark