kube-bench icon indicating copy to clipboard operation
kube-bench copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

Metadata

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Results 132 kube-bench issues
Sort by recently updated
recently updated
newest added

DoD STIG Ver 1 Rel 6

#833 Adding tests to support DoD STIG Ver 1 Rel 6

crenzoaws avatar crenzoaws

fix kube-bench/cfg/cis-1.6/master.yaml 1.2.26

1 comment

Add test to 1.2.26 to check that --request-timeout parameter is configured.

jonipatr avatar jonipatr

kube-bench/cfg/cis-1.6/master.yaml 1.2.26 cannot pass

2 comment

**Overview** 1.2.26 Ensure that the --request-timeout argument is set The test is scored but there is no test added after initial grepping. **What happened?** Test always returns: `[WARN] 1.2.26 Ensure...

jonipatr avatar jonipatr

bug
Good first issue

build(deps): bump github.com/aws/aws-sdk-go from 1.44.71 to 1.44.77

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.71 to 1.44.77. Release notes Sourced from github.com/aws/aws-sdk-go's releases. Release v1.44.77 (2022-08-15) Service Client Updates service/cloudfront: Updates service API and documentation Adds Http 3 support to distributions...

dependabot[bot] avatar dependabot[bot]

dependencies
go

build(deps): bump gorm.io/driver/postgres from 1.3.8 to 1.3.9

Bumps [gorm.io/driver/postgres](https://github.com/go-gorm/postgres) from 1.3.8 to 1.3.9. Commits dedd1d2 feat: custom type implements autoIncrement (#121) bfee27c feat: gorm.Index was intruduced in v1.23.7 of gorm.io/gorm (#118) See full diff in compare view...

dependabot[bot] avatar dependabot[bot]

dependencies
go

cfg/cis-1.6's 4.2.1 get a false negative result

3 comment

**Overview** if kubelet run only with cmd parameter `--anonymous-auth=false` and cannot find configuration file in server, cis-1.6-4.2.1 rule will get a false negative result **How did you run kube-bench?** ```bash...

tarihub avatar tarihub

bug

Docker image creation with non-root account

4 comment

This is to resolve issue #938 with the Dockerfile updates.

sosadtsia avatar sosadtsia

Kube-bench skips master node configuration checks while running it on default namespace

**Overview** While running the kube-bench on k3s cluster it only performs"4. Worker Node Security Configuration" and "5. Kubernetes Policies" checks. **How did you run kube-bench?** 1. Created the job.yaml from...

muddassir-r avatar muddassir-r

Support CIS Amazon Elastic Kubernetes Service (EKS) Benchmark v1.1.0

Closes #1205

mozillazg avatar mozillazg

etcd data-dir ownership check fails if etcd user is not listed in /etc/passwd mounted from host

2 comment

**Overview** The [etcd data directory ownership check](https://github.com/aquasecurity/kube-bench/blob/main/cfg/cis-1.23/master.yaml#L164) fails even though the data directory is owned by `etcd:etcd` **How did you run kube-bench?** ```bash $ git clone [email protected]:aquasecurity/kube-bench.git && cd kube-bench...

m1ghtym0 avatar m1ghtym0

enhancement

Metadata

6.7k
Stars
1.2k
Forks
Watchers

Owner

verified publisher icon aquasecurity

Metadata

Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark

Back