Releases: aquasecurity/kube-bench
Releases · aquasecurity/kube-bench
v0.9.1
v0.9.0
Changelog
- a15e8ac Add GKE 1.6 CIS benchmark for GCP environment (#1672)
- e8562f2 Extend default kubelet configlist to fit AWS EKS (#1637)
- c533d68 FIXING RKE-2-CIS-1.24 Checks (#1688)
- b85ec78 Fix CIS-1.9 policies 5.1.1/5.1.5 typos (#1658)
- 2751f87 Fix audit and remediation for CIS-1.9 master 1.1.13/1.1.14 (#1649)
- f6877e3 Fix issue 1595: failed to output to ASFF (#1691)
- 4b4c1ce Modify
1.2.3 Ensure that the DenyServiceExternalIPs is setin CIS-1.7/1.8 (#1607) - a9422a6 Overhaul of K3s scans (#1659)
- 674d8e8 Update command to build docker to run in EKS cluster (#1648)
- e75cd6b Updated KUBECTL_VERSION to 1.31.0 for fixing vulnerabilities (#1690)
- d8f041a build(deps): bump alpine from 3.20.0 to 3.20.3 (#1676)
- c683e93 build(deps): bump github.com/aws/aws-sdk-go-v2/service/securityhub (#1696)
- 5a3fd1d build(deps): bump golang from 1.22.2 to 1.22.4 (#1629)
- e477252 build(deps): bump gorm.io/driver/postgres from 1.5.6 to 1.5.9 (#1698)
- f8b6f2f chore: fixed vulns - bump Go version (#1687)
- 3a0ccc4 fix: rh-1.0 check 4.1.3 typo (#1652)
- 7ea1d59 update audit script for cis-1.9 kubernetes policies id 5.1.6 (#1655)
- 89842dc update dockerfile to add package findutils (#1657)
v0.8.0
Changelog
- 7027b6b Add CIS kubernetes CIS-1.9 for k8s v1.27 - v1.29 (#1617)
- ed51191 Replace custom k3s etcd script checks with vanilla grep checks (#1601)
- 0f8dfaf Statically link binaries and remove debug information (#1615)
- d8fc376 build(deps): bump alpine from 3.19.1 to 3.20.0 (#1621)
- 2a8615b build(deps): bump golang from 1.22.1 to 1.22.2 (#1596)
- 8710274 build(deps): bump goreleaser/goreleaser-action from 5 to 6 (#1628)
v0.7.3
Changelog
- d2d3e72 Currently, certain commands involve retrieving all node names or pods and then executing additional commands in a loop, resulting in a time complexity linearly proportional to the number of nodes. (#1597)
- dc8f4d3 build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.25.2 to 1.26.0 (#1589)
- 45afbd7 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1577)
- 73e1377 build(deps): bump github.com/jackc/pgx/v5 from 5.4.3 to 5.5.4 (#1586)
- dc74416 build(deps): bump golang from 1.22.0 to 1.22.1 (#1583)
- 65c484e build(deps): bump k8s.io/client-go from 0.29.1 to 0.29.3 (#1587)
v0.7.2
Changelog
- 2374e7b Rancher checks correction (#1563)
- 72eee4b build(deps): bump alpine from 3.19.0 to 3.19.1 (#1557)
- 66a2151 build(deps): bump codecov/codecov-action from 3 to 4 (#1561)
- 3021706 build(deps): bump github.com/aws/aws-sdk-go-v2/config (#1554)
- f297da6 build(deps): bump golang from 1.21.6 to 1.22.0 (#1569)
- 3db3f73 build(deps): bump golangci/golangci-lint-action from 3 to 4 (#1568)
- 57132a6 build(deps): bump gorm.io/driver/postgres from 1.5.4 to 1.5.6 (#1567)
- faeceb5 job.yaml: Adding /var/lib/cni mounts for proper CIS 1.1.9 and 1.1.0 checking (#1547)
- ee5e4af update rke-cis-1.24 benchmarks: corrected errors and tests (#1570)
v0.7.1
Changelog
- 13da372 Updating the rh-1.0 OCP checks (#1548)
- faa1b4b build(deps): bump actions/cache from 3 to 4 (#1551)
- 221ff4f build(deps): bump actions/setup-go from 4 to 5 (#1537)
- 39c29fb build(deps): bump alpine from 3.18.3 to 3.19.0 (#1535)
- 3894987 build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.18.0 to 1.24.1 (#1550)
- 8c47d59 build(deps): bump github.com/spf13/viper from 1.14.0 to 1.18.2 (#1541)
- 628999c build(deps): bump golang from 1.21.5 to 1.21.6 (#1549)
- 151efc3 build(deps): bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#1542)
- cc6c091 build(deps): bump gorm.io/driver/postgres from 1.4.6 to 1.5.4 (#1514)
- b17aa70 build(deps): bump k8s.io/apimachinery from 0.29.0 to 0.29.1 (#1553)
- 7efba2b build(deps): bump k8s.io/client-go from 0.26.0 to 0.29.0 (#1540)
- a93b19f build(deps): bump k8s.io/client-go from 0.29.0 to 0.29.1 (#1552)
- 57fba22 chore: update base image to ubi9 (#1556)
- a4b46f5 chore: update go version to 1.21 (#1546)
v0.7.0
Changelog
- f8fe5ee Add CIS Benchmarks support to Rancher Distributions RKE/RKE2/K3s (#1523)
- 7a55d5d Issue: The initial command produces "root:root" as its output only when the file is present. However, if the file is missing, the command will still run successfully, though the desired output of "root:root" won't be obtained. (#1538)
- 292678a build(deps): bump actions/checkout from 3 to 4 (#1492)
- 64c0492 build(deps): bump docker/login-action from 2 to 3 (#1500)
- 1393449 build(deps): bump docker/setup-buildx-action from 2 to 3 (#1497)
- 2b466ab build(deps): bump docker/setup-qemu-action from 2 to 3 (#1503)
- 63055a7 build(deps): bump github.com/fatih/color from 1.14.1 to 1.16.0 (#1520)
- 0918b41 build(deps): bump github.com/golang/glog from 1.0.0 to 1.1.2 (#1489)
- 875fbc7 build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.8.0 (#1530)
- dc0580c build(deps): bump golang from 1.21.1 to 1.21.3 (#1507)
- f353bc4 build(deps): bump golang from 1.21.3 to 1.21.5 (#1534)
- ade7cef build(deps): bump gorm.io/gorm from 1.25.1 to 1.25.5 (#1516)
- c3e3c4c chore: remove refs to deprecated io/ioutil (#1504)
- fac90f7 feat(cis-1.24-microk8s): Add support to CIS-1.24 for microk8s distro (#1510)
- 0c553cd fix wrong use of flag in test_items found in 4.13 and 4.14 (#1528)
- 92a18e7 support CIS Kubernetes Benchmark v1.8.0 (#1527)
v0.6.19
v0.6.18-rc
Changelog
- 20ad805 Bump docker base images (#1465)
- 3ef3e9a build(deps): bump alpine from 3.18.2 to 3.18.3 (#1487)
- 276d30a build(deps): bump crazy-max/ghaction-docker-meta from 4 to 5 (#1499)
- d70459b build(deps): bump golang from 1.20.4 to 1.20.6 (#1475)
- e1c6c80 build(deps): bump golang from 1.20.6 to 1.21.1 (#1494)
- 34ef478 build(deps): bump goreleaser/goreleaser-action from 4 to 5 (#1495)
- 7ad0f2f updates to the readme