security-scan

Commit Graph

Author	SHA1	Message	Date
Andy Pitcher	b36061002a	Merge pull request #261 from rancher/renovate/github.com-aquasecurity-kube-bench-0.x chore(deps): update module github.com/aquasecurity/kube-bench to v0.9.1	2024-10-17 14:12:21 +02:00
Andy Pitcher	7c90a0f14a	Merge pull request #259 from rancher/renovate/rancher-mirrored-tonistiigi-xx-1.x chore(deps): update rancher/mirrored-tonistiigi-xx docker tag to v1.5.0	2024-10-17 14:11:46 +02:00
Andy Pitcher	aa59e11589	Merge pull request #260 from rancher/renovate/aquasecurity-kube-bench-0.x chore(deps): update dependency aquasecurity/kube-bench to v0.9.1	2024-10-17 13:44:39 +02:00
renovate-rancher[bot]	8f79f4c3e6	chore(deps): update rancher/mirrored-tonistiigi-xx docker tag to v1.5.0	2024-10-17 04:41:14 +00:00
renovate-rancher[bot]	dc3e199736	chore(deps): update module github.com/aquasecurity/kube-bench to v0.9.1	2024-10-17 04:41:09 +00:00
renovate-rancher[bot]	78ffd254d2	chore(deps): update dependency aquasecurity/kube-bench to v0.9.1	2024-10-17 04:40:56 +00:00
Paulo Gomes	d18a323402	Merge pull request #254 from rancher/renovate/github.com-urfave-cli-v2-2.x chore(deps): update module github.com/urfave/cli/v2 to v2.27.5	2024-10-14 13:53:10 +01:00
renovate-rancher[bot]	53bcd55d37	chore(deps): update module github.com/urfave/cli/v2 to v2.27.5	2024-10-14 04:40:13 +00:00
Andy Pitcher	0181bed9ad	Merge pull request #248 from dereknola/manual_pod_manifest_124 Correct pod-manifest permissions, all manual for rke2-cis-1.24	2024-09-09 15:55:08 -04:00
Derek Nola	a14c8f35ad	Fix file remediation for 1.1.14 Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-09-09 12:29:09 -07:00
Derek Nola	39514ff956	Correct pod-manifest permissions, all manual for rke2-cis-1.24 Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-09-09 10:48:52 -07:00
Andy Pitcher	6869ec2e60	Merge pull request #245 from rancher/renovate/vmware-tanzu-sonobuoy-0.x chore(deps): update dependency vmware-tanzu/sonobuoy to v0.57.2	2024-09-06 13:19:49 -04:00
Vardhaman Surana	f24abb719b	Merge pull request #247 from vardhaman22/fix-rke2-failed-checks rke2 fix failed checks for permissive profiles	2024-09-06 07:17:25 +05:30
vardhaman22	aab6c1b51a	rke2 fix 1.1.1, 1.1.3 and 1.1.5 failed checks for permissive profiles	2024-09-04 20:24:35 +05:30
Vardhaman Surana	00c0542ac9	Merge pull request #244 from vardhaman22/rke2-fix-master-etcd-checks rke2: fix master etcd checks	2024-09-03 21:35:41 +05:30
Andy Pitcher	07fba6dd56	Merge pull request #246 from vardhaman22/k3s-fix-1.1.11 k3s: fix 1.1.11 check for all the profiles	2024-09-03 11:57:58 -04:00
vardhaman22	9424f54835	k3s: fix 1.1.11 check for all the profiles	2024-09-02 22:26:12 +05:30
vardhaman22	9e97f7a1e1	remote skip for 1.1.12 check in rke2 hardened profiles also updated remediation	2024-09-02 17:27:30 +05:30
vardhaman22	8c7f5d6f30	rke2: added scored false for 1.1.7,1.1.8,1.1.11	2024-08-30 22:36:40 +05:30
renovate-rancher[bot]	dcf173e6e1	chore(deps): update dependency vmware-tanzu/sonobuoy to v0.57.2	2024-08-30 04:37:58 +00:00
vardhaman22	8d36a018f7	rke2: add 1.1.11 and 1.1.12 checks to master.yaml	2024-08-30 08:13:54 +05:30
Vardhaman Surana	eed1885c3a	Merge pull request #242 from vardhaman22/rke2/fix-audit-log-checks rke2: set scored:false for audit log checks in permissive profiles	2024-08-29 20:34:33 +05:30
Andy Pitcher	4066bdba9a	Improve Master 1.2.3 DenyServiceExternalIPs for RKE/RKE2/K3s (#243 ) * Fix generic profiles * Fix k3s 1.7 and 1.8 profiles * Fix rke2 1.7 and 1.8 profiles * Fix rke1 1.7 and 1.8 profiles	2024-08-29 11:03:58 -04:00
vardhaman22	c5350e75d8	rke2: set scored:false for audit log checks in permissive profiles	2024-08-29 10:52:15 +05:30
Andy Pitcher	4299f43299	Add new yaml validation around checks nature (Automated or Manual) (#236 ) * Add new yaml validation around checks nature for each profiles' yaml file - Verifies if text: contains Automated or Manual - Verifies if Automated matches scored true and Manual matches scored false * Fix check types: generic profiles * Fix check types: k3s cis-1.23 * Fix check types: k3s cis-1.24 * Fix check types: k3s cis-1.7 * Fix check types: k3s cis-1.8 * Fix check types: rke cis-1.23 * Fix check types: rke cis-1.24 * Fix check types: rke cis-1.7 * Fix check types + Add line breaks: rke cis-1.8 * Fix check types: rke2 cis-1.23 * Fix check types: rke2 cis-1.24 * Fix check types: rke2 cis-1.7 * Fix check types: rke2 cis-1.8	2024-08-22 14:13:46 -04:00
Vardhaman Surana	b78697a054	Merge pull request #239 from vardhaman22/fix-cis-2.x-scans fix condition for etcd node detection for k3s	2024-08-22 11:40:22 +05:30
Andy Pitcher	443896464d	Merge pull request #235 from dereknola/rke2_4x Fix audits and remediations for RKE2 4.X	2024-08-21 18:34:59 -04:00
Derek Nola	10cef270b5	Fix RKE2 4.1.2 Remediation Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-21 15:26:02 -07:00
Derek Nola	1f3ff495d0	Remove check_cafile calls from RKE2 Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-21 15:23:05 -07:00
Derek Nola	8498fdeeaf	Fix audits and remediations for RKE2 4.X Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-21 15:23:05 -07:00
Andy Pitcher	0e83d6c6e6	Merge pull request #234 from dereknola/rke2_2x Fix audits and remediation for RKE2 2.X Checks	2024-08-21 17:41:04 -04:00
vardhaman22	9704260dc3	fix condition for etcd detection for k3s	2024-08-21 21:19:59 +05:30
Paulo Gomes	cd35f2e3dc	Merge pull request #238 from rancher/renovate/kubernetes-sigs-kind-0.x chore(deps): update dependency kubernetes-sigs/kind to v0.24.0	2024-08-16 22:47:41 +00:00
renovate-rancher[bot]	740d2b2844	chore(deps): update dependency kubernetes-sigs/kind to v0.24.0	2024-08-16 04:36:19 +00:00
Derek Nola	a7f91e3be0	Check all merged K3s journal files (#237 ) Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-15 12:26:48 -04:00
Derek Nola	e2e1768a63	Fix K3s 1.1.10 check in cis-1.8 Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-12 10:31:54 -07:00
Derek Nola	618a2d0777	Fix audits and remediation for RKE2 2.X Checks Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-12 10:31:53 -07:00
Derek Nola	62b5ccc65a	Use different etcdconf for master and etcd - Fix yaml indents for rke2 configs Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-12 10:31:53 -07:00
Paulo Gomes	e739585b30	Merge pull request #233 from rancher/renovate/github.com-urfave-cli-v2-2.x chore(deps): update module github.com/urfave/cli/v2 to v2.27.4	2024-08-12 13:01:45 +00:00
renovate-rancher[bot]	bdeb57287a	chore(deps): update module github.com/urfave/cli/v2 to v2.27.4	2024-08-12 04:36:48 +00:00
Derek Nola	3e7e1fe729	Minor fixes for K3s checks (#232 ) * Fix check for K3s 4.1.9 and 4.1.10 Signed-off-by: Derek Nola <derek.nola@suse.com> * Set correct K3s 1.1.9 and 1.1.10 for each version of scan Signed-off-by: Derek Nola <derek.nola@suse.com> * Spacing nit Signed-off-by: Derek Nola <derek.nola@suse.com> --------- Signed-off-by: Derek Nola <derek.nola@suse.com> Co-authored-by: Andy Pitcher <andy.pitcher@suse.com>	2024-08-09 17:41:16 -04:00
Derek Nola	66f7fd75b9	Overhaul RKE2 1.XX Checks (#231 ) * Fix spacing in rke2-cis-1.8 Signed-off-by: Derek Nola <derek.nola@suse.com> * Correct audits and remediation for RKE2 1.X checks Signed-off-by: Derek Nola <derek.nola@suse.com> * Remove duplicate etcd master checks Signed-off-by: Derek Nola <derek.nola@suse.com> * Fix typos Signed-off-by: Derek Nola <derek.nola@suse.com> * Change K3s 1.1.9 check to scored Signed-off-by: Derek Nola <derek.nola@suse.com> --------- Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-09 16:57:41 -04:00
Derek Nola	07c8b80395	Fix K3s 2.X checks and other minor cleanup (#228 ) * Fix K3s 4.X checks to automated Signed-off-by: Derek Nola <derek.nola@suse.com> * Fix audits and remediations for K3s 2.X checks - Simplify the check_for_k3s_etch.sh script Signed-off-by: Derek Nola <derek.nola@suse.com> * Remove extra period and the Signed-off-by: Derek Nola <derek.nola@suse.com> * Follow standard yaml list indentation Signed-off-by: Derek Nola <derek.nola@suse.com> * Fix typo Signed-off-by: Derek Nola <derek.nola@suse.com> * Corrected file name in K3s 4.2.3 Signed-off-by: Derek Nola <derek.nola@suse.com> * Convert automated (hardened) checks to scored. Signed-off-by: Derek Nola <derek.nola@suse.com> * Fix typos Signed-off-by: Derek Nola <derek.nola@suse.com> * Remove check_for_k3s_etcd.sh Signed-off-by: Derek Nola <derek.nola@suse.com> --------- Signed-off-by: Derek Nola <derek.nola@suse.com>	2024-08-09 12:04:28 -04:00
Paulo Gomes	af63378a35	Merge pull request #230 from pjbgf/prime build: Update docker env names	2024-08-01 17:18:06 +01:00
Paulo Gomes	c83eefd3fb	build: Update docker env names Signed-off-by: Paulo Gomes <pjbgf@linux.com>	2024-08-01 17:08:18 +01:00
Paulo Gomes	4c55a11a56	Merge pull request #229 from pjbgf/prime build: Fix read vault secret syntax	2024-08-01 16:45:16 +01:00
Paulo Gomes	fa3393153d	build: Fix read vault secret syntax Signed-off-by: Paulo Gomes <pjbgf@linux.com>	2024-08-01 16:31:16 +01:00
Paulo Gomes	af81f1d1e3	Merge pull request #227 from pjbgf/prime Minor changes around the build process	2024-07-31 17:38:39 +01:00
Paulo Gomes	0557554b68	build: Fix max-parallel usage Signed-off-by: Paulo Gomes <pjbgf@linux.com>	2024-07-31 16:41:07 +01:00
Paulo Gomes	7f88c56e07	build: Rename Makefile targets to align with natural language Signed-off-by: Paulo Gomes <pjbgf@linux.com>	2024-07-31 16:30:48 +01:00

1 2 3 4 5 ...

598 Commits All Branches Search

598 Commits

All Branches