rancher
/
security-scan
mirror of https://github.com/rancher/security-scan.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Tests Kubernetes clusters for adherence to security best practices using kube-bench.
817 Commits 9 Branches 182 Tags 18 MiB
Go 52%
Shell 30.7%
Makefile 9.7%
Dockerfile 7.6%
Go to file
Andy Pitcher 0f2d483c9d
Merge pull request #541 from krunalhinguu/backport-539-v0.6 
[release/v0.7] fix: 4.2.4 Verify that if defined, the --read-only-port argument is set to 0
 		2025-10-15 11:33:23 +02:00
.github [v0.7] Update release creation step (#537) 2025-10-09 09:55:27 +05:30
cmd/kb-summarizer Drop use of logrus in favour of log/slog 2025-07-22 10:50:41 +01:00
hack [v0.7] Update release creation step (#537) 2025-10-09 09:55:27 +05:30
package fix: 4.2.4 (read-only-port) change test and remediation to reflect k3s' new default 2025-10-15 10:18:30 +05:30
pkg/kb-summarizer Drop use of logrus in favour of log/slog 2025-07-22 10:50:41 +01:00
tests Remove default profiles 2025-06-12 16:40:14 +01:00
.gitignore
.golangci.yaml
.yamllint.yaml
CODEOWNERS
LICENSE
Makefile Replace md5sum with sha256sum 2025-07-22 10:49:18 +01:00
README.md Transition into compliance-operator 2025-06-11 11:36:07 +01:00
go.mod [v0.7] Update release creation step (#537) 2025-10-09 09:55:27 +05:30
go.sum [v0.7] Update release creation step (#537) 2025-10-09 09:55:27 +05:30

README.md

security-scan

Please submit any new inquiries in the compliance-operator repo. For the current branch strategy related to the security-scan, please refer to Branches and Releases

This repo has all the stuff needed for running compliance scans in Rancher Manager.

Multi-purpose repo:

  • Packaging for all the components needed for compliance scans (sonobuoy, kube-bench)
  • kube-bench-summarizer
  • plugin script for sonobuoy tool (a different script is passed using command)

The corresponding docker image (rancher/security-scan) is used in the system charts.

Building

make

Tag the image to personal docker hub repo

docker tag rancher/security-scan:<MAKE TAG OUTPUT> <DOCKER_HUB_USER>/security-scan:dev

Push docker tag

docker push <DOCKER_HUB_USER>/security-scan:dev

On Rancher install the Compliance app, changing the Values YAML to point to your image

image:
...
    securityScan:
        repository: <DOCKER_HUB_USER>/security-scan
        tag: dev

License

Copyright (c) 2025 SUSE LLC

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.