Skip to content

Commit

Permalink
init commit
Browse files Browse the repository at this point in the history
  • Loading branch information
actions-user committed Nov 15, 2023
1 parent 9f95ae6 commit da042d7
Show file tree
Hide file tree
Showing 17 changed files with 472 additions and 290 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.21.3 AS build
FROM golang:1.21.1 AS build
WORKDIR /go/src/github.com/khulnasoft-lab/kube-bench/
COPY makefile makefile
COPY go.mod go.sum ./
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.fips.ubi
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.21.3 AS build
FROM golang:1.21.1 AS build
WORKDIR /go/src/github.com/khulnasoft-lab/kube-bench/
COPY makefile makefile
COPY go.mod go.sum ./
Expand Down
2 changes: 1 addition & 1 deletion Dockerfile.ubi
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM golang:1.21.3 AS build
FROM golang:1.21.1 AS build
WORKDIR /go/src/github.com/khulnasoft-lab/kube-bench/
COPY makefile makefile
COPY go.mod go.sum ./
Expand Down
1 change: 0 additions & 1 deletion OWNERS
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
approvers:
- sulaiman-coder
- gitworkflows
- nxpkg
9 changes: 1 addition & 8 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
[![GitHub Release][release-img]][release]
[![Downloads][download]][release]
[![Docker Pulls][docker-pull]][docker]
[![Go Report Card][report-card-img]][report-card]
Expand All @@ -16,20 +15,14 @@
[report-card-img]: https://goreportcard.com/badge/github.com/khulnasoft-lab/kube-bench
[report-card]: https://goreportcard.com/report/github.com/khulnasoft-lab/kube-bench

<img src="docs/images/kube-bench.png" width="200" alt="kube-bench logo">

kube-bench is a tool that checks whether Kubernetes is deployed securely by running the checks documented in the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/).

Tests are configured with YAML files, making this tool easy to update as test specifications evolve.

![Kubernetes Bench for Security](/docs/images/output.png "Kubernetes Bench for Security")

## CIS Scanning as part of Vul and the Vul Operator

[Vul](https://github.com/khulnasoft-lab/vul), the all in one cloud native security scanner, can be deployed as a [Kubernetes Operator](https://github.com/khulnasoft-lab/vul-operator) inside a cluster.
Both, the [Vul CLI](https://github.com/khulnasoft-lab/vul), and the [Vul Operator](https://github.com/khulnasoft-lab/vul-operator) support CIS Kubernetes Benchmark scanning among several other features.

## Quick start
### Quick start

There are multiple ways to run kube-bench.
You can run kube-bench inside a pod, but it will need access to the host's PID namespace in order to check the running processes, as well as access to some directories on the host where config files and other files are stored.
Expand Down
2 changes: 1 addition & 1 deletion check/check.go
Original file line number Diff line number Diff line change
Expand Up @@ -310,4 +310,4 @@ func runAudit(audit string) (output string, err error) {
glog.V(3).Infof("Output:\n %q", output)
}
return output, err
}
}
6 changes: 3 additions & 3 deletions check/controls.go
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ const (
// UNKNOWN is when the AWS account can't be found
UNKNOWN = "Unknown"
// ARN for the AWS Security Hub service
ARN = "arn:aws:securityhub:%s::product/aqua-security/kube-bench"
ARN = "arn:aws:securityhub:%s::product/khulnasoft-security/kube-bench"
// SCHEMA for the AWS Security Hub service
SCHEMA = "2018-10-08"
// TYPE is type of Security Hub finding
Expand Down Expand Up @@ -237,7 +237,7 @@ func (controls *Controls) ASFF() ([]types.AwsSecurityFinding, error) {
actualValue = check.ActualValue[0:1023]
}

// Fix issue https://github.com/aquasecurity/kube-bench/issues/903
// Fix issue https://github.com/khulnasoft-lab/kube-bench/issues/903
if len(check.Remediation) > 512 {
remediation = check.Remediation[0:511]
}
Expand Down Expand Up @@ -327,4 +327,4 @@ func summarizeGroup(group *Group, state State) {
default:
glog.Warningf("Unrecognized state %s", state)
}
}
}
Loading

0 comments on commit da042d7

Please sign in to comment.