diff --git a/go.mod b/go.mod index b231bb84..cbcd3500 100644 --- a/go.mod +++ b/go.mod @@ -1,9 +1,11 @@ module github.com/rancher/security-scan -go 1.21 +go 1.22 + +toolchain go1.22.8 require ( - github.com/aquasecurity/kube-bench v0.8.0 + github.com/aquasecurity/kube-bench v0.9.0 github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 @@ -12,9 +14,9 @@ require ( ) require ( - github.com/aws/aws-sdk-go-v2 v1.26.0 // indirect - github.com/aws/aws-sdk-go-v2/service/securityhub v1.37.0 // indirect - github.com/aws/smithy-go v1.20.1 // indirect + github.com/aws/aws-sdk-go-v2 v1.31.0 // indirect + github.com/aws/aws-sdk-go-v2/service/securityhub v1.53.3 // indirect + github.com/aws/smithy-go v1.21.0 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect diff --git a/go.sum b/go.sum index 264f2fc3..85ffaf05 100644 --- a/go.sum +++ b/go.sum @@ -1,15 +1,11 @@ -github.com/aquasecurity/kube-bench v0.8.0 h1:8SF/QBGZtgpn0hlqugx92crJqG2cv60Y+PaiaIs+3/w= -github.com/aquasecurity/kube-bench v0.8.0/go.mod h1:UQi2mYUaSRm/KY3Y14W9utQEIaUczP/gLdnGmFA04DU= -github.com/aws/aws-sdk-go-v2 v1.21.0/go.mod h1:/RfNgGmRxI+iFOB1OeJUyxiU+9s88k3pfHvDagGEp0M= -github.com/aws/aws-sdk-go-v2 v1.26.0 h1:/Ce4OCiM3EkpW7Y+xUnfAFpchU78K7/Ug01sZni9PgA= -github.com/aws/aws-sdk-go-v2 v1.26.0/go.mod h1:35hUlJVYd+M++iLI3ALmVwMOyRYMmRqUXpTtRGW+K9I= -github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.41/go.mod h1:CrObHAuPneJBlfEJ5T3szXOUkLEThaGfvnhTf33buas= -github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.35/go.mod h1:SJC1nEVVva1g3pHAIdCp7QsRIkMmLAgoDquQ9Rr8kYw= -github.com/aws/aws-sdk-go-v2/service/securityhub v1.37.0 h1:SK95Uy8yxxkkguF+VVQ9gMzqBKgP5LCgI2ps4MNLAJo= -github.com/aws/aws-sdk-go-v2/service/securityhub v1.37.0/go.mod h1:ebEoleM/K5kbk8mn4fquflslbb/RuVTRGeJH6q3QPGI= -github.com/aws/smithy-go v1.14.2/go.mod h1:Tg+OJXh4MB2R/uN61Ko2f6hTZwB/ZYGOtib8J3gBHzA= -github.com/aws/smithy-go v1.20.1 h1:4SZlSlMr36UEqC7XOyRVb27XMeZubNcBNN+9IgEPIQw= -github.com/aws/smithy-go v1.20.1/go.mod h1:krry+ya/rV9RDcV/Q16kpu6ypI4K2czasz0NC3qS14E= +github.com/aquasecurity/kube-bench v0.9.0 h1:tecwMoSyhX6h0LFksVbBY/Z4aoQZeCiqk8fjxHzXo4w= +github.com/aquasecurity/kube-bench v0.9.0/go.mod h1:Z1a87CAsTIx/A4ZpDYVAoW5k0w07qqhBt+mF+U5rFdk= +github.com/aws/aws-sdk-go-v2 v1.31.0 h1:3V05LbxTSItI5kUqNwhJrrrY1BAXxXt0sN0l72QmG5U= +github.com/aws/aws-sdk-go-v2 v1.31.0/go.mod h1:ztolYtaEUtdpf9Wftr31CJfLVjOnD/CVRkKOOYgF8hA= +github.com/aws/aws-sdk-go-v2/service/securityhub v1.53.3 h1:YSmEnPSWj74eOtbXG4Z2J+GTQjBrz7w2wP01isHFZwU= +github.com/aws/aws-sdk-go-v2/service/securityhub v1.53.3/go.mod h1:QFtYEC35t39ftJ6emZgapzdtBjGZsuR4bAd73SiG23I= +github.com/aws/smithy-go v1.21.0 h1:H7L8dtDRk0P1Qm6y0ji7MCYMQObJ5R9CRpyPhRUkLYA= +github.com/aws/smithy-go v1.21.0/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg= github.com/cpuguy83/go-md2man/v2 v2.0.4 h1:wfIWP927BUkWJb2NmU/kNDYIBTh/ziUX91+lVfRxZq4= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -35,14 +31,11 @@ github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU= -github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= -github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -166,7 +159,6 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= diff --git a/hack/e2e b/hack/e2e index 9aef9823..023abf49 100755 --- a/hack/e2e +++ b/hack/e2e @@ -60,7 +60,7 @@ function check_binaries(){ function check_config_files(){ echo "> Check for upstream test files:" - dirs="ack-1.0 aks-1.0 cis-1.23 cis-1.24 cis-1.7 cis-1.8 config.yaml eks-1.0.1 eks-1.1.0 eks-1.2.0 eks-stig-kubernetes-v1r6 gke-1.0 gke-1.2.0 rh-0.7 rh-1.0" + dirs="ack-1.0 aks-1.0 cis-1.23 cis-1.24 cis-1.7 cis-1.8 config.yaml eks-1.0.1 eks-1.1.0 eks-1.2.0 eks-stig-kubernetes-v1r6 gke-1.0 gke-1.2.0 gke-1.6.0 rh-0.7 rh-1.0" for d in ${dirs}; do if ! kubectl exec -n cis-operator-system security-scan-runner-scan-test -c rancher-cis-benchmark -- stat "/etc/kube-bench/cfg/$d"; then diff --git a/hack/make/deps.mk b/hack/make/deps.mk index df78fe83..8d60327e 100644 --- a/hack/make/deps.mk +++ b/hack/make/deps.mk @@ -3,11 +3,11 @@ KIND_VERSION ?= 0.24.0 KUBERNETES_VERSION ?= v$(KUBECTL_VERSION) # renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench -KUBE_BENCH_VERSION ?= v0.8.0 -# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.8.0 -KUBE_BENCH_SUM_arm64 ?= 82256042da9d78bb1cf1726dc8c108459c3cdc34df6298349113f551bde0feff -# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.8.0 -KUBE_BENCH_SUM_amd64 ?= 8e8f083819678956b6c36623a6a0638741340397ffc209cd71a6b4907f2bb05e +KUBE_BENCH_VERSION ?= v0.9.0 +# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.9.0 +KUBE_BENCH_SUM_arm64 ?= c88fad58394a3a93e13d779cec59ae01b95c93ff01f5fdb29aaf1c07c365bc76 +# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.9.0 +KUBE_BENCH_SUM_amd64 ?= b0a30f3af1dc6b3895e2b479fbf37d59831d7e74f9d6c1f0761977004d726587 # renovate: datasource=github-release-attachments depName=vmware-tanzu/sonobuoy SONOBUOY_VERSION ?= v0.57.2 diff --git a/package/cfg/config.yaml b/package/cfg/config.yaml index 4e350f05..c2a495fe 100644 --- a/package/cfg/config.yaml +++ b/package/cfg/config.yaml @@ -234,6 +234,8 @@ version_mapping: - "eks-1.2.0" "gke-1.2.0": - "gke-1.2.0" + "gke-1.6.0": + - "gke-1.6.0" "aks-1.0": - "aks-1.0" "v1.20.5+rke2r1": @@ -250,6 +252,8 @@ target_mapping: # GKE "gke-1.2.0": - "node" + "gke-1.6.0": + - "node" # AKS "aks-1.0": - "node"