GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 08:42:33 +01:00
Code Issues Projects Releases Packages Wiki Activity
679 commits 3 branches 11 tags 4.9 MiB
Commit graph

70 commits

Author SHA1 Message Date
Thomas Sjögren
11da147df9
Merge pull request #407 from Intermax-Cloudsourcing/allow-include-checks-mixing 
fix: allow combining include and exclude
 2020-01-29 12:07:32 +00:00
wilmardo
4054055546 fix: uncomment PATH variable 
Signed-off-by: wilmardo <info@wilmardenouden.nl>
 2020-01-29 10:31:15 +01:00
Thomas Sjögren
269b71eed8 locate configuration file before we run the tests #410 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-12-17 15:03:54 +01:00
wilmardo
155c739fc9 feat: all mixes of include and excludes are now supported 
Signed-off-by: wilmardo <info@wilmardenouden.nl>
 2019-12-09 15:19:17 +01:00
wilmardo
91d36b62f9 refact: removes variable, use result directly in loop 
Signed-off-by: wilmardo <info@wilmardenouden.nl>
 2019-12-05 16:20:47 +01:00
wilmardo
cf9baa76ae feat: improve sed match 
Signed-off-by: wilmardo <info@wilmardenouden.nl>
 2019-12-05 15:51:14 +01:00
wilmardo
1b37a1e6bc fix: allow combining include and exclude 
Signed-off-by: wilmardo <info@wilmardenouden.nl>
 2019-12-04 15:35:11 +01:00
jammasterj89
d2963b4c42
Reorder of sed command on images 
Ensure sed command is first when filtering on images to ensure the description row is removed correctly.

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-12-04 11:14:43 +00:00
Thomas Sjögren
ddad135d13 shellcheck 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-10-16 09:49:18 +02:00
Aurélien Gasser
577e9f5edb support whitespace in PATH 
Signed-off-by: Aurélien Gasser <aurelien.gasser@gmail.com>
 2019-10-07 10:32:58 -04:00
jammasterj89
f4e33ee54e
Fixed exclude flag issue with functions_lib.sh 
Include the all text named functions within functions_lib.sh call if the -e flag is set.

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-09-02 13:22:28 +01:00
Thomas Sjögren
d1934b614e
Merge pull request #390 from jammasterj89/master 
Issue #383 ability to exclude images
Closes #383, #369
 2019-08-29 15:10:53 +02:00
jammasterj89
3d02432bc8
Removed whitespace 
Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:48:24 +01:00
jammasterj89
c53157e184 Remove -t parameter 
$images now set via -i and -x parameters

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:41 +01:00
jammasterj89
7f29aebd71 Added $images to $exclude 
Added $images $exclude logic so now containers and images are excluded.
Added new $benchimagecont for images to replicate the $benchcont for containers.

Signed-off-by: Niall T <jammasterj89@gmail.com>
 2019-08-29 13:37:35 +01:00
Thomas Sjögren
227f2faa5b bump version to 1.3.5 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2019-08-26 14:11:10 +02:00
kakakakakku
c560b044e4 Updated README.md 
Signed-off-by: Yoshiaki Yoshida <y.yoshida22@gmail.com>
 2019-01-17 21:04:46 +09:00
Anthony Roger
1dd7956760 feat: add the ability to select the images to be check from registry in order to integrate in ci 
Signed-off-by: Anthony Roger <aroger@softwaymedical.fr>
 2018-12-11 14:39:16 +01:00
Thomas Sjögren
9d9da6d375 exclude docker-bench-security container #286 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-23 10:50:34 +01:00
Cheng-Li Jerry Ma
304094cbb2 Fix -e option totalChecks and currentScore always 0 
Signed-off-by: Cheng-Li Jerry Ma <chengli.ma@gmail.com>
 2018-11-08 15:35:20 -07:00
Cheng-Li Jerry Ma
37ccf4dbcf Fix -e option last entry is not excluded in docker 
Signed-off-by: Cheng-Li Jerry Ma <chengli.ma@gmail.com>
 2018-11-08 15:34:55 -07:00
Cheng-Li Jerry Ma
db8a8c0d96 Fix -e option always skipping check_1, check_2, check_3 and ... 
this also caused the output json to be malformed without proper grouping/nesting

Signed-off-by: Cheng-Li Jerry Ma <chengli.ma@gmail.com>
 2018-11-08 15:33:23 -07:00
Thomas Sjögren
391e09f76a linting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-11-01 10:24:36 +01:00
Thomas Sjögren
eb9ea59fe5 load dependencies in correct order 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-25 12:05:48 +02:00
Thomas Sjögren
2cbfd83f53 add nocolor option #321 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-25 11:34:14 +02:00
Thomas Sjögren
9dd2fa5ce0
Merge pull request #335 from konstruktoid/issue330 
sed option extravaganza #330
 2018-10-25 08:48:07 +02:00
Thomas Sjögren
afa289d9b7 sed option extravaganza #330 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-24 10:01:27 +02:00
Thomas Sjögren
36b73c4398 add include option #286 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-10-15 16:21:00 +02:00
Mark Stemm
ec7d8ce690 Improve docker-bench-security json output 
Add a test object for each test performed by the script. Each object has
an id N.M, a desc property describing the test, and the result. Some
tests include additional information about the test e.g. "No TLS
Certificate Found". That can be found in an optional details property of
the test object.

Also, some tests might also return a list of containers, images, users,
etc. This is included in an optional items property of the test object.

Instead of having all test results as top-level objects, break the test
results into sections. Each section has an id + description e.g. "1" and
"Host Configuration". The tests for that section are an array below that
object.

All of the additional json output is implemented by adding new functions
startsectionjson(), endsectionjson(), starttestjson(), and
resulttestjson() that take the id/desc/etc as arguments and print the
proper json properties. It also required adding an "end" test to each
script that calls endsectionjson().

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
 2018-10-11 13:39:55 -07:00
Michael Stahn
d24ee50420 fix for path variable 
Signed-off-by: Michael Stahn <michael.stahn.42@gmail.com>
 2018-06-26 21:57:15 +02:00
Thomas Sjögren
11230d052e formatting 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-05-10 15:41:27 +02:00
Thomas Sjögren
6c0dce7b19 yell function and version varible 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-05-10 15:19:10 +02:00
Thomas Sjögren
f78145214a add -e option to exclude checks 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-05-10 14:45:59 +02:00
Mike Ritter
b37dfb95e3 Minor fix to ensure exclude only works against container name 
Signed-off-by: Mike Ritter <mike.ritter@target.com>
 2018-02-27 18:24:25 -06:00
Mike Ritter
a3094ac5c6 New Features 
Signed-off-by: Mike Ritter <mike.ritter@target.com>
 2018-02-27 08:43:51 -06:00
Thomas Sjögren
57365ba1e4 fail if check doesnt exist 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-18 11:29:02 +01:00
Thomas Sjögren
6ec6ee0638 add check option, and function names 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2018-01-16 13:44:43 +01:00
Thomas Sjögren
25b40c94a2
Merge branch 'master' into issue265 2018-01-12 11:49:04 +01:00
Karol Babioch
997ce7330e Replace netstat by ss 
ss(8) is a modern replacement for netstat(8). The former is slowly replacing
the latter in major Linux distributions, which makes it necessary to switch
at some point.

This addresses #278.

Signed-off-by: Karol Babioch <kbabioch@suse.de>
 2018-01-11 16:52:54 +01:00
Thomas Sjögren
8424b0a6ba add check and score info 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-23 15:38:08 +02:00
Thomas Sjögren
4bbfc5465e mention dvs version 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-13 11:37:54 +02:00
Thomas Sjögren
809da21c4a skeleton json 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-10 13:54:59 +02:00
Thomas Sjögren
5af0568986 1.3.4-pre 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-10-06 16:04:51 +02:00
Thomas Sjögren
2226ad1b90 update versions, CIS Docker Community Edition Benchmark 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-07-07 10:22:57 +02:00
Thomas Sjögren
a3dd83a529 bump to 1.3.2 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-03-23 11:37:15 +01:00
Thomas Sjögren
7d992029e6 remove code, if CMD instead of exit code 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-02-17 15:03:29 +01:00
Thomas Sjögren
372dc08f26 CIS Docker 1.13 Benchmark, bump version 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-24 09:45:08 +01:00
Thomas Sjögren
a91d2fca56 1.12 benchmark 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2017-01-23 12:05:01 +01:00
Thomas Sjögren
15dc14ce3e bump minor version, closes #161 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-07-29 20:30:11 +02:00
Thomas Sjögren
426765b698 update yell to 1.11 as well 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
 2016-04-30 23:03:18 +02:00