github kubescape/regolibrary v1.0.252
Release v1.0.252 CIS EKS support

latest releases: v2, v2.0.11, v2.0.11-rc.1...
20 months ago

Software Release Notes - RegoLibrary

Release Notes Details:

Date - Feb 9, 2023

Release: v1.0.252

Project: Regolibrary

πŸš€ What's New

CIS EKS feature implementation with ARMO’s Regolibrary.

  • What is CIS: CIS is a forward-thinking nonprofit that harnesses the
    power of a global IT community to safeguard public and private organizations against cyber threats.

  • CIS EKS: EKS benchmark is optimized to help the customer accurately assess the security configuration of Amazon EKS clusters, including security assessments for nodes to help meet security and compliance requirements.

πŸ”§ Bug Fixes

  • Wrong Fixes are constructed when Sequence type is involved #993

  • CIS-5.7.3 - wrong fix path capabilities.drop #191

⭐ Improvements

  • GitRegoStore package moved to the RegoLibrary repository
  • Regolibrary folder structure improved - rego testing moved under the rules lib
  • Multiple CIS benchmarking support

🚨 Known issues

  • Controls that are still in progress:
    • 4.1.7 Avoid the use of system:masters group
    • 4.6.2 Apply Security Context to Your Pods and Containers
    • 5.1.2 Minimize user access to Amazon ECR
    • 5.5.1 Manage Kubernetes RBAC users with AWS IAM Authenticator for Kubernetes
  • Controls that are using the below resources will be needed to use the latest Kubescape version. (Update Kubescape - guide)
    • describeRepositories
    • ListEntitiesFoPolicies
    • CNIInfo

🚒 Coming Soon

CIS AKS implementation - This feature provides guidance by Kubescape for running Azure Kubernetes Service (AKS) following recommended security controls. This benchmark only includes controls that can be modified by an end user of Azure AKS. AKS implementation will enlarge Kubescape compliance with all cloud providers. - stay tuned πŸ™‚

✏️ Action Items / Instructions

Install and Run Kubescape with CIS EKS benchmark:

  1. Install Kubescape latest release using the following guide
  2. run β†’
kubescape scan framework cis-eks-t1.2.0 --enable-host-scan --account=<account_id>

Enjoy :)

Don't miss a new regolibrary release

NewReleases is sending notifications on new releases.