Software Release Notes - RegoLibrary
Release Notes Details:
Date - Feb 9, 2023
Release: v1.0.252
Project: Regolibrary
π What's New
CIS EKS feature implementation with ARMOβs Regolibrary.
-
What is CIS: CIS is a forward-thinking nonprofit that harnesses the
power of a global IT community to safeguard public and private organizations against cyber threats. -
CIS EKS: EKS benchmark is optimized to help the customer accurately assess the security configuration of Amazon EKS clusters, including security assessments for nodes to help meet security and compliance requirements.
π§ Bug Fixes
-
Wrong Fixes are constructed when Sequence type is involved #993
-
CIS-5.7.3 - wrong fix path capabilities.drop #191
β Improvements
- GitRegoStore package moved to the RegoLibrary repository
- Regolibrary folder structure improved - rego testing moved under the rules lib
- Multiple CIS benchmarking support
π¨ Known issues
- Controls that are still in progress:
- 4.1.7 Avoid the use of system:masters group
- 4.6.2 Apply Security Context to Your Pods and Containers
- 5.1.2 Minimize user access to Amazon ECR
- 5.5.1 Manage Kubernetes RBAC users with AWS IAM Authenticator for Kubernetes
- Controls that are using the below resources will be needed to use the latest Kubescape version. (Update Kubescape - guide)
- describeRepositories
- ListEntitiesFoPolicies
- CNIInfo
π’ Coming Soon
CIS AKS implementation - This feature provides guidance by Kubescape for running Azure Kubernetes Service (AKS) following recommended security controls. This benchmark only includes controls that can be modified by an end user of Azure AKS. AKS implementation will enlarge Kubescape compliance with all cloud providers. - stay tuned π
βοΈ Action Items / Instructions
Install and Run Kubescape with CIS EKS benchmark:
- Install Kubescape latest release using the following guide
- run β
kubescape scan framework cis-eks-t1.2.0 --enable-host-scan --account=<account_id>
Enjoy :)