Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: AWS EKS CIS v 1.4 Compliance Spec #92

Merged
merged 3 commits into from
Mar 7, 2024
Merged

feat: AWS EKS CIS v 1.4 Compliance Spec #92

merged 3 commits into from
Mar 7, 2024

Conversation

AnaisUrlichs
Copy link
Contributor

No description provided.

@simar7 simar7 added this pull request to the merge queue Mar 7, 2024
Merged via the queue into aquasecurity:main with commit 27184b6 Mar 7, 2024
4 checks passed
chen-keinan
chen-keinan reviewed Mar 10, 2024
View reviewed changes
Copy link
Contributor

@chen-keinan chen-keinan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@AnaisUrlichs lgtm 🚀 added few nit comments

specs/compliance/aws-eks-cis-1.4.yaml
Comment on lines +281 to +289
name: Apply Security Context to Your Pods and Containers (Manual)
description: Apply Security Context to Your Pods and Containers
checks:
- id: AVD-KSV-0021
- id: AVD-KSV-0020
- id: AVD-KSV-0005
- id: AVD-KSV-0025
- id: AVD-KSV-0104
- id: AVD-KSV-0030
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is marked as manual however it has automatic checks

specs/compliance/aws-eks-cis-1.4.yaml Show resolved Hide resolved
specs/compliance/aws-eks-cis-1.4.yaml Show resolved Hide resolved
specs/compliance/aws-eks-cis-1.4.yaml Show resolved Hide resolved
specs/compliance/aws-eks-cis-1.4.yaml Show resolved Hide resolved
specs/compliance/aws-eks-cis-1.4.yaml
Comment on lines +199 to +202
name: Minimize the admission of containers wishing to share the host process ID namespace (Manual)
description: Do not generally permit containers to be run with the hostPID flag set to true.
checks:
- id: AVD-KSV-0010
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is marked as manual however it has automatic checks

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ah that is part of the name in the CIS benchmarks... I guess in our case since we have automated it, I should remove it

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated it on multiple locations

specs/compliance/aws-eks-cis-1.4.yaml Show resolved Hide resolved
specs/compliance/aws-eks-cis-1.4.yaml Show resolved Hide resolved
specs/compliance/aws-eks-cis-1.4.yaml Show resolved Hide resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chen-keinan chen-keinan chen-keinan left review comments

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@AnaisUrlichs @simar7 @chen-keinan