Releases: docker/docker-bench-security
Releases · docker/docker-bench-security
v1.6.1
What's Changed
- "above" -> "below" by @ismailarilik in #540
- handle "null" values and missing jq by @halfluke in #541
- feat: use SHA instead of tags for base image by @UlisesGascon in #543
- update check ID and add check groups for CIS Controls v8 by @martipoe in #546
New Contributors
- @ismailarilik made their first contribution in #540
- @halfluke made their first contribution in #541
- @UlisesGascon made their first contribution in #543
- @martipoe made their first contribution in #546
Full Changelog: v1.6.0...v1.6.1
Contributors
UlisesGascon, ismailarilik, and 2 other contributors
Assets 4
v1.6.0
What's Changed
- allow
get_docker_configuration_file_argsto parse minified json by @brsolomon-deloitte in #525 - update Docker container instructions, remove out-of-date Dockerfiles by @konstruktoid in #526
tris required, nottruncateby @konstruktoid in #528- fix restart policy test by @andreagalle in #522
- add label filtering config by @lekpamartin in #531
- fix image sprawl miscalculation by @konstruktoid in #535
- update version v1.6.0 by @konstruktoid in #536
New Contributors
- @brsolomon-deloitte made their first contribution in #525
- @andreagalle made their first contribution in #522
- @lekpamartin made their first contribution in #531
Full Changelog: v1.5.0...v1.6.0
Contributors
lekpamartin, konstruktoid, and 2 other contributors
Assets 4
v1.5.0
What's Changed
- align tests to CIS Docker Benchmark 1.5.0 by @konstruktoid in #513
- Fix sed commands for BSD sed by @gavinmporter in #504
- Pin Docker base image in distros/Dockerfile.debian by @atomist in #506
- Fix check_2_7 TLS check with json config by @QuentinServais in #508
- add support for .NanoCpus by @konstruktoid in #511
New Contributors
- @gavinmporter made their first contribution in #504
- @atomist made their first contribution in #506
- @QuentinServais made their first contribution in #508
Full Changelog: v1.3.6...v1.5.0
Contributors
atomist, konstruktoid, and 2 other contributors
Assets 3
v1.3.6
What's Changed
- Reorder of sed command on images by @jammasterj89 in #406
- catch json w/o space #408 by @konstruktoid in #409
- correct grep #410 by @konstruktoid in #411
- locate configuration file before we run the tests #410 by @konstruktoid in #412
- alpine:3.11 by @konstruktoid in #413
- fix: allow combining include and exclude by @wilmardo in #407
- Fix check condition by @zawazawa0316 in #417
- Fix check conditions by @zawazawa0316 in #419
- macOS user instructions. ref #158 by @konstruktoid in #421
- use opensuse/leap, and remove awk linkage by @konstruktoid in #427
- [Ubuntu] Fix issue with docker.service and docker.socket files not found by @illyaMs in #423
- update README, correct volume binary paths by @konstruktoid in #428
- fix MacOSX volume, and lint by @konstruktoid in #429
- by an appropriate by @konstruktoid in #430
- Add CIS Level 1 only functions by @HristoStoyanovMM in #434
- map desc_ to benchmark headings by @konstruktoid in #435
- more flexible binary usage, better support for mac os by @konstruktoid in #436
- alpine:3.12 by @konstruktoid in #438
- Remove prefix of check ID in description by @roman-mueller in #439
- Limit the number of reported items by @mstemm in #374
- Support user namespaces in partition check (1.2.1) by @markdumay in #444
- Deprecate rule 2.16 for Docker > 19.03 by @thaJeztah in #445
- print img if empty RepoTags, and fix tabbing by @konstruktoid in #451
- Remove container after run. by @Constantin07 in #454
- Grammar fixes in README by @sa7mon in #457
- Update alpine to 3.13.0 by @jammasterj89 in #460
- Fix check_2 to -le 644 by @jammasterj89 in #461
- Update README.md by @archaeogeek in #463
- Update 4_container_images.sh by @archaeogeek in #464
- Add current year to the copyright header by @razvanstoica89 in #466
- Small improvement of user experience by @razvanstoica89 in #467
- Initial v1.3.1 PR by @konstruktoid in #469
- Update 2_docker_daemon_configuration.sh by @aagot in #471
- fix: set docker-bench-security to sh by @denhamparry in #474
- fix socket check by @konstruktoid in #478
- Added multiple check groups example by @AErmie in #485
- Updated log file name by @AErmie in #487
- Add /etc/hostname fix for macOS by @garettmd in #488
- Add checks for capabilities that allows container escape by @nikitastupin in #476
- Implement listing of open ports by @nikitastupin in #475
- Fix description typos by @joaocfernandes in #489
- fix style and false warning in check_5_3 by @SericaLaw in #491
- if configured with no-new-privileges, pass check 5.25 by @konstruktoid in #493
- add note regarding docker image by @konstruktoid in #494
- Update alpine to 3.15 by @jammasterj89 in #495
- add 4.12 check by @konstruktoid in #496
- update version information by @konstruktoid in #497
New Contributors
- @wilmardo made their first contribution in #407
- @zawazawa0316 made their first contribution in #417
- @illyaMs made their first contribution in #423
- @HristoStoyanovMM made their first contribution in #434
- @roman-mueller made their first contribution in #439
- @markdumay made their first contribution in #444
- @Constantin07 made their first contribution in #454
- @sa7mon made their first contribution in #457
- @archaeogeek made their first contribution in #463
- @razvanstoica89 made their first contribution in #466
- @aagot made their first contribution in #471
- @denhamparry made their first contribution in #474
- @AErmie made their first contribution in #485
- @garettmd made their first contribution in #488
- @nikitastupin made their first contribution in #476
- @joaocfernandes made their first contribution in #489
- @SericaLaw made their first contribution in #491
Full Changelog: v1.3.5...v1.3.6
Contributors
denhamparry, archaeogeek, and 19 other contributors
Assets 2
v.1.3.5
- Align with CIS Docker Benchmark v1.2.0.
- Add CONTRIBUTORS.md, listing all our great contributors!
- Update and slim the default Alpine Dockerfile.
- Clarify documentation and instructions.
- Read-only docker-compose.yml volumes.
- Added no-color option.
- All tests are now functions.
- Add support for running specific tests.
- Add support to exclude specific containers or images.
v1.3.3
- Adapt to CIS Docker Community Edition Benchmark v1.1.0
- Correct check names
- Require Docker version 1.13.0 or later
- Handle busybox date conversion
- Add Docker Swarm configuration checks
v1.3.2
- improve
get_docker_configuration_file_args(). - add
[NOTE]for informational checks with no actual tests. - fix various tests when using
daemon.json. - use
statinstead ofls -ldoutput.
v1.3.1
- Add
daemon.jsonsupport - Correct multiple tests
- Update default
alpineDockerfile - Use
grepifauditctlisn't present
v1.3.0
CIS Docker 1.13.0 Benchmark v1.0.0 - 01-19-2017
v1.2.0
v1.2.0