pool/docker-bench-security
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
docker-bench-security/docker-bench-security.changes
Dirk Mueller aa97ddf88d - Update to docker-bench-security v1.6.1. See upstream changelog online at 
<https://github.com/docker/docker-bench-security/releases/tag/v1.6.1>.
  * Align with CIS Docker Benchmark v1.6.0.

  v1.6.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.6.0>
  * Fix image sprawl miscalculation.
  * Add an option to filter out labels to exclude from checks.

  v1.5.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.5.0>
  * Align with CIS Docker Benchmark v1.5.0.
  * Add support for .NanoCpus.

  v1.3.6 <https://github.com/docker/docker-bench-security/releases/tag/v1.3.6>
  * Add CIS Level 1 only functions.
  * Support user namespaces in partition check.
  * Deprecate rule 2.16 for Docker > 19.03.
  * Add checks for capabilities that allows container escape.
  * Implement listing of open ports.
  * Add 4.12 check.

- Rather than patching the script entirely using sed (which can make updates
  error-prone), apply an actual patch to switch to using a LIBEXEC variable we
  can replace during packaging. Backport of
  <https://github.com/docker/docker-bench-security/pull/559>.
  + 0001-dist-adjust-script-imports-to-be-able-to-use-usr-lib.patch

- checks implementing CIS Docker 1.11.0 Benchmark

OBS-URL: https://build.opensuse.org/package/show/Virtualization:containers/docker-bench-security?expand=0&rev=33
2024-11-12 09:43:56 +00:00

136 lines
4.7 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Fri Oct 18 00:37:32 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Update to docker-bench-security v1.6.1. See upstream changelog online at
<https://github.com/docker/docker-bench-security/releases/tag/v1.6.1>.
* Align with CIS Docker Benchmark v1.6.0.
v1.6.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.6.0>
* Fix image sprawl miscalculation.
* Add an option to filter out labels to exclude from checks.
v1.5.0 <https://github.com/docker/docker-bench-security/releases/tag/v1.5.0>
* Align with CIS Docker Benchmark v1.5.0.
* Add support for .NanoCpus.
v1.3.6 <https://github.com/docker/docker-bench-security/releases/tag/v1.3.6>
* Add CIS Level 1 only functions.
* Support user namespaces in partition check.
* Deprecate rule 2.16 for Docker > 19.03.
* Add checks for capabilities that allows container escape.
* Implement listing of open ports.
* Add 4.12 check.
- Rather than patching the script entirely using sed (which can make updates
error-prone), apply an actual patch to switch to using a LIBEXEC variable we
can replace during packaging. Backport of
<https://github.com/docker/docker-bench-security/pull/559>.
+ 0001-dist-adjust-script-imports-to-be-able-to-use-usr-lib.patch
-------------------------------------------------------------------
Thu May 7 18:11:25 UTC 2020 - Andreas Stieger <andreas.stieger@gmx.de>
- fix include patch of functions_lib.sh (boo#1164631)
-------------------------------------------------------------------
Mon Nov 18 18:25:43 UTC 2019 - Andreas Stieger <andreas.stieger@gmx.de>
- update to 1.3.5:
* Align with CIS Docker Benchmark v1.2.0
* Add some command line options to support specific use cases
-------------------------------------------------------------------
Thu Jan 11 13:15:51 UTC 2018 - kbabioch@suse.com
- update to 1.3.3:
* Adapt to CIS Docker Community Edition Benchmark v1.1.0
* Correct check names
* Require Docker version 1.13.0 or later
* Handle busybox date conversion
* Add Docker Swarm configuration checks
-------------------------------------------------------------------
Fri May 5 13:33:06 UTC 2017 - astieger@suse.com
- update to 1.3.2:
* improve get_docker_configuration_file_args()
* add [NOTE] for informational checks with no actual tests
* fix various tests when using daemon.json
* use stat instead of ls -ld output
- includes changes from 1.3.1:
* Add daemon.json support
* Correct multiple tests
* Update default alpine Dockerfile
* Use grep if auditctl isn't present
-------------------------------------------------------------------
Fri Feb 24 08:35:24 UTC 2017 - astieger@suse.com
- update to 1.3.0:
* Inspired by the CIS Docker 1.13 Benchmark
* adjust run-time package requirements
-------------------------------------------------------------------
Mon Aug 1 12:41:58 UTC 2016 - astieger@suse.com
- Docker Bench for Security v1.1.0:
* check for docker 1.12.0
* fix early-docker use
* mention adjusting volumes
-------------------------------------------------------------------
Tue Jun 7 07:46:18 UTC 2016 - astieger@suse.com
- checks for docker 1.11.2, no benchmark changes
- requires docker >= 1.10.0
-------------------------------------------------------------------
Wed May 11 07:46:36 UTC 2016 - astieger@suse.com
- checks for docker 1.11.1
-------------------------------------------------------------------
Mon Apr 18 15:11:24 UTC 2016 - astieger@suse.com
- checks implementing CIS Docker 1.11.0 Benchmark
https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.110
- checks for docker 1.11.0
- use stat to verify permissions
- fixes for process detection
-------------------------------------------------------------------
Wed Feb 17 14:04:47 UTC 2016 - astieger@suse.com
- checks for docker 1.10.1
-------------------------------------------------------------------
Sun Feb 7 11:33:32 UTC 2016 - astieger@suse.com
- checks for docker 1.10
- improve version check
- fix checks for remotely obtained users/groups
-------------------------------------------------------------------
Fri Nov 27 23:15:17 UTC 2015 - astieger@suse.com
- checks for docker 1.9.1
- Fix command line option parsing
- check for TCP socket before checking for TLS
-------------------------------------------------------------------
Thu Nov 12 07:46:56 UTC 2015 - astieger@suse.com
- fix detection of socket security
-------------------------------------------------------------------
Wed Nov 4 17:41:48 UTC 2015 - astieger@suse.com
- checks for docker 1.9.0
- openSUSE dockerfile added
-------------------------------------------------------------------
Wed Nov 4 12:18:29 UTC 2015 - astieger@suse.com
- initial package
Reference in New Issue View Git Blame Copy Permalink