Merge pull request #391 from rancher/main

[release/v0.6] sync release v0.6 with main
rancher · Feb 18, 2025 · d92ab5a · d92ab5a
2 parents 4e01b78 + 346939c
commit d92ab5a
Show file tree

Hide file tree

Showing 7 changed files with 17 additions and 18 deletions.
diff --git a/.github/renovate.json b/.github/renovate.json
@@ -6,7 +6,8 @@
     "main",
     "release/v0.3",
     "release/v0.4",
-    "release/v0.5"
+    "release/v0.5",
+    "release/v0.6"
   ],
   "prHourlyLimit": 2
 }
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -46,7 +46,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        k8s-version: [v1.27.3, v1.28.0, v1.29.0]
+        k8s-version: [v1.29.0, v1.30.0, v1.31.0, v1.32.0]
         platform: [ubuntu-latest]
 
     runs-on: ${{ matrix.platform }}

diff --git a/go.mod b/go.mod
@@ -1,11 +1,9 @@
 module github.com/rancher/security-scan
 
-go 1.23.5
-
-toolchain go1.23.6
+go 1.23.6
 
 require (
-	github.com/aquasecurity/kube-bench v0.10.1
+	github.com/aquasecurity/kube-bench v0.10.2
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/viper v1.19.0
 	github.com/stretchr/testify v1.10.0

diff --git a/go.sum b/go.sum
@@ -1,5 +1,5 @@
-github.com/aquasecurity/kube-bench v0.10.1 h1:SLnScd5qnlSOETodhX4iyW4beu0Ue4au1MqJ3fUDnw0=
-github.com/aquasecurity/kube-bench v0.10.1/go.mod h1:9S67UPnASLor5+11UeikBoiG//tel5BDsei0Bo8g2Pw=
+github.com/aquasecurity/kube-bench v0.10.2 h1:wVU6K/g3LJD/BAlDrphLYxs9f5PNRcon+ozZ6S/fMVU=
+github.com/aquasecurity/kube-bench v0.10.2/go.mod h1:TYImH07Qr2XA09VCBUiQDs6vilbTyourr0B+qq/AtN8=
 github.com/aws/aws-sdk-go-v2 v1.36.0 h1:b1wM5CcE65Ujwn565qcwgtOTT1aT4ADOHHgglKjG7fk=
 github.com/aws/aws-sdk-go-v2 v1.36.0/go.mod h1:5PMILGVKiW32oDzjj6RU52yrNrDPUHcbZQYr1sM7qmM=
 github.com/aws/aws-sdk-go-v2/service/securityhub v1.55.8 h1:+0McIKnas9knQ+22C0fS5j1j4J4wlCvnjMPzvdgVrvQ=

diff --git a/hack/e2e b/hack/e2e
@@ -60,7 +60,7 @@ function check_binaries(){
 
 function check_config_files(){
   echo "> Check for upstream test files:"
-  dirs="ack-1.0 aks-1.0 cis-1.23 cis-1.24 cis-1.7 cis-1.8 cis-1.9 config.yaml eks-1.0.1 eks-1.1.0 eks-1.2.0 eks-stig-kubernetes-v1r6 gke-1.0 gke-1.2.0 gke-1.6.0 rh-0.7 rh-1.0"
+  dirs="ack-1.0 aks-1.0 cis-1.23 cis-1.24 cis-1.7 cis-1.8 cis-1.9 config.yaml eks-1.0.1 eks-1.1.0 eks-1.5.0 eks-stig-kubernetes-v1r6 gke-1.0 gke-1.2.0 gke-1.6.0 rh-0.7 rh-1.0"
 
   for d in ${dirs}; do
     if ! kubectl exec -n cis-operator-system security-scan-runner-scan-test -c rancher-cis-benchmark -- stat "/etc/kube-bench/cfg/$d"; then

diff --git a/hack/make/deps.mk b/hack/make/deps.mk
@@ -1,13 +1,13 @@
 # renovate: datasource=github-release-attachments depName=kubernetes-sigs/kind
-KIND_VERSION ?= 0.26.0
+KIND_VERSION ?= 0.27.0
 KUBERNETES_VERSION ?= v$(KUBECTL_VERSION)
 
 # renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench
-KUBE_BENCH_VERSION ?= v0.10.1
-# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.10.1
-KUBE_BENCH_SUM_arm64 ?= 7965b43077d6d6aef26b210e0e005e6030b748766aba8dfa658ac16ec1cfe7c9
-# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.10.1
-KUBE_BENCH_SUM_amd64 ?= 65f836ef3da190d44849e12b9f55a62bbf8c79c9178cae2514644dcb5108e530
+KUBE_BENCH_VERSION ?= v0.10.2
+# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.10.2
+KUBE_BENCH_SUM_arm64 ?= a393a1674ba97b8f644f9630779cc1d55313c32e96f2c7b6998222ac9e653b36
+# renovate: datasource=github-release-attachments depName=aquasecurity/kube-bench digestVersion=v0.10.2
+KUBE_BENCH_SUM_amd64 ?= 4f991307f5964be553e8ac80fcd2b73721f439096e01f92cb6f252330a4b3d97
 
 # renovate: datasource=github-release-attachments depName=vmware-tanzu/sonobuoy
 SONOBUOY_VERSION ?= v0.57.2

diff --git a/package/cfg/config.yaml b/package/cfg/config.yaml
@@ -218,8 +218,8 @@ version_mapping:
   "1.27": "cis-1.9"
   "1.28": "cis-1.9"
   "1.29": "cis-1.9"
-  "eks-1.2.0":
-    - "eks-1.2.0"
+  "eks-1.5.0":
+    - "eks-1.5.0"
   "gke-1.2.0":
     - "gke-1.2.0"
   "gke-1.6.0":
@@ -234,7 +234,7 @@ version_mapping:
 # Target mapping: Defines which components (eg. master, node, etcd) should be evaluated for a given CIS profile.
 target_mapping:
   # EKS
-  "eks-1.2.0":
+  "eks-1.5.0":
     - "node"
   # GKE
   "gke-1.2.0":