Skip to content

Commit

Permalink
update inspec.yml and changelog
Browse files Browse the repository at this point in the history
  • Loading branch information
dev-sec CI committed Jun 18, 2020
1 parent ce4cc9c commit 656e61c
Show file tree
Hide file tree
Showing 2 changed files with 135 additions and 103 deletions.
35 changes: 33 additions & 2 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,27 @@
# Change Log
# Changelog

## [1.3.1](https://github.com/dev-sec/cis-docker-benchmark/tree/1.3.1) (2020-06-18)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/2.1.0...1.3.1)

**Closed issues:**

- Examples not working [\#58](https://github.com/dev-sec/cis-docker-benchmark/issues/58)
- incompatible character encodings: UTF-8 and ASCII-8BIT [\#51](https://github.com/dev-sec/cis-docker-benchmark/issues/51)

**Merged pull requests:**

- github release action [\#67](https://github.com/dev-sec/cis-docker-benchmark/pull/67) ([micheelengronne](https://github.com/micheelengronne))
- Update Inspec.yml [\#66](https://github.com/dev-sec/cis-docker-benchmark/pull/66) ([MoisesTapia](https://github.com/MoisesTapia))
- Removed trailing slashes in 1.8, 1.9 [\#63](https://github.com/dev-sec/cis-docker-benchmark/pull/63) ([presidenten](https://github.com/presidenten))
- Remove .gitkeep file [\#62](https://github.com/dev-sec/cis-docker-benchmark/pull/62) ([james-stocks](https://github.com/james-stocks))
- Simple fix for \#58 [\#61](https://github.com/dev-sec/cis-docker-benchmark/pull/61) ([commjoen](https://github.com/commjoen))
- Update issue templates [\#57](https://github.com/dev-sec/cis-docker-benchmark/pull/57) ([rndmh3ro](https://github.com/rndmh3ro))
- unified attributes [\#56](https://github.com/dev-sec/cis-docker-benchmark/pull/56) ([chris-rock](https://github.com/chris-rock))
- Removed unneeded processing step [\#55](https://github.com/dev-sec/cis-docker-benchmark/pull/55) ([tstuber](https://github.com/tstuber))

## [2.1.0](https://github.com/dev-sec/cis-docker-benchmark/tree/2.1.0) (2018-04-20)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/2.0.0...2.1.0)

**Closed issues:**
Expand All @@ -10,13 +31,15 @@

**Merged pull requests:**

- 2.1.0 [\#54](https://github.com/dev-sec/cis-docker-benchmark/pull/54) ([chris-rock](https://github.com/chris-rock))
- Fix utf8 truncated output [\#53](https://github.com/dev-sec/cis-docker-benchmark/pull/53) ([aschmidt75](https://github.com/aschmidt75))
- update inspec version to 2.0 [\#52](https://github.com/dev-sec/cis-docker-benchmark/pull/52) ([atomic111](https://github.com/atomic111))
- Fixes \#37 prevent NoMethodError when no hosts available [\#49](https://github.com/dev-sec/cis-docker-benchmark/pull/49) ([Nowheresly](https://github.com/Nowheresly))
- name correct minimum inspec version [\#47](https://github.com/dev-sec/cis-docker-benchmark/pull/47) ([chris-rock](https://github.com/chris-rock))
- update changelog [\#45](https://github.com/dev-sec/cis-docker-benchmark/pull/45) ([chris-rock](https://github.com/chris-rock))

## [2.0.0](https://github.com/dev-sec/cis-docker-benchmark/tree/2.0.0) (2017-11-24)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.3.1...2.0.0)

**Closed issues:**
Expand All @@ -33,6 +56,7 @@
- update gemfile [\#41](https://github.com/dev-sec/cis-docker-benchmark/pull/41) ([atomic111](https://github.com/atomic111))

## [1.3.1](https://github.com/dev-sec/cis-docker-benchmark/tree/1.3.1) (2017-11-18)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.3.0...1.3.1)

**Fixed bugs:**
Expand All @@ -52,6 +76,7 @@
- Due to inspec deprecation warnings [\#33](https://github.com/dev-sec/cis-docker-benchmark/pull/33) ([alexpop](https://github.com/alexpop))

## [1.3.0](https://github.com/dev-sec/cis-docker-benchmark/tree/1.3.0) (2017-04-28)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.2.0...1.3.0)

**Closed issues:**
Expand All @@ -70,13 +95,15 @@
- update tags and refs [\#23](https://github.com/dev-sec/cis-docker-benchmark/pull/23) ([chris-rock](https://github.com/chris-rock))

## [1.2.0](https://github.com/dev-sec/cis-docker-benchmark/tree/1.2.0) (2017-04-18)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.1.1...1.2.0)

**Merged pull requests:**

- update to CIS Benchmark 1.12, controls 1.1 to 2.16 [\#19](https://github.com/dev-sec/cis-docker-benchmark/pull/19) ([atomic111](https://github.com/atomic111))

## [1.1.1](https://github.com/dev-sec/cis-docker-benchmark/tree/1.1.1) (2017-03-01)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.1.0...1.1.1)

**Merged pull requests:**
Expand All @@ -85,6 +112,7 @@
- add changelog [\#16](https://github.com/dev-sec/cis-docker-benchmark/pull/16) ([chris-rock](https://github.com/chris-rock))

## [1.1.0](https://github.com/dev-sec/cis-docker-benchmark/tree/1.1.0) (2016-12-13)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.0.0...1.1.0)

**Merged pull requests:**
Expand All @@ -95,6 +123,9 @@
- Fix README.md [\#12](https://github.com/dev-sec/cis-docker-benchmark/pull/12) ([netflash](https://github.com/netflash))

## [1.0.0](https://github.com/dev-sec/cis-docker-benchmark/tree/1.0.0) (2016-07-05)

[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/b7947d9bfea0a7fb961874f94a7fa0375bef31ba...1.0.0)

**Implemented enhancements:**

- use new InSpec attributes [\#10](https://github.com/dev-sec/cis-docker-benchmark/pull/10) ([chris-rock](https://github.com/chris-rock))
Expand All @@ -112,4 +143,4 @@



\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
\* *This Changelog was automatically generated by [github_changelog_generator](https://github.com/github-changelog-generator/github-changelog-generator)*
203 changes: 102 additions & 101 deletions inspec.yml
View file
Original file line number Diff line number Diff line change
@@ -1,110 +1,111 @@
---
name: cis-docker-benchmark
title: CIS Docker Benchmark Profile
maintainer: DevSec Hardening Framework Team
copyright: DevSec Hardening Framework Team
copyright_email: [email protected]
license: Apache-2.0
summary: An InSpec Compliance Profile for the CIS Docker Benchmark
version: 2.1.0
version: 1.3.1
inspec_version: '>= 2.3.23'
attributes:
- name: container_user
required: false
description: 'define user within containers.'
value: 'ubuntu'
type: string
- name: container_capadd
required: true
description: 'define needed capabilities for containers.'
type: string
value: NET_ADMIN,SYS_ADMIN
- name: app_armor_profile
required: false
description: 'define apparmor profile for Docker containers.'
value: 'docker-default'
type: string
- name: selinux_profile
required: false
description: 'define SELinux profile for Docker containers.'
value: label:level:s0-s0:c1023
type: string
- name: trusted_user
required: false
description: 'define trusted user to control Docker daemon.'
value: vagrant
type: string
- name: managable_container_number
required: true
description: 'keep number of containers on a host to a manageable total.'
value: 25
type: numeric
- name: benchmark_version
required: true
description: 'to execute also the old controls from previous benchmarks. to execute the controls, define the value as 1.12.0'
type: string
value: 1.12.0
- name: registry_cert_path
required: true
description: 'directory contains various Docker registry directories.'
value: '/etc/docker/certs.d'
type: string
- name: registry_name
required: true
description: 'directory contain certificate certain Docker registry.'
value: '/etc/docker/certs.d/registry_hostname:port'
type: string
- name: registry_ca_file
required: false
description: 'directory contain certificate certain Docker registry.'
value: '/etc/docker/certs.d/registry_hostname:port/ca.crt'
type: string
- name: daemon_tlscacert
required: false
description: 'Trust certs signed only by this CA'
value: '/etc/docker/ssl/ca.pem'
type: string
- name: daemon_tlscert
required: false
description: 'Path to TLS certificate file'
value: '/etc/docker/ssl/server_cert.pem'
type: string
- name: daemon_tlskey
required: false
description: 'Path to TLS key file'
value: '/etc/docker/ssl/server_key.pem'
type: string
- name: authorization_plugin
required: false
description: 'define authorization plugin to manage access to Docker daemon.'
value: 'authz-broker'
type: string
- name: log_driver
required: false
description: 'define preferable way to store logs.'
value: 'syslog'
type: string
- name: log_opts
required: false
description: 'define Docker daemon log-opts.'
value: syslog-address
type: string
- name: swarm_mode
required: false
description: 'define the swarm mode, `active` or `inactive`'
value: inactive
type: string
- name: swarm_max_manager_nodes
required: false
description: 'number of manager nodes in a swarm'
value: 3
type: numeric
- name: swarm_port
required: false
description: 'port of the swarm node'
value: 2377
type: numeric
- name: seccomp_default_profile
required: false
description: 'define the default seccomp profile'
value: 'default'
type: string
- name: container_user
required: false
description: 'define user within containers.'
value: 'ubuntu'
type: string
- name: container_capadd
required: true
description: 'define needed capabilities for containers.'
type: string
value: NET_ADMIN,SYS_ADMIN
- name: app_armor_profile
required: false
description: 'define apparmor profile for Docker containers.'
value: 'docker-default'
type: string
- name: selinux_profile
required: false
description: 'define SELinux profile for Docker containers.'
value: label:level:s0-s0:c1023
type: string
- name: trusted_user
required: false
description: 'define trusted user to control Docker daemon.'
value: vagrant
type: string
- name: managable_container_number
required: true
description: 'keep number of containers on a host to a manageable total.'
value: 25
type: numeric
- name: benchmark_version
required: true
description: 'to execute also the old controls from previous benchmarks. to execute the controls, define the value as 1.12.0'
type: string
value: 1.12.0
- name: registry_cert_path
required: true
description: 'directory contains various Docker registry directories.'
value: '/etc/docker/certs.d'
type: string
- name: registry_name
required: true
description: 'directory contain certificate certain Docker registry.'
value: '/etc/docker/certs.d/registry_hostname:port'
type: string
- name: registry_ca_file
required: false
description: 'directory contain certificate certain Docker registry.'
value: '/etc/docker/certs.d/registry_hostname:port/ca.crt'
type: string
- name: daemon_tlscacert
required: false
description: 'Trust certs signed only by this CA'
value: '/etc/docker/ssl/ca.pem'
type: string
- name: daemon_tlscert
required: false
description: 'Path to TLS certificate file'
value: '/etc/docker/ssl/server_cert.pem'
type: string
- name: daemon_tlskey
required: false
description: 'Path to TLS key file'
value: '/etc/docker/ssl/server_key.pem'
type: string
- name: authorization_plugin
required: false
description: 'define authorization plugin to manage access to Docker daemon.'
value: 'authz-broker'
type: string
- name: log_driver
required: false
description: 'define preferable way to store logs.'
value: 'syslog'
type: string
- name: log_opts
required: false
description: 'define Docker daemon log-opts.'
value: syslog-address
type: string
- name: swarm_mode
required: false
description: 'define the swarm mode, `active` or `inactive`'
value: inactive
type: string
- name: swarm_max_manager_nodes
required: false
description: 'number of manager nodes in a swarm'
value: 3
type: numeric
- name: swarm_port
required: false
description: 'port of the swarm node'
value: 2377
type: numeric
- name: seccomp_default_profile
required: false
description: 'define the default seccomp profile'
value: 'default'
type: string

0 comments on commit 656e61c

Please sign in to comment.