Skip to content

Commit

Permalink
upgrade docker cis benchmarks to latest v1.6.0
Browse files Browse the repository at this point in the history
As the cis-1.3.1 and cis-1.6.0 both are meant for docker version 20.10 or latest, have removed cis-1.3.1 controls
Have accommodated the Docker CIS benchmarks V1.6.0 into cis-1.6.0 and added the benchmarks version mapping if docker version 20.10 or later
  • Loading branch information
KiranBodipi committed Apr 3, 2024
1 parent a493aa3 commit 87e7b2c
Show file tree
Hide file tree
Showing 5 changed files with 182 additions and 172 deletions.
12 changes: 6 additions & 6 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -13,12 +13,12 @@ Tests are configured with YAML files, making this tool easy to update as test sp

docker-bench currently supports tests as defined in the following CIS Docker Benchmarks:

| CIS Benchmark | docker-bench cfg directory | Docker versions |
|---------------------------------------------------------------------------------------|----------------------------|---|
| [CIS Docker Benchmark v1.3.1](https://workbench.cisecurity.org/benchmarks/7193)| [cis-1.3.1](./cfg/cis-1.3.1) | 20.10|
| [CIS Docker Benchmark v1.2.0](https://workbench.cisecurity.org/benchmarks/601) | [cis-1.2](./cfg/cis-1.2) | 18.09 and Docker Enterprise 2.1 |
| [CIS Docker Community Edition Benchmark v1.1.0](https://workbench.cisecurity.org/benchmarks/552) | [cis-1.1](./cfg/cis-1.1) | 17.06 |
| [CIS Docker 1.13.0 Benchmark v1.0.0](https://workbench.cisecurity.org/benchmarks/363) | [cis-1.0](./cfg/cis-1.0) | 1.13.0 |
| CIS Benchmark | docker-bench cfg directory | Docker versions |
|--------------------------------------------------------------------------------------------------|------------------------------|----------------------------------|
| [CIS Docker Benchmark v1.6.0](https://workbench.cisecurity.org/benchmarks/11818) | [cis-1.6.0](./cfg/cis-1.6.0) | 20.10 |
| [CIS Docker Benchmark v1.2.0](https://workbench.cisecurity.org/benchmarks/601) | [cis-1.2](./cfg/cis-1.2) | 18.09 and Docker Enterprise 2.1 |
| [CIS Docker Community Edition Benchmark v1.1.0](https://workbench.cisecurity.org/benchmarks/552) | [cis-1.1](./cfg/cis-1.1) | 17.06 |
| [CIS Docker 1.13.0 Benchmark v1.0.0](https://workbench.cisecurity.org/benchmarks/363) | [cis-1.0](./cfg/cis-1.0) | 1.13.0 |


docker-bench will determine the test set to run based on the Docker version running on the host machine.
Expand Down
2 changes: 1 addition & 1 deletion app.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ import (
)

var benchmarkVersionMap = map[string]string{
"cis-1.3.1": ">= 20.10",
"cis-1.6.0": ">= 20.10",
"cis-1.2": ">= 18.09, < 20.10",
"cis-1.1": ">= 17.06, < 18.09",
"cis-1.0": ">= 1.13.0, < 17.06",
Expand Down
2 changes: 1 addition & 1 deletion app_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ func Test_getDockerCisVersion(t *testing.T) {
want string
wantErr bool
}{
{name: "Test for version 20.10", stringVersion: "20.10", want: "cis-1.3.1", wantErr: false},
{name: "Test for version 20.10", stringVersion: "20.10", want: "cis-1.6.0", wantErr: false},
{name: "Test for version 20.04", stringVersion: "20.04", want: "cis-1.2", wantErr: false},
{name: "Test for version 18.09", stringVersion: "18.09", want: "cis-1.2", wantErr: false},
{name: "Test for version 19.3.6", stringVersion: "19.3.6", want: "cis-1.2", wantErr: false},
Expand Down
File renamed without changes.
Loading

0 comments on commit 87e7b2c

Please sign in to comment.