diff options
author | Cédric Ollivier <cedric.ollivier@orange.com> | 2020-09-13 14:53:26 +0200 |
---|---|---|
committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2020-09-13 17:01:01 +0200 |
commit | 258f2cadea3381f7625451b741280fa66f9cb020 (patch) | |
tree | 75132eb6ec7d1f2672ddfa7c3493ae9315fb2065 /docker/security | |
parent | fb8a8bf7bcbab47d740271ef546127216a36d8fd (diff) |
Split kube-bench master and node
The former deployment asked for all-in-one.
Change-Id: I12e470cec9e82b82c6f3ea5ff2431087f5deb9be
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
(cherry picked from commit bced94b6fe24c7e939fb22834deb77477e4a9bb9)
Diffstat (limited to 'docker/security')
-rw-r--r-- | docker/security/testcases.yaml | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/docker/security/testcases.yaml b/docker/security/testcases.yaml index e5423a47..c4f7e69b 100644 --- a/docker/security/testcases.yaml +++ b/docker/security/testcases.yaml @@ -2,7 +2,6 @@ tiers: - name: security - ci_loop: '(daily)|(weekly)' description: >- Set of basic security tests. testcases: @@ -15,17 +14,34 @@ tiers: Check that the kubernetes cluster has no known vulnerabilities run: - name: 'kube_hunter' + name: kube_hunter args: severity: high - - case_name: kube_bench + case_name: kube_bench_master project_name: functest criteria: 100 blocking: false description: >- - Check that the kubernetes cluster has no known - vulnerabilities + Checks whether Kubernetes is deployed securely by running + the master checks documented in the CIS Kubernetes + Benchmark. run: - name: 'kube_bench' + name: kube_bench + args: + target: master + + - + case_name: kube_bench_node + project_name: functest + criteria: 100 + blocking: false + description: >- + Checks whether Kubernetes is deployed securely by running + the node checks documented in the CIS Kubernetes + Benchmark. + run: + name: kube_bench + args: + target: node |