Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[pull] main from aquasecurity:main #247

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
pull merged 1 commit into from
Jun 15, 2026
Merged

[pull] main from aquasecurity:main #247

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 14 additions & 20 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,27 +11,21 @@ RUN make build && cp kube-bench /go/bin/kube-bench

FROM alpine:3.23.4 AS run
WORKDIR /opt/kube-bench/
# add GNU ps for -C, -o cmd, --no-headers support and add findutils to get GNU xargs
# https://github.com/aquasecurity/kube-bench/issues/109
# https://github.com/aquasecurity/kube-bench/issues/1656
RUN apk --no-cache add procps findutils

# Upgrading apk-tools to remediate CVE-2021-36159 - https://snyk.io/vuln/SNYK-ALPINE314-APKTOOLS-1533752
#Β https://github.com/aquasecurity/kube-bench/issues/943
RUN apk --no-cache upgrade apk-tools

# Openssl is used by OpenShift tests
# https://github.com/aquasecurity/kube-bench/issues/535
# Ensuring that we update/upgrade before installing openssl, to mitigate CVE-2021-3711 and CVE-2021-3712
RUN apk update && apk upgrade && apk --no-cache add openssl

# Add glibc for running oc command
RUN wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://alpine-pkgs.sgerrand.com/sgerrand.rsa.pub
RUN apk add gcompat
RUN apk add jq

# Add bash for running helper scripts
RUN apk add --no-cache bash kubectl
# procps adds GNU ps for -C, -o cmd, --no-headers support: https://github.com/aquasecurity/kube-bench/pull/115/
# findutils is used to get GNU xargs: https://github.com/aquasecurity/kube-bench/pull/1657
# Openssl is used by OpenShift tests: https://github.com/aquasecurity/kube-bench/pull/537
# glibc is used for running oc command
# bash is used for running helper scripts
RUN apk --no-cache upgrade \
&& apk --no-cache add \
bash \
findutils \
gcompat \
jq \
kubectl \
openssl \
procps

ENV PATH=$PATH:/usr/local/mount-from-host/bin:/go/bin

Expand Down
6 changes: 1 addition & 5 deletions Dockerfile.fips.ubi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,7 @@ ARG K8S_PKGS_VERSION=1.34
RUN microdnf install -y yum findutils openssl \
&& yum -y update-minimal --security --sec-severity=Moderate --sec-severity=Important --sec-severity=Critical \
&& yum update -y \
&& yum install -y glibc \
&& yum update -y glibc \
&& yum install -y procps \
&& yum update -y procps \
&& yum install jq -y \
&& yum install -y glibc jq procps \
&& printf '%s\n' '[kubernetes]' 'name=Kubernetes' \
"baseurl=https://pkgs.k8s.io/core:/stable:/v${K8S_PKGS_VERSION}/rpm/" \
'enabled=1' 'gpgcheck=1' \
Expand Down
6 changes: 1 addition & 5 deletions Dockerfile.ubi
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,7 @@ ARG K8S_PKGS_VERSION=1.34
RUN microdnf install -y yum findutils openssl \
&& yum -y update-minimal --security --sec-severity=Moderate --sec-severity=Important --sec-severity=Critical \
&& yum update -y \
&& yum install -y glibc \
&& yum update -y glibc \
&& yum install -y procps \
&& yum update -y procps \
&& yum install jq -y \
&& yum install -y glibc jq procps \
&& printf '%s\n' '[kubernetes]' 'name=Kubernetes' \
"baseurl=https://pkgs.k8s.io/core:/stable:/v${K8S_PKGS_VERSION}/rpm/" \
'enabled=1' 'gpgcheck=1' \
Expand Down
Loading