Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: dev-sec/cis-docker-benchmark
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 1.3.0
Choose a base ref
...
head repository: dev-sec/cis-docker-benchmark
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1.3.1
Choose a head ref
  • 10 commits
  • 5 files changed
  • 4 contributors

Commits on May 18, 2017

  1. Verified

    This commit was signed with the committer’s verified signature.
    Murderlon Merlijn Vos
    Copy the full SHA
    87cc91d View commit details
  2. Merge pull request #33 from dev-sec/ap/assignment_regex

    Due to inspec deprecation warnings
    chris-rock authored May 18, 2017
    Copy the full SHA
    a7029fd View commit details

Commits on Jun 25, 2017

  1. use recommended spdx license identifier

    Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
    chris-rock committed Jun 25, 2017
    Copy the full SHA
    287f505 View commit details
  2. add required docker cli version

    Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
    chris-rock committed Jun 25, 2017
    Copy the full SHA
    3e4dee5 View commit details

Commits on Jun 26, 2017

  1. Merge pull request #34 from dev-sec/chris-rock/spdx

    use recommended spdx license identifier
    atomic111 authored Jun 26, 2017
    Copy the full SHA
    205f6ac View commit details
  2. Merge pull request #35 from dev-sec/chris-rock/readme

    add required docker cli version
    atomic111 authored Jun 26, 2017
    Copy the full SHA
    7577bc2 View commit details

Commits on Sep 14, 2017

  1. updating check for container_info networkings port

    Nandesh Guru authored Sep 14, 2017
    Copy the full SHA
    6d7a036 View commit details

Commits on Sep 19, 2017

  1. Merge pull request #38 from coolguru/master

    updating check for container_info networkings port
    atomic111 authored Sep 19, 2017
    Copy the full SHA
    883c26a View commit details

Commits on Nov 18, 2017

  1. 1.3.1

    Signed-off-by: Christoph Hartmann <chris@lollyrock.com>
    chris-rock committed Nov 18, 2017
    Copy the full SHA
    5fc997e View commit details
  2. Copy the full SHA
    3daa47c View commit details
Showing with 31 additions and 6 deletions.
  1. +25 −1 CHANGELOG.md
  2. +1 −0 README.md
  3. +2 −2 controls/container_runtime.rb
  4. +2 −2 inspec.yml
  5. +1 −1 libraries/docker_helper.rb
26 changes: 25 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,7 +1,25 @@
# Change Log

## [1.3.1](https://github.com/dev-sec/cis-docker-benchmark/tree/1.3.1) (2017-11-18)
[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.3.0...1.3.1)

**Fixed bugs:**

- undefined method `downcase' for nil:NilClass [\#32](https://github.com/dev-sec/cis-docker-benchmark/issues/32)

**Closed issues:**

- docker variable not defined [\#31](https://github.com/dev-sec/cis-docker-benchmark/issues/31)

**Merged pull requests:**

- updating check for container\_info networkings port [\#38](https://github.com/dev-sec/cis-docker-benchmark/pull/38) ([coolguru](https://github.com/coolguru))
- add required docker cli version [\#35](https://github.com/dev-sec/cis-docker-benchmark/pull/35) ([chris-rock](https://github.com/chris-rock))
- use recommended spdx license identifier [\#34](https://github.com/dev-sec/cis-docker-benchmark/pull/34) ([chris-rock](https://github.com/chris-rock))
- Due to inspec deprecation warnings [\#33](https://github.com/dev-sec/cis-docker-benchmark/pull/33) ([alexpop](https://github.com/alexpop))

## [1.3.0](https://github.com/dev-sec/cis-docker-benchmark/tree/1.3.0) (2017-04-28)
[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.1.1...1.3.0)
[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.2.0...1.3.0)

**Closed issues:**

@@ -17,6 +35,12 @@
- use new inspec docker resource [\#29](https://github.com/dev-sec/cis-docker-benchmark/pull/29) ([chris-rock](https://github.com/chris-rock))
- split up control files into components [\#26](https://github.com/dev-sec/cis-docker-benchmark/pull/26) ([chris-rock](https://github.com/chris-rock))
- update tags and refs [\#23](https://github.com/dev-sec/cis-docker-benchmark/pull/23) ([chris-rock](https://github.com/chris-rock))

## [1.2.0](https://github.com/dev-sec/cis-docker-benchmark/tree/1.2.0) (2017-04-18)
[Full Changelog](https://github.com/dev-sec/cis-docker-benchmark/compare/1.1.1...1.2.0)

**Merged pull requests:**

- update to CIS Benchmark 1.12, controls 1.1 to 2.16 [\#19](https://github.com/dev-sec/cis-docker-benchmark/pull/19) ([atomic111](https://github.com/atomic111))

## [1.1.1](https://github.com/dev-sec/cis-docker-benchmark/tree/1.1.1) (2017-03-01)
1 change: 1 addition & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -13,6 +13,7 @@ InSpec is an open-source run-time framework and rule language used to specify co
## Requirements

* at least [InSpec](http://inspec.io/) version 1.21.0
* Docker 1.13+

### Platform

4 changes: 2 additions & 2 deletions controls/container_runtime.rb
Original file line number Diff line number Diff line change
@@ -190,7 +190,7 @@

docker.containers.running?.ids.each do |id|
container_info = docker.object(id)
next unless container_info['NetworkSettings']['Ports'].nil?
next if container_info['NetworkSettings']['Ports'].nil?
container_info['NetworkSettings']['Ports'].each do |_, hosts|
hosts.each do |host|
describe host['HostPort'].to_i.between?(1, 1024) do
@@ -298,7 +298,7 @@

docker.containers.running?.ids.each do |id|
container_info = docker.object(id)
next unless container_info['NetworkSettings']['Ports'].nil?
next if container_info['NetworkSettings']['Ports'].nil?
container_info['NetworkSettings']['Ports'].each do |_, hosts|
hosts.each do |host|
describe host['HostIp'].to_i.between?(1, 1024) do
4 changes: 2 additions & 2 deletions inspec.yml
Original file line number Diff line number Diff line change
@@ -3,6 +3,6 @@ title: CIS Docker Benchmark Profile
maintainer: Patrick Muench
copyright: DevSec Hardening Framework Team
copyright_email: patrick.muench111@gmail.com
license: Apache 2.0 License
license: Apache-2.0
summary: An InSpec Compliance Profile for the CIS Docker Benchmark
version: 1.3.0
version: 1.3.1
2 changes: 1 addition & 1 deletion libraries/docker_helper.rb
Original file line number Diff line number Diff line change
@@ -53,7 +53,7 @@ def socket
def parse_systemd_values(stdout)
SimpleConfig.new(
stdout,
assignment_re: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
assignment_regex: /^\s*([^=]*?)\s*=\s*(.*?)\s*$/,
multiple_values: false
).params
end