aquasecurity · simar7 · Jun 19, 2024 · Jun 16, 2024 · Jun 16, 2024
@@ -3,6 +3,8 @@ spec:
   title: AWS CIS Foundations v1.2
   description: AWS CIS Foundations
   version: "1.2"
+  platfrom: aws
+  type: cis
   relatedResources:
   - https://www.cisecurity.org/benchmark/amazon_web_services
   controls:

@@ -3,6 +3,8 @@ spec:
   title: AWS CIS Foundations v1.4
   description: AWS CIS Foundations
   version: "1.4"
+  platfrom: aws
+  type: cis
   relatedResources:
   - https://www.cisecurity.org/benchmark/amazon_web_services
   controls:

@@ -1,11 +1,13 @@
 ---
 spec:
-  id: docker-cis
+  id: docker-cis-1.6.0
   title: CIS Docker Community Edition Benchmark v1.6.0
   description: CIS Docker Community Edition Benchmark
   relatedResources : 
     - https://www.cisecurity.org/benchmark/docker
   version: "1.6.0"
+  platfrom: docker
+  type: cis
   controls:
     - id: '4.1'
       name: Ensure a user for the container has been created

@@ -3,6 +3,8 @@ spec:
   title: AWS EKS CIS Foundations v1.4
   description: AWS EKS CIS Foundations
   version: "1.4"
+  platfrom: eks
+  type: cis
   relatedResources:
   - https://www.cisecurity.org/benchmark/amazon_web_services
   controls:

@@ -4,6 +4,8 @@ spec:
   title: CIS Kubernetes Benchmarks v1.23
   description: CIS Kubernetes Benchmarks
   version: "1.23"
+  platfrom: k8s
+  type: cis
   relatedResources:
     - https://www.cisecurity.org/benchmark/kubernetes
   controls:

@@ -6,6 +6,8 @@ spec:
   relatedResources : 
     - https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/
   version: "1.0"
+  platfrom: k8s
+  type: nsa
   controls:
     - name: Non-root containers
       description: 'Check that container is not running as root'

@@ -5,6 +5,8 @@ spec:
   relatedResources :
     - https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline
   version: "0.1"
+  platfrom: k8s
+  type: pss
   controls:
     - name: HostProcess 
       description: "Windows pods offer the ability to run HostProcess containers which enables privileged access to the Windows node. Privileged access to the host is disallowed in the baseline policy" 

@@ -5,6 +5,8 @@ spec:
   relatedResources :
     - https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
   version: "0.1"
+  platfrom: k8s
+  type: pss
   controls:
     - name: HostProcess 
       description: "Windows pods offer the ability to run HostProcess containers which enables privileged access to the Windows node. Privileged access to the host is disallowed in the baseline policy" 

@@ -15,11 +15,11 @@ func TestLoadSpecs(t *testing.T) {
 	}{
 		{name: "nsa spec", specName: "k8s-nsa-1.0", wantSpecPath: "./compliance/k8s-nsa-1.0.yaml"},
 		{name: "k8s cis bench", specName: "k8s-cis-1.23", wantSpecPath: "./compliance/k8s-cis-1.23.yaml"},
-		{name: "k8s pss baseline", specName: "k8s-pss-baseline-0.1", wantSpecPath: "./compliance/k8s-pss-baseline.yaml"},
-		{name: "k8s pss restricted", specName: "k8s-pss-restricted-0.1", wantSpecPath: "./compliance/k8s-pss-restricted.yaml"},
+		{name: "k8s pss baseline", specName: "k8s-pss-baseline-0.1", wantSpecPath: "./compliance/k8s-pss-baseline-0.1.yaml"},
+		{name: "k8s pss restricted", specName: "k8s-pss-restricted-0.1", wantSpecPath: "./compliance/k8s-pss-restricted-0.1.yaml"},
 		{name: "awscis1.2", specName: "aws-cis-1.2", wantSpecPath: "./compliance/aws-cis-1.2.yaml"},
 		{name: "awscis1.4", specName: "aws-cis-1.4", wantSpecPath: "./compliance/aws-cis-1.4.yaml"},
-		{name: "docker cis bench", specName: "docker-cis", wantSpecPath: "./compliance/docker-cis.yaml"},
+		{name: "docker cis bench", specName: "docker-cis-1.6.0", wantSpecPath: "./compliance/docker-cis-1.6.0.yaml"},
 		{name: "awscis1.2 by filepath", specName: "@./compliance/aws-cis-1.2.yaml", wantSpecPath: "./compliance/aws-cis-1.2.yaml"},
 		{name: "bogus spec", specName: "foobarbaz"},
 	}