-
Notifications
You must be signed in to change notification settings - Fork 7
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP]Queries for gke cisv1.3.0 #117
[WIP]Queries for gke cisv1.3.0 #117
Conversation
changes to update correct query for query.kubernetes_cluster_network_policy_installed
@saisirishreddy, thanks for helping; I would like to get some clarification for this PR; what is the purpose of these new queries? Are you planning to send PR for the new benchmark, i.e. GKE-CISv1.3.0. I don't see any existing query update except below control
|
@rajlearner17 , This PR is just to populate the queries for GKE-CISv1.3.0. |
@saisirishreddy Thanks for attempting to bring CIS GKE 1.30 Any specific reason why you selected While we initially were still deciding whether to bring such provider-specific Kubernetes compliance separately or bring in general CIS of Kubernetes, which can address all cloud providers. However, I understand that. Short-falls few provider-specific checks. While you are proceeding with this, I would like to contact others to provide feedback so we are better covered with the right approach. The reason is once we do this for GCP, we may have an interest in Cheers! |
CIS GKE 1.4.0 would work too and can be used as latest reference. I already have my local queries with reference to CIS GKE 1.4.0.
Whatever the approach, happy to contribute. thanks |
Hey @saisirishreddy , thanks again for raising this PR! Looking at GKE CIS v1.3.0 and v1.4.0, along with Azure AKS CIS v1.3.0 and AWS EKS CIS v1.3.0, it seems like all 3 CIS reports have a mix of controls that are checked/remediated either using Some of the So one approach we could take is:
@saisirishreddy @rajlearner17 Thoughts on the proposal above? |
@cbruno10 Using mod dependencies is a great idea and a benefit of the Steampipe feature. However, I not have much idea as of now about the level of interdependence, such as
Maybe we have to plan how to make a start, whether by analyzing all together and documenting the required changes first Here is the reference to Mod Dependencies |
@rajlearner17 I think for whatever CIS report we start with, we could go control by control and as we're adding each one, see if it's an existing control/query in the Kubernetes or cloud Compliance mod. We may end up with most controls being referenced or very few, but even if there are just a few I think it's beneficial to use mod dependencies where we can. |
@saisirishreddy I've created #123 to continue the discussion since this PR was closed due to merging of the |
Sure thank you, I agree that referencing to the Kubernetes mod where applicable helps along with the Corresponding Cloud queries. However I think handling the config files might be challenging as the access requirements are not the same. |
Checklist