DevSec Hardening Framework project is releasing a new major release of cis-docker-benchmark today.
The major points of this release are listed below, however there are also many changes under the hood like cleanups of documentation and improvements of the InSpec Profile.
Many thanks for the contributions and help we received from our users and community!
Highlights and breaking changes:
- Update of InSpec Profile to support the CIS Docker Benchmark 1.13.0
- Introduce new Tags
tag 'cis-docker-1.13.0': '4.1'to easily identify the right CIS Control
- Update of descriptions to explain each control in a better manner
- Update of references to support the user in implementing each control
- Renumbering of InSpec controls to be independent from the CIS Docker Benchmark numbering, because we want to keep the old controls.
- Activate old controls via new attribute
- New library method to check, if docker overlay networks are encrypted
benchmark_versionto execute also the old controls from previous benchmarks, e.g. set it to 1.12.0 to execute also the tests from cis-benchmark-1.12.0