Managed Kubernetes Auditing Toolkit Versions Save

All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments. Currently supports Amazon EKS.

v0.3.0

5 months ago

Changelog

Features:

  • Add support for EKS Pod Identity
  • Add a CLI flag --show-full-role-arns to force printing the full role ARN, instead of just its name

v0.2.0

10 months ago

Changelog

New features:

  • Enhance IMDS access detection to support cases where IMDSv2 is enforced (#9)

Chores:

  • fc36e6b Fix goreleaser deprecated 'archive replacements'

v0.1.1

11 months ago

Changelog

Enhancements:

  • find-secrets: Don't fail and only show a warning in case of missing permissions

v0.1.0

11 months ago

Changelog

New features:

  • mkat eks find-role-relationships now uses a full-fledged IAM policy evaluation engine to determine which pods can assume IAM roles in the account.

Enhancements:

  • Add an option to skip EKS hostname checks in mkat eks find-role-relationships, when using a non-standard EKS API server hostname (--skip-eks-hostname-check)
  • Add an option in mkat eks find-role-relationships to specify the EKS cluster name when it cannot be automatically detected from the KubeConfig file (--eks-cluster-name)
  • Document permissions needed in AWS and K8s in https://github.com/DataDog/managed-kubernetes-auditing-toolkit/blob/v0.1.0/permissions.md
  • Implement better logic to detect when a cluster is an EKS cluster. This used to fail when the EKS API server was using a non-443 port

v0.0.1

1 year ago

Changelog

  • 2573593 Add basis for CI
  • 353efa1 Add first version of IMDS tester
  • 0e069e2 Add first version of autogen doc
  • b6337e3 Add first version of secret detection
  • c3c6027 Add fixtures for demo purposes
  • e734403 Add pre-commit hook to generate third-party licenses
  • f8a770a Add sample outputs
  • b8733b9 Add status badge
  • 873e1c5 Add third-party license file
  • 26bd3ec Create LICENSE
  • 18625b3 Create NOTICE
  • 2d67e07 Enhance CLI output and remove the need to specify EKS cluster name
  • f060029 First version of CLI
  • ce40d44 Fix bug where reliance on EKS annotation value was way too string; consider StringLike condition keys
  • e5adf15 Fix docs link
  • 0e645eb Rename package and add tests for AWS secrets detection
  • 030c2b4 Revamp README
  • 73f0b5f Save
  • fd1215e Support secret detection in init containers
  • 9fbb310 Update README.md
  • 7c1035a Update README.md
  • a735676 Update third-party licenses
  • 95eaea6 initiail commit
  • 86ba38f v2