konstruktoid
commented
5 years ago Relates to #329
Open konstruktoid opened 5 years ago
konstruktoid
commented
5 years ago Relates to #329
konstruktoid
commented
5 years ago @diogomonica @docker/security?
konstruktoid
commented
4 years ago 
justincormack
commented
4 years ago Hmm, Diogo no longer works at Docker. I don't actually know who has access to the signing key (there may be a copy in the safe). @konstruktoid who has done this in the past?
konstruktoid
commented
4 years ago Hi @justincormack, that's good to know since he was the creator (https://github.com/docker/docker-bench-security/commit/487307834fa12a98181365df9bac7225f79a8083) and original maintainer.
He also signed and pushed the images in the past, https://github.com/docker/docker-bench-security/issues/138.
konstruktoid
commented
4 years ago Any progress @justincormack @docker/security?
illyaMs
commented
4 years ago A pity that this issue did not get proper attention during the 5 month since creation. All recent additions/improvements are not delivered to image consumers, so everyone is using a 1.3.4 version.
We've managed to workaround it by pushing our own image built on latest state of master branch. But that obviously is not a way we'd like to handle (sitting on upstream docker/docker-bench-security would be way better for obvious reasons).
konstruktoid
commented
4 years ago I totally agree @illyaMs.
Any progress @justincormack @docker/security?
konstruktoid
commented
4 years ago Monthly reminder, @justincormack.
yaminisridaran
commented
4 years ago @konstruktoid I would like to contribute for this issue to be solved. Can you please guide me
konstruktoid
commented
4 years ago Thanks @yaminisridaran , but this is done by the Docker organization. Previously by Diogo Mónica and now ... someone else. See https://github.com/docker/docker-bench-security/issues/405#issuecomment-552887772.
konstruktoid
commented
4 years ago Ping @justincormack
konstruktoid
commented
3 years ago Ping @justincormack
konstruktoid
commented
3 years ago Monthly Yearly reminder.
@justincormack
michi88
commented
2 years ago This has caused a lot of time for me to debug (that the latest docker version is not up to date with the sources here). Maybe we should add this to the README until it is resolved?
konstruktoid
commented
2 years ago So sorry about that @michi88, I actually thought there was. I merged https://github.com/docker/docker-bench-security/pull/494
martongajarszky
commented
2 years ago Hello @konstruktoid, Will there be a new release of docker-bench? Running the script from the master branch, states it is version 1.3.6 but it has not been released. Thank You! (Btw it is a nice piece of work!)
konstruktoid
commented
2 years ago CIS Docker Benchmark v1.4.0 was published yesterday and I'll will update the scripts to match that one, and then tag and release 1.3.6.
I have no idea if there will be an official Docker image. I guess this comment counts as the yearly reminder.
brianonn
commented
1 year ago reminder for 2023 :)
docker/docker-bench-security:latest is now just days away from being 4 years old
last updated: Jan 24, 2019 at 7:48 am
konstruktoid
commented
1 year ago I think we just passed 900 workdays :cake:
bignay2000
commented
1 year ago Docker not being able to Docker :)
xsolinsx
commented
8 months ago yearly reminder I guess?
satandyh
commented
3 months ago You should be kidding o_O.
konstruktoid
commented
2 months ago Celebrating 1200 work days 🍰 🍸
v1.3.5 was just released; https://github.com/docker/docker-bench-security/releases/tag/v1.3.5. The image needs to be signed by Docker, have a :latest and a version tag added to the image and published.