diff --git a/.releaserc b/.releaserc index 06f8f58..a191df5 100644 --- a/.releaserc +++ b/.releaserc @@ -6,11 +6,11 @@ "@semantic-release/github", { "assets": [ - { "path": "build//bin/production-readiness-amd64.exe", "label": "Windows amd64 distribution" }, - { "path": "build/bin/production-readiness-386.exe", "label": "Windows 386 distribution" }, - { "path": "build/bin/production-readiness-amd64-darwin", "label": "Darwin amd64 distribution" }, - { "path": "build/bin/production-readiness-amd64-linux ", "label": "Linux amd64 distribution" }, - { "path": "build/bin/production-readiness-386-linux ", "label": "Linux 386 distribution" }, + { "path": "build//bin/production-readiness-amd64.exe", "label": "Windows amd64 binary" }, + { "path": "build/bin/production-readiness-386.exe", "label": "Windows 386 binary" }, + { "path": "build/bin/production-readiness-amd64-darwin", "label": "Darwin amd64 binary" }, + { "path": "build/bin/production-readiness-amd64-linux", "label": "Linux amd64 binary" }, + { "path": "build/bin/production-readiness-386-linux", "label": "Linux 386 binary" }, ] } ] diff --git a/Makefile b/Makefile index c5f392c..2eacddb 100644 --- a/Makefile +++ b/Makefile @@ -55,16 +55,18 @@ test: .PHONY: build build: check test @echo "== build" - GOOS=$(GOOS) GOARCH=$(GOARCH) go build -o $(buildDir)/bin/production-readiness -v github.com/coreeng/production-readiness/production-readiness/cmd + GOOS=$(GOOS) GOARCH=$(GOARCH) go build -o $(buildDir)/bin/production-readiness -v github.com/coreeng/production-readiness/production-readiness/cmd .PHONY: build-other-platforms build-other-platforms: @echo "== build for other platforms" - GOOS=windows GOARCH=amd64 go build -o $(buildDir)/bin/production-readiness-amd64.exe -v github.com/coreeng/production-readiness/production-readiness/cmd - GOOS=windows GOARCH=386 go build -o $(buildDir)/bin/production-readiness-386.exe -v github.com/coreeng/production-readiness/production-readiness/cmd - GOOS=darwin GOARCH=amd64 go build -o $(buildDir)/bin/production-readiness-amd64-darwin -v github.com/coreeng/production-readiness/production-readiness/cmd - GOOS=linux GOARCH=amd64 go build -o $(buildDir)/bin/production-readiness-amd64-linux -v github.com/coreeng/production-readiness/production-readiness/cmd - GOOS=linux GOARCH=386 go build -o $(buildDir)/bin/production-readiness-386-linux -v github.com/coreeng/production-readiness/production-readiness/cmd + GOOS=windows GOARCH=amd64 go build -o $(buildDir)/bin/production-readiness-amd64.exe -v github.com/coreeng/production-readiness/production-readiness/cmd + GOOS=windows GOARCH=386 go build -o $(buildDir)/bin/production-readiness-386.exe -v github.com/coreeng/production-readiness/production-readiness/cmd + GOOS=darwin GOARCH=amd64 go build -o $(buildDir)/bin/production-readiness-amd64-darwin -v github.com/coreeng/production-readiness/production-readiness/cmd + GOOS=linux GOARCH=amd64 go build -o $(buildDir)/bin/production-readiness-amd64-linux -v github.com/coreeng/production-readiness/production-readiness/cmd + GOOS=linux GOARCH=386 go build -o $(buildDir)/bin/production-readiness-386-linux -v github.com/coreeng/production-readiness/production-readiness/cmd + @echo "== finished building all distros" + ls -ltr $(buildDir)/bin/ .PHONY: install install: build diff --git a/README.md b/README.md index 31709c0..cbf80fc 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,7 @@ Use it to identify security vulnerabilities in your cluster and container images To prepare your environment you must install [trivy](https://github.com/aquasecurity/trivy) and `docker` as the image scan utility require both command line tools. -We use [nix](https://nixos.org/download.html) to make it easier to install the required tools -and provide a reproducible dev environment. -To use nix, install it and run `nix-shell` from the project directory. +Then download the `production-readiness` tool from the [releases](https://github.com/coreeng/prod-readiness/releases) area. ## Cluster scan @@ -92,6 +90,8 @@ Optional parameter `--benchmarks k8s-cis,k8s-nsa,k8s-pss-restricted` can be used ## Roadmap -- use trivy library rather than the command line (to prevent: "trivy": executable file not found in $PATH ) -- use docker library rather than the command line (to prevent: "docker": executable file not found in $PATH ) -- release a versioning image, rather than requesting users to build it +- Use trivy library rather than the command line (to prevent: "trivy": executable file not found in $PATH ) - see [#17](https://github.com/coreeng/prod-readiness/issues/17) +- Use docker library rather than the command line (to prevent: "docker": executable file not found in $PATH ) - see [#17](https://github.com/coreeng/prod-readiness/issues/17) +- Run CIS benchmark with limited permissions - see [#18](https://github.com/coreeng/prod-readiness/issues/18) +- Improve CIS benchmark report - see [#14](https://github.com/coreeng/prod-readiness/issues/14) +- Run cloud provider specific CIS benchmark - see [#21](https://github.com/coreeng/prod-readiness/issues/21)