aquasecurity · danielpacak · Oct 28, 2021 · Oct 28, 2021 · Oct 28, 2021
diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml
@@ -147,7 +147,7 @@ trivy:
   # serverCustomHeaders: "foo=bar"
 
 kubeBench:
-  imageRef: docker.io/aquasec/kube-bench:0.6.3
+  imageRef: docker.io/aquasec/kube-bench:v0.6.5
 
 polaris:
   imageRef: quay.io/fairwinds/polaris:4.2

diff --git a/deploy/static/03-starboard-operator.config.yaml b/deploy/static/03-starboard-operator.config.yaml
@@ -9,7 +9,7 @@ metadata:
 data:
   vulnerabilityReports.scanner: Trivy
   configAuditReports.scanner: Polaris
-  kube-bench.imageRef: docker.io/aquasec/kube-bench:0.6.3
+  kube-bench.imageRef: docker.io/aquasec/kube-bench:v0.6.5
 ---
 apiVersion: v1
 kind: Secret

diff --git a/docs/settings.md b/docs/settings.md
@@ -55,7 +55,7 @@ configuration settings for common use cases. For example, switch Trivy from
 | `configAuditReports.scanner`   | `Polaris`                             | The name of the plugin that generates config audit reports. Either `Polaris` or `Conftest`. |
 | `scanJob.tolerations`          | N/A                                   | JSON representation of the [tolerations] to be applied to the scanner pods so that they can run on nodes with matching taints. Example: `'[{"key":"key1", "operator":"Equal", "value":"value1", "effect":"NoSchedule"}]'` |
 | `scanJob.annotations`          | N/A                                   | One-line comma-separated representation of the annotations which the user wants the scanner pods to be annotated with. Example: `foo=bar,env=stage` will annotate the scanner pods with the annotations `foo: bar` and `env: stage` |
-| `kube-bench.imageRef`          | `docker.io/aquasec/kube-bench:0.6.3`  | kube-bench image reference |
+| `kube-bench.imageRef`          | `docker.io/aquasec/kube-bench:v0.6.5`  | kube-bench image reference |
 | `kube-hunter.imageRef`         | `docker.io/aquasec/kube-hunter:0.6.3` | kube-hunter image reference |
 | `kube-hunter.quick`            | `"false"`                             | Whether to use kube-hunter's "quick" scanning mode (subnet 24). Set to `"true"` to enable. |
 

diff --git a/itest/starboard/starboard_cli_test.go b/itest/starboard/starboard_cli_test.go
@@ -1149,7 +1149,7 @@ var _ = Describe("Starboard CLI", func() {
 						"Scanner": Equal(v1alpha1.Scanner{
 							Name:    "kube-bench",
 							Vendor:  "Aqua Security",
-							Version: "0.6.3",
+							Version: "v0.6.5",
 						}),
 					}),
 				}))

diff --git a/pkg/kubebench/scanner_test.go b/pkg/kubebench/scanner_test.go
@@ -26,7 +26,7 @@ var (
 
 func TestKubeBenchPlugin_GetScanJobSpec(t *testing.T) {
 	config := starboard.ConfigData{
-		"kube-bench.imageRef": "docker.io/aquasec/kube-bench:0.6.3",
+		"kube-bench.imageRef": "docker.io/aquasec/kube-bench:v0.6.5",
 	}
 	node := corev1.Node{
 		ObjectMeta: metav1.ObjectMeta{
@@ -96,7 +96,7 @@ func TestKubeBenchPlugin_GetScanJobSpec(t *testing.T) {
 		Containers: []corev1.Container{
 			{
 				Name:                     "kube-bench",
-				Image:                    "docker.io/aquasec/kube-bench:0.6.3",
+				Image:                    "docker.io/aquasec/kube-bench:v0.6.5",
 				ImagePullPolicy:          corev1.PullIfNotPresent,
 				TerminationMessagePolicy: corev1.TerminationMessageFallbackToLogsOnError,
 				Command:                  []string{"sh"},

diff --git a/pkg/starboard/config.go b/pkg/starboard/config.go
@@ -76,7 +76,7 @@ func GetDefaultConfig() ConfigData {
 		keyVulnerabilityReportsScanner: string(Trivy),
 		keyConfigAuditReportsScanner:   string(Polaris),
 
-		"kube-bench.imageRef":  "docker.io/aquasec/kube-bench:0.6.3",
+		"kube-bench.imageRef":  "docker.io/aquasec/kube-bench:v0.6.5",
 		"kube-hunter.imageRef": "docker.io/aquasec/kube-hunter:0.6.3",
 		"kube-hunter.quick":    "false",
 	}