Skip to content

Add support for version V2R5 of the DISA STIG ruleset#681

Open
georgibaltiev wants to merge 4 commits intogardener:mainfrom
georgibaltiev:add/support-for-version-v2r5
Open

Add support for version V2R5 of the DISA STIG ruleset#681
georgibaltiev wants to merge 4 commits intogardener:mainfrom
georgibaltiev:add/support-for-version-v2r5

Conversation

@georgibaltiev
Copy link
Contributor

@georgibaltiev georgibaltiev commented Feb 3, 2026
edited
Loading

How to categorize this PR?

/kind enhancement

What this PR does / why we need it:
This PR adds support for version V2R5 (download link) of the DISA STIG ruleset. There are only 2 minor differences compared to version V2R4, considering the deprecation of the following two rules: [242386 and 242388].

The deprecation of the two rules can be checked via the revision history file (./U_Kubernetes_V2R5_Revision_History.pdf'):

- CNTR-K8-000320, CNTR-K8-000340 -
Deleted requirement. Insecure-port and
insecure-bind-address flags were fully
removed and no longer exist.
- Rule numbers updated throughout due to
changes in content management system.

Since Diki supports at most two versions of a ruleset simultaneously, support for version V2R3 is dropped with this PR as well.

Which issue(s) this PR fixes:
Fixes #680

Special notes for your reviewer:
The documentation still advises the users to use version V2R4 if they run Diki via the CLI. An additional PR bumping the documentation will be added once we do a release containing the support for V2R5.

Release note:

Diki no longer supports version V2R3 of the DISA STIG ruleset.

Diki now supports version V2R5 of the DISA STIG ruleset.

@georgibaltiev georgibaltiev requested a review from a team as a code owner February 3, 2026 15:34
@gardener-prow gardener-prow bot added the kind/enhancement Enhancement, improvement, extension label Feb 3, 2026
@gardener-prow
Copy link

gardener-prow bot commented Feb 3, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign dimityrmirchev for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@gardener-prow gardener-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. labels Feb 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

cla: yes Indicates the PR's author has signed the cla-assistant.io CLA. kind/enhancement Enhancement, improvement, extension size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support V2R5 of the DISA STIG ruleset

1 participant

@georgibaltiev