From adc8a16e85da9a2e1a01ed8cc965d0820c580316 Mon Sep 17 00:00:00 2001 From: Rohit Patil <71687498+falconcode16@users.noreply.github.com> Date: Sun, 3 Apr 2022 10:40:56 +0530 Subject: [PATCH 1/2] Improved grammatical mistakes and typos --- docs/roadmap.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/docs/roadmap.md b/docs/roadmap.md index f5e46db4..144a462c 100644 --- a/docs/roadmap.md +++ b/docs/roadmap.md @@ -5,33 +5,33 @@ Kubescape roadmap items are labeled based on where the feature is used and by their maturity. The features serve different stages of the workflow of the users: -* **Development phase** (writing Kubernetes manifests) - example: VS Code extension is used while editing YAMLs +* **Development phase** (writing Kubernetes manifests) - example: The VS Code extension is used while editing YAMLs. * **CI phase** (integrating manifests to GIT repo) - example: GitHub action validating HELM charts on PRs -* **CD phase** (deploying applications in Kubernetes) - example: running cluster scan after a new deployment -* **Monitoring phase** (scanning application in Kubernetes) - example: Prometheus scraping the cluster security risk +* **CD phase** (deploying applications in Kubernetes) - example: running a cluster scan after a new deployment +* **Monitoring phase** (scanning application in Kubernetes) - example: Prometheus scraping the cluster security risk -The items in Kubescape roadmap are split to 3 major groups based on the feature planning maturity: +The items in the Kubescape roadmap are split into 3 major groups based on the feature planning maturity: -* [Planning](#planning) - we have tickets open for these issues with more or less clear vision of design -* [Backlog](#backlog) - feature which were discussed at a high level but are not ready for development -* [Wishlist](#wishlist) - features we are dreaming of 😀 and want to push them gradually forward +* [Planning](#planning) - we have tickets open for these issues with a more or less clear vision of design. +* [Backlog](#backlog) - features that were discussed at a high level but are not ready for development +* [Wishlist](#wishlist) - features we are dreaming of in 😀 and want to push them gradually forward ## Planning 👷 * ##### Integration with image registries - We want to expand Kubescape to integrate with differnet image registries and read image vulnerability information from there. This will allow Kubescape to give contextual security information about vulnerabilities [Container registry integration](/docs/proposals/container-image-vulnerability-adaptor.md) + We want to expand Kubescape to integrate with different image registries and read image vulnerability information from there. This will allow Kubescape to give contextual security information about vulnerabilities. Container registry integration * ##### Kubescape as a microservice - Create a REST API for Kubescape so it can run constantly in a cluster and other components like Prometheus can scrape results + Create a REST API for Kubescape so it can constantly run in a cluster, and other components like Prometheus can scrape results. * ##### Kubescape CLI control over cluster operations - Add functionality to Kubescape CLI to trigger operations in Kubescape cluster components (example: trigger images scans and etc.) + Add functionality to Kubescape CLI to trigger operations in Kubescape cluster components (example: trigger image scans, etc.) * ##### Produce md/HTML reports - Create scan reports for different output formats + Create scan reports for different output formats. * ##### Git integration for pull requests Create insightful GitHub actions for Kubescape ## Backlog 📅 * ##### JSON path for HELM charts - Today Kubescape can point to issues in the Kubernetes object, we want to develop this feature so Kubescape will be able to point to the misconfigured source file (HELM) + Today, Kubescape can point to issues in the Kubernetes object. We want to develop this feature so Kubescape will be able to point to the misconfigured source file (HELM). * ##### Create Kubescape HELM plugin * ##### Kubescape based admission controller Implement admission controller API for Kubescape microservice to enable users to use Kubescape rules as policies From da9d98134ace94140ec5049a6b63005614c3066e Mon Sep 17 00:00:00 2001 From: Lucifergene Date: Mon, 4 Apr 2022 03:46:05 +0530 Subject: [PATCH 2/2] Added Severity Column with colored text --- .../printer/v2/controltable.go | 27 ++++++++++++++++++- .../printer/v2/prettyprinter.go | 1 + 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/core/pkg/resultshandling/printer/v2/controltable.go b/core/pkg/resultshandling/printer/v2/controltable.go index 67f9d1c5..704a1c62 100644 --- a/core/pkg/resultshandling/printer/v2/controltable.go +++ b/core/pkg/resultshandling/printer/v2/controltable.go @@ -4,7 +4,9 @@ import ( "fmt" "sort" + "github.com/armosec/opa-utils/reporthandling/apis" "github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary" + "github.com/fatih/color" ) func generateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfoMap map[string]string) []string { @@ -13,6 +15,14 @@ func generateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfoMa row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().Excluded())) row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().All())) + if controlSummary.GetStatus().IsPassed() { + row = append(row, color.CyanString("Passed")) + } else if controlSummary.GetStatus().IsSkipped() { + row = append(row, "skipped") + } else { + row = append(row, setColor(apis.ControlSeverityToString(controlSummary.GetScoreFactor()))) + } + if !controlSummary.GetStatus().IsSkipped() { row = append(row, fmt.Sprintf("%d", int(controlSummary.GetScore()))+"%") row = append(row, "") @@ -27,6 +37,21 @@ func generateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfoMa return row } +func setColor(controlSeverity string) string { + switch controlSeverity { + case "Critical": + return color.New(color.FgRed, color.Bold).Add(color.Underline).SprintFunc()(controlSeverity) + case "High": + return color.New(color.FgRed, color.Bold).SprintFunc()(controlSeverity) + case "Medium": + return color.New(color.FgYellow, color.Bold).SprintFunc()(controlSeverity) + case "Low": + return color.New(color.FgGreen, color.Bold).SprintFunc()(controlSeverity) + default: + return color.New(color.FgBlue, color.Bold).SprintFunc()(controlSeverity) + } +} + func getSortedControlsNames(controls reportsummary.ControlSummaries) []string { controlNames := make([]string, 0, len(controls)) for k := range controls { @@ -38,5 +63,5 @@ func getSortedControlsNames(controls reportsummary.ControlSummaries) []string { } func getControlTableHeaders() []string { - return []string{"CONTROL NAME", "FAILED RESOURCES", "EXCLUDED RESOURCES", "ALL RESOURCES", "% RISK-SCORE", "INFO"} + return []string{"CONTROL NAME", "FAILED RESOURCES", "EXCLUDED RESOURCES", "ALL RESOURCES", "SEVERITY", "% RISK-SCORE", "INFO"} } diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter.go b/core/pkg/resultshandling/printer/v2/prettyprinter.go index 4cc3daef..227af51b 100644 --- a/core/pkg/resultshandling/printer/v2/prettyprinter.go +++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go @@ -172,6 +172,7 @@ func generateFooter(summaryDetails *reportsummary.SummaryDetails) []string { row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().Failed())) row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().Excluded())) row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().All())) + row = append(row, " ") row = append(row, fmt.Sprintf("%.2f%s", summaryDetails.Score, "%")) row = append(row, " ")