diff --git a/cmd/list/list.go b/cmd/list/list.go
index 52f096c6..3f00ae99 100644
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -26,7 +26,7 @@ var (
%[1]s list controls
Control documentation:
- https://hub.armosec.io/docs/controls
+ https://kubescape.io/docs/controls/
`, cautils.ExecName())
)
diff --git a/cmd/root.go b/cmd/root.go
index 814352a1..cb8bef5f 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -53,7 +53,7 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
rootCmd := &cobra.Command{
Use: "kubescape",
- Short: "Kubescape is a tool for testing Kubernetes security posture. Docs: https://hub.armosec.io/docs",
+ Short: "Kubescape is a tool for testing Kubernetes security posture. Docs: https://kubescape.io/docs/",
Example: ksExamples,
PersistentPreRun: func(cmd *cobra.Command, args []string) {
k8sinterface.SetClusterContextName(rootInfo.KubeContext)
diff --git a/cmd/scan/control.go b/cmd/scan/control.go
index 2e25e895..49b9afca 100644
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -29,7 +29,7 @@ var (
Run '%[1]s list controls' for the list of supported controls
Control documentation:
- https://hub.armosec.io/docs/controls
+ https://kubescape.io/docs/controls/
`, cautils.ExecName())
)
diff --git a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go
index 988f0f55..8fd6d352 100644
--- a/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go
+++ b/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/categorytable.go
@@ -11,7 +11,7 @@ import (
)
const (
- docsPrefix = "https://hub.armosec.io/docs"
+ docsPrefix = "https://kubescape.io/docs/"
scanControlPrefix = "$ kubescape scan control"
controlNameHeader = "Control name"
statusHeader = ""
diff --git a/docs/getting-started.md b/docs/getting-started.md
index da748548..33ea9643 100644
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -28,15 +28,15 @@ Kubescape security posture overview for cluster: minikube
In this overview, Kubescape shows you a summary of your cluster security posture, including the number of users who can perform administrative actions. For each result greater than 0, you should evaluate its need, and then define an exception to allow it. This baseline can be used to detect drift in future.
Control plane
-┌────┬─────────────────────────────────────┬────────────────────────────────────┐
-│ │ Control Name │ Docs │
-├────┼─────────────────────────────────────┼────────────────────────────────────┤
-│ ✅ │ API server insecure port is enabled │ https://hub.armosec.io/docs/c-0005 │
-│ ❌ │ Anonymous access enabled │ https://hub.armosec.io/docs/c-0262 │
-│ ❌ │ Audit logs enabled │ https://hub.armosec.io/docs/c-0067 │
-│ ✅ │ RBAC enabled │ https://hub.armosec.io/docs/c-0088 │
-│ ❌ │ Secret/etcd encryption enabled │ https://hub.armosec.io/docs/c-0066 │
-└────┴─────────────────────────────────────┴────────────────────────────────────┘
+┌────┬─────────────────────────────────────┬──────────────────────────────────────────────┐
+│ │ Control Name │ Docs │
+├────┼─────────────────────────────────────┼──────────────────────────────────────────────┤
+│ ✅ │ API server insecure port is enabled │ https://kubescape.io/docs/controls/c-0005/ │
+│ ❌ │ Anonymous access enabled │ https://kubescape.io/docs/controls/c-0262/ │
+│ ❌ │ Audit logs enabled │ https://kubescape.io/docs/controls/c-0067/ │
+│ ✅ │ RBAC enabled │ https://kubescape.io/docs/controls/c-0088/ │
+│ ❌ │ Secret/etcd encryption enabled │ https://kubescape.io/docs/controls/c-0066/ │
+└────┴─────────────────────────────────────┴──────────────────────────────────────────────┘
Access control
┌─────────────────────────────────────────────────┬───────────┬────────────────────────────────────┐
@@ -144,7 +144,7 @@ kubescape scan framework mitre
```
#### Scan a control
-Scan for a specific control, using the control name or control ID. [See the list of controls](https://hub.armosec.io/docs/controls?utm_source=github&utm_medium=repository).
+Scan for a specific control, using the control name or control ID. [See the list of controls](https://kubescape.io/docs/controls/).
```bash
kubescape scan control c-0005 -v
@@ -331,7 +331,7 @@ kubescape scan image nginx:1.19.6 -v
### Scan periodically using Helm
-We publish [a Helm chart](https://github.com/kubescape/helm-charts) for our in-cluster components. [Please follow the instructions here](https://hub.armosec.io/docs/installation-of-armo-in-cluster?utm_source=github&utm_medium=repository)
+We publish [a Helm chart](https://github.com/kubescape/helm-charts) for our in-cluster components. [Please follow the instructions here](https://kubescape.io/docs/install-operator/)
### VS Code Extension
diff --git a/examples/output_mocks/html-format.html b/examples/output_mocks/html-format.html
index af1c5fda..15b2b01d 100644
--- a/examples/output_mocks/html-format.html
+++ b/examples/output_mocks/html-format.html
@@ -708,14 +708,14 @@
| Low |
Network mapping |
- C-0049 |
+ C-0049 |
|
| Medium |
Cluster internal networking |
- C-0054 |
+ C-0054 |
|
@@ -742,77 +742,77 @@
| Medium |
Allow privilege escalation |
- C-0016 |
+ C-0016 |
spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Ingress and Egress blocked |
- C-0030 |
+ C-0030 |
|
| High |
Resource limits |
- C-0009 |
+ C-0009 |
spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE |
| Low |
Configured readiness probe |
- C-0018 |
+ C-0018 |
spec.template.spec.containers[0].readinessProbe=YOUR_VALUE |
| Medium |
Non-root containers |
- C-0013 |
+ C-0013 |
spec.template.spec.containers[0].securityContext.runAsNonRoot=true spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Automatic mapping of service account |
- C-0034 |
+ C-0034 |
spec.template.spec.automountServiceAccountToken=false |
| Medium |
Linux hardening |
- C-0055 |
+ C-0055 |
spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE |
| Medium |
Configured liveness probe |
- C-0056 |
+ C-0056 |
spec.template.spec.containers[0].livenessProbe=YOUR_VALUE |
| Low |
K8s common labels usage |
- C-0077 |
+ C-0077 |
metadata.labels=YOUR_VALUE spec.template.metadata.labels=YOUR_VALUE |
| Low |
Pods in default namespace |
- C-0061 |
+ C-0061 |
metadata.namespace |
| Low |
Immutable container filesystem |
- C-0017 |
+ C-0017 |
spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true |
@@ -839,7 +839,7 @@
| Medium |
Access container service account |
- C-0053 |
+ C-0053 |
|
@@ -866,7 +866,7 @@
| Medium |
Automatic mapping of service account |
- C-0034 |
+ C-0034 |
automountServiceAccountToken=false |
@@ -893,77 +893,77 @@
| Medium |
Allow privilege escalation |
- C-0016 |
+ C-0016 |
spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Ingress and Egress blocked |
- C-0030 |
+ C-0030 |
|
| High |
Resource limits |
- C-0009 |
+ C-0009 |
spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE |
| Low |
Configured readiness probe |
- C-0018 |
+ C-0018 |
spec.template.spec.containers[0].readinessProbe=YOUR_VALUE |
| Medium |
Non-root containers |
- C-0013 |
+ C-0013 |
spec.template.spec.containers[0].securityContext.runAsNonRoot=true spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Automatic mapping of service account |
- C-0034 |
+ C-0034 |
spec.template.spec.automountServiceAccountToken=false |
| Medium |
Linux hardening |
- C-0055 |
+ C-0055 |
spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE |
| Medium |
Configured liveness probe |
- C-0056 |
+ C-0056 |
spec.template.spec.containers[0].livenessProbe=YOUR_VALUE |
| Low |
K8s common labels usage |
- C-0077 |
+ C-0077 |
metadata.labels=YOUR_VALUE spec.template.metadata.labels=YOUR_VALUE |
| Low |
Pods in default namespace |
- C-0061 |
+ C-0061 |
metadata.namespace |
| Low |
Immutable container filesystem |
- C-0017 |
+ C-0017 |
spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true |
@@ -990,21 +990,21 @@
| Medium |
Audit logs enabled |
- C-0067 |
+ C-0067 |
spec.containers[0].command |
| Low |
PSP enabled |
- C-0068 |
+ C-0068 |
spec.containers[0].command[5] |
| Medium |
Secret/ETCD encryption enabled |
- C-0066 |
+ C-0066 |
spec.containers[0].command |
@@ -1031,14 +1031,14 @@
| Medium |
Data Destruction |
- C-0007 |
+ C-0007 |
relatedObjects[1].rules[1].resources[1] relatedObjects[1].rules[1].verbs[0] relatedObjects[1].rules[1].apiGroups[0] relatedObjects[1].rules[1].apiGroups[1] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name |
| High |
List Kubernetes secrets |
- C-0015 |
+ C-0015 |
relatedObjects[1].rules[0].resources[0] relatedObjects[1].rules[0].verbs[0] relatedObjects[1].rules[0].verbs[1] relatedObjects[1].rules[0].verbs[3] relatedObjects[1].rules[0].apiGroups[0] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name |
@@ -1065,7 +1065,7 @@
| Medium |
Automatic mapping of service account |
- C-0034 |
+ C-0034 |
automountServiceAccountToken=false |
@@ -1092,56 +1092,56 @@
| Medium |
Ingress and Egress blocked |
- C-0030 |
+ C-0030 |
|
| High |
Resource limits |
- C-0009 |
+ C-0009 |
spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE |
| Low |
Configured readiness probe |
- C-0018 |
+ C-0018 |
spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE |
| Low |
Kubernetes CronJob |
- C-0026 |
+ C-0026 |
|
| Low |
Label usage for resources |
- C-0076 |
+ C-0076 |
spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE |
| Medium |
Linux hardening |
- C-0055 |
+ C-0055 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE |
| Medium |
Configured liveness probe |
- C-0056 |
+ C-0056 |
spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE |
| Low |
K8s common labels usage |
- C-0077 |
+ C-0077 |
metadata.labels=YOUR_VALUE spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE |
@@ -1168,63 +1168,63 @@
| Medium |
Allow privilege escalation |
- C-0016 |
+ C-0016 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Ingress and Egress blocked |
- C-0030 |
+ C-0030 |
|
| High |
Resource limits |
- C-0009 |
+ C-0009 |
spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE |
| Low |
Configured readiness probe |
- C-0018 |
+ C-0018 |
spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE |
| Low |
Kubernetes CronJob |
- C-0026 |
+ C-0026 |
|
| Medium |
Non-root containers |
- C-0013 |
+ C-0013 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsNonRoot=true spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Linux hardening |
- C-0055 |
+ C-0055 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE |
| Medium |
Configured liveness probe |
- C-0056 |
+ C-0056 |
spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE |
| Low |
Immutable container filesystem |
- C-0017 |
+ C-0017 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true |
@@ -1251,21 +1251,21 @@
| Medium |
Data Destruction |
- C-0007 |
+ C-0007 |
relatedObjects[1].rules[1].resources[0] relatedObjects[1].rules[1].verbs[0] relatedObjects[1].rules[1].apiGroups[0] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name relatedObjects[1].rules[2].resources[1] relatedObjects[1].rules[2].verbs[0] relatedObjects[1].rules[2].apiGroups[0] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name |
| Medium |
CoreDNS poisoning |
- C-0037 |
+ C-0037 |
relatedObjects[1].rules[2].resources[0] relatedObjects[1].rules[2].verbs[0] relatedObjects[1].rules[2].apiGroups[0] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name |
| High |
List Kubernetes secrets |
- C-0015 |
+ C-0015 |
relatedObjects[1].rules[0].resources[0] relatedObjects[1].rules[0].verbs[0] relatedObjects[1].rules[0].verbs[1] relatedObjects[1].rules[0].apiGroups[0] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name relatedObjects[1].rules[2].resources[1] relatedObjects[1].rules[2].verbs[0] relatedObjects[1].rules[2].apiGroups[0] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name |
@@ -1292,56 +1292,56 @@
| Medium |
Ingress and Egress blocked |
- C-0030 |
+ C-0030 |
|
| High |
Resource limits |
- C-0009 |
+ C-0009 |
spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE |
| Low |
Configured readiness probe |
- C-0018 |
+ C-0018 |
spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE |
| Low |
Kubernetes CronJob |
- C-0026 |
+ C-0026 |
|
| Low |
Label usage for resources |
- C-0076 |
+ C-0076 |
spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE |
| Medium |
Linux hardening |
- C-0055 |
+ C-0055 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE |
| Medium |
Configured liveness probe |
- C-0056 |
+ C-0056 |
spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE |
| Low |
K8s common labels usage |
- C-0077 |
+ C-0077 |
metadata.labels=YOUR_VALUE spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE |
@@ -1368,56 +1368,56 @@
| Medium |
Ingress and Egress blocked |
- C-0030 |
+ C-0030 |
|
| High |
Resource limits |
- C-0009 |
+ C-0009 |
spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE |
| Low |
Configured readiness probe |
- C-0018 |
+ C-0018 |
spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE |
| Low |
Kubernetes CronJob |
- C-0026 |
+ C-0026 |
|
| Low |
Label usage for resources |
- C-0076 |
+ C-0076 |
spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE |
| Medium |
Linux hardening |
- C-0055 |
+ C-0055 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE |
| Medium |
Configured liveness probe |
- C-0056 |
+ C-0056 |
spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE |
| Low |
K8s common labels usage |
- C-0077 |
+ C-0077 |
metadata.labels=YOUR_VALUE spec.jobTemplate.spec.template.metadata.labels=YOUR_VALUE |
@@ -1444,7 +1444,7 @@
| High |
List Kubernetes secrets |
- C-0015 |
+ C-0015 |
relatedObjects[1].rules[0].resources[0] relatedObjects[1].rules[0].verbs[0] relatedObjects[1].rules[0].verbs[1] relatedObjects[1].rules[0].verbs[2] relatedObjects[1].rules[0].apiGroups[0] relatedObjects[0].subjects[0] relatedObjects[0].roleRef.name |
@@ -1471,63 +1471,63 @@
| Medium |
Allow privilege escalation |
- C-0016 |
+ C-0016 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Ingress and Egress blocked |
- C-0030 |
+ C-0030 |
|
| High |
Resource limits |
- C-0009 |
+ C-0009 |
spec.jobTemplate.spec.template.spec.containers[0].resources.limits.cpu=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].resources.limits.memory=YOUR_VALUE |
| Low |
Configured readiness probe |
- C-0018 |
+ C-0018 |
spec.jobTemplate.spec.template.spec.containers[0].readinessProbe=YOUR_VALUE |
| Low |
Kubernetes CronJob |
- C-0026 |
+ C-0026 |
|
| Medium |
Non-root containers |
- C-0013 |
+ C-0013 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsNonRoot=true spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation=false |
| Medium |
Linux hardening |
- C-0055 |
+ C-0055 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.seccompProfile=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.seLinuxOptions=YOUR_VALUE spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities.drop[0]=YOUR_VALUE |
| Medium |
Configured liveness probe |
- C-0056 |
+ C-0056 |
spec.jobTemplate.spec.template.spec.containers[0].livenessProbe=YOUR_VALUE |
| Low |
Immutable container filesystem |
- C-0017 |
+ C-0017 |
spec.jobTemplate.spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem=true |