From 6d65a90de9c96192d73ac1bfbe6a78b6c3daea99 Mon Sep 17 00:00:00 2001 From: David Wertenteil Date: Sun, 4 Sep 2022 14:50:22 +0300 Subject: [PATCH] Merging typo fixes from master (#772) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * greetings * Update aws.sh simplified the comment * typo: In the title and h1 element Their was a typo in index.html file. * punctuation changes * docs : added gitpod badge in readme.md * fixed typos * ƒ some grammar mistake is corrected inPULL_REQUEST_TEMPLATE.md file * Updated README.md file Added link to CONTRIBUTING.md file in a line in README. * Added link to code of conduct file I have added link to the code of conduct file and fixed some problems in the Readme file. * Fixed readme * Added alpine tag Adding alpine tag instead of latest and removing repeating commands * roadmap.md file is modified * Automatically Close "Typo" labelled Issue * build.py is modified * modified PR template * Fixed some typos in feature_request.md "." at the end of the headings were missing and all the text were in same line. Now this gives a clear and concise view of the texts. * fixed the typo in docs/index.html Found and fixed typo in the 'alt' attribute of img tag * Update PULL_REQUEST_TEMPLATE.md Co-authored-by: Krishna Agarwal Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com> Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com> Co-authored-by: deepuyadav004 Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com> Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com> Co-authored-by: pwnb0y Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com> Co-authored-by: Saptarshi Sarkar Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com> Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com> Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com> Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com> Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com> --- .github/ISSUE_TEMPLATE/feature_request.md | 17 +++++++------- .github/PULL_REQUEST_TEMPLATE.md | 8 +++++-- .github/workflows/close-typos-issues.yaml | 21 +++++++++++------- .github/workflows/community.yml | 22 +++++++++++++++++++ README.md | 11 ++++++---- build.py | 2 +- build/Dockerfile | 5 ++--- docs/index.html | 4 ++-- .../container-image-vulnerability-adaptor.md | 4 ++-- docs/roadmap.md | 4 ++-- examples/cloud-vendor-integration/aws.sh | 2 +- website/index.html | 6 ++--- 12 files changed, 69 insertions(+), 37 deletions(-) create mode 100644 .github/workflows/community.yml diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md index bbcbbe7d..a1a4f3e1 100644 --- a/.github/ISSUE_TEMPLATE/feature_request.md +++ b/.github/ISSUE_TEMPLATE/feature_request.md @@ -6,15 +6,14 @@ labels: '' assignees: '' --- +**Is your feature request related to a problem? Please describe.**
+ > A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -**Is your feature request related to a problem? Please describe.** -A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] +**Describe the solution you'd like.**
+ > A clear and concise description of what you want to happen. -**Describe the solution you'd like** -A clear and concise description of what you want to happen. +**Describe alternatives you've considered.**
+ > A clear and concise description of any alternative solutions or features you've considered. -**Describe alternatives you've considered** -A clear and concise description of any alternative solutions or features you've considered. - -**Additional context** -Add any other context or screenshots about the feature request here. +**Additional context.**
+ > Add any other context or screenshots about the feature request here. diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index b2d8493c..3e3ec6b2 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -2,11 +2,15 @@ ## Screenshots - If Any (Optional) -## Issue ticket number and link +## This PR fixes: + +* Resolved # ## Checklist before requesting a review + + - [ ] My code follows the style guidelines of this project -- [ ] I have commented my code, particularly in hard-to-understand areas +- [ ] I have commented on my code, particularly in hard-to-understand areas - [ ] I have performed a self-review of my code - [ ] If it is a core feature, I have added thorough tests. - [ ] New and existing unit tests pass locally with my changes diff --git a/.github/workflows/close-typos-issues.yaml b/.github/workflows/close-typos-issues.yaml index 46b3275b..e12c3fb4 100644 --- a/.github/workflows/close-typos-issues.yaml +++ b/.github/workflows/close-typos-issues.yaml @@ -3,16 +3,21 @@ on: types: [opened, labeled] jobs: - build: - if: ${{ github.event.label.name == 'typo' }} + open_PR_message: + if: github.event.label.name == 'typo' runs-on: ubuntu-latest + steps: + - uses: ben-z/actions-comment-on-issue@1.0.2 + with: + message: "Hello! :wave:\n\nThis issue is being automatically closed, Please open a PR with a relevant fix." + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + + auto_close_issues: runs-on: ubuntu-latest steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Automatically close typo issues - uses: lucasbento/auto-close-issues@v1.0.2 + - uses: lee-dohm/close-matching-issues@v2 with: - github-token: ${{ secrets.GITHUB_TOKEN }} - issue-close-message: "@${issue.user.login}: Hello! :wave:\n\nThis issue is being automatically closed, Please open a PR with a relevant fix." + query: 'label:typo' + token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/community.yml b/.github/workflows/community.yml new file mode 100644 index 00000000..1d88e1bc --- /dev/null +++ b/.github/workflows/community.yml @@ -0,0 +1,22 @@ +on: + fork: + issues: + types: [opened] + issue_comment: + types: [created] + pull_request_target: + types: [opened] + pull_request_review_comment: + types: [created] + +jobs: + welcome: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v1 + - uses: EddieHubCommunity/gh-action-community/src/welcome@main + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + issue-message: '

Hey, Welcome to this repo, Congratulations on opening your issue. Keep Contributing to Kubescape

' + pr-message: '

Hey, Welcome to this repo, Congratulations on opening your Pull Request. Keep Contributing to Kubescape

' + footer: '

We''ll try to review and add you work as soon as possible and a maintainer will get back to you soon!

' diff --git a/README.md b/README.md index e423f879..d6950498 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ [![build](https://github.com/kubescape/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/kubescape/kubescape/actions/workflows/build.yaml) [![Go Report Card](https://goreportcard.com/badge/github.com/kubescape/kubescape)](https://goreportcard.com/report/github.com/kubescape/kubescape) +[![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-Ready--to--Code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/kubescape/kubescape) :sunglasses: [Want to contribute?](#being-a-part-of-the-team) :innocent: @@ -58,10 +59,10 @@ kubescape scan --submit --enable-host-scan --verbose We invite you to our team! We are excited about this project and want to return the love we get. -Want to contribute? Want to discuss something? Have an issue? +[Want to contribute?](https://github.com/kubescape/kubescape/blob/master/CONTRIBUTING.md) Want to discuss something? Have an issue? Please make sure that you follow our [Code Of Conduct](https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md) . * Feel free to pick a task from the [issues](https://github.com/kubescape/kubescape/issues?q=is%3Aissue+is%3Aopen+label%3A%22open+for+contribution%22), [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) -* Open an issue, we are trying to respond within 48 hours +* [Open an issue](https://github.com/kubescape/kubescape/issues/new/choose) , we are trying to respond within 48 hours * [Join us](https://discord.com/invite/WKZRaCtBxN) in the discussion on our discord server! [logo](https://discord.com/invite/WKZRaCtBxN) @@ -83,7 +84,9 @@ Want to contribute? Want to discuss something? Have an issue? * [Scan Kubescape on an air-gapped environment (offline support)](https://youtu.be/IGXL9s37smM) * [Managing exceptions in the Kubescape SaaS version](https://youtu.be/OzpvxGmCR80) * [Configure and run customized frameworks](https://youtu.be/12Sanq_rEhs) -* Customize control configurations. [Kubescape CLI](https://youtu.be/955psg6TVu4), [Kubescape SaaS](https://youtu.be/lIMVSVhH33o) +* Customize control configurations: + - [Kubescape CLI](https://youtu.be/955psg6TVu4) + - [Kubescape SaaS](https://youtu.be/lIMVSVhH33o) ## Install on Windows @@ -190,7 +193,7 @@ kubescape scan --include-namespaces development,staging,production kubescape scan --exclude-namespaces kube-system,kube-public ``` -#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI) Submit the results in case the directory is a git repo. [docs](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository) +#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI). Submit the results in case the directory is a git repo. [docs](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository) ``` kubescape scan *.yaml --submit ``` diff --git a/build.py b/build.py index a1ad193b..f9ed0380 100644 --- a/build.py +++ b/build.py @@ -25,7 +25,7 @@ def get_build_dir(): def get_package_name(): package_name = "kubescape" - # if platform.system() == "Windows": package_name += ".exe" + if platform.system() == "Windows": package_name += ".exe" return package_name diff --git a/build/Dockerfile b/build/Dockerfile index 542bc210..d626ec3b 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -20,7 +20,6 @@ WORKDIR /work ADD . . # install libgit2 -WORKDIR /work RUN rm -rf git2go && make libgit2 # build kubescape server @@ -34,16 +33,16 @@ RUN python build.py RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts -FROM alpine +FROM alpine:3.16.2 RUN addgroup -S armo && adduser -S armo -G armo -RUN mkdir /home/armo/.kubescape COPY --from=builder /work/artifacts/ /home/armo/.kubescape RUN chown -R armo:armo /home/armo/.kubescape USER armo + WORKDIR /home/armo COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver diff --git a/docs/index.html b/docs/index.html index add13cd3..16518447 100644 --- a/docs/index.html +++ b/docs/index.html @@ -15,10 +15,10 @@ - Kubescap logo + Kubescape logo - \ No newline at end of file + diff --git a/docs/proposals/container-image-vulnerability-adaptor.md b/docs/proposals/container-image-vulnerability-adaptor.md index 2d8a5e78..72baad40 100644 --- a/docs/proposals/container-image-vulnerability-adaptor.md +++ b/docs/proposals/container-image-vulnerability-adaptor.md @@ -6,7 +6,7 @@ source #287 ### Big picture -* Kubescape team is planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously affecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore ,the ability to get information from them is important. +* Kubescape team is planning to create controls which take into account image vulnerabilities, example: looking for public internet facing workloads with critical vulnerabilities. These are seriously affecting the security health of a cluster and therefore we think it is important to cover it. We think that most container registries are/will support image scanning like Harbor and therefore, the ability to get information from them is important. * There is information in the image repository which is important for the existing controls as well. They are incomplete without it, example see this issue: Non-root containers check is broken #19 . These are not necessarily image vulnerability related. Can be information in the image manifest (like the issue before), but it can be the image BOM related. ### Relation to this proposal @@ -19,7 +19,7 @@ Multiple changes and design decisions need to be made before Kubescape will supp * Controls and Rules: That actual control logic implementation, the "tests" themselves. Implemented in rego * OPA engine: the [OPA](https://github.com/open-policy-agent/opa) rego interpreter -* Rules processor: Kubescape component, it enumerates and runs the controls while also preparing the all the input data that the controls need for running +* Rules processor: Kubescape component, it enumerates and runs the controls while also preparing all the input data that the controls need for running * Data sources: Set of different modules providing data to the Rules processor so that it can run the controls with them. Examples: Kubernetes objects, cloud vendor API objects and adding the vulnerability information in this proposal * Cloud Image Vulnerability adaption interface: The subject of this proposal, it gives a common interface for different registry/vulnerability vendors to adapt to. * CIV adaptors: Specific implementation of the CIV interface, example Harbor adaption diff --git a/docs/roadmap.md b/docs/roadmap.md index 5c8ec191..27637bb3 100644 --- a/docs/roadmap.md +++ b/docs/roadmap.md @@ -26,7 +26,7 @@ The items in the Kubescape roadmap are split into 3 major groups based on the fe Implementing an eBPF agent (based on Falco or Tracee) which tracks file activity in workloads to prioritize container image vulnerabilities. * ##### Prioritization engine using MITRE Attack matrix based attack chains - Create a security issue prioritization engine which scores resources based on control based attack chains. All of Kubescape controls can be arranged into attack categories of MITRE Attack matrix. The Attack matrix categories can be connected to each other based on a theoretical attack (ie. you can't have privilege escalation without initial access). Each of the Kubescape controls are to be categorized in these system and Kubescape will calculate priority score based on the interconnections between failed controls. + Create a security issue prioritization engine that scores resources based on control based attack chains. All Kubescape controls can be arranged into attack categories of the MITRE Attack matrix. The Attack matrix categories can be connected to each other based on a theoretical attack (ie. you can't have privilege escalation without initial access). Each of the Kubescape controls is to be categorized in these system and Kubescape will calculate a priority score based on the interconnections between failed controls. * ##### Integration with image registries We want to expand Kubescape to integrate with different image registries and read image vulnerability information from there. This will allow Kubescape to give contextual security information about vulnerabilities. Container registry integration @@ -48,7 +48,7 @@ The items in the Kubescape roadmap are split into 3 major groups based on the fe * ##### Integrate with other Kubernetes CLI tools Use Kubescape as a YAML validator for `kubectl` and others. * ##### Kubernetes audit log integration - Connect Kubescape to audit log stream to enable it to produce more contextual security information based on how the API service is used. + Connect Kubescape to the audit log stream to enable it to produce more contextual security information based on how the API service is used. * ##### TUI for Kubescape Interactive terminal based user interface which helps to analyze and fix issues * ##### Scanning images with GO for vulnerabilities diff --git a/examples/cloud-vendor-integration/aws.sh b/examples/cloud-vendor-integration/aws.sh index 58bbcad9..c735f402 100755 --- a/examples/cloud-vendor-integration/aws.sh +++ b/examples/cloud-vendor-integration/aws.sh @@ -27,7 +27,7 @@ export cluster_name=$(echo "$cluster_arn" | awk -F'/' '{print $NF}') echo 'Get cluster region' export cluster_region=$(echo "$cluster_arn" | awk -F':' '{print $4}') -# First step, Create IAM OIDC provider for the cluster (Not required if the third step runs as is): +# First step, Create IAM OIDC provider for the cluster (Not required if the third step runs as it is): echo 'Create IAM OIDC provider for the cluster' eksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve diff --git a/website/index.html b/website/index.html index 9c7d7b85..f3c87b49 100644 --- a/website/index.html +++ b/website/index.html @@ -1,9 +1,9 @@ - Kubscape Website + Kubescape Website -

Kubscape Website

+

Kubescape Website

@@ -11,4 +11,4 @@

- \ No newline at end of file +