github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-04-15 06:58:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #734 from Chirag8023/patch-3

Browse Source 
Patch 3
This commit is contained in:
David Wertenteil
2022-09-01 08:44:26 +03:00
committed by GitHub
parent d03806aea2 acdad028a3
commit b38ce5e812
4 changed files with 18 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
CONTRIBUTING.md
View File

@@ -3,13 +3,13 @@
First, it is awesome that you are considering contributing to Kubescape! Contributing is important and fun and we welcome your efforts.
When contributing, we categorize contributions into two:
* Small code changes or fixes, whose scope are limited to a single or two files
* Complex features and improvements, whose are not limited
* Small code changes or fixes, whose scope is limited to a single or two files
* Complex features and improvements, that are not limited
If you have a small change, feel free to fire up a Pull Request.
When planning a bigger change, please first discuss the change you wish to make via issue,
email, or any other method with the owners of this repository before making a change. Most likely your changes or features are great, but sometimes we might be already going to this direction (or the exact opposite ;-) ) and we don't want to waste your time.
email, or any other method with the owners of this repository before making a change. Most likely your changes or features are great, but sometimes we might be already going in this direction (or the exact opposite ;-) ) and we don't want to waste your time.
Please note we have a code of conduct, please follow it in all your interactions with the project.
@@ -27,7 +27,7 @@ Please note we have a code of conduct, please follow it in all your interactions
### Our Pledge
In the interest of fostering an open and welcoming environment, we as
contributors and maintainers pledge to making participation in our project and
contributors and maintainers pledge to make participation in our project and
our community a harassment-free experience for everyone, regardless of age, body
size, disability, ethnicity, gender identity and expression, level of experience,
nationality, personal appearance, race, religion, or sexual identity and

4
README.md
View File

@@ -195,7 +195,7 @@ kubescape scan --exclude-namespaces kube-system,kube-public
kubescape scan *.yaml --submit
```
#### Scan kubernetes manifest files from a git repository [and submit the results](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository)
#### Scan Kubernetes manifest files from a git repository [and submit the results](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository)
```
kubescape scan https://github.com/kubescape/kubescape --submit
```
@@ -264,7 +264,7 @@ kubescape scan --use-artifacts-from path/to/local/dir
You can also download a single artifact and scan with the `--use-from` flag
1. Download and save in file, if file name is not specified, will save in `~/.kubescape/<framework name>.json`
1. Download and save in a file, if the file name is not specified, will save in `~/.kubescape/<framework name>.json`
```
kubescape download framework nsa --output /path/nsa.json
```

4
cmd/completion/completion.go
View File

@@ -43,7 +43,3 @@ func GetCompletionCmd() *cobra.Command {
}
return completionCmd
}
// func init() {
// rootCmd.AddCommand(completionCmd)
// }

24
examples/exceptions/README.md
View File

@@ -1,6 +1,6 @@
# Kubescape Exceptions
Kubescape Exceptions is the proper way of excluding failed resources from effecting the risk score.
Kubescape Exceptions is the proper way of excluding failed resources from affecting the risk score.
e.g. When a `kube-system` resource fails and it is ok, simply add the resource to the exceptions configurations.
@@ -9,7 +9,7 @@ e.g. When a `kube-system` resource fails and it is ok, simply add the resource t
* `name`- Exception name - unique name representing the exception
* `policyType`- Do not change
* `actions`- List of available actions. Currently alertOnly is supported
* `actions`- List of available actions. Currently, alertOnly is supported
* `resources`- List of resources to apply this exception on
* `designatorType: Attributes`- An attribute-based declaration {key: value}
Supported keys:
@@ -19,19 +19,19 @@ e.g. When a `kube-system` resource fails and it is ok, simply add the resource t
* `cluster`: k8s cluster name (usually it is the `current-context`) (case-sensitive, regex supported)
* resource labels as key value (case-sensitive, regex NOT supported)
* `posturePolicies`- An attribute-based declaration {key: value}
* `frameworkName` - Framework names can be find [here](https://github.com/armosec/regolibrary/tree/master/frameworks) (regex supported)
* `controlName` - Control names can be find [here](https://github.com/armosec/regolibrary/tree/master/controls) (regex supported)
* `controlID` - Control ID can be find [here](https://github.com/armosec/regolibrary/tree/master/controls) (regex supported)
* `ruleName` - Rule names can be find [here](https://github.com/armosec/regolibrary/tree/master/rules) (regex supported)
* `frameworkName` - Framework names can be found [here](https://github.com/armosec/regolibrary/tree/master/frameworks) (regex supported)
* `controlName` - Control names can be found [here](https://github.com/armosec/regolibrary/tree/master/controls) (regex supported)
* `controlID` - Control ID can be found [here](https://github.com/armosec/regolibrary/tree/master/controls) (regex supported)
* `ruleName` - Rule names can be found [here](https://github.com/armosec/regolibrary/tree/master/rules) (regex supported)
You can find [here](https://github.com/kubescape/kubescape/tree/master/examples/exceptions) some examples of exceptions files
## Usage
The `resources` list and `posturePolicies` list are design to be a combination of the resources and policies to exclude
The `resources` list and `posturePolicies` list are designed to be a combination of the resources and policies to exclude
> You must declare at least one resource and one policy
e.g. If you wish to exclude all namespaces with the label `"environment": "dev"`, the resource list should look as following:
e.g. If you wish to exclude all namespaces with the label `"environment": "dev"`, the resource list should look as follows:
```
"resources": [
{
@@ -44,7 +44,7 @@ e.g. If you wish to exclude all namespaces with the label `"environment": "dev"`
]
```
But if you wish to exclude all namespaces **OR** any resource with the label `"environment": "dev"`, the resource list should look as following:
But if you wish to exclude all namespaces **OR** any resource with the label `"environment": "dev"`, the resource list should look as follows:
```
"resources": [
{
@@ -64,7 +64,7 @@ But if you wish to exclude all namespaces **OR** any resource with the label `"e
Same works with the `posturePolicies` list ->
e.g. If you wish to exclude the resources declared in the `resources` list that failed when scanning the `NSA` framework **AND** failed the `Allowed hostPath` control, the `posturePolicies` list should look as following:
e.g. If you wish to exclude the resources declared in the `resources` list that failed when scanning the `NSA` framework **AND** failed the `Allowed hostPath` control, the `posturePolicies` list should look as follows:
```
"posturePolicies": [
{
@@ -74,7 +74,7 @@ e.g. If you wish to exclude the resources declared in the `resources` list that
]
```
But if you wish to exclude the resources declared in the `resources` list that failed when scanning the `NSA` framework **OR** failed the `Allowed hostPath` control, the `posturePolicies` list should look as following:
But if you wish to exclude the resources declared in the `resources` list that failed when scanning the `NSA` framework **OR** failed the `Allowed hostPath` control, the `posturePolicies` list should look as follows:
```
"posturePolicies": [
{
@@ -177,4 +177,4 @@ The resources
]
}
]
```
```