Merge branch 'dev' into eran-dev

2026-02-14 18:09:55 +00:00 · 2022-12-06 14:17:49 +02:00
parent 481a137c23 8ce7d6c0f6
commit c3b95bed8c
47 changed files with 372 additions and 238 deletions
--- a/.github/workflows/build-image.yaml
+++ b/.github/workflows/build-image.yaml
@@ -26,14 +26,24 @@ on:
        type: boolean
        description: 'support amd64/arm64'

-    secrets:
-      QUAYIO_REGISTRY_USERNAME:
-        required: true
-      QUAYIO_REGISTRY_PASSWORD:
-        required: true
-
 jobs:
+  check-secret:
+    name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets
+    runs-on: ubuntu-latest
+    outputs:
+      is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }}
+    steps:
+      - name: Check whether unity activation requests should be done
+        id: check-secret-set
+        env:
+            QUAYIO_REGISTRY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
+            QUAYIO_REGISTRY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
+        run: |
+            echo "is-secret-set=${{ env.QUAYIO_REGISTRY_USERNAME != '' && env.QUAYIO_REGISTRY_PASSWORD != '' }}" >> $GITHUB_OUTPUT
+
  build-image:
+    needs: [check-secret]
+    if: needs.check-secret.outputs.is-secret-set == 'true'
    name: Build image and upload to registry
    runs-on: ubuntu-latest
    permissions:
@@ -61,10 +71,10 @@ jobs:
      - name: Build and push image
        if: ${{ inputs.support_platforms }}
        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push --platform linux/amd64,linux/arm64
-     
+
      - name: Build and push image without amd64/arm64 support
        if: ${{ !inputs.support_platforms }}
-        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push
+        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push 

      - name: Install cosign
        uses: sigstore/cosign-installer@main
@@ -75,6 +85,5 @@ jobs:
        env:
          COSIGN_EXPERIMENTAL: "true"
        run: |
-            cosign sign --force ${{ inputs.image_name }}:latest
-            cosign sign --force ${{ inputs.image_name }}:${{ inputs.image_tag }}
+            cosign sign --force ${{ inputs.image_name }}

--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -4,7 +4,6 @@ on:
  push:
    branches: [ master ]
    paths-ignore:
-      # Do not run the pipeline if only Markdown files changed
      - '**.md'
 jobs:
  test:
@@ -79,7 +78,6 @@ jobs:
          asset_content_type: application/octet-stream
  
  publish-image:
-    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
    uses: ./.github/workflows/build-image.yaml
    needs: create-release
    with:
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -13,14 +13,13 @@ jobs:
      release: "v2.0.${{ github.run_number }}"
      client: test
 
-  publish-dev-image:
-    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
-    uses: ./.github/workflows/build-image.yaml
-    needs: test
-    with:
-      client: "image-dev"
-      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
-      image_tag: "dev-v2.0.${{ github.run_number }}"
-      support_platforms: true
-      cosign: true
-    secrets: inherit
+  # publish-dev-image:
+  #   uses: ./.github/workflows/build-image.yaml
+  #   needs: test
+  #   with:
+  #     client: "image-dev"
+  #     image_name: "quay.io/${{ github.repository_owner }}/kubescape"
+  #     image_tag: "dev-v2.0.${{ github.run_number }}"
+  #     support_platforms: true
+  #     cosign: true
+  #   secrets: inherit
--- a/README.md
+++ b/README.md
@@ -52,6 +52,9 @@ kubescape scan --enable-host-scan --verbose
 </br>

 ## Architecture in short
+
+[Component architecture](docs/architecture.drawio.svg)
+
 ### [CLI](#kubescape-cli)
 <div align="center">
    <img src="docs/ks-cli-arch.png" width="300" alt="cli-diagram">
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -36,6 +36,8 @@ var (
  # Download the configured controls-inputs 
  kubescape download controls-inputs 

+  # Download the attack tracks
+  kubescape download attack-tracks
 `
 )

--- a/cmd/root.go
+++ b/cmd/root.go
@@ -27,7 +27,7 @@ var rootInfo cautils.RootInfo

 var ksExamples = `
  # Scan command
-  kubescape scan --submit
+  kubescape scan

  # List supported frameworks
  kubescape list frameworks
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -109,7 +109,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
-			enforceSeverityThresholds(&results.GetResults().SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)
+			enforceSeverityThresholds(results.GetResults().SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)

 			return nil
 		},
@@ -120,6 +120,10 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 func validateControlScanInfo(scanInfo *cautils.ScanInfo) error {
 	severity := scanInfo.FailThresholdSeverity

+	if scanInfo.Submit && scanInfo.OmitRawResources {
+		return fmt.Errorf("you can use `omit-raw-resources` or `submit`, but not both")
+	}
+
 	if err := validateSeverity(severity); severity != "" && err != nil {
 		return err
 	}
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -22,8 +22,8 @@ import (

 var (
 	frameworkExample = `
-  # Scan all frameworks and submit the results
-  kubescape scan framework all --submit
+  # Scan all frameworks
+  kubescape scan framework all
  
  # Scan the NSA framework
  kubescape scan framework nsa
@@ -35,7 +35,7 @@ var (
  kubescape scan framework all

  # Scan kubernetes YAML manifest files (single file or glob)
-  kubescape scan framework nsa *.yaml
+  kubescape scan framework nsa .

  Run 'kubescape list frameworks' for the list of supported frameworks
 `
@@ -119,7 +119,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}

-			enforceSeverityThresholds(&results.GetData().Report.SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)
+			enforceSeverityThresholds(results.GetData().Report.SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
 			return nil
 		},
 	}
@@ -136,10 +136,10 @@ func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCou
 		SeverityName       string
 		GetFailedResources func() int
 	}{
-		{reporthandlingapis.SeverityLowString, severityCounters.NumberOfResourcesWithLowSeverity},
-		{reporthandlingapis.SeverityMediumString, severityCounters.NumberOfResourcesWithMediumSeverity},
-		{reporthandlingapis.SeverityHighString, severityCounters.NumberOfResourcesWithHighSeverity},
-		{reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfResourcesWithCriticalSeverity},
+		{reporthandlingapis.SeverityLowString, severityCounters.NumberOfLowSeverity},
+		{reporthandlingapis.SeverityMediumString, severityCounters.NumberOfMediumSeverity},
+		{reporthandlingapis.SeverityHighString, severityCounters.NumberOfHighSeverity},
+		{reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfCriticalSeverity},
 	}

 	targetSeverityIdx := 0
@@ -201,7 +201,9 @@ func validateFrameworkScanInfo(scanInfo *cautils.ScanInfo) error {
 	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
 		return fmt.Errorf("bad argument: out of range threshold")
 	}
-
+	if scanInfo.Submit && scanInfo.OmitRawResources {
+		return fmt.Errorf("you can use `omit-raw-resources` or `submit`, but not both")
+	}
 	severity := scanInfo.FailThresholdSeverity
 	if err := validateSeverity(severity); severity != "" && err != nil {
 		return err
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -17,10 +17,10 @@ var scanCmdExamples = `
  kubescape scan --enable-host-scan --verbose

  # Scan kubernetes YAML manifest files
-  kubescape scan *.yaml
+  kubescape scan .

  # Scan and save the results in the JSON format
-  kubescape scan --format json --output results.json
+  kubescape scan --format json --output results.json --format-version=v2

  # Display all resources
  kubescape scan --verbose
@@ -88,11 +88,13 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.CustomClusterName, "cluster-name", "", "Set the custom name of the cluster. Not same as the kube-context flag")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Submit the scan results to Kubescape SaaS where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.OmitRawResources, "omit-raw-resources", "", false, "Omit raw resources from the output. By default the raw resources are included in the output")

 	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")

 	// hidden flags
 	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes
+	scanCmd.PersistentFlags().MarkHidden("omit-raw-resources")

 	// Retrieve --kubeconfig flag from https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/cmd.go
 	scanCmd.PersistentFlags().AddGoFlag(flag.Lookup("kubeconfig"))
--- a/cmd/scan/scan_test.go
+++ b/cmd/scan/scan_test.go
@@ -24,91 +24,91 @@ func TestExceedsSeverity(t *testing.T) {
 		{
 			Description:      "Critical failed resource should exceed Critical threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Critical failed resource should exceed Critical threshold set as constant",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource should not exceed Critical threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource does not exceed High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Low failed resource does not exceed Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Low failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Unknown severity returns an error",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "unknown"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
 			Want:             false,
 			Error:            ErrUnknownSeverity,
 		},
@@ -139,7 +139,7 @@ func Test_enforceSeverityThresholds(t *testing.T) {
 	}{
 		{
 			"Exceeding Critical severity counter should call the terminating function",
-			&reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			&reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			&cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
 			true,
 		},
--- a/core/cautils/datastructures.go
+++ b/core/cautils/datastructures.go
@@ -18,18 +18,19 @@ type OPASessionObj struct {
 	K8SResources          *K8SResources                                 // input k8s objects
 	ArmoResource          *KSResources                                  // input ARMO objects
 	AllPolicies           *Policies                                     // list of all frameworks
-	Policies              []reporthandling.Framework                    // list of frameworks to scan
 	AllResources          map[string]workloadinterface.IMetadata        // all scanned resources, map[<resource ID>]<resource>
 	ResourcesResult       map[string]resourcesresults.Result            // resources scan results, map[<resource ID>]<resource result>
 	ResourceSource        map[string]reporthandling.Source              // resources sources, map[<resource ID>]<resource result>
 	ResourcesPrioritized  map[string]prioritization.PrioritizedResource // resources prioritization information, map[<resource ID>]<prioritized resource>
 	Report                *reporthandlingv2.PostureReport               // scan results v2 - Remove
-	Exceptions            []armotypes.PostureExceptionPolicy            // list of exceptions to apply on scan results
 	RegoInputData         RegoInputData                                 // input passed to rego for scanning. map[<control name>][<input arguments>]
 	Metadata              *reporthandlingv2.Metadata
-	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
-	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
-	SessionID             string                     // SessionID
+	InfoMap               map[string]apis.StatusInfo         // Map errors of resources to StatusInfo
+	ResourceToControlsMap map[string][]string                // map[<apigroup/apiversion/resource>] = [<control_IDs>]
+	SessionID             string                             // SessionID
+	Policies              []reporthandling.Framework         // list of frameworks to scan
+	Exceptions            []armotypes.PostureExceptionPolicy // list of exceptions to apply on scan results
+	OmitRawResources      bool                               // omit raw resources from output
 }

 func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
@@ -45,6 +46,7 @@ func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SRe
 		ResourceSource:        make(map[string]reporthandling.Source),
 		SessionID:             scanInfo.ScanID,
 		Metadata:              scanInfoToScanMetadata(scanInfo),
+		OmitRawResources:      scanInfo.OmitRawResources,
 	}
 }

@@ -94,6 +96,7 @@ type Exception struct {

 type RegoInputData struct {
 	PostureControlInputs map[string][]string `json:"postureControlInputs"`
+	DataControlInputs    map[string]string   `json:"dataControlInputs"`
 	// ClusterName          string              `json:"clusterName"`
 	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
 }
--- a/core/cautils/getter/downloadreleasedpolicy.go
+++ b/core/cautils/getter/downloadreleasedpolicy.go
@@ -65,12 +65,20 @@ func (drp *DownloadReleasedPolicy) ListControls() ([]string, error) {
 	if err != nil {
 		return []string{}, err
 	}
-	controlsNamesWithIDsList := make([]string, len(controlsIDsList))
-	// by design both slices have the same length
-	for i := range controlsIDsList {
-		controlsNamesWithIDsList[i] = fmt.Sprintf("%v|%v", controlsIDsList[i], controlsNamesList[i])
+	controls, err := drp.gs.GetOPAControls()
+	if err != nil {
+		return []string{}, err
 	}
-	return controlsNamesWithIDsList, nil
+	var controlsFrameworksList [][]string
+	for _, control := range controls {
+		controlsFrameworksList = append(controlsFrameworksList, control.FrameworkNames)
+	}
+	controlsNamesWithIDsandFrameworksList := make([]string, len(controlsIDsList))
+	// by design all slices have the same lengt
+	for i := range controlsIDsList {
+		controlsNamesWithIDsandFrameworksList[i] = fmt.Sprintf("%v|%v|%v", controlsIDsList[i], controlsNamesList[i], strings.Join(controlsFrameworksList[i], ","))
+	}
+	return controlsNamesWithIDsandFrameworksList, nil
 }

 func (drp *DownloadReleasedPolicy) GetControlsInputs(clusterName string) (map[string][]string, error) {
--- a/core/cautils/getter/loadpolicy.go
+++ b/core/cautils/getter/loadpolicy.go
@@ -9,6 +9,7 @@ import (

 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 )

 // =======================================================================================================================
@@ -152,3 +153,18 @@ func (lp *LoadPolicy) filePath() string {
 	}
 	return ""
 }
+
+func (lp *LoadPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error) {
+	attackTracks := []v1alpha1.AttackTrack{}
+
+	f, err := os.ReadFile(lp.filePath())
+
+	if err != nil {
+		return nil, err
+	}
+
+	if err := json.Unmarshal(f, &attackTracks); err != nil {
+		return nil, err
+	}
+	return attackTracks, nil
+}
--- a/core/cautils/gitparse_test.go
+++ b/core/cautils/gitparse_test.go
@@ -0,0 +1,16 @@
+package cautils
+
+import (
+	"testing"
+
+	giturl "github.com/kubescape/go-git-url"
+	"github.com/stretchr/testify/require"
+)
+
+func TestEnsureRemoteParsed(t *testing.T) {
+	const remote = "git@gitlab.com:foobar/gitlab-tests/sample-project.git"
+
+	require.NotPanics(t, func() {
+		_, _ = giturl.NewGitURL(remote)
+	})
+}
--- a/core/cautils/localgitrepository.go
+++ b/core/cautils/localgitrepository.go
@@ -6,10 +6,10 @@ import (
 	"strings"
 	"time"

-	"github.com/armosec/go-git-url/apis"
 	gitv5 "github.com/go-git/go-git/v5"
 	configv5 "github.com/go-git/go-git/v5/config"
 	plumbingv5 "github.com/go-git/go-git/v5/plumbing"
+	"github.com/kubescape/go-git-url/apis"
 	git2go "github.com/libgit2/git2go/v33"
 )

--- a/core/cautils/scaninfo.go
+++ b/core/cautils/scaninfo.go
@@ -10,7 +10,7 @@ import (
 	"github.com/armosec/armoapi-go/armotypes"
 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"

-	giturl "github.com/armosec/go-git-url"
+	giturl "github.com/kubescape/go-git-url"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
@@ -39,7 +39,8 @@ const (
 	// ScanCluster                string = "cluster"
 	// ScanLocalFiles             string = "yaml"
 	localControlInputsFilename string = "controls-inputs.json"
-	localExceptionsFilename    string = "exceptions.json"
+	LocalExceptionsFilename    string = "exceptions.json"
+	LocalAttackTracksFilename  string = "attack-tracks.json"
 )

 type BoolPtrFlag struct {
@@ -127,6 +128,7 @@ type ScanInfo struct {
 	KubeContext           string             // context name
 	FrameworkScan         bool               // false if scanning control
 	ScanAll               bool               // true if scan all frameworks
+	OmitRawResources      bool               // true if omit raw resources from the output
 }

 type Getters struct {
@@ -175,7 +177,7 @@ func (scanInfo *ScanInfo) setUseArtifactsFrom() {
 	// set config-inputs file
 	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
 	// set exceptions
-	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
+	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, LocalExceptionsFilename)
 }

 func (scanInfo *ScanInfo) setUseFrom() {
@@ -418,7 +420,7 @@ func metadataGitLocal(input string) (*reporthandlingv2.RepoContextMetadata, erro
 		Date:          commit.Committer.Date,
 		CommitterName: commit.Committer.Name,
 	}
-	context.LocalRootPath = getAbsPath(input)
+	context.LocalRootPath, _ = gitParser.GetRootDir()

 	return context, nil
 }
--- a/core/cautils/versioncheck.go
+++ b/core/cautils/versioncheck.go
@@ -14,8 +14,9 @@ import (
 	"golang.org/x/mod/semver"
 )

-const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
-const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_DEPRECATED_ENV = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_ENV = "KS_SKIP_UPDATE_CHECK"
+const CLIENT_ENV = "KS_CLIENT"

 var BuildNumber string
 var Client string
@@ -31,9 +32,14 @@ func NewIVersionCheckHandler() IVersionCheckHandler {
 	if BuildNumber == "" {
 		logger.L().Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
 	}
-	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && boolutils.StringToBool(v) {
+
+	if v, ok := os.LookupEnv(CLIENT_ENV); ok && v != "" {
+		Client = v
+	}
+
+	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_ENV); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
-	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && boolutils.StringToBool(v) {
+	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED_ENV); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
 	}
 	return NewVersionCheckHandler()
--- a/core/core/download.go
+++ b/core/core/download.go
@@ -19,6 +19,7 @@ var downloadFunc = map[string]func(*metav1.DownloadInfo) error{
 	"control":         downloadControl,
 	"framework":       downloadFramework,
 	"artifacts":       downloadArtifacts,
+	"attack-tracks":   downloadAttackTracks,
 }

 func DownloadSupportCommands() []string {
@@ -70,6 +71,7 @@ func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error {
 		"controls-inputs": downloadConfigInputs,
 		"exceptions":      downloadExceptions,
 		"framework":       downloadFramework,
+		"attack-tracks":   downloadAttackTracks,
 	}
 	for artifact := range artifacts {
 		if err := downloadArtifact(&metav1.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
@@ -108,12 +110,12 @@ func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {

 	exceptionsGetter := getExceptionsGetter("", tenant.GetAccountID(), nil)
 	exceptions := []armotypes.PostureExceptionPolicy{}
-	if tenant.GetAccountID() != "" {
-		exceptions, err = exceptionsGetter.GetExceptions(tenant.GetContextName())
-		if err != nil {
-			return err
-		}
+
+	exceptions, err = exceptionsGetter.GetExceptions(tenant.GetContextName())
+	if err != nil {
+		return err
 	}
+
 	if downloadInfo.FileName == "" {
 		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
 	}
@@ -126,6 +128,30 @@ func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 	return nil
 }

+func downloadAttackTracks(downloadInfo *metav1.DownloadInfo) error {
+	var err error
+	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
+
+	attackTracksGetter := getAttackTracksGetter(tenant.GetAccountID(), nil)
+
+	attackTracks, err := attackTracksGetter.GetAttackTracks()
+	if err != nil {
+		return err
+	}
+
+	if downloadInfo.FileName == "" {
+		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
+	}
+	// save in file
+	err = getter.SaveInFile(attackTracks, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
+	if err != nil {
+		return err
+	}
+	logger.L().Success("Downloaded", helpers.String("attack tracks", downloadInfo.Target), helpers.String("path", filepath.Join(downloadInfo.Path, downloadInfo.FileName)))
+	return nil
+
+}
+
 func downloadFramework(downloadInfo *metav1.DownloadInfo) error {

 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
--- a/core/core/initutils.go
+++ b/core/core/initutils.go
@@ -45,8 +45,9 @@ func getExceptionsGetter(useExceptions string, accountID string, downloadRelease
 	if downloadReleasedPolicy == nil {
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
-	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil {
-		logger.L().Warning("failed to get exceptions from github release, this may affect the scanning results", helpers.Error(err))
+	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache
+		logger.L().Warning("failed to get exceptions from github release, loading attack tracks from cache", helpers.Error(err))
+		return getter.NewLoadPolicy([]string{getter.GetDefaultPath(cautils.LocalExceptionsFilename)})
 	}
 	return downloadReleasedPolicy

@@ -247,8 +248,9 @@ func getAttackTracksGetter(accountID string, downloadReleasedPolicy *getter.Down
 	if downloadReleasedPolicy == nil {
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
-	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil {
-		logger.L().Warning("failed to get attack tracks from github release, this may affect the scanning results", helpers.Error(err))
+	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache
+		logger.L().Warning("failed to get attack tracks from github release, loading attack tracks from cache", helpers.Error(err))
+		return getter.NewLoadPolicy([]string{getter.GetDefaultPath(cautils.LocalAttackTracksFilename)})
 	}
 	return downloadReleasedPolicy
 }
--- a/core/core/list.go
+++ b/core/core/list.go
@@ -112,7 +112,7 @@ func jsonListFormat(targetPolicy string, policies []string) {
 func prettyPrintControls(policies []string) {
 	controlsTable := tablewriter.NewWriter(printer.GetWriter(""))
 	controlsTable.SetAutoWrapText(true)
-	controlsTable.SetHeader([]string{"Control ID", "Control Name", "Docs"})
+	controlsTable.SetHeader([]string{"Control ID", "Control Name", "Docs", "Frameworks"})
 	controlsTable.SetHeaderLine(true)
 	controlsTable.SetRowLine(true)
 	data := v2.Matrix{}
@@ -128,12 +128,12 @@ func generateControlRows(policies []string) [][]string {
 	rows := [][]string{}

 	for _, control := range policies {
-		idAndControl := strings.Split(control, "|")
-		id, control := idAndControl[0], idAndControl[1]
+		idAndControlAndFrameworks := strings.Split(control, "|")
+		id, control, framework := idAndControlAndFrameworks[0], idAndControlAndFrameworks[1], idAndControlAndFrameworks[2]

 		docs := cautils.GetControlLink(id)

-		currentRow := []string{id, control, docs}
+		currentRow := []string{id, control, docs, framework}

 		rows = append(rows, currentRow)
 	}
--- a/core/core/scan.go
+++ b/core/core/scan.go
@@ -54,6 +54,10 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 		if err := tenantConfig.SetTenant(); err != nil {
 			logger.L().Error(err.Error())
 		}
+
+		if scanInfo.OmitRawResources {
+			logger.L().Warning("omit-raw-resources flag will be ignored in submit mode")
+		}
 	}

 	// ================== version testing ======================================
--- a/core/pkg/hostsensorutils/hostsensor.yaml
+++ b/core/pkg/hostsensorutils/hostsensor.yaml
@@ -36,7 +36,7 @@ spec:
        effect: NoSchedule
      containers:
      - name: host-sensor
-        image: quay.io/kubescape/host-scanner:v1.0.38
+        image: quay.io/kubescape/host-scanner:v1.0.39
        securityContext:
          privileged: true
          readOnlyRootFilesystem: true
--- a/core/pkg/hostsensorutils/hostsensorgetfrompod.go
+++ b/core/pkg/hostsensorutils/hostsensorgetfrompod.go
@@ -3,6 +3,7 @@ package hostsensorutils
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 	"sync"

 	logger "github.com/kubescape/go-logger"
@@ -99,6 +100,30 @@ func (hsh *HostSensorHandler) sendAllPodsHTTPGETRequest(path, requestKind string
 	return res, nil
 }

+// return host-scanner version
+func (hsh *HostSensorHandler) GetVersion() (string, error) {
+	// loop over pods and port-forward it to each of them
+	podList, err := hsh.getPodList()
+	if err != nil {
+		return "", fmt.Errorf("failed to sendAllPodsHTTPGETRequest: %v", err)
+	}
+
+	// initialization of the channels
+	hsh.workerPool.init(len(podList))
+	hsh.workerPool.hostSensorApplyJobs(podList, "/version", "version")
+	for job := range hsh.workerPool.jobs {
+		resBytes, err := hsh.HTTPGetToPod(job.podName, job.path)
+		if err != nil {
+			return "", err
+		} else {
+			version := strings.ReplaceAll(string(resBytes), "\"", "")
+			version = strings.ReplaceAll(version, "\n", "")
+			return version, nil
+		}
+	}
+	return "", nil
+}
+
 // return list of LinuxKernelVariables
 func (hsh *HostSensorHandler) GetKernelVariables() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
@@ -198,6 +223,16 @@ func (hsh *HostSensorHandler) CollectResources() ([]hostsensor.HostSensorDataEnv
 	var kcData []hostsensor.HostSensorDataEnvelope
 	var err error
 	logger.L().Debug("Accessing host scanner")
+	version, err := hsh.GetVersion()
+	if err != nil {
+		logger.L().Warning(err.Error())
+	}
+	if len(version) > 0 {
+		logger.L().Info("Host scanner version : " + version)
+	} else {
+		logger.L().Info("Unknown host scanner version")
+	}
+	//
 	kcData, err = hsh.GetKubeletConfigurations()
 	if err != nil {
 		addInfoToMap(KubeletConfiguration, infoMap, err)
--- a/core/pkg/opaprocessor/processorhandler.go
+++ b/core/pkg/opaprocessor/processorhandler.go
@@ -35,6 +35,7 @@ type OPAProcessor struct {
 func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *resources.RegoDependenciesData) *OPAProcessor {
 	if regoDependenciesData != nil && sessionObj != nil {
 		regoDependenciesData.PostureControlInputs = sessionObj.RegoInputData.PostureControlInputs
+		regoDependenciesData.DataControlInputs = sessionObj.RegoInputData.DataControlInputs
 	}
 	return &OPAProcessor{
 		OPASessionObj:        sessionObj,
@@ -153,14 +154,16 @@ func (opap *OPAProcessor) processControl(control *reporthandling.Control) (map[s
 func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule, fixedControlInputs map[string][]string) (map[string]*resourcesresults.ResourceAssociatedRule, error) {

 	postureControlInputs := opap.regoDependenciesData.GetFilteredPostureControlInputs(rule.ConfigInputs) // get store
-
-	postureControlInputs["cloudProvider"] = []string{opap.OPASessionObj.Report.ClusterCloudProvider}
+	dataControlInputs := map[string]string{"cloudProvider": opap.OPASessionObj.Report.ClusterCloudProvider}

 	// Merge configurable control input and fixed control input
 	for k, v := range fixedControlInputs {
 		postureControlInputs[k] = v
 	}

+	RuleRegoDependenciesData := resources.RegoDependenciesData{DataControlInputs: dataControlInputs,
+		PostureControlInputs: postureControlInputs}
+
 	inputResources, err := reporthandling.RegoResourcesAggregator(rule, getAllSupportedObjects(opap.K8SResources, opap.ArmoResource, opap.AllResources, rule))
 	if err != nil {
 		return nil, fmt.Errorf("error getting aggregated k8sObjects: %s", err.Error())
@@ -187,7 +190,7 @@ func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule, fixedCont
 		opap.AllResources[inputResources[i].GetID()] = inputResources[i]
 	}

-	ruleResponses, err := opap.runOPAOnSingleRule(rule, inputRawResources, ruleData, postureControlInputs)
+	ruleResponses, err := opap.runOPAOnSingleRule(rule, inputRawResources, ruleData, RuleRegoDependenciesData)
 	if err != nil {
 		// TODO - Handle error
 		logger.L().Error(err.Error())
@@ -219,16 +222,16 @@ func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule, fixedCont
 	return resources, err
 }

-func (opap *OPAProcessor) runOPAOnSingleRule(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, postureControlInputs map[string][]string) ([]reporthandling.RuleResponse, error) {
+func (opap *OPAProcessor) runOPAOnSingleRule(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, ruleRegoDependenciesData resources.RegoDependenciesData) ([]reporthandling.RuleResponse, error) {
 	switch rule.RuleLanguage {
 	case reporthandling.RegoLanguage, reporthandling.RegoLanguage2:
-		return opap.runRegoOnK8s(rule, k8sObjects, getRuleData, postureControlInputs)
+		return opap.runRegoOnK8s(rule, k8sObjects, getRuleData, ruleRegoDependenciesData)
 	default:
 		return nil, fmt.Errorf("rule: '%s', language '%v' not supported", rule.Name, rule.RuleLanguage)
 	}
 }

-func (opap *OPAProcessor) runRegoOnK8s(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, postureControlInputs map[string][]string) ([]reporthandling.RuleResponse, error) {
+func (opap *OPAProcessor) runRegoOnK8s(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, ruleRegoDependenciesData resources.RegoDependenciesData) ([]reporthandling.RuleResponse, error) {

 	// compile modules
 	modules, err := getRuleDependencies()
@@ -241,7 +244,7 @@ func (opap *OPAProcessor) runRegoOnK8s(rule *reporthandling.PolicyRule, k8sObjec
 		return nil, fmt.Errorf("in 'runRegoOnSingleRule', failed to compile rule, name: %s, reason: %s", rule.Name, err.Error())
 	}

-	store, err := resources.TOStorage(postureControlInputs)
+	store, err := ruleRegoDependenciesData.TOStorage()
 	if err != nil {
 		return nil, err
 	}
@@ -284,8 +287,12 @@ func (opap *OPAProcessor) enumerateData(rule *reporthandling.PolicyRule, k8sObje
 		return k8sObjects, nil
 	}
 	postureControlInputs := opap.regoDependenciesData.GetFilteredPostureControlInputs(rule.ConfigInputs)
+	dataControlInputs := map[string]string{"cloudProvider": opap.OPASessionObj.Report.ClusterCloudProvider}

-	ruleResponse, err := opap.runOPAOnSingleRule(rule, k8sObjects, ruleEnumeratorData, postureControlInputs)
+	RuleRegoDependenciesData := resources.RegoDependenciesData{DataControlInputs: dataControlInputs,
+		PostureControlInputs: postureControlInputs}
+
+	ruleResponse, err := opap.runOPAOnSingleRule(rule, k8sObjects, ruleEnumeratorData, RuleRegoDependenciesData)
 	if err != nil {
 		return nil, err
 	}
--- a/core/pkg/resourcehandler/filesloader.go
+++ b/core/pkg/resourcehandler/filesloader.go
@@ -76,9 +76,10 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess

 	}

-	if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, ksResources); err != nil {
-		logger.L().Warning("failed to collect images vulnerabilities", helpers.Error(err))
-	}
+	// Should Kubescape scan image related controls when scanning local files?
+	// if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, ksResources); err != nil {
+	// 	logger.L().Warning("failed to collect images vulnerabilities", helpers.Error(err))
+	// }

 	cautils.StopSpinner()
 	logger.L().Success("Done accessing local objects")
@@ -103,6 +104,8 @@ func getResourcesFromPath(path string) (map[string]reporthandling.Source, []work
 	gitRepo, err := cautils.NewLocalGitRepository(path)
 	if err == nil && gitRepo != nil {
 		repoRoot, _ = gitRepo.GetRootDir()
+	} else {
+		repoRoot, _ = filepath.Abs(path)
 	}

 	// load resource from local file system
@@ -141,7 +144,7 @@ func getResourcesFromPath(path string) (map[string]reporthandling.Source, []work
 		}

 		workloadSource := reporthandling.Source{
-			RelativePath: source,
+			RelativePath: relSource,
 			FileType:     filetype,
 			LastCommit:   lastCommit,
 		}
--- a/core/pkg/resourcehandler/filesloaderutils.go
+++ b/core/pkg/resourcehandler/filesloaderutils.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"path/filepath"

-	giturl "github.com/armosec/go-git-url"
+	giturl "github.com/kubescape/go-git-url"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
--- a/core/pkg/resourcehandler/k8sresources.go
+++ b/core/pkg/resourcehandler/k8sresources.go
@@ -88,7 +88,7 @@ func (k8sHandler *K8sResourceHandler) GetResources(sessionObj *cautils.OPASessio
 		logger.L().Info("Requesting images vulnerabilities results")
 		cautils.StartSpinner()
 		if err := k8sHandler.registryAdaptors.collectImagesVulnerabilities(k8sResourcesMap, allResources, ksResourceMap); err != nil {
-			logger.L().Warning("failed to collect image vulnerabilities", helpers.Error(err))
+			logger.L().Warning("failed to collect image vulnerabilities", helpers.Error(err), helpers.String("Read more here", "https://hub.armosec.io/docs/configuration-of-image-vulnerabilities"))
 			cautils.SetInfoMapForResources(fmt.Sprintf("failed to pull image scanning data: %s. for more information: https://hub.armosec.io/docs/configuration-of-image-vulnerabilities", err.Error()), imgVulnResources, sessionObj.InfoMap)
 		} else {
 			if isEmptyImgVulns(*ksResourceMap) {
--- a/core/pkg/resourcehandler/registrydata.go
+++ b/core/pkg/resourcehandler/registrydata.go
@@ -8,8 +8,8 @@ import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	gcpadaptorv1 "github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/gcp/v1"
 	armosecadaptorv1 "github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/armosec/v1"
+	gcpadaptorv1 "github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/gcp/v1"
 	"github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"

 	"github.com/kubescape/opa-utils/shared"
--- a/core/pkg/resourcehandler/remotegitutils.go
+++ b/core/pkg/resourcehandler/remotegitutils.go
@@ -6,11 +6,11 @@ import (
 	nethttp "net/http"
 	"os"

-	giturl "github.com/armosec/go-git-url"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	giturl "github.com/kubescape/go-git-url"
 )

 // To Check if the given repository is Public(No Authentication needed), send a HTTP GET request to the URL
--- a/core/pkg/resourcehandler/urlloader.go
+++ b/core/pkg/resourcehandler/urlloader.go
@@ -1,7 +1,7 @@
 package resourcehandler

 import (
-	giturl "github.com/armosec/go-git-url"
+	giturl "github.com/kubescape/go-git-url"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
--- a/core/pkg/resourcesprioritization/prioritizationhandler.go
+++ b/core/pkg/resourcesprioritization/prioritizationhandler.go
@@ -21,7 +21,8 @@ func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGe
 		attackTracks: make([]v1alpha1.IAttackTrack, 0),
 	}

-	if tracks, err := attackTracksGetter.GetAttackTracks(); err != nil {
+	tracks, err := attackTracksGetter.GetAttackTracks()
+	if err != nil {
 		return nil, err
 	} else {
 		for _, attackTrack := range tracks {
@@ -38,6 +39,12 @@ func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGe
 		return nil, fmt.Errorf("expected to find at least one attack track")
 	}

+	// Store attack tracks in cache
+	cache := getter.GetDefaultPath(cautils.LocalAttackTracksFilename)
+	if err := getter.SaveInFile(tracks, cache); err != nil {
+		logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err))
+	}
+
 	return handler, nil
 }

--- a/core/pkg/resultshandling/printer/v2/html/report.gohtml
+++ b/core/pkg/resultshandling/printer/v2/html/report.gohtml
@@ -142,7 +142,7 @@
        <tr>
          <td class="resourceSeverityCell">{{ .Severity }}</td>
          <td class="resourceNameCell">{{ .Name }}</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/{{ lower .URL }}">{{ .URL }}</a></td>
+          <td class="resourceURLCell"><a href="{{ lower .URL }}">{{ .ID }}</a></td>
          <td class="resourceRemediationCell">{{ range .FailedPaths }} <p>{{ . }}</p> {{ end }}</td>
        </tr>
        {{ end }}
--- a/core/pkg/resultshandling/printer/v2/htmlprinter.go
+++ b/core/pkg/resultshandling/printer/v2/htmlprinter.go
@@ -130,10 +130,11 @@ func buildResourceTableView(opaSessionObj *cautils.OPASessionObj) ResourceTableV
 func buildResourceControlResult(resourceControl resourcesresults.ResourceAssociatedControl, control reportsummary.IControlSummary) ResourceControlResult {
 	ctlSeverity := apis.ControlSeverityToString(control.GetScoreFactor())
 	ctlName := resourceControl.GetName()
-	ctlURL := resourceControl.GetID()
+	ctlID := resourceControl.GetID()
+	ctlURL := cautils.GetControlLink(resourceControl.GetID())
 	failedPaths := append(failedPathsToString(&resourceControl), fixPathsToString(&resourceControl)...)

-	return ResourceControlResult{ctlSeverity, ctlName, ctlURL, failedPaths}
+	return ResourceControlResult{ctlSeverity, ctlName, ctlID, ctlURL, failedPaths}
 }

 func buildResourceControlResultTable(resourceControls []resourcesresults.ResourceAssociatedControl, summaryDetails *reportsummary.SummaryDetails) []ResourceControlResult {
--- a/core/pkg/resultshandling/printer/v2/junit.go
+++ b/core/pkg/resultshandling/printer/v2/junit.go
@@ -4,6 +4,7 @@ import (
 	"encoding/xml"
 	"fmt"
 	"os"
+	"sort"
 	"strings"

 	logger "github.com/kubescape/go-logger"
@@ -11,9 +12,8 @@ import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
-	"github.com/kubescape/opa-utils/reporthandling/apis"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
-	"github.com/kubescape/opa-utils/reporthandling/results/v1/resourcesresults"
+	"github.com/kubescape/opa-utils/shared"
 )

 /*
@@ -55,7 +55,6 @@ type JUnitTestSuite struct {
 	Skipped    string          `xml:"skipped,attr"`   // The total number of skipped tests
 	Time       string          `xml:"time,attr"`      // Time taken (in seconds) to execute the tests in the suite
 	Timestamp  string          `xml:"timestamp,attr"` // when the test was executed in ISO 8601 format (2014-01-21T16:17:18)
-	File       string          `xml:"file,attr"`      // The file be tested
 	Properties []JUnitProperty `xml:"properties>property,omitempty"`
 	TestCases  []JUnitTestCase `xml:"testcase"`
 }
@@ -89,11 +88,6 @@ type JUnitFailure struct {
 	Contents string `xml:",chardata"`
 }

-const (
-	lineSeparator         = "\n===================================================================================================================\n\n"
-	testCaseTypeResources = "Resources"
-)
-
 func NewJunitPrinter(verbose bool) *JunitPrinter {
 	return &JunitPrinter{
 		verbose: verbose,
@@ -124,118 +118,96 @@ func (junitPrinter *JunitPrinter) ActionPrint(opaSessionObj *cautils.OPASessionO
 func testsSuites(results *cautils.OPASessionObj) *JUnitTestSuites {
 	return &JUnitTestSuites{
 		Suites:   listTestsSuite(results),
-		Tests:    results.Report.SummaryDetails.NumberOfResources().All(),
+		Tests:    results.Report.SummaryDetails.NumberOfControls().All(),
 		Name:     "Kubescape Scanning",
-		Failures: results.Report.SummaryDetails.NumberOfResources().Failed(),
+		Failures: results.Report.SummaryDetails.NumberOfControls().Failed(),
 	}
 }
-
-// aggregate resources source to a list of resources results
-func sourceToResourcesResults(results *cautils.OPASessionObj) map[string][]resourcesresults.Result {
-	resourceResults := make(map[string][]resourcesresults.Result)
-	for i := range results.ResourceSource {
-		if r, ok := results.ResourcesResult[i]; ok {
-			if _, ok := resourceResults[results.ResourceSource[i].RelativePath]; !ok {
-				resourceResults[results.ResourceSource[i].RelativePath] = []resourcesresults.Result{}
-			}
-			resourceResults[results.ResourceSource[i].RelativePath] = append(resourceResults[results.ResourceSource[i].RelativePath], r)
-		}
-	}
-	return resourceResults
-}
-
-// listTestsSuite returns a list of testsuites
 func listTestsSuite(results *cautils.OPASessionObj) []JUnitTestSuite {
 	var testSuites []JUnitTestSuite
-	resourceResults := sourceToResourcesResults(results)
-	counter := 0
+
 	// control scan
-	for path, resourcesResult := range resourceResults {
+	if len(results.Report.SummaryDetails.ListFrameworks()) == 0 {
 		testSuite := JUnitTestSuite{}
+		testSuite.Failures = results.Report.SummaryDetails.NumberOfControls().Failed()
 		testSuite.Timestamp = results.Report.ReportGenerationTime.String()
-		testSuite.ID = counter
-		counter++
-		testSuite.File = path
-		testSuite.TestCases = testsCases(results, resourcesResult)
-		if len(testSuite.TestCases) > 0 {
-			testSuites = append(testSuites, testSuite)
-		}
+		testSuite.ID = 0
+		testSuite.Name = "kubescape"
+		testSuite.Properties = properties(results.Report.SummaryDetails.Score)
+		testSuite.TestCases = testsCases(results, &results.Report.SummaryDetails.Controls, "Kubescape")
+		testSuites = append(testSuites, testSuite)
+		return testSuites
+	}
+
+	for i, f := range results.Report.SummaryDetails.Frameworks {
+		testSuite := JUnitTestSuite{}
+		testSuite.Failures = f.NumberOfControls().Failed()
+		testSuite.Timestamp = results.Report.ReportGenerationTime.String()
+		testSuite.ID = i
+		testSuite.Name = f.Name
+		testSuite.Properties = properties(f.Score)
+		testSuite.TestCases = testsCases(results, f.GetControls(), f.GetName())
+		testSuites = append(testSuites, testSuite)
 	}

 	return testSuites
 }
-
-func failedControlsToFailureMessage(results *cautils.OPASessionObj, controls []resourcesresults.ResourceAssociatedControl, severityCounter []int) string {
-	msg := ""
-	for _, c := range controls {
-		control := results.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, c.GetID())
-		if c.GetStatus(nil).IsFailed() {
-			msg += fmt.Sprintf("Test: %s\n", control.GetName())
-			msg += fmt.Sprintf("Severity: %s\n", apis.ControlSeverityToString(control.GetScoreFactor()))
-			msg += fmt.Sprintf("Remediation: %s\n", control.GetRemediation())
-			msg += fmt.Sprintf("Link: %s\n", cautils.GetControlLink(control.GetID()))
-			if failedPaths := failedPathsToString(&c); len(failedPaths) > 0 {
-				msg += fmt.Sprintf("Failed paths: \n - %s\n", strings.Join(failedPaths, "\n - "))
-			}
-			if fixPaths := fixPathsToString(&c); len(fixPaths) > 0 {
-				msg += fmt.Sprintf("Available fix: \n - %s\n", strings.Join(fixPaths, "\n - "))
-			}
-			msg += "\n"
-
-			severityCounter[apis.ControlSeverityToInt(control.GetScoreFactor())] += 1
-		}
-	}
-	return msg
-}
-
-// Every testCase includes a file (even if the file contains several resources)
-func testsCases(results *cautils.OPASessionObj, resourcesResult []resourcesresults.Result) []JUnitTestCase {
+func testsCases(results *cautils.OPASessionObj, controls reportsummary.IControlsSummaries, classname string) []JUnitTestCase {
 	var testCases []JUnitTestCase
-	testCase := JUnitTestCase{}
-	testCaseFailure := JUnitFailure{}
-	testCaseFailure.Type = testCaseTypeResources
-	message := ""

-	// severityCounter represents the severities, 0: Unknown, 1: Low, 2: Medium, 3: High, 4: Critical
-	severityCounter := make([]int, apis.NumberOfSeverities, apis.NumberOfSeverities)
+	iter := controls.ListControlsIDs().All()
+	for iter.HasNext() {
+		cID := iter.Next()
+		testCase := JUnitTestCase{}
+		control := results.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, cID)
+
+		testCase.Name = control.GetName()
+		testCase.Classname = classname
+		testCase.Status = string(control.GetStatus().Status())
+
+		if control.GetStatus().IsFailed() {
+			resources := map[string]interface{}{}
+			resourceIDs := control.ListResourcesIDs().Failed()
+			for j := range resourceIDs {
+				resource := results.AllResources[resourceIDs[j]]
+				resources[resourceToString(resource)] = nil
+			}
+			resourcesStr := shared.MapStringToSlice(resources)
+			sort.Strings(resourcesStr)
+			testCaseFailure := JUnitFailure{}
+			testCaseFailure.Type = "Control"
+			// testCaseFailure.Contents =
+			testCaseFailure.Message = fmt.Sprintf("Remediation: %s\nMore details: %s\n\n%s", control.GetRemediation(), cautils.GetControlLink(control.GetID()), strings.Join(resourcesStr, "\n"))
+
+			testCase.Failure = &testCaseFailure
+		} else if control.GetStatus().IsSkipped() {
+			testCase.SkipMessage = &JUnitSkipMessage{
+				Message: "", // TODO - fill after statusInfo is supported
+			}

-	for i := range resourcesResult {
-		if failedControls := failedControlsToFailureMessage(results, resourcesResult[i].ListControls(), severityCounter); failedControls != "" {
-			message += fmt.Sprintf("%sResource: %s\n\n%s", lineSeparator, resourceNameToString(results.AllResources[resourcesResult[i].GetResourceID()]), failedControls)
 		}
-	}
-	testCaseFailure.Message += fmt.Sprintf("%s\n%s", getSummaryMessage(severityCounter), message)
-
-	testCase.Failure = &testCaseFailure
-	if testCase.Failure.Message != "" {
 		testCases = append(testCases, testCase)
 	}
-
 	return testCases
 }

-func getSummaryMessage(severityCounter []int) string {
-	total := 0
-	severities := ""
-	for i, count := range severityCounter {
-		if apis.SeverityNumberToString(i) == apis.SeverityNumberToString(apis.SeverityUnknown) {
-			continue
-		}
-		severities += fmt.Sprintf("%s: %d, ", apis.SeverityNumberToString(i), count)
-		total += count
-	}
-	if len(severities) == 0 {
-		return ""
-	}
-	return fmt.Sprintf("Total: %d (%s)", total, severities[:len(severities)-2])
-}
-
-func resourceNameToString(resource workloadinterface.IMetadata) string {
+func resourceToString(resource workloadinterface.IMetadata) string {
+	sep := "; "
 	s := ""
-	s += fmt.Sprintf("kind=%s/", resource.GetKind())
+	s += fmt.Sprintf("apiVersion: %s", resource.GetApiVersion()) + sep
+	s += fmt.Sprintf("kind: %s", resource.GetKind()) + sep
 	if resource.GetNamespace() != "" {
-		s += fmt.Sprintf("namespace=%s/", resource.GetNamespace())
+		s += fmt.Sprintf("namespace: %s", resource.GetNamespace()) + sep
 	}
-	s += fmt.Sprintf("name=%s", resource.GetName())
+	s += fmt.Sprintf("name: %s", resource.GetName())
 	return s
 }
+
+func properties(riskScore float32) []JUnitProperty {
+	return []JUnitProperty{
+		{
+			Name:  "riskScore",
+			Value: fmt.Sprintf("%.2f", riskScore),
+		},
+	}
+}
--- a/core/pkg/resultshandling/printer/v2/prettyprinter.go
+++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go
@@ -192,7 +192,7 @@ func (prettyPrinter *PrettyPrinter) printSummaryTable(summaryDetails *reportsumm
 		return
 	}
 	cautils.InfoTextDisplay(prettyPrinter.writer, "\n"+controlCountersForSummary(summaryDetails.NumberOfControls())+"\n")
-	cautils.InfoTextDisplay(prettyPrinter.writer, renderSeverityCountersSummary(&summaryDetails.SeverityCounters)+"\n\n")
+	cautils.InfoTextDisplay(prettyPrinter.writer, renderSeverityCountersSummary(summaryDetails.GetResourcesSeverityCounters())+"\n\n")

 	// cautils.InfoTextDisplay(prettyPrinter.writer, "\n"+"Severities: SOME OTHER"+"\n\n")

@@ -256,10 +256,10 @@ func frameworksScoresToString(frameworks []reportsummary.IFrameworkSummary) stri

 // renderSeverityCountersSummary renders the string that reports severity counters summary
 func renderSeverityCountersSummary(counters reportsummary.ISeverityCounters) string {
-	critical := counters.NumberOfResourcesWithCriticalSeverity()
-	high := counters.NumberOfResourcesWithHighSeverity()
-	medium := counters.NumberOfResourcesWithMediumSeverity()
-	low := counters.NumberOfResourcesWithLowSeverity()
+	critical := counters.NumberOfCriticalSeverity()
+	high := counters.NumberOfHighSeverity()
+	medium := counters.NumberOfMediumSeverity()
+	low := counters.NumberOfLowSeverity()

 	return fmt.Sprintf(
 		"Failed Resources by Severity: Critical — %d, High — %d, Medium — %d, Low — %d",
--- a/core/pkg/resultshandling/printer/v2/reportingstructs.go
+++ b/core/pkg/resultshandling/printer/v2/reportingstructs.go
@@ -14,6 +14,7 @@ type ResourceResult struct {
 type ResourceControlResult struct {
 	Severity    string
 	Name        string
+	ID          string
 	URL         string
 	FailedPaths []string
 }
--- a/core/pkg/resultshandling/printer/v2/utils.go
+++ b/core/pkg/resultshandling/printer/v2/utils.go
@@ -27,7 +27,9 @@ func FinalizeResults(data *cautils.OPASessionObj) *reporthandlingv2.PostureRepor
 	report.Results = make([]resourcesresults.Result, len(data.ResourcesResult))
 	finalizeResults(report.Results, data.ResourcesResult, data.ResourcesPrioritized)

-	report.Resources = finalizeResources(report.Results, data.AllResources, data.ResourceSource)
+	if !data.OmitRawResources {
+		report.Resources = finalizeResources(report.Results, data.AllResources, data.ResourceSource)
+	}

 	return &report
 }
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
@@ -264,7 +264,7 @@ func (report *ReportEventReceiver) addPathURL(urlObj *url.URL) {
 		case SubmitContextRBAC:
 			urlObj.Path = "rbac-visualizer"
 		case SubmitContextRepository:
-			urlObj.Path = fmt.Sprintf("repositories-scan/%s", report.reportID)
+			urlObj.Path = fmt.Sprintf("repository-scanning/%s", report.reportID)
 		default:
 			urlObj.Path = "dashboard"
 		}
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver_test.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver_test.go
@@ -88,7 +88,7 @@ func TestGetURL(t *testing.T) {
 			"XXXX",
 			SubmitContextRepository,
 		)
-		assert.Equal(t, "https://cloud.armosec.io/repositories-scan/XXXX?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", reporter.GetURL())
+		assert.Equal(t, "https://cloud.armosec.io/repository-scanning/XXXX?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", reporter.GetURL())
 	}

 	// Test submit and NOT registered url
--- a/core/pkg/resultshandling/results.go
+++ b/core/pkg/resultshandling/results.go
@@ -2,6 +2,7 @@ package resultshandling

 import (
 	"encoding/json"
+	"fmt"

 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
@@ -100,6 +101,9 @@ func NewPrinter(printFormat, formatVersion string, verboseMode bool, viewType ca
 	case printer.SARIFFormat:
 		return printerv2.NewSARIFPrinter()
 	default:
+		if printFormat != printer.PrettyFormat {
+			logger.L().Error(fmt.Sprintf("Invalid format \"%s\", default format \"pretty-printer\" is applied", printFormat))
+		}
 		return printerv2.NewPrettyPrinter(verboseMode, formatVersion, viewType)
 	}
 }
--- a/docs/architecture.drawio.svg
+++ b/docs/architecture.drawio.svg
@@ -0,0 +1 @@
+<mxfile host="app.diagrams.net" modified="2022-12-06T07:59:31.961Z" agent="5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" etag="dboVwkfdjNikGFJag3q6" version="20.6.0" type="device"><diagram id="-fs2xgBgB6aFH82wrd4-" name="Page-1">5Vpdc5s4FP01fkzGIAT2o2OndabpxLNuZ9tHGRRQC4gRIrbz61cyAgOisXdqDG0e4qArkKVzz/00IzCPdh8ZSoLP1MPhyBx7uxFYjEzTcGxL/JOSfS4Blp0LfEY8ddNRsCavWAnHSpoRD6e1GzmlISdJXejSOMYur8kQY3Rbv+2ZhvVvTZCPNcHaRaEu/Zd4PMilEzg+ypeY+EHxzcZYzUSouFkJ0gB5dFsRgfsRmDNKeX4V7eY4lOAVuOTPffjFbLkxhmN+zgOT5cO3r7vs8Z+Xm693/iuaZdPljQHyZV5QmKkTq93yfQHBNiAcrxPkyvFWqHkE7gIehWJkiEu1AGYc7365NaM8sGAKphHmbC9uKR4ACiNFEmOqxtsj5HbBiKAKd/EgUmr2y7WPSIgLBcb/AKZYuIID9gQz1JAyHlCfxii8P0rvGM1iD8tlx2J0vOeR0kSh9QNzvlc0RxmndSwFXmz/TT1/GHyXg1tYDBe76uRir0b5XuUG39aAOA/NmIvfYoQyWI6Yj/lJ6ug6ZThEnLzUd3Jx/RTbrBB3/nmh6ayuke6ZfGM1mGzrTJ60ENnpisfm9L3yGP4ZPIYaj5dfvqwGR+SStX0R2bA1oD5lG5y6KMEj00aRxCDepEl5/gp6AgdehwiFxI/FtSvwwEwIJFpExP2ZmoiI5+XGgFPyijaHpST2CSUxP5wO3o3gQq4l+J/mpiCXTjmjP/GchlSsu4hpLFd5JmHYEF1AS6YF6+4GQk1L0xYtdRY2i2TnrXzi2lQ2mlQe61QuZUE9meuKzI4Gk0hgn4mfMeFzaJxqoJ2ACaVJnv0+k52EVuf3JYC0G0CaEw1I56o+YaLB+LT5IYBID2WC/MAp/20sL2GoEA4LuuIIQzJU0ASpxVANB17TUAtUKjA9xEmmc+qvjTDGaecJrxph9Ip1xaiLU91n/q06AVPn9rSltLmT7rSil2O9uxNoOafdSVt21KE70bP9p4y/J38Cp9YZ3LWvyl29ssjThvGN+HtazYaQQACn4YfBeRbfXQKhp7DrbBORQaRbEDZMv9htFS2zBS2zK7T0THXFhFWKxT4QAdQAMLOhZpmFZfSFWlHd9tW8Ovarvlfnum9egbObV067Tq/TvAJ6ONMUlgayQSPC1j4kQi8MnI79m1yDj5tSgNyf/kGvIlqKZcq4pUIYvIwFNFwsaGl5GW0+tmwwXN4A9CptTgXpaKhnu1dvqzS6AZZzXkTqDiy9VsM7FyftDZWrw9Uobi1Tb9W1NVQ7S3ssvZDKe1C3vWM1GRqz9OoGcS6c0uCQMntGqmgFvLuIXbzWcDpiT/qM2JZe6/zJEdu0hxey9bro02QtBLPVQ+/uopni9O4vLL0uWlJZezd/0LND2Q7ZMHHly6vURXGMWe+IAjg0RKcaog8R8rH8SeQlC+P+ETMGFt2hnmTPfJ9hH/FBFOZWg2Idtn7E8PhC2mGu8lofuP8P</diagram></mxfile>
--- a/go.mod
+++ b/go.mod
@@ -5,7 +5,6 @@ go 1.18
 require (
 	cloud.google.com/go/containeranalysis v0.4.0
 	github.com/armosec/armoapi-go v0.0.119
-	github.com/armosec/go-git-url v0.0.15
 	github.com/armosec/utils-go v0.0.12
 	github.com/armosec/utils-k8s-go v0.0.12
 	github.com/briandowns/spinner v1.18.1
@@ -15,9 +14,10 @@ require (
 	github.com/go-git/go-git/v5 v5.4.2
 	github.com/google/uuid v1.3.0
 	github.com/johnfercher/maroto v0.37.0
+	github.com/kubescape/go-git-url v0.0.17
 	github.com/kubescape/go-logger v0.0.6
 	github.com/kubescape/k8s-interface v0.0.89
-	github.com/kubescape/opa-utils v0.0.200
+	github.com/kubescape/opa-utils v0.0.204
 	github.com/kubescape/rbac-utils v0.0.19
 	github.com/libgit2/git2go/v33 v33.0.9
 	github.com/mattn/go-isatty v0.0.14
@@ -38,7 +38,7 @@ require (
 	k8s.io/api v0.25.3
 	k8s.io/apimachinery v0.25.3
 	k8s.io/client-go v0.25.3
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
+	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448
 	sigs.k8s.io/kustomize/api v0.11.4
 	sigs.k8s.io/kustomize/kyaml v0.13.6
 	sigs.k8s.io/yaml v1.3.0
@@ -181,7 +181,7 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/apiextensions-apiserver v0.24.2 // indirect
-	k8s.io/klog/v2 v2.70.1 // indirect
+	k8s.io/klog/v2 v2.80.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
 	sigs.k8s.io/controller-runtime v0.12.3 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
--- a/go.sum
+++ b/go.sum
@@ -157,8 +157,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/armosec/armoapi-go v0.0.119 h1:7XbvBbOKp26Bpp72LQ8Spw4FBpbXu3+qZFQyPEwTPFk=
 github.com/armosec/armoapi-go v0.0.119/go.mod h1:2zoNzb3Fy9ZByeczJZ47ftDRLRzTykVdTISS3GTc/JU=
-github.com/armosec/go-git-url v0.0.15 h1:sDtu0WNvAhrDJ2begTyWP8T4tE1j1K6D0ZJ6t3Cx8k4=
-github.com/armosec/go-git-url v0.0.15/go.mod h1:GzfssG3IW9KiURSpK7c/bySBRTlghpObQ7NQ1O4hcMI=
 github.com/armosec/utils-go v0.0.12 h1:NXkG/BhbSVAmTVXr0qqsK02CmxEiXuJyPmdTRcZ4jAo=
 github.com/armosec/utils-go v0.0.12/go.mod h1:F/K1mI/qcj7fNuJl7xktoCeHM83azOF0Zq6eC2WuPyU=
 github.com/armosec/utils-k8s-go v0.0.12 h1:u7kHSUp4PpvPP3hEaRXMbM0Vw23IyLhAzzE+2TW6Jkk=
@@ -585,12 +583,14 @@ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kubescape/go-git-url v0.0.17 h1:yBPmQzxIVa3vbFVjwTlrnxjGf1kTAWDeMh+kvMd/RZA=
+github.com/kubescape/go-git-url v0.0.17/go.mod h1:a1rDC6M1VBMwTaDfrSwbVq84Zu71U+1qKqQmI1cA0lE=
 github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb3QrA=
 github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI=
 github.com/kubescape/k8s-interface v0.0.89 h1:OtlvZosHpjlbHfsilfQk2wRbuBnxwF0e+WZX6GbkfLU=
 github.com/kubescape/k8s-interface v0.0.89/go.mod h1:pgFRs20mHiavf6+fFWY7h/f8HuKlwuZwirvjxiKJlu0=
-github.com/kubescape/opa-utils v0.0.200 h1:7EhE9FTabzkUxicvxdchXuaTWW0J2mFj04vK4jTrxN0=
-github.com/kubescape/opa-utils v0.0.200/go.mod h1:rDC3PANuk8gU5lSDO/WPFTluypBQ+/6qiuZLye+slYg=
+github.com/kubescape/opa-utils v0.0.204 h1:9O9drjyzjOhI7Xi2S4Px0WKa66U5GFPQqeOLvhDqHnw=
+github.com/kubescape/opa-utils v0.0.204/go.mod h1:rDC3PANuk8gU5lSDO/WPFTluypBQ+/6qiuZLye+slYg=
 github.com/kubescape/rbac-utils v0.0.19 h1:7iydgVxlMLW15MgHORfMBMqNj9jHtFGACd744fdtrFs=
 github.com/kubescape/rbac-utils v0.0.19/go.mod h1:t57AhSrjuNGQ+mpZWQM/hBzrCOeKBDHegFoVo4tbikQ=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
@@ -1552,16 +1552,16 @@ k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
-k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
+k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA=
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=
+k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
--- a/httphandler/docs/swagger.yaml
+++ b/httphandler/docs/swagger.yaml
@@ -75,7 +75,6 @@ definitions:
        description: |-
          Submit results to Kubescape Cloud.

-          Same as `kubescape scan --submit`.
        type: boolean
        x-go-name: Submit
      targetNames:
--- a/httphandler/go.mod
+++ b/httphandler/go.mod
@@ -12,9 +12,9 @@ require (
 	github.com/gorilla/schema v1.2.0
 	github.com/kubescape/go-logger v0.0.6
 	github.com/kubescape/kubescape/v2 v2.0.0-00010101000000-000000000000
-	github.com/kubescape/opa-utils v0.0.200
+	github.com/kubescape/opa-utils v0.0.204
 	github.com/stretchr/testify v1.8.0
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
+	k8s.io/utils v0.0.0-20221128185143-99ec85e7a448
 )

 require (
@@ -47,7 +47,6 @@ require (
 	github.com/agnivade/levenshtein v1.1.1 // indirect
 	github.com/alecthomas/participle/v2 v2.0.0-beta.5 // indirect
 	github.com/armosec/armoapi-go v0.0.119 // indirect
-	github.com/armosec/go-git-url v0.0.15 // indirect
 	github.com/armosec/utils-k8s-go v0.0.12 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect
 	github.com/aws/aws-sdk-go v1.44.51 // indirect
@@ -119,6 +118,7 @@ require (
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/jung-kurt/gofpdf v1.16.2 // indirect
 	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
+	github.com/kubescape/go-git-url v0.0.17 // indirect
 	github.com/kubescape/k8s-interface v0.0.89 // indirect
 	github.com/kubescape/rbac-utils v0.0.19 // indirect
 	github.com/libgit2/git2go/v33 v33.0.9 // indirect
@@ -191,7 +191,7 @@ require (
 	k8s.io/apiextensions-apiserver v0.24.2 // indirect
 	k8s.io/apimachinery v0.25.3 // indirect
 	k8s.io/client-go v0.25.3 // indirect
-	k8s.io/klog/v2 v2.70.1 // indirect
+	k8s.io/klog/v2 v2.80.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 // indirect
 	sigs.k8s.io/controller-runtime v0.12.3 // indirect
 	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
--- a/httphandler/go.sum
+++ b/httphandler/go.sum
@@ -157,8 +157,6 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd
 github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
 github.com/armosec/armoapi-go v0.0.119 h1:7XbvBbOKp26Bpp72LQ8Spw4FBpbXu3+qZFQyPEwTPFk=
 github.com/armosec/armoapi-go v0.0.119/go.mod h1:2zoNzb3Fy9ZByeczJZ47ftDRLRzTykVdTISS3GTc/JU=
-github.com/armosec/go-git-url v0.0.15 h1:sDtu0WNvAhrDJ2begTyWP8T4tE1j1K6D0ZJ6t3Cx8k4=
-github.com/armosec/go-git-url v0.0.15/go.mod h1:GzfssG3IW9KiURSpK7c/bySBRTlghpObQ7NQ1O4hcMI=
 github.com/armosec/utils-go v0.0.12 h1:NXkG/BhbSVAmTVXr0qqsK02CmxEiXuJyPmdTRcZ4jAo=
 github.com/armosec/utils-go v0.0.12/go.mod h1:F/K1mI/qcj7fNuJl7xktoCeHM83azOF0Zq6eC2WuPyU=
 github.com/armosec/utils-k8s-go v0.0.12 h1:u7kHSUp4PpvPP3hEaRXMbM0Vw23IyLhAzzE+2TW6Jkk=
@@ -641,12 +639,14 @@ github.com/kr/pty v1.1.3/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
 github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
 github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
 github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/kubescape/go-git-url v0.0.17 h1:yBPmQzxIVa3vbFVjwTlrnxjGf1kTAWDeMh+kvMd/RZA=
+github.com/kubescape/go-git-url v0.0.17/go.mod h1:a1rDC6M1VBMwTaDfrSwbVq84Zu71U+1qKqQmI1cA0lE=
 github.com/kubescape/go-logger v0.0.6 h1:ynhAmwrz0O7Jtqq1CdmCZUrKveji25hVP+B/FAb3QrA=
 github.com/kubescape/go-logger v0.0.6/go.mod h1:DnVWEvC90LFY1nNMaNo6nBVOcqkLMK3S0qzXP1fzRvI=
 github.com/kubescape/k8s-interface v0.0.89 h1:OtlvZosHpjlbHfsilfQk2wRbuBnxwF0e+WZX6GbkfLU=
 github.com/kubescape/k8s-interface v0.0.89/go.mod h1:pgFRs20mHiavf6+fFWY7h/f8HuKlwuZwirvjxiKJlu0=
-github.com/kubescape/opa-utils v0.0.200 h1:7EhE9FTabzkUxicvxdchXuaTWW0J2mFj04vK4jTrxN0=
-github.com/kubescape/opa-utils v0.0.200/go.mod h1:rDC3PANuk8gU5lSDO/WPFTluypBQ+/6qiuZLye+slYg=
+github.com/kubescape/opa-utils v0.0.204 h1:9O9drjyzjOhI7Xi2S4Px0WKa66U5GFPQqeOLvhDqHnw=
+github.com/kubescape/opa-utils v0.0.204/go.mod h1:rDC3PANuk8gU5lSDO/WPFTluypBQ+/6qiuZLye+slYg=
 github.com/kubescape/rbac-utils v0.0.19 h1:7iydgVxlMLW15MgHORfMBMqNj9jHtFGACd744fdtrFs=
 github.com/kubescape/rbac-utils v0.0.19/go.mod h1:t57AhSrjuNGQ+mpZWQM/hBzrCOeKBDHegFoVo4tbikQ=
 github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
@@ -1643,16 +1643,16 @@ k8s.io/gengo v0.0.0-20211129171323-c02415ce4185/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAE
 k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE=
 k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
 k8s.io/klog/v2 v2.60.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
-k8s.io/klog/v2 v2.70.1 h1:7aaoSdahviPmR+XkS7FyxlkkXs6tHISSG03RxleQAVQ=
-k8s.io/klog/v2 v2.70.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4=
+k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
 k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2Rx9ql3I8tycm3H9FDfdUoIuKCefvw=
 k8s.io/kube-openapi v0.0.0-20220328201542-3ee0da9b0b42/go.mod h1:Z/45zLw8lUo4wdiUkI+v/ImEGAvu3WatcZl3lPMR4Rk=
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1 h1:MQ8BAZPZlWk3S9K4a9NCkIFQtZShWqoha7snGixVgEA=
 k8s.io/kube-openapi v0.0.0-20220803162953-67bda5d908f1/go.mod h1:C/N6wCaBHeBHkHUesQOQy2/MZqGgMAFPqGsGQLdbZBU=
 k8s.io/utils v0.0.0-20210802155522-efc7438f0176/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 k8s.io/utils v0.0.0-20220210201930-3a6ce19ff2f9/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed h1:jAne/RjBTyawwAy0utX5eqigAwz/lQhTmy+Hr/Cpue4=
-k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
+k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 h1:KTgPnR10d5zhztWptI952TNtt/4u5h3IzDXkdIMuo2Y=
+k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
 rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
--- a/httphandler/handlerequests/v1/requestshandler.go
+++ b/httphandler/handlerequests/v1/requestshandler.go
@@ -16,8 +16,8 @@ import (
 	"github.com/google/uuid"
 )

-var OutputDir = "./results"
-var FailedOutputDir = "./failed"
+var OutputDir = "./results/"
+var FailedOutputDir = "./failed/"

 // A Scan Response object
 //
				`@@ -0,0 +1 @@`
				<mxfile host="app.diagrams.net" modified="2022-12-06T07:59:31.961Z" agent="5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36" etag="dboVwkfdjNikGFJag3q6" version="20.6.0" type="device"><diagram id="-fs2xgBgB6aFH82wrd4-" name="Page-1">5Vpdc5s4FP01fkzGIAT2o2OndabpxLNuZ9tHGRRQC4gRIrbz61cyAgOisXdqDG0e4qArkKVzz/00IzCPdh8ZSoLP1MPhyBx7uxFYjEzTcGxL/JOSfS4Blp0LfEY8ddNRsCavWAnHSpoRD6e1GzmlISdJXejSOMYur8kQY3Rbv+2ZhvVvTZCPNcHaRaEu/Zd4PMilEzg+ypeY+EHxzcZYzUSouFkJ0gB5dFsRgfsRmDNKeX4V7eY4lOAVuOTPffjFbLkxhmN+zgOT5cO3r7vs8Z+Xm693/iuaZdPljQHyZV5QmKkTq93yfQHBNiAcrxPkyvFWqHkE7gIehWJkiEu1AGYc7365NaM8sGAKphHmbC9uKR4ACiNFEmOqxtsj5HbBiKAKd/EgUmr2y7WPSIgLBcb/AKZYuIID9gQz1JAyHlCfxii8P0rvGM1iD8tlx2J0vOeR0kSh9QNzvlc0RxmndSwFXmz/TT1/GHyXg1tYDBe76uRir0b5XuUG39aAOA/NmIvfYoQyWI6Yj/lJ6ug6ZThEnLzUd3Jx/RTbrBB3/nmh6ayuke6ZfGM1mGzrTJ60ENnpisfm9L3yGP4ZPIYaj5dfvqwGR+SStX0R2bA1oD5lG5y6KMEj00aRxCDepEl5/gp6AgdehwiFxI/FtSvwwEwIJFpExP2ZmoiI5+XGgFPyijaHpST2CSUxP5wO3o3gQq4l+J/mpiCXTjmjP/GchlSsu4hpLFd5JmHYEF1AS6YF6+4GQk1L0xYtdRY2i2TnrXzi2lQ2mlQe61QuZUE9meuKzI4Gk0hgn4mfMeFzaJxqoJ2ACaVJnv0+k52EVuf3JYC0G0CaEw1I56o+YaLB+LT5IYBID2WC/MAp/20sL2GoEA4LuuIIQzJU0ASpxVANB17TUAtUKjA9xEmmc+qvjTDGaecJrxph9Ip1xaiLU91n/q06AVPn9rSltLmT7rSil2O9uxNoOafdSVt21KE70bP9p4y/J38Cp9YZ3LWvyl29ssjThvGN+HtazYaQQACn4YfBeRbfXQKhp7DrbBORQaRbEDZMv9htFS2zBS2zK7T0THXFhFWKxT4QAdQAMLOhZpmFZfSFWlHd9tW8Ovarvlfnum9egbObV067Tq/TvAJ6ONMUlgayQSPC1j4kQi8MnI79m1yDj5tSgNyf/kGvIlqKZcq4pUIYvIwFNFwsaGl5GW0+tmwwXN4A9CptTgXpaKhnu1dvqzS6AZZzXkTqDiy9VsM7FyftDZWrw9Uobi1Tb9W1NVQ7S3ssvZDKe1C3vWM1GRqz9OoGcS6c0uCQMntGqmgFvLuIXbzWcDpiT/qM2JZe6/zJEdu0hxey9bro02QtBLPVQ+/uopni9O4vLL0uWlJZezd/0LND2Q7ZMHHly6vURXGMWe+IAjg0RKcaog8R8rH8SeQlC+P+ETMGFt2hnmTPfJ9hH/FBFOZWg2Idtn7E8PhC2mGu8lofuP8P</diagram></mxfile>