diff --git a/README.md b/README.md index 4a414e09..f9743d2b 100644 --- a/README.md +++ b/README.md @@ -50,12 +50,6 @@ Kubescape can produce output fitting for later processing: kubescape scan framework nsa --exclude-namespaces kube-system,kube-public ``` -* Scan a running Kubernetes cluster with [`mitre`](https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/) framework -``` -kubescape scan framework mitre --exclude-namespaces kube-system,kube-public -``` - - * Scan local `yaml`/`json` files ``` kubescape scan framework nsa examples/online-boutique/* @@ -79,14 +73,14 @@ kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --sile ### Helm Support -1. Render the helm template to an output yaml +Render the helm template and pass as stdout ``` -helm template [CHART] [flags] --generate-name --dry-run --output-dir helm-output +helm template [CHART] [flags] --generate-name --dry-run | kubescape scan framework nsa - ``` -2. Run `kubescape` with rended yaml files +for example: ``` -kubescape scan framework nsa helm-output/* +helm template bitnami/mysql --generate-name --dry-run | kubescape scan framework nsa - ``` # How to build diff --git a/cmd/framework.go b/cmd/framework.go index d21a19c0..168209d6 100644 --- a/cmd/framework.go +++ b/cmd/framework.go @@ -4,6 +4,8 @@ import ( "errors" "flag" "fmt" + "io" + "io/ioutil" "kubescape/cautils" "kubescape/cautils/armotypes" "kubescape/cautils/k8sinterface" @@ -25,26 +27,42 @@ type CLIHandler struct { } var frameworkCmd = &cobra.Command{ - Use: "framework ", - Short: "The framework you wish to use. Supported frameworks: nsa, mitre", - Long: ``, + Use: "framework [``/`-`] [flags]", + Short: "The framework you wish to use. Supported frameworks: nsa", + Long: "Execute a scan on a running Kubernetes cluster or yaml/json files (use glob) or `-` for stdin", ValidArgs: supportedFrameworks, Args: func(cmd *cobra.Command, args []string) error { if len(args) < 1 { return errors.New("requires at least one argument") } if !isValidFramework(args[0]) { - return errors.New("supported frameworks: nsa and mitre") + return errors.New("supported frameworks: nsa") } return nil }, - Run: func(cmd *cobra.Command, args []string) { + RunE: func(cmd *cobra.Command, args []string) error { scanInfo.PolicyIdentifier = opapolicy.PolicyIdentifier{} scanInfo.PolicyIdentifier.Kind = opapolicy.KindFramework scanInfo.PolicyIdentifier.Name = args[0] - scanInfo.InputPatterns = args[1:] + + if len(args[1:]) == 0 || args[1] != "-" { + scanInfo.InputPatterns = args[1:] + } else { // store stout to file + tempFile, err := ioutil.TempFile(".", "tmp-kubescape*.yaml") + if err != nil { + return err + } + defer os.Remove(tempFile.Name()) + + if _, err := io.Copy(tempFile, os.Stdin); err != nil { + return err + } + scanInfo.InputPatterns = []string{tempFile.Name()} + } cautils.SetSilentMode(scanInfo.Silent) CliSetup() + + return nil }, } diff --git a/printer/printresults.go b/printer/printresults.go index bf712138..864d9193 100644 --- a/printer/printresults.go +++ b/printer/printresults.go @@ -17,6 +17,8 @@ import ( var INDENT = " " +const EmptyPercentage = "NaN" + const ( PrettyPrinter string = "pretty-printer" JsonPrinter string = "json" @@ -158,7 +160,11 @@ func (printer *Printer) printResult(controlName string, controlSummary *ControlS func generateRow(control string, cs ControlSummary) []string { row := []string{control} row = append(row, cs.ToSlice()...) - row = append(row, fmt.Sprintf("%d%s", percentage(cs.TotalResources, cs.TotalFailed), "%")) + if cs.TotalResources != 0 { + row = append(row, fmt.Sprintf("%d%s", percentage(cs.TotalResources, cs.TotalFailed), "%")) + } else { + row = append(row, EmptyPercentage) + } return row } @@ -181,7 +187,11 @@ func generateFooter(numControlers, sumFailed, sumTotal int) []string { row = append(row, fmt.Sprintf("%d", numControlers)) row = append(row, fmt.Sprintf("%d", sumFailed)) row = append(row, fmt.Sprintf("%d", sumTotal)) - row = append(row, fmt.Sprintf("%d%s", percentage(sumTotal, sumFailed), "%")) + if sumTotal != 0 { + row = append(row, fmt.Sprintf("%d%s", percentage(sumTotal, sumFailed), "%")) + } else { + row = append(row, EmptyPercentage) + } return row } func (printer *Printer) PrintSummaryTable() {