github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-04-02 00:39:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,485 Commits 22 Branches 553 Tags
fix-hostscan
Commit Graph

3485 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Bertschy
4e0328da43 wip - fix data retrieved from the host CRDs 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-03-22 22:03:21 +01:00
Matthias Bertschy
b79488dca6 Merge pull request #1949 from Mujib-Ahasan/grype-db-url 
feat: new flag `--grype-db-url` added to overload the url in `kubescape scan` command
v4.0.3 		2026-03-15 20:46:26 +01:00
Mujib Ahasan
ab97d676ae README.md updated 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2026-03-15 23:50:58 +05:30
Mujib Ahasan
0372a4fca6 log added in scanImage(): value of scanInfo.ListingURL for reference 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2026-03-10 23:14:33 +05:30
Mujib Ahasan
d7be453fea fix: missing host do not return nil error 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2026-03-07 03:15:34 +05:30
Mujib Ahasan
eb8dac0b10 feat: new falg --grype-db-url added to overload the url in kubescape scan command 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2026-03-07 02:58:03 +05:30
Matthias Bertschy
2edf348715 Merge pull request #1948 from kubescape/dependabot/go_modules/go.opentelemetry.io/otel/sdk-1.40.0 
build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0
 2026-03-03 20:46:29 +00:00
dependabot[bot]
d989703fd9 build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-03-03 21:35:13 +01:00
Matthias Bertschy
5ffa06f571 Merge pull request #1945 from kubescape/dependabot/go_modules/github.com/go-git/go-git/v5-5.16.5 
build(deps): Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5
 2026-02-18 15:13:22 +01:00
dependabot[bot]
9aba8e4534 build(deps): Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.16.2 to 5.16.5.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.16.2...v5.16.5)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
v4.0.2 		2026-02-18 14:50:46 +01:00
Matthias Bertschy
93ac65f309 Merge pull request #1944 from lpmi-13/pass-tag-for-runtime-version 
Pass tag for the runtime version
 2026-02-18 14:42:14 +01:00
Adam Leskis
bb2ef7dfda Pass tag for the runtime version 
Signed-off-by: Adam Leskis <leskis@gmail.com>
 2026-02-18 11:29:31 +00:00
Matthias Bertschy
b167435c4d Merge pull request #1941 from kubescape/semver 
fix isRuleKubescapeVersionCompatible bug with version 4.0.0
v4.0.1 		2026-02-12 15:14:45 +00:00
Matthias Bertschy
9b29321a53 Enhance version testing in smoke tests to extract and validate output version 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-12 14:56:31 +01:00
Matthias Bertschy
466a11fa1c fix isRuleKubescapeVersionCompatible bug with version 4.0.0 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-12 14:08:03 +01:00
Matthias Bertschy
cfe022ff1d Use TagName directly in .krew.yaml templates v4.0.0 2026-02-04 18:16:34 +01:00
Matthias Bertschy
e0eeb691e6 Make version smoke test accept bytes and v-prefix 2026-02-04 17:44:39 +01:00
Matthias Bertschy
dc65bd4ccc force overridden ldflags in goreleaser 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 17:19:54 +01:00
Matthias Bertschy
02790da144 remove invalid build flag 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 11:42:11 +01:00
Matthias Bertschy
b97f50ffb5 fix version handling and injection 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 10:42:12 +01:00
Matthias Bertschy
0841d1d483 Merge pull request #1939 from kubescape/feat/performance-optimization-phases-1-3 
feat: Optimize CPU and Memory Usage for Resource-Intensive Scans
 2026-02-04 07:47:47 +00:00
Matthias Bertschy
fbef268f22 feat: optimize CPU and memory usage for resource-intensive scans 
Implement Phases 1-3 of the performance optimization plan to address
issue #1793 - reduce CPU and memory consumption for system-constrained
environments.

Phase 1 - OPA Module Caching:
- Add compiledModules cache to OPAProcessor with thread-safe access
- Cache compiled OPA rules to eliminate redundant compilation
- Reuse compiled modules with double-checked locking pattern
- Expected CPU savings: 30-40%

Phase 2 - Map Pre-sizing:
- Add estimateClusterSize() to calculate resource count
- Pre-size AllResources, ResourcesResult, and related maps
- Reduce memory reallocations and GC pressure
- Expected memory savings: 10-20%

Phase 3 - Set-based Deduplication:
- Add thread-safe StringSet utility in core/pkg/utils
- Replace O(n) slices.Contains() with O(1) map operations
- Use StringSet for image scanning and related resources deduplication
- 100% test coverage for new utility
- Expected CPU savings: 5-10% for large clusters

Full optimization plan documented in optimization-plan.md

Related: #1793
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 08:07:54 +01:00
Matthias Bertschy
427dccadd3 Merge pull request #1934 from kubescape/krew 
Add krew plugin manifest
 2026-02-03 17:12:33 +00:00
Matthias Bertschy
01bb19bf6e Add krew plugin manifest 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 17:58:30 +01:00
Matthias Bertschy
c0d4bb45eb Merge pull request #1937 from kubescape/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.4.1 
build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1
 2026-02-03 14:50:06 +00:00
Matthias Bertschy
222c1ec866 Merge pull request #1931 from Mujib-Ahasan/readmd-update 
Fix broken README table of contents anchor links
 2026-02-03 14:44:36 +00:00
dependabot[bot]
dc49218c7c build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.1 to 2.4.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.4.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 13:12:03 +01:00
Matthias Bertschy
3b4585a827 Merge pull request #1932 from kubescape/scan-images 
add verbose option to scan-images
 2026-02-02 19:30:00 +00:00
Matthias Bertschy
7f79bc2d1d Sort CVEs by severity then ID 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
3623e55433 feat: add image column to vulnerability scanning table output 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
2f7841b5a2 update policy.json testdata 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
f70d81d7c4 add verbose option to scan-images 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
bd49251234 Merge pull request #1936 from kubescape/lint 
fix all linter errors
 2026-02-02 16:50:48 +00:00
Matthias Bertschy
57addd493f fix all linter errors 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:32:08 +01:00
Matthias Bertschy
8f009d4698 Merge pull request #1935 from kubescape/run_test_from_private_repo 
run system test from private repo
 2026-02-02 08:35:08 +00:00
bvolovat
7c0e38072d run system test from private repo 2026-02-02 10:22:00 +02:00
bvolovat
aa9a610c4c run system test from private repo 2026-02-02 10:03:25 +02:00
Bezbran
25bd51e8b4 Replace host sensor with node agent sensing (#1916) 
In this change I used both claude code and Antigravity.

---------

Signed-off-by: Bezalel Brandwine <bez@softwine.net>
 2026-02-01 13:17:03 +02:00
Mujib Ahasan
2759beece5 Fix broken README anchors 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2026-01-26 02:25:55 +05:30
Matthias Bertschy
6ce0121a03 Merge pull request #1928 from kubescape/dependabot/go_modules/github.com/sigstore/rekor-1.5.0 
build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0
v3.0.48 		2026-01-22 20:24:28 +00:00
Matthias Bertschy
09aa1ab866 Merge pull request #1927 from kubescape/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.3.1 
build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1
 2026-01-22 20:24:08 +00:00
dependabot[bot]
0ec188b23d build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.4.3...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:50:11 +01:00
dependabot[bot]
090820ba04 build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:49:44 +01:00
Matthias Bertschy
0cf24d058f Merge pull request #1926 from kubescape/copilot/fix-kubescan-interface-error 
Fix panic on unsafe interface{} to string type assertions
 2026-01-22 19:43:25 +00:00
copilot-swe-agent[bot]
c32e665809 Final verification - all changes complete 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 17:13:09 +01:00
copilot-swe-agent[bot]
82ec11b207 Fix indentation in test file 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:42:42 +00:00
copilot-swe-agent[bot]
32a15acdea Add test for CheckShortTerminalWidth with non-string values 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:41:14 +00:00
copilot-swe-agent[bot]
837a50c903 Fix unsafe interface to string type assertions to prevent panic 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:37:43 +00:00
copilot-swe-agent[bot]
bd00d153e9 Initial plan 2026-01-22 12:33:31 +00:00
Matthias Bertschy
306050046d Merge pull request #1923 from kubescape/dependabot/go_modules/github.com/sigstore/fulcio-1.8.5 
build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5
 2026-01-20 07:41:16 +00:00