github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-04-05 18:26:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,485 Commits 23 Branches 553 Tags
fix-hostscan
Commit Graph

411 Commits

Author SHA1 Message Date
dependabot[bot]
d989703fd9 build(deps): Bump go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0 
Bumps [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) from 1.39.0 to 1.40.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.39.0...v1.40.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-version: 1.40.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-03-03 21:35:13 +01:00
dependabot[bot]
9aba8e4534 build(deps): Bump github.com/go-git/go-git/v5 from 5.16.2 to 5.16.5 
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.16.2 to 5.16.5.
- [Release notes](https://github.com/go-git/go-git/releases)
- [Commits](https://github.com/go-git/go-git/compare/v5.16.2...v5.16.5)

---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
  dependency-version: 5.16.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-18 14:50:46 +01:00
Matthias Bertschy
b97f50ffb5 fix version handling and injection 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 10:42:12 +01:00
Matthias Bertschy
fbef268f22 feat: optimize CPU and memory usage for resource-intensive scans 
Implement Phases 1-3 of the performance optimization plan to address
issue #1793 - reduce CPU and memory consumption for system-constrained
environments.

Phase 1 - OPA Module Caching:
- Add compiledModules cache to OPAProcessor with thread-safe access
- Cache compiled OPA rules to eliminate redundant compilation
- Reuse compiled modules with double-checked locking pattern
- Expected CPU savings: 30-40%

Phase 2 - Map Pre-sizing:
- Add estimateClusterSize() to calculate resource count
- Pre-size AllResources, ResourcesResult, and related maps
- Reduce memory reallocations and GC pressure
- Expected memory savings: 10-20%

Phase 3 - Set-based Deduplication:
- Add thread-safe StringSet utility in core/pkg/utils
- Replace O(n) slices.Contains() with O(1) map operations
- Use StringSet for image scanning and related resources deduplication
- 100% test coverage for new utility
- Expected CPU savings: 5-10% for large clusters

Full optimization plan documented in optimization-plan.md

Related: #1793
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 08:07:54 +01:00
dependabot[bot]
dc49218c7c build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.1 to 2.4.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.4.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 13:12:03 +01:00
Bezbran
25bd51e8b4 Replace host sensor with node agent sensing (#1916) 
In this change I used both claude code and Antigravity.

---------

Signed-off-by: Bezalel Brandwine <bez@softwine.net>
 2026-02-01 13:17:03 +02:00
Matthias Bertschy
6ce0121a03 Merge pull request #1928 from kubescape/dependabot/go_modules/github.com/sigstore/rekor-1.5.0 
build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0
 2026-01-22 20:24:28 +00:00
dependabot[bot]
0ec188b23d build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.4.3...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:50:11 +01:00
dependabot[bot]
090820ba04 build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:49:44 +01:00
dependabot[bot]
413db87e85 build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.8.4...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-20 08:07:08 +01:00
dependabot[bot]
0c42b41dcc build(deps): Bump github.com/sigstore/cosign/v3 
Bumps [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits/v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.0.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 11:31:31 +01:00
Broder Peters
3f3681a4cd Add SkipPersistence flag to MetricsQueryParams in metrics endpoint 
Signed-off-by: Broder Peters <broder.peters@protonmail.com>
 2026-01-05 13:24:21 +01:00
Matthias Bertschy
acf7ad04ed fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 15:36:56 +01:00
Matthias Bertschy
adb9b80442 Merge pull request #1903 from Mujib-Ahasan/skip-persistence 
Add `skipPersistence` query parameter to `/v1/metrics`
 2025-12-09 17:46:12 +01:00
Mujib Ahasan
cb7cca7b44 fix: log added and minor fixes applied 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-12-09 22:07:29 +05:30
Matthias Bertschy
f38bec9314 fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 17:29:51 +01:00
dependabot[bot]
6a72851182 Bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.1.4 to 2.1.5.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.1.4...v2.1.5)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 12:12:46 +01:00
Matthias Bertschy
dac3af19a3 Update cosign package to v3 and adjust go.mod dependencies 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 11:57:01 +01:00
Matthias Bertschy
df37457504 Update cosign package to v3 and adjust go.mod dependencies 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 11:24:29 +01:00
dependabot[bot]
47442f954c Bump github.com/sigstore/fulcio from 1.6.6 to 1.8.3 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.6.6 to 1.8.3.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.6.6...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 10:32:26 +01:00
Mujib Ahasan
efbb8e8367 feature: skipPersistence request parameter added 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-12-05 22:18:35 +05:30
copilot-swe-agent[bot]
c05427ff38 Remove KS_METRICS_FRAMEWORKS environment variable support 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-05 09:43:49 +01:00
copilot-swe-agent[bot]
cc7aae470f Fix typo in comment: fom -> from 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:47:52 +00:00
copilot-swe-agent[bot]
8d59a6074e Add frameworks query parameter to /v1/metrics endpoint 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:45:55 +00:00
copilot-swe-agent[bot]
1f7dd6e5f5 Fix incorrect comment about default output format 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:31:52 +00:00
copilot-swe-agent[bot]
bf5ca3c1f0 Add KS_METRICS_FRAMEWORKS env var to allow selecting specific frameworks 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:30:11 +00:00
copilot-swe-agent[bot]
ba78527c80 Enable ScanAll for prometheus metrics to include all frameworks including CIS 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:32:43 +00:00
dependabot[bot]
379a3fbc27 Bump github.com/cilium/cilium from 1.16.9 to 1.16.17 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.16.9 to 1.16.17.
- [Release notes](https://github.com/cilium/cilium/releases)
- [Changelog](https://github.com/cilium/cilium/blob/1.16.17/CHANGELOG.md)
- [Commits](https://github.com/cilium/cilium/compare/1.16.9...1.16.17)

---
updated-dependencies:
- dependency-name: github.com/cilium/cilium
  dependency-version: 1.16.17
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-02 12:34:17 +01:00
Matthias Bertschy
a46098c034 Merge pull request #1896 from kubescape/summaries 
always save WorkloadConfigurationScanResultSummaries
 2025-12-01 08:05:57 +01:00
Matthias Bertschy
b6a4e282f9 Revamp documentation and reduce host sensor workers 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-30 11:47:00 +01:00
Matthias Bertschy
8deff34d12 always save WorkloadConfigurationScanResultSummaries 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-28 16:45:23 +01:00
dependabot[bot]
5469d8bc04 Bump golang.org/x/crypto from 0.41.0 to 0.45.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.41.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.41.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-21 17:10:28 +01:00
Matthias Bertschy
bd7c0c580e fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-11 17:52:55 +01:00
dependabot[bot]
b86d051998 Bump github.com/containerd/containerd from 1.7.28 to 1.7.29 
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.28 to 1.7.29.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.7.28...v1.7.29)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-version: 1.7.29
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-07 08:32:59 +01:00
dependabot[bot]
441d16aa08 Bump github.com/containerd/containerd/v2 from 2.0.5 to 2.0.7 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.0.5 to 2.0.7.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.0.5...v2.0.7)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-07 08:04:26 +01:00
dependabot[bot]
2fcbe54e4e Bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 
Bumps [github.com/nwaples/rardecode/v2](https://github.com/nwaples/rardecode) from 2.1.1 to 2.2.0.
- [Commits](https://github.com/nwaples/rardecode/compare/v2.1.1...v2.2.0)

---
updated-dependencies:
- dependency-name: github.com/nwaples/rardecode/v2
  dependency-version: 2.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 09:31:33 +02:00
Matthias Bertschy
ff96edae4d use grype v0.99.1 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-17 10:11:19 +02:00
Matthias Bertschy
1bd729cf83 fix go tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-02 14:45:12 +02:00
Matthias Bertschy
ca66ccb33d replace olekukonko/tablewriter with jedib0t/go-pretty 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-01 16:38:42 +02:00
dependabot[bot]
4a6480c8b4 Bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.8 to 1.7.9.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-version: 1.7.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 17:14:35 +02:00
Matthias Bertschy
e41b5d77a0 bump helm.sh/helm/v3 to 3.18.5 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-18 10:28:34 +02:00
Matthias Bertschy
a2361fd155 Merge pull request #1853 from kubescape/dependabot/go_modules/github.com/containerd/containerd/v2-2.0.5 
Bump github.com/containerd/containerd/v2 from 2.0.4 to 2.0.5
 2025-07-28 14:26:07 +02:00
dependabot[bot]
5bd4beb41f Bump github.com/containerd/containerd/v2 from 2.0.4 to 2.0.5 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.0.4...v2.0.5)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 14:14:59 +02:00
dependabot[bot]
be49d9b7be Bump helm.sh/helm/v3 from 3.17.3 to 3.17.4 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.17.3 to 3.17.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.17.3...v3.17.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.17.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 14:02:05 +02:00
dependabot[bot]
1f8afecea8 Bump github.com/cloudflare/circl from 1.5.0 to 1.6.1 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.5.0 to 1.6.1.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 13:33:52 +02:00
dependabot[bot]
f80c9d947d Bump github.com/go-viper/mapstructure/v2 in /httphandler 
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 13:18:52 +02:00
dependabot[bot]
01531b6276 Bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.0 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 12:20:18 +02:00
Yehudah Tor
d2bedc1d2b added urls 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-07-27 13:50:47 +03:00
Matthias Bertschy
6ed3e408be check scanInfo.Submit in HandleResults to not submit by default 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-06-30 08:16:41 +02:00
Ben
2bd686131e Incorporating review 
Signed-off-by: Ben <ben@armosec.io>
 2025-06-10 14:32:26 +03:00