github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,473 Commits 20 Branches 551 Tags
master
Commit Graph

104 Commits

Author SHA1 Message Date
Matthias Bertschy
fbef268f22 feat: optimize CPU and memory usage for resource-intensive scans 
Implement Phases 1-3 of the performance optimization plan to address
issue #1793 - reduce CPU and memory consumption for system-constrained
environments.

Phase 1 - OPA Module Caching:
- Add compiledModules cache to OPAProcessor with thread-safe access
- Cache compiled OPA rules to eliminate redundant compilation
- Reuse compiled modules with double-checked locking pattern
- Expected CPU savings: 30-40%

Phase 2 - Map Pre-sizing:
- Add estimateClusterSize() to calculate resource count
- Pre-size AllResources, ResourcesResult, and related maps
- Reduce memory reallocations and GC pressure
- Expected memory savings: 10-20%

Phase 3 - Set-based Deduplication:
- Add thread-safe StringSet utility in core/pkg/utils
- Replace O(n) slices.Contains() with O(1) map operations
- Use StringSet for image scanning and related resources deduplication
- 100% test coverage for new utility
- Expected CPU savings: 5-10% for large clusters

Full optimization plan documented in optimization-plan.md

Related: #1793
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 08:07:54 +01:00
Matthias Bertschy
d72a6005bb use goreleaser for all builds and release publication 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-10 07:43:21 +01:00
Matthias Bertschy
b6a4e282f9 Revamp documentation and reduce host sensor workers 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-30 11:47:00 +01:00
Matthias Bertschy
ca66ccb33d replace olekukonko/tablewriter with jedib0t/go-pretty 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-01 16:38:42 +02:00
Yehudah Tor
5b351d5eec Done URL ref's before problematic ones 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-07-24 12:11:31 +03:00
Yehudah Tor
fec51b00ba getting started kubescape.io control links updated 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-07-23 15:16:41 +03:00
Ben Hirschberg
9b22d3284e Deprecation of the roadmap.md in this repo 
Signed-off-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
 2025-01-06 13:24:55 +02:00
idohu
ad0e50898a add architecture to README.md + fix first paragraph to bullets 
Signed-off-by: idohu <idoh@armosec.io>
 2024-07-15 17:43:09 +03:00
Oshrat Nir
8342f96a62 Merge branch 'master' into update-docs 
Signed-off-by: Oshrat Nir <45561829+Oshratn@users.noreply.github.com>
 2024-07-15 13:41:25 +03:00
Ben
e1db7f3704 updates in roadmap 
Signed-off-by: Ben <ben@armosec.io>
 2024-04-03 23:45:47 +03:00
Ben Hirschberg
1945d3dfaa Evidence on public use 2024-04-03 11:42:39 +03:00
matoruru
b6030c0bc5 Fix markdown syntax 
Signed-off-by: matoruru <40382980+matoruru@users.noreply.github.com>
 2024-01-10 15:36:56 +09:00
David Wertenteil
a423b41e68 update docs 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-10-23 09:49:57 +03:00
David Wertenteil
d5407466d5 Preparing Kubescape for v3 (#1403) 
* wip: minor cli fixes

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* wip: change default view

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* wip: reduce default topWorkloadsNumber to 3

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* update gif

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* default view for controls and frameworks

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-10-22 15:39:58 +03:00
Matthias Bertschy
915d5d993b add env-dependencies-policy to security insights 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2023-10-20 09:30:41 +02:00
David Wertenteil
a5d1fa3f66 Merge pull request #1274 from nvuillam/patch-1 
Update installation.md to add instructions to install a previous version
 2023-10-15 12:02:30 +03:00
rcohencyberarmor
884af50c0b Support control cluster from cli (#1391) 
* adding operator CLI to kubescape

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* support http requet for trigger in cluster operator

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* create interface for create request payload

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* logs + go mod update

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* docs

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* add relevant system tests

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* linter corrections

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* code review corrections

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* remove non relevant system tests - after code review corrections

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* PR corrections

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* PR corrections

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* change log

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* remove from examples

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* change log

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

* test correction

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>

---------

Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
Co-authored-by: rcohencyberarmor <rcohen@armosec.io>
 2023-09-27 16:31:04 +03:00
Amir Malka
592e0e2b43 Service discovery (#1359) 
* remove hardcoded urls

Signed-off-by: Amir Malka <amirm@armosec.io>

* update

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix test

Signed-off-by: Amir Malka <amirm@armosec.io>

* update providers docs

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix

Signed-off-by: Amir Malka <amirm@armosec.io>

* hardcoded systests branch

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix

Signed-off-by: Amir Malka <amirm@armosec.io>

* added logs

Signed-off-by: Amir Malka <amirm@armosec.io>

* added logs

Signed-off-by: Amir Malka <amirm@armosec.io>

* create config path if it does not exist

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix

Signed-off-by: Amir Malka <amirm@armosec.io>

---------

Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-08-30 09:54:50 +03:00
David Wertenteil
8d1547163b Beautify install.sh script logs (#1356) 
* Check k8s access before running

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* refactor script

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* fixed color background

Signed-off-by: David Wertenteil <dwertent@armosec.io>

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-08-24 15:18:10 +03:00
Daniel Grunberger
5379b9b0a6 New output (#1320) 
* phase-1

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* factory

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* wip: feat(cli): add an image scanning command

Add a CLI command that launches an image scan. Does not scan images yet.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: feat: add image scanning service

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore: include dependencies

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: adjust image scanning service

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: feat: use scanning service in CLI

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* use iface

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* touches

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* continue

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* add cmd

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* support single workload scan

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix conflict

Signed-off-by: Amir Malka <amirm@armosec.io>

* identifiers

* go mod

* feat(imagescan): add an image scanning command

This commit adds a CLI command and an associated package that scan
images for vulnerabilities.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

feat(imagescan): fail on exceeding the severity threshold

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): include dependencies

This commit adds the dependencies necessary for image scanning.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): add dependencies to httphandler

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* merge

* more

* integrate img scan

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* more refactoring

Signed-off-by: Amir Malka <amirm@armosec.io>

* add scanned workload reference to opasessionobj

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix GetWorkloadParentKind

Signed-off-by: Amir Malka <amirm@armosec.io>

* remove namespace argument from pullSingleResource, using field selector instead

Signed-off-by: Amir Malka <amirm@armosec.io>

* removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function

Signed-off-by: Amir Malka <amirm@armosec.io>

* changes

* changes

* fixes

* changes

* feat(imagescan): add an image scanning command

This commit adds a CLI command and an associated package that scan
images for vulnerabilities.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

feat(imagescan): fail on exceeding the severity threshold

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): include dependencies

This commit adds the dependencies necessary for image scanning.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): add dependencies to httphandler

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): create vuln db with dedicated function

Remove commented out code, too.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* docs(imagescan): provide package-level docs

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* finish merge

* image scan tests

* continue

* fixes

* refactor

* rm duplicate

* start fixes

* update gh actions

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* pr fixes

* fix test

* improvements

---------

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
Signed-off-by: Amir Malka <amirm@armosec.io>
Signed-off-by: David Wertenteil <dwertent@armosec.io>
Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>
Co-authored-by: Vlad Klokun <vklokun@protonmail.ch>
Co-authored-by: Amir Malka <amirm@armosec.io>
Co-authored-by: David Wertenteil <dwertent@armosec.io>
 2023-08-03 12:09:33 +03:00
David Wertenteil
a37b1f7319 update armo docs 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-07-25 11:01:48 +03:00
Nicolas Vuillamy
31c4badf1c Update installation.md to add instructions to install a previous version via SH 2023-07-09 21:22:47 +02:00
David Wertenteil
abe0477249 Merge pull request #1265 from dwertent/update-submit-message 
Update submit message
 2023-07-06 09:39:04 +03:00
David Wertenteil
72f6988bb4 update messaging based on Oshrats comments 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-07-05 10:40:22 +03:00
David Wertenteil
8989cc1679 Deprecated host-scanner 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-07-04 09:43:10 +03:00
David Wertenteil
1b181a47ef Update docs/providers/armo.md 
Co-authored-by: Craig Box <craig.box@gmail.com>
 2023-06-27 07:42:42 +03:00
David Wertenteil
30487dcd0e Update docs/providers/armo.md 
Co-authored-by: Craig Box <craig.box@gmail.com>
 2023-06-27 07:42:33 +03:00
David Wertenteil
46ad069fe5 Updating overview 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-06-26 13:54:00 +03:00
David Wertenteil
05d5de17d5 fixed wording 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-06-26 09:49:00 +03:00
David Wertenteil
6bc79458b0 Split the installation command from scanning 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-06-26 09:46:13 +03:00
David Wertenteil
ab85ca2b28 update installation steps 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-06-26 09:40:21 +03:00
Yuval Leibovich
b5fb355a22 updating readme file to support compliance 2023-05-15 15:31:14 +03:00
Hollow Man
ebf3e49f53 Update snap installation 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
 2023-04-18 02:02:43 +03:00
Hollow Man
3f69f06df1 Move Building to wiki and installation back to docs 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
 2023-04-17 14:10:47 +03:00
Hollow Man
e0b296c124 Move installation instructions to wiki 
Signed-off-by: Hollow Man <hollowman@opensuse.org>
 2023-04-16 19:35:11 +03:00
Sindhu Inti
28fdee0dd2 fix: broken link 
Signed-off-by: Sindhuinti <iamsindhuinti23@gmail.com>
 2023-04-11 13:10:31 +05:30
Sindhu Inti
9ce25c45fe fix: broken link 2023-04-11 13:01:49 +05:30
David Wertenteil
dea5649e01 wip: update link in docs 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-03-04 22:34:08 +02:00
Craig Box
2f299b6201 fix #1025 (#1087) 
Signed-off-by: Craig Box <craigb@armosec.io>
 2023-02-08 13:20:59 +02:00
Craig Box
c39683872e Initial documentation update upon joining the CNCF (#1020) 
* Initial refactor

Signed-off-by: Craig Box <craigb@armosec.io>

* Initial refactor.

Signed-off-by: Craig Box <craigb@armosec.io>

* Now how did that get in there?

Signed-off-by: Craig Box <craigb@armosec.io>

* small fixes

Signed-off-by: Craig Box <craigb@armosec.io>

* Use GitHub note and warning syntax

Signed-off-by: Craig Box <craigb@armosec.io>

* second guessing thing with no docs

Signed-off-by: Craig Box <craigb@armosec.io>

* Final changes

Signed-off-by: Craig Box <craigb@armosec.io>

Signed-off-by: Craig Box <craigb@armosec.io>
 2023-01-11 08:53:55 +02:00
David Wertenteil
3d3cd2c2d8 Added Kubescape flow.drawio 2022-12-06 15:44:34 +02:00
David Wertenteil
e39fca0c11 do not build dev images 2022-12-06 11:05:21 +02:00
Ben Hirschberg
56e2ffec5c Add arch diagrams (#857) 
* Publishing community meetings

* Adding architecture diagrams

* fix type

* resize diagrams

* Changing the operator diagram

Co-authored-by: Benyamin Hirschberg <59160382+BenHirschbergCa@users.noreply.github.com>
 2022-10-02 20:36:59 +03:00
Asutosh Panda
96d90c217e Fix typos, linting errors of markdown file, modify the content to make it more concise (#820) 2022-09-29 09:12:43 +03:00
Jatin Agarwal
6e2dda7993 Fixed typos in roadmap.md (#800) 2022-09-13 10:39:28 +03:00
Krishna Agarwal
f7f11abfc2 fixed typos (#777) 
* fixed typos

* Update container-image-vulnerability-adaptor.md
 2022-09-06 09:41:18 +03:00
David Wertenteil
72f9c6d81b Fixed InfoMap usage (#680) 
* Fix issue for scanning list obj

* Fix go mod in httphandler pkg

* Broken links fix in roadmap.md 

Planning, backlog, and wishlist links were not taking to the required section.

* override infoMap only if it's not nil

* improved icon of kubescape in readme

* Support scanning several files

* gramatical improvements

* docs(readme): Star → star

* Fix issues according to review

* Handle with issues  caused by updating opa-utils

* Fix scanning ListObj following reviews

* Update core/pkg/resourcehandler/filesloader.go

Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>

* Update completion.go

* Added fixed control input

* update go.mod

* Print chart name log when fail to generate

* Change formatting to %s

* Added resource prioritization information, raw resource will be sent on the result object

* Merging typo fixes from master (#772)

* greetings

* Update aws.sh

simplified the comment

* typo: In the title and h1 element

Their was a typo in index.html file.

* punctuation changes

* docs : added gitpod badge in readme.md

* fixed typos

* ƒ some grammar mistake is corrected inPULL_REQUEST_TEMPLATE.md file

* Updated README.md file

Added link to CONTRIBUTING.md file in a line in README.

* Added link to code of conduct file

I have added link to the code of conduct file and fixed some problems in the Readme file.

* Fixed readme

* Added alpine tag

Adding alpine tag instead of latest and removing repeating commands

* roadmap.md file is modified

* Automatically Close "Typo" labelled Issue

* build.py is modified

* modified PR template

* Fixed some typos in feature_request.md

"." at the end of the headings were missing and all the text were in same line.
Now this gives a clear and concise view of the texts.

* fixed the typo in docs/index.html

Found and fixed typo in the 'alt' attribute of img tag

* Update PULL_REQUEST_TEMPLATE.md

Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com>
Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com>
Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com>
Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com>
Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com>
Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com>
Co-authored-by: pwnb0y <vickykr07@yahoo.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com>
Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com>
Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com>
Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com>
Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com>
Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com>

* update logger version (#773)

* Fixed: Kubescape fails to authenticate remote private Github repo (#721)

* grammar error fixer in CONTRIBUTING.md

* scanning private git repository is available

* giturl to gitapi

* NO TOKEN error functionality added

* Used GetToken method of giturl.IGitAPPI for auth

Co-authored-by: satyam kale <satyamkale271@gmail.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>

* bump opa-utils to 181

* Option to force enable color output (closes #560) (#767)

* Option to force enable color output (closes #560)

(cherry picked from commit 4f951781ee8dd6bb451ac7d159787f47e4b07379)

* Update go.mod

* Update host scanner image  (#774)

* update logger version

* update scanner image

Co-authored-by: Moshe-Rappaport-CA <moshep@armosec.io>
Co-authored-by: Moshe Rappaport <89577611+Moshe-Rappaport-CA@users.noreply.github.com>
Co-authored-by: Om Raut <33827410+om2137@users.noreply.github.com>
Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com>
Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>
Co-authored-by: Chirag Arora <84070677+Chirag8023@users.noreply.github.com>
Co-authored-by: shm12 <shmuelb@armosec.io>
Co-authored-by: Amir Malka <amirm@armosec.io>
Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com>
Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com>
Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com>
Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com>
Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com>
Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com>
Co-authored-by: pwnb0y <vickykr07@yahoo.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com>
Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com>
Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com>
Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com>
Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com>
Co-authored-by: satyam kale <satyamkale271@gmail.com>
Co-authored-by: Aditya Pratap Singh <adityapratapsingh51@gmail.com>
 2022-09-05 10:49:37 +03:00
David Wertenteil
4940912784 Merge pull request #750 from pwnb0y/doc-1 
roadmap.md file is modified
 2022-09-04 13:03:24 +03:00
David Wertenteil
a7fd2bd058 Merge pull request #724 from Rounak-28/patch-2 
fixed typos
 2022-09-04 13:02:51 +03:00
avikittu
6c50fe1011 fixed the typo in docs/index.html 
Found and fixed typo in the 'alt' attribute of img tag
 2022-09-04 14:17:09 +05:30