kubescape

mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 09:59:54 +00:00

Author	SHA1	Message	Date
Ben Hirschberg	266029eb23	Implementing container image name normalization built-in function for Rego (#1334 ) * Implementing container image name normalization built-in function for Rego Signed-off-by: Ben <ben@armosec.io> * updating go.mod t include docker/distribution Signed-off-by: Ben <ben@armosec.io> * fix test Signed-off-by: Ben <ben@armosec.io> --------- Signed-off-by: Ben <ben@armosec.io>	2023-08-08 09:35:32 +03:00
rcohencyberarmor	4c9fec8ef4	Support scanning scope (#1293 ) * support scanning scope Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update white list Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * scope empty return control should tested Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego scope for system test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update test + mock Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add comment Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego library Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update opa utils - lots of file changes in this commit since armoapi-go bump up in opa-utils Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * move to temp k8s-interface - till PR in k8s-interface repo will approved Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface with released tag Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod in httphandler Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * PR review corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * change test name Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * scanning scope support for framework Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * test/mock adjustments after merge Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add more informative log to the user Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go.mod and go.sum of the http handler Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * remove framework just scanning scope not matched to framework config scope Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add system tests to workflow Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add system test to github workflow Signed-off-by: rcohencyberarmor <rcohen@armosec.io> --------- Signed-off-by: rcohencyberarmor <rcohen@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: rcohencyberarmor <rcohen@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-07 19:11:14 +03:00
Daniel Grunberger	5379b9b0a6	New output (#1320 ) * phase-1 Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * factory Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * wip: feat(cli): add an image scanning command Add a CLI command that launches an image scan. Does not scan images yet. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: add image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore: include dependencies Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: adjust image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: use scanning service in CLI Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * use iface Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * touches Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * continue Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * add cmd Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * support single workload scan Signed-off-by: Amir Malka <amirm@armosec.io> * fix conflict Signed-off-by: Amir Malka <amirm@armosec.io> * identifiers * go mod * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * merge * more * integrate img scan * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * more refactoring Signed-off-by: Amir Malka <amirm@armosec.io> * add scanned workload reference to opasessionobj Signed-off-by: Amir Malka <amirm@armosec.io> * fix GetWorkloadParentKind Signed-off-by: Amir Malka <amirm@armosec.io> * remove namespace argument from pullSingleResource, using field selector instead Signed-off-by: Amir Malka <amirm@armosec.io> * removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function Signed-off-by: Amir Malka <amirm@armosec.io> * changes * changes * fixes * changes * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): create vuln db with dedicated function Remove commented out code, too. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * docs(imagescan): provide package-level docs Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * finish merge * image scan tests * continue * fixes * refactor * rm duplicate * start fixes * update gh actions Signed-off-by: David Wertenteil <dwertent@armosec.io> * pr fixes * fix test * improvements --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> Signed-off-by: Amir Malka <amirm@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Vlad Klokun <vklokun@protonmail.ch> Co-authored-by: Amir Malka <amirm@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 12:09:33 +03:00
Vlad Klokun	2494c1971c	chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-08-02 09:50:17 +03:00
Amir Malka	981430d65f	bump opa-utils Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-31 12:00:52 +03:00
Amir Malka	bbfa5d356a	bump opa-utils, k8s-interface and armoapi-go Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-31 10:39:03 +03:00
YiscahLevySilas1	17c43fd366	support related objects (#1272 ) * support related objects Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update pkg versions Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update go mod Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * fix test Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * fix test Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * only add ids of related resource Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * fixes following review Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * add test for processRule Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> --------- Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-07-20 16:23:58 +03:00
Amir Malka	e470fce6ed	initial implementation of OpenTelemetry metrics collection (#1269 ) Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-10 14:22:26 +03:00
kooomix	868db91801	update regolibrary to v1.0.286-rc.0	2023-07-02 13:25:37 +03:00
guangwu	5e5b9d564c	fix: CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2022-41723 etc. (#1221 ) * fix: CVE-2023-28840 CVE-2023-28841 CVE-2023-28842 CVE-2022-41723GHSA-vvpx-j8f3-3w6h CVE-2022-23524 CVE-2022-23525 CVE-2022-23526 CVE-2022-36055 CVE-2023-25165 Signed-off-by: guoguangwu <guoguangwu@magic-shield.com> * restore go.sum Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: guoguangwu <guoguangwu@magic-shield.com> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-06-13 11:39:25 +03:00
YiscahLevySilas1	8ee72895b9	Fix statuses - Manual review and Requires configuration (#1251 ) * fix statuses - req. review, configurations, manual Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update opa-utils version Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update opa-utils version Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update opa-utils version Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * use const for inner info Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> --------- Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-06-12 10:38:35 +03:00
Nitish Chauhan	6cefada215	correcting the formating of the table in pdf output (#1244 ) * correcting the formatting of the table in pdf output Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com> * adding some starting unit tests Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com> * resolving the mod error Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com> --------- Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com>	2023-06-04 15:21:07 +03:00
Anubhav Gupta	07a5c6488b	update kubescape/go-git-url version Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>	2023-05-26 18:13:39 +05:30
Amir Malka	225545476c	update opa-utils Signed-off-by: Amir Malka <amirm@armosec.io>	2023-05-23 19:18:45 +03:00
Amir Malka	987f97102d	bump opa-utils version for memory optimizations Signed-off-by: Amir Malka <amirm@armosec.io>	2023-05-22 16:44:11 +03:00
Amir Malka	0a0ef10d50	Control parallelism of opa rule processing by env var (#1230 ) * control parallelism of opa rule processing by env var Signed-off-by: Amir Malka <amirm@armosec.io> * go 1.20 Signed-off-by: Amir Malka <amirm@armosec.io> * update go.mod go.sum Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Amir Malka <amirm@armosec.io>	2023-05-14 14:59:21 +03:00
Amir Malka	b26f83d0bd	update go version 1.19->1.20 Signed-off-by: Amir Malka <amirm@armosec.io>	2023-05-14 10:04:30 +03:00
YiscahLevySilas1	f3225855d0	rerun workflows Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-05-01 09:19:09 +03:00
YiscahLevySilas1	d6edd818b8	add compliance score to new field in controls for backward compatibility Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-04-27 15:53:47 +03:00
YiscahLevySilas1	f25d573f32	update opa-utils version for fix in compliance score Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-04-19 18:34:10 +03:00
YiscahLevySilas1	acaf6e78da	update opa-utils version Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-04-17 20:25:27 +03:00
YiscahLevySilas1	344e9188f6	add compliance-threshold, deprecate fail-threshold Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-04-17 16:08:38 +03:00
yuleib	875deb7ec3	adding compliance score updates (#1181 ) Signed-off-by: Yuval Leibovich <yuvall@armosec.io>	2023-04-04 16:03:40 +03:00
YiscahLevySilas1	9420fd5e79	update version k8s-interface for cloud resources Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-04-03 09:34:22 +03:00
Avraham Shalev	55ce7086d7	upgrade opa-utils and armo api Signed-off-by: Avraham Shalev <8184528+avrahams@users.noreply.github.com>	2023-03-15 13:53:30 +02:00
Amir Malka	106db84a66	bump go-logger (#1144 ) Signed-off-by: Amir Malka <amirm@armosec.io>	2023-03-14 10:00:08 +02:00
Alessio Greggi	5aa56b1c0a	feat: integrate support to retrieve eks policies Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>	2023-03-13 11:35:07 +01:00
Amir Malka	cec4e5ca39	added clusterName to otel initialization Signed-off-by: Amir Malka <amirm@armosec.io>	2023-02-26 18:07:38 +02:00
David Wertenteil	25e42ee4b6	Update rbac-utils pkg Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-02-23 23:33:35 +02:00
David Wertenteil	3a80ff00b6	update opa pkg to 238 Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-02-23 14:25:21 +02:00
David Wertenteil	b989c4c21f	update opa pkg Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-02-23 09:48:52 +02:00
Matthias Bertschy	8102dd93ba	bump go-git-url (#1110 ) Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-02-21 11:42:59 +02:00
Amir Malka	df39e10300	Statuses (#1016 ) (#1082 ) New statuses	2023-02-14 15:00:21 +02:00
kooomix	4ea35eec00	GitRegoStore moved to Regolibrary (#1058 ) * GitRegoStore moved to Regolibrary * httphandler go mod * update go.mod * test old regostorlibrary * restore gitRegoStore from regolibrary * Update github.com/kubescape/regolibrary to ver 249 Signed-off-by: kooomix <eranm@armosec.io> * update go mod Signed-off-by: kooomix <eranm@armosec.io> * print scan_control_id mesg Signed-off-by: kooomix <eranm@armosec.io> * Update regolibrary version - windows host fix Signed-off-by: kooomix <eranm@armosec.io> --------- Signed-off-by: kooomix <eranm@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-02-07 13:18:51 +02:00
YiscahLevySilas1	c6eff8cbaa	minor change	2023-02-05 11:54:21 +02:00
David Wertenteil	af9df548d6	Merge branch 'master' into CIS-EKS-support	2023-02-05 09:43:41 +02:00
Matthias Bertschy	160ac0db7c	add otel with uptrace client Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-01-31 08:06:33 +01:00
yiscah	0d1b92c2ee	update k8s-interface - fix in get region Signed-off-by: yiscah <yiscahls@armosec.io>	2023-01-29 20:32:12 +02:00
yiscah	9a7e61edd1	add cloud resource ListEntitiesForPolicies	2023-01-27 13:42:15 +02:00
yiscah	de1d8a9d86	improve cloud resources getters	2023-01-24 17:18:39 +02:00
Ben	2a82d6cd21	Implementing progress bar for control processing Signed-off-by: Ben <ben@armosec.io>	2023-01-24 11:55:08 +02:00
yiscah	530ffde50d	Merge branch 'master' of https://github.com/kubescape/kubescape into dev	2023-01-23 18:52:43 +02:00
Daniel-GrunbergerCA	c357f12c82	add cosign functions for signature checking	2023-01-19 17:21:00 +01:00
yiscah	5e4bc5ddb8	get new cloud resource - DescribeRepositories	2023-01-18 09:25:50 +02:00
yiscah	f30752d9c3	Merge branch 'dev' of https://github.com/kubescape/kubescape into dev	2023-01-17 13:56:25 +02:00
Matthias Bertschy	1757c891aa	add support for Bitbucket scanning	2023-01-13 07:35:07 +01:00
yiscah	1a011f4968	Merge branch 'dev' of https://github.com/kubescape/kubescape into dev	2023-01-12 14:09:35 +02:00
yiscah	7fc10e8213	revert changes	2023-01-11 12:05:56 +02:00
yiscah	bb8f0e3c46	Revert "start developing port forward to host scanner (doesn't work yet)" This reverts commit `87e2986024`.	2023-01-11 12:02:23 +02:00
yiscah	cfd85eadab	Merge branch 'dev' of https://github.com/YiscahLevySilas1/kubescape into dev	2023-01-11 11:59:16 +02:00

... 2 3 4 5 6 ...

378 Commits