github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,473 Commits 20 Branches 551 Tags
master
Commit Graph

253 Commits

Author SHA1 Message Date
Matthias Bertschy
fbef268f22 feat: optimize CPU and memory usage for resource-intensive scans 
Implement Phases 1-3 of the performance optimization plan to address
issue #1793 - reduce CPU and memory consumption for system-constrained
environments.

Phase 1 - OPA Module Caching:
- Add compiledModules cache to OPAProcessor with thread-safe access
- Cache compiled OPA rules to eliminate redundant compilation
- Reuse compiled modules with double-checked locking pattern
- Expected CPU savings: 30-40%

Phase 2 - Map Pre-sizing:
- Add estimateClusterSize() to calculate resource count
- Pre-size AllResources, ResourcesResult, and related maps
- Reduce memory reallocations and GC pressure
- Expected memory savings: 10-20%

Phase 3 - Set-based Deduplication:
- Add thread-safe StringSet utility in core/pkg/utils
- Replace O(n) slices.Contains() with O(1) map operations
- Use StringSet for image scanning and related resources deduplication
- 100% test coverage for new utility
- Expected CPU savings: 5-10% for large clusters

Full optimization plan documented in optimization-plan.md

Related: #1793
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 08:07:54 +01:00
dependabot[bot]
dc49218c7c build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.1 to 2.4.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.4.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 13:12:03 +01:00
Bezbran
25bd51e8b4 Replace host sensor with node agent sensing (#1916) 
In this change I used both claude code and Antigravity.

---------

Signed-off-by: Bezalel Brandwine <bez@softwine.net>
 2026-02-01 13:17:03 +02:00
Matthias Bertschy
6ce0121a03 Merge pull request #1928 from kubescape/dependabot/go_modules/github.com/sigstore/rekor-1.5.0 
build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0
 2026-01-22 20:24:28 +00:00
dependabot[bot]
0ec188b23d build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.4.3...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:50:11 +01:00
dependabot[bot]
090820ba04 build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:49:44 +01:00
dependabot[bot]
413db87e85 build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.8.4...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-20 08:07:08 +01:00
dependabot[bot]
0c42b41dcc build(deps): Bump github.com/sigstore/cosign/v3 
Bumps [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits/v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.0.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 11:31:31 +01:00
Matthias Bertschy
acf7ad04ed fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 15:36:56 +01:00
Matthias Bertschy
f38bec9314 fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 17:29:51 +01:00
dependabot[bot]
6a72851182 Bump github.com/containerd/containerd/v2 from 2.1.4 to 2.1.5 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.1.4 to 2.1.5.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.1.4...v2.1.5)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.1.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 12:12:46 +01:00
Matthias Bertschy
dac3af19a3 Update cosign package to v3 and adjust go.mod dependencies 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 11:57:01 +01:00
Matthias Bertschy
df37457504 Update cosign package to v3 and adjust go.mod dependencies 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 11:24:29 +01:00
dependabot[bot]
47442f954c Bump github.com/sigstore/fulcio from 1.6.6 to 1.8.3 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.6.6 to 1.8.3.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.6.6...v1.8.3)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 10:32:26 +01:00
dependabot[bot]
379a3fbc27 Bump github.com/cilium/cilium from 1.16.9 to 1.16.17 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.16.9 to 1.16.17.
- [Release notes](https://github.com/cilium/cilium/releases)
- [Changelog](https://github.com/cilium/cilium/blob/1.16.17/CHANGELOG.md)
- [Commits](https://github.com/cilium/cilium/compare/1.16.9...1.16.17)

---
updated-dependencies:
- dependency-name: github.com/cilium/cilium
  dependency-version: 1.16.17
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-02 12:34:17 +01:00
dependabot[bot]
5469d8bc04 Bump golang.org/x/crypto from 0.41.0 to 0.45.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.41.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.41.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-21 17:10:28 +01:00
Matthias Bertschy
bd7c0c580e fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-11 17:52:55 +01:00
dependabot[bot]
b86d051998 Bump github.com/containerd/containerd from 1.7.28 to 1.7.29 
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.28 to 1.7.29.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.7.28...v1.7.29)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-version: 1.7.29
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-07 08:32:59 +01:00
dependabot[bot]
441d16aa08 Bump github.com/containerd/containerd/v2 from 2.0.5 to 2.0.7 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.0.5 to 2.0.7.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.0.5...v2.0.7)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-07 08:04:26 +01:00
dependabot[bot]
2fcbe54e4e Bump github.com/nwaples/rardecode/v2 from 2.1.1 to 2.2.0 
Bumps [github.com/nwaples/rardecode/v2](https://github.com/nwaples/rardecode) from 2.1.1 to 2.2.0.
- [Commits](https://github.com/nwaples/rardecode/compare/v2.1.1...v2.2.0)

---
updated-dependencies:
- dependency-name: github.com/nwaples/rardecode/v2
  dependency-version: 2.2.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-10-21 09:31:33 +02:00
Matthias Bertschy
ff96edae4d use grype v0.99.1 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-17 10:11:19 +02:00
Matthias Bertschy
ca66ccb33d replace olekukonko/tablewriter with jedib0t/go-pretty 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-01 16:38:42 +02:00
dependabot[bot]
4a6480c8b4 Bump github.com/hashicorp/go-getter from 1.7.8 to 1.7.9 
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.8 to 1.7.9.
- [Release notes](https://github.com/hashicorp/go-getter/releases)
- [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml)
- [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.8...v1.7.9)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-getter
  dependency-version: 1.7.9
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-21 17:14:35 +02:00
Matthias Bertschy
e41b5d77a0 bump helm.sh/helm/v3 to 3.18.5 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-18 10:28:34 +02:00
Matthias Bertschy
a2361fd155 Merge pull request #1853 from kubescape/dependabot/go_modules/github.com/containerd/containerd/v2-2.0.5 
Bump github.com/containerd/containerd/v2 from 2.0.4 to 2.0.5
 2025-07-28 14:26:07 +02:00
dependabot[bot]
5bd4beb41f Bump github.com/containerd/containerd/v2 from 2.0.4 to 2.0.5 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.0.4...v2.0.5)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.0.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 14:14:59 +02:00
dependabot[bot]
be49d9b7be Bump helm.sh/helm/v3 from 3.17.3 to 3.17.4 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.17.3 to 3.17.4.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.17.3...v3.17.4)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.17.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 14:02:05 +02:00
dependabot[bot]
1f8afecea8 Bump github.com/cloudflare/circl from 1.5.0 to 1.6.1 
Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.5.0 to 1.6.1.
- [Release notes](https://github.com/cloudflare/circl/releases)
- [Commits](https://github.com/cloudflare/circl/compare/v1.5.0...v1.6.1)

---
updated-dependencies:
- dependency-name: github.com/cloudflare/circl
  dependency-version: 1.6.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 13:33:52 +02:00
dependabot[bot]
f80c9d947d Bump github.com/go-viper/mapstructure/v2 in /httphandler 
Bumps [github.com/go-viper/mapstructure/v2](https://github.com/go-viper/mapstructure) from 2.2.1 to 2.3.0.
- [Release notes](https://github.com/go-viper/mapstructure/releases)
- [Changelog](https://github.com/go-viper/mapstructure/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-viper/mapstructure/compare/v2.2.1...v2.3.0)

---
updated-dependencies:
- dependency-name: github.com/go-viper/mapstructure/v2
  dependency-version: 2.3.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 13:18:52 +02:00
dependabot[bot]
01531b6276 Bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.0 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 12:20:18 +02:00
Matthias Bertschy
fa05dcd00d go.mod massaging 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-05-23 16:02:15 +02:00
dependabot[bot]
45f60b6fe0 Bump golang.org/x/net from 0.37.0 to 0.38.0 
Bumps [golang.org/x/net](https://github.com/golang/net) from 0.37.0 to 0.38.0.
- [Commits](https://github.com/golang/net/compare/v0.37.0...v0.38.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-version: 0.38.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-28 14:03:44 +02:00
dependabot[bot]
80e419df24 Bump helm.sh/helm/v3 from 3.14.4 to 3.17.3 
Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.4 to 3.17.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.4...v3.17.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-version: 3.17.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-04-15 12:22:19 +02:00
Matthias Bertschy
31ed7d5160 upgrade open-policy-agent to 1.x 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-04-10 17:17:08 +02:00
dependabot[bot]
4d8a3f51e3 Bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2 
Bumps [github.com/golang-jwt/jwt/v5](https://github.com/golang-jwt/jwt) from 5.2.1 to 5.2.2.
- [Release notes](https://github.com/golang-jwt/jwt/releases)
- [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md)
- [Commits](https://github.com/golang-jwt/jwt/compare/v5.2.1...v5.2.2)

---
updated-dependencies:
- dependency-name: github.com/golang-jwt/jwt/v5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-03-28 10:30:02 +01:00
Matthias Bertschy
f13ded61bf Bump github.com/containerd/containerd to 1.7.27 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-03-20 13:05:17 +01:00
dependabot[bot]
2b28911db0 Bump github.com/go-jose/go-jose/v3 from 3.0.3 to 3.0.4 
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.3 to 3.0.4.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v3.0.3...v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-03-04 09:28:14 +01:00
Amir Malka
667e5e8258 fix score calculation for framework with all controls in status irrelevant (#1802) 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2025-03-03 15:20:14 +02:00
dependabot[bot]
2458f2ceb9 Bump github.com/go-jose/go-jose/v4 from 4.0.2 to 4.0.5 
Bumps [github.com/go-jose/go-jose/v4](https://github.com/go-jose/go-jose) from 4.0.2 to 4.0.5.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/main/CHANGELOG.md)
- [Commits](https://github.com/go-jose/go-jose/compare/v4.0.2...v4.0.5)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-02-25 07:58:42 +01:00
Amir Malka
f57948ad97 deprecate control name in exception policies (#1795) 
* deprecate control name in posture exception policies

Signed-off-by: Amir Malka <amirm@armosec.io>

* deprecate control name in posture exception policies

Signed-off-by: Amir Malka <amirm@armosec.io>

* deprecate control name in posture exception policies

Signed-off-by: Amir Malka <amirm@armosec.io>

* deprecate control name in posture exception policies

Signed-off-by: Amir Malka <amirm@armosec.io>

---------

Signed-off-by: Amir Malka <amirm@armosec.io>
 2025-02-20 10:27:27 +02:00
Matthias Bertschy
ae37fdc295 fix go tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-02-14 16:19:42 +01:00
Fernando-hub527
13cf34bffd refactor: update Maroto version to v2 
Signed-off-by: Fernando-hub527 <fernandocoelhosaraivanando@gmail.com>
 2025-02-05 21:31:22 -03:00
Matthias Bertschy
e16c4cc9b4 fix go.mod for httphandler 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-01-16 15:20:58 +01:00
Amir Malka
d966b0acbc update opa-utils 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2025-01-09 16:35:53 +02:00
Amir Malka
14ffe35437 add trigger by indication in posture report 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2025-01-09 16:13:29 +02:00
Matthias Bertschy
5e0b25b04a update go-git 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-01-09 09:42:36 +01:00
Matthias Bertschy
1ed1bb11f2 bump vulnerable deps 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2024-12-20 16:31:50 +01:00
dependabot[bot]
d6030a9c03 Bump golang.org/x/crypto from 0.27.0 to 0.31.0 in /httphandler 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.27.0 to 0.31.0.
- [Commits](https://github.com/golang/crypto/compare/v0.27.0...v0.31.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-12-13 14:18:38 +00:00
Matthias Bertschy
5b9c6491de fix mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2024-11-18 10:34:28 +01:00
Matthias Bertschy
90c359533f override docker/docker upgrade 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2024-11-12 14:46:29 +01:00