hey! added the default matchers option for image scanning as requested in #1838. now you can choose between stock matchers and CPE matchers when scanning images.
what's new:
- added --use-default-matchers flag to scan/image/patch commands
- true = stock matchers (default behavior)
- false = CPE matchers (more precise)
usage:
# use CPE matchers for more precise detection
kubescape scan image nginx:latest --use-default-matchers=false
# or in scan command
kubescape scan --scan-images --use-default-matchers=false
everything's backward compatible - existing code works exactly the same. just added the new option for folks who want more control over their vulnerability detection.
fixes#1838
Signed-off-by: aadarsh-nagrath <anagrath1@gmail.com>
- Introduced a single context in main() to handle interrupt signals (os.Interrupt, syscall.SIGTERM).
- Removed repetitive context creation in the program by reusing the propagated context.
- Improved code readability and maintainability by centralizing context management.
- Ensured consistent handling of graceful shutdown across the program.
Signed-off-by: Ruslan Semagin <pixel.365.24@gmail.com>
Wrote new tests for the following packages
- operator
- patch
- scan
Also fixed potential crash in the RunE function of the image subcommand
in the scan package.
Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
