github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,443 Commits 20 Branches 551 Tags
0ec188b23d33e6c5cfa87f704ddbf8e15d8a41dd
Commit Graph

19 Commits

Author SHA1 Message Date
Matthias Bertschy
ff96edae4d use grype v0.99.1 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-17 10:11:19 +02:00
Matthias Bertschy
182162d521 gofmt 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-02 13:51:45 +02:00
aadarsh-nagrath
db30020c95 feat: add default matchers option to image scanning 
hey! added the default matchers option for image scanning as requested in #1838. now you can choose between stock matchers and CPE matchers when scanning images.

what's new:
- added --use-default-matchers flag to scan/image/patch commands
- true = stock matchers (default behavior)
- false = CPE matchers (more precise)

usage:
# use CPE matchers for more precise detection
kubescape scan image nginx:latest --use-default-matchers=false

# or in scan command
kubescape scan --scan-images --use-default-matchers=false

everything's backward compatible - existing code works exactly the same. just added the new option for folks who want more control over their vulnerability detection.

fixes #1838

Signed-off-by: aadarsh-nagrath <anagrath1@gmail.com>
 2025-08-06 21:48:40 +05:30
Matthias Bertschy
525e51d68e close grype DB at the very end of processing 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-07-25 09:50:10 +02:00
Ben
2bd686131e Incorporating review 
Signed-off-by: Ben <ben@armosec.io>
 2025-06-10 14:32:26 +03:00
Matthias Bertschy
475b672a7a add fixed grypeDB for tests 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-02-07 12:34:11 +01:00
VaibhavMalik4187
0545818f82 Added tests and improvements for image exceptions 
Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
VaibhavMalik4187
a31154897f Added support for severity exceptions in imagescan 
This commit add relevant functions to support severity exceptions during
image scan.

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
VaibhavMalik4187
7d55c79f11 Feature: Added exceptions flag in scan image cmd 
This commit introduces the "exceptions" flag in the scan image command.
Users can pass a list of vulnerabilities they ignore while scanning an
image using this flag. Also added tests for the same.

Fixes: https://github.com/kubescape/kubescape/issues/1564

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
Matthias Bertschy
9521cf1974 bump syft version 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2024-04-29 14:00:18 +02:00
Matthias Bertschy
ac6c5ca570 image scan add schema v1 support 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2024-02-28 10:25:16 +01:00
Mehdi Moussaif
210b5dac33 Fix: nil memory pointer when scanResults.MetadataProvider is nil 
Signed-off-by: Mehdi Moussaif <m.moussaif42@gmail.com>
 2023-11-25 21:29:15 +01:00
VaibhavMalik4187
6f1919bbe2 Added Test Suite for several packages 
This PR focuses on adding unit tests for multiple packages in the
project. The main changes include:

- Addition of new tests for the 'printer' package in the
  'core/pkg/resultshandling/printer' directory.
- New tests for the 'results' package in the
  'core/pkg/resultshandling' directory.
- Addition of tests for the 'config' package in the
  'httphandler/config' directory.
- New tests for the 'testutils' package in the 'internal/testutils'
  directory.
- Addition of tests for the 'imagescan' package in the
  'pkg/imagescan' directory.

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2023-11-25 22:34:48 +05:30
Matthias Bertschy
92a4c1f64a add one test for imagescan, delete patch_test to avoid coverage check failure 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2023-11-23 15:14:52 +01:00
David Wertenteil
cf08daf7fb scan per namespace (#1337) 
* scan per namespace

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* disable unit test

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* Adding build image wf

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* removing unused channels

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* adding scopes

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* update

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* fixed cluster size

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* update rbac deps

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* aggregate resources

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* Delete build-image.yaml

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* adding scan image logs

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* update cmd message

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* update logs

Signed-off-by: David Wertenteil <dwertent@armosec.io>

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-08-08 10:47:15 +03:00
Daniel Grunberger
5379b9b0a6 New output (#1320) 
* phase-1

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* factory

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* wip: feat(cli): add an image scanning command

Add a CLI command that launches an image scan. Does not scan images yet.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: feat: add image scanning service

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore: include dependencies

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: adjust image scanning service

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: feat: use scanning service in CLI

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* use iface

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* touches

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* continue

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* add cmd

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* support single workload scan

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix conflict

Signed-off-by: Amir Malka <amirm@armosec.io>

* identifiers

* go mod

* feat(imagescan): add an image scanning command

This commit adds a CLI command and an associated package that scan
images for vulnerabilities.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

feat(imagescan): fail on exceeding the severity threshold

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): include dependencies

This commit adds the dependencies necessary for image scanning.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): add dependencies to httphandler

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* merge

* more

* integrate img scan

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* more refactoring

Signed-off-by: Amir Malka <amirm@armosec.io>

* add scanned workload reference to opasessionobj

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix GetWorkloadParentKind

Signed-off-by: Amir Malka <amirm@armosec.io>

* remove namespace argument from pullSingleResource, using field selector instead

Signed-off-by: Amir Malka <amirm@armosec.io>

* removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function

Signed-off-by: Amir Malka <amirm@armosec.io>

* changes

* changes

* fixes

* changes

* feat(imagescan): add an image scanning command

This commit adds a CLI command and an associated package that scan
images for vulnerabilities.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

feat(imagescan): fail on exceeding the severity threshold

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): include dependencies

This commit adds the dependencies necessary for image scanning.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): add dependencies to httphandler

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): create vuln db with dedicated function

Remove commented out code, too.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* docs(imagescan): provide package-level docs

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* finish merge

* image scan tests

* continue

* fixes

* refactor

* rm duplicate

* start fixes

* update gh actions

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* pr fixes

* fix test

* improvements

---------

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
Signed-off-by: Amir Malka <amirm@armosec.io>
Signed-off-by: David Wertenteil <dwertent@armosec.io>
Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>
Co-authored-by: Vlad Klokun <vklokun@protonmail.ch>
Co-authored-by: Amir Malka <amirm@armosec.io>
Co-authored-by: David Wertenteil <dwertent@armosec.io>
 2023-08-03 12:09:33 +03:00
Vlad Klokun
925145724e docs(imagescan): provide package-level docs 
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-08-02 09:50:18 +03:00
Vlad Klokun
e3677fc45c chore(imagescan): create vuln db with dedicated function 
Remove commented out code, too.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-08-02 09:50:17 +03:00
Vlad Klokun
3b8bd7735e feat(imagescan): add an image scanning command 
This commit adds a CLI command and an associated package that scan
images for vulnerabilities.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

feat(imagescan): fail on exceeding the severity threshold

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-08-02 09:50:17 +03:00