kubescape

mirror of https://github.com/kubescape/kubescape.git synced 2026-04-15 06:58:11 +00:00

Author	SHA1	Message	Date
Yuval Leibovich	139a89770f	Update a-pr-scanner.yaml Signed-off-by: Yuval Leibovich <89763818+yuleib@users.noreply.github.com>	2023-11-26 09:47:59 +02:00
VaibhavMalik4187	16f4849323	Run binary-build job only for kubescape/kubscape Added a check before running the binary-build job to ensure that the owner of the repository is kubescape. Fixes: https://github.com/kubescape/kubescape/issues/1482 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>	2023-11-22 15:12:36 +05:30
David Wertenteil	c781bc3166	remove deprecated tests Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-11-01 16:33:25 +02:00
Matthias Bertschy	df602af7cf	add more missing permissions for actions Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-18 12:41:04 +02:00
Matthias Bertschy	6a0a7b84a2	actions needs write on id-token in pr-scanner Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-18 07:28:52 +02:00
Matthias Bertschy	b98d80a912	Merge pull request #1421 from kubescape/winwin build windows exec without libgit	2023-10-17 10:09:32 +02:00
Matthias Bertschy	4f2d13b151	fixing GH actions permissions Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-17 09:53:46 +02:00
Matthias Bertschy	0b7d8cd45e	remove extra permissions on GH action Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-17 07:36:38 +02:00
Matthias Bertschy	95133af9f4	build windows exec without libgit Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-16 11:16:30 +02:00
Matthias Bertschy	3efa40e808	use go-gitlog as an alternative to git2go (#1393 ) * use go-gitlog as an alternative to git2go Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> * set RELEASE to something to avoid failing binary-build step Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> --------- Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-15 15:16:05 +03:00
Matthias Bertschy	143a4d9818	add top level permissions: read-all for openssf Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-13 15:20:52 +02:00
David Wertenteil	2cfd4f3b31	Create scorecard.yml Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-10-12 16:39:38 +03:00
Matthias Bertschy	5968f97583	Merge pull request #1417 from kubescape/fixtests drop build tags for tests (will soon deprecate them)	2023-10-11 17:25:54 +02:00
Matthias Bertschy	a52ca0e47d	use correct variable for IMAGE_TAG Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-11 16:05:55 +02:00
Matthias Bertschy	ed1219baf1	drop build tags for tests (will soon deprecate them) Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-11 14:03:53 +02:00
Matthias Bertschy	f073ce0f42	add missing dependency on retag in binary-build Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-11 13:56:50 +02:00
VaibhavMalik4187	8908a4e8cf	Removed the Codesee workflow Fixes: https://github.com/kubescape/kubescape/issues/1405 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>	2023-10-10 07:38:51 +05:30
Matthias Bertschy	5b1aa1501f	force docker-build in absence of release label Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-09 10:13:53 +02:00
David Wertenteil	bbabd5373a	Adding check-secret to build image wf Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-10-08 12:18:19 +03:00
rcohencyberarmor	884af50c0b	Support control cluster from cli (#1391 ) * adding operator CLI to kubescape Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * support http requet for trigger in cluster operator Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * create interface for create request payload Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * logs + go mod update Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * docs Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add relevant system tests Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * linter corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * code review corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * remove non relevant system tests - after code review corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * PR corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * PR corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * change log Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * remove from examples Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * change log Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * test correction Signed-off-by: rcohencyberarmor <rcohen@armosec.io> --------- Signed-off-by: rcohencyberarmor <rcohen@armosec.io> Co-authored-by: rcohencyberarmor <rcohen@armosec.io>	2023-09-27 16:31:04 +03:00
Matthias Bertschy	3e7a6b516b	Separate docker builds for kubescape and kubescape-cli (#1390 ) * create a separate Dockerfile for httphandler Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> * add Dockerfile for cli, edit README Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> * modify gh action to use new cli Dockerfile Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> --------- Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-09-18 17:13:08 +03:00
Amir Malka	c914ab1034	revert e2e test branch (#1373 ) Signed-off-by: Amir Malka <amirm@armosec.io>	2023-09-05 14:31:56 +03:00
Amir Malka	592e0e2b43	Service discovery (#1359 ) * remove hardcoded urls Signed-off-by: Amir Malka <amirm@armosec.io> * update Signed-off-by: Amir Malka <amirm@armosec.io> * fix test Signed-off-by: Amir Malka <amirm@armosec.io> * update providers docs Signed-off-by: Amir Malka <amirm@armosec.io> * fix Signed-off-by: Amir Malka <amirm@armosec.io> * hardcoded systests branch Signed-off-by: Amir Malka <amirm@armosec.io> * fix Signed-off-by: Amir Malka <amirm@armosec.io> * added logs Signed-off-by: Amir Malka <amirm@armosec.io> * added logs Signed-off-by: Amir Malka <amirm@armosec.io> * create config path if it does not exist Signed-off-by: Amir Malka <amirm@armosec.io> * fix Signed-off-by: Amir Malka <amirm@armosec.io> * fix Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Amir Malka <amirm@armosec.io>	2023-08-30 09:54:50 +03:00
rcohencyberarmor	4e48148d40	Support unified configuration (#1304 ) * support scanning scope Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update white list Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * scope empty return control should tested Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego scope for system test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update test + mock Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add comment Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego library Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update opa utils - lots of file changes in this commit since armoapi-go bump up in opa-utils Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * move to temp k8s-interface - till PR in k8s-interface repo will approved Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface with released tag Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod in httphandler Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * support unified configuration Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * unitest adjustment Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * config-unified Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * CR corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * remove system test till it will be merged Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add relevant system test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * remove delete test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * return config delete system test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> --------- Signed-off-by: rcohencyberarmor <rcohen@armosec.io> Co-authored-by: rcohencyberarmor <rcohen@armosec.io>	2023-08-15 10:34:23 +03:00
DRAGON2002	35c593a624	chore: update docs build.ps1 (#1299 ) * chore: update docs build.ps1 Signed-off-by: DRAGON <anantvijay3@gmail.com> * Fix build.ps1 for CI Signed-off-by: Songlin Jiang <songlin.jiang@csc.fi> --------- Signed-off-by: DRAGON <anantvijay3@gmail.com> Signed-off-by: Songlin Jiang <songlin.jiang@csc.fi> Co-authored-by: Songlin Jiang <songlin.jiang@csc.fi>	2023-08-09 09:27:35 +03:00
rcohencyberarmor	4c9fec8ef4	Support scanning scope (#1293 ) * support scanning scope Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update white list Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * scope empty return control should tested Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego scope for system test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update test + mock Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add comment Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego library Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update opa utils - lots of file changes in this commit since armoapi-go bump up in opa-utils Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * move to temp k8s-interface - till PR in k8s-interface repo will approved Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface with released tag Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod in httphandler Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * PR review corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * change test name Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * scanning scope support for framework Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * test/mock adjustments after merge Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add more informative log to the user Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go.mod and go.sum of the http handler Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * remove framework just scanning scope not matched to framework config scope Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add system tests to workflow Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add system test to github workflow Signed-off-by: rcohencyberarmor <rcohen@armosec.io> --------- Signed-off-by: rcohencyberarmor <rcohen@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: rcohencyberarmor <rcohen@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-07 19:11:14 +03:00
David Wertenteil	6f07e63d3f	Hotfix for version 2.3.8 (#1333 ) * update wf Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed tag Signed-off-by: David Wertenteil <dwertent@armosec.io> * build arm64 Signed-off-by: David Wertenteil <dwertent@armosec.io> * wip: revert release changes Signed-off-by: David Wertenteil <dwertent@armosec.io> * wip: adding build-image wf Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding platforms to wf Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-06 12:23:49 +03:00
David Wertenteil	1a2e16b895	Update PR workflow (#1330 ) * fixed wf call Signed-off-by: David Wertenteil <dwertent@armosec.io> * do not wait for pr checks Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed typo Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 17:25:22 +03:00
David Wertenteil	12d7f18b79	Merge pull request #1329 from kubescape/codesee-wf Update codesee-arch-diagram.yml	2023-08-03 14:05:34 +03:00
David Wertenteil	ba134ebc32	Update codesee-arch-diagram.yml Run codesee only on `.go` files Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 13:52:27 +03:00
David Wertenteil	b44f0a76c9	Update 00-pr-scanner.yaml Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 13:49:34 +03:00
Daniel Grunberger	5379b9b0a6	New output (#1320 ) * phase-1 Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * factory Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * wip: feat(cli): add an image scanning command Add a CLI command that launches an image scan. Does not scan images yet. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: add image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore: include dependencies Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: adjust image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: use scanning service in CLI Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * use iface Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * touches Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * continue Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * add cmd Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * support single workload scan Signed-off-by: Amir Malka <amirm@armosec.io> * fix conflict Signed-off-by: Amir Malka <amirm@armosec.io> * identifiers * go mod * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * merge * more * integrate img scan * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * more refactoring Signed-off-by: Amir Malka <amirm@armosec.io> * add scanned workload reference to opasessionobj Signed-off-by: Amir Malka <amirm@armosec.io> * fix GetWorkloadParentKind Signed-off-by: Amir Malka <amirm@armosec.io> * remove namespace argument from pullSingleResource, using field selector instead Signed-off-by: Amir Malka <amirm@armosec.io> * removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function Signed-off-by: Amir Malka <amirm@armosec.io> * changes * changes * fixes * changes * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): create vuln db with dedicated function Remove commented out code, too. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * docs(imagescan): provide package-level docs Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * finish merge * image scan tests * continue * fixes * refactor * rm duplicate * start fixes * update gh actions Signed-off-by: David Wertenteil <dwertent@armosec.io> * pr fixes * fix test * improvements --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> Signed-off-by: Amir Malka <amirm@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Vlad Klokun <vklokun@protonmail.ch> Co-authored-by: Amir Malka <amirm@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 12:09:33 +03:00
David Wertenteil	98f68d8097	Merge pull request #1319 from kubescape/codesee-arch-diagram-workflow-1690964652908 Install the CodeSee workflow.	2023-08-03 10:14:47 +03:00
David Wertenteil	f36d8c31b0	Adding pr-agent Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-02 16:27:16 +03:00
codesee-maps[bot]	28200b2744	Install the CodeSee workflow. Learn more at https://docs.codesee.io	2023-08-02 08:24:13 +00:00
David Wertenteil	d380b2cb00	Revert "Deprecate kubescape-windows-latest"	2023-05-16 10:03:41 +03:00
David Wertenteil	d1bc6d0190	Merge pull request #1213 from HollowMan6/windows-latest Deprecate kubescape-windows-latest	2023-05-15 13:23:32 +03:00
Amir Malka	0a0ef10d50	Control parallelism of opa rule processing by env var (#1230 ) * control parallelism of opa rule processing by env var Signed-off-by: Amir Malka <amirm@armosec.io> * go 1.20 Signed-off-by: Amir Malka <amirm@armosec.io> * update go.mod go.sum Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Amir Malka <amirm@armosec.io>	2023-05-14 14:59:21 +03:00
Amir Malka	b26f83d0bd	update go version 1.19->1.20 Signed-off-by: Amir Malka <amirm@armosec.io>	2023-05-14 10:04:30 +03:00
David Wertenteil	9cc3053d74	Merge pull request #1214 from HollowMan6/dispatch Add ref to workflow dispatch	2023-05-11 15:13:24 +01:00
YiscahLevySilas1	aff8cc480e	add compliance score system test Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-05-07 16:07:39 +03:00
Hollow Man	c637c1a589	Add ref to workflow dispatch Signed-off-by: Hollow Man <hollowman@opensuse.org>	2023-05-01 22:07:50 +03:00
Hollow Man	75d31c22d9	Deprecate kubescape-windows-latest Signed-off-by: Hollow Man <hollowman@opensuse.org>	2023-05-01 17:38:46 +03:00
David Wertenteil	b93a97a8c8	Merge pull request #1186 from HollowMan6/dispatch Invoke packaging workflow to update after release	2023-05-01 16:45:10 +03:00
Hollow Man	1843bcdaf8	invoke only if the repository owner is kubescape Signed-off-by: Hollow Man <hollowman@opensuse.org>	2023-05-01 13:46:39 +03:00
Hollow Man	ec7bc26f64	Add kubescape.exe to the release assets Signed-off-by: Hollow Man <hollowman@opensuse.org>	2023-05-01 13:24:35 +03:00
Hollow Man	d4b75dcb0c	ci: update before install packages Signed-off-by: Hollow Man <hollowman@opensuse.org>	2023-04-27 15:50:21 +00:00
David Wertenteil	d448de131f	Merge pull request #1148 from HollowMan6/master arm64 release binaries for CI and Krew	2023-04-23 09:48:05 +03:00
Hollow Man	ab41d5dbf4	Invoke workflow to update github action Signed-off-by: Hollow Man <hollowman@opensuse.org>	2023-04-12 22:33:02 +03:00
MathoAvito	d44b9f7a31	Change wf (#1190 ) * added coveralls coverage tests Signed-off-by: Matan Avital <matavital13@gmail.com>	2023-04-09 18:29:23 +03:00

1 2 3 4 5 ...

262 Commits