github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-04-15 06:58:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,405 Commits 23 Branches 553 Tags
314a74b817e488cc943ae0c3bfaaaaff3923cf79
Commit Graph

928 Commits

Author SHA1 Message Date
copilot-swe-agent[bot]
8d7c595a76 Address code review feedback: Extract helper function and improve comments 
- Add isHTTPURL helper function for better code reusability
- Improve comments to clarify why ContextDir is returned
- Enhance error message for unrecognized git repositories

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-11 09:16:12 +00:00
copilot-swe-agent[bot]
621ffd3ead Fix: Prevent URLs from being treated as local file paths 
- Add URL detection (http:// and https://) in getScanningContext
- Prevent URLs from being joined with current working directory
- Add test cases for self-hosted GitLab URLs
- Ensure proper error handling when git clone fails

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-11 09:08:12 +00:00
Matthias Bertschy
df37457504 Update cosign package to v3 and adjust go.mod dependencies 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-09 11:24:29 +01:00
copilot-swe-agent[bot]
a8574c61ea Fix: properly handle nil downloadReleasedPolicy in getters 
Ensure getter functions handle nil downloadReleasedPolicy correctly by creating a new instance when needed, maintaining backward compatibility with existing code while supporting air-gapped mode.

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:19:39 +00:00
copilot-swe-agent[bot]
6f9c0ae85f Address code review feedback 
- Fix string field checks in isAirGappedMode (use != "" instead of len() > 0)
- Use centralized isAirGappedMode function in getResourceHandler
- Improve comment clarity to reflect all air-gapped conditions

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:14:04 +00:00
copilot-swe-agent[bot]
be2c74e48a Add test for isAirGappedMode function 
Add comprehensive tests to verify air-gapped mode detection logic.

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:11:18 +00:00
copilot-swe-agent[bot]
68da73855f Refactor: Extract isAirGappedMode helper function 
Extract complex boolean condition into a dedicated helper function for better readability and maintainability.

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:06:52 +00:00
copilot-swe-agent[bot]
5b3f2d0ff9 Fix air-gapped mode to prevent network access 
- Skip version check when --keep-local flag is set
- Skip DownloadReleasedPolicy initialization when in air-gapped mode
- Skip KSCloudAPIConnector initialization when --keep-local is set

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:03:01 +00:00
copilot-swe-agent[bot]
1dd6d7a1b3 Address code review feedback: nil check and trailing whitespace 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:46:11 +00:00
copilot-swe-agent[bot]
6b80b85555 Add tests for results enrichment with severity 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:42:03 +00:00
copilot-swe-agent[bot]
d88bc067e2 Add severity to controls in results section as well 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:40:48 +00:00
copilot-swe-agent[bot]
4c8692bf8c Remove test output files and update gitignore 2025-12-03 16:32:29 +00:00
copilot-swe-agent[bot]
742e3bb67f Add severity field to controls in JSON output 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:31:57 +00:00
Matthias Bertschy
b6a4e282f9 Revamp documentation and reduce host sensor workers 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-30 11:47:00 +01:00
Matthias Bertschy
b33f1c8cc7 Merge pull request #1887 from Mujib-Ahasan/fix-print-sarif 
fix: --format sarif logs as expected
 2025-11-05 18:17:31 +01:00
Mujib Ahasan
4929af510e fix: --format sarif logs as expected 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-11-04 20:30:10 +05:30
mandronic
f28bb11c55 removed 'procMount: Unmasked' from host-scanner daemonset definition (refs kubescape/helm-charts#711) (#1886) 
Signed-off-by: Mihail Andronic <104365774+mandronic@users.noreply.github.com>
 2025-11-03 13:40:14 +02:00
Matthias Bertschy
33d1e018ec fix: update documentation links to include 'controls' path 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-03 07:47:37 +01:00
Mujib Ahasan
0c74599314 Test file updated 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-10-30 01:14:25 +05:30
Mujib Ahasan
c23b85cc84 fixed 404 url issue in kubescape scan 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-10-25 17:39:28 +05:30
Matthias Bertschy
3f80bce811 fix: improve error handling in hostscanner pod validation 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-10-10 16:13:43 +02:00
Matthias Bertschy
ff96edae4d use grype v0.99.1 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-17 10:11:19 +02:00
Matthias Bertschy
88b9b22bca Merge pull request #1857 from aadarsh-nagrath/default-matchers 
feat: add default matchers option to image scanning
 2025-09-02 14:25:29 +02:00
Matthias Bertschy
182162d521 gofmt 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-02 13:51:45 +02:00
Matthias Bertschy
ca66ccb33d replace olekukonko/tablewriter with jedib0t/go-pretty 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-01 16:38:42 +02:00
Matthias Bertschy
07eda20b88 Merge pull request #1869 from htsr/fix-imagescan-use-all-targets-exceptions 
fix(imagescan): use all targets in exceptions
 2025-09-01 16:29:04 +02:00
Matthias Bertschy
108c84d97d Merge pull request #1867 from cx-anjali-deore/feature/ListcontainerName 
Issue 1817 fix: Show container name in Assisted remediation
 2025-09-01 16:28:51 +02:00
Matthias Bertschy
35e7fa2b94 fix imports 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-01 15:49:31 +02:00
Hugo Thiessard
abb7917b29 fix(imagescan): use all targets in exceptions 
Previously, kubescape only used the first target in scan image exceptions.
Added a test to verify the fix.

Signed-off-by: Hugo Thiessard <htsr@pm.me>
 2025-09-01 15:05:00 +02:00
anjali-deore
5faade2b66 Fixed test cases 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-31 17:37:32 +05:30
Matthias Bertschy
79207f66be don't read services from configmap, use file 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-29 15:21:25 +02:00
anjali-deore
af39f9a7ef fix removed space 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-29 15:31:35 +05:30
anjali-deore
482b7c1f67 fix 1817 ,code cleanup 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-29 15:20:00 +05:30
anjali-deore
82e2fd0be2 fix issue 1817,Added Container Name in control scan output 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-29 15:20:00 +05:30
Yehudah Tor
2a48af3c17 new approach of fix implemented 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-08-19 12:22:15 +03:00
Matthias Bertschy
ffeb4577e3 refactor output formatting in prettyprinter and related files 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-18 12:15:54 +02:00
Matthias Bertschy
011fc0689d return error on image when severity threshold exceeded 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-14 14:38:59 +02:00
aadarsh-nagrath
db30020c95 feat: add default matchers option to image scanning 
hey! added the default matchers option for image scanning as requested in #1838. now you can choose between stock matchers and CPE matchers when scanning images.

what's new:
- added --use-default-matchers flag to scan/image/patch commands
- true = stock matchers (default behavior)
- false = CPE matchers (more precise)

usage:
# use CPE matchers for more precise detection
kubescape scan image nginx:latest --use-default-matchers=false

# or in scan command
kubescape scan --scan-images --use-default-matchers=false

everything's backward compatible - existing code works exactly the same. just added the new option for folks who want more control over their vulnerability detection.

fixes #1838

Signed-off-by: aadarsh-nagrath <anagrath1@gmail.com>
 2025-08-06 21:48:40 +05:30
Matthias Bertschy
c5341a356b fix prettyprinter test results 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-07-28 15:06:09 +02:00
Matthias Bertschy
bc602a78ab fix docs URL in tests 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-07-28 14:41:25 +02:00
dependabot[bot]
01531b6276 Bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.0 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 12:20:18 +02:00
Ben Hirschberg
aedfe1c4c0 Merge pull request #1849 from kubescape/fix/addon-urls 
added urls hub.armo --> kubescape.io
 2025-07-27 14:19:34 +03:00
Yehudah Tor
d2bedc1d2b added urls 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-07-27 13:50:47 +03:00
Ben Hirschberg
35288e7b85 Merge pull request #1846 from kubescape/fix/update-links 
Fix/update links
 2025-07-27 10:01:27 +03:00
Matthias Bertschy
525e51d68e close grype DB at the very end of processing 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-07-25 09:50:10 +02:00
Yehudah Tor
5b351d5eec Done URL ref's before problematic ones 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-07-24 12:11:31 +03:00
Amir Malka
4f9809eec1 fix: control-plane node taints check (#1843) 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2025-07-15 11:06:09 +03:00
Matthias Bertschy
6ed3e408be check scanInfo.Submit in HandleResults to not submit by default 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-06-30 08:16:41 +02:00
shangchengbabaiban
d8bfb27bc3 fix: Fix stdin restoration in TestUserConfirmed 
Signed-off-by: shangchengbabaiban <shuang.cui@live.cn>
 2025-04-19 10:51:09 +08:00
Matthias Bertschy
31ed7d5160 upgrade open-policy-agent to 1.x 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-04-10 17:17:08 +02:00