kubescape

mirror of https://github.com/kubescape/kubescape.git synced 2026-03-05 19:20:52 +00:00

Author	SHA1	Message	Date
Matthias Bertschy	c7d3105ca5	use proper params in pager call Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-07-10 11:58:06 +02:00
Matthias Bertschy	2d77ea7b62	use pager.EachListItem to filter parented resources Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-07-03 16:41:12 +02:00
David Wertenteil	0ee98351c0	fix scanning unsupported clouds Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-05-26 15:45:19 +03:00
David Wertenteil	3cbd2c458d	fix scanning repo Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-05-06 16:22:38 +03:00
Matthias Bertschy	bda7a17f41	Merge pull request #1658 from needsure/master chore: fix function names in comment	2024-04-09 11:47:07 +02:00
needsure	dee6ed96f8	chore: fix function names in comment Signed-off-by: needsure <qinzhipeng@outlook.com>	2024-04-09 16:33:24 +08:00
Matthias Bertschy	d27284b6f6	remove api calls from scan repo Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-04-09 07:37:58 +02:00
Matthias Bertschy	708bf4477a	Fix gitlab (#1639 ) * always use git token if we provide one Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> * bump go-git-url for gitlab fix Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> * fix action permissions for cosign signature Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> --------- Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-03-18 11:02:39 +02:00
mmmmmmorty	f5e110c212	Fix bug for no matches of yalib in one file mapping Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>	2024-03-08 10:50:39 +02:00
MMMMMMorty	bc33f10d0a	feat: Add the debugging ability for scanning Helm chart (#1215 ) * Fix issue 11552 Signed-off-by: MMMMMMorty <465346562@qq.com> * Add helm chart mapping node for sarif printer Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com> * add MappingNodes to getWorkloadFromHelmChart Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com> * clear the code to mappingnode and parseFile Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com> * add input to fixPathsToString Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com> * add fixs for error message Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com> * Add solution for multiple files in one yaml helm chart file Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com> * Add parseFile tests Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com> --------- Signed-off-by: MMMMMMorty <465346562@qq.com> Signed-off-by: mmmmmmorty <mmmmmmorty@outlook.com>	2024-03-01 14:31:51 +02:00
David Wertenteil	533edc6d05	Fixing exceptions for regovector objects Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-02-29 08:42:32 +02:00
David Wertenteil	ea7a8bef94	Fix/backlog (#1613 ) * Many minor improvements Signed-off-by: David Wertenteil <dwertent@armosec.io> * Handle fw scan error Signed-off-by: David Wertenteil <dwertent@armosec.io> * Remove prometheus docs Signed-off-by: David Wertenteil <dwertent@armosec.io> * fix workload threshold Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed units Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2024-02-26 22:42:41 +02:00
Amir Malka	4b8786bcaa	checking for compatible policy rules before pulling k8s resources; failing to pull some k8s resource should not fail the entire scan (#1578 ) Signed-off-by: Amir Malka <amirm@armosec.io>	2024-01-09 09:44:45 +02:00
Matthias Bertschy	1b260f60cc	patch GHSA-3f2q-6294-fmq5 by switching to chainguard's fork Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-12-11 07:19:05 +01:00
VaibhavMalik4187	55162829e7	Added Test Suite for core/pkg package Added unit tests for the following files: - containerscan/datastructures.go - hostsensorutils/hostsensordeploy.go - hostsensorutils/hostsensorworkerpool.go - hostsensorutils/utils.go - policyhandler/handlepullpolicies.go - policyhandler/handlepullpoliciesutils.go - resourcehandler/filesloader.go - resourcehandler/remotegitutils.go Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>	2023-11-23 14:19:13 +05:30
Craig Box	c9ccef90f3	Pretty up the pretty-printer. (#1451 ) * Pretty up the pretty-printer. Signed-off-by: Craig Box <craigb@armosec.io> * add some text fixes for the Operator also Signed-off-by: Craig Box <craigb@armosec.io> * fix another verb Signed-off-by: Craig Box <craigb@armosec.io> * fixed unit tests Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed test Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: Craig Box <craigb@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-10-31 18:07:43 +02:00
David Wertenteil	3e2314a269	Bump v3 (#1449 ) * bump version Signed-off-by: David Wertenteil <dwertent@armosec.io> * change default view Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed tests Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed go mod Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-10-22 17:43:51 +03:00
David Wertenteil	c143d10130	Cloud provider detection (#1448 ) * set cloud provider using nodes * use scan metadata for scanning scope * code cleanup Signed-off-by: David Wertenteil <dwertent@armosec.io> * handle error Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-10-22 15:47:57 +03:00
Matthias Bertschy	3efa40e808	use go-gitlog as an alternative to git2go (#1393 ) * use go-gitlog as an alternative to git2go Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> * set RELEASE to something to avoid failing binary-build step Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> --------- Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-10-15 15:16:05 +03:00
Amir Malka	8257e31232	Save scan results in storage and support scanning a deleted resource (#1376 ) * store scan results in storage Signed-off-by: Amir Malka <amirm@armosec.io> * store scan results in storage Signed-off-by: Amir Malka <amirm@armosec.io> * save resources in their namespaces, load namespace from env var, extend the config obj Signed-off-by: Amir Malka <amirm@armosec.io> * setting context name Signed-off-by: Amir Malka <amirm@armosec.io> * updated k8s-interface Signed-off-by: Amir Malka <amirm@armosec.io> * scanning a deleted resource Signed-off-by: Amir Malka <amirm@armosec.io> * cr changes Signed-off-by: Amir Malka <amirm@armosec.io> * cr changes Signed-off-by: Amir Malka <amirm@armosec.io> * fix Signed-off-by: Amir Malka <amirm@armosec.io> * remove unused constants Signed-off-by: Amir Malka <amirm@armosec.io> * use t.Setenv Signed-off-by: Amir Malka <amirm@armosec.io> * added tests for rbac triplet slugs Signed-off-by: Amir Malka <amirm@armosec.io> * updated namespace logic Signed-off-by: Amir Malka <amirm@armosec.io> * fix test Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Amir Malka <amirm@armosec.io>	2023-09-14 10:03:36 +03:00
Daniel Grunberger	96337edc67	add new line (#1389 ) * add new line Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * rename ks-cloud-operator Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>	2023-09-13 14:26:11 +03:00
Daniel Grunberger	53f23b663b	Logger fixes (#1362 ) * fix rbac log Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * fix logger logic Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * use const Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * use const for zap Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>	2023-08-30 19:17:41 +03:00
David Wertenteil	92449bf564	core(cmd): adding corrections to cmd (#1357 ) * adding corrections to cmd Signed-off-by: David Wertenteil <dwertent@armosec.io> * remove decorative line Signed-off-by: David Wertenteil <dwertent@armosec.io> * wip: changed results indicator Signed-off-by: David Wertenteil <dwertent@armosec.io> * replace status test with icons Signed-off-by: David Wertenteil <dwertent@armosec.io> * print workloads in a different line Signed-off-by: David Wertenteil <dwertent@armosec.io> * update display Signed-off-by: David Wertenteil <dwertent@armosec.io> * deprecate commands Signed-off-by: David Wertenteil <dwertent@armosec.io> * removed unused functions Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed tests Signed-off-by: David Wertenteil <dwertent@armosec.io> * update cloud provider detection Signed-off-by: David Wertenteil <dwertent@armosec.io> * rename column name Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-29 09:50:22 +03:00
Amir Malka	150967eae8	Refactor backend integration (#1355 ) * refactor BE integration Signed-off-by: Amir Malka <amirm@armosec.io>	2023-08-23 15:36:08 +03:00
Daniel Grunberger	f7b3cdcf35	Improve logs (#1349 ) * use stop-success Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * improve logger Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * RBAC Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>	2023-08-17 14:18:40 +03:00
Daniel Grunberger	936cb26c06	fix panic and improve logs (#1344 ) Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>	2023-08-16 13:00:52 +03:00
DRAGON2002	225a923006	feat: improve pretty logger (#1311 ) * feat: improve pretty logger Signed-off-by: DRAGON <anantvijay3@gmail.com> * fixed logger Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: DRAGON <anantvijay3@gmail.com> Signed-off-by: Craig Box <craigb@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: Craig Box <craigb@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-09 17:30:04 +03:00
David Wertenteil	cf08daf7fb	scan per namespace (#1337 ) * scan per namespace Signed-off-by: David Wertenteil <dwertent@armosec.io> * disable unit test Signed-off-by: David Wertenteil <dwertent@armosec.io> * Adding build image wf Signed-off-by: David Wertenteil <dwertent@armosec.io> * removing unused channels Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding scopes Signed-off-by: David Wertenteil <dwertent@armosec.io> * update Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed cluster size Signed-off-by: David Wertenteil <dwertent@armosec.io> * update rbac deps Signed-off-by: David Wertenteil <dwertent@armosec.io> * aggregate resources Signed-off-by: David Wertenteil <dwertent@armosec.io> * Delete build-image.yaml Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding scan image logs Signed-off-by: David Wertenteil <dwertent@armosec.io> * update cmd message Signed-off-by: David Wertenteil <dwertent@armosec.io> * update logs Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-08 10:47:15 +03:00
Amir Malka	e2f96200e0	Code refactor (follow up to PR #1300 ) (#1323 ) * code refactor Signed-off-by: Amir Malka <amirm@armosec.io> * use scaninfo object in resource handler Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Amir Malka <amirm@armosec.io>	2023-08-03 17:50:33 +03:00
Daniel Grunberger	5379b9b0a6	New output (#1320 ) * phase-1 Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * factory Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * wip: feat(cli): add an image scanning command Add a CLI command that launches an image scan. Does not scan images yet. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: add image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore: include dependencies Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: adjust image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: use scanning service in CLI Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * use iface Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * touches Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * continue Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * add cmd Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * support single workload scan Signed-off-by: Amir Malka <amirm@armosec.io> * fix conflict Signed-off-by: Amir Malka <amirm@armosec.io> * identifiers * go mod * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * merge * more * integrate img scan * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * more refactoring Signed-off-by: Amir Malka <amirm@armosec.io> * add scanned workload reference to opasessionobj Signed-off-by: Amir Malka <amirm@armosec.io> * fix GetWorkloadParentKind Signed-off-by: Amir Malka <amirm@armosec.io> * remove namespace argument from pullSingleResource, using field selector instead Signed-off-by: Amir Malka <amirm@armosec.io> * removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function Signed-off-by: Amir Malka <amirm@armosec.io> * changes * changes * fixes * changes * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): create vuln db with dedicated function Remove commented out code, too. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * docs(imagescan): provide package-level docs Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * finish merge * image scan tests * continue * fixes * refactor * rm duplicate * start fixes * update gh actions Signed-off-by: David Wertenteil <dwertent@armosec.io> * pr fixes * fix test * improvements --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> Signed-off-by: Amir Malka <amirm@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Vlad Klokun <vklokun@protonmail.ch> Co-authored-by: Amir Malka <amirm@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 12:09:33 +03:00
Amir Malka	0c019819ff	Scanning a single resource (#1300 ) * add cmd Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * support single workload scan Signed-off-by: Amir Malka <amirm@armosec.io> * fix conflict Signed-off-by: Amir Malka <amirm@armosec.io> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * more refactoring Signed-off-by: Amir Malka <amirm@armosec.io> * add scanned workload reference to opasessionobj Signed-off-by: Amir Malka <amirm@armosec.io> * fix GetWorkloadParentKind Signed-off-by: Amir Malka <amirm@armosec.io> * remove namespace argument from pullSingleResource, using field selector instead Signed-off-by: Amir Malka <amirm@armosec.io> * removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function Signed-off-by: Amir Malka <amirm@armosec.io> * fix tests Signed-off-by: Amir Malka <amirm@armosec.io> * use ScanObject instead of workload identifier Signed-off-by: Amir Malka <amirm@armosec.io> * refactor logic after CR Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Signed-off-by: Amir Malka <amirm@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>	2023-08-01 14:07:31 +03:00
David Wertenteil	fd3703b21b	Merge pull request #1296 from kubescape/error-handle-for-empty-resource-scan Error handle for empty resource scan	2023-07-31 16:13:42 +03:00
Amir Malka	bbfa5d356a	bump opa-utils, k8s-interface and armoapi-go Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-31 10:39:03 +03:00
rcohencyberarmor	3280173e95	add error handle when there are no scan to trigger since the directory not contain any relevant scanning files Signed-off-by: rcohencyberarmor <rcohen@armosec.io>	2023-07-24 17:17:06 +03:00
David Wertenteil	fcbcb53995	Merge pull request #1276 from amirmalka/time-based-cached-policies Time-based cached policies	2023-07-20 16:56:39 +03:00
Amir Malka	bacf15eeb8	cache control inputs Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-18 15:56:16 +03:00
DRAGON	067655d003	fix: stuck spinner Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-07-14 01:24:46 +05:30
Amir Malka	e470fce6ed	initial implementation of OpenTelemetry metrics collection (#1269 ) Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-10 14:22:26 +03:00
Amir Malka	ea3172eda6	time-based cached policies Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-10 10:54:56 +03:00
David Wertenteil	b149e00d1a	Merge pull request #1264 from dwertent/deprecate-image-controls core(adaptors): Ignore adaptors when credentials are not set	2023-07-05 17:48:12 +03:00
David Wertenteil	06f5c24b7d	ignore adaptors if credentials are not set Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-07-05 10:13:21 +03:00
David Wertenteil	8989cc1679	Deprecated host-scanner Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-07-04 09:43:10 +03:00
Matthias Bertschy	75b64d58f3	change basic auth username to x-token-auth Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-05-01 10:55:07 +02:00
Alessio Greggi	f010364c98	feat: add progress bar during cloud resources download Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>	2023-03-28 16:10:55 +02:00
David Wertenteil	ec4a098b1c	replace error by warning Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-03-15 17:17:29 +02:00
David Wertenteil	1e0b9563a1	Merge to master - PR number: 1129	2023-03-13 13:43:07 +02:00
Alessio Greggi	5aa56b1c0a	feat: integrate support to retrieve eks policies Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>	2023-03-13 11:35:07 +01:00
Frederic BIDON	7174f49f87	chore(lintin): run another pass of linting with the rules already in place Signed-off-by: Frederic BIDON <fredbi@yahoo.com>	2023-03-05 20:16:37 +01:00
YiscahLevySilas1	2a0a2cf95a	update logs in some resource getters (#1071 ) * change warning to debug Signed-off-by: yiscah <yiscahls@armosec.io> * update log Signed-off-by: yiscah <yiscahls@armosec.io> --------- Signed-off-by: yiscah <yiscahls@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-02-07 22:37:13 +02:00
YiscahLevySilas1	9f97f91f32	add context Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-02-05 12:03:10 +02:00

1 2 3 4

190 Commits