github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 09:59:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,463 Commits 20 Branches 551 Tags
427dccadd39c000e7a440fd68493f89592e6577a
Commit Graph

3463 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Bertschy
427dccadd3 Merge pull request #1934 from kubescape/krew 
Add krew plugin manifest
 2026-02-03 17:12:33 +00:00
Matthias Bertschy
01bb19bf6e Add krew plugin manifest 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 17:58:30 +01:00
Matthias Bertschy
c0d4bb45eb Merge pull request #1937 from kubescape/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.4.1 
build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1
 2026-02-03 14:50:06 +00:00
Matthias Bertschy
222c1ec866 Merge pull request #1931 from Mujib-Ahasan/readmd-update 
Fix broken README table of contents anchor links
 2026-02-03 14:44:36 +00:00
dependabot[bot]
dc49218c7c build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.1 to 2.4.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.4.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 13:12:03 +01:00
Matthias Bertschy
3b4585a827 Merge pull request #1932 from kubescape/scan-images 
add verbose option to scan-images
 2026-02-02 19:30:00 +00:00
Matthias Bertschy
7f79bc2d1d Sort CVEs by severity then ID 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
3623e55433 feat: add image column to vulnerability scanning table output 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
2f7841b5a2 update policy.json testdata 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
f70d81d7c4 add verbose option to scan-images 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
bd49251234 Merge pull request #1936 from kubescape/lint 
fix all linter errors
 2026-02-02 16:50:48 +00:00
Matthias Bertschy
57addd493f fix all linter errors 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:32:08 +01:00
Matthias Bertschy
8f009d4698 Merge pull request #1935 from kubescape/run_test_from_private_repo 
run system test from private repo
 2026-02-02 08:35:08 +00:00
bvolovat
7c0e38072d run system test from private repo 2026-02-02 10:22:00 +02:00
bvolovat
aa9a610c4c run system test from private repo 2026-02-02 10:03:25 +02:00
Bezbran
25bd51e8b4 Replace host sensor with node agent sensing (#1916) 
In this change I used both claude code and Antigravity.

---------

Signed-off-by: Bezalel Brandwine <bez@softwine.net>
 2026-02-01 13:17:03 +02:00
Mujib Ahasan
2759beece5 Fix broken README anchors 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2026-01-26 02:25:55 +05:30
Matthias Bertschy
6ce0121a03 Merge pull request #1928 from kubescape/dependabot/go_modules/github.com/sigstore/rekor-1.5.0 
build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0
v3.0.48 		2026-01-22 20:24:28 +00:00
Matthias Bertschy
09aa1ab866 Merge pull request #1927 from kubescape/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.3.1 
build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1
 2026-01-22 20:24:08 +00:00
dependabot[bot]
0ec188b23d build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.4.3...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:50:11 +01:00
dependabot[bot]
090820ba04 build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:49:44 +01:00
Matthias Bertschy
0cf24d058f Merge pull request #1926 from kubescape/copilot/fix-kubescan-interface-error 
Fix panic on unsafe interface{} to string type assertions
 2026-01-22 19:43:25 +00:00
copilot-swe-agent[bot]
c32e665809 Final verification - all changes complete 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 17:13:09 +01:00
copilot-swe-agent[bot]
82ec11b207 Fix indentation in test file 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:42:42 +00:00
copilot-swe-agent[bot]
32a15acdea Add test for CheckShortTerminalWidth with non-string values 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:41:14 +00:00
copilot-swe-agent[bot]
837a50c903 Fix unsafe interface to string type assertions to prevent panic 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:37:43 +00:00
copilot-swe-agent[bot]
bd00d153e9 Initial plan 2026-01-22 12:33:31 +00:00
Matthias Bertschy
306050046d Merge pull request #1923 from kubescape/dependabot/go_modules/github.com/sigstore/fulcio-1.8.5 
build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5
 2026-01-20 07:41:16 +00:00
dependabot[bot]
413db87e85 build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.8.4...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-20 08:07:08 +01:00
Matthias Bertschy
4d3b3efb9a Merge pull request #1922 from kubescape/copilot/fix-kubescape-report-discrepancy 
Fix workload scan to include allcontrols framework
 2026-01-16 15:18:11 +00:00
copilot-swe-agent[bot]
7ca609d39f Complete fix for workload scan missing controls 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 15:03:01 +00:00
copilot-swe-agent[bot]
872c0c9fab Fix workload scan to include allcontrols framework 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 14:58:58 +00:00
copilot-swe-agent[bot]
9353eb5b54 Initial plan 2026-01-16 14:49:43 +00:00
Matthias Bertschy
aa62fbea68 Merge pull request #1921 from kubescape/buildnumber 
Update build number retrieval and permissions in workflow
 2026-01-16 12:21:04 +00:00
Matthias Bertschy
08d964b631 Update golangci-lint action to version 9 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:39:54 +01:00
Matthias Bertschy
75fb07efde Update build number retrieval and permissions in workflow 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:18:19 +01:00
Matthias Bertschy
9445e0aa01 Merge pull request #1920 from kubescape/dependabot/go_modules/github.com/sigstore/cosign/v3-3.0.4 
build(deps): Bump github.com/sigstore/cosign/v3 from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4
 2026-01-16 10:45:55 +00:00
Matthias Bertschy
ea12643a3c Fix workflow YAML formatting and permissions 
Reformat the 00-pr-scanner workflow for consistent indentation. Add
artifact-metadata: read to pr-scanner permissions, include GO111MODULE
in the pr-scanner inputs, and set fetch-depth/submodules on the
actions/checkout step
 2026-01-16 11:42:55 +01:00
dependabot[bot]
0c42b41dcc build(deps): Bump github.com/sigstore/cosign/v3 
Bumps [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits/v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.0.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 11:31:31 +01:00
Amir Malka
351f957083 update test lists (#1919) 2026-01-11 21:50:37 +02:00
Matthias Bertschy
9d876b14e9 Merge pull request #1918 from AndrewCharlesHay/patch-1 
ci: update scorecard action version
 2026-01-06 14:22:11 +00:00
Andy Hay
895233630f ci: update scorecard action version 
Signed-off-by: Andy Hay <39sumer3939@gmail.com>
 2026-01-05 16:44:26 -05:00
Matthias Bertschy
423d9c5c1f Merge pull request #1917 from BroderPeters/master 
Add SkipPersistence flag to MetricsQueryParams in metrics endpoint
 2026-01-05 12:48:35 +00:00
Broder Peters
3f3681a4cd Add SkipPersistence flag to MetricsQueryParams in metrics endpoint 
Signed-off-by: Broder Peters <broder.peters@protonmail.com>
 2026-01-05 13:24:21 +01:00
Matthias Bertschy
d6ccc37640 Merge pull request #1915 from majiayu000/fix-1660-define-labels-to-copy-from-wor-1231-0603 
feat: Define labels to copy from workloads to reports
 2026-01-05 06:50:47 +00:00
Matthias Bertschy
3b6bc00b03 Merge pull request #1914 from majiayu000/fix-1617-kustomize-directory-analysis-n-1231-0603 
fix: Kustomize directory analysis not working
 2026-01-05 06:45:06 +00:00
Matthias Bertschy
8984f941ab Update README to include GoReleaser installation and usage instructions 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-05 07:27:39 +01:00
majiayu000
46eb266064 feat: add labels-to-copy flag to copy workload labels to reports 
Add a new --labels-to-copy CLI flag that allows users to specify which
labels from Kubernetes workloads should be extracted and included in
scan reports. This makes it easier to tie scan results back to app
teams or repositories by including relevant labels like 'app', 'team',
or 'environment' in the report output.

Changes:
- Add LabelsToCopy field to ScanInfo and OPASessionObj structs
- Add --labels-to-copy flag to scan command
- Add ResourceLabels field to PostureReportWithSeverity for JSON output
- Implement extractResourceLabels function to extract specified labels
- Add unit tests for label extraction functionality

Fixes #1660

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
 2025-12-31 06:20:29 +08:00
majiayu000
0f2125817b fix: enable kustomize overlays to load base configurations 
Fixes #1617. The kustomize build was failing for overlays that reference
base configurations in parent directories (e.g., ../../base). This was
because krusty.MakeDefaultOptions() defaults to LoadRestrictionsRootOnly,
which prevents loading resources from outside the kustomize directory.

Changed LoadRestrictions to LoadRestrictionsNone to allow overlays to
properly resolve and merge base configurations during scanning.

Added tests to verify:
- Overlay directories can successfully load resources from base directories
- Base directories continue to work as before
- The merged configuration includes resources from both base and overlay

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
 2025-12-31 06:14:10 +08:00
Matthias Bertschy
1225540590 Merge pull request #1913 from oglok/fix-typos-in-docs 
Fix typos in documentation
 2025-12-30 21:55:50 +01:00