kubescape

mirror of https://github.com/kubescape/kubescape.git synced 2026-04-15 06:58:11 +00:00

Author	SHA1	Message	Date
DRAGON2002	9afae713ba	feat: add table heading colors (#1321 ) Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-08-10 19:14:38 +03:00
Matthias Bertschy	1d64522607	use distroless base image (#1338 ) * use distroless base image Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> * bump cosign to v2 Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com> --------- Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-08-10 15:46:07 +03:00
DRAGON2002	225a923006	feat: improve pretty logger (#1311 ) * feat: improve pretty logger Signed-off-by: DRAGON <anantvijay3@gmail.com> * fixed logger Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: DRAGON <anantvijay3@gmail.com> Signed-off-by: Craig Box <craigb@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: Craig Box <craigb@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-09 17:30:04 +03:00
DRAGON2002	6c1a3fb89b	feat: add short table (#1292 ) Signed-off-by: DRAGON <anantvijay3@gmail.com> Signed-off-by: DRAGON2002 <81813720+XDRAGON2002@users.noreply.github.com>	2023-08-09 16:56:58 +03:00
DRAGON2002	df5f7db51d	feat: change colors library (#1316 ) Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-08-09 09:48:34 +03:00
DRAGON2002	869f0ea109	feat: add unicode table (#1285 ) Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-08-09 09:26:37 +03:00
David Wertenteil	cf08daf7fb	scan per namespace (#1337 ) * scan per namespace Signed-off-by: David Wertenteil <dwertent@armosec.io> * disable unit test Signed-off-by: David Wertenteil <dwertent@armosec.io> * Adding build image wf Signed-off-by: David Wertenteil <dwertent@armosec.io> * removing unused channels Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding scopes Signed-off-by: David Wertenteil <dwertent@armosec.io> * update Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed cluster size Signed-off-by: David Wertenteil <dwertent@armosec.io> * update rbac deps Signed-off-by: David Wertenteil <dwertent@armosec.io> * aggregate resources Signed-off-by: David Wertenteil <dwertent@armosec.io> * Delete build-image.yaml Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding scan image logs Signed-off-by: David Wertenteil <dwertent@armosec.io> * update cmd message Signed-off-by: David Wertenteil <dwertent@armosec.io> * update logs Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-08 10:47:15 +03:00
Ben Hirschberg	266029eb23	Implementing container image name normalization built-in function for Rego (#1334 ) * Implementing container image name normalization built-in function for Rego Signed-off-by: Ben <ben@armosec.io> * updating go.mod t include docker/distribution Signed-off-by: Ben <ben@armosec.io> * fix test Signed-off-by: Ben <ben@armosec.io> --------- Signed-off-by: Ben <ben@armosec.io>	2023-08-08 09:35:32 +03:00
rcohencyberarmor	4c9fec8ef4	Support scanning scope (#1293 ) * support scanning scope Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update white list Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * scope empty return control should tested Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego scope for system test Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update test + mock Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add comment Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update rego library Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update opa utils - lots of file changes in this commit since armoapi-go bump up in opa-utils Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * move to temp k8s-interface - till PR in k8s-interface repo will approved Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update k8s-interface with released tag Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go mod in httphandler Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * PR review corrections Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * change test name Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * scanning scope support for framework Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * test/mock adjustments after merge Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add more informative log to the user Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * update go.mod and go.sum of the http handler Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * remove framework just scanning scope not matched to framework config scope Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add system tests to workflow Signed-off-by: rcohencyberarmor <rcohen@armosec.io> * add system test to github workflow Signed-off-by: rcohencyberarmor <rcohen@armosec.io> --------- Signed-off-by: rcohencyberarmor <rcohen@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: rcohencyberarmor <rcohen@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-07 19:11:14 +03:00
David Wertenteil	6f07e63d3f	Hotfix for version 2.3.8 (#1333 ) * update wf Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed tag Signed-off-by: David Wertenteil <dwertent@armosec.io> * build arm64 Signed-off-by: David Wertenteil <dwertent@armosec.io> * wip: revert release changes Signed-off-by: David Wertenteil <dwertent@armosec.io> * wip: adding build-image wf Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding platforms to wf Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-06 12:23:49 +03:00
David Wertenteil	addd66bf72	Merge pull request #1327 from dwertent/hot-fix-submit-timestamp Fix submit time	2023-08-04 19:24:27 +03:00
Amir Malka	e2f96200e0	Code refactor (follow up to PR #1300 ) (#1323 ) * code refactor Signed-off-by: Amir Malka <amirm@armosec.io> * use scaninfo object in resource handler Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Amir Malka <amirm@armosec.io>	2023-08-03 17:50:33 +03:00
David Wertenteil	7444acae11	Merge pull request #1312 from XDRAGON2002/issue_1282 fix: negative compliance score	2023-08-03 14:32:47 +03:00
David Wertenteil	226b4772a2	fix submit time Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 13:26:49 +03:00
Daniel Grunberger	5379b9b0a6	New output (#1320 ) * phase-1 Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * factory Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * wip: feat(cli): add an image scanning command Add a CLI command that launches an image scan. Does not scan images yet. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: add image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore: include dependencies Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: adjust image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: use scanning service in CLI Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * use iface Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * touches Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * continue Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * add cmd Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * support single workload scan Signed-off-by: Amir Malka <amirm@armosec.io> * fix conflict Signed-off-by: Amir Malka <amirm@armosec.io> * identifiers * go mod * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * merge * more * integrate img scan * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * more refactoring Signed-off-by: Amir Malka <amirm@armosec.io> * add scanned workload reference to opasessionobj Signed-off-by: Amir Malka <amirm@armosec.io> * fix GetWorkloadParentKind Signed-off-by: Amir Malka <amirm@armosec.io> * remove namespace argument from pullSingleResource, using field selector instead Signed-off-by: Amir Malka <amirm@armosec.io> * removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function Signed-off-by: Amir Malka <amirm@armosec.io> * changes * changes * fixes * changes * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): create vuln db with dedicated function Remove commented out code, too. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * docs(imagescan): provide package-level docs Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * finish merge * image scan tests * continue * fixes * refactor * rm duplicate * start fixes * update gh actions Signed-off-by: David Wertenteil <dwertent@armosec.io> * pr fixes * fix test * improvements --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> Signed-off-by: Amir Malka <amirm@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Vlad Klokun <vklokun@protonmail.ch> Co-authored-by: Amir Malka <amirm@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 12:09:33 +03:00
Amir Malka	0c019819ff	Scanning a single resource (#1300 ) * add cmd Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * support single workload scan Signed-off-by: Amir Malka <amirm@armosec.io> * fix conflict Signed-off-by: Amir Malka <amirm@armosec.io> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * more refactoring Signed-off-by: Amir Malka <amirm@armosec.io> * add scanned workload reference to opasessionobj Signed-off-by: Amir Malka <amirm@armosec.io> * fix GetWorkloadParentKind Signed-off-by: Amir Malka <amirm@armosec.io> * remove namespace argument from pullSingleResource, using field selector instead Signed-off-by: Amir Malka <amirm@armosec.io> * removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function Signed-off-by: Amir Malka <amirm@armosec.io> * fix tests Signed-off-by: Amir Malka <amirm@armosec.io> * use ScanObject instead of workload identifier Signed-off-by: Amir Malka <amirm@armosec.io> * refactor logic after CR Signed-off-by: Amir Malka <amirm@armosec.io> --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Signed-off-by: Amir Malka <amirm@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>	2023-08-01 14:07:31 +03:00
David Wertenteil	d9e946cf6d	reset head (#1306 ) Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-01 10:47:07 +03:00
David Wertenteil	fd3703b21b	Merge pull request #1296 from kubescape/error-handle-for-empty-resource-scan Error handle for empty resource scan	2023-07-31 16:13:42 +03:00
Amir Malka	bbfa5d356a	bump opa-utils, k8s-interface and armoapi-go Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-31 10:39:03 +03:00
DRAGON	d2af7f47db	fix: negative compliance score Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-07-31 00:21:01 +05:30
Raziel Cohen	e424bfa81b	Merge branch 'master' of github.com:kubescape/kubescape into error-handle-for-empty-resource-scan	2023-07-30 11:21:53 +03:00
David Wertenteil	1a2dda700b	Merge pull request #1291 from XDRAGON2002/issue_1290 fix: yamlhandler error handling	2023-07-25 14:39:26 +03:00
rcohencyberarmor	3280173e95	add error handle when there are no scan to trigger since the directory not contain any relevant scanning files Signed-off-by: rcohencyberarmor <rcohen@armosec.io>	2023-07-24 17:17:06 +03:00
DRAGON	d0ae4f1c1a	fix: yamlhandler error handling Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-07-22 13:26:40 +05:30
Vlad Klokun	e4faad8284	Merge pull request #1287 from XDRAGON2002/issue_1255 fix: --- kubescape fix	2023-07-21 21:19:04 +03:00
Vlad Klokun	bc131efd91	tests(fixhandler): remove tests of an unexported sanitization method Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-07-21 20:29:04 +03:00
Vlad Klokun	4763f0d69d	docs(fixhandler): follow Go Doc comments convention in sanitization func Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-07-21 20:28:18 +03:00
Vlad Klokun	22c412ce7f	refactor(fixhandler): sanitize YAML inside ApplyFixToContent External observers don’t need to be aware of the fact we need to sanitize leading document separators in YAML files. This should be hidden inside our public function - `ApplyFixToContent()`. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-07-21 20:17:33 +03:00
Vlad Klokun	1503e984f8	tests(fixhandler): fail test if unable to open test data file Previously when there was a typo in a test file name, we silently failed. This commit makes the test explicitly fail if a test data file was not found. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-07-21 19:55:03 +03:00
Vlad Klokun	a4478ba899	style(fixhandler): newlines and spacing Ran with `go fmt`. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-07-21 19:45:43 +03:00
David Wertenteil	fcbcb53995	Merge pull request #1276 from amirmalka/time-based-cached-policies Time-based cached policies	2023-07-20 16:56:39 +03:00
YiscahLevySilas1	17c43fd366	support related objects (#1272 ) * support related objects Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update pkg versions Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update go mod Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * fix test Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * fix test Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * only add ids of related resource Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * fixes following review Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * add test for processRule Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> --------- Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-07-20 16:23:58 +03:00
DRAGON	912035662b	fix: --- kubescape fix Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-07-20 00:05:23 +05:30
Amir Malka	bacf15eeb8	cache control inputs Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-18 15:56:16 +03:00
DRAGON	067655d003	fix: stuck spinner Signed-off-by: DRAGON <anantvijay3@gmail.com>	2023-07-14 01:24:46 +05:30
Amir Malka	e470fce6ed	initial implementation of OpenTelemetry metrics collection (#1269 ) Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-10 14:22:26 +03:00
Amir Malka	ea3172eda6	time-based cached policies Signed-off-by: Amir Malka <amirm@armosec.io>	2023-07-10 10:54:56 +03:00
David Wertenteil	abe0477249	Merge pull request #1265 from dwertent/update-submit-message Update submit message	2023-07-06 09:39:04 +03:00
David Wertenteil	b149e00d1a	Merge pull request #1264 from dwertent/deprecate-image-controls core(adaptors): Ignore adaptors when credentials are not set	2023-07-05 17:48:12 +03:00
David Wertenteil	f98b394ec2	Merge pull request #1254 from kubescape/rbac-fix initialize ns in case we don't have one in YAML	2023-07-05 17:47:42 +03:00
David Wertenteil	8fa15688fb	Merge pull request #1260 from dwertent/deprecate-host-scanner Deprecated host-scanner from CLI	2023-07-05 17:46:12 +03:00
David Wertenteil	780be45392	update submit message Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-07-05 10:38:59 +03:00
David Wertenteil	06f5c24b7d	ignore adaptors if credentials are not set Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-07-05 10:13:21 +03:00
Oshrat Nir	3c38021f7c	Changed Assistance Remediation to Assited Remediation Signed-off-by: Oshrat Nir <oshratn@gmail.com>	2023-07-04 13:13:50 +03:00
David Wertenteil	8989cc1679	Deprecated host-scanner Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-07-04 09:43:10 +03:00
Matthias Bertschy	99938ecbee	initialize ns in case we don't have one in YAML Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-06-19 07:47:29 +02:00
guoguangwu	be63e1ef7c	chore: remove refs to deprecated io/ioutil Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>	2023-06-14 16:33:24 +08:00
YiscahLevySilas1	8ee72895b9	Fix statuses - Manual review and Requires configuration (#1251 ) * fix statuses - req. review, configurations, manual Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update opa-utils version Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update opa-utils version Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * update opa-utils version Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> * use const for inner info Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io> --------- Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>	2023-06-12 10:38:35 +03:00
Nitish Chauhan	6cefada215	correcting the formating of the table in pdf output (#1244 ) * correcting the formatting of the table in pdf output Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com> * adding some starting unit tests Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com> * resolving the mod error Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com> --------- Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com>	2023-06-04 15:21:07 +03:00
Alessio Greggi	ce7fde582c	fix: update host-scanner version Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>	2023-05-31 14:14:29 +02:00

1 2 3 4 5 ...

479 Commits