github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-04-15 06:58:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,321 Commits 23 Branches 553 Tags
5c2275e32a41058e9abdb5a50bb625cceafbfeb7
Commit Graph

914 Commits

Author SHA1 Message Date
Matthias Bertschy
b33f1c8cc7 Merge pull request #1887 from Mujib-Ahasan/fix-print-sarif 
fix: --format sarif logs as expected
 2025-11-05 18:17:31 +01:00
Mujib Ahasan
4929af510e fix: --format sarif logs as expected 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-11-04 20:30:10 +05:30
mandronic
f28bb11c55 removed 'procMount: Unmasked' from host-scanner daemonset definition (refs kubescape/helm-charts#711) (#1886) 
Signed-off-by: Mihail Andronic <104365774+mandronic@users.noreply.github.com>
 2025-11-03 13:40:14 +02:00
Matthias Bertschy
33d1e018ec fix: update documentation links to include 'controls' path 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-03 07:47:37 +01:00
Mujib Ahasan
0c74599314 Test file updated 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-10-30 01:14:25 +05:30
Mujib Ahasan
c23b85cc84 fixed 404 url issue in kubescape scan 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-10-25 17:39:28 +05:30
Matthias Bertschy
3f80bce811 fix: improve error handling in hostscanner pod validation 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-10-10 16:13:43 +02:00
Matthias Bertschy
ff96edae4d use grype v0.99.1 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-17 10:11:19 +02:00
Matthias Bertschy
88b9b22bca Merge pull request #1857 from aadarsh-nagrath/default-matchers 
feat: add default matchers option to image scanning
 2025-09-02 14:25:29 +02:00
Matthias Bertschy
182162d521 gofmt 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-02 13:51:45 +02:00
Matthias Bertschy
ca66ccb33d replace olekukonko/tablewriter with jedib0t/go-pretty 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-01 16:38:42 +02:00
Matthias Bertschy
07eda20b88 Merge pull request #1869 from htsr/fix-imagescan-use-all-targets-exceptions 
fix(imagescan): use all targets in exceptions
 2025-09-01 16:29:04 +02:00
Matthias Bertschy
108c84d97d Merge pull request #1867 from cx-anjali-deore/feature/ListcontainerName 
Issue 1817 fix: Show container name in Assisted remediation
 2025-09-01 16:28:51 +02:00
Matthias Bertschy
35e7fa2b94 fix imports 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-09-01 15:49:31 +02:00
Hugo Thiessard
abb7917b29 fix(imagescan): use all targets in exceptions 
Previously, kubescape only used the first target in scan image exceptions.
Added a test to verify the fix.

Signed-off-by: Hugo Thiessard <htsr@pm.me>
 2025-09-01 15:05:00 +02:00
anjali-deore
5faade2b66 Fixed test cases 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-31 17:37:32 +05:30
Matthias Bertschy
79207f66be don't read services from configmap, use file 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-29 15:21:25 +02:00
anjali-deore
af39f9a7ef fix removed space 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-29 15:31:35 +05:30
anjali-deore
482b7c1f67 fix 1817 ,code cleanup 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-29 15:20:00 +05:30
anjali-deore
82e2fd0be2 fix issue 1817,Added Container Name in control scan output 
Signed-off-by: anjali-deore <200181980+cx-anjali-deore@users.noreply.github.com>
 2025-08-29 15:20:00 +05:30
Yehudah Tor
2a48af3c17 new approach of fix implemented 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-08-19 12:22:15 +03:00
Matthias Bertschy
ffeb4577e3 refactor output formatting in prettyprinter and related files 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-18 12:15:54 +02:00
Matthias Bertschy
011fc0689d return error on image when severity threshold exceeded 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-08-14 14:38:59 +02:00
aadarsh-nagrath
db30020c95 feat: add default matchers option to image scanning 
hey! added the default matchers option for image scanning as requested in #1838. now you can choose between stock matchers and CPE matchers when scanning images.

what's new:
- added --use-default-matchers flag to scan/image/patch commands
- true = stock matchers (default behavior)
- false = CPE matchers (more precise)

usage:
# use CPE matchers for more precise detection
kubescape scan image nginx:latest --use-default-matchers=false

# or in scan command
kubescape scan --scan-images --use-default-matchers=false

everything's backward compatible - existing code works exactly the same. just added the new option for folks who want more control over their vulnerability detection.

fixes #1838

Signed-off-by: aadarsh-nagrath <anagrath1@gmail.com>
 2025-08-06 21:48:40 +05:30
Matthias Bertschy
c5341a356b fix prettyprinter test results 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-07-28 15:06:09 +02:00
Matthias Bertschy
bc602a78ab fix docs URL in tests 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-07-28 14:41:25 +02:00
dependabot[bot]
01531b6276 Bump github.com/open-policy-agent/opa from 1.3.0 to 1.4.0 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 1.3.0 to 1.4.0.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v1.3.0...v1.4.0)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-version: 1.4.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-07-28 12:20:18 +02:00
Ben Hirschberg
aedfe1c4c0 Merge pull request #1849 from kubescape/fix/addon-urls 
added urls hub.armo --> kubescape.io
 2025-07-27 14:19:34 +03:00
Yehudah Tor
d2bedc1d2b added urls 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-07-27 13:50:47 +03:00
Ben Hirschberg
35288e7b85 Merge pull request #1846 from kubescape/fix/update-links 
Fix/update links
 2025-07-27 10:01:27 +03:00
Matthias Bertschy
525e51d68e close grype DB at the very end of processing 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-07-25 09:50:10 +02:00
Yehudah Tor
5b351d5eec Done URL ref's before problematic ones 
Signed-off-by: Yehudah Tor <yehudahtor@gmail.com>
 2025-07-24 12:11:31 +03:00
Amir Malka
4f9809eec1 fix: control-plane node taints check (#1843) 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2025-07-15 11:06:09 +03:00
Matthias Bertschy
6ed3e408be check scanInfo.Submit in HandleResults to not submit by default 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-06-30 08:16:41 +02:00
shangchengbabaiban
d8bfb27bc3 fix: Fix stdin restoration in TestUserConfirmed 
Signed-off-by: shangchengbabaiban <shuang.cui@live.cn>
 2025-04-19 10:51:09 +08:00
Matthias Bertschy
31ed7d5160 upgrade open-policy-agent to 1.x 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-04-10 17:17:08 +02:00
Matthias Bertschy
5d4bd2e94e removing enable/disable colors, as not compatible with all loggers 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-02-18 11:38:47 +01:00
Ruslan Semagin
835bcbeb12 fix: format imports with goimports 
Signed-off-by: Ruslan Semagin <pixel.365.24@gmail.com>
 2025-02-12 12:15:14 +03:00
Matthias Bertschy
3a036ed0e3 remove test resources saved by accident 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-02-11 21:26:26 +01:00
Ruslan Semagin
fe7dad4560 Refactor: propagate context from main to avoid redundant context creation 
- Introduced a single context in main() to handle interrupt signals (os.Interrupt, syscall.SIGTERM).
- Removed repetitive context creation in the program by reusing the propagated context.
- Improved code readability and maintainability by centralizing context management.
- Ensured consistent handling of graceful shutdown across the program.

Signed-off-by: Ruslan Semagin <pixel.365.24@gmail.com>
 2025-02-11 19:52:48 +03:00
Matthias Bertschy
825694ade1 do not skip on location resolver error 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-02-10 10:25:44 +01:00
Matthias Bertschy
475b672a7a add fixed grypeDB for tests 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-02-07 12:34:11 +01:00
VaibhavMalik4187
0545818f82 Added tests and improvements for image exceptions 
Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
VaibhavMalik4187
046da1940c Added support for targets in image exceptions 
This commit introduces the ability to specify targets in image
exceptions. Each target will have the following 4 attributes:

1. Registry
2. Organization
3. ImageName
4. ImageTag

These attributes will be used to match against the canonical image name
of the image to be scanned. The vulnerabilites and the severities
specified in the VulnerabilitiesIgnorePolicy object will be considered
only if the image to be scanned matches the targets specified for that
policy. Regular expressions can also be used to specify the image
attributes.

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
VaibhavMalik4187
a31154897f Added support for severity exceptions in imagescan 
This commit add relevant functions to support severity exceptions during
image scan.

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
VaibhavMalik4187
199c57be30 WIP: Load image exceptions from file 
Added initial commit to start loading image exceptions from json files.

Currently, it supports vulnerability exceptions using their CVE-IDs.

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
VaibhavMalik4187
7d55c79f11 Feature: Added exceptions flag in scan image cmd 
This commit introduces the "exceptions" flag in the scan image command.
Users can pass a list of vulnerabilities they ignore while scanning an
image using this flag. Also added tests for the same.

Fixes: https://github.com/kubescape/kubescape/issues/1564

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2025-02-07 10:26:53 +01:00
Fernando-hub527
8985bbe3a9 refactor: update Maroto configuration file location 
Signed-off-by: Fernando-hub527 <fernandocoelhosaraivanando@gmail.com>
 2025-02-06 18:07:57 -03:00
Matthias Bertschy
1ffca5648e delete TableObject.getSeverityColor to please CI 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-02-06 07:56:07 +01:00
Fernando-hub527
76b1ecb022 refactor: create a method that returns the pdf row 
Return a struct with the data for ease of use

Signed-off-by: Fernando-hub527 <fernandocoelhosaraivanando@gmail.com>
 2025-02-05 21:52:50 -03:00