github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 09:59:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,357 Commits 20 Branches 551 Tags
60d7276de3fa416f26bf892dcafb8e027506cf8a
Commit Graph

3357 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Bertschy
60d7276de3 Merge pull request #1901 from kubescape/copilot/fix-cis-framework-metrics-export 
Fix CIS framework metrics not exported to Prometheus /v1/metrics endpoint
v3.0.46 v3.0.46-rc.0 		2025-12-05 09:45:06 +01:00
copilot-swe-agent[bot]
c05427ff38 Remove KS_METRICS_FRAMEWORKS environment variable support 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-05 09:43:49 +01:00
Matthias Bertschy
3e245da02b Merge pull request #1902 from kubescape/copilot/fix-air-gapped-configuration 
Fix air-gapped mode network access attempts
 2025-12-05 08:44:50 +01:00
copilot-swe-agent[bot]
cc7aae470f Fix typo in comment: fom -> from 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:47:52 +00:00
copilot-swe-agent[bot]
8d59a6074e Add frameworks query parameter to /v1/metrics endpoint 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:45:55 +00:00
copilot-swe-agent[bot]
1f7dd6e5f5 Fix incorrect comment about default output format 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:31:52 +00:00
copilot-swe-agent[bot]
bf5ca3c1f0 Add KS_METRICS_FRAMEWORKS env var to allow selecting specific frameworks 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-04 13:30:11 +00:00
copilot-swe-agent[bot]
a8574c61ea Fix: properly handle nil downloadReleasedPolicy in getters 
Ensure getter functions handle nil downloadReleasedPolicy correctly by creating a new instance when needed, maintaining backward compatibility with existing code while supporting air-gapped mode.

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:19:39 +00:00
copilot-swe-agent[bot]
6f9c0ae85f Address code review feedback 
- Fix string field checks in isAirGappedMode (use != "" instead of len() > 0)
- Use centralized isAirGappedMode function in getResourceHandler
- Improve comment clarity to reflect all air-gapped conditions

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:14:04 +00:00
copilot-swe-agent[bot]
be2c74e48a Add test for isAirGappedMode function 
Add comprehensive tests to verify air-gapped mode detection logic.

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:11:18 +00:00
copilot-swe-agent[bot]
68da73855f Refactor: Extract isAirGappedMode helper function 
Extract complex boolean condition into a dedicated helper function for better readability and maintainability.

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:06:52 +00:00
copilot-swe-agent[bot]
5b3f2d0ff9 Fix air-gapped mode to prevent network access 
- Skip version check when --keep-local flag is set
- Skip DownloadReleasedPolicy initialization when in air-gapped mode
- Skip KSCloudAPIConnector initialization when --keep-local is set

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 21:03:01 +00:00
copilot-swe-agent[bot]
02637c7a8e Initial plan 2025-12-03 20:50:40 +00:00
Matthias Bertschy
7d5b374f9d Merge pull request #1900 from kubescape/copilot/fix-severity-missing-json 
Add severity field to controls in JSON output
 2025-12-03 21:44:49 +01:00
copilot-swe-agent[bot]
1dd6d7a1b3 Address code review feedback: nil check and trailing whitespace 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:46:11 +00:00
copilot-swe-agent[bot]
6b80b85555 Add tests for results enrichment with severity 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:42:03 +00:00
copilot-swe-agent[bot]
d88bc067e2 Add severity to controls in results section as well 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:40:48 +00:00
copilot-swe-agent[bot]
ba78527c80 Enable ScanAll for prometheus metrics to include all frameworks including CIS 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:32:43 +00:00
copilot-swe-agent[bot]
4c8692bf8c Remove test output files and update gitignore 2025-12-03 16:32:29 +00:00
copilot-swe-agent[bot]
742e3bb67f Add severity field to controls in JSON output 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-03 16:31:57 +00:00
copilot-swe-agent[bot]
a39f36c9fb Initial plan 2025-12-03 16:18:31 +00:00
copilot-swe-agent[bot]
9bc29032e1 Initial plan 2025-12-03 16:12:04 +00:00
Matthias Bertschy
a4a290a3ce Merge pull request #1898 from kubescape/dependabot/go_modules/github.com/cilium/cilium-1.16.17 
Bump github.com/cilium/cilium from 1.16.9 to 1.16.17
 2025-12-02 17:12:06 +01:00
dependabot[bot]
379a3fbc27 Bump github.com/cilium/cilium from 1.16.9 to 1.16.17 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.16.9 to 1.16.17.
- [Release notes](https://github.com/cilium/cilium/releases)
- [Changelog](https://github.com/cilium/cilium/blob/1.16.17/CHANGELOG.md)
- [Commits](https://github.com/cilium/cilium/compare/1.16.9...1.16.17)

---
updated-dependencies:
- dependency-name: github.com/cilium/cilium
  dependency-version: 1.16.17
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-02 12:34:17 +01:00
Matthias Bertschy
a46098c034 Merge pull request #1896 from kubescape/summaries 
always save WorkloadConfigurationScanResultSummaries
 2025-12-01 08:05:57 +01:00
Matthias Bertschy
440f39ba3e Merge pull request #1897 from kubescape/docs 
Revamp documentation
 2025-11-30 11:47:23 +01:00
Matthias Bertschy
b6a4e282f9 Revamp documentation and reduce host sensor workers 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-30 11:47:00 +01:00
Matthias Bertschy
8deff34d12 always save WorkloadConfigurationScanResultSummaries 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-28 16:45:23 +01:00
Matthias Bertschy
acc9b54b2b Merge pull request #1895 from pfarikrispy/pfarikrispy-patch-1 
update from Debian 12 to 13 when building container images
 2025-11-26 14:52:53 +01:00
Christian Peper
1ffa29fbaa feat(security): update golang to debian trixie 
build in the same env as the final image

Signed-off-by: Christian Peper <dreamszz@gmail.com>
 2025-11-26 14:34:49 +01:00
Christian Peper
2ae30a8162 feat(security): update to Debian 13 
Signed-off-by: Christian Peper <dreamszz@gmail.com>
 2025-11-26 14:32:41 +01:00
Christian Peper
0ca5378c6b feat(security): update to Debian 13 
use debian 13 as a base image

Signed-off-by: Christian Peper <dreamszz@gmail.com>
 2025-11-26 14:30:46 +01:00
Matthias Bertschy
f51a1281f7 Merge pull request #1892 from kubescape/dependabot/go_modules/httphandler/golang.org/x/crypto-0.45.0 
Bump golang.org/x/crypto from 0.41.0 to 0.45.0 in /httphandler
 2025-11-21 20:59:38 +01:00
dependabot[bot]
5469d8bc04 Bump golang.org/x/crypto from 0.41.0 to 0.45.0 
Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.41.0 to 0.45.0.
- [Commits](https://github.com/golang/crypto/compare/v0.41.0...v0.45.0)

---
updated-dependencies:
- dependency-name: golang.org/x/crypto
  dependency-version: 0.45.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-21 17:10:28 +01:00
Matthias Bertschy
bd7c0c580e fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
v3.0.45 v3.0.45-rc.4 		2025-11-11 17:52:55 +01:00
Matthias Bertschy
154fec1385 Allow artifact-metadata read in release workflow 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
v3.0.45-rc.3 		2025-11-11 16:14:32 +01:00
Matthias Bertschy
5c2275e32a Allow artifact-metadata read in release workflow 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
v3.0.45-rc.2 		2025-11-11 16:13:16 +01:00
Matthias Bertschy
2da4736201 fix workflow permissions 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
v3.0.45-rc.1 		2025-11-11 16:10:15 +01:00
Matthias Bertschy
aefafeae6f Merge pull request #1890 from kubescape/dependabot/go_modules/github.com/opencontainers/selinux-1.13.0 
Bump github.com/opencontainers/selinux from 1.12.0 to 1.13.0
v3.0.45-rc.0 		2025-11-11 14:10:59 +01:00
dependabot[bot]
1772b38b8c Bump github.com/opencontainers/selinux from 1.12.0 to 1.13.0 
Bumps [github.com/opencontainers/selinux](https://github.com/opencontainers/selinux) from 1.12.0 to 1.13.0.
- [Release notes](https://github.com/opencontainers/selinux/releases)
- [Commits](https://github.com/opencontainers/selinux/compare/v1.12.0...v1.13.0)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/selinux
  dependency-version: 1.13.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-11 12:44:20 +00:00
Matthias Bertschy
c844f42208 Merge pull request #1889 from kubescape/dependabot/go_modules/github.com/containerd/containerd-1.7.29 
Bump github.com/containerd/containerd from 1.7.28 to 1.7.29
v3.0.44 		2025-11-07 08:44:37 +01:00
dependabot[bot]
b86d051998 Bump github.com/containerd/containerd from 1.7.28 to 1.7.29 
Bumps [github.com/containerd/containerd](https://github.com/containerd/containerd) from 1.7.28 to 1.7.29.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v1.7.28...v1.7.29)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd
  dependency-version: 1.7.29
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
v3.0.44-rc.0 		2025-11-07 08:32:59 +01:00
Matthias Bertschy
aaa8d1ed35 Merge pull request #1888 from kubescape/dependabot/go_modules/github.com/containerd/containerd/v2-2.0.7 
Bump github.com/containerd/containerd/v2 from 2.0.5 to 2.0.7
 2025-11-07 08:16:43 +01:00
dependabot[bot]
441d16aa08 Bump github.com/containerd/containerd/v2 from 2.0.5 to 2.0.7 
Bumps [github.com/containerd/containerd/v2](https://github.com/containerd/containerd) from 2.0.5 to 2.0.7.
- [Release notes](https://github.com/containerd/containerd/releases)
- [Changelog](https://github.com/containerd/containerd/blob/main/RELEASES.md)
- [Commits](https://github.com/containerd/containerd/compare/v2.0.5...v2.0.7)

---
updated-dependencies:
- dependency-name: github.com/containerd/containerd/v2
  dependency-version: 2.0.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-11-07 08:04:26 +01:00
Matthias Bertschy
b33f1c8cc7 Merge pull request #1887 from Mujib-Ahasan/fix-print-sarif 
fix: --format sarif logs as expected
v3.0.43 v3.0.43-rc.0 		2025-11-05 18:17:31 +01:00
Mujib Ahasan
4929af510e fix: --format sarif logs as expected 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-11-04 20:30:10 +05:30
mandronic
f28bb11c55 removed 'procMount: Unmasked' from host-scanner daemonset definition (refs kubescape/helm-charts#711) (#1886) 
Signed-off-by: Mihail Andronic <104365774+mandronic@users.noreply.github.com>
 2025-11-03 13:40:14 +02:00
Matthias Bertschy
8bff4a02e1 Merge pull request #1884 from Mujib-Ahasan/fix-url 
fixed "404" URL issue for command $kubescape scan.
 2025-11-03 11:11:55 +01:00
Matthias Bertschy
33d1e018ec fix: update documentation links to include 'controls' path 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-11-03 07:47:37 +01:00
Mujib Ahasan
0c74599314 Test file updated 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2025-10-30 01:14:25 +05:30