github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,450 Commits 20 Branches 551 Tags
8f009d4698c2e803f0f46f1a7bf12292dda80caa
Commit Graph

78 Commits

Author SHA1 Message Date
Bezbran
25bd51e8b4 Replace host sensor with node agent sensing (#1916) 
In this change I used both claude code and Antigravity.

---------

Signed-off-by: Bezalel Brandwine <bez@softwine.net>
 2026-02-01 13:17:03 +02:00
mandronic
f28bb11c55 removed 'procMount: Unmasked' from host-scanner daemonset definition (refs kubescape/helm-charts#711) (#1886) 
Signed-off-by: Mihail Andronic <104365774+mandronic@users.noreply.github.com>
 2025-11-03 13:40:14 +02:00
Matthias Bertschy
3f80bce811 fix: improve error handling in hostscanner pod validation 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-10-10 16:13:43 +02:00
Matthias Bertschy
70a9380966 fix go imports 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-01-09 12:14:56 +01:00
Matthias Bertschy
2d77ea7b62 use pager.EachListItem to filter parented resources 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2024-07-03 16:41:12 +02:00
fanqiaojun
bd35d521f2 Fix some comments 
Signed-off-by: fanqiaojun <fanqiaojun@yeah.net>
 2024-04-13 15:42:01 +08:00
needsure
dee6ed96f8 chore: fix function names in comment 
Signed-off-by: needsure <qinzhipeng@outlook.com>
 2024-04-09 16:33:24 +08:00
Mehdi Moussaif
d653530ba2 Add YAML validation 
Signed-off-by: Mehdi Moussaif <m.moussaif42@gmail.com>
 2023-11-26 16:34:37 +01:00
Mehdi Moussaif
5242e8c4b0 Add test cases for loading host sensor from file 
Signed-off-by: Mehdi Moussaif <m.moussaif42@gmail.com>
 2023-11-26 16:34:26 +01:00
VaibhavMalik4187
55162829e7 Added Test Suite for core/pkg package 
Added unit tests for the following files:
- containerscan/datastructures.go
- hostsensorutils/hostsensordeploy.go
- hostsensorutils/hostsensorworkerpool.go
- hostsensorutils/utils.go
- policyhandler/handlepullpolicies.go
- policyhandler/handlepullpoliciesutils.go
- resourcehandler/filesloader.go
- resourcehandler/remotegitutils.go

Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>
 2023-11-23 14:19:13 +05:30
David Wertenteil
3e2314a269 Bump v3 (#1449) 
* bump version

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* change default view

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* fixed tests

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* fixed go mod

Signed-off-by: David Wertenteil <dwertent@armosec.io>

---------

Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-10-22 17:43:51 +03:00
David Wertenteil
f98b394ec2 Merge pull request #1254 from kubescape/rbac-fix 
initialize ns in case we don't have one in YAML
 2023-07-05 17:47:42 +03:00
David Wertenteil
8989cc1679 Deprecated host-scanner 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-07-04 09:43:10 +03:00
Matthias Bertschy
99938ecbee initialize ns in case we don't have one in YAML 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2023-06-19 07:47:29 +02:00
Alessio Greggi
ce7fde582c fix: update host-scanner version 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-31 14:14:29 +02:00
Alessio Greggi
9e2fe607d8 fix: remove deprecated endpoint 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-30 10:50:31 +02:00
Alessio Greggi
c486b4fed7 feat: add log coupling for hostsensorutils 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 14:46:34 +02:00
Alessio Greggi
00c48d756d fix(hostsensorutils): add finalizers deletion 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 11:49:15 +02:00
Alessio Greggi
b49563ae8c fix(hostsensorutils): reduce periods of readiness probe 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 11:34:04 +02:00
Alessio Greggi
7840ecb5da fix: move host-scanner to kubescape namespace 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 09:45:12 +02:00
David Wertenteil
a73081c816 Merge pull request #1203 from kubescape/fix/remove-outdated-endpoints 
fix: remove outdated enpoints
 2023-04-27 11:23:18 +03:00
Alessio Greggi
76ced13a26 fix(hostsensorutils): fix indentation of probe attributes 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-04-26 16:16:29 +02:00
Alessio Greggi
b48c04da63 fix: remove outdated enpoints 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-04-21 19:47:24 +02:00
David Wertenteil
7b9ad26e8e update host scanner image tag 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-03-26 15:07:06 +03:00
Frédéric BIDON
a090a296fa refact(hostsensorutils): unexported fields that don't need to be exposed 
Also:
* declared scanner resources as an enum type
* replaced stdlib json, added uit tests for skipped resources
* unexported worker pool
* more unexported methods (i.e. everything that is not part of the interface)
* refact(core): clarified mock injection logic and added a few unit tests at the caller's (CLI init utils)

Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
 2023-03-25 09:37:24 +01:00
Frederic BIDON
dee3a10bac test(utils): introduced internal/testutils package to factorize testing utilities 
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>

Conflicts:
	core/pkg/hostsensorutils/hostsensordeploy_test.go
 2023-03-24 11:15:25 +01:00
Frédéric BIDON
5b62b0b749 addressed review from David: reverted on unconditional loop exit 
Signed-off-by: Frédéric BIDON <fredbi@yahoo.com>
 2023-03-23 16:56:37 +01:00
Frédéric BIDON
e4f34f6173 refact(host-sensor): refactors the host sensor 
This PR factorizes the list of calls to the host-scanner API in a loop.

More godoc-friendly doc strings are added.

Signed-off-by: Frédéric BIDON <fredbi@yahoo.com>
 2023-03-23 16:56:37 +01:00
David Wertenteil
d0b5c7c2c2 update host scanner image tag 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-03-16 09:45:12 +02:00
David Wertenteil
ec4a098b1c replace error by warning 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-03-15 17:17:29 +02:00
Frederic BIDON
91af277a1c fixup unit test: error handling 
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
 2023-03-08 08:53:28 +01:00
Frederic BIDON
556962a7e1 test(hostsensorutils): added unit tests to the hostsensorutils package 
This PR introduces a (limited) mock for the kubernetes client API.

Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
 2023-03-07 20:35:29 +01:00
Arash Haghighat
3dfd758a82 refactor: update node scanner daemonset tolerations 
Signed-off-by: Arash Haghighat <arash@linja.pro>
 2023-03-01 16:36:08 +01:00
Alessio Greggi
39e2e34fc0 fix(hostsensorsutils): remove hostNet and hostPort from deployment 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-02-27 18:20:55 +01:00
David Wertenteil
01c65194a8 removing host scanner otel env 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-02-24 00:13:22 +02:00
Alessio Greggi
d900ce6146 fix(hostsensorutils): improve namespace deletion in host-scanner lifecycle 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-02-23 14:41:57 +01:00
Alessio Greggi
159d3907b5 style(hostsensorutils): simplify code with gofmt 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-02-16 11:38:55 +01:00
Alessio Greggi
c7d1292c7d fix(hostsensorutils): improve cloud provider detection 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-02-14 13:46:09 +01:00
YiscahLevySilas1
9f97f91f32 add context 
Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
 2023-02-05 12:03:10 +02:00
David Wertenteil
af9df548d6 Merge branch 'master' into CIS-EKS-support 2023-02-05 09:43:41 +02:00
Matthias Bertschy
160ac0db7c add otel with uptrace client 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2023-01-31 08:06:33 +01:00
kooomix
8810631d5c Support in CNIInfo 2023-01-23 09:50:07 +02:00
David Wertenteil
18a9ac3d6e adding debug logs 2023-01-13 13:26:36 +02:00
Frederic BIDON
2e5ad85fe0 simplified trivial expressions (gosimple) 
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
 2023-01-06 09:32:18 +01:00
Frederic BIDON
cf484c328b fixed issues reported by gover (e.g. shadowed variables) 
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
 2023-01-06 09:32:17 +01:00
David Wertenteil
7b4fbffae2 Merge pull request #976 from mkilchhofer/explicit_allowPrivilegeEscalation 
chore: Explicit set allowPrivilegeEscalation=true
 2022-12-18 08:09:35 +02:00
kooomix
1897c5a4ba Revert "Excluding controlPlaneInfo from error message in case no data recieved." 2022-12-15 16:17:39 +02:00
Marco Kilchhofer
57e435271e chore: Explicit set allowPrivilegeEscalation=true 
The value of allowPrivilegeEscalation followed implicit default of Kubernetes:
> AllowPrivilegeEscalation is true always when the container is:
> 1) run as Privileged
> 2) has CAP_SYS_ADMIN

For users still using PodSecurityPolicy (or a follow-up product like OPA Gatekeeper or
Kyverno), there might be mutating admission controllers which defaults this field to
`false` if unset. A value of `false` would then conflict with `privileged: true`.

Signed-off-by: Marco Kilchhofer <mkilchhofer@users.noreply.github.com>
 2022-12-14 22:27:05 +01:00
kooomix
214c2dcae8 patch to filter out "controlPlaneInfo" from error messages in case no data 2022-12-14 10:19:24 +02:00
David Wertenteil
c3b95bed8c Merge branch 'dev' into eran-dev 2022-12-06 14:17:49 +02:00