github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-04-15 06:58:11 +00:00
Code Issues Packages Projects Releases Wiki Activity
2,514 Commits 23 Branches 553 Tags
addd66bf721eed5e368650e629dfdbaad52b9743
Commit Graph

469 Commits

Author SHA1 Message Date
David Wertenteil
addd66bf72 Merge pull request #1327 from dwertent/hot-fix-submit-timestamp 
Fix submit time
 2023-08-04 19:24:27 +03:00
Amir Malka
e2f96200e0 Code refactor (follow up to PR #1300) (#1323) 
* code refactor

Signed-off-by: Amir Malka <amirm@armosec.io>

* use scaninfo object in resource handler

Signed-off-by: Amir Malka <amirm@armosec.io>

---------

Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-08-03 17:50:33 +03:00
David Wertenteil
7444acae11 Merge pull request #1312 from XDRAGON2002/issue_1282 
fix: negative compliance score
 2023-08-03 14:32:47 +03:00
David Wertenteil
226b4772a2 fix submit time 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-08-03 13:26:49 +03:00
Daniel Grunberger
5379b9b0a6 New output (#1320) 
* phase-1

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* factory

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* wip: feat(cli): add an image scanning command

Add a CLI command that launches an image scan. Does not scan images yet.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: feat: add image scanning service

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore: include dependencies

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: adjust image scanning service

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* wip: feat: use scanning service in CLI

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* use iface

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* touches

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* continue

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* add cmd

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* support single workload scan

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix conflict

Signed-off-by: Amir Malka <amirm@armosec.io>

* identifiers

* go mod

* feat(imagescan): add an image scanning command

This commit adds a CLI command and an associated package that scan
images for vulnerabilities.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

feat(imagescan): fail on exceeding the severity threshold

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): include dependencies

This commit adds the dependencies necessary for image scanning.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): add dependencies to httphandler

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* merge

* more

* integrate img scan

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* more refactoring

Signed-off-by: Amir Malka <amirm@armosec.io>

* add scanned workload reference to opasessionobj

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix GetWorkloadParentKind

Signed-off-by: Amir Malka <amirm@armosec.io>

* remove namespace argument from pullSingleResource, using field selector instead

Signed-off-by: Amir Malka <amirm@armosec.io>

* removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function

Signed-off-by: Amir Malka <amirm@armosec.io>

* changes

* changes

* fixes

* changes

* feat(imagescan): add an image scanning command

This commit adds a CLI command and an associated package that scan
images for vulnerabilities.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

feat(imagescan): fail on exceeding the severity threshold

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): include dependencies

This commit adds the dependencies necessary for image scanning.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): add dependencies to httphandler

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* chore(imagescan): create vuln db with dedicated function

Remove commented out code, too.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* docs(imagescan): provide package-level docs

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>

* finish merge

* image scan tests

* continue

* fixes

* refactor

* rm duplicate

* start fixes

* update gh actions

Signed-off-by: David Wertenteil <dwertent@armosec.io>

* pr fixes

* fix test

* improvements

---------

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
Signed-off-by: Amir Malka <amirm@armosec.io>
Signed-off-by: David Wertenteil <dwertent@armosec.io>
Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>
Co-authored-by: Vlad Klokun <vklokun@protonmail.ch>
Co-authored-by: Amir Malka <amirm@armosec.io>
Co-authored-by: David Wertenteil <dwertent@armosec.io>
 2023-08-03 12:09:33 +03:00
Amir Malka
0c019819ff Scanning a single resource (#1300) 
* add cmd

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>

* support single workload scan

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix conflict

Signed-off-by: Amir Malka <amirm@armosec.io>

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* added unit tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* more refactoring

Signed-off-by: Amir Malka <amirm@armosec.io>

* add scanned workload reference to opasessionobj

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix GetWorkloadParentKind

Signed-off-by: Amir Malka <amirm@armosec.io>

* remove namespace argument from pullSingleResource, using field selector instead

Signed-off-by: Amir Malka <amirm@armosec.io>

* removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function

Signed-off-by: Amir Malka <amirm@armosec.io>

* fix tests

Signed-off-by: Amir Malka <amirm@armosec.io>

* use ScanObject instead of workload identifier

Signed-off-by: Amir Malka <amirm@armosec.io>

* refactor logic after CR

Signed-off-by: Amir Malka <amirm@armosec.io>

---------

Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
Signed-off-by: Amir Malka <amirm@armosec.io>
Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>
 2023-08-01 14:07:31 +03:00
David Wertenteil
d9e946cf6d reset head (#1306) 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-08-01 10:47:07 +03:00
David Wertenteil
fd3703b21b Merge pull request #1296 from kubescape/error-handle-for-empty-resource-scan 
Error handle for empty resource scan
 2023-07-31 16:13:42 +03:00
Amir Malka
bbfa5d356a bump opa-utils, k8s-interface and armoapi-go 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-07-31 10:39:03 +03:00
DRAGON
d2af7f47db fix: negative compliance score 
Signed-off-by: DRAGON <anantvijay3@gmail.com>
 2023-07-31 00:21:01 +05:30
Raziel Cohen
e424bfa81b Merge branch 'master' of github.com:kubescape/kubescape into error-handle-for-empty-resource-scan 2023-07-30 11:21:53 +03:00
David Wertenteil
1a2dda700b Merge pull request #1291 from XDRAGON2002/issue_1290 
fix: yamlhandler error handling
 2023-07-25 14:39:26 +03:00
rcohencyberarmor
3280173e95 add error handle when there are no scan to trigger since the directory not contain any relevant scanning files 
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
 2023-07-24 17:17:06 +03:00
DRAGON
d0ae4f1c1a fix: yamlhandler error handling 
Signed-off-by: DRAGON <anantvijay3@gmail.com>
 2023-07-22 13:26:40 +05:30
Vlad Klokun
e4faad8284 Merge pull request #1287 from XDRAGON2002/issue_1255 
fix: --- kubescape fix
 2023-07-21 21:19:04 +03:00
Vlad Klokun
bc131efd91 tests(fixhandler): remove tests of an unexported sanitization method 
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-07-21 20:29:04 +03:00
Vlad Klokun
4763f0d69d docs(fixhandler): follow Go Doc comments convention in sanitization func 
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-07-21 20:28:18 +03:00
Vlad Klokun
22c412ce7f refactor(fixhandler): sanitize YAML inside ApplyFixToContent 
External observers don’t need to be aware of the fact we need to
sanitize leading document separators in YAML files. This should be
hidden inside our public function - `ApplyFixToContent()`.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-07-21 20:17:33 +03:00
Vlad Klokun
1503e984f8 tests(fixhandler): fail test if unable to open test data file 
Previously when there was a typo in a test file name, we silently
failed. This commit makes the test explicitly fail if a test data file
was not found.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-07-21 19:55:03 +03:00
Vlad Klokun
a4478ba899 style(fixhandler): newlines and spacing 
Ran with `go fmt`.

Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
 2023-07-21 19:45:43 +03:00
David Wertenteil
fcbcb53995 Merge pull request #1276 from amirmalka/time-based-cached-policies 
Time-based cached policies
 2023-07-20 16:56:39 +03:00
YiscahLevySilas1
17c43fd366 support related objects (#1272) 
* support related objects

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* update pkg versions

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* update go mod

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* fix test

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* fix test

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* only add ids of related resource

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* fixes following review

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* add test for processRule

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

---------

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
 2023-07-20 16:23:58 +03:00
DRAGON
912035662b fix: --- kubescape fix 
Signed-off-by: DRAGON <anantvijay3@gmail.com>
 2023-07-20 00:05:23 +05:30
Amir Malka
bacf15eeb8 cache control inputs 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-07-18 15:56:16 +03:00
DRAGON
067655d003 fix: stuck spinner 
Signed-off-by: DRAGON <anantvijay3@gmail.com>
 2023-07-14 01:24:46 +05:30
Amir Malka
e470fce6ed initial implementation of OpenTelemetry metrics collection (#1269) 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-07-10 14:22:26 +03:00
Amir Malka
ea3172eda6 time-based cached policies 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-07-10 10:54:56 +03:00
David Wertenteil
abe0477249 Merge pull request #1265 from dwertent/update-submit-message 
Update submit message
 2023-07-06 09:39:04 +03:00
David Wertenteil
b149e00d1a Merge pull request #1264 from dwertent/deprecate-image-controls 
core(adaptors): Ignore adaptors when credentials are not set
 2023-07-05 17:48:12 +03:00
David Wertenteil
f98b394ec2 Merge pull request #1254 from kubescape/rbac-fix 
initialize ns in case we don't have one in YAML
 2023-07-05 17:47:42 +03:00
David Wertenteil
8fa15688fb Merge pull request #1260 from dwertent/deprecate-host-scanner 
Deprecated host-scanner from CLI
 2023-07-05 17:46:12 +03:00
David Wertenteil
780be45392 update submit message 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-07-05 10:38:59 +03:00
David Wertenteil
06f5c24b7d ignore adaptors if credentials are not set 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-07-05 10:13:21 +03:00
Oshrat Nir
3c38021f7c Changed Assistance Remediation to Assited Remediation 
Signed-off-by: Oshrat Nir <oshratn@gmail.com>
 2023-07-04 13:13:50 +03:00
David Wertenteil
8989cc1679 Deprecated host-scanner 
Signed-off-by: David Wertenteil <dwertent@armosec.io>
 2023-07-04 09:43:10 +03:00
Matthias Bertschy
99938ecbee initialize ns in case we don't have one in YAML 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2023-06-19 07:47:29 +02:00
guoguangwu
be63e1ef7c chore: remove refs to deprecated io/ioutil 
Signed-off-by: guoguangwu <guoguangwu@magic-shield.com>
 2023-06-14 16:33:24 +08:00
YiscahLevySilas1
8ee72895b9 Fix statuses - Manual review and Requires configuration (#1251) 
* fix statuses - req. review, configurations, manual

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* update opa-utils version

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* update opa-utils version

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* update opa-utils version

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

* use const for inner info

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>

---------

Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
 2023-06-12 10:38:35 +03:00
Nitish Chauhan
6cefada215 correcting the formating of the table in pdf output (#1244) 
* correcting the formatting of the table in pdf output

Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com>

* adding some starting unit tests

Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com>

* resolving the mod error

Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com>

---------

Signed-off-by: ntishchauhan0022 <nitishchauhan0022@gmail.com>
 2023-06-04 15:21:07 +03:00
Alessio Greggi
ce7fde582c fix: update host-scanner version 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-31 14:14:29 +02:00
Alessio Greggi
9e2fe607d8 fix: remove deprecated endpoint 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-30 10:50:31 +02:00
Alessio Greggi
c486b4fed7 feat: add log coupling for hostsensorutils 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 14:46:34 +02:00
Alessio Greggi
00c48d756d fix(hostsensorutils): add finalizers deletion 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 11:49:15 +02:00
Alessio Greggi
b49563ae8c fix(hostsensorutils): reduce periods of readiness probe 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 11:34:04 +02:00
Alessio Greggi
7840ecb5da fix: move host-scanner to kubescape namespace 
Signed-off-by: Alessio Greggi <ale_grey_91@hotmail.it>
 2023-05-24 09:45:12 +02:00
Amir Malka
987f97102d bump opa-utils version for memory optimizations 
Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-05-22 16:44:11 +03:00
Amir Malka
0a0ef10d50 Control parallelism of opa rule processing by env var (#1230) 
* control parallelism of opa rule processing by env var

Signed-off-by: Amir Malka <amirm@armosec.io>

* go 1.20

Signed-off-by: Amir Malka <amirm@armosec.io>

* update go.mod go.sum

Signed-off-by: Amir Malka <amirm@armosec.io>

---------

Signed-off-by: Amir Malka <amirm@armosec.io>
 2023-05-14 14:59:21 +03:00
Matthias Bertschy
75b64d58f3 change basic auth username to x-token-auth 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2023-05-01 10:55:07 +02:00
YiscahLevySilas1
b7935276e3 Merge branch 'master' of github.com:kubescape/kubescape into new-threshold-flag 
Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
 2023-04-27 15:56:12 +03:00
YiscahLevySilas1
d6edd818b8 add compliance score to new field in controls for backward compatibility 
Signed-off-by: YiscahLevySilas1 <yiscahls@armosec.io>
 2023-04-27 15:53:47 +03:00