github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 09:59:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,437 Commits 20 Branches 551 Tags
bd00d153e9c3ade708e720a6dde2735f2932fa73
Commit Graph

3437 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
copilot-swe-agent[bot]
bd00d153e9 Initial plan 2026-01-22 12:33:31 +00:00
Matthias Bertschy
306050046d Merge pull request #1923 from kubescape/dependabot/go_modules/github.com/sigstore/fulcio-1.8.5 
build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5
 2026-01-20 07:41:16 +00:00
dependabot[bot]
413db87e85 build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.8.4...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-20 08:07:08 +01:00
Matthias Bertschy
4d3b3efb9a Merge pull request #1922 from kubescape/copilot/fix-kubescape-report-discrepancy 
Fix workload scan to include allcontrols framework
 2026-01-16 15:18:11 +00:00
copilot-swe-agent[bot]
7ca609d39f Complete fix for workload scan missing controls 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 15:03:01 +00:00
copilot-swe-agent[bot]
872c0c9fab Fix workload scan to include allcontrols framework 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 14:58:58 +00:00
copilot-swe-agent[bot]
9353eb5b54 Initial plan 2026-01-16 14:49:43 +00:00
Matthias Bertschy
aa62fbea68 Merge pull request #1921 from kubescape/buildnumber 
Update build number retrieval and permissions in workflow
 2026-01-16 12:21:04 +00:00
Matthias Bertschy
08d964b631 Update golangci-lint action to version 9 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:39:54 +01:00
Matthias Bertschy
75fb07efde Update build number retrieval and permissions in workflow 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:18:19 +01:00
Matthias Bertschy
9445e0aa01 Merge pull request #1920 from kubescape/dependabot/go_modules/github.com/sigstore/cosign/v3-3.0.4 
build(deps): Bump github.com/sigstore/cosign/v3 from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4
 2026-01-16 10:45:55 +00:00
Matthias Bertschy
ea12643a3c Fix workflow YAML formatting and permissions 
Reformat the 00-pr-scanner workflow for consistent indentation. Add
artifact-metadata: read to pr-scanner permissions, include GO111MODULE
in the pr-scanner inputs, and set fetch-depth/submodules on the
actions/checkout step
 2026-01-16 11:42:55 +01:00
dependabot[bot]
0c42b41dcc build(deps): Bump github.com/sigstore/cosign/v3 
Bumps [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits/v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.0.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 11:31:31 +01:00
Amir Malka
351f957083 update test lists (#1919) 2026-01-11 21:50:37 +02:00
Matthias Bertschy
9d876b14e9 Merge pull request #1918 from AndrewCharlesHay/patch-1 
ci: update scorecard action version
 2026-01-06 14:22:11 +00:00
Andy Hay
895233630f ci: update scorecard action version 
Signed-off-by: Andy Hay <39sumer3939@gmail.com>
 2026-01-05 16:44:26 -05:00
Matthias Bertschy
423d9c5c1f Merge pull request #1917 from BroderPeters/master 
Add SkipPersistence flag to MetricsQueryParams in metrics endpoint
 2026-01-05 12:48:35 +00:00
Broder Peters
3f3681a4cd Add SkipPersistence flag to MetricsQueryParams in metrics endpoint 
Signed-off-by: Broder Peters <broder.peters@protonmail.com>
 2026-01-05 13:24:21 +01:00
Matthias Bertschy
d6ccc37640 Merge pull request #1915 from majiayu000/fix-1660-define-labels-to-copy-from-wor-1231-0603 
feat: Define labels to copy from workloads to reports
 2026-01-05 06:50:47 +00:00
Matthias Bertschy
3b6bc00b03 Merge pull request #1914 from majiayu000/fix-1617-kustomize-directory-analysis-n-1231-0603 
fix: Kustomize directory analysis not working
 2026-01-05 06:45:06 +00:00
Matthias Bertschy
8984f941ab Update README to include GoReleaser installation and usage instructions 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-05 07:27:39 +01:00
majiayu000
46eb266064 feat: add labels-to-copy flag to copy workload labels to reports 
Add a new --labels-to-copy CLI flag that allows users to specify which
labels from Kubernetes workloads should be extracted and included in
scan reports. This makes it easier to tie scan results back to app
teams or repositories by including relevant labels like 'app', 'team',
or 'environment' in the report output.

Changes:
- Add LabelsToCopy field to ScanInfo and OPASessionObj structs
- Add --labels-to-copy flag to scan command
- Add ResourceLabels field to PostureReportWithSeverity for JSON output
- Implement extractResourceLabels function to extract specified labels
- Add unit tests for label extraction functionality

Fixes #1660

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
 2025-12-31 06:20:29 +08:00
majiayu000
0f2125817b fix: enable kustomize overlays to load base configurations 
Fixes #1617. The kustomize build was failing for overlays that reference
base configurations in parent directories (e.g., ../../base). This was
because krusty.MakeDefaultOptions() defaults to LoadRestrictionsRootOnly,
which prevents loading resources from outside the kustomize directory.

Changed LoadRestrictions to LoadRestrictionsNone to allow overlays to
properly resolve and merge base configurations during scanning.

Added tests to verify:
- Overlay directories can successfully load resources from base directories
- Base directories continue to work as before
- The merged configuration includes resources from both base and overlay

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
 2025-12-31 06:14:10 +08:00
Matthias Bertschy
1225540590 Merge pull request #1913 from oglok/fix-typos-in-docs 
Fix typos in documentation
 2025-12-30 21:55:50 +01:00
Ricardo Noriega De Soto
0e4ff13276 Fix typos in documentation 
Signed-off-by: Ricardo Noriega De Soto <rnoriega@redhat.com>
 2025-12-30 21:03:50 +01:00
Matthias Bertschy
5fed9cc507 Enhance installation scripts for cross-platform support and improve error handling 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
v3.0.47 		2025-12-15 08:52:05 +01:00
Matthias Bertschy
06241fce03 Refactor release workflow to simplify tagging and remove unnecessary inputs 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-15 08:08:07 +01:00
Matthias Bertschy
2b91023c6b Update release workflow to include tagging in arguments 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-15 07:59:26 +01:00
Matthias Bertschy
082edf52d9 Refactor GitHub Actions workflow for system tests and update smoke test logging 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-15 07:47:09 +01:00
Matthias Bertschy
be250ff090 Add debug listing and adjust JUnit report options 2025-12-12 22:50:32 +01:00
Matthias Bertschy
d74803af28 Add skip flag and collect system test results 
Add workflow input skip_system_tests and make RUN_E2E respect it. Add
System Tests Report step to publish JUnit XMLs. Update
goreleaser-post-e2e.sh to add GitHub Actions log grouping, capture
per-test logs under test-results/system-tests, and copy JUnit XML
results while preserving directory structure.
 2025-12-12 22:24:30 +01:00
Matthias Bertschy
893bb86035 Add production secrets to release workflow 2025-12-12 21:40:29 +01:00
Matthias Bertschy
314a74b817 Require Python 3.9 for system tests 
Update CI workflow and goreleaser post-e2e script to use Python 3.9.
Rename SYSTEST_REQUIRE_PY311 to SYSTEST_REQUIRE_PY39, prefer python3.9,
and change version checks to refuse venvs created with Python 3.10+. If
python3.9 is missing or wrong, honor E2E_FAIL_ON_ERROR: either fail the
release or skip system tests and clean up.
 2025-12-12 21:25:01 +01:00
Matthias Bertschy
997bc2d23b Use python3-dev in release workflow 2025-12-12 21:10:24 +01:00
Matthias Bertschy
5d1699291a Install system dependencies in release workflow 
Add apt-get step to install libpq5, libpq-dev, gcc, and python3.11-dev
for system tests and clean apt lists
 2025-12-12 16:16:48 +01:00
Matthias Bertschy
bfca19bf25 Remove pip cache from release workflow 2025-12-12 15:59:11 +01:00
Matthias Bertschy
1b94d27fd6 Require Python 3.11 for system tests 2025-12-12 15:56:12 +01:00
Matthias Bertschy
acf7ad04ed fix go mod tidy 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 15:36:56 +01:00
Matthias Bertschy
0f5775065e fix: prefer Python 3.11 for system-tests and update environment setup 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 15:36:37 +01:00
Matthias Bertschy
66fbca8f24 Merge pull request #1911 from kubescape/copilot/fix-local-file-path-issue 
Fix: Prevent self-hosted git URLs from being treated as local file paths
 2025-12-12 15:14:43 +01:00
Matthias Bertschy
1f8de23a65 fix: update post-build hook to conditionally execute script for amd64 architecture 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 14:56:03 +01:00
Matthias Bertschy
89478eabcc fix: add k8s Kind cluster creation step and clean up post-e2e script 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 14:51:43 +01:00
Matthias Bertschy
6be9aec5b0 fix: update test_command and test_scan to remove deprecated scan commands and adjust file paths 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 14:39:11 +01:00
Matthias Bertschy
32551275ba fix: correct post-build hook syntax for setting GOARCH environment variable 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 14:31:27 +01:00
Matthias Bertschy
4ee6238244 fix: update post-build hook to set GOARCH environment variable 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 14:22:07 +01:00
Matthias Bertschy
54dda8bf31 fix: enable end-to-end tests in release workflow 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 14:09:26 +01:00
Matthias Bertschy
270b3b320d fix: enhance release workflow with optional skip publish input and add system tests execution 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 13:19:52 +01:00
Matthias Bertschy
fa17ca26e1 fix: enhance release workflow with optional skip publish input and add system tests execution 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-12 12:47:23 +01:00
copilot-swe-agent[bot]
66e970a3dc Update go-git-url to v0.0.31 for improved URL parsing 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2025-12-11 16:59:59 +00:00
Matthias Bertschy
d10d08c02b fix: update e2e script to enforce fatal failures and improve artifact detection 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-11 15:22:48 +01:00