github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,452 Commits 20 Branches 551 Tags
bd4925123462f75fa631d435d3e2f9cd953f5d8b
Commit Graph

3452 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Bertschy
bd49251234 Merge pull request #1936 from kubescape/lint 
fix all linter errors
 2026-02-02 16:50:48 +00:00
Matthias Bertschy
57addd493f fix all linter errors 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:32:08 +01:00
Matthias Bertschy
8f009d4698 Merge pull request #1935 from kubescape/run_test_from_private_repo 
run system test from private repo
 2026-02-02 08:35:08 +00:00
bvolovat
7c0e38072d run system test from private repo 2026-02-02 10:22:00 +02:00
bvolovat
aa9a610c4c run system test from private repo 2026-02-02 10:03:25 +02:00
Bezbran
25bd51e8b4 Replace host sensor with node agent sensing (#1916) 
In this change I used both claude code and Antigravity.

---------

Signed-off-by: Bezalel Brandwine <bez@softwine.net>
 2026-02-01 13:17:03 +02:00
Matthias Bertschy
6ce0121a03 Merge pull request #1928 from kubescape/dependabot/go_modules/github.com/sigstore/rekor-1.5.0 
build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0
v3.0.48 		2026-01-22 20:24:28 +00:00
Matthias Bertschy
09aa1ab866 Merge pull request #1927 from kubescape/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.3.1 
build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1
 2026-01-22 20:24:08 +00:00
dependabot[bot]
0ec188b23d build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.4.3...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:50:11 +01:00
dependabot[bot]
090820ba04 build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:49:44 +01:00
Matthias Bertschy
0cf24d058f Merge pull request #1926 from kubescape/copilot/fix-kubescan-interface-error 
Fix panic on unsafe interface{} to string type assertions
 2026-01-22 19:43:25 +00:00
copilot-swe-agent[bot]
c32e665809 Final verification - all changes complete 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 17:13:09 +01:00
copilot-swe-agent[bot]
82ec11b207 Fix indentation in test file 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:42:42 +00:00
copilot-swe-agent[bot]
32a15acdea Add test for CheckShortTerminalWidth with non-string values 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:41:14 +00:00
copilot-swe-agent[bot]
837a50c903 Fix unsafe interface to string type assertions to prevent panic 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:37:43 +00:00
copilot-swe-agent[bot]
bd00d153e9 Initial plan 2026-01-22 12:33:31 +00:00
Matthias Bertschy
306050046d Merge pull request #1923 from kubescape/dependabot/go_modules/github.com/sigstore/fulcio-1.8.5 
build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5
 2026-01-20 07:41:16 +00:00
dependabot[bot]
413db87e85 build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.8.4...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-20 08:07:08 +01:00
Matthias Bertschy
4d3b3efb9a Merge pull request #1922 from kubescape/copilot/fix-kubescape-report-discrepancy 
Fix workload scan to include allcontrols framework
 2026-01-16 15:18:11 +00:00
copilot-swe-agent[bot]
7ca609d39f Complete fix for workload scan missing controls 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 15:03:01 +00:00
copilot-swe-agent[bot]
872c0c9fab Fix workload scan to include allcontrols framework 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 14:58:58 +00:00
copilot-swe-agent[bot]
9353eb5b54 Initial plan 2026-01-16 14:49:43 +00:00
Matthias Bertschy
aa62fbea68 Merge pull request #1921 from kubescape/buildnumber 
Update build number retrieval and permissions in workflow
 2026-01-16 12:21:04 +00:00
Matthias Bertschy
08d964b631 Update golangci-lint action to version 9 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:39:54 +01:00
Matthias Bertschy
75fb07efde Update build number retrieval and permissions in workflow 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:18:19 +01:00
Matthias Bertschy
9445e0aa01 Merge pull request #1920 from kubescape/dependabot/go_modules/github.com/sigstore/cosign/v3-3.0.4 
build(deps): Bump github.com/sigstore/cosign/v3 from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4
 2026-01-16 10:45:55 +00:00
Matthias Bertschy
ea12643a3c Fix workflow YAML formatting and permissions 
Reformat the 00-pr-scanner workflow for consistent indentation. Add
artifact-metadata: read to pr-scanner permissions, include GO111MODULE
in the pr-scanner inputs, and set fetch-depth/submodules on the
actions/checkout step
 2026-01-16 11:42:55 +01:00
dependabot[bot]
0c42b41dcc build(deps): Bump github.com/sigstore/cosign/v3 
Bumps [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits/v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.0.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 11:31:31 +01:00
Amir Malka
351f957083 update test lists (#1919) 2026-01-11 21:50:37 +02:00
Matthias Bertschy
9d876b14e9 Merge pull request #1918 from AndrewCharlesHay/patch-1 
ci: update scorecard action version
 2026-01-06 14:22:11 +00:00
Andy Hay
895233630f ci: update scorecard action version 
Signed-off-by: Andy Hay <39sumer3939@gmail.com>
 2026-01-05 16:44:26 -05:00
Matthias Bertschy
423d9c5c1f Merge pull request #1917 from BroderPeters/master 
Add SkipPersistence flag to MetricsQueryParams in metrics endpoint
 2026-01-05 12:48:35 +00:00
Broder Peters
3f3681a4cd Add SkipPersistence flag to MetricsQueryParams in metrics endpoint 
Signed-off-by: Broder Peters <broder.peters@protonmail.com>
 2026-01-05 13:24:21 +01:00
Matthias Bertschy
d6ccc37640 Merge pull request #1915 from majiayu000/fix-1660-define-labels-to-copy-from-wor-1231-0603 
feat: Define labels to copy from workloads to reports
 2026-01-05 06:50:47 +00:00
Matthias Bertschy
3b6bc00b03 Merge pull request #1914 from majiayu000/fix-1617-kustomize-directory-analysis-n-1231-0603 
fix: Kustomize directory analysis not working
 2026-01-05 06:45:06 +00:00
Matthias Bertschy
8984f941ab Update README to include GoReleaser installation and usage instructions 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-05 07:27:39 +01:00
majiayu000
46eb266064 feat: add labels-to-copy flag to copy workload labels to reports 
Add a new --labels-to-copy CLI flag that allows users to specify which
labels from Kubernetes workloads should be extracted and included in
scan reports. This makes it easier to tie scan results back to app
teams or repositories by including relevant labels like 'app', 'team',
or 'environment' in the report output.

Changes:
- Add LabelsToCopy field to ScanInfo and OPASessionObj structs
- Add --labels-to-copy flag to scan command
- Add ResourceLabels field to PostureReportWithSeverity for JSON output
- Implement extractResourceLabels function to extract specified labels
- Add unit tests for label extraction functionality

Fixes #1660

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
 2025-12-31 06:20:29 +08:00
majiayu000
0f2125817b fix: enable kustomize overlays to load base configurations 
Fixes #1617. The kustomize build was failing for overlays that reference
base configurations in parent directories (e.g., ../../base). This was
because krusty.MakeDefaultOptions() defaults to LoadRestrictionsRootOnly,
which prevents loading resources from outside the kustomize directory.

Changed LoadRestrictions to LoadRestrictionsNone to allow overlays to
properly resolve and merge base configurations during scanning.

Added tests to verify:
- Overlay directories can successfully load resources from base directories
- Base directories continue to work as before
- The merged configuration includes resources from both base and overlay

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: majiayu000 <1835304752@qq.com>
 2025-12-31 06:14:10 +08:00
Matthias Bertschy
1225540590 Merge pull request #1913 from oglok/fix-typos-in-docs 
Fix typos in documentation
 2025-12-30 21:55:50 +01:00
Ricardo Noriega De Soto
0e4ff13276 Fix typos in documentation 
Signed-off-by: Ricardo Noriega De Soto <rnoriega@redhat.com>
 2025-12-30 21:03:50 +01:00
Matthias Bertschy
5fed9cc507 Enhance installation scripts for cross-platform support and improve error handling 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
v3.0.47 		2025-12-15 08:52:05 +01:00
Matthias Bertschy
06241fce03 Refactor release workflow to simplify tagging and remove unnecessary inputs 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-15 08:08:07 +01:00
Matthias Bertschy
2b91023c6b Update release workflow to include tagging in arguments 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-15 07:59:26 +01:00
Matthias Bertschy
082edf52d9 Refactor GitHub Actions workflow for system tests and update smoke test logging 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2025-12-15 07:47:09 +01:00
Matthias Bertschy
be250ff090 Add debug listing and adjust JUnit report options 2025-12-12 22:50:32 +01:00
Matthias Bertschy
d74803af28 Add skip flag and collect system test results 
Add workflow input skip_system_tests and make RUN_E2E respect it. Add
System Tests Report step to publish JUnit XMLs. Update
goreleaser-post-e2e.sh to add GitHub Actions log grouping, capture
per-test logs under test-results/system-tests, and copy JUnit XML
results while preserving directory structure.
 2025-12-12 22:24:30 +01:00
Matthias Bertschy
893bb86035 Add production secrets to release workflow 2025-12-12 21:40:29 +01:00
Matthias Bertschy
314a74b817 Require Python 3.9 for system tests 
Update CI workflow and goreleaser post-e2e script to use Python 3.9.
Rename SYSTEST_REQUIRE_PY311 to SYSTEST_REQUIRE_PY39, prefer python3.9,
and change version checks to refuse venvs created with Python 3.10+. If
python3.9 is missing or wrong, honor E2E_FAIL_ON_ERROR: either fail the
release or skip system tests and clean up.
 2025-12-12 21:25:01 +01:00
Matthias Bertschy
997bc2d23b Use python3-dev in release workflow 2025-12-12 21:10:24 +01:00
Matthias Bertschy
5d1699291a Install system dependencies in release workflow 
Add apt-get step to install libpq5, libpq-dev, gcc, and python3.11-dev
for system tests and clean apt lists
 2025-12-12 16:16:48 +01:00