github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 09:59:54 +00:00
Code Issues Packages Projects Releases Wiki Activity
3,470 Commits 20 Branches 551 Tags
cfe022ff1d3488415405711513ee993684696ad9
Commit Graph

3470 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matthias Bertschy
cfe022ff1d Use TagName directly in .krew.yaml templates v4.0.0 2026-02-04 18:16:34 +01:00
Matthias Bertschy
e0eeb691e6 Make version smoke test accept bytes and v-prefix 2026-02-04 17:44:39 +01:00
Matthias Bertschy
dc65bd4ccc force overridden ldflags in goreleaser 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 17:19:54 +01:00
Matthias Bertschy
02790da144 remove invalid build flag 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 11:42:11 +01:00
Matthias Bertschy
b97f50ffb5 fix version handling and injection 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 10:42:12 +01:00
Matthias Bertschy
0841d1d483 Merge pull request #1939 from kubescape/feat/performance-optimization-phases-1-3 
feat: Optimize CPU and Memory Usage for Resource-Intensive Scans
 2026-02-04 07:47:47 +00:00
Matthias Bertschy
fbef268f22 feat: optimize CPU and memory usage for resource-intensive scans 
Implement Phases 1-3 of the performance optimization plan to address
issue #1793 - reduce CPU and memory consumption for system-constrained
environments.

Phase 1 - OPA Module Caching:
- Add compiledModules cache to OPAProcessor with thread-safe access
- Cache compiled OPA rules to eliminate redundant compilation
- Reuse compiled modules with double-checked locking pattern
- Expected CPU savings: 30-40%

Phase 2 - Map Pre-sizing:
- Add estimateClusterSize() to calculate resource count
- Pre-size AllResources, ResourcesResult, and related maps
- Reduce memory reallocations and GC pressure
- Expected memory savings: 10-20%

Phase 3 - Set-based Deduplication:
- Add thread-safe StringSet utility in core/pkg/utils
- Replace O(n) slices.Contains() with O(1) map operations
- Use StringSet for image scanning and related resources deduplication
- 100% test coverage for new utility
- Expected CPU savings: 5-10% for large clusters

Full optimization plan documented in optimization-plan.md

Related: #1793
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-04 08:07:54 +01:00
Matthias Bertschy
427dccadd3 Merge pull request #1934 from kubescape/krew 
Add krew plugin manifest
 2026-02-03 17:12:33 +00:00
Matthias Bertschy
01bb19bf6e Add krew plugin manifest 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 17:58:30 +01:00
Matthias Bertschy
c0d4bb45eb Merge pull request #1937 from kubescape/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.4.1 
build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.1 to 2.4.1
 2026-02-03 14:50:06 +00:00
Matthias Bertschy
222c1ec866 Merge pull request #1931 from Mujib-Ahasan/readmd-update 
Fix broken README table of contents anchor links
 2026-02-03 14:44:36 +00:00
dependabot[bot]
dc49218c7c build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.1 to 2.4.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.1...v2.4.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.4.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-03 13:12:03 +01:00
Matthias Bertschy
3b4585a827 Merge pull request #1932 from kubescape/scan-images 
add verbose option to scan-images
 2026-02-02 19:30:00 +00:00
Matthias Bertschy
7f79bc2d1d Sort CVEs by severity then ID 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
3623e55433 feat: add image column to vulnerability scanning table output 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
2f7841b5a2 update policy.json testdata 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
f70d81d7c4 add verbose option to scan-images 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:51:43 +01:00
Matthias Bertschy
bd49251234 Merge pull request #1936 from kubescape/lint 
fix all linter errors
 2026-02-02 16:50:48 +00:00
Matthias Bertschy
57addd493f fix all linter errors 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-02-02 17:32:08 +01:00
Matthias Bertschy
8f009d4698 Merge pull request #1935 from kubescape/run_test_from_private_repo 
run system test from private repo
 2026-02-02 08:35:08 +00:00
bvolovat
7c0e38072d run system test from private repo 2026-02-02 10:22:00 +02:00
bvolovat
aa9a610c4c run system test from private repo 2026-02-02 10:03:25 +02:00
Bezbran
25bd51e8b4 Replace host sensor with node agent sensing (#1916) 
In this change I used both claude code and Antigravity.

---------

Signed-off-by: Bezalel Brandwine <bez@softwine.net>
 2026-02-01 13:17:03 +02:00
Mujib Ahasan
2759beece5 Fix broken README anchors 
Signed-off-by: Mujib Ahasan <ahasanmujib8@gmail.com>
 2026-01-26 02:25:55 +05:30
Matthias Bertschy
6ce0121a03 Merge pull request #1928 from kubescape/dependabot/go_modules/github.com/sigstore/rekor-1.5.0 
build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0
v3.0.48 		2026-01-22 20:24:28 +00:00
Matthias Bertschy
09aa1ab866 Merge pull request #1927 from kubescape/dependabot/go_modules/github.com/theupdateframework/go-tuf/v2-2.3.1 
build(deps): Bump github.com/theupdateframework/go-tuf/v2 from 2.3.0 to 2.3.1
 2026-01-22 20:24:08 +00:00
dependabot[bot]
0ec188b23d build(deps): Bump github.com/sigstore/rekor from 1.4.3 to 1.5.0 
Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.4.3 to 1.5.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.4.3...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-version: 1.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:50:11 +01:00
dependabot[bot]
090820ba04 build(deps): Bump github.com/theupdateframework/go-tuf/v2 
Bumps [github.com/theupdateframework/go-tuf/v2](https://github.com/theupdateframework/go-tuf) from 2.3.0 to 2.3.1.
- [Release notes](https://github.com/theupdateframework/go-tuf/releases)
- [Commits](https://github.com/theupdateframework/go-tuf/compare/v2.3.0...v2.3.1)

---
updated-dependencies:
- dependency-name: github.com/theupdateframework/go-tuf/v2
  dependency-version: 2.3.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 20:49:44 +01:00
Matthias Bertschy
0cf24d058f Merge pull request #1926 from kubescape/copilot/fix-kubescan-interface-error 
Fix panic on unsafe interface{} to string type assertions
 2026-01-22 19:43:25 +00:00
copilot-swe-agent[bot]
c32e665809 Final verification - all changes complete 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-22 17:13:09 +01:00
copilot-swe-agent[bot]
82ec11b207 Fix indentation in test file 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:42:42 +00:00
copilot-swe-agent[bot]
32a15acdea Add test for CheckShortTerminalWidth with non-string values 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:41:14 +00:00
copilot-swe-agent[bot]
837a50c903 Fix unsafe interface to string type assertions to prevent panic 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-22 12:37:43 +00:00
copilot-swe-agent[bot]
bd00d153e9 Initial plan 2026-01-22 12:33:31 +00:00
Matthias Bertschy
306050046d Merge pull request #1923 from kubescape/dependabot/go_modules/github.com/sigstore/fulcio-1.8.5 
build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5
 2026-01-20 07:41:16 +00:00
dependabot[bot]
413db87e85 build(deps): Bump github.com/sigstore/fulcio from 1.8.4 to 1.8.5 
Bumps [github.com/sigstore/fulcio](https://github.com/sigstore/fulcio) from 1.8.4 to 1.8.5.
- [Release notes](https://github.com/sigstore/fulcio/releases)
- [Changelog](https://github.com/sigstore/fulcio/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/fulcio/compare/v1.8.4...v1.8.5)

---
updated-dependencies:
- dependency-name: github.com/sigstore/fulcio
  dependency-version: 1.8.5
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-20 08:07:08 +01:00
Matthias Bertschy
4d3b3efb9a Merge pull request #1922 from kubescape/copilot/fix-kubescape-report-discrepancy 
Fix workload scan to include allcontrols framework
 2026-01-16 15:18:11 +00:00
copilot-swe-agent[bot]
7ca609d39f Complete fix for workload scan missing controls 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 15:03:01 +00:00
copilot-swe-agent[bot]
872c0c9fab Fix workload scan to include allcontrols framework 
Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
 2026-01-16 14:58:58 +00:00
copilot-swe-agent[bot]
9353eb5b54 Initial plan 2026-01-16 14:49:43 +00:00
Matthias Bertschy
aa62fbea68 Merge pull request #1921 from kubescape/buildnumber 
Update build number retrieval and permissions in workflow
 2026-01-16 12:21:04 +00:00
Matthias Bertschy
08d964b631 Update golangci-lint action to version 9 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:39:54 +01:00
Matthias Bertschy
75fb07efde Update build number retrieval and permissions in workflow 
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 12:18:19 +01:00
Matthias Bertschy
9445e0aa01 Merge pull request #1920 from kubescape/dependabot/go_modules/github.com/sigstore/cosign/v3-3.0.4 
build(deps): Bump github.com/sigstore/cosign/v3 from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4
 2026-01-16 10:45:55 +00:00
Matthias Bertschy
ea12643a3c Fix workflow YAML formatting and permissions 
Reformat the 00-pr-scanner workflow for consistent indentation. Add
artifact-metadata: read to pr-scanner permissions, include GO111MODULE
in the pr-scanner inputs, and set fetch-depth/submodules on the
actions/checkout step
 2026-01-16 11:42:55 +01:00
dependabot[bot]
0c42b41dcc build(deps): Bump github.com/sigstore/cosign/v3 
Bumps [github.com/sigstore/cosign/v3](https://github.com/sigstore/cosign) from 3.0.3-0.20251208232815-901b44d65952 to 3.0.4.
- [Release notes](https://github.com/sigstore/cosign/releases)
- [Changelog](https://github.com/sigstore/cosign/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/cosign/commits/v3.0.4)

---
updated-dependencies:
- dependency-name: github.com/sigstore/cosign/v3
  dependency-version: 3.0.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>
 2026-01-16 11:31:31 +01:00
Amir Malka
351f957083 update test lists (#1919) 2026-01-11 21:50:37 +02:00
Matthias Bertschy
9d876b14e9 Merge pull request #1918 from AndrewCharlesHay/patch-1 
ci: update scorecard action version
 2026-01-06 14:22:11 +00:00
Andy Hay
895233630f ci: update scorecard action version 
Signed-off-by: Andy Hay <39sumer3939@gmail.com>
 2026-01-05 16:44:26 -05:00
Matthias Bertschy
423d9c5c1f Merge pull request #1917 from BroderPeters/master 
Add SkipPersistence flag to MetricsQueryParams in metrics endpoint
 2026-01-05 12:48:35 +00:00