kubescape

mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00

Author	SHA1	Message	Date
Matthias Bertschy	57addd493f	fix all linter errors Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2026-02-02 17:32:08 +01:00
Matthias Bertschy	ff96edae4d	use grype v0.99.1 Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2025-09-17 10:11:19 +02:00
Matthias Bertschy	182162d521	gofmt Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2025-09-02 13:51:45 +02:00
aadarsh-nagrath	db30020c95	feat: add default matchers option to image scanning hey! added the default matchers option for image scanning as requested in #1838. now you can choose between stock matchers and CPE matchers when scanning images. what's new: - added --use-default-matchers flag to scan/image/patch commands - true = stock matchers (default behavior) - false = CPE matchers (more precise) usage: # use CPE matchers for more precise detection kubescape scan image nginx:latest --use-default-matchers=false # or in scan command kubescape scan --scan-images --use-default-matchers=false everything's backward compatible - existing code works exactly the same. just added the new option for folks who want more control over their vulnerability detection. fixes #1838 Signed-off-by: aadarsh-nagrath <anagrath1@gmail.com>	2025-08-06 21:48:40 +05:30
Matthias Bertschy	525e51d68e	close grype DB at the very end of processing Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2025-07-25 09:50:10 +02:00
Ben	2bd686131e	Incorporating review Signed-off-by: Ben <ben@armosec.io>	2025-06-10 14:32:26 +03:00
Matthias Bertschy	475b672a7a	add fixed grypeDB for tests Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2025-02-07 12:34:11 +01:00
VaibhavMalik4187	0545818f82	Added tests and improvements for image exceptions Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>	2025-02-07 10:26:53 +01:00
VaibhavMalik4187	a31154897f	Added support for severity exceptions in imagescan This commit add relevant functions to support severity exceptions during image scan. Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>	2025-02-07 10:26:53 +01:00
VaibhavMalik4187	7d55c79f11	Feature: Added exceptions flag in scan image cmd This commit introduces the "exceptions" flag in the scan image command. Users can pass a list of vulnerabilities they ignore while scanning an image using this flag. Also added tests for the same. Fixes: https://github.com/kubescape/kubescape/issues/1564 Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>	2025-02-07 10:26:53 +01:00
Matthias Bertschy	9521cf1974	bump syft version Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-04-29 14:00:18 +02:00
Matthias Bertschy	ac6c5ca570	image scan add schema v1 support Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-02-28 10:25:16 +01:00
Mehdi Moussaif	210b5dac33	Fix: nil memory pointer when scanResults.MetadataProvider is nil Signed-off-by: Mehdi Moussaif <m.moussaif42@gmail.com>	2023-11-25 21:29:15 +01:00
VaibhavMalik4187	6f1919bbe2	Added Test Suite for several packages This PR focuses on adding unit tests for multiple packages in the project. The main changes include: - Addition of new tests for the 'printer' package in the 'core/pkg/resultshandling/printer' directory. - New tests for the 'results' package in the 'core/pkg/resultshandling' directory. - Addition of tests for the 'config' package in the 'httphandler/config' directory. - New tests for the 'testutils' package in the 'internal/testutils' directory. - Addition of tests for the 'imagescan' package in the 'pkg/imagescan' directory. Signed-off-by: VaibhavMalik4187 <vaibhavmalik2018@gmail.com>	2023-11-25 22:34:48 +05:30
Matthias Bertschy	92a4c1f64a	add one test for imagescan, delete patch_test to avoid coverage check failure Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2023-11-23 15:14:52 +01:00
David Wertenteil	cf08daf7fb	scan per namespace (#1337 ) * scan per namespace Signed-off-by: David Wertenteil <dwertent@armosec.io> * disable unit test Signed-off-by: David Wertenteil <dwertent@armosec.io> * Adding build image wf Signed-off-by: David Wertenteil <dwertent@armosec.io> * removing unused channels Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding scopes Signed-off-by: David Wertenteil <dwertent@armosec.io> * update Signed-off-by: David Wertenteil <dwertent@armosec.io> * fixed cluster size Signed-off-by: David Wertenteil <dwertent@armosec.io> * update rbac deps Signed-off-by: David Wertenteil <dwertent@armosec.io> * aggregate resources Signed-off-by: David Wertenteil <dwertent@armosec.io> * Delete build-image.yaml Signed-off-by: David Wertenteil <dwertent@armosec.io> * adding scan image logs Signed-off-by: David Wertenteil <dwertent@armosec.io> * update cmd message Signed-off-by: David Wertenteil <dwertent@armosec.io> * update logs Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-08-08 10:47:15 +03:00
Daniel Grunberger	5379b9b0a6	New output (#1320 ) * phase-1 Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * factory Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * wip: feat(cli): add an image scanning command Add a CLI command that launches an image scan. Does not scan images yet. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: add image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore: include dependencies Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: adjust image scanning service Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * wip: feat: use scanning service in CLI Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * use iface Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * touches Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * continue Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * add cmd Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> * support single workload scan Signed-off-by: Amir Malka <amirm@armosec.io> * fix conflict Signed-off-by: Amir Malka <amirm@armosec.io> * identifiers * go mod * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * merge * more * integrate img scan * added unit tests Signed-off-by: Amir Malka <amirm@armosec.io> * more refactoring Signed-off-by: Amir Malka <amirm@armosec.io> * add scanned workload reference to opasessionobj Signed-off-by: Amir Malka <amirm@armosec.io> * fix GetWorkloadParentKind Signed-off-by: Amir Malka <amirm@armosec.io> * remove namespace argument from pullSingleResource, using field selector instead Signed-off-by: Amir Malka <amirm@armosec.io> * removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function Signed-off-by: Amir Malka <amirm@armosec.io> * changes * changes * fixes * changes * feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): include dependencies This commit adds the dependencies necessary for image scanning. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): add dependencies to httphandler Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * chore(imagescan): create vuln db with dedicated function Remove commented out code, too. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * docs(imagescan): provide package-level docs Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> * finish merge * image scan tests * continue * fixes * refactor * rm duplicate * start fixes * update gh actions Signed-off-by: David Wertenteil <dwertent@armosec.io> * pr fixes * fix test * improvements --------- Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io> Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> Signed-off-by: Amir Malka <amirm@armosec.io> Signed-off-by: David Wertenteil <dwertent@armosec.io> Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io> Co-authored-by: Vlad Klokun <vklokun@protonmail.ch> Co-authored-by: Amir Malka <amirm@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>	2023-08-03 12:09:33 +03:00
Vlad Klokun	925145724e	docs(imagescan): provide package-level docs Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-08-02 09:50:18 +03:00
Vlad Klokun	e3677fc45c	chore(imagescan): create vuln db with dedicated function Remove commented out code, too. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-08-02 09:50:17 +03:00
Vlad Klokun	3b8bd7735e	feat(imagescan): add an image scanning command This commit adds a CLI command and an associated package that scan images for vulnerabilities. Signed-off-by: Vlad Klokun <vklokun@protonmail.ch> feat(imagescan): fail on exceeding the severity threshold Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>	2023-08-02 09:50:17 +03:00

20 Commits