* code refactor
Signed-off-by: Amir Malka <amirm@armosec.io>
* use scaninfo object in resource handler
Signed-off-by: Amir Malka <amirm@armosec.io>
---------
Signed-off-by: Amir Malka <amirm@armosec.io>
This commit adds a CLI command and an associated package that scan
images for vulnerabilities.
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
feat(imagescan): fail on exceeding the severity threshold
Signed-off-by: Vlad Klokun <vklokun@protonmail.ch>
* add cmd
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
* support single workload scan
Signed-off-by: Amir Malka <amirm@armosec.io>
* fix conflict
Signed-off-by: Amir Malka <amirm@armosec.io>
* added unit tests
Signed-off-by: Amir Malka <amirm@armosec.io>
* added unit tests
Signed-off-by: Amir Malka <amirm@armosec.io>
* more refactoring
Signed-off-by: Amir Malka <amirm@armosec.io>
* add scanned workload reference to opasessionobj
Signed-off-by: Amir Malka <amirm@armosec.io>
* fix GetWorkloadParentKind
Signed-off-by: Amir Malka <amirm@armosec.io>
* remove namespace argument from pullSingleResource, using field selector instead
Signed-off-by: Amir Malka <amirm@armosec.io>
* removed designators (unused) field from PolicyIdentifier, and designators argument from GetResources function
Signed-off-by: Amir Malka <amirm@armosec.io>
* fix tests
Signed-off-by: Amir Malka <amirm@armosec.io>
* use ScanObject instead of workload identifier
Signed-off-by: Amir Malka <amirm@armosec.io>
* refactor logic after CR
Signed-off-by: Amir Malka <amirm@armosec.io>
---------
Signed-off-by: Daniel Grunberger <danielgrunberger@armosec.io>
Signed-off-by: Amir Malka <amirm@armosec.io>
Co-authored-by: Daniel Grunberger <danielgrunberger@armosec.io>
* add print in the cli to which version the kubescape was update
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
* update will suggest to our user to update by following kubescape installation guide
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
---------
Signed-off-by: rcohencyberarmor <rcohen@armosec.io>
Co-authored-by: rcohencyberarmor <rcohen@armosec.io>
* Interfaces are unchanged
* Deprecated: low-level API funcs marked for deprecation:
HttpPost, HttpGetter, HttpDelete (an augmented version of the KS Cloud
client will expose the post report API, which is currently the sole
use-case of low-level API)
* Doc: the package is now godoc-friendly
* Style & code layout:
* listed all exposed types via aliases, for clarity/less confusing
imports
* unexported private types
* factorized query param logic
* factorized type <-> JSON using generic func & io.Reader
* "utils" are now limited to a few common utility functions
* centralized hard-coded strings as (unexported) constants
* concision: use higher-level http definitions such as constants,
cookie methods, etc
* included type-safety guards to verify that interfaces are
actually implemented by the exported types
* Tests: existing test assertions are unchanged
* tests are beefed-up to assert proper authentication flow (token & cookie).
* added unit tests for utility methods
* Perf:
* unmarshalling API responses is now flowing without extraneous memory allocation via string representation
* request headers are now passed withot extraneous map allocation
* JSON operations are now fully supported by jsoniter (no longer use encoding/json)
* Changes in functionality:
* the client is now fully extensible with KSCloudOption
* use the option functor idiom to keep constructors short
* methods that used to mute errors (i.e. return nil, nil) now bubble up errors
* the captured cookie is now captured in full, not just its value
(other cookie parameters returned are stored)
* added a request/response dump option, for debugging
* added support for SubmitReport and retrieval of UI url's
* backported utm changes (reports use case)
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
* adding ks version
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* Initialize scanInfo
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* print if logger level is lower than warning
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* wip: scan default frameworks when scanning files
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* change print to log
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* wip: Add end-line after last log
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* wip: silent spinner when logger is warn
Signed-off-by: David Wertenteil <dwertent@armosec.io>
---------
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* fixes#964
* adapted build and ci to use build tag
* fixup error messages
* report git scan skipped warning & version
* fixed CI on windows: powershell parsing args...
* fixup leftover comment
* fixup typo in test message
* resolved merge conflicts on unit tests
* fix: added gitenabled tag to Makefile target
Signed-off-by: Frederic BIDON <fredbi@yahoo.com>
Prior to this change, `pretty-printer` was a special type of Printer
that wrote output to `Stdout`, unless explicitly asked to write to a
given file. Kubescape used `pretty-printer` as an output format by
default. This behavior created the following inconsistencies:
- When invoked as `kubescape scan`, Kubescape would use `pretty-printer`
by default, and it would output the scan resluts in the
`pretty-printer` format to `Stdout`.
- When invoked as `kubescape scan --format=pretty-printer`, the behavior
would be as above.
- When invoked as `kubescape scan --format=FORMAT`, where `FORMAT` is any
format except for `pretty-printer`, Kubescape would write the results
to a sensible default file for the selected format. This is in
contrast to how `--format=pretty-printer` would still output to
`os.Stdout`, and not an output file.
- When invoked as `kubescape scan --format=ANY_FORMAT --output=FILENAME`, where
`ANY_FORMAT` is any format, including `pretty-printer`, Kubescape
would write the results to the provided `FILENAME` in the given
`ANY_FORMAT`, and not write any results to `Stdout`.
The aforementioned situation complicates life for users running
Kubescape in CI, where Kubescape would skip writing the results to
`Stdout` and only write to the provided output file.
Moreover, with the addition of support for multiple output formats and,
hence, files, this introduces the following ambiguity:
- When invoked as `kubescape scan --format=json,pdf,pretty-printer
--output=FILENAME`, should Kubescape treat `pretty-printer` as a
format for the output file, or just an instruction to also print the
results to `Stdout`?
To fix these inconsistencies and ambiguities, this commit introduces the
following changes:
- Kubescape will always print results to `Stdout` using the
PrettyPrinter format.
- The `--format` CLI flag will control the format(s) in which the results
will be written to one or many *output* files. This breaks the
previous behavior that running `kubescape scan
--format=pretty-printer` would not produce an output file, and only
write to `Stdout`. After this change, the same invocation will still
write to `Stdout`, but also produce a `report.txt` file in the
PrettyPrinter format.
