* adding ks version
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* Initialize scanInfo
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* print if logger level is lower than warning
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* wip: scan default frameworks when scanning files
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* change print to log
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* wip: Add end-line after last log
Signed-off-by: David Wertenteil <dwertent@armosec.io>
* wip: silent spinner when logger is warn
Signed-off-by: David Wertenteil <dwertent@armosec.io>
---------
Signed-off-by: David Wertenteil <dwertent@armosec.io>
Prior to this change, `pretty-printer` was a special type of Printer
that wrote output to `Stdout`, unless explicitly asked to write to a
given file. Kubescape used `pretty-printer` as an output format by
default. This behavior created the following inconsistencies:
- When invoked as `kubescape scan`, Kubescape would use `pretty-printer`
by default, and it would output the scan resluts in the
`pretty-printer` format to `Stdout`.
- When invoked as `kubescape scan --format=pretty-printer`, the behavior
would be as above.
- When invoked as `kubescape scan --format=FORMAT`, where `FORMAT` is any
format except for `pretty-printer`, Kubescape would write the results
to a sensible default file for the selected format. This is in
contrast to how `--format=pretty-printer` would still output to
`os.Stdout`, and not an output file.
- When invoked as `kubescape scan --format=ANY_FORMAT --output=FILENAME`, where
`ANY_FORMAT` is any format, including `pretty-printer`, Kubescape
would write the results to the provided `FILENAME` in the given
`ANY_FORMAT`, and not write any results to `Stdout`.
The aforementioned situation complicates life for users running
Kubescape in CI, where Kubescape would skip writing the results to
`Stdout` and only write to the provided output file.
Moreover, with the addition of support for multiple output formats and,
hence, files, this introduces the following ambiguity:
- When invoked as `kubescape scan --format=json,pdf,pretty-printer
--output=FILENAME`, should Kubescape treat `pretty-printer` as a
format for the output file, or just an instruction to also print the
results to `Stdout`?
To fix these inconsistencies and ambiguities, this commit introduces the
following changes:
- Kubescape will always print results to `Stdout` using the
PrettyPrinter format.
- The `--format` CLI flag will control the format(s) in which the results
will be written to one or many *output* files. This breaks the
previous behavior that running `kubescape scan
--format=pretty-printer` would not produce an output file, and only
write to `Stdout`. After this change, the same invocation will still
write to `Stdout`, but also produce a `report.txt` file in the
PrettyPrinter format.
* Fix issue for scanning list obj
* Fix go mod in httphandler pkg
* Broken links fix in roadmap.md
Planning, backlog, and wishlist links were not taking to the required section.
* override infoMap only if it's not nil
* improved icon of kubescape in readme
* Support scanning several files
* gramatical improvements
* docs(readme): Star → star
* Fix issues according to review
* Handle with issues caused by updating opa-utils
* Fix scanning ListObj following reviews
* Update core/pkg/resourcehandler/filesloader.go
Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>
* Update completion.go
* Added fixed control input
* update go.mod
* Print chart name log when fail to generate
* Change formatting to %s
* Added resource prioritization information, raw resource will be sent on the result object
* Merging typo fixes from master (#772)
* greetings
* Update aws.sh
simplified the comment
* typo: In the title and h1 element
Their was a typo in index.html file.
* punctuation changes
* docs : added gitpod badge in readme.md
* fixed typos
* some grammar mistake is corrected inPULL_REQUEST_TEMPLATE.md file
* Updated README.md file
Added link to CONTRIBUTING.md file in a line in README.
* Added link to code of conduct file
I have added link to the code of conduct file and fixed some problems in the Readme file.
* Fixed readme
* Added alpine tag
Adding alpine tag instead of latest and removing repeating commands
* roadmap.md file is modified
* Automatically Close "Typo" labelled Issue
* build.py is modified
* modified PR template
* Fixed some typos in feature_request.md
"." at the end of the headings were missing and all the text were in same line.
Now this gives a clear and concise view of the texts.
* fixed the typo in docs/index.html
Found and fixed typo in the 'alt' attribute of img tag
* Update PULL_REQUEST_TEMPLATE.md
Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com>
Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com>
Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com>
Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com>
Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com>
Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com>
Co-authored-by: pwnb0y <vickykr07@yahoo.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com>
Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com>
Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com>
Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com>
Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com>
Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com>
* update logger version
* update logger version (#773)
* Fixed: Kubescape fails to authenticate remote private Github repo (#721)
* grammar error fixer in CONTRIBUTING.md
* scanning private git repository is available
* giturl to gitapi
* NO TOKEN error functionality added
* Used GetToken method of giturl.IGitAPPI for auth
Co-authored-by: satyam kale <satyamkale271@gmail.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
* bump opa-utils to 181
* Option to force enable color output (closes#560) (#767)
* Option to force enable color output (closes#560)
(cherry picked from commit 4f951781ee8dd6bb451ac7d159787f47e4b07379)
* Update go.mod
* update scanner image
* Update host scanner image (#774)
* update logger version
* update scanner image
* remove windows exe extension
* Remove windows extension build (#775)
* update logger version
* update scanner image
* remove windows exe extension
* commened out prioritization logic
* Edit Junit output (#802)
* Edit Junit output
* Update go sum
* Following review
* update AdoptClusterName
* Print line separator only if some controls failed (#813)
* removed the extra 'download' word from the example (#810)
it was confusing to understand the download command because there was an extra 'download' mentioned
* Prioritization (#815)
* removed commented out code
* Added attack tracks information to prioritization algorithm
* bump opa-utils
* go mod tidy
* go mod tidy
* CR changes
* Issue 613 cluster name (#783)
* added --clusterName flag (#613)
Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
* update flag name to --cluster-name
Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
* Per 307 fail on severity counters (#831)
* feat: fail on exceeding severity thresholds (#830)
- Add support for severity counters
- Add support for CLI flags that set severity thresholds
- Terminate Kubescape with an exit code 1 if scan results exceed the
severity thresholds
* Update opa-utils pkg version
Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>
* Fix merge conflict
* typo in .gitignore file (#833)
* remove unsupported installation method
* fixed welcome message
* fixed merge
* fixed attack tracks loading logic
* add flag validation for --account-id (#605) (#793)
* add flag validation for --account-id (#605)
Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
* add flag validation for --client-id & --secret-key
Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
* Validation method should be a member function
* Adding unit tests for credentials validate
Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
Co-authored-by: David Wertenteil <dwertent@armosec.io>
* Scan Kustomize Directory (#795)
* Scan Kustomize Files
* update 'scam Kustomize Directory' documentation in Readme.md
* go get
* go get inside httphandler
* SourceTypeKustomizeDirectory
* Added Scan for Kustomization File
Co-authored-by: David Wertenteil <dwertent@armosec.io>
* feat: unify severity threshold into one CLI flag (#838)
* feat: unify severity threshold into one CLI flag
Before this commit, severity threshold flags were separated by severity.
This commit unifies these thresholds into one flag that forces Kubescape
to terminate with an exit code 1 if there was at least one failed
control at the specified severity threshold or above.
* chore: update opa utils version
* chore: update opa-utils in httphandler
* feat: dont enforce severity by default
Previous iteration of supporting the severity threshold enforced it even
if the severity threshold was not explicitly specified.
This change enforces the severity threshold only if it has been
explicitly set.
* refactor: clarify flagValidationFramework func name
This change clarifies the meaning of the function that validates the
scan info for the `scan framework` command.
It achieves this by renaming the `flagValidationFramework` function to
`validateFrameworkScanInfo`.
* Merge branch 'master' into dev
Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
Co-authored-by: Moshe-Rappaport-CA <moshep@armosec.io>
Co-authored-by: Moshe Rappaport <89577611+Moshe-Rappaport-CA@users.noreply.github.com>
Co-authored-by: Om Raut <33827410+om2137@users.noreply.github.com>
Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com>
Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>
Co-authored-by: Chirag Arora <84070677+Chirag8023@users.noreply.github.com>
Co-authored-by: shm12 <shmuelb@armosec.io>
Co-authored-by: Amir Malka <amirm@armosec.io>
Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com>
Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com>
Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com>
Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com>
Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com>
Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com>
Co-authored-by: pwnb0y <vickykr07@yahoo.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com>
Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com>
Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com>
Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com>
Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com>
Co-authored-by: satyam kale <satyamkale271@gmail.com>
Co-authored-by: Aditya Pratap Singh <adityapratapsingh51@gmail.com>
Co-authored-by: Ashray Shetty <ashrayshetty1999@gmail.com>
Co-authored-by: Anubhav Gupta <mail.anubhav06@gmail.com>
Co-authored-by: Meyazhagan <meyazhagan.ofcl@gmail.com>
