testing the pr workflow

Signed-off-by: David Wertenteil <dwertent@armosec.io>

.github/workflows/00-pr-scanner.yaml

@@ -38,10 +38,12 @@ jobs:
     with:
       RELEASE: ""
       CLIENT: test
+      CGO_ENABLED: 0
+      GO111MODULE: ""
     secrets: inherit
 
   binary-build:
-    if: ${{ github.repository_owner == 'kubescape' }}
+    if: ${{ github.actor == 'kubescape' }}
     permissions:
       actions: read
       checks: read

.github/workflows/a-pr-scanner.yaml

@@ -15,7 +15,68 @@ on:
         required: false
         type: string
         default: "./..."
+      GO111MODULE:
+        required: true
+        type: string
+      CGO_ENABLED:
+        type: number
+        default: 1
 jobs:
+  unit-tests:
+    if: ${{ github.actor != 'kubescape' }}
+    name: Create cross-platform build
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    runs-on: ubuntu-latest
+    steps:
+
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+          submodules: recursive
+
+      - uses: actions/setup-go@v4
+        name: Installing go
+        with:
+          go-version: ${{ inputs.GO_VERSION }}
+          cache: true
+
+      - name: Test core pkg
+        run: ${{ env.DOCKER_CMD }} go test -v ./...
+        if: startsWith(github.ref, 'refs/tags')
+
+      - name: Test httphandler pkg
+        run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test -v ./...'
+        if: startsWith(github.ref, 'refs/tags')
+
+      - uses: anchore/sbom-action/download-syft@v0.15.2
+        name: Setup Syft
+
+      - uses: goreleaser/goreleaser-action@v5
+        name: Build
+        with:
+          distribution: goreleaser
+          version: latest
+          args: release --clean --snapshot
+        env:
+          RELEASE: ${{ inputs.RELEASE }}
+          CLIENT: ${{ inputs.CLIENT }}
+          CGO_ENABLED: ${{ inputs.CGO_ENABLED }}
+
+      - name: Smoke Testing
+        env:
+          RELEASE: ${{ inputs.RELEASE }}
+          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
+        run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ${PWD}/dist/kubescape-ubuntu-latest
+
+      - name: golangci-lint
+        continue-on-error: false
+        uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # ratchet:golangci/golangci-lint-action@v3
+        with:
+          version: latest
+          args: --timeout 10m --build-tags=static
+          only-new-issues: true
+
   scanners:
     env:
       GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}

.github/workflows/b-binary-build-and-e2e-tests.yaml

@@ -205,7 +205,7 @@ jobs:
       - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
         id: download-artifact
         with:
-          name: kubescape-ubuntu-latest
+          name: kubescape
           path: "~"
 
       - run: ls -laR

.github/workflows/c-create-release.yaml

@@ -33,41 +33,50 @@ jobs:
           path: .
 
       # TODO: kubescape-windows-latest is deprecated and should be removed
-      - name: Get kubescape.exe from kubescape-windows-latest
-        run: cp ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }} ./kubescape-${{ env.WINDOWS_OS }}/kubescape.exe
-
+      - name: Get kubescape.exe from kubescape-windows-latest.exe
+        run: cp ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape-${{ env.WINDOWS_OS }}.exe ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape.exe
+      
       - name: Set release token
+        id: set-token
         run: |
           if [ "${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" != "" ]; then
-            echo "TOKEN=${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" >> $GITHUB_ENV;
+            echo "token=${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" >> $GITHUB_OUTPUT;
           else
-            echo "TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV;
+            echo "token=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT;
           fi
+          
+      - name: List artifacts
+        run: |
+          find . -type f -print
+
       - name: Release
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # ratchet:softprops/action-gh-release@v1
+        uses: softprops/action-gh-release@975c1b265e11dd76618af1c374e7981f9a6ff44a 
         with:
-          token: ${{ env.TOKEN }}
+          token: ${{ steps.set-token.outputs.token }}
           name: ${{ inputs.RELEASE_NAME }}
           tag_name: ${{ inputs.TAG }}
           body: ${{ github.event.pull_request.body }}
           draft: ${{ inputs.DRAFT }}
-          fail_on_unmatched_files: true
           prerelease: false
-          # TODO: kubescape-windows-latest is deprecated and should be removed
+          fail_on_unmatched_files: true
           files: |
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }}
-            ./kubescape-${{ env.MAC_OS }}/kubescape-${{ env.MAC_OS }}
-            ./kubescape-${{ env.MAC_OS }}/kubescape-${{ env.MAC_OS }}.sha256
-            ./kubescape-${{ env.MAC_OS }}/kubescape-${{ env.MAC_OS }}.tar.gz
-            ./kubescape-${{ env.UBUNTU_OS }}/kubescape-${{ env.UBUNTU_OS }}
-            ./kubescape-${{ env.UBUNTU_OS }}/kubescape-${{ env.UBUNTU_OS }}.sha256
-            ./kubescape-${{ env.UBUNTU_OS }}/kubescape-${{ env.UBUNTU_OS }}.tar.gz
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape.exe
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }}.sha256
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }}.tar.gz
-            ./kubescapearm64-${{ env.MAC_OS }}/kubescape-arm64-${{ env.MAC_OS }}
-            ./kubescapearm64-${{ env.MAC_OS }}/kubescape-arm64-${{ env.MAC_OS }}.sha256
-            ./kubescapearm64-${{ env.MAC_OS }}/kubescape-arm64-${{ env.MAC_OS }}.tar.gz
-            ./kubescapearm64-${{ env.UBUNTU_OS }}/kubescape-arm64-${{ env.UBUNTU_OS }}
-            ./kubescapearm64-${{ env.UBUNTU_OS }}/kubescape-arm64-${{ env.UBUNTU_OS }}.sha256
-            ./kubescapearm64-${{ env.UBUNTU_OS }}/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz
+            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.tar.gz 
+            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.tar.gz.sbom 
+            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.tar.gz.sbom 
+            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe 
+            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.tar.gz 
+            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.tar.gz 
+            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.tar.gz.sbom 
+            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}
+            ./kubescape/kubescape-${{ env.UBUNTU_OS }} 
+            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz 
+            ./kubescape/kubescape-arm64-${{ env.MAC_OS }} 
+            ./kubescape/kubescape-${{ env.MAC_OS }}.tar.gz 
+            ./kubescape/kubescape-${{ env.MAC_OS }}.tar.gz.sbom 
+            ./kubescape/kubescape.exe 
+            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.tar.gz.sbom 
+            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz.sbom 
+            ./kubescape/kubescape-${{ env.MAC_OS }} 
+            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.tar.gz 
+            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.exe
+  

.github/workflows/d-publish-image.yaml

@@ -63,9 +63,9 @@ jobs:
         with:
           path: .
       - name: mv kubescape amd64 binary
-        run: mv kubescape-ubuntu-latest/kubescape-ubuntu-latest kubescape-amd64-ubuntu-latest
+        run: mv ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape-ubuntu-latest kubescape-amd64-ubuntu-latest
       - name: mv kubescape arm64 binary
-        run: mv kubescape-ubuntu-latest/kubescape-arm64-ubuntu-latest kubescape-arm64-ubuntu-latest
+        run: mv ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape-arm64-ubuntu-latest kubescape-arm64-ubuntu-latest
       - name: chmod +x
         run: chmod +x -v kubescape-a*
       - name: Build and push images

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "git2go"]
-	path = git2go
-	url = https://github.com/libgit2/git2go.git

.golangci.yml

@@ -52,6 +52,3 @@ issues:
     - linters:
       - stylecheck
       text: "ST1003"
-run:
-  skip-dirs:
-    - git2go

.goreleaser.yaml

@@ -20,6 +20,8 @@ builds:
     goarch:
       - amd64
       - arm64
+    ldflags:
+      - -s -w -X "github.com/kubescape/kubescape/v3/core/cautils.BuildNumber={{.Env.RELEASE}}"
     binary: >-
       {{ .ProjectName }}-
       {{- if eq .Arch "amd64" }}

Makefile

@@ -1,28 +1,12 @@
-.PHONY: test all build libgit2
+.PHONY: test all build
 
 # default task invoked while running make
-all: libgit2 build
+all: build
 
-export CGO_ENABLED=1
-
-# build and install libgit2
-libgit2:
-	-git submodule update --init --recursive
-	cd git2go; make install-static
-
-# build and install libgit2 for macOS m1
-libgit2arm64:
-	git submodule update --init --recursive
-	if [ "$(shell uname -s)" = "Darwin" ]; then \
-		sed -i '' 's/cmake -D/cmake -DCMAKE_OSX_ARCHITECTURES="arm64" -D/' git2go/script/build-libgit2.sh; \
-	fi
-	cd git2go; make install-static
-
-# go build tags
-TAGS = "gitenabled,static"
+export CGO_ENABLED=0
 
 build:
-	go build -v -tags=$(TAGS) .
+	go build -v .
 
 test:
-	go test -v -tags=$(TAGS) ./...
+	go test -v ./...

README.md

@@ -57,6 +57,14 @@ _Did you know you can use Kubescape in all these places?_
     <img src="docs/img/ksfromcodetodeploy.png" alt="Places you can use Kubescape: in your IDE, CI, CD, or against a running cluster.">
 </div>
 
+## Kubescape-operator Helm-Chart
+
+Besides the CLI, the Kubescape operator can also be installed via a Helm chart. Installing the Helm chart is an excellent way to begin using Kubescape, as it provides extensive features such as continuous scanning, image vulnerability scanning, runtime analysis, network policy generation, and more. You can find the Helm chart in the [Kubescape-operator documentation](https://kubescape.io/docs/install-operator/).
+
+## Kubescape GitHub Action
+
+Kubescape can be used as a GitHub Action. This is a great way to integrate Kubescape into your CI/CD pipeline. You can find the Kubescape GitHub Action in the [GitHub Action marketplace](https://github.com/marketplace/actions/kubescape).
+
 ## Under the hood
 
 Kubescape uses [Open Policy Agent](https://github.com/open-policy-agent/opa) to verify Kubernetes objects against [a library of posture controls](https://github.com/kubescape/regolibrary).

build.ps1

@@ -1,78 +0,0 @@
-# Defining input params
-param (
-    [string]$mode = "error"
-)
-
-# Function to install MSYS
-function Install {
-    Write-Host "Starting install..." -ForegroundColor Cyan
-
-    # Check to see if already installed
-    if (Test-Path "C:\MSYS64\") {
-        Write-Host "MSYS2 already installed" -ForegroundColor Green
-    } else {
-        # Create a temp directory
-        New-Item -Path "$PSScriptRoot\temp_install" -ItemType Directory > $null
-        
-        # Download MSYS
-        Write-Host "Downloading MSYS2..." -ForegroundColor Cyan
-        $bitsJobObj = Start-BitsTransfer "https://github.com/msys2/msys2-installer/releases/download/2022-06-03/msys2-x86_64-20220603.exe" -Destination "$PSScriptRoot\temp_install\msys2-x86_64-20220603.exe"
-        switch ($bitsJobObj.JobState) {
-            "Transferred" {
-                Complete-BitsTransfer -BitsJob $bitsJobObj
-                break
-            }
-            "Error" {
-                throw "Error downloading"
-            }
-        }
-        Write-Host "MSYS2 download complete" -ForegroundColor Green
-
-        # Install MSYS
-        Write-Host "Installing MSYS2..." -ForegroundColor Cyan
-        Start-Process -Filepath "$PSScriptRoot\temp_install\msys2-x86_64-20220603.exe" -ArgumentList @("install", "--root", "C:\MSYS64", "--confirm-command") -Wait
-        Write-Host "MSYS2 install complete" -ForegroundColor Green
-
-        # Remove temp directory
-        Remove-Item "$PSScriptRoot\temp_install" -Recurse
-    }
-
-    # Set PATH
-    $env:Path = "C:\MSYS64\mingw64\bin;C:\MSYS64\usr\bin;" + $env:Path
-
-    # Install MSYS packages
-    Write-Host "Installing MSYS2 packages..." -ForegroundColor Cyan
-    Start-Process -Filepath "pacman" -ArgumentList @("-S", "--needed", "--noconfirm", "make") -Wait
-    Start-Process -Filepath "pacman" -ArgumentList @("-S", "--needed", "--noconfirm", "mingw-w64-x86_64-cmake") -Wait
-    Start-Process -Filepath "pacman" -ArgumentList @("-S", "--needed", "--noconfirm", "mingw-w64-x86_64-gcc") -Wait
-    Start-Process -Filepath "pacman" -ArgumentList @("-S", "--needed", "--noconfirm", "mingw-w64-x86_64-pkg-config") -Wait
-    Start-Process -Filepath "pacman" -ArgumentList @("-S", "--needed", "--noconfirm", "msys2-w32api-runtime") -Wait
-    Write-Host "MSYS2 packages install complete" -ForegroundColor Green
-
-    Write-Host "Install complete" -ForegroundColor Green
-}
-
-# Function to build libgit2
-function Build {
-    Write-Host "Starting build..." -ForegroundColor Cyan
-
-    # Set PATH
-    $env:Path = "C:\MSYS64\mingw64\bin;C:\MSYS64\usr\bin;" + $env:Path
-
-    # Build
-    Start-Process -Filepath "make" -ArgumentList @("libgit2") -Wait -NoNewWindow
-
-    Write-Host "Build complete" -ForegroundColor Green
-}
-
-# Check user call mode
-if ($mode -eq "all") {
-    Install
-    Build
-} elseif ($mode -eq "install") {
-    Install
-} elseif ($mode -eq "build") {
-    Build
-} else {
-    Write-Host "Error: -mode should be one of (all|install|build)" -ForegroundColor Red
-}

build.py

@@ -1,97 +0,0 @@
-import os
-import sys
-import hashlib
-import platform
-import subprocess
-import tarfile
-
-BASE_GETTER_CONST = "github.com/kubescape/kubescape/v3/core/cautils/getter"
-CURRENT_PLATFORM = platform.system()
-
-platformSuffixes = {
-    "Windows": "windows-latest",
-    "Linux": "ubuntu-latest",
-    "Darwin": "macos-latest",
-}
-
-def check_status(status, msg):
-    if status != 0:
-        sys.stderr.write(msg)
-        exit(status)
-
-
-def get_build_dir():
-    return "build"
-
-
-def get_package_name():
-    if CURRENT_PLATFORM not in platformSuffixes: raise OSError("Platform %s is not supported!" % (CURRENT_PLATFORM))
-
-    # # TODO: kubescape-windows-latest is deprecated and should be removed
-    # if CURRENT_PLATFORM == "Windows": return "kubescape.exe"
-
-    package_name = "kubescape-"
-    if os.getenv("GOARCH"):
-        package_name += os.getenv("GOARCH") + "-"
-    return package_name + platformSuffixes[CURRENT_PLATFORM]
-
-
-def main():
-    print("Building Kubescape")
-
-    # Set some variables
-    package_name = get_package_name()
-    build_url = "github.com/kubescape/kubescape/v3/core/cautils.BuildNumber"
-    release_version = os.getenv("RELEASE")
-
-    client_var = "github.com/kubescape/kubescape/v3/core/cautils.Client"
-    client_name = os.getenv("CLIENT")
-
-    # Create build directory
-    build_dir = get_build_dir()
-
-    ks_file = os.path.join(build_dir, package_name)
-    hash_file = ks_file + ".sha256"
-    tar_file = ks_file + ".tar.gz"
-
-    if not os.path.isdir(build_dir):
-        os.makedirs(build_dir)
-
-    # Build kubescape
-    ldflags = "-w -s"
-    if release_version:
-        ldflags += " -X {}={}".format(build_url, release_version)
-    if client_name:
-        ldflags += " -X {}={}".format(client_var, client_name)
-
-    build_command = ["go", "build", "-buildmode=pie", "-tags=static,gitenabled", "-o", ks_file, "-ldflags" ,ldflags]
-    if CURRENT_PLATFORM == "Windows":
-        os.putenv("CGO_ENABLED", "0")
-        build_command = ["go", "build", "-o", ks_file, "-ldflags", ldflags]
-
-    print("Building kubescape and saving here: {}".format(ks_file))
-    print("Build command: {}".format(" ".join(build_command)))
-
-    status = subprocess.call(build_command)
-    check_status(status, "Failed to build kubescape")
-
-    sha256 = hashlib.sha256()
-    with open(ks_file, "rb") as kube:
-        sha256.update(kube.read())
-        with open(hash_file, "w") as kube_sha:
-            hash = sha256.hexdigest()
-            print("kubescape hash: {}, file: {}".format(hash, hash_file))
-            kube_sha.write(sha256.hexdigest())
-
-    with tarfile.open(tar_file, 'w:gz') as archive:
-        name = "kubescape"
-        if CURRENT_PLATFORM == "Windows":
-            name += ".exe"
-        archive.add(ks_file, name)
-        archive.add("LICENSE", "LICENSE")
-
-    print("Build Done")
-
-
-if __name__ == "__main__":
-    main()

build/Dockerfile.dockerignore

@@ -1,3 +1,2 @@
 .git
-git2go
 kubescape*

build/kubescape-cli.Dockerfile.dockerignore

@@ -1,2 +1 @@
 .git
-git2go

cmd/scan/framework.go

@@ -94,7 +94,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 
 				}
 				if len(args) > 1 {
-					if len(args[1:]) == 0 || args[1] != "-" {
+					if args[1] != "-" {
 						scanInfo.InputPatterns = args[1:]
 						logger.L().Debug("List of input files", helpers.Interface("patterns", scanInfo.InputPatterns))
 					} else { // store stdin to file - do NOT move to separate function !!
@@ -112,7 +112,6 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				}
 			}
 			scanInfo.SetScanType(cautils.ScanTypeFramework)
-			scanInfo.FrameworkScan = true
 
 			scanInfo.SetPolicyIdentifiers(frameworks, apisv1.KindFramework)
 
@@ -178,7 +177,7 @@ func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCou
 
 // terminateOnExceedingSeverity terminates the application on exceeding severity
 func terminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l helpers.ILogger) {
-	l.Fatal("result exceeds severity threshold", helpers.String("set severity threshold", scanInfo.FailThresholdSeverity))
+	l.Fatal("compliance result exceeds severity threshold", helpers.String("set severity threshold", scanInfo.FailThresholdSeverity))
 }
 
 // enforceSeverityThresholds ensures that the scan results are below the defined severity threshold

cmd/scan/scan.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"strings"
 
+	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
 	"github.com/kubescape/kubescape/v3/core/meta"
@@ -45,12 +46,17 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 			if scanInfo.View == string(cautils.SecurityViewType) {
 				setSecurityViewScanInfo(args, &scanInfo)
 
-				return securityScan(scanInfo, ks)
+				if err := securityScan(scanInfo, ks); err != nil {
+					logger.L().Fatal(err.Error())
+				}
+			} else if len(args) == 0 || (args[0] != "framework" && args[0] != "control") {
+				if err := getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{strings.Join(getter.NativeFrameworks, ",")}, args...)); err != nil {
+					logger.L().Fatal(err.Error())
+				}
+			} else {
+				return fmt.Errorf("kubescape did not do anything")
 			}
 
-			if len(args) == 0 || (args[0] != "framework" && args[0] != "control") {
-				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{strings.Join(getter.NativeFrameworks, ",")}, args...))
-			}
 			return nil
 		},
 		PostRun: func(cmd *cobra.Command, args []string) {
@@ -118,10 +124,11 @@ func setSecurityViewScanInfo(args []string, scanInfo *cautils.ScanInfo) {
 	if len(args) > 0 {
 		scanInfo.SetScanType(cautils.ScanTypeRepo)
 		scanInfo.InputPatterns = args
+		scanInfo.SetPolicyIdentifiers([]string{"workloadscan", "allcontrols"}, v1.KindFramework)
 	} else {
 		scanInfo.SetScanType(cautils.ScanTypeCluster)
+		scanInfo.SetPolicyIdentifiers([]string{"clusterscan", "mitre", "nsa"}, v1.KindFramework)
 	}
-	scanInfo.SetPolicyIdentifiers([]string{"clusterscan", "mitre", "nsa"}, v1.KindFramework)
 }
 
 func securityScan(scanInfo cautils.ScanInfo, ks meta.IKubescape) error {

cmd/scan/scan_test.go

@@ -216,7 +216,7 @@ func (l *spyLogger) GetSpiedItems() []spyLogMessage {
 }
 
 func Test_terminateOnExceedingSeverity(t *testing.T) {
-	expectedMessage := "result exceeds severity threshold"
+	expectedMessage := "compliance result exceeds severity threshold"
 	expectedKey := "set severity threshold"
 
 	testCases := []struct {
@@ -305,15 +305,11 @@ func TestSetSecurityViewScanInfo(t *testing.T) {
 				PolicyIdentifier: []cautils.PolicyIdentifier{
 					{
 						Kind:       v1.KindFramework,
-						Identifier: "clusterscan",
+						Identifier: "workloadscan",
 					},
 					{
 						Kind:       v1.KindFramework,
-						Identifier: "mitre",
-					},
-					{
-						Kind:       v1.KindFramework,
-						Identifier: "nsa",
+						Identifier: "allcontrols",
 					},
 				},
 			},

cmd/scan/workload.go

@@ -77,6 +77,8 @@ func getWorkloadCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comma
 				logger.L().Fatal(err.Error())
 			}
 
+			enforceSeverityThresholds(results.GetData().Report.SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
+
 			return nil
 		},
 	}

cmd/version/git_native_disabled.go

@@ -1,7 +0,0 @@
-//go:build !gitenabled
-
-package version
-
-func isGitEnabled() bool {
-	return false
-}

cmd/version/git_native_enabled.go

@@ -1,7 +0,0 @@
-//go:build gitenabled
-
-package version
-
-func isGitEnabled() bool {
-	return true
-}

cmd/version/version.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"fmt"
 
-	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/spf13/cobra"
 )
@@ -23,7 +22,6 @@ func GetVersionCmd() *cobra.Command {
 				"Your current version is: %s\n",
 				versionCheckRequest.ClientVersion,
 			)
-			logger.L().Debug(fmt.Sprintf("git enabled in build: %t", isGitEnabled()))
 			return nil
 		},
 	}

core/cautils/datastructures.go

@@ -58,6 +58,7 @@ type OPASessionObj struct {
 	OmitRawResources      bool                               // omit raw resources from output
 	SingleResourceScan    workloadinterface.IWorkload        // single resource scan
 	TopWorkloadsByScore   []reporthandling.IResource
+	TemplateMapping       map[string]MappingNodes // Map chart obj to template (only for rendering from path)
 }
 
 func NewOPASessionObj(ctx context.Context, frameworks []reporthandling.Framework, k8sResources K8SResources, scanInfo *ScanInfo) *OPASessionObj {
@@ -74,6 +75,7 @@ func NewOPASessionObj(ctx context.Context, frameworks []reporthandling.Framework
 		SessionID:             scanInfo.ScanID,
 		Metadata:              scanInfoToScanMetadata(ctx, scanInfo),
 		OmitRawResources:      scanInfo.OmitRawResources,
+		TemplateMapping:       make(map[string]MappingNodes),
 	}
 }
 

core/cautils/fileutils.go

@@ -38,7 +38,7 @@ type Chart struct {
 }
 
 // LoadResourcesFromHelmCharts scans a given path (recursively) for helm charts, renders the templates and returns a map of workloads and a map of chart names
-func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, map[string]Chart) {
+func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, map[string]Chart, map[string]MappingNodes) {
 	directories, _ := listDirs(basePath)
 	helmDirectories := make([]string, 0)
 	for _, dir := range directories {
@@ -49,14 +49,16 @@ func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[stri
 
 	sourceToWorkloads := map[string][]workloadinterface.IMetadata{}
 	sourceToChart := make(map[string]Chart, 0)
+	sourceToNodes := map[string]MappingNodes{}
 	for _, helmDir := range helmDirectories {
 		chart, err := NewHelmChart(helmDir)
 		if err == nil {
-			wls, errs := chart.GetWorkloadsWithDefaultValues()
+			wls, templateToNodes, errs := chart.GetWorkloadsWithDefaultValues()
 			if len(errs) > 0 {
 				logger.L().Ctx(ctx).Warning(fmt.Sprintf("Rendering of Helm chart template '%s', failed: %v", chart.GetName(), errs))
 				continue
 			}
+			sourceToNodes = templateToNodes
 
 			chartName := chart.GetName()
 			for k, v := range wls {
@@ -66,9 +68,12 @@ func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[stri
 					Path: helmDir,
 				}
 			}
+			// for k, v := range templateMappings {
+			// 	sourceToNodes[k] = v
+			// }
 		}
 	}
-	return sourceToWorkloads, sourceToChart
+	return sourceToWorkloads, sourceToChart, sourceToNodes
 }
 
 // If the contents at given path is a Kustomize Directory, LoadResourcesFromKustomizeDirectory will

core/cautils/fileutils_test.go

@@ -45,10 +45,11 @@ func TestLoadResourcesFromFiles(t *testing.T) {
 }
 
 func TestLoadResourcesFromHelmCharts(t *testing.T) {
-	sourceToWorkloads, sourceToChartName := LoadResourcesFromHelmCharts(context.TODO(), helmChartPath())
+	sourceToWorkloads, sourceToChartName, _ := LoadResourcesFromHelmCharts(context.TODO(), helmChartPath())
 	assert.Equal(t, 6, len(sourceToWorkloads))
 
 	for file, workloads := range sourceToWorkloads {
+
 		assert.Equalf(t, 1, len(workloads), "expected 1 workload in file %s", file)
 
 		w := workloads[0]

core/cautils/git_native_disabled.go

@@ -1,5 +1,3 @@
-//go:build !gitenabled
-
 package cautils
 
 import (

core/cautils/git_native_enabled.go

@@ -1,146 +0,0 @@
-//go:build gitenabled
-
-package cautils
-
-import (
-	"fmt"
-	"time"
-
-	"github.com/kubescape/go-git-url/apis"
-	git2go "github.com/libgit2/git2go/v33"
-)
-
-type gitRepository struct {
-	git2GoRepo       *git2go.Repository
-	fileToLastCommit map[string]*git2go.Commit
-}
-
-func newGitRepository(root string) (*gitRepository, error) {
-	git2GoRepo, err := git2go.OpenRepository(root)
-	if err != nil {
-		return nil, err
-	}
-
-	return &gitRepository{
-		git2GoRepo: git2GoRepo,
-	}, nil
-}
-
-func (g *gitRepository) GetFileLastCommit(filePath string) (*apis.Commit, error) {
-	if len(g.fileToLastCommit) == 0 {
-		g.buildCommitMap()
-	}
-
-	if relevantCommit, exists := g.fileToLastCommit[filePath]; exists {
-		return g.getCommit(relevantCommit), nil
-	}
-
-	return nil, fmt.Errorf("failed to get commit information for file: %s", filePath)
-}
-
-func (g *gitRepository) buildCommitMap() {
-	filePathToCommitTime := map[string]time.Time{}
-	filePathToCommit := map[string]*git2go.Commit{}
-	allCommits, _ := g.getAllCommits()
-
-	// builds a map of all files to their last commit
-	for _, commit := range allCommits {
-		// Ignore merge commits (2+ parents)
-		if commit.ParentCount() <= 1 {
-			tree, err := commit.Tree()
-			if err != nil {
-				continue
-			}
-
-			// ParentCount can be either 1 or 0 (initial commit)
-			// In case it's the initial commit, prevTree is nil
-			var prevTree *git2go.Tree
-			if commit.ParentCount() == 1 {
-				prevCommit := commit.Parent(0)
-				prevTree, err = prevCommit.Tree()
-				if err != nil {
-					continue
-				}
-			}
-
-			diff, err := g.git2GoRepo.DiffTreeToTree(prevTree, tree, nil)
-			if err != nil {
-				continue
-			}
-
-			numDeltas, err := diff.NumDeltas()
-			if err != nil {
-				continue
-			}
-
-			for i := 0; i < numDeltas; i++ {
-				delta, err := diff.Delta(i)
-				if err != nil {
-					continue
-				}
-
-				deltaFilePath := delta.NewFile.Path
-				commitTime := commit.Author().When
-
-				// In case we have the commit information for the file which is not the latest - we override it
-				if currentCommitTime, exists := filePathToCommitTime[deltaFilePath]; exists {
-					if currentCommitTime.Before(commitTime) {
-						filePathToCommitTime[deltaFilePath] = commitTime
-						filePathToCommit[deltaFilePath] = commit
-					}
-				} else {
-					filePathToCommitTime[deltaFilePath] = commitTime
-					filePathToCommit[deltaFilePath] = commit
-				}
-			}
-		}
-	}
-
-	g.fileToLastCommit = filePathToCommit
-}
-
-func (g *gitRepository) getAllCommits() ([]*git2go.Commit, error) {
-	logItr, itrErr := g.git2GoRepo.Walk()
-	if itrErr != nil {
-
-		return nil, itrErr
-	}
-
-	pushErr := logItr.PushHead()
-	if pushErr != nil {
-		return nil, pushErr
-	}
-
-	var allCommits []*git2go.Commit
-	err := logItr.Iterate(func(commit *git2go.Commit) bool {
-		if commit != nil {
-			allCommits = append(allCommits, commit)
-			return true
-		}
-		return false
-	})
-
-	if err != nil {
-		return nil, err
-	}
-
-	if err != nil {
-		return nil, err
-	}
-
-	return allCommits, nil
-}
-
-func (g *gitRepository) getCommit(commit *git2go.Commit) *apis.Commit {
-	return &apis.Commit{
-		SHA: commit.Id().String(),
-		Author: apis.Committer{
-			Name:  commit.Author().Name,
-			Email: commit.Author().Email,
-			Date:  commit.Author().When,
-		},
-		Message:   commit.Message(),
-		Committer: apis.Committer{},
-		Files:     []apis.Files{},
-	}
-}

core/cautils/helmchart.go

@@ -1,7 +1,9 @@
 package cautils
 
 import (
+	"fmt"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	logger "github.com/kubescape/go-logger"
@@ -45,22 +47,35 @@ func (hc *HelmChart) GetDefaultValues() map[string]interface{} {
 }
 
 // GetWorkloads renders chart template using the default values and returns a map of source file to its workloads
-func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, []error) {
+func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, map[string]MappingNodes, []error) {
 	return hc.GetWorkloads(hc.GetDefaultValues())
 }
 
 // GetWorkloads renders chart template using the provided values and returns a map of source (absolute) file path to its workloads
-func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, []error) {
+func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, map[string]MappingNodes, []error) {
 	vals, err := helmchartutil.ToRenderValues(hc.chart, values, helmchartutil.ReleaseOptions{}, nil)
 	if err != nil {
-		return nil, []error{err}
+		return nil, nil, []error{err}
 	}
 
+	// change the chart to template with comment, only is template(.yaml added otherwise no)
+	hc.AddCommentToTemplate()
+
 	sourceToFile, err := helmengine.Render(hc.chart, vals)
 	if err != nil {
-		return nil, []error{err}
+		return nil, nil, []error{err}
 	}
 
+	// get the resouse and analysis and store it to the struct
+	fileMapping := make(map[string]MappingNodes)
+	err = GetTemplateMapping(sourceToFile, fileMapping)
+	if err != nil {
+		return nil, nil, []error{err}
+	}
+
+	// delete the comment from chart and from sourceToFile
+	RemoveComment(sourceToFile)
+
 	workloads := make(map[string][]workloadinterface.IMetadata, 0)
 	errs := []error{}
 
@@ -76,10 +91,14 @@ func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]w
 		if len(wls) == 0 {
 			continue
 		}
-		// separate base path and file name. We do not use the os.Separator because the paths returned from the helm engine are not OS specific (e.g. mychart/templates/myfile.yaml)
 		if firstPathSeparatorIndex := strings.Index(path, string("/")); firstPathSeparatorIndex != -1 {
 			absPath := filepath.Join(hc.path, path[firstPathSeparatorIndex:])
 
+			if nodes, ok := fileMapping[path]; ok {
+				fileMapping[absPath] = nodes
+				delete(fileMapping, path)
+			}
+
 			workloads[absPath] = []workloadinterface.IMetadata{}
 			for i := range wls {
 				lw := localworkload.NewLocalWorkload(wls[i].GetObject())
@@ -88,5 +107,46 @@ func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]w
 			}
 		}
 	}
-	return workloads, errs
+	return workloads, fileMapping, errs
+}
+
+func (hc *HelmChart) AddCommentToTemplate() {
+	for index, t := range hc.chart.Templates {
+		if IsYaml(strings.ToLower(t.Name)) {
+			var newLines []string
+			originalTemplate := string(t.Data)
+			lines := strings.Split(originalTemplate, "\n")
+
+			for index, line := range lines {
+				comment := " #This is the " + strconv.Itoa(index+1) + " line"
+				newLines = append(newLines, line+comment)
+			}
+			templateWithComment := strings.Join(newLines, "\n")
+			hc.chart.Templates[index].Data = []byte(templateWithComment)
+		}
+	}
+}
+
+func RemoveComment(sourceToFile map[string]string) {
+	// commentRe := regexp.MustCompile(CommentFormat)
+	for fileName, file := range sourceToFile {
+		if !IsYaml(strings.ToLower((fileName))) {
+			continue
+		}
+		sourceToFile[fileName] = commentRe.ReplaceAllLiteralString(file, "")
+	}
+}
+
+func GetTemplateMapping(sourceToFile map[string]string, fileMapping map[string]MappingNodes) error {
+	for fileName, fileContent := range sourceToFile {
+		mappingNodes, err := GetMapping(fileName, fileContent)
+		if err != nil {
+			err = fmt.Errorf("GetMapping wrong, err: %s", err.Error())
+			return err
+		}
+		if len(mappingNodes.Nodes) != 0 {
+			fileMapping[fileName] = *mappingNodes
+		}
+	}
+	return nil
 }

core/cautils/helmchart_test.go

@@ -83,7 +83,7 @@ func (s *HelmChartTestSuite) TestGetWorkloadsWithOverride() {
 	// Override default value
 	values["image"].(map[string]interface{})["pullPolicy"] = "Never"
 
-	fileToWorkloads, errs := chart.GetWorkloads(values)
+	fileToWorkloads, _, errs := chart.GetWorkloads(values)
 	s.Len(errs, 0)
 
 	s.Lenf(fileToWorkloads, len(s.expectedFiles), "Expected %d files", len(s.expectedFiles))
@@ -111,7 +111,7 @@ func (s *HelmChartTestSuite) TestGetWorkloadsMissingValue() {
 	values := chart.GetDefaultValues()
 	delete(values, "image")
 
-	fileToWorkloads, errs := chart.GetWorkloads(values)
+	fileToWorkloads, _, errs := chart.GetWorkloads(values)
 	s.Nil(fileToWorkloads)
 	s.Len(errs, 1, "Expected an error due to missing value")
 

core/cautils/localgitrepository.go

@@ -1,7 +1,6 @@
 package cautils
 
 import (
-	"errors"
 	"fmt"
 	"path"
 	"strings"
@@ -19,8 +18,6 @@ type LocalGitRepository struct {
 	config    *configv5.Config
 }
 
-var ErrWarnNotSupportedByBuild = errors.New(`git commits retrieval not supported by this build. Build with tag "gitenabled" to enable the full git scan feature`)
-
 func NewLocalGitRepository(path string) (*LocalGitRepository, error) {
 	goGitRepo, err := gitv5.PlainOpenWithOptions(path, &gitv5.PlainOpenOptions{DetectDotGit: true})
 	if err != nil {
@@ -53,7 +50,7 @@ func NewLocalGitRepository(path string) (*LocalGitRepository, error) {
 
 	if repoRoot, err := l.GetRootDir(); err == nil {
 		gitRepository, err := newGitRepository(repoRoot)
-		if err != nil && !errors.Is(err, ErrWarnNotSupportedByBuild) {
+		if err != nil {
 			return l, err
 		}
 

core/cautils/mappingnode.go

@@ -0,0 +1,34 @@
+package cautils
+
+type ObjectID struct {
+	apiVersion string
+	kind       string
+}
+
+type MappingNode struct {
+	ObjectID           *ObjectID
+	Field              string
+	Value              string
+	TemplateFileName   string
+	TemplateLineNumber int
+}
+
+type MappingNodes struct {
+	Nodes            []map[string]MappingNode //Map line number of chart to template obj map[int]MappingNode
+	TemplateFileName string
+}
+
+func (node *MappingNode) writeInfoToNode(objectID *ObjectID, path string, lineNumber int, value string, fileName string) {
+	node.Field = path
+	node.TemplateLineNumber = lineNumber
+	node.ObjectID = objectID
+	node.Value = value
+	node.TemplateFileName = fileName
+}
+
+func NewMappingNodes() *MappingNodes {
+	mappingNodes := new(MappingNodes)
+	mappingNodes.TemplateFileName = ""
+	return mappingNodes
+
+}

core/cautils/parseFile.go

@@ -0,0 +1,267 @@
+package cautils
+
+import (
+	"errors"
+	"fmt"
+	"regexp"
+	"strconv"
+	"strings"
+
+	logger "github.com/kubescape/go-logger"
+	"github.com/mikefarah/yq/v4/pkg/yqlib"
+	"gopkg.in/op/go-logging.v1"
+)
+
+const (
+	CommentFormat = `#This is the (?P<line>\d*) line`
+)
+
+var apiVersionRe = regexp.MustCompile(`apiVersion: (?P<apiVersion>\S*)`)
+var kindRe = regexp.MustCompile(`kind: (?P<kind>\S*)`)
+var pathRe = regexp.MustCompile(`path: (?P<path>\S*)`)
+var typeRe = regexp.MustCompile(`type: '(?P<type>\S*)'`)
+var valueRe = regexp.MustCompile(`value: (?P<value>\[.+\]|\S*)`)
+var commentRe = regexp.MustCompile(CommentFormat)
+var seqRe = regexp.MustCompile(`.(?P<number>\d+)(?P<point>\.?)`)
+var newSeqRe = "[${number}]${point}"
+var newFileSeperator = "---"
+
+// change to use go func
+func GetMapping(fileName string, fileContent string) (*MappingNodes, error) {
+
+	node := new(MappingNode)
+	objectID := new(ObjectID)
+	subFileNodes := make(map[string]MappingNode)
+	mappingNodes := NewMappingNodes()
+	mappingNodes.TemplateFileName = fileName
+
+	lines := strings.Split(fileContent, "\n")
+
+	lastNumber := -1
+	reducedNumber := -1 // uses to make sure line and line in yq is the same
+
+	isApiVersionEmpty := true
+	isKindEmpty := true
+	var err error
+
+	var lineExpression = `..| select(line == %d)| {"destpath": path | join("."),"type": type,"value": .}`
+
+	for i, line := range lines {
+		index := i
+		if apiVersionRe.MatchString(line) {
+			isApiVersionEmpty, err = extractApiVersion(line, objectID)
+			if err != nil {
+				return nil, fmt.Errorf("extractApiVersion error: err, %s", err.Error())
+			}
+			if reducedNumber == -1 {
+				reducedNumber = index + reducedNumber
+			}
+			continue
+		} else if kindRe.MatchString(line) {
+			isKindEmpty, err = extractKind(line, objectID)
+			if err != nil {
+				return nil, fmt.Errorf("extractKind error: err, %s", err.Error())
+			}
+			continue
+		} else if strings.Contains(line, newFileSeperator) { //At least two files in one yaml
+			mappingNodes.Nodes = append(mappingNodes.Nodes, subFileNodes)
+			// Restart a subfileNode
+			isApiVersionEmpty = false
+			isKindEmpty = false
+			subFileNodes = make(map[string]MappingNode)
+			continue
+		}
+
+		if !isApiVersionEmpty || !isKindEmpty {
+			// not sure if it can go to the end
+			index = index - reducedNumber
+			expression := fmt.Sprintf(lineExpression, index)
+			output, err := getYamlLineInfo(expression, fileContent)
+			if err != nil {
+				return nil, fmt.Errorf("getYamlLineInfo wrong, the err is %s", err.Error())
+			}
+
+			path := extractParameter(pathRe, output, "$path")
+			//if path is empty, continue
+			if path != "" && path != "\"\"" {
+				if isApiVersionEmpty || isKindEmpty {
+					return nil, fmt.Errorf("there is no enough objectID info")
+				}
+				splits := strings.Split(output, "dest")
+				if len(splits) < 2 {
+					return nil, fmt.Errorf("something wrong with the length of the splits, which is %d", len(splits))
+				} else {
+					// cut the redundant one
+					splits = splits[1:]
+					lastNumber, err = writeNodes(splits, lastNumber, fileName, node, objectID, subFileNodes)
+					if err != nil {
+						return nil, fmt.Errorf("writeNodes err: %s", err.Error())
+					}
+				}
+			}
+
+		}
+
+		if i == len(lines)-1 {
+			mappingNodes.Nodes = append(mappingNodes.Nodes, subFileNodes)
+		}
+	}
+	return mappingNodes, nil
+}
+
+func writeNodes(splits []string, lastNumber int, fileName string, node *MappingNode, objectID *ObjectID, subFileNodes map[string]MappingNode) (int, error) {
+	for _, split := range splits {
+		path := extractPath(split)
+		mapMatched, err := extractMapType(split)
+		if err != nil {
+			return -1, fmt.Errorf("extractMapType err: %s", err.Error())
+		}
+		if mapMatched {
+			lastNumber, err = writeNoteToMapping(split, lastNumber, path, fileName, node, objectID, true, subFileNodes)
+			if err != nil {
+				return -1, fmt.Errorf("map type: writeNoteToMapping, err: %s", err.Error())
+			}
+
+		} else {
+			lastNumber, err = writeNoteToMapping(split, lastNumber, path, fileName, node, objectID, false, subFileNodes)
+			if err != nil {
+				return -1, fmt.Errorf("not map type: writeNoteToMapping, err: %s", err.Error())
+			}
+		}
+	}
+	return lastNumber, nil
+}
+
+func writeNoteToMapping(split string, lastNumber int, path string, fileName string, node *MappingNode, objectID *ObjectID, isMapType bool, subFileNodes map[string]MappingNode) (int, error) {
+	newlastNumber, err := writeNodeInfo(split, lastNumber, path, fileName, node, objectID, isMapType)
+	if err != nil {
+		return 0, fmt.Errorf("isMapType: %v, writeNodeInfo wrong err: %s", isMapType, err.Error())
+	}
+	if _, ok := subFileNodes[path]; !ok { // Assume the path is unique in one subfile
+		subFileNodes[path] = *node
+	}
+	// else {
+	// 	return 0, fmt.Errorf("isMapType: %v, %s in mapping.Nodes exists", isMapType, path)
+	// }
+	return newlastNumber, nil
+}
+
+func writeNodeInfo(split string, lastNumber int, path string, fileName string, node *MappingNode, objectID *ObjectID, isMapType bool) (int, error) {
+	value, lineNumber, newLastNumber, err := getInfoFromOne(split, lastNumber, isMapType)
+	if err != nil {
+		return -1, fmt.Errorf("getInfoFromOne wrong err: %s", err.Error())
+	}
+	// lastNumber = newLastNumber
+	node.writeInfoToNode(objectID, path, lineNumber, value, fileName)
+	return newLastNumber, nil
+}
+
+func getInfoFromOne(output string, lastNumber int, isMapType bool) (value string, lineNumber int, newLastNumber int, err error) {
+	if isMapType {
+		value = ""
+	} else {
+		value = extractParameter(valueRe, output, "$value")
+	}
+	number := extractParameter(commentRe, output, "$line")
+	if number != "" {
+		lineNumber, err = strconv.Atoi(number)
+		if err != nil {
+			return "", -1, -1, fmt.Errorf("strconv.Atoi err: %s", err.Error())
+		}
+		if isMapType {
+			lineNumber = lineNumber - 1
+		}
+		lastNumber = lineNumber
+		// save to structure
+	} else {
+		lineNumber = lastNumber
+		// use the last one number
+	}
+	newLastNumber = lineNumber
+	return value, lineNumber, newLastNumber, nil
+}
+
+func getYamlLineInfo(expression string, yamlFile string) (string, error) {
+	out, err := exectuateYq(expression, yamlFile)
+	if err != nil {
+		return "", fmt.Errorf("exectuateYq err: %s", err.Error())
+	}
+	return out, nil
+}
+
+func exectuateYq(expression string, yamlContent string) (string, error) {
+
+	backendLoggerLeveled := logging.AddModuleLevel(logging.NewLogBackend(logger.L().GetWriter(), "", 0))
+	backendLoggerLeveled.SetLevel(logging.ERROR, "")
+	yqlib.GetLogger().SetBackend(backendLoggerLeveled)
+
+	encoder := configureEncoder()
+
+	decoder := configureDecoder(false)
+
+	stringEvaluator := yqlib.NewStringEvaluator()
+
+	out, err := stringEvaluator.Evaluate(expression, yamlContent, encoder, decoder)
+	if err != nil {
+		return "", errors.New("no matches found")
+	}
+	return out, err
+}
+
+func extractApiVersion(line string, objectID *ObjectID) (bool, error) {
+	apiVersion := extractParameter(apiVersionRe, line, "$apiVersion")
+	if apiVersion == "" {
+		return true, fmt.Errorf("something wrong when extracting the apiVersion, the line is %s", line)
+	}
+	objectID.apiVersion = apiVersion
+	return false, nil
+}
+
+func extractKind(line string, objectID *ObjectID) (bool, error) {
+	kind := extractParameter(kindRe, line, "$kind")
+	if kind == "" {
+		return true, fmt.Errorf("something wrong when extracting the kind, the line is %s", line)
+	}
+	objectID.kind = kind
+	return false, nil
+}
+func extractPath(split string) string {
+	path := extractParameter(pathRe, split, "$path")
+	// For each match of the regex in the content.
+	path = seqRe.ReplaceAllString(path, newSeqRe)
+	return path
+}
+
+func extractMapType(split string) (bool, error) {
+	pathType := extractParameter(typeRe, split, "$type")
+	mapMatched, err := regexp.MatchString(`!!map`, pathType)
+	if err != nil {
+		err = fmt.Errorf("regexp.MatchString err: %s", err.Error())
+		return false, err
+	}
+	return mapMatched, nil
+}
+
+func extractParameter(re *regexp.Regexp, line string, keyword string) string {
+	submatch := re.FindStringSubmatchIndex(line)
+	result := []byte{}
+	result = re.ExpandString(result, keyword, line, submatch)
+	parameter := string(result)
+	return parameter
+}
+
+//yqlib configuration
+
+func configureEncoder() yqlib.Encoder {
+	indent := 2
+	colorsEnabled := false
+	yqlibEncoder := yqlib.NewYamlEncoder(indent, colorsEnabled, yqlib.ConfiguredYamlPreferences)
+	return yqlibEncoder
+}
+
+func configureDecoder(evaluateTogether bool) yqlib.Decoder {
+	prefs := yqlib.ConfiguredYamlPreferences
+	prefs.EvaluateTogether = evaluateTogether
+	yqlibDecoder := yqlib.NewYamlDecoder(prefs)
+	return yqlibDecoder
+}

core/cautils/parseFile_test.go

@@ -0,0 +1,79 @@
+package cautils
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+	helmchartutil "helm.sh/helm/v3/pkg/chartutil"
+	helmengine "helm.sh/helm/v3/pkg/engine"
+)
+
+type HelmChartGetMappingSuite struct {
+	suite.Suite
+	helmChartPath string
+	expectedFiles []string
+	fileContent   map[string]string
+}
+
+func TestHelmChartGetMappingSuite(t *testing.T) {
+	suite.Run(t, new(HelmChartGetMappingSuite))
+}
+
+func (s *HelmChartGetMappingSuite) SetupSuite() {
+	o, _ := os.Getwd()
+
+	s.helmChartPath = filepath.Join(filepath.Dir(o), "..", "examples", "helm_chart_mapping_node")
+
+	s.expectedFiles = []string{
+		filepath.Join(s.helmChartPath, "templates", "clusterrolebinding.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "clusterrole.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "serviceaccount.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "rolebinding.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "role.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "cronjob.yaml"),
+	}
+
+	s.fileContent = make(map[string]string)
+
+	hc, _ := NewHelmChart(s.helmChartPath)
+
+	values := hc.GetDefaultValues()
+
+	vals, _ := helmchartutil.ToRenderValues(hc.chart, values, helmchartutil.ReleaseOptions{}, nil)
+
+	sourceToFile, _ := helmengine.Render(hc.chart, vals)
+
+	s.fileContent = sourceToFile
+
+}
+
+func (s *HelmChartGetMappingSuite) TestGetMapping() {
+	fileNodes, err := GetMapping("rolebinding.yaml", s.fileContent["kubescape/templates/rolebinding.yaml"])
+	s.NoError(err, "Get Mapping nodes correctly")
+	s.Equal(fileNodes.TemplateFileName, "rolebinding.yaml")
+	s.Len(fileNodes.Nodes, 1)
+	s.Len(fileNodes.Nodes[0], 13)
+}
+
+func (s *HelmChartGetMappingSuite) TestGetMappingFromFileContainsMultipleSubFiles() {
+	fileNodes, err := GetMapping("serviceaccount.yaml", s.fileContent["kubescape/templates/serviceaccount.yaml"])
+	s.NoError(err, "Get Mapping nodes correctly")
+	s.Equal(fileNodes.TemplateFileName, "serviceaccount.yaml")
+	s.Len(fileNodes.Nodes, 2)
+	s.Len(fileNodes.Nodes[0], 8)
+	s.Len(fileNodes.Nodes[1], 2)
+}
+
+func (s *HelmChartGetMappingSuite) TestGetMappingFromFileCWithoutKindOrApiVersion() {
+	fileNodes, err := GetMapping("clusterrole.yaml", s.fileContent["kubescape/templates/clusterrole.yaml"])
+	s.Contains(err.Error(), "there is no enough objectID info")
+	s.Nil(fileNodes)
+}
+
+func (s *HelmChartGetMappingSuite) TestGetMappingFromFileCWithoutApiVersion() {
+	fileNodes, err := GetMapping("clusterrolebinding.yaml", s.fileContent["kubescape/templates/clusterrolebinding.yaml"])
+	s.Contains(err.Error(), "there is no enough objectID info")
+	s.Nil(fileNodes)
+}

core/core/scan.go

@@ -246,7 +246,7 @@ func scanImages(scanType cautils.ScanTypes, scanData *cautils.OPASessionObj, ctx
 		if err := scanSingleImage(ctx, img, svc, resultsHandling); err != nil {
 			logger.L().StopError("failed to scan", helpers.String("image", img), helpers.Error(err))
 		}
-		logger.L().StopSuccess("Scan successful: ", helpers.String("image", img))
+		logger.L().StopSuccess("Done scanning", helpers.String("image", img))
 	}
 }
 

core/pkg/opaprocessor/utils.go

@@ -2,6 +2,7 @@ package opaprocessor
 
 import (
 	"fmt"
+	"strings"
 
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
@@ -75,7 +76,9 @@ var cosignVerifySignatureDefinition = func(bctx rego.BuiltinContext, a, b *ast.T
 	if err != nil {
 		return nil, fmt.Errorf("invalid parameter type: %v", err)
 	}
-	result, err := verify(string(aStr), string(bStr))
+	// Replace double backslashes with single backslashes
+	bbStr := strings.Replace(string(bStr), "\\n", "\n", -1)
+	result, err := verify(string(aStr), bbStr)
 	if err != nil {
 		// Do not change this log from debug level. We might find a lot of images without signature
 		logger.L().Debug("failed to verify signature", helpers.String("image", string(aStr)), helpers.String("key", string(bStr)), helpers.Error(err))

core/pkg/policyhandler/handlepullpolicies.go

@@ -150,7 +150,7 @@ func (policyHandler *PolicyHandler) downloadScanPolicies(ctx context.Context, po
 			logger.L().Debug("Downloading framework", helpers.String("framework", rule.Identifier))
 			receivedFramework, err := policyHandler.getters.PolicyGetter.GetFramework(rule.Identifier)
 			if err != nil {
-				return frameworks, policyDownloadError(err)
+				return frameworks, frameworkDownloadError(err, rule.Identifier)
 			}
 			if err := validateFramework(receivedFramework); err != nil {
 				return frameworks, err
@@ -171,7 +171,7 @@ func (policyHandler *PolicyHandler) downloadScanPolicies(ctx context.Context, po
 			logger.L().Debug("Downloading control", helpers.String("control", policy.Identifier))
 			receivedControl, err = policyHandler.getters.PolicyGetter.GetControl(policy.Identifier)
 			if err != nil {
-				return frameworks, policyDownloadError(err)
+				return frameworks, controlDownloadError(err, policy.Identifier)
 			}
 			if receivedControl != nil {
 				f.Controls = append(f.Controls, *receivedControl)

core/pkg/policyhandler/handlepullpoliciesutils.go

@@ -17,10 +17,22 @@ func getScanKind(policyIdentifier []cautils.PolicyIdentifier) apisv1.Notificatio
 	}
 	return "unknown"
 }
-func policyDownloadError(err error) error {
+func frameworkDownloadError(err error, fwName string) error {
 	if strings.Contains(err.Error(), "unsupported protocol scheme") {
 		err = fmt.Errorf("failed to download from GitHub release, try running with `--use-default` flag")
 	}
+	if strings.Contains(err.Error(), "not found") {
+		err = fmt.Errorf("framework '%s' not found, run `kubescape list frameworks` for available frameworks", fwName)
+	}
+	return err
+}
+func controlDownloadError(err error, controls string) error {
+	if strings.Contains(err.Error(), "unsupported protocol scheme") {
+		err = fmt.Errorf("failed to download from GitHub release, try running with `--use-default` flag")
+	}
+	if strings.Contains(err.Error(), "not found") {
+		err = fmt.Errorf("control '%s' not found, run `kubescape list controls` for available controls", controls)
+	}
 	return err
 }
 

core/pkg/policyhandler/handlepullpoliciesutils_test.go

@@ -89,6 +89,8 @@ func TestPolicyDownloadError(t *testing.T) {
 	tests := []struct {
 		err  error
 		want error
+		name string
+		kind string
 	}{
 		{
 			err:  errors.New("Some error"),
@@ -98,11 +100,31 @@ func TestPolicyDownloadError(t *testing.T) {
 			err:  errors.New("unsupported protocol scheme"),
 			want: fmt.Errorf("failed to download from GitHub release, try running with `--use-default` flag"),
 		},
+		{
+			err:  errors.New("framework 'cis' not found"),
+			want: fmt.Errorf("framework 'cis' not found, run `kubescape list frameworks` for available frameworks"),
+			name: "cis",
+			kind: "framework",
+		},
+		{
+			err:  errors.New("control 'c-0005' not found"),
+			want: fmt.Errorf("control 'c-0005' not found, run `kubescape list controls` for available controls"),
+			name: "c-0005",
+			kind: "control",
+		},
 	}
 
 	for _, tt := range tests {
 		t.Run("", func(t *testing.T) {
-			assert.Equal(t, tt.want, policyDownloadError(tt.err))
+			switch tt.kind {
+			case "framework":
+				assert.Equal(t, tt.want, frameworkDownloadError(tt.err, tt.name))
+			case "control":
+				assert.Equal(t, tt.want, controlDownloadError(tt.err, tt.name))
+			default:
+				assert.Equal(t, tt.want, frameworkDownloadError(tt.err, tt.name))
+				assert.Equal(t, tt.want, controlDownloadError(tt.err, tt.name))
+			}
 		})
 	}
 }

core/pkg/resourcehandler/filesloader.go

@@ -41,22 +41,27 @@ func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessio
 	for path := range scanInfo.InputPatterns {
 		var workloadIDToSource map[string]reporthandling.Source
 		var workloads []workloadinterface.IMetadata
+		var workloadIDToMappingNodes map[string]cautils.MappingNodes
 		var err error
 
 		if scanInfo.ChartPath != "" && scanInfo.FilePath != "" {
-			workloadIDToSource, workloads, err = getWorkloadFromHelmChart(ctx, scanInfo.ChartPath, scanInfo.FilePath)
+			workloadIDToSource, workloads, workloadIDToMappingNodes, err = getWorkloadFromHelmChart(ctx, scanInfo.ChartPath, scanInfo.FilePath)
+			if err != nil {
+				// We should probably ignore the error so we can continue scanning other charts
+			}
 		} else {
-			workloadIDToSource, workloads, err = getResourcesFromPath(ctx, scanInfo.InputPatterns[path])
+			workloadIDToSource, workloads, workloadIDToMappingNodes, err = getResourcesFromPath(ctx, scanInfo.InputPatterns[path])
 			if err != nil {
 				return nil, allResources, nil, nil, err
 			}
 		}
 		if len(workloads) == 0 {
-			logger.L().Debug("path ignored because contains only a non-kubernetes file", helpers.String("path", scanInfo.InputPatterns[path]))
+			continue
 		}
 
 		for k, v := range workloadIDToSource {
 			sessionObj.ResourceSource[k] = v
+			sessionObj.TemplateMapping[k] = workloadIDToMappingNodes[k]
 		}
 
 		// map all resources: map["/apiVersion/version/kind"][]<k8s workloads>
@@ -102,10 +107,10 @@ func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessio
 func (fileHandler *FileResourceHandler) GetCloudProvider() string {
 	return ""
 }
-func getWorkloadFromHelmChart(ctx context.Context, helmPath, workloadPath string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, error) {
+func getWorkloadFromHelmChart(ctx context.Context, helmPath, workloadPath string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, map[string]cautils.MappingNodes, error) {
 	clonedRepo, err := cloneGitRepo(&helmPath)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 	if clonedRepo != "" {
 		defer os.RemoveAll(clonedRepo)
@@ -114,7 +119,7 @@ func getWorkloadFromHelmChart(ctx context.Context, helmPath, workloadPath string
 	// Get repo root
 	repoRoot, gitRepo := extractGitRepo(helmPath)
 
-	helmSourceToWorkloads, helmSourceToChart := cautils.LoadResourcesFromHelmCharts(ctx, helmPath)
+	helmSourceToWorkloads, helmSourceToChart, helmSourceToNodes := cautils.LoadResourcesFromHelmCharts(ctx, helmPath)
 
 	if clonedRepo != "" {
 		workloadPath = clonedRepo + workloadPath
@@ -122,27 +127,34 @@ func getWorkloadFromHelmChart(ctx context.Context, helmPath, workloadPath string
 
 	wlSource, ok := helmSourceToWorkloads[workloadPath]
 	if !ok {
-		return nil, nil, fmt.Errorf("workload %s not found in chart %s", workloadPath, helmPath)
+		return nil, nil, nil, fmt.Errorf("workload %s not found in chart %s", workloadPath, helmPath)
 	}
 
 	if len(wlSource) != 1 {
-		return nil, nil, fmt.Errorf("workload %s found multiple times in chart %s", workloadPath, helmPath)
+		return nil, nil, nil, fmt.Errorf("workload %s found multiple times in chart %s", workloadPath, helmPath)
 	}
 
 	helmChart, ok := helmSourceToChart[workloadPath]
 	if !ok {
-		return nil, nil, fmt.Errorf("helmChart not found for workload %s", workloadPath)
+		return nil, nil, nil, fmt.Errorf("helmChart not found for workload %s", workloadPath)
+	}
+
+	templatesNodes, ok := helmSourceToNodes[workloadPath]
+	if !ok {
+		return nil, nil, nil, fmt.Errorf("templatesNodes not found for workload %s", workloadPath)
 	}
 
 	workloadSource := getWorkloadSourceHelmChart(repoRoot, helmPath, gitRepo, helmChart)
 
 	workloadIDToSource := make(map[string]reporthandling.Source, 1)
+	workloadIDToNodes := make(map[string]cautils.MappingNodes, 1)
 	workloadIDToSource[wlSource[0].GetID()] = workloadSource
+	workloadIDToNodes[wlSource[0].GetID()] = templatesNodes
 
 	workloads := []workloadinterface.IMetadata{}
 	workloads = append(workloads, wlSource...)
 
-	return workloadIDToSource, workloads, nil
+	return workloadIDToSource, workloads, workloadIDToNodes, nil
 
 }
 
@@ -176,13 +188,14 @@ func getWorkloadSourceHelmChart(repoRoot string, source string, gitRepo *cautils
 	}
 }
 
-func getResourcesFromPath(ctx context.Context, path string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, error) {
+func getResourcesFromPath(ctx context.Context, path string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, map[string]cautils.MappingNodes, error) {
 	workloadIDToSource := make(map[string]reporthandling.Source, 0)
+	workloadIDToNodes := make(map[string]cautils.MappingNodes)
 	workloads := []workloadinterface.IMetadata{}
 
 	clonedRepo, err := cloneGitRepo(&path)
 	if err != nil {
-		return nil, nil, err
+		return nil, nil, nil, err
 	}
 	if clonedRepo != "" {
 		defer os.RemoveAll(clonedRepo)
@@ -266,10 +279,11 @@ func getResourcesFromPath(ctx context.Context, path string) (map[string]reportha
 	}
 
 	// load resources from helm charts
-	helmSourceToWorkloads, helmSourceToChart := cautils.LoadResourcesFromHelmCharts(ctx, path)
+	helmSourceToWorkloads, helmSourceToChart, helmSourceToNodes := cautils.LoadResourcesFromHelmCharts(ctx, path)
 	for source, ws := range helmSourceToWorkloads {
 		workloads = append(workloads, ws...)
 		helmChart := helmSourceToChart[source]
+		templatesNodes := helmSourceToNodes[source]
 
 		if clonedRepo != "" {
 			url, err := gitRepo.GetRemoteUrl()
@@ -280,21 +294,29 @@ func getResourcesFromPath(ctx context.Context, path string) (map[string]reportha
 			helmChart.Path = strings.TrimSuffix(url, ".git")
 			repoRoot = ""
 			source = strings.TrimPrefix(source, fmt.Sprintf("%s/", clonedRepo))
+			templatesNodes.TemplateFileName = source
 		}
 
 		workloadSource := getWorkloadSourceHelmChart(repoRoot, source, gitRepo, helmChart)
 
 		for i := range ws {
 			workloadIDToSource[ws[i].GetID()] = workloadSource
+			workloadIDToNodes[ws[i].GetID()] = templatesNodes
+			// workloadIDToNodes[ws[i].GetID()].Nodes = templatesNodes.Nodes
+			// workloadIDToNodes[ws[i].GetID()].TemplateFileName = templatesNodes.TemplateFileName
+			// helmSourceToNodes[source]
 		}
 	}
 
-	if len(helmSourceToWorkloads) > 0 {
+	if len(helmSourceToWorkloads) > 0 { // && len(helmSourceToNodes) > 0
 		logger.L().Debug("helm templates found in local storage", helpers.Int("helmTemplates", len(helmSourceToWorkloads)), helpers.Int("workloads", len(workloads)))
+	} else {
+		workloadIDToNodes = nil
 	}
 
+	//patch, get value from env
 	// Load resources from Kustomize directory
-	kustomizeSourceToWorkloads, kustomizeDirectoryName := cautils.LoadResourcesFromKustomizeDirectory(ctx, path)
+	kustomizeSourceToWorkloads, kustomizeDirectoryName := cautils.LoadResourcesFromKustomizeDirectory(ctx, path) //?
 
 	// update workloads and workloadIDToSource with workloads from Kustomize Directory
 	for source, ws := range kustomizeSourceToWorkloads {
@@ -331,7 +353,7 @@ func getResourcesFromPath(ctx context.Context, path string) (map[string]reportha
 		}
 	}
 
-	return workloadIDToSource, workloads, nil
+	return workloadIDToSource, workloads, workloadIDToNodes, nil
 }
 
 func extractGitRepo(path string) (string, *cautils.LocalGitRepository) {

core/pkg/resourcehandler/filesloaderutils.go

@@ -9,7 +9,6 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/k8s-interface/workloadinterface"
-	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/opa-utils/objectsenvelopes"
 )
 
@@ -17,20 +16,23 @@ import (
 func cloneGitRepo(path *string) (string, error) {
 	var clonedDir string
 
-	// Clone git repository if needed
 	gitURL, err := giturl.NewGitAPI(*path)
-	if err == nil {
-		logger.L().Info("cloning", helpers.String("repository url", gitURL.GetURL().String()))
-		cautils.StartSpinner()
-		clonedDir, err = cloneRepo(gitURL)
-		cautils.StopSpinner()
-		if err != nil {
-			return "", fmt.Errorf("failed to clone git repo '%s',  %w", gitURL.GetURL().String(), err)
-		}
-
-		*path = filepath.Join(clonedDir, gitURL.GetPath())
-
+	if err != nil {
+		return "", nil
 	}
+
+	// Clone git repository if needed
+	logger.L().Start("cloning", helpers.String("repository url", gitURL.GetURL().String()))
+
+	clonedDir, err = cloneRepo(gitURL)
+	if err != nil {
+		logger.L().StopError("failed to clone git repo", helpers.String("url", gitURL.GetURL().String()), helpers.Error(err))
+		return "", fmt.Errorf("failed to clone git repo '%s',  %w", gitURL.GetURL().String(), err)
+	}
+
+	*path = filepath.Join(clonedDir, gitURL.GetPath())
+	logger.L().StopSuccess("Done accessing local objects")
+
 	return clonedDir, nil
 }
 

core/pkg/resourcehandler/handlerpullresources.go

@@ -36,8 +36,8 @@ func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyI
 	opaSessionObj.ExternalResources = externalResources
 	opaSessionObj.ExcludedRules = excludedRulesMap
 
-	if (opaSessionObj.K8SResources == nil || len(opaSessionObj.K8SResources) == 0) && (opaSessionObj.ExternalResources == nil || len(opaSessionObj.ExternalResources) == 0) {
-		return fmt.Errorf("empty list of resources")
+	if (opaSessionObj.K8SResources == nil || len(opaSessionObj.K8SResources) == 0) && (opaSessionObj.ExternalResources == nil || len(opaSessionObj.ExternalResources) == 0) || len(opaSessionObj.AllResources) == 0 {
+		return fmt.Errorf("no resources found to scan")
 	}
 
 	return nil

core/pkg/resourcehandler/k8sresources.go

@@ -132,7 +132,7 @@ func (k8sHandler *K8sResourceHandler) GetResources(ctx context.Context, sessionO
 			cautils.StopSpinner()
 			logger.L().Success("Requested Host scanner data")
 		} else {
-			cautils.SetInfoMapForResources("This control requires the Kubescape operator installed. To install it, go to\n     https://kubescape.io/docs/install-operator/.", hostResources, sessionObj.InfoMap)
+			cautils.SetInfoMapForResources("This control is scanned exclusively by the Kubescape operator, not the Kubescape CLI. Install the Kubescape operator:\n     https://kubescape.io/docs/install-operator/.", hostResources, sessionObj.InfoMap)
 		}
 	}
 

core/pkg/resultshandling/printer/v2/jsonprinter.go

@@ -8,12 +8,16 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/anchore/clio"
 	"github.com/anchore/grype/grype/presenter"
 	"github.com/anchore/grype/grype/presenter/models"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
+	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/imageprinter"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
+	"k8s.io/utils/strings/slices"
 )
 
 const (
@@ -54,11 +58,41 @@ func (jp *JsonPrinter) Score(score float32) {
 	fmt.Fprintf(os.Stderr, "\nOverall compliance-score (100- Excellent, 0- All failed): %d\n", cautils.Float32ToInt(score))
 
 }
+func (jp *JsonPrinter) convertToImageScanSummary(imageScanData []cautils.ImageScanData) (*imageprinter.ImageScanSummary, error) {
+	imageScanSummary := imageprinter.ImageScanSummary{
+		CVEs:                  []imageprinter.CVE{},
+		PackageScores:         map[string]*imageprinter.PackageScore{},
+		MapsSeverityToSummary: map[string]*imageprinter.SeveritySummary{},
+	}
+
+	for i := range imageScanData {
+		if !slices.Contains(imageScanSummary.Images, imageScanData[i].Image) {
+			imageScanSummary.Images = append(imageScanSummary.Images, imageScanData[i].Image)
+		}
+
+		presenterConfig := imageScanData[i].PresenterConfig
+		doc, err := models.NewDocument(clio.Identification{}, presenterConfig.Packages, presenterConfig.Context, presenterConfig.Matches, presenterConfig.IgnoredMatches, presenterConfig.MetadataProvider, nil, presenterConfig.DBStatus)
+		if err != nil {
+			logger.L().Error(fmt.Sprintf("failed to create document for image: %v", imageScanData[i].Image), helpers.Error(err))
+			continue
+		}
+
+		CVEs := extractCVEs(doc.Matches)
+		imageScanSummary.CVEs = append(imageScanSummary.CVEs, CVEs...)
+
+		setPkgNameToScoreMap(doc.Matches, imageScanSummary.PackageScores)
+
+		setSeverityToSummaryMap(CVEs, imageScanSummary.MapsSeverityToSummary)
+	}
+
+	return &imageScanSummary, nil
+}
 
 func (jp *JsonPrinter) ActionPrint(ctx context.Context, opaSessionObj *cautils.OPASessionObj, imageScanData []cautils.ImageScanData) {
 	var err error
+
 	if opaSessionObj != nil {
-		err = printConfigurationsScanning(opaSessionObj, ctx, jp)
+		err = printConfigurationsScanning(opaSessionObj, ctx, imageScanData, jp)
 	} else if imageScanData != nil {
 		err = jp.PrintImageScan(ctx, imageScanData[0].PresenterConfig)
 	} else {
@@ -73,16 +107,67 @@ func (jp *JsonPrinter) ActionPrint(ctx context.Context, opaSessionObj *cautils.O
 	printer.LogOutputFile(jp.writer.Name())
 }
 
-func printConfigurationsScanning(opaSessionObj *cautils.OPASessionObj, ctx context.Context, jp *JsonPrinter) error {
-	r, err := json.Marshal(FinalizeResults(opaSessionObj))
-	if err != nil {
-		return err
+func printConfigurationsScanning(opaSessionObj *cautils.OPASessionObj, ctx context.Context, imageScanData []cautils.ImageScanData, jp *JsonPrinter) error {
+
+	if imageScanData != nil {
+		imageScanSummary, err := jp.convertToImageScanSummary(imageScanData)
+		if err != nil {
+			logger.L().Error("failed to convert to image scan summary", helpers.Error(err))
+			return err
+		}
+		opaSessionObj.Report.SummaryDetails.Vulnerabilities.MapsSeverityToSummary = convertToReportSummary(imageScanSummary.MapsSeverityToSummary)
+		opaSessionObj.Report.SummaryDetails.Vulnerabilities.CVESummary = convertToCVESummary(imageScanSummary.CVEs)
+		opaSessionObj.Report.SummaryDetails.Vulnerabilities.PackageScores = convertToPackageScores(imageScanSummary.PackageScores)
+		opaSessionObj.Report.SummaryDetails.Vulnerabilities.Images = imageScanSummary.Images
 	}
 
+	r, err := json.Marshal(FinalizeResults(opaSessionObj))
 	_, err = jp.writer.Write(r)
+
 	return err
 }
 
+func convertToPackageScores(packageScores map[string]*imageprinter.PackageScore) map[string]*reportsummary.PackageSummary {
+	convertedPackageScores := make(map[string]*reportsummary.PackageSummary)
+	for pkg, score := range packageScores {
+		convertedPackageScores[pkg] = &reportsummary.PackageSummary{
+			Name:                    score.Name,
+			Version:                 score.Version,
+			Score:                   score.Score,
+			MapSeverityToCVEsNumber: score.MapSeverityToCVEsNumber,
+		}
+	}
+	return convertedPackageScores
+}
+
+func convertToCVESummary(cves []imageprinter.CVE) []reportsummary.CVESummary {
+	cveSummary := make([]reportsummary.CVESummary, len(cves))
+	i := 0
+	for _, cve := range cves {
+		var a reportsummary.CVESummary
+		a.Severity = cve.Severity
+		a.ID = cve.ID
+		a.Package = cve.Package
+		a.Version = cve.Version
+		a.FixVersions = cve.FixVersions
+		a.FixedState = cve.FixedState
+		cveSummary[i] = a
+		i++
+	}
+	return cveSummary
+}
+
+func convertToReportSummary(input map[string]*imageprinter.SeveritySummary) map[string]*reportsummary.SeveritySummary {
+	output := make(map[string]*reportsummary.SeveritySummary)
+	for key, value := range input {
+		output[key] = &reportsummary.SeveritySummary{
+			NumberOfCVEs:        value.NumberOfCVEs,
+			NumberOfFixableCVEs: value.NumberOfFixableCVEs,
+		}
+	}
+	return output
+}
+
 func (jp *JsonPrinter) PrintImageScan(ctx context.Context, scanResults *models.PresenterConfig) error {
 	if scanResults == nil {
 		return fmt.Errorf("no image vulnerability data provided")

core/pkg/resultshandling/printer/v2/jsonprinter_test.go

@@ -5,6 +5,8 @@ import (
 	"os"
 	"testing"
 
+	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/imageprinter"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -83,3 +85,110 @@ func TestScore_Json(t *testing.T) {
 		})
 	}
 }
+func TestConvertToCVESummary(t *testing.T) {
+	cves := []imageprinter.CVE{
+		{
+			Severity:    "High",
+			ID:          "CVE-2021-1234",
+			Package:     "example-package",
+			Version:     "1.0.0",
+			FixVersions: []string{"1.0.1", "1.0.2"},
+			FixedState:  "true",
+		},
+		{
+			Severity:    "Medium",
+			ID:          "CVE-2021-5678",
+			Package:     "another-package",
+			Version:     "2.0.0",
+			FixVersions: []string{"2.0.1"},
+			FixedState:  "false",
+		},
+	}
+
+	want := []reportsummary.CVESummary{
+		{
+			Severity:    "High",
+			ID:          "CVE-2021-1234",
+			Package:     "example-package",
+			Version:     "1.0.0",
+			FixVersions: []string{"1.0.1", "1.0.2"},
+			FixedState:  "true",
+		},
+		{
+			Severity:    "Medium",
+			ID:          "CVE-2021-5678",
+			Package:     "another-package",
+			Version:     "2.0.0",
+			FixVersions: []string{"2.0.1"},
+			FixedState:  "false",
+		},
+	}
+
+	got := convertToCVESummary(cves)
+
+	assert.Equal(t, want, got)
+}
+
+func TestConvertToPackageScores(t *testing.T) {
+	packageScores := map[string]*imageprinter.PackageScore{
+		"example-package": {
+			Name:                    "example-package",
+			Version:                 "1.0.0",
+			Score:                   80.0,
+			MapSeverityToCVEsNumber: map[string]int{"High": 2, "Medium": 1},
+		},
+		"another-package": {
+			Name:                    "another-package",
+			Version:                 "2.0.0",
+			Score:                   60.0,
+			MapSeverityToCVEsNumber: map[string]int{"High": 1, "Medium": 0},
+		},
+	}
+
+	want := map[string]*reportsummary.PackageSummary{
+		"example-package": {
+			Name:                    "example-package",
+			Version:                 "1.0.0",
+			Score:                   80.0,
+			MapSeverityToCVEsNumber: map[string]int{"High": 2, "Medium": 1},
+		},
+		"another-package": {
+			Name:                    "another-package",
+			Version:                 "2.0.0",
+			Score:                   60.0,
+			MapSeverityToCVEsNumber: map[string]int{"High": 1, "Medium": 0},
+		},
+	}
+
+	got := convertToPackageScores(packageScores)
+
+	assert.Equal(t, want, got)
+}
+
+func TestConvertToReportSummary(t *testing.T) {
+	input := map[string]*imageprinter.SeveritySummary{
+		"High": &imageprinter.SeveritySummary{
+			NumberOfCVEs:        10,
+			NumberOfFixableCVEs: 5,
+		},
+		"Medium": &imageprinter.SeveritySummary{
+			NumberOfCVEs:        5,
+			NumberOfFixableCVEs: 2,
+		},
+	}
+
+	want := map[string]*reportsummary.SeveritySummary{
+		"High": &reportsummary.SeveritySummary{
+			NumberOfCVEs:        10,
+			NumberOfFixableCVEs: 5,
+		},
+		"Medium": &reportsummary.SeveritySummary{
+			NumberOfCVEs:        5,
+			NumberOfFixableCVEs: 2,
+		},
+	}
+
+	got := convertToReportSummary(input)
+
+	assert.Equal(t, want, got)
+}

core/pkg/resultshandling/printer/v2/pdf.go

@@ -14,6 +14,7 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
+	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 
 	"github.com/johnfercher/maroto/pkg/color"
@@ -168,7 +169,7 @@ func (pp *PdfPrinter) printHeader(m pdf.Maroto) {
 // printFramework prints the PDF frameworks after the PDF header
 func (pp *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsummary.IFrameworkSummary) {
 	m.Row(10, func() {
-		m.Text(frameworksScoresToString(frameworks), props.Text{
+		m.Text(utils.FrameworksScoresToString(frameworks), props.Text{
 			Align:  consts.Center,
 			Size:   8,
 			Family: consts.Arial,

core/pkg/resultshandling/printer/v2/prettyprinter.go

@@ -7,6 +7,7 @@ import (
 	"sort"
 	"strings"
 
+	"github.com/anchore/clio"
 	"github.com/anchore/grype/grype/presenter/models"
 	"github.com/enescakir/emoji"
 	"github.com/jwalton/gchalk"
@@ -32,15 +33,15 @@ const (
 var _ printer.IPrinter = &PrettyPrinter{}
 
 type PrettyPrinter struct {
+	mainPrinter     prettyprinter.MainPrinter
 	writer          *os.File
 	formatVersion   string
 	viewType        cautils.ViewTypes
+	scanType        cautils.ScanTypes
+	clusterName     string
+	inputPatterns   []string
 	verboseMode     bool
 	printAttackTree bool
-	scanType        cautils.ScanTypes
-	inputPatterns   []string
-	mainPrinter     prettyprinter.MainPrinter
-	clusterName     string
 }
 
 func NewPrettyPrinter(verboseMode bool, formatVersion string, attackTree bool, viewType cautils.ViewTypes, scanType cautils.ScanTypes, inputPatterns []string, clusterName string) *PrettyPrinter {
@@ -90,7 +91,7 @@ func (pp *PrettyPrinter) convertToImageScanSummary(imageScanData []cautils.Image
 		}
 
 		presenterConfig := imageScanData[i].PresenterConfig
-		doc, err := models.NewDocument(presenterConfig.Packages, presenterConfig.Context, presenterConfig.Matches, presenterConfig.IgnoredMatches, presenterConfig.MetadataProvider, nil, presenterConfig.DBStatus)
+		doc, err := models.NewDocument(clio.Identification{}, presenterConfig.Packages, presenterConfig.Context, presenterConfig.Matches, presenterConfig.IgnoredMatches, presenterConfig.MetadataProvider, nil, presenterConfig.DBStatus)
 		if err != nil {
 			logger.L().Error(fmt.Sprintf("failed to create document for image: %v", imageScanData[i].Image), helpers.Error(err))
 			continue
@@ -165,9 +166,11 @@ func (pp *PrettyPrinter) printOverview(opaSessionObj *cautils.OPASessionObj, pri
 }
 
 func (pp *PrettyPrinter) printHeader(opaSessionObj *cautils.OPASessionObj) {
-	if pp.scanType == cautils.ScanTypeCluster || pp.scanType == cautils.ScanTypeRepo {
-		cautils.InfoDisplay(pp.writer, fmt.Sprintf("\nKubescape security posture overview for cluster: %s\n\n", pp.clusterName))
+	if pp.scanType == cautils.ScanTypeCluster {
+		cautils.InfoDisplay(pp.writer, fmt.Sprintf("\nSecurity posture overview for cluster: '%s'\n\n", pp.clusterName))
 		cautils.SimpleDisplay(pp.writer, "In this overview, Kubescape shows you a summary of your cluster security posture, including the number of users who can perform administrative actions. For each result greater than 0, you should evaluate its need, and then define an exception to allow it. This baseline can be used to detect drift in future.\n\n")
+	} else if pp.scanType == cautils.ScanTypeRepo {
+		cautils.InfoDisplay(pp.writer, fmt.Sprintf("\nSecurity posture overview for repo: '%s'\n\n", strings.Join(pp.inputPatterns, ", ")))
 	} else if pp.scanType == cautils.ScanTypeWorkload {
 		cautils.InfoDisplay(pp.writer, "Workload security posture overview for:\n")
 		ns := opaSessionObj.SingleResourceScan.GetNamespace()
@@ -321,23 +324,6 @@ func generateRelatedObjectsStr(workload WorkloadSummary) string {
 	return relatedStr
 }
 
-func frameworksScoresToString(frameworks []reportsummary.IFrameworkSummary) string {
-	if len(frameworks) == 1 {
-		if frameworks[0].GetName() != "" {
-			return fmt.Sprintf("Framework scanned: %s\n", frameworks[0].GetName())
-		}
-	} else if len(frameworks) > 1 {
-		p := "Frameworks scanned: "
-		i := 0
-		for ; i < len(frameworks)-1; i++ {
-			p += fmt.Sprintf("%s (compliance score: %.2f%%), ", frameworks[i].GetName(), frameworks[i].GetComplianceScore())
-		}
-		p += fmt.Sprintf("%s (compliance score: %.2f%%)\n", frameworks[i].GetName(), frameworks[i].GetComplianceScore())
-		return p
-	}
-	return ""
-}
-
 func getSeparator(sep string) string {
 	s := ""
 	for i := 0; i < 80; i++ {

core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter/reposcan.go

@@ -32,6 +32,7 @@ func (rp *RepoPrinter) PrintCategoriesTables(writer io.Writer, summaryDetails *r
 
 	categoriesToCategoryControls := mapCategoryToSummary(summaryDetails.ListControls(), mapRepoControlsToCategories)
 
+	tableRended := false
 	for _, id := range repoCategoriesDisplayOrder {
 		categoryControl, ok := categoriesToCategoryControls[id]
 		if !ok {
@@ -42,12 +43,16 @@ func (rp *RepoPrinter) PrintCategoriesTables(writer io.Writer, summaryDetails *r
 			continue
 		}
 
-		rp.renderSingleCategoryTable(categoryControl.CategoryName, mapCategoryToType[id], writer, categoryControl.controlSummaries, utils.MapInfoToPrintInfoFromIface(categoryControl.controlSummaries))
+		tableRended = tableRended || rp.renderSingleCategoryTable(categoryControl.CategoryName, mapCategoryToType[id], writer, categoryControl.controlSummaries, utils.MapInfoToPrintInfoFromIface(categoryControl.controlSummaries))
+	}
+
+	if !tableRended {
+		fmt.Fprintln(writer, gchalk.WithGreen().Bold("All controls passed. No issues found"))
 	}
 
 }
 
-func (rp *RepoPrinter) renderSingleCategoryTable(categoryName string, categoryType CategoryType, writer io.Writer, controlSummaries []reportsummary.IControlSummary, infoToPrintInfo []utils.InfoStars) {
+func (rp *RepoPrinter) renderSingleCategoryTable(categoryName string, categoryType CategoryType, writer io.Writer, controlSummaries []reportsummary.IControlSummary, infoToPrintInfo []utils.InfoStars) bool {
 	sortControlSummaries(controlSummaries)
 
 	headers, columnAligments := initCategoryTableData(categoryType)
@@ -72,10 +77,11 @@ func (rp *RepoPrinter) renderSingleCategoryTable(categoryName string, categoryTy
 	}
 
 	if len(rows) == 0 {
-		return
+		return false
 	}
 
 	renderSingleCategory(writer, categoryName, table, rows, infoToPrintInfo)
+	return true
 }
 
 func (rp *RepoPrinter) generateCountingCategoryRow(controlSummary reportsummary.IControlSummary, inputPatterns []string) []string {

core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils/utils.go

@@ -97,9 +97,9 @@ func FrameworksScoresToString(frameworks []reportsummary.IFrameworkSummary) stri
 		p := "Frameworks scanned: "
 		i := 0
 		for ; i < len(frameworks)-1; i++ {
-			p += fmt.Sprintf("%s (compliance score: %.2f%%), ", frameworks[i].GetName(), frameworks[i].GetComplianceScore())
+			p += fmt.Sprintf("%s (compliance score: %.2f), ", frameworks[i].GetName(), frameworks[i].GetComplianceScore())
 		}
-		p += fmt.Sprintf("%s (compliance score: %.2f%%)\n", frameworks[i].GetName(), frameworks[i].GetComplianceScore())
+		p += fmt.Sprintf("%s (compliance score: %.2f)\n", frameworks[i].GetName(), frameworks[i].GetComplianceScore())
 		return p
 	}
 	return ""

core/pkg/resultshandling/printer/v2/resourcetable.go

@@ -160,14 +160,18 @@ func failedPathsToString(control *resourcesresults.ResourceAssociatedControl) []
 	return paths
 }
 
-func fixPathsToString(control *resourcesresults.ResourceAssociatedControl) []string {
+func fixPathsToString(control *resourcesresults.ResourceAssociatedControl, onlyPath bool) []string {
 	var paths []string
 
 	for j := range control.ResourceAssociatedRules {
 		for k := range control.ResourceAssociatedRules[j].Paths {
 			if p := control.ResourceAssociatedRules[j].Paths[k].FixPath.Path; p != "" {
-				v := control.ResourceAssociatedRules[j].Paths[k].FixPath.Value
-				paths = append(paths, fmt.Sprintf("%s=%s", p, v))
+				if onlyPath {
+					paths = append(paths, p)
+				} else {
+					v := control.ResourceAssociatedRules[j].Paths[k].FixPath.Value
+					paths = append(paths, fmt.Sprintf("%s=%s", p, v))
+				}
 			}
 		}
 	}
@@ -201,7 +205,7 @@ func reviewPathsToString(control *resourcesresults.ResourceAssociatedControl) []
 }
 
 func AssistedRemediationPathsToString(control *resourcesresults.ResourceAssociatedControl) []string {
-	paths := append(fixPathsToString(control), append(deletePathsToString(control), reviewPathsToString(control)...)...)
+	paths := append(fixPathsToString(control, false), append(deletePathsToString(control), reviewPathsToString(control)...)...)
 	// TODO - deprecate failedPaths once all controls support review/delete paths
 	paths = appendFailedPathsIfNotInPaths(paths, failedPathsToString(control))
 	return paths

core/pkg/resultshandling/printer/v2/resourcetable_test.go

@@ -254,16 +254,16 @@ func TestFixPathsToString(t *testing.T) {
 	}
 
 	// Test case 1: Empty ResourceAssociatedRules
-	actualPaths := fixPathsToString(emptyControl)
+	actualPaths := fixPathsToString(emptyControl, false)
 	assert.Nil(t, actualPaths)
 
 	// Test case 2: Single ResourceAssociatedRule and one ReviewPath
-	actualPaths = fixPathsToString(singleRuleControl)
+	actualPaths = fixPathsToString(singleRuleControl, false)
 	expectedPath := []string{"fix-path1=fix-path-value1"}
 	assert.Equal(t, expectedPath, actualPaths)
 
 	// Test case 3: Multiple ResourceAssociatedRules and multiple ReviewPaths
-	actualPaths = fixPathsToString(multipleRulesControl)
+	actualPaths = fixPathsToString(multipleRulesControl, false)
 	expectedPath = []string{"fix-path2=fix-path-value2", "fix-path3=fix-path-value3"}
 	assert.Equal(t, expectedPath, actualPaths)
 }

core/pkg/resultshandling/printer/v2/sarifprinter.go

@@ -187,8 +187,10 @@ func (sp *SARIFPrinter) printConfigurationScan(ctx context.Context, opaSessionOb
 	run := sarif.NewRunWithInformationURI(toolName, toolInfoURI)
 	basePath := getBasePathFromMetadata(*opaSessionObj)
 
-	for resourceID, result := range opaSessionObj.ResourcesResult {
+	for resourceID, result := range opaSessionObj.ResourcesResult { //
 		if result.GetStatus(nil).IsFailed() {
+			helmChartFileType := false
+			var mappingnodes []map[string]cautils.MappingNode
 			resourceSource := opaSessionObj.ResourceSource[resourceID]
 			filepath := resourceSource.RelativePath
 
@@ -197,9 +199,15 @@ func (sp *SARIFPrinter) printConfigurationScan(ctx context.Context, opaSessionOb
 				continue
 			}
 
+			// If the fileType is helm chart
+			if templateNodes, ok := opaSessionObj.TemplateMapping[resourceID]; ok {
+				mappingnodes = templateNodes.Nodes
+				helmChartFileType = true
+			}
+
 			rsrcAbsPath := path.Join(basePath, filepath)
-			locationResolver, err := locationresolver.NewFixPathLocationResolver(rsrcAbsPath)
-			if err != nil {
+			locationResolver, err := locationresolver.NewFixPathLocationResolver(rsrcAbsPath) //
+			if err != nil && !helmChartFileType {
 				logger.L().Debug("failed to create location resolver", helpers.Error(err))
 				continue
 			}
@@ -208,12 +216,24 @@ func (sp *SARIFPrinter) printConfigurationScan(ctx context.Context, opaSessionOb
 				ac := toPin
 
 				if ac.GetStatus(nil).IsFailed() {
-					ctl := opaSessionObj.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, ac.GetID())
-					location := sp.resolveFixLocation(opaSessionObj, locationResolver, &ac, resourceID)
+					var location locationresolver.Location
+
+					ctl := opaSessionObj.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, ac.GetID())
+					if helmChartFileType {
+						for _, subfileNodes := range mappingnodes {
+							// first get the failed path, then if cannot find it, use the Fix path, cui it to find the closest error.
+							location, split := resolveFixLocation(subfileNodes, &ac)
+							sp.addRule(run, ctl)
+							result := sp.addResult(run, ctl, filepath, location)
+							collectFixesFromMappingNodes(ctx, result, ac, opaSessionObj, resourceID, filepath, rsrcAbsPath, location, subfileNodes, split)
+						}
+					} else {
+						location = sp.resolveFixLocation(opaSessionObj, locationResolver, &ac, resourceID)
+						sp.addRule(run, ctl)
+						result := sp.addResult(run, ctl, filepath, location)
+						collectFixes(ctx, result, ac, opaSessionObj, resourceID, filepath, rsrcAbsPath)
+					}
 
-					sp.addRule(run, ctl)
-					result := sp.addResult(run, ctl, filepath, location)
-					collectFixes(ctx, result, ac, opaSessionObj, resourceID, filepath)
 				}
 			}
 		}
@@ -257,6 +277,56 @@ func (sp *SARIFPrinter) resolveFixLocation(opaSessionObj *cautils.OPASessionObj,
 	return location
 }
 
+func getFixPath(ac *resourcesresults.ResourceAssociatedControl, onlyPath bool) string {
+	fixPaths := failedPathsToString(ac)
+	if len(fixPaths) == 0 {
+		fixPaths = fixPathsToString(ac, onlyPath)
+	}
+	var fixPath string
+	if len(fixPaths) > 0 {
+		fixPath = fixPaths[0]
+	}
+	return fixPath
+}
+
+func resolveFixLocation(mappingnodes map[string]cautils.MappingNode, ac *resourcesresults.ResourceAssociatedControl) (locationresolver.Location, int) {
+	defaultLocation := locationresolver.Location{Line: 1, Column: 1}
+	fixPath := getFixPath(ac, true)
+	if fixPath == "" {
+		return defaultLocation, -1
+	}
+	location, split := getLocationFromMappingNodes(mappingnodes, fixPath)
+	return location, split
+}
+
+func getLocationFromNode(node cautils.MappingNode, path string) locationresolver.Location {
+	line := node.TemplateLineNumber
+	column := (len(strings.Split(path, "."))-1)*2 + 1 //column begins with 1 instead of 0
+	return locationresolver.Location{Line: line, Column: column}
+}
+
+func getLocationFromMappingNodes(mappingnodes map[string]cautils.MappingNode, fixPath string) (locationresolver.Location, int) {
+	var location locationresolver.Location
+	// If cannot match any node, return default location
+	location = locationresolver.Location{Line: 1, Column: 1}
+	split := -1
+	if node, ok := mappingnodes[fixPath]; ok {
+		location = getLocationFromNode(node, fixPath)
+	} else {
+		fields := strings.Split(fixPath, ".")
+		for i := len(fields) - 1; i >= 0; i-- {
+			field := fields[:i]
+			closestPath := strings.Join(field, ".")
+			if node, ok := mappingnodes[closestPath]; ok {
+				location = getLocationFromNode(node, closestPath)
+				split = i
+				break
+			}
+		}
+	}
+	return location, split
+}
+
 func addFix(result *sarif.Result, filepath string, startLine, startColumn, endLine, endColumn int, text string) {
 	// Create a new replacement with the specified start and end lines and columns, and the inserted text.
 	replacement := sarif.NewReplacement(
@@ -337,33 +407,37 @@ func collectDiffs(dmp *diffmatchpatch.DiffMatchPatch, diffs []diffmatchpatch.Dif
 	}
 }
 
-func collectFixes(ctx context.Context, result *sarif.Result, ac resourcesresults.ResourceAssociatedControl, opaSessionObj *cautils.OPASessionObj, resourceID string, filepath string) {
+func collectFixes(ctx context.Context, result *sarif.Result, ac resourcesresults.ResourceAssociatedControl, opaSessionObj *cautils.OPASessionObj, resourceID string, filepath string, rsrcAbsPath string) {
 	for _, rule := range ac.ResourceAssociatedRules {
 		if !rule.GetStatus(nil).IsFailed() {
 			continue
 		}
 
 		for _, rulePaths := range rule.Paths {
-			if rulePaths.FixPath.Path == "" {
-				continue
-			}
-			// if strings.HasPrefix(rulePaths.FixPath.Value, fixhandler.UserValuePrefix) {
-			// 	continue
-			// }
-
-			documentIndex, ok := getDocIndex(opaSessionObj, resourceID)
-			if !ok {
+			fixPath := rulePaths.FixPath.Path
+			if fixPath == "" {
 				continue
 			}
 
-			yamlExpression := fixhandler.FixPathToValidYamlExpression(rulePaths.FixPath.Path, rulePaths.FixPath.Value, documentIndex)
-			fileAsString, err := fixhandler.GetFileString(filepath)
+			fileAsString, err := fixhandler.GetFileString(rsrcAbsPath)
 			if err != nil {
 				logger.L().Debug("failed to access "+filepath, helpers.Error(err))
 				continue
 			}
 
-			fixedYamlString, err := fixhandler.ApplyFixToContent(ctx, fileAsString, yamlExpression)
+			var fixedYamlString string
+
+			// if strings.HasPrefix(rulePaths.FixPath.Value, fixhandler.UserValuePrefix) {
+			// 	continue
+			// }
+			documentIndex, ok := getDocIndex(opaSessionObj, resourceID)
+			if !ok {
+				continue
+			}
+
+			yamlExpression := fixhandler.FixPathToValidYamlExpression(fixPath, rulePaths.FixPath.Value, documentIndex)
+
+			fixedYamlString, err = fixhandler.ApplyFixToContent(ctx, fileAsString, yamlExpression)
 			if err != nil {
 				logger.L().Debug("failed to fix "+filepath+" with "+yamlExpression, helpers.Error(err))
 				continue
@@ -376,6 +450,98 @@ func collectFixes(ctx context.Context, result *sarif.Result, ac resourcesresults
 	}
 }
 
+func collectFixesFromMappingNodes(ctx context.Context, result *sarif.Result, ac resourcesresults.ResourceAssociatedControl, opaSessionObj *cautils.OPASessionObj, resourceID string, filepath string, rsrcAbsPath string, location locationresolver.Location, subFileNodes map[string]cautils.MappingNode, split int) {
+	for _, rule := range ac.ResourceAssociatedRules {
+		if !rule.GetStatus(nil).IsFailed() {
+			continue
+		}
+
+		for _, rulePaths := range rule.Paths {
+			fixPath := rulePaths.FixPath.Path
+			if fixPath == "" {
+				continue
+			}
+
+			fileAsString, err := fixhandler.GetFileString(rsrcAbsPath)
+			if err != nil {
+				logger.L().Debug("failed to access "+filepath, helpers.Error(err))
+				continue
+			}
+
+			var fixedYamlString string
+			fixValue := rulePaths.FixPath.Value
+			if split == -1 { //replaceNode
+				node := subFileNodes[fixPath]
+				fixedYamlString = formReplaceFixedYamlString(node, fileAsString, location, fixValue, fixPath)
+			} else { //insertNode
+				maxLineNumber := getTheLocationOfAddPart(split, fixPath, subFileNodes)
+				fixedYamlString = applyFixToContent(split, fixPath, fileAsString, maxLineNumber, fixValue)
+			}
+
+			dmp := diffmatchpatch.New()
+			diffs := dmp.DiffMain(fileAsString, fixedYamlString, false)
+			collectDiffs(dmp, diffs, result, filepath, fileAsString)
+		}
+	}
+}
+
+func applyFixToContent(split int, fixPath string, fileAsString string, addLine int, value string) string {
+	addLines := make([]string, 0)
+	fields := strings.Split(fixPath, ".")
+	for i := split; i < len(fields); i++ {
+		field := fields[i]
+		var addedLine string
+		if i != len(fields)-1 {
+			addedLine = strings.Repeat(" ", (i*2)) + field + ":"
+		} else {
+			addedLine = strings.Repeat(" ", (i*2)) + field + ": " + value
+		}
+		addLines = append(addLines, addedLine)
+	}
+	fixedYamlString := formAddFixedYamlString(fileAsString, addLine, addLines)
+
+	return fixedYamlString
+}
+
+func formReplaceFixedYamlString(node cautils.MappingNode, fileAsString string, location locationresolver.Location, fixValue string, fixPath string) string {
+	replcaedValue := node.Value
+	yamlLines := strings.Split(fileAsString, "\n")
+	if replcaedValue == "" {
+		yamlLines[location.Line] = yamlLines[location.Line] + " # This is the suggested modification, the value for " + fixPath + " is " + fixValue + "\n"
+	} else {
+		replacedLine := "# This is the suggested modification\n" + yamlLines[location.Line]
+		newLine := strings.Replace(replacedLine, replcaedValue, fixValue, -1)
+		yamlLines[location.Line] = newLine
+	}
+	fixedYamlString := strings.Join(yamlLines, "\n")
+	return fixedYamlString
+}
+
+func formAddFixedYamlString(fileAsString string, addLine int, addLines []string) string {
+	yamlLines := strings.Split(fileAsString, "\n")
+	newYamlLines := append(yamlLines[:addLine], "# This is the suggested modification")
+	newYamlLines = append(newYamlLines, addLines...)
+	yamlLines = strings.Split(fileAsString, "\n")
+	newYamlLines = append(newYamlLines, yamlLines[addLine:]...)
+	fixedYamlString := strings.Join(newYamlLines, "\n")
+	return fixedYamlString
+}
+
+func getTheLocationOfAddPart(split int, fixPath string, mappingnodes map[string]cautils.MappingNode) int {
+	fields := strings.Split(fixPath, ".")
+	field := fields[:split]
+	closestPath := strings.Join(field, ".")
+	maxLineNumber := -1
+	for k, v := range mappingnodes {
+		if strings.Index(k, closestPath) == 0 {
+			if v.TemplateLineNumber > maxLineNumber {
+				maxLineNumber = v.TemplateLineNumber
+			}
+		}
+	}
+	return maxLineNumber
+}
+
 func getDocIndex(opaSessionObj *cautils.OPASessionObj, resourceID string) (int, bool) {
 	resource := opaSessionObj.AllResources[resourceID]
 	localworkload, ok := resource.(*localworkload.LocalWorkload)

core/pkg/resultshandling/results.go

@@ -128,7 +128,7 @@ func NewPrinter(ctx context.Context, printFormat string, scanInfo *cautils.ScanI
 		if printFormat != printer.PrettyFormat {
 			logger.L().Ctx(ctx).Warning(fmt.Sprintf("Invalid format \"%s\", default format \"pretty-printer\" is applied", printFormat))
 		}
-		return printerv2.NewPrettyPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View), scanInfo.ScanType, nil, clusterName)
+		return printerv2.NewPrettyPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View), scanInfo.ScanType, scanInfo.InputPatterns, clusterName)
 	}
 }
 

examples/helm_chart_mapping_node/Chart.yaml

@@ -0,0 +1,29 @@
+apiVersion: v2
+name: kubescape
+description:
+  Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks
+  regulatory, customized company policies and DevSecOps best practices, such as the  [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo) and the [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) .
+  Kubescape scans K8s clusters, YAML files, and HELM charts, and detect misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline and provides a risk score instantly and risk trends over time.
+  Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI and Github workflows.
+
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "v1.0.128"

examples/helm_chart_mapping_node/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "kubescape.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "kubescape.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "kubescape.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "kubescape.labels" -}}
+helm.sh/chart: {{ include "kubescape.chart" . }}
+{{ include "kubescape.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "kubescape.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "kubescape.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "kubescape.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "kubescape.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}

examples/helm_chart_mapping_node/templates/clusterrole.yaml

@@ -0,0 +1,10 @@
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "kubescape.fullname" . }}
+  labels:
+    {{- include "kubescape.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["get", "list", "describe"]
+

examples/helm_chart_mapping_node/templates/clusterrolebinding.yaml

@@ -0,0 +1,15 @@
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "kubescape.fullname" . }}
+  labels:
+    {{- include "kubescape.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubescape.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kubescape.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace | quote }}
+
+

examples/helm_chart_mapping_node/templates/configmap.yaml

@@ -0,0 +1,14 @@
+{{- if .Values.configMap.create -}}
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: {{ include "kubescape.fullname" . }}-configmap
+  labels:
+    {{- include "kubescape.labels" . | nindent 4 }}
+data:
+  config.json: |
+    {
+      "customerGUID": "{{ .Values.configMap.params.customerGUID }}",
+      "clusterName": "{{ .Values.configMap.params.clusterName }}"
+    }
+{{- end }}

examples/helm_chart_mapping_node/templates/cronjob.yaml

@@ -0,0 +1,28 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: {{ include "kubescape.fullname" . }}
+  labels:
+    {{- include "kubescape.labels" . | nindent 4 }}
+spec:
+  schedule: "{{ .Values.schedule }}"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: {{ .Chart.Name }}
+            image: "{{ .Values.image.repository }}/{{ .Values.image.imageName }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+            imagePullPolicy: {{ .Values.image.pullPolicy }}
+            command: ["/bin/sh", "-c"]
+            args: ["kubescape scan framework nsa --submit"]
+            volumeMounts:
+            - name: kubescape-config-volume
+              mountPath: /root/.kubescape/config.json
+              subPath: config.json
+          restartPolicy: OnFailure
+          serviceAccountName: {{ include "kubescape.serviceAccountName" . }}
+          volumes:
+          - name: kubescape-config-volume
+            configMap:
+              name: {{ include "kubescape.fullname" . }}-configmap

examples/helm_chart_mapping_node/templates/role.yaml

@@ -0,0 +1,11 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "kubescape.fullname" . }}
+  labels:
+    {{- include "kubescape.labels" . | nindent 4 }}
+rules:
+  - apiGroups: ["*"]
+    resources: ["*"]
+    verbs: ["get", "list", "describe"]
+

examples/helm_chart_mapping_node/templates/rolebinding.yaml

@@ -0,0 +1,16 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "kubescape.fullname" . }}
+  labels:
+    {{- include "kubescape.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "kubescape.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "kubescape.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace | quote }}
+
+

examples/helm_chart_mapping_node/templates/serviceaccount.yaml

@@ -0,0 +1,21 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kubescape.serviceAccountName" . }}
+  labels:
+    {{- include "kubescape.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "kubescape.serviceAccountName" . }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}

examples/helm_chart_mapping_node/values.yaml

@@ -0,0 +1,74 @@
+# Default values for kubescape.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+# -- Frequency of running the scan
+#       ┌────────────── timezone (optional)
+#       |  ┌───────────── minute (0 - 59)
+#       |  │ ┌───────────── hour (0 - 23)
+#       |  │ │ ┌───────────── day of the month (1 - 31)
+#       |  │ │ │ ┌───────────── month (1 - 12)
+#       |  │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
+#       |  │ │ │ │ │                         7 is also Sunday on some systems)
+#       |  │ │ │ │ │
+#       |  │ │ │ │ │
+#      UTC * * * * *
+schedule: "* * 1 * *"
+
+# -- Image and version to deploy
+image:
+  repository: quay.io/armosec
+  imageName: kubescape
+  pullPolicy: Always
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: latest
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+# -- Service account that runs the scan and has permissions to view the cluster
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: "kubescape-discovery"
+
+# -- ARMO customer information
+configMap:
+  create: false
+  params:
+    customerGUID: <MyGUID>
+    clusterName: <MyK8sClusterName>
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+# -- Default resources for running the service in cluster
+resources:
+  limits:
+    cpu: 500m
+    memory: 512Mi
+  requests:
+    cpu: 200m
+    memory: 256Mi
+
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}

go.mod

@@ -1,104 +1,108 @@
 module github.com/kubescape/kubescape/v3
 
-go 1.21
+go 1.21.1
+
+toolchain go1.21.6
 
 require (
 	github.com/adrg/xdg v0.4.0
-	github.com/anchore/grype v0.65.0
-	github.com/anchore/stereoscope v0.0.0-20230727211946-d1f3d766295e
-	github.com/anchore/syft v0.86.1
-	github.com/armosec/armoapi-go v0.0.256
-	github.com/armosec/utils-go v0.0.40
-	github.com/armosec/utils-k8s-go v0.0.23
+	github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc
+	github.com/anchore/grype v0.74.2
+	github.com/anchore/stereoscope v0.0.1
+	github.com/anchore/syft v0.101.1
+	github.com/armosec/armoapi-go v0.0.330
+	github.com/armosec/utils-go v0.0.57
+	github.com/armosec/utils-k8s-go v0.0.26
 	github.com/briandowns/spinner v1.23.0
 	github.com/chainguard-dev/git-urls v1.0.2
 	github.com/distribution/distribution v2.8.3+incompatible
-	github.com/docker/distribution v2.8.2+incompatible
+	github.com/docker/distribution v2.8.3+incompatible
 	github.com/enescakir/emoji v1.0.0
 	github.com/francoispqt/gojay v1.2.13
 	github.com/go-git/go-git/v5 v5.11.0
-	github.com/google/go-containerregistry v0.16.1
-	github.com/google/uuid v1.3.1
+	github.com/google/go-containerregistry v0.19.0
+	github.com/google/uuid v1.6.0
 	github.com/johnfercher/maroto v1.0.0
 	github.com/json-iterator/go v1.1.12
 	github.com/jwalton/gchalk v1.3.0
-	github.com/kubescape/backend v0.0.17
-	github.com/kubescape/go-git-url v0.0.27
+	github.com/kubescape/backend v0.0.18
+	github.com/kubescape/go-git-url v0.0.28
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.156
-	github.com/kubescape/opa-utils v0.0.273
+	github.com/kubescape/k8s-interface v0.0.161
+	github.com/kubescape/opa-utils v0.0.278
 	github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520
-	github.com/kubescape/regolibrary v1.0.300
-	github.com/libgit2/git2go/v33 v33.0.9
+	github.com/kubescape/regolibrary v1.0.315
 	github.com/maruel/natural v1.1.1
 	github.com/matthyx/go-gitlog v0.0.0-20231005131906-9ffabe3c5bcd
-	github.com/mattn/go-isatty v0.0.19
+	github.com/mattn/go-isatty v0.0.20
 	github.com/mikefarah/yq/v4 v4.29.1
 	github.com/olekukonko/tablewriter v0.0.6-0.20230417144759-edd1a71a5576
-	github.com/open-policy-agent/opa v0.55.0
+	github.com/open-policy-agent/opa v0.61.0
 	github.com/owenrumney/go-sarif/v2 v2.2.0
 	github.com/project-copacetic/copacetic v0.0.0-00010101000000-000000000000
 	github.com/schollz/progressbar/v3 v3.13.0
 	github.com/sergi/go-diff v1.3.1
-	github.com/sigstore/cosign/v2 v2.1.1
+	github.com/sigstore/cosign/v2 v2.2.3
 	github.com/sirupsen/logrus v1.9.3
-	github.com/spf13/cobra v1.7.0
+	github.com/spf13/cobra v1.8.0
 	github.com/stretchr/testify v1.8.4
-	go.opentelemetry.io/otel v1.18.0
-	go.opentelemetry.io/otel/metric v1.18.0
-	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b
-	golang.org/x/mod v0.12.0
-	golang.org/x/term v0.15.0
+	go.opentelemetry.io/otel v1.22.0
+	go.opentelemetry.io/otel/metric v1.22.0
+	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/mod v0.15.0
+	golang.org/x/term v0.17.0
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.12.1
-	k8s.io/api v0.27.4
-	k8s.io/apimachinery v0.27.4
-	k8s.io/client-go v0.27.4
+	helm.sh/helm/v3 v3.14.2
+	k8s.io/api v0.29.2
+	k8s.io/apimachinery v0.29.2
+	k8s.io/client-go v0.29.2
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
-	sigs.k8s.io/kustomize/api v0.13.2
-	sigs.k8s.io/kustomize/kyaml v0.14.1
+	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3
+	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3
 )
 
 require github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 
 require (
-	cloud.google.com/go v0.110.7 // indirect
-	cloud.google.com/go/compute v1.23.0 // indirect
+	cloud.google.com/go v0.111.0 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/container v1.24.0 // indirect
-	cloud.google.com/go/iam v1.1.1 // indirect
-	cloud.google.com/go/storage v1.30.1 // indirect
+	cloud.google.com/go/container v1.29.0 // indirect
+	cloud.google.com/go/iam v1.1.5 // indirect
+	cloud.google.com/go/storage v1.35.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
-	filippo.io/edwards25519 v1.0.0 // indirect
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
-	github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3 // indirect
+	github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect
 	github.com/DataDog/zstd v1.4.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/hcsshim v0.11.4 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/a8m/envsubst v1.3.0 // indirect
 	github.com/acobaugh/osrelease v0.1.0 // indirect
@@ -107,120 +111,131 @@ require (
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
 	github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
 	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
-	github.com/alibabacloud-go/darabonba-openapi v0.1.18 // indirect
-	github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
+	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
+	github.com/alibabacloud-go/debug v1.0.0 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
-	github.com/alibabacloud-go/openapi-util v0.0.11 // indirect
-	github.com/alibabacloud-go/tea v1.1.18 // indirect
-	github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.2 // indirect
-	github.com/aliyun/credentials-go v1.2.3 // indirect
-	github.com/anchore/go-logger v0.0.0-20230531193951-db5ae83e7dbe // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.1 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/credentials-go v1.3.1 // indirect
+	github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b // indirect
+	github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 // indirect
 	github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 // indirect
-	github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/antchfx/xmlquery v1.3.17 // indirect
 	github.com/antchfx/xpath v1.2.4 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
 	github.com/aquasecurity/trivy v0.44.1 // indirect
 	github.com/aquasecurity/trivy-db v0.0.0-20230726112157-167ba4f2faeb // indirect
 	github.com/armosec/gojay v1.2.15 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.44.312 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.20.0 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.18.30 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.29 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.6 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.37 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.18.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
+	github.com/aws/aws-sdk-go v1.50.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.0 // indirect
-	github.com/aws/smithy-go v1.14.0 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
+	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bmatcuk/doublestar/v2 v2.0.4 // indirect
-	github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
-	github.com/buildkite/agent/v3 v3.49.0 // indirect
+	github.com/buildkite/agent/v3 v3.62.0 // indirect
+	github.com/buildkite/go-pipeline v0.3.2 // indirect
+	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
+	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect
-	github.com/clbanning/mxj/v2 v2.5.6 // indirect
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/charmbracelet/lipgloss v0.9.1 // indirect
+	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect
-	github.com/containerd/containerd v1.7.3 // indirect
-	github.com/containerd/continuity v0.4.1 // indirect
+	github.com/containerd/containerd v1.7.12 // indirect
+	github.com/containerd/continuity v0.4.2 // indirect
+	github.com/containerd/fifo v1.1.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/containerd/ttrpc v1.2.2 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
-	github.com/coreos/go-oidc/v3 v3.6.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.9.0 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/cpuguy83/go-docker v0.2.1 // indirect
-	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da // indirect
-	github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 // indirect
-	github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 // indirect
+	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
+	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/cli v24.0.5+incompatible // indirect
-	github.com/docker/docker v24.0.5+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/cli v24.0.7+incompatible // indirect
+	github.com/docker/docker v25.0.1+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/edsrzf/mmap-go v1.1.0 // indirect
 	github.com/elliotchance/orderedmap v1.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/facebookincubator/nvdtools v0.1.5 // indirect
 	github.com/fatih/color v1.15.0 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
-	github.com/ghodss/yaml v1.0.0 // indirect
-	github.com/github/go-spdx/v2 v2.1.2 // indirect
+	github.com/felixge/fgprof v0.9.3 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/github/go-spdx/v2 v2.2.0 // indirect
+	github.com/glebarez/go-sqlite v1.21.2 // indirect
+	github.com/glebarez/sqlite v1.10.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gota/gota v0.12.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.20.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.1 // indirect
-	github.com/go-openapi/loads v0.21.2 // indirect
-	github.com/go-openapi/runtime v0.26.0 // indirect
-	github.com/go-openapi/spec v0.20.9 // indirect
-	github.com/go-openapi/strfmt v0.21.7 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
-	github.com/go-openapi/validate v0.22.1 // indirect
+	github.com/go-openapi/analysis v0.22.0 // indirect
+	github.com/go-openapi/errors v0.21.0 // indirect
+	github.com/go-openapi/jsonpointer v0.20.2 // indirect
+	github.com/go-openapi/jsonreference v0.20.4 // indirect
+	github.com/go-openapi/loads v0.21.5 // indirect
+	github.com/go-openapi/runtime v0.27.1 // indirect
+	github.com/go-openapi/spec v0.20.13 // indirect
+	github.com/go-openapi/strfmt v0.22.0 // indirect
+	github.com/go-openapi/swag v0.22.9 // indirect
+	github.com/go-openapi/validate v0.22.4 // indirect
 	github.com/go-piv/piv-go v1.11.0 // indirect
-	github.com/go-playground/locales v0.14.1 // indirect
-	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
 	github.com/go-test/deep v1.1.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
@@ -230,60 +245,66 @@ require (
 	github.com/gogo/googleapis v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/certificate-transparency-go v1.1.6 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/certificate-transparency-go v1.1.7 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-github/v50 v50.2.0 // indirect
+	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licensecheck v0.3.1 // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
-	github.com/gorilla/mux v1.8.0 // indirect
+	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/gookit/color v1.5.4 // indirect
+	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.2 // indirect
+	github.com/hashicorp/go-getter v1.7.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/iancoleman/strcase v0.3.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
-	github.com/jinzhu/copier v0.3.5 // indirect
+	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
+	github.com/jinzhu/copier v0.4.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/jung-kurt/gofpdf v1.16.2 // indirect
 	github.com/jwalton/go-supportscolor v1.1.0 // indirect
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect
 	github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 // indirect
 	github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075 // indirect
 	github.com/knqyf263/go-rpmdb v0.0.0-20230517124904-b97c85e63254 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
+	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
 	github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
@@ -294,75 +315,91 @@ require (
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/buildkit v0.12.1 // indirect
+	github.com/moby/buildkit v0.12.5 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
+	github.com/moby/sys/user v0.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/nwaples/rardecode v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/olvrng/ujson v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
+	github.com/opencontainers/runtime-spec v1.1.0 // indirect
+	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/owenrumney/go-sarif v1.1.1 // indirect
+	github.com/openvex/go-vex v0.2.5 // indirect
+	github.com/owenrumney/go-sarif v1.1.2-0.20231003122901-1000f5e05554 // indirect
+	github.com/package-url/packageurl-go v0.1.1 // indirect
+	github.com/pborman/indent v1.2.1 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pkg/profile v1.7.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pquerna/cachecontrol v0.2.0 // indirect
-	github.com/prometheus/client_golang v1.16.0 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/prometheus/client_golang v1.18.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rivo/uniseg v0.4.3 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 // indirect
-	github.com/saferwall/pe v1.4.4 // indirect
+	github.com/saferwall/pe v1.4.8 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
 	github.com/samber/lo v1.38.1 // indirect
 	github.com/sassoftware/go-rpmutils v0.2.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
-	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sigstore/fulcio v1.3.1 // indirect
-	github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23 // indirect
-	github.com/sigstore/sigstore v1.7.1 // indirect
-	github.com/sigstore/timestamp-authority v1.1.1 // indirect
+	github.com/sigstore/fulcio v1.4.3 // indirect
+	github.com/sigstore/rekor v1.3.4 // indirect
+	github.com/sigstore/sigstore v1.8.1 // indirect
+	github.com/sigstore/timestamp-authority v1.2.1 // indirect
 	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spdx/tools-golang v0.5.3 // indirect
-	github.com/spf13/afero v1.9.5 // indirect
-	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spf13/viper v1.16.0 // indirect
-	github.com/spiffe/go-spiffe/v2 v2.1.6 // indirect
+	github.com/spf13/viper v1.18.2 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.1.7 // indirect
 	github.com/stripe/stripe-go/v74 v74.28.0 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/sylabs/sif/v2 v2.11.5 // indirect
 	github.com/sylabs/squashfs v0.6.1 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
-	github.com/theupdateframework/go-tuf v0.5.2 // indirect
+	github.com/theupdateframework/go-tuf v0.7.0 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
-	github.com/tjfoc/gmsm v1.3.2 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/tonistiigi/fsutil v0.0.0-20230629203738-36ef4d8c0dbb // indirect
 	github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
 	github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531 // indirect
@@ -372,95 +409,85 @@ require (
 	github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 // indirect
 	github.com/uptrace/uptrace-go v1.18.0 // indirect
 	github.com/vbatts/go-mtree v0.5.3 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
-	github.com/vifraa/gopom v0.2.2 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/vifraa/gopom v1.0.0 // indirect
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
 	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b // indirect
-	github.com/wagoodman/go-progress v0.0.0-20230301185719-21920a456ad5 // indirect
-	github.com/xanzy/go-gitlab v0.86.0 // indirect
+	github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
+	github.com/xanzy/go-gitlab v0.96.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
-	github.com/xlab/treeprint v1.1.0 // indirect
+	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
-	github.com/zclconf/go-cty v1.10.0 // indirect
+	github.com/zclconf/go-cty v1.14.0 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
-	go.mongodb.org/mongo-driver v1.11.3 // indirect
+	go.mongodb.org/mongo-driver v1.13.1 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.18.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.18.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.18.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.22.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v0.41.0 // indirect
-	go.opentelemetry.io/otel/trace v1.18.0 // indirect
+	go.opentelemetry.io/otel/trace v1.22.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	go.step.sm/crypto v0.32.1 // indirect
+	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
+	go.step.sm/crypto v0.42.1 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.16.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/oauth2 v0.12.0 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/oauth2 v0.16.0 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.18.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gonum.org/v1/gonum v0.9.1 // indirect
-	google.golang.org/api v0.128.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb // indirect
-	google.golang.org/grpc v1.58.3 // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/api v0.159.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
+	google.golang.org/grpc v1.61.0 // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gorm.io/gorm v1.25.2 // indirect
-	k8s.io/apiextensions-apiserver v0.27.2 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	lukechampine.com/uint128 v1.3.0 // indirect
-	modernc.org/cc/v3 v3.40.0 // indirect
-	modernc.org/ccgo/v3 v3.16.13 // indirect
-	modernc.org/libc v1.22.5 // indirect
-	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.5.0 // indirect
-	modernc.org/opt v0.1.3 // indirect
-	modernc.org/sqlite v1.24.0 // indirect
-	modernc.org/strutil v1.1.3 // indirect
-	modernc.org/token v1.1.0 // indirect
+	gorm.io/gorm v1.25.5 // indirect
+	k8s.io/apiextensions-apiserver v0.29.0 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	modernc.org/libc v1.29.0 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.7.2 // indirect
+	modernc.org/sqlite v1.28.0 // indirect
 	sigs.k8s.io/controller-runtime v0.15.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/release-utils v0.7.4 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	sigs.k8s.io/release-utils v0.7.7 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
-replace github.com/libgit2/git2go/v33 => ./git2go
-
-replace (
-	// Using the forked version of tablewriter
-	github.com/olekukonko/tablewriter => github.com/kubescape/tablewriter v0.0.6-0.20231106230230-aac7d2659c94
-	// TODO(vladklokun): Since later versions (e.g. v0.40.0) that get used without the pin introduce weird packaging issues probably due to package renames, pin to last known good.
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0
-
-	google.golang.org/grpc => google.golang.org/grpc v1.54.0
-
-	// TODO(vladklokun): armoapi-go requires gorm v1.24.6, but Grype depends on v1.23.10 and breaks on anything above. We can’t have both. Upstream changes to Grype?
-	gorm.io/gorm => gorm.io/gorm v1.23.10 // indirect
-)
+// Using the forked version of tablewriter
+replace github.com/olekukonko/tablewriter => github.com/kubescape/tablewriter v0.0.6-0.20231106230230-aac7d2659c94
 
 // TODO(anubhav06): Remove this once we have a release of copacetic with the support for patching kubescape image scan results.
 replace github.com/project-copacetic/copacetic => github.com/anubhav06/copacetic v0.0.0-20230821175613-0a7915a62e10
+
+replace github.com/anchore/stereoscope => github.com/matthyx/stereoscope v0.0.0-20240227133833-a9e97778940b
+
+replace github.com/google/go-containerregistry => github.com/matthyx/go-containerregistry v0.0.0-20240227132928-63ceb71ae0b9

httphandler/README.md

@@ -7,7 +7,6 @@ Running `kubescape` will start up a web-server on port `8080` which will serve t
 * POST `/v1/scan` - triggers a Kubescape scan. The server will return an ID and will execute the scanning asynchronously. The request body should look [as follows](#trigger-scan-object).
 * * `wait=true`: scan synchronously (return results and not ID). Use only in small clusters or with an increased timeout. Default is `wait=false`
 * * `keep=true`: do not delete results from local storage after returning. Default is `keep=false`
-* POST `/v1/metrics` - trigger kubescape for Prometheus support. [read more](examples/prometheus/README.md)
 
 [Response](#response-object):
 
@@ -85,12 +84,6 @@ When scanning is not in progress
 * * query `id=<string>`: Delete ID of specific results 
 * * query `all`: Delete all cached results
 
-### Prometheus support API
-
-* GET/POST `/v1/metrics` - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed.
-* `/livez` - will respond 200 if the server is alive
-* `/readyz` - will respond 200 if the server can receive requests 
-
 ## Objects
 
 ### Trigger scan object

httphandler/examples/prometheus/README.md

@@ -1,114 +1,3 @@
 # Prometheus Kubescape Integration
 
-1. Deploy kubescape
-    ```bash
-    kubectl apply -f ks-deployment.yaml
-    ```
-    > **Note**  
-    > Make sure the configurations suit your cluster (e.g. `serviceType`, etc.)
-
-2. Deploy kube-prometheus-stack
-    ```bash
-    helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
-    helm repo update
-    kubectl create namespace prometheus
-    helm install -n prometheus kube-prometheus-stack prometheus-community/kube-prometheus-stack --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
-    ```
-3. Deploy pod monitor
-    ```bash
-    kubectl apply -f podmonitor.yaml
-    ```
- 
-
-## Metrics
-
-All kubescape related metrics begin with `kubescape`
-
-> `complianceScore` is how compliant you are, where `100` indicates complete compliance and `0` means you are not compliant at all. 
-
-#### Cluster scope metrics
-
-##### Overall compliance score
-```
-# Overall complianceScore of the scan
-kubescape_cluster_complianceScore{} <compliance score>
-```
-
-###### Overall resources counters
-```
-# Number of resources that failed 
-kubescape_cluster_count_resources_failed{} <counter>
-
-# Number of resources that where skipped
-kubescape_cluster_count_resources_skipped{} <counter>
-
-# Number of resources that passed
-kubescape_cluster_count_resources_passed{} <counter>
-```
-
-###### Overall controls counters
-```
-# Number of controls that failed 
-kubescape_cluster_count_controls_failed{} <counter>
-
-# Number of controls that where skipped 
-kubescape_cluster_count_controls_skipped{} <counter>
-
-# Number of controls that passed
-kubescape_cluster_count_controls_passed{} <counter>
-```
-
-#### Frameworks metrics
-
-##### Frameworks compliance score
-```
-kubescape_framework_complianceScore{name="<framework name>"} <compliance score>
-```
-
-###### Frameworks resources counters
-
-```
-# Number of resources that failed 
-kubescape_framework_count_resources_failed{} <counter>
-
-# Number of resources that where skipped
-kubescape_framework_count_resources_skipped{} <counter>
-
-# Number of resources that passed
-kubescape_framework_count_resources_passed{} <counter>
-``` 
-###### Frameworks controls counters
-
-```
-# Number of controls that failed 
-kubescape_framework_count_controls_failed{name="<framework name>"} <counter>
-
-# Number of controls that where skipped 
-kubescape_framework_count_controls_skipped{name="<framework name>"} <counter>
-
-# Number of controls that passed
-kubescape_framework_count_controls_passed{name="<framework name>"} <counter>
-```
-
-#### Controls metrics
-
-##### Controls compliance score
-
-```
-kubescape_control_complianceScore{name="<control name>",url="<docs url>",severity="<control severity>"} <compliance score>
-```
-
-###### Controls resources counters
-
-```
-# Number of resources that failed 
-kubescape_control_count_resources_failed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
-
-# Number of resources that where skipped
-kubescape_control_count_resources_skipped{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
-
-# Number of resources that passed
-kubescape_control_count_resources_passed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
-```
-
- 
+Please find the new documentation at the following link: [Kubescape Prometheus Integration](https://github.com/kubescape/helm-charts/blob/main/charts/kubescape-operator/README.md#kubescape-prometheus-integration)

httphandler/examples/prometheus/grafana-kubescape-dashboard.json

@@ -1,555 +0,0 @@
-{
-  "annotations": {
-    "list": [
-      {
-        "builtIn": 1,
-        "datasource": {
-          "type": "grafana",
-          "uid": "-- Grafana --"
-        },
-        "enable": true,
-        "hide": true,
-        "iconColor": "rgba(0, 211, 255, 1)",
-        "name": "Annotations & Alerts",
-        "target": {
-          "limit": 100,
-          "matchAny": false,
-          "tags": [],
-          "type": "dashboard"
-        },
-        "type": "dashboard"
-      }
-    ]
-  },
-  "editable": true,
-  "fiscalYearStartMonth": 0,
-  "graphTooltip": 0,
-  "links": [],
-  "liveNow": false,
-  "panels": [
-    {
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "color": {
-            "mode": "palette-classic"
-          },
-          "custom": {
-            "axisCenteredZero": false,
-            "axisColorMode": "text",
-            "axisLabel": "",
-            "axisPlacement": "auto",
-            "barAlignment": 0,
-            "drawStyle": "line",
-            "fillOpacity": 13,
-            "gradientMode": "none",
-            "hideFrom": {
-              "legend": false,
-              "tooltip": false,
-              "viz": false
-            },
-            "lineInterpolation": "linear",
-            "lineWidth": 2,
-            "pointSize": 4,
-            "scaleDistribution": {
-              "type": "linear"
-            },
-            "showPoints": "auto",
-            "spanNulls": false,
-            "stacking": {
-              "group": "A",
-              "mode": "none"
-            },
-            "thresholdsStyle": {
-              "mode": "off"
-            }
-          },
-          "mappings": [],
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": null
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          }
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 24,
-        "x": 0,
-        "y": 0
-      },
-      "id": 2,
-      "options": {
-        "legend": {
-          "calcs": [],
-          "displayMode": "list",
-          "placement": "bottom",
-          "showLegend": false
-        },
-        "tooltip": {
-          "mode": "single",
-          "sort": "none"
-        }
-      },
-      "targets": [
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "expr": "kubescape_cluster_complianceScore",
-          "range": true,
-          "refId": "A"
-        }
-      ],
-      "title": "Overtime Cluster Risk score",
-      "transparent": true,
-      "type": "timeseries"
-    },
-    {
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "color": {
-            "mode": "palette-classic"
-          },
-          "custom": {
-            "axisCenteredZero": false,
-            "axisColorMode": "text",
-            "axisLabel": "",
-            "axisPlacement": "auto",
-            "barAlignment": 0,
-            "drawStyle": "points",
-            "fillOpacity": 10,
-            "gradientMode": "none",
-            "hideFrom": {
-              "legend": false,
-              "tooltip": false,
-              "viz": false
-            },
-            "lineInterpolation": "linear",
-            "lineWidth": 1,
-            "pointSize": 4,
-            "scaleDistribution": {
-              "type": "linear"
-            },
-            "showPoints": "never",
-            "spanNulls": true,
-            "stacking": {
-              "group": "A",
-              "mode": "none"
-            },
-            "thresholdsStyle": {
-              "mode": "off"
-            }
-          },
-          "mappings": [],
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": null
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          },
-          "unit": "short"
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 12,
-        "x": 0,
-        "y": 8
-      },
-      "id": 7,
-      "options": {
-        "legend": {
-          "calcs": [],
-          "displayMode": "list",
-          "placement": "bottom",
-          "showLegend": true
-        },
-        "tooltip": {
-          "mode": "multi",
-          "sort": "none"
-        }
-      },
-      "pluginVersion": "8.5.0",
-      "targets": [
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "exemplar": false,
-          "expr": "sum (kubescape_control_complianceScore) by (name)",
-          "instant": false,
-          "interval": "",
-          "legendFormat": "{{link}}",
-          "range": true,
-          "refId": "A"
-        }
-      ],
-      "title": "Overtime Controls Risk score ",
-      "type": "timeseries"
-    },
-    {
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      },
-      "fieldConfig": {
-        "defaults": {
-          "color": {
-            "mode": "palette-classic"
-          },
-          "custom": {
-            "axisCenteredZero": false,
-            "axisColorMode": "text",
-            "axisLabel": "",
-            "axisPlacement": "auto",
-            "barAlignment": 0,
-            "drawStyle": "line",
-            "fillOpacity": 0,
-            "gradientMode": "none",
-            "hideFrom": {
-              "legend": false,
-              "tooltip": false,
-              "viz": false
-            },
-            "lineInterpolation": "linear",
-            "lineWidth": 1,
-            "pointSize": 5,
-            "scaleDistribution": {
-              "type": "linear"
-            },
-            "showPoints": "auto",
-            "spanNulls": false,
-            "stacking": {
-              "group": "A",
-              "mode": "none"
-            },
-            "thresholdsStyle": {
-              "mode": "off"
-            }
-          },
-          "mappings": [],
-          "thresholds": {
-            "mode": "absolute",
-            "steps": [
-              {
-                "color": "green",
-                "value": null
-              },
-              {
-                "color": "red",
-                "value": 80
-              }
-            ]
-          }
-        },
-        "overrides": [
-          {
-            "__systemRef": "hideSeriesFrom",
-            "matcher": {
-              "id": "byNames",
-              "options": {
-                "mode": "exclude",
-                "names": [
-                  "{__name__=\"kubescape_framework_riskScore\", container=\"kubescape\", endpoint=\"http\", instance=\"172.17.0.9:8080\", job=\"armo-kubescape\", name=\"DevOpsBest\", namespace=\"armo-system\", pod=\"armo-kubescape-66555d4db6-wznwg\", service=\"armo-kubescape\"}"
-                ],
-                "prefix": "All except:",
-                "readOnly": true
-              }
-            },
-            "properties": [
-              {
-                "id": "custom.hideFrom",
-                "value": {
-                  "legend": false,
-                  "tooltip": false,
-                  "viz": false
-                }
-              }
-            ]
-          }
-        ]
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 12,
-        "x": 12,
-        "y": 8
-      },
-      "id": 5,
-      "options": {
-        "legend": {
-          "calcs": [],
-          "displayMode": "list",
-          "placement": "bottom",
-          "showLegend": true
-        },
-        "tooltip": {
-          "mode": "single",
-          "sort": "none"
-        }
-      },
-      "targets": [
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "exemplar": false,
-          "expr": "sum(kubescape_framework_complianceScore) by (name)",
-          "hide": false,
-          "instant": true,
-          "legendFormat": "{{name}}",
-          "range": false,
-          "refId": "A"
-        }
-      ],
-      "title": "Overtime Frameworks Risk score",
-      "type": "timeseries"
-    },
-    {
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      },
-      "description": "Number of Resources that failed/passed or skipped",
-      "fieldConfig": {
-        "defaults": {
-          "color": {
-            "mode": "palette-classic"
-          },
-          "custom": {
-            "hideFrom": {
-              "legend": false,
-              "tooltip": false,
-              "viz": false
-            }
-          },
-          "mappings": []
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 12,
-        "x": 0,
-        "y": 16
-      },
-      "id": 4,
-      "options": {
-        "displayLabels": [
-          "percent"
-        ],
-        "legend": {
-          "displayMode": "list",
-          "placement": "right",
-          "showLegend": true,
-          "values": []
-        },
-        "pieType": "pie",
-        "reduceOptions": {
-          "calcs": [
-            "lastNotNull"
-          ],
-          "fields": "",
-          "values": false
-        },
-        "tooltip": {
-          "mode": "multi",
-          "sort": "none"
-        }
-      },
-      "pluginVersion": "8.5.0",
-      "targets": [
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "expr": "sum(kubescape_control_count_resources_passed)",
-          "hide": false,
-          "legendFormat": "passed",
-          "range": true,
-          "refId": "C"
-        },
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "exemplar": false,
-          "expr": "sum(kubescape_control_count_resources_failed)",
-          "hide": false,
-          "instant": true,
-          "legendFormat": "failed",
-          "range": false,
-          "refId": "A"
-        },
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "exemplar": false,
-          "expr": "sum(kubescape_control_count_resources_skipped)",
-          "hide": false,
-          "instant": false,
-          "legendFormat": "skipped",
-          "range": true,
-          "refId": "B"
-        }
-      ],
-      "title": "Resources by Status",
-      "type": "piechart"
-    },
-    {
-      "datasource": {
-        "type": "prometheus",
-        "uid": "prometheus"
-      },
-      "description": "Number of controls that failed/passed or skipped\n",
-      "fieldConfig": {
-        "defaults": {
-          "color": {
-            "mode": "palette-classic"
-          },
-          "custom": {
-            "hideFrom": {
-              "legend": false,
-              "tooltip": false,
-              "viz": false
-            }
-          },
-          "mappings": []
-        },
-        "overrides": []
-      },
-      "gridPos": {
-        "h": 8,
-        "w": 12,
-        "x": 12,
-        "y": 16
-      },
-      "id": 8,
-      "options": {
-        "displayLabels": [
-          "percent"
-        ],
-        "legend": {
-          "displayMode": "list",
-          "placement": "right",
-          "showLegend": true,
-          "values": []
-        },
-        "pieType": "pie",
-        "reduceOptions": {
-          "calcs": [
-            "lastNotNull"
-          ],
-          "fields": "",
-          "values": false
-        },
-        "tooltip": {
-          "mode": "single",
-          "sort": "none"
-        }
-      },
-      "pluginVersion": "8.5.0",
-      "targets": [
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "exemplar": false,
-          "expr": "kubescape_cluster_count_control_failed",
-          "hide": false,
-          "instant": true,
-          "legendFormat": "failed",
-          "range": false,
-          "refId": "A"
-        },
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "exemplar": false,
-          "expr": "kubescape_cluster_count_control_skipped",
-          "hide": false,
-          "instant": false,
-          "legendFormat": "skipped",
-          "range": true,
-          "refId": "B"
-        },
-        {
-          "datasource": {
-            "type": "prometheus",
-            "uid": "prometheus"
-          },
-          "editorMode": "code",
-          "exemplar": false,
-          "expr": "kubescape_cluster_count_control_passed",
-          "hide": false,
-          "instant": false,
-          "legendFormat": "passed",
-          "range": true,
-          "refId": "C"
-        }
-      ],
-      "title": "Controls by Status",
-      "type": "piechart"
-    }
-  ],
-  "refresh": "",
-  "schemaVersion": 38,
-  "style": "dark",
-  "tags": [],
-  "templating": {
-    "list": []
-  },
-  "time": {
-    "from": "now-6h",
-    "to": "now"
-  },
-  "timepicker": {},
-  "timezone": "",
-  "title": "Kubescape",
-  "uid": "SwdcJornz",
-  "version": 1,
-  "weekStart": ""
-}

httphandler/examples/prometheus/ks-deployment.yaml

@@ -1,118 +0,0 @@
----
-apiVersion: v1
-kind: Namespace
-metadata:
-  labels:
-    app: kubescape
-  name: kubescape
----
-# ------------------- Kubescape Service Account ------------------- #
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    app: kubescape
-  name: kubescape-discovery
-  namespace: kubescape
----
-# ------------------- Kubescape Cluster Role & Cluster Role Binding ------------------- #
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kubescape-discovery-clusterroles
-  # "namespace" omitted since ClusterRoles are not namespaced
-rules:
-- apiGroups: ["*"]
-  resources: ["*"]
-  verbs: ["get", "list", "describe"]
-
----
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: kubescape-discovery-role-binding
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: kubescape-discovery-clusterroles
-subjects:
-- kind: ServiceAccount
-  name: kubescape-discovery
-  namespace: kubescape
----
-apiVersion: v1
-kind: Service
-metadata:
-  name: kubescape
-  namespace: kubescape
-  labels:
-    app: kubescape
-spec:
-  type: ClusterIP
-  ports:
-    - port: 8080
-      name: http
-      targetPort: 8080
-      protocol: TCP
-  selector:
-    app: kubescape
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: kubescape
-  namespace: kubescape
-  labels:
-    app: kubescape
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: kubescape
-  template:
-    metadata:
-      labels:
-        app: kubescape
-    spec:
-      serviceAccountName: kubescape-discovery
-      containers:
-      - name: kubescape
-        livenessProbe:
-          httpGet:
-            path: /livez
-            port: 8080
-          initialDelaySeconds: 3
-          periodSeconds: 3
-        readinessProbe:
-          httpGet:
-            path: /readyz
-            port: 8080
-          initialDelaySeconds: 3
-          periodSeconds: 3
-        image: quay.io/kubescape/kubescape:latest
-        imagePullPolicy: Always
-        env:
-        - name: KS_DEFAULT_CONFIGMAP_NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        - name: "KS_SKIP_UPDATE_CHECK" # do not check latest version
-          value: "true"
-        - name: KS_ENABLE_HOST_SCANNER # enable host scanner -> https://hub.armosec.io/docs/host-sensor
-          value: "false"               # TODO - add permissions to rbac 
-        - name: KS_DOWNLOAD_ARTIFACTS  # When set to true the artifacts will be downloaded every scan execution
-          value: "false" 
-        ports:
-        - containerPort: 8080
-          name: http
-          protocol: TCP
-        command:
-        - ksserver
-        resources:
-          requests:
-            cpu: 10m
-            memory: 100Mi
-          limits:
-            cpu: 500m
-            memory: 500Mi

httphandler/examples/prometheus/podmonitor.yaml

@@ -1,16 +0,0 @@
-apiVersion: monitoring.coreos.com/v1
-kind: PodMonitor
-metadata:
-  name: kubescape
-  namespace: kubescape
-  labels:
-    app: kubescape
-spec:
-  selector:
-    matchLabels:
-      app: kubescape
-  podMetricsEndpoints:
-  - port: http
-    path: /v1/metrics
-    interval: 120s
-    scrapeTimeout: 100s

httphandler/go.mod

@@ -1,83 +1,87 @@
 module github.com/kubescape/kubescape/v3/httphandler
 
-go 1.21
+go 1.21.1
+
+toolchain go1.21.6
 
 replace github.com/kubescape/kubescape/v3 => ../
 
 require (
-	github.com/armosec/armoapi-go v0.0.256
-	github.com/armosec/utils-go v0.0.40
-	github.com/armosec/utils-k8s-go v0.0.23
-	github.com/go-openapi/runtime v0.26.0
-	github.com/google/uuid v1.3.1
-	github.com/gorilla/mux v1.8.0
+	github.com/armosec/armoapi-go v0.0.330
+	github.com/armosec/utils-go v0.0.57
+	github.com/armosec/utils-k8s-go v0.0.26
+	github.com/go-openapi/runtime v0.27.1
+	github.com/google/uuid v1.6.0
+	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/schema v1.2.0
-	github.com/kubescape/backend v0.0.17
+	github.com/kubescape/backend v0.0.18
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.156
+	github.com/kubescape/k8s-interface v0.0.161
 	github.com/kubescape/kubescape/v3 v3.0.0-00010101000000-000000000000
-	github.com/kubescape/opa-utils v0.0.273
+	github.com/kubescape/opa-utils v0.0.278
 	github.com/kubescape/storage v0.0.20
-	github.com/spf13/viper v1.16.0
+	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.8.4
 	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.45.0
-	go.opentelemetry.io/otel v1.19.0
-	k8s.io/apimachinery v0.27.4
-	k8s.io/client-go v0.27.4
+	go.opentelemetry.io/otel v1.22.0
+	k8s.io/apimachinery v0.29.2
+	k8s.io/client-go v0.29.2
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 )
 
 require (
-	go.opentelemetry.io/otel/trace v1.19.0
+	go.opentelemetry.io/otel/trace v1.22.0
 	go.uber.org/multierr v1.11.0 // indirect
-	go.uber.org/zap v1.26.0 // indirect
-	golang.org/x/crypto v0.17.0 // indirect
-	golang.org/x/exp v0.0.0-20230801115018-d63ba01acd4b
-	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/net v0.19.0 // indirect
-	golang.org/x/oauth2 v0.12.0 // indirect
-	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20230822172742-b8732ec3820d // indirect
-	google.golang.org/grpc v1.58.3 // indirect
+	go.uber.org/zap v1.27.0 // indirect
+	golang.org/x/crypto v0.19.0 // indirect
+	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/mod v0.15.0 // indirect
+	golang.org/x/net v0.21.0 // indirect
+	golang.org/x/oauth2 v0.16.0 // indirect
+	google.golang.org/appengine v1.6.8 // indirect
+	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/grpc v1.61.0 // indirect
 )
 
 require (
-	cloud.google.com/go v0.110.7 // indirect
-	cloud.google.com/go/compute v1.23.0 // indirect
+	cloud.google.com/go v0.111.0 // indirect
+	cloud.google.com/go/compute v1.23.3 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/container v1.24.0 // indirect
-	cloud.google.com/go/iam v1.1.1 // indirect
-	cloud.google.com/go/storage v1.30.1 // indirect
+	cloud.google.com/go/container v1.29.0 // indirect
+	cloud.google.com/go/iam v1.1.5 // indirect
+	cloud.google.com/go/storage v1.35.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
-	filippo.io/edwards25519 v1.0.0 // indirect
-	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
+	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
+	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.3.0 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
 	github.com/Azure/go-autorest/autorest v0.11.29 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.22 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 // indirect
 	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.0.0 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
-	github.com/CycloneDX/cyclonedx-go v0.7.2-0.20230625092137-07e2f29defc3 // indirect
+	github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect
 	github.com/DataDog/zstd v1.4.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
 	github.com/Microsoft/go-winio v0.6.1 // indirect
+	github.com/Microsoft/hcsshim v0.11.4 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230828082145-3c4c8a2d2371 // indirect
+	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/a8m/envsubst v1.3.0 // indirect
 	github.com/acobaugh/osrelease v0.1.0 // indirect
@@ -87,107 +91,121 @@ require (
 	github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect
 	github.com/alibabacloud-go/cr-20160607 v1.0.1 // indirect
 	github.com/alibabacloud-go/cr-20181201 v1.0.10 // indirect
-	github.com/alibabacloud-go/darabonba-openapi v0.1.18 // indirect
-	github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68 // indirect
+	github.com/alibabacloud-go/darabonba-openapi v0.2.1 // indirect
+	github.com/alibabacloud-go/debug v1.0.0 // indirect
 	github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect
-	github.com/alibabacloud-go/openapi-util v0.0.11 // indirect
-	github.com/alibabacloud-go/tea v1.1.18 // indirect
-	github.com/alibabacloud-go/tea-utils v1.4.4 // indirect
-	github.com/alibabacloud-go/tea-xml v1.1.2 // indirect
-	github.com/aliyun/credentials-go v1.2.3 // indirect
-	github.com/anchore/go-logger v0.0.0-20230531193951-db5ae83e7dbe // indirect
+	github.com/alibabacloud-go/openapi-util v0.1.0 // indirect
+	github.com/alibabacloud-go/tea v1.2.1 // indirect
+	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
+	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
+	github.com/aliyun/credentials-go v1.3.1 // indirect
+	github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc // indirect
+	github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b // indirect
+	github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 // indirect
-	github.com/anchore/grype v0.65.0 // indirect
+	github.com/anchore/grype v0.74.2 // indirect
 	github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 // indirect
-	github.com/anchore/sqlite v1.4.6-0.20220607210448-bcc6ee5c4963 // indirect
-	github.com/anchore/stereoscope v0.0.0-20230727211946-d1f3d766295e // indirect
-	github.com/anchore/syft v0.86.1 // indirect
+	github.com/anchore/stereoscope v0.0.1 // indirect
+	github.com/anchore/syft v0.101.1 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/antchfx/xmlquery v1.3.17 // indirect
 	github.com/antchfx/xpath v1.2.4 // indirect
+	github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect
 	github.com/aquasecurity/go-pep440-version v0.0.0-20210121094942-22b2f8951d46 // indirect
 	github.com/aquasecurity/go-version v0.0.0-20210121072130-637058cfe492 // indirect
 	github.com/aquasecurity/trivy v0.44.1 // indirect
 	github.com/aquasecurity/trivy-db v0.0.0-20230726112157-167ba4f2faeb // indirect
 	github.com/armosec/gojay v1.2.15 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.44.312 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.20.0 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.18.30 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.13.29 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.13.6 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.1.37 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.4.31 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.3.37 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecr v1.18.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.12.0 // indirect
+	github.com/aws/aws-sdk-go v1.50.0 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.31 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.13.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.15.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.21.0 // indirect
-	github.com/aws/smithy-go v1.14.0 // indirect
-	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20220517224237-e6f29200ae04 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
+	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
+	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bmatcuk/doublestar/v2 v2.0.4 // indirect
-	github.com/bmatcuk/doublestar/v4 v4.6.0 // indirect
+	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/briandowns/spinner v1.23.0 // indirect
-	github.com/buildkite/agent/v3 v3.49.0 // indirect
+	github.com/buildkite/agent/v3 v3.62.0 // indirect
+	github.com/buildkite/go-pipeline v0.3.2 // indirect
+	github.com/buildkite/interpolate v0.0.0-20200526001904-07f35b4ae251 // indirect
+	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chainguard-dev/git-urls v1.0.2 // indirect
-	github.com/chrismellard/docker-credential-acr-env v0.0.0-20220119192733-fe33c00cee21 // indirect
-	github.com/clbanning/mxj/v2 v2.5.6 // indirect
+	github.com/charmbracelet/lipgloss v0.9.1 // indirect
+	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
+	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect
-	github.com/containerd/containerd v1.7.3 // indirect
-	github.com/containerd/continuity v0.4.1 // indirect
+	github.com/containerd/containerd v1.7.12 // indirect
+	github.com/containerd/continuity v0.4.2 // indirect
+	github.com/containerd/fifo v1.1.0 // indirect
+	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/containerd/ttrpc v1.2.2 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
-	github.com/coreos/go-oidc/v3 v3.6.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.9.0 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/cpuguy83/go-docker v0.2.1 // indirect
-	github.com/cyberphone/json-canonicalization v0.0.0-20220623050100-57a0ce2678a7 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
 	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
-	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da // indirect
-	github.com/digitorus/pkcs7 v0.0.0-20221212123742-001c36b64ec3 // indirect
-	github.com/digitorus/timestamp v0.0.0-20221019182153-ef3b63b79b31 // indirect
+	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
+	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/distribution/distribution v2.8.3+incompatible // indirect
 	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/cli v24.0.5+incompatible // indirect
-	github.com/docker/distribution v2.8.2+incompatible // indirect
-	github.com/docker/docker v24.0.5+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.7.0 // indirect
+	github.com/docker/cli v24.0.7+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v25.0.1+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
 	github.com/docker/go-units v0.5.0 // indirect
 	github.com/dsnet/compress v0.0.2-0.20210315054119-f66993602bf5 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/edsrzf/mmap-go v1.1.0 // indirect
 	github.com/elliotchance/orderedmap v1.5.0 // indirect
-	github.com/emicklei/go-restful/v3 v3.10.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/enescakir/emoji v1.0.0 // indirect
-	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/facebookincubator/nvdtools v0.1.5 // indirect
 	github.com/fatih/color v1.15.0 // indirect
-	github.com/felixge/httpsnoop v1.0.3 // indirect
+	github.com/felixge/fgprof v0.9.3 // indirect
+	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/francoispqt/gojay v1.2.13 // indirect
-	github.com/fsnotify/fsnotify v1.6.0 // indirect
-	github.com/gabriel-vasile/mimetype v1.4.2 // indirect
-	github.com/ghodss/yaml v1.0.0 // indirect
-	github.com/github/go-spdx/v2 v2.1.2 // indirect
+	github.com/fsnotify/fsnotify v1.7.0 // indirect
+	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
+	github.com/github/go-spdx/v2 v2.2.0 // indirect
+	github.com/glebarez/go-sqlite v1.21.2 // indirect
+	github.com/glebarez/sqlite v1.10.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
@@ -195,22 +213,19 @@ require (
 	github.com/go-git/go-git/v5 v5.11.0 // indirect
 	github.com/go-gota/gota v0.12.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.0 // indirect
-	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.21.4 // indirect
-	github.com/go-openapi/errors v0.20.3 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
-	github.com/go-openapi/jsonreference v0.20.1 // indirect
-	github.com/go-openapi/loads v0.21.2 // indirect
-	github.com/go-openapi/spec v0.20.9 // indirect
-	github.com/go-openapi/strfmt v0.21.7 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
-	github.com/go-openapi/validate v0.22.1 // indirect
+	github.com/go-openapi/analysis v0.22.0 // indirect
+	github.com/go-openapi/errors v0.21.0 // indirect
+	github.com/go-openapi/jsonpointer v0.20.2 // indirect
+	github.com/go-openapi/jsonreference v0.20.4 // indirect
+	github.com/go-openapi/loads v0.21.5 // indirect
+	github.com/go-openapi/spec v0.20.13 // indirect
+	github.com/go-openapi/strfmt v0.22.0 // indirect
+	github.com/go-openapi/swag v0.22.9 // indirect
+	github.com/go-openapi/validate v0.22.4 // indirect
 	github.com/go-piv/piv-go v1.11.0 // indirect
-	github.com/go-playground/locales v0.14.1 // indirect
-	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.14.0 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
 	github.com/go-test/deep v1.1.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
@@ -220,39 +235,43 @@ require (
 	github.com/gogo/googleapis v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/certificate-transparency-go v1.1.6 // indirect
-	github.com/google/gnostic v0.5.7-v3refs // indirect
+	github.com/google/certificate-transparency-go v1.1.7 // indirect
+	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-containerregistry v0.16.1 // indirect
-	github.com/google/go-github/v50 v50.2.0 // indirect
+	github.com/google/go-containerregistry v0.19.0 // indirect
+	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licensecheck v0.3.1 // indirect
-	github.com/google/s2a-go v0.1.4 // indirect
+	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
+	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
-	github.com/googleapis/enterprise-certificate-proxy v0.2.4 // indirect
-	github.com/googleapis/gax-go/v2 v2.11.0 // indirect
+	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/gookit/color v1.5.4 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.2 // indirect
+	github.com/hashicorp/go-getter v1.7.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/hcl v1.0.0 // indirect
+	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
-	github.com/imdario/mergo v0.3.15 // indirect
+	github.com/iancoleman/strcase v0.3.0 // indirect
+	github.com/imdario/mergo v0.3.16 // indirect
 	github.com/in-toto/in-toto-golang v0.9.0 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
-	github.com/jedisct1/go-minisign v0.0.0-20211028175153-1c139d1cc84b // indirect
-	github.com/jinzhu/copier v0.3.5 // indirect
+	github.com/jedisct1/go-minisign v0.0.0-20230811132847-661be99b8267 // indirect
+	github.com/jinzhu/copier v0.4.0 // indirect
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
@@ -262,29 +281,30 @@ require (
 	github.com/jung-kurt/gofpdf v1.16.2 // indirect
 	github.com/jwalton/gchalk v1.3.0 // indirect
 	github.com/jwalton/go-supportscolor v1.1.0 // indirect
-	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
+	github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.16.5 // indirect
-	github.com/klauspost/pgzip v1.2.5 // indirect
+	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect
 	github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 // indirect
 	github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075 // indirect
 	github.com/knqyf263/go-rpmdb v0.0.0-20230517124904-b97c85e63254 // indirect
-	github.com/kubescape/go-git-url v0.0.27 // indirect
+	github.com/kubescape/go-git-url v0.0.28 // indirect
 	github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520 // indirect
-	github.com/kubescape/regolibrary v1.0.300 // indirect
+	github.com/kubescape/regolibrary v1.0.315 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
-	github.com/leodido/go-urn v1.2.4 // indirect
-	github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
-	github.com/libgit2/git2go/v33 v33.0.9 // indirect
+	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
+	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
 	github.com/magiconair/properties v1.8.7 // indirect
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/maruel/natural v1.1.1 // indirect
+	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/matthyx/go-gitlog v0.0.0-20231005131906-9ffabe3c5bcd // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-isatty v0.0.19 // indirect
-	github.com/mattn/go-runewidth v0.0.14 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
+	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
 	github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect
 	github.com/miekg/pkcs11 v1.1.1 // indirect
@@ -296,83 +316,99 @@ require (
 	github.com/mitchellh/hashstructure/v2 v2.0.2 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
-	github.com/moby/buildkit v0.12.1 // indirect
+	github.com/moby/buildkit v0.12.5 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
+	github.com/moby/sys/user v0.1.0 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
 	github.com/morikuni/aec v1.0.0 // indirect
 	github.com/mozillazg/docker-credential-acr-helper v0.3.0 // indirect
+	github.com/muesli/reflow v0.3.0 // indirect
+	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/nwaples/rardecode v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
+	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.6-0.20230417144759-edd1a71a5576 // indirect
 	github.com/olvrng/ujson v1.1.0 // indirect
-	github.com/open-policy-agent/opa v0.55.0 // indirect
+	github.com/open-policy-agent/opa v0.61.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
+	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
+	github.com/opencontainers/runtime-spec v1.1.0 // indirect
+	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
-	github.com/owenrumney/go-sarif v1.1.1 // indirect
+	github.com/openvex/go-vex v0.2.5 // indirect
+	github.com/owenrumney/go-sarif v1.1.2-0.20231003122901-1000f5e05554 // indirect
 	github.com/owenrumney/go-sarif/v2 v2.2.0 // indirect
+	github.com/package-url/packageurl-go v0.1.1 // indirect
+	github.com/pborman/indent v1.2.1 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
-	github.com/pelletier/go-toml/v2 v2.0.8 // indirect
+	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
 	github.com/pjbgf/sha1cd v0.3.0 // indirect
-	github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect
+	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect
 	github.com/pkg/errors v0.9.1 // indirect
-	github.com/pmezard/go-difflib v1.0.0 // indirect
+	github.com/pkg/profile v1.7.0 // indirect
+	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pquerna/cachecontrol v0.2.0 // indirect
 	github.com/project-copacetic/copacetic v0.0.0-00010101000000-000000000000 // indirect
-	github.com/prometheus/client_golang v1.16.0 // indirect
-	github.com/prometheus/client_model v0.4.0 // indirect
-	github.com/prometheus/common v0.42.0 // indirect
-	github.com/prometheus/procfs v0.10.1 // indirect
+	github.com/prometheus/client_golang v1.18.0 // indirect
+	github.com/prometheus/client_model v0.5.0 // indirect
+	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rivo/uniseg v0.4.3 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 // indirect
-	github.com/saferwall/pe v1.4.4 // indirect
+	github.com/saferwall/pe v1.4.8 // indirect
+	github.com/sagikazarmark/locafero v0.4.0 // indirect
+	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
 	github.com/samber/lo v1.38.1 // indirect
 	github.com/sassoftware/go-rpmutils v0.2.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/schollz/progressbar/v3 v3.13.0 // indirect
 	github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
-	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sergi/go-diff v1.3.1 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sigstore/cosign/v2 v2.1.1 // indirect
-	github.com/sigstore/fulcio v1.3.1 // indirect
-	github.com/sigstore/rekor v1.2.2-0.20230530122220-67cc9e58bd23 // indirect
-	github.com/sigstore/sigstore v1.7.1 // indirect
-	github.com/sigstore/timestamp-authority v1.1.1 // indirect
+	github.com/sigstore/cosign/v2 v2.2.3 // indirect
+	github.com/sigstore/fulcio v1.4.3 // indirect
+	github.com/sigstore/rekor v1.3.4 // indirect
+	github.com/sigstore/sigstore v1.8.1 // indirect
+	github.com/sigstore/timestamp-authority v1.2.1 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
 	github.com/skeema/knownhosts v1.2.1 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
+	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spdx/tools-golang v0.5.3 // indirect
-	github.com/spf13/afero v1.9.5 // indirect
-	github.com/spf13/cast v1.5.1 // indirect
-	github.com/spf13/cobra v1.7.0 // indirect
-	github.com/spf13/jwalterweatherman v1.1.0 // indirect
+	github.com/spf13/afero v1.11.0 // indirect
+	github.com/spf13/cast v1.6.0 // indirect
+	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spiffe/go-spiffe/v2 v2.1.6 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.1.7 // indirect
 	github.com/stripe/stripe-go/v74 v74.28.0 // indirect
-	github.com/subosito/gotenv v1.4.2 // indirect
+	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/sylabs/sif/v2 v2.11.5 // indirect
 	github.com/sylabs/squashfs v0.6.1 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/thales-e-security/pool v0.0.2 // indirect
 	github.com/therootcompany/xz v1.0.1 // indirect
-	github.com/theupdateframework/go-tuf v0.5.2 // indirect
+	github.com/theupdateframework/go-tuf v0.7.0 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
-	github.com/tjfoc/gmsm v1.3.2 // indirect
+	github.com/tjfoc/gmsm v1.4.1 // indirect
 	github.com/tonistiigi/fsutil v0.0.0-20230629203738-36ef4d8c0dbb // indirect
 	github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
 	github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531 // indirect
@@ -382,49 +418,52 @@ require (
 	github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 // indirect
 	github.com/uptrace/uptrace-go v1.18.0 // indirect
 	github.com/vbatts/go-mtree v0.5.3 // indirect
-	github.com/vbatts/tar-split v0.11.3 // indirect
-	github.com/vifraa/gopom v0.2.2 // indirect
+	github.com/vbatts/tar-split v0.11.5 // indirect
+	github.com/vifraa/gopom v1.0.0 // indirect
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
 	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b // indirect
-	github.com/wagoodman/go-progress v0.0.0-20230301185719-21920a456ad5 // indirect
-	github.com/xanzy/go-gitlab v0.86.0 // indirect
+	github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
+	github.com/xanzy/go-gitlab v0.96.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
-	github.com/xlab/treeprint v1.1.0 // indirect
+	github.com/xlab/treeprint v1.2.0 // indirect
+	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
-	github.com/zclconf/go-cty v1.10.0 // indirect
+	github.com/zclconf/go-cty v1.14.0 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
-	go.mongodb.org/mongo-driver v1.11.4 // indirect
+	go.mongodb.org/mongo-driver v1.13.1 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.41.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.18.0 // indirect
-	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.18.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
+	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 // indirect
-	go.opentelemetry.io/otel/metric v1.19.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.18.0 // indirect
+	go.opentelemetry.io/otel/metric v1.22.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.22.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v0.41.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
-	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	go.step.sm/crypto v0.32.1 // indirect
-	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.15.0 // indirect
-	golang.org/x/term v0.15.0 // indirect
+	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
+	go.step.sm/crypto v0.42.1 // indirect
+	golang.org/x/sync v0.6.0 // indirect
+	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/term v0.17.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	golang.org/x/time v0.3.0 // indirect
-	golang.org/x/tools v0.13.0 // indirect
-	golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect
+	golang.org/x/time v0.5.0 // indirect
+	golang.org/x/tools v0.18.0 // indirect
+	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gonum.org/v1/gonum v0.9.1 // indirect
-	google.golang.org/api v0.128.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20230913181813-007df8e322eb // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20230913181813-007df8e322eb // indirect
-	google.golang.org/protobuf v1.31.0 // indirect
+	google.golang.org/api v0.159.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
+	google.golang.org/protobuf v1.32.0 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect
@@ -432,44 +471,27 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gorm.io/gorm v1.25.2 // indirect
-	helm.sh/helm/v3 v3.12.1 // indirect
-	k8s.io/api v0.27.4 // indirect
-	k8s.io/apiextensions-apiserver v0.27.2 // indirect
-	k8s.io/klog/v2 v2.100.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect
-	lukechampine.com/uint128 v1.3.0 // indirect
-	modernc.org/cc/v3 v3.40.0 // indirect
-	modernc.org/ccgo/v3 v3.16.13 // indirect
-	modernc.org/libc v1.22.5 // indirect
-	modernc.org/mathutil v1.5.0 // indirect
-	modernc.org/memory v1.5.0 // indirect
-	modernc.org/opt v0.1.3 // indirect
-	modernc.org/sqlite v1.24.0 // indirect
-	modernc.org/strutil v1.1.3 // indirect
-	modernc.org/token v1.1.0 // indirect
+	gorm.io/gorm v1.25.5 // indirect
+	helm.sh/helm/v3 v3.14.2 // indirect
+	k8s.io/api v0.29.2 // indirect
+	k8s.io/apiextensions-apiserver v0.29.0 // indirect
+	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	modernc.org/libc v1.29.0 // indirect
+	modernc.org/mathutil v1.6.0 // indirect
+	modernc.org/memory v1.7.2 // indirect
+	modernc.org/sqlite v1.28.0 // indirect
 	sigs.k8s.io/controller-runtime v0.15.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/kustomize/api v0.13.2 // indirect
-	sigs.k8s.io/kustomize/kyaml v0.14.1 // indirect
-	sigs.k8s.io/release-utils v0.7.4 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.3.0 // indirect
-	sigs.k8s.io/yaml v1.3.0 // indirect
+	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
+	sigs.k8s.io/release-utils v0.7.7 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 
-replace github.com/libgit2/git2go/v33 => ../git2go
-
-replace (
-	// Using the forked version of tablewriter
-	github.com/olekukonko/tablewriter => github.com/kubescape/tablewriter v0.0.6-0.20230907094812-c8c737a432a6
-	// TODO(vladklokun): Since later versions (e.g. v0.40.0) that get used without the pin introduce weird packaging issues probably due to package renames, pin to last known good.
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc => go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.35.0
-
-	google.golang.org/grpc => google.golang.org/grpc v1.54.0
-
-	// TODO(vladklokun): armoapi-go requires gorm v1.24.6, but Grype depends on v1.23.10 and breaks on anything above. We can’t have both. Upstream changes to Grype?
-	gorm.io/gorm => gorm.io/gorm v1.23.10 // indirect
-)
+// Using the forked version of tablewriter
+replace github.com/olekukonko/tablewriter => github.com/kubescape/tablewriter v0.0.6-0.20231106230230-aac7d2659c94
 
 // TODO(anubhav06): Remove this once we have a release of copacetic with the support for patching kubescape image scan results.
 replace github.com/project-copacetic/copacetic => github.com/anubhav06/copacetic v0.0.0-20230821175613-0a7915a62e10

httphandler/listener/setup.go

@@ -59,7 +59,7 @@ func SetupHTTPListener() error {
 	otelMiddleware := otelmux.Middleware("kubescape-svc")
 	v1SubRouter := rtr.PathPrefix(v1PathPrefix).Subrouter()
 	v1SubRouter.Use(otelMiddleware)
-	v1SubRouter.HandleFunc(v1PrometheusMetricsPath, httpHandler.Metrics)
+	v1SubRouter.HandleFunc(v1PrometheusMetricsPath, httpHandler.Metrics) // deprecated
 	v1SubRouter.HandleFunc(v1ScanPath, httpHandler.Scan)
 	v1SubRouter.HandleFunc(v1StatusPath, httpHandler.Status)
 	v1SubRouter.HandleFunc(v1ResultsPath, httpHandler.Results)

httphandler/storage/apiserver.go

@@ -7,12 +7,12 @@ import (
 	"github.com/armosec/utils-k8s-go/wlid"
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	v1 "github.com/kubescape/k8s-interface/instanceidhandler/v1"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/k8s-interface/names"
 	"golang.org/x/exp/maps"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 
 	"github.com/kubescape/opa-utils/objectsenvelopes"
@@ -327,23 +327,23 @@ func (a *APIServerStore) StoreWorkloadConfigurationScanResultSummary(ctx context
 }
 
 func updateLabelsAndAnnotationsMapFromRelatedObjects(clusterName string, labels map[string]string, annotations map[string]string, relatedObjects []workloadinterface.IMetadata) error {
-	labels[v1.RbacResourceMetadataKey] = "true"
+	labels[helpersv1.RbacResourceMetadataKey] = "true"
 
 	for i := range relatedObjects {
 		relatedObject := relatedObjects[i]
 		switch relatedObject.GetKind() {
 		case "Role":
-			labels[v1.RoleNameMetadataKey] = relatedObject.GetName()
-			labels[v1.RoleNamespaceMetadataKey] = relatedObject.GetNamespace()
+			labels[helpersv1.RoleNameMetadataKey] = relatedObject.GetName()
+			labels[helpersv1.RoleNamespaceMetadataKey] = relatedObject.GetNamespace()
 		case "RoleBinding":
-			labels[v1.RoleBindingNameMetadataKey] = relatedObject.GetName()
-			labels[v1.RoleBindingNamespaceMetadataKey] = relatedObject.GetNamespace()
-			annotations[v1.WlidMetadataKey] = wlid.GetK8sWLID(clusterName, relatedObject.GetNamespace(), relatedObject.GetKind(), relatedObject.GetName())
+			labels[helpersv1.RoleBindingNameMetadataKey] = relatedObject.GetName()
+			labels[helpersv1.RoleBindingNamespaceMetadataKey] = relatedObject.GetNamespace()
+			annotations[helpersv1.WlidMetadataKey] = wlid.GetK8sWLID(clusterName, relatedObject.GetNamespace(), relatedObject.GetKind(), relatedObject.GetName())
 		case "ClusterRole":
-			labels[v1.ClusterRoleNameMetadataKey] = relatedObject.GetName()
+			labels[helpersv1.ClusterRoleNameMetadataKey] = relatedObject.GetName()
 		case "ClusterRoleBinding":
-			labels[v1.ClusterRoleBindingNameMetadataKey] = relatedObject.GetName()
-			annotations[v1.WlidMetadataKey] = wlid.GetK8sWLID(clusterName, "", relatedObject.GetKind(), relatedObject.GetName())
+			labels[helpersv1.ClusterRoleBindingNameMetadataKey] = relatedObject.GetName()
+			annotations[helpersv1.WlidMetadataKey] = wlid.GetK8sWLID(clusterName, "", relatedObject.GetKind(), relatedObject.GetName())
 		default:
 			return fmt.Errorf("unknown related object kind %s", relatedObject.GetKind())
 		}
@@ -353,14 +353,14 @@ func updateLabelsAndAnnotationsMapFromRelatedObjects(clusterName string, labels
 
 func getManifestObjectLabelsAndAnnotations(clusterName string, resource workloadinterface.IMetadata, relatedObjects []workloadinterface.IMetadata) (map[string]string, map[string]string, error) {
 	annotations := map[string]string{
-		v1.WlidMetadataKey: wlid.GetK8sWLID(clusterName, resource.GetNamespace(), resource.GetKind(), resource.GetName()),
+		helpersv1.WlidMetadataKey: wlid.GetK8sWLID(clusterName, resource.GetNamespace(), resource.GetKind(), resource.GetName()),
 	}
 	labels := make(map[string]string)
-	labels[v1.ApiGroupMetadataKey], labels[v1.ApiVersionMetadataKey] = k8sinterface.SplitApiVersion(resource.GetApiVersion())
-	labels[v1.KindMetadataKey] = resource.GetKind()
-	labels[v1.NameMetadataKey] = resource.GetName()
+	labels[helpersv1.ApiGroupMetadataKey], labels[helpersv1.ApiVersionMetadataKey] = k8sinterface.SplitApiVersion(resource.GetApiVersion())
+	labels[helpersv1.KindMetadataKey] = resource.GetKind()
+	labels[helpersv1.NameMetadataKey] = resource.GetName()
 	if k8sinterface.IsResourceInNamespaceScope(resource.GetKind()) {
-		labels[v1.NamespaceMetadataKey] = resource.GetNamespace()
+		labels[helpersv1.NamespaceMetadataKey] = resource.GetNamespace()
 	}
 
 	if len(relatedObjects) > 0 {

main.go

@@ -27,5 +27,5 @@ func main() {
 	if err := cmd.Execute(); err != nil {
 		logger.L().Fatal(err.Error())
 	}
-
+	// mock change
 }

pkg/imagescan/imagescan.go

@@ -7,6 +7,7 @@ import (
 	"path/filepath"
 
 	"github.com/adrg/xdg"
+	"github.com/anchore/clio"
 	"github.com/anchore/grype/grype"
 	"github.com/anchore/grype/grype/db"
 	"github.com/anchore/grype/grype/grypeerr"
@@ -23,7 +24,7 @@ import (
 	"github.com/anchore/grype/grype/store"
 	"github.com/anchore/grype/grype/vulnerability"
 	"github.com/anchore/stereoscope/pkg/image"
-	"github.com/anchore/syft/syft/pkg/cataloger"
+	"github.com/anchore/syft/cmd/syft/cli/options"
 )
 
 const (
@@ -92,16 +93,36 @@ func validateDBLoad(loadErr error, status *db.Status) error {
 	return nil
 }
 
+type packagesOptions struct {
+	options.Output      `yaml:",inline" mapstructure:",squash"`
+	options.Config      `yaml:",inline" mapstructure:",squash"`
+	options.Catalog     `yaml:",inline" mapstructure:",squash"`
+	options.UpdateCheck `yaml:",inline" mapstructure:",squash"`
+}
+
+func defaultPackagesOptions() *packagesOptions {
+	defaultCatalogOpts := options.DefaultCatalog()
+
+	// TODO(matthyx): assess this value
+	defaultCatalogOpts.Parallelism = 4
+
+	return &packagesOptions{
+		Output:      options.DefaultOutput(),
+		UpdateCheck: options.DefaultUpdateCheck(),
+		Catalog:     defaultCatalogOpts,
+	}
+}
+
 func getProviderConfig(creds RegistryCredentials) pkg.ProviderConfig {
 	syftCreds := []image.RegistryCredentials{{Username: creds.Username, Password: creds.Password}}
 	regOpts := &image.RegistryOptions{
 		Credentials: syftCreds,
 	}
-	catOpts := cataloger.DefaultConfig()
+	syftOpts := defaultPackagesOptions()
 	pc := pkg.ProviderConfig{
 		SyftProviderConfig: pkg.SyftProviderConfig{
-			RegistryOptions:   regOpts,
-			CatalogingOptions: catOpts,
+			RegistryOptions: regOpts,
+			SBOMOptions:     syftOpts.Catalog.ToSBOMConfig(clio.Identification{}),
 		},
 		SynthesisConfig: pkg.SynthesisConfig{
 			GenerateMissingCPEs: true,