Release (#1000 )

* fixed flaky loop(cautils): loadpolicy getter We should not inject pointers to the variable iterated over by the "range" operator. Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> * fixed more flaky pointers in loops (registryadaptors, opaprocessor) Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> * fixed more flaky pointers in loops (resultshandling) Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> * enabled golangci linter in CI Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> * fixed linting issues with minimal linters config Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> * bump go version to 1.19 * English and typos * Support AKS parser (#994) * support GKE parser * update go mod * support GKE parser * update go mod * update k8s-interface pkg * Added KS desgin.drawio * revert k8s.io to v0.25.3 * ran go mod tidy * update sign-up url * [wip] Adding CreateAccount support * revert to docs URL * update opa-utils pkg * Print attack tree (optional, with argument) (#997) * Print attack tree with the argument Signed-off-by: Frédéric BIDON <fredbi@yahoo.com> Co-authored-by: Frédéric BIDON <frederic@oneconcern.com> Co-authored-by: Frédéric BIDON <fredbi@yahoo.com> Co-authored-by: Oshrat Nir <45561829+Oshratn@users.noreply.github.com> Co-authored-by: Amir Malka <amirm@armosec.io> Co-authored-by: David Wertenteil <dwertent@armosec.io>
Merge pull request #991 from kubescape/dev
2026-02-14 18:09:55 +00:00 · 2023-01-03 11:30:09 +02:00 · 2022-12-22 18:12:37 +02:00 · 2022-12-22 17:29:57 +02:00 · 2022-12-22 17:07:47 +02:00 · 2022-12-22 16:56:40 +02:00
125 changed files with 2587 additions and 1193 deletions
--- a/.github/workflows/01-golang-lint.yaml
+++ b/.github/workflows/01-golang-lint.yaml
@@ -0,0 +1,54 @@
+name: golangci-lint
+on:
+  push:
+    branches:
+      - dev
+  pull_request:
+    types: [ edited, opened, synchronize, reopened ]
+    branches: [ master, dev ]
+    paths-ignore:
+      - '**.yaml'
+      - '**.md'
+permissions:
+  contents: read
+  # Optional: allow read access to pull request. Use with `only-new-issues` option.
+  pull-requests: read
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-20.04
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+      - name: Install libgit2
+        run: make libgit2
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: latest
+
+          # Optional: working directory, useful for monorepos
+          # working-directory: somedir
+
+          # Optional: golangci-lint command line arguments.
+          # args: --issues-exit-code=0
+          args: --timeout 10m --build-tags=static
+          #--new-from-rev dev
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          only-new-issues: true
+
+          # Optional: if set to true then the all caching functionality will be complete disabled,
+          #           takes precedence over all other caching options.
+          # skip-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          # skip-pkg-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          # skip-build-cache: true
--- a/.github/workflows/build-image.yaml
+++ b/.github/workflows/build-image.yaml
@@ -26,14 +26,24 @@ on:
        type: boolean
        description: 'support amd64/arm64'

-    secrets:
-      QUAYIO_REGISTRY_USERNAME:
-        required: true
-      QUAYIO_REGISTRY_PASSWORD:
-        required: true
-
 jobs:
+  check-secret:
+    name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets
+    runs-on: ubuntu-latest
+    outputs:
+      is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }}
+    steps:
+      - name: Check whether unity activation requests should be done
+        id: check-secret-set
+        env:
+            QUAYIO_REGISTRY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
+            QUAYIO_REGISTRY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
+        run: |
+            echo "is-secret-set=${{ env.QUAYIO_REGISTRY_USERNAME != '' && env.QUAYIO_REGISTRY_PASSWORD != '' }}" >> $GITHUB_OUTPUT
+
  build-image:
+    needs: [check-secret]
+    if: needs.check-secret.outputs.is-secret-set == 'true'
    name: Build image and upload to registry
    runs-on: ubuntu-latest
    permissions:
@@ -61,10 +71,10 @@ jobs:
      - name: Build and push image
        if: ${{ inputs.support_platforms }}
        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push --platform linux/amd64,linux/arm64
-     
+
      - name: Build and push image without amd64/arm64 support
        if: ${{ !inputs.support_platforms }}
-        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push
+        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push 

      - name: Install cosign
        uses: sigstore/cosign-installer@main
@@ -75,6 +85,5 @@ jobs:
        env:
          COSIGN_EXPERIMENTAL: "true"
        run: |
-            cosign sign --force ${{ inputs.image_name }}:latest
-            cosign sign --force ${{ inputs.image_name }}:${{ inputs.image_tag }}
+            cosign sign --force ${{ inputs.image_name }}

--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -4,7 +4,6 @@ on:
  push:
    branches: [ master ]
    paths-ignore:
-      # Do not run the pipeline if only Markdown files changed
      - '**.md'
 jobs:
  test:
@@ -29,7 +28,7 @@ jobs:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    strategy:
      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
+        os: [ubuntu-20.04, macos-latest, windows-latest]
    steps:
      - uses: actions/checkout@v3
        with:
@@ -38,7 +37,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: 1.18
+          go-version: 1.19

      - name: Install MSYS2 & libgit2 (Windows)
        shell: cmd
@@ -56,8 +55,8 @@ jobs:
          CGO_ENABLED: 1
        run: python3 --version && python3 build.py
 
-      - name: Upload release binaries
-        id: upload-release-asset
+      - name: Upload release binaries (Windows / MacOS)
+        id: upload-release-asset-win-macos
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -66,9 +65,22 @@ jobs:
          asset_path: build/${{ matrix.os }}/kubescape
          asset_name: kubescape-${{ matrix.os }}
          asset_content_type: application/octet-stream
+        if: matrix.os != 'ubuntu-20.04'

-      - name: Upload release hash
-        id: upload-release-hash
+      - name: Upload release binaries (Linux)
+        id: upload-release-asset-linux
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.create-release.outputs.upload_url }}
+          asset_path: build/ubuntu-latest/kubescape
+          asset_name: kubescape-ubuntu-latest
+          asset_content_type: application/octet-stream
+        if: matrix.os == 'ubuntu-20.04'
+
+      - name: Upload release hash (Windows / MacOS)
+        id: upload-release-hash-win-macos
        uses: actions/upload-release-asset@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -77,15 +89,27 @@ jobs:
          asset_path: build/${{ matrix.os }}/kubescape.sha256
          asset_name: kubescape-${{ matrix.os }}-sha256
          asset_content_type: application/octet-stream
-  
+        if: matrix.os != 'ubuntu-20.04'
+
+      - name: Upload release hash (Linux)
+        id: upload-release-hash-linux
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.create-release.outputs.upload_url }}
+          asset_path: build/ubuntu-latest/kubescape.sha256
+          asset_name: kubescape-ubuntu-latest-sha256
+          asset_content_type: application/octet-stream     
+        if: matrix.os == 'ubuntu-20.04'
+
  publish-image:
-    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
    uses: ./.github/workflows/build-image.yaml
    needs: create-release
    with:
      client: "image-release"
      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
      image_tag: "v2.0.${{ github.run_number }}"
-      support_platforms: false
+      support_platforms: true
      cosign: true
    secrets: inherit
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -13,14 +13,13 @@ jobs:
      release: "v2.0.${{ github.run_number }}"
      client: test
 
-  publish-dev-image:
-    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
-    uses: ./.github/workflows/build-image.yaml
-    needs: test
-    with:
-      client: "image-dev"
-      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
-      image_tag: "dev-v2.0.${{ github.run_number }}"
-      support_platforms: false
-      cosign: true
-    secrets: inherit
+  # publish-dev-image:
+  #   uses: ./.github/workflows/build-image.yaml
+  #   needs: test
+  #   with:
+  #     client: "image-dev"
+  #     image_name: "quay.io/${{ github.repository_owner }}/kubescape"
+  #     image_tag: "dev-v2.0.${{ github.run_number }}"
+  #     support_platforms: true
+  #     cosign: true
+  #   secrets: inherit
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -19,14 +19,14 @@ jobs:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
    strategy:
      matrix:
-        os: [ubuntu-latest, macos-latest, windows-latest]
+        os: [ubuntu-20.04, macos-latest, windows-latest]
    steps:
      - uses: actions/checkout@v3
        with:
          submodules: recursive

      - name: Cache Go modules (Linux)
-        if: matrix.os == 'ubuntu-latest' 
+        if: matrix.os == 'ubuntu-20.04'
        uses: actions/cache@v3
        with:
          path: |
@@ -61,7 +61,7 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v3
        with:
-          go-version: 1.18
+          go-version: 1.19

      - name: Install MSYS2 & libgit2 (Windows)
        shell: cmd
@@ -85,9 +85,16 @@ jobs:
          CGO_ENABLED: 1
        run: python3 --version && python3 build.py

-      - name: Smoke Testing
+      - name: Smoke Testing (Windows / MacOS)
        env:
          RELEASE: ${{ inputs.release }} 
          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
        run: python3 smoke_testing/init.py ${PWD}/build/${{ matrix.os }}/kubescape
-        
+        if: matrix.os != 'ubuntu-20.04'
+
+      - name: Smoke Testing (Linux)
+        env:
+          RELEASE: ${{ inputs.release }} 
+          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
+        run: python3 smoke_testing/init.py ${PWD}/build/ubuntu-latest/kubescape
+        if: matrix.os == 'ubuntu-20.04'        
--- a/.gitignore
+++ b/.gitignore
@@ -5,4 +5,5 @@
 *.pyc*
 .idea
 .history
-ca.srl
+ca.srl
+*.out
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,58 @@
+linters-settings:
+  govet:
+    check-shadowing: true
+  dupl:
+    threshold: 200
+  goconst:
+    min-len: 3
+    min-occurrences: 2
+  gocognit:
+    min-complexity: 65
+
+linters:
+  enable:
+    - gosec
+    - staticcheck
+    - nolintlint
+  disable:
+    # temporarily disabled
+    - varcheck
+    - ineffassign
+    - unused
+    - typecheck
+    - errcheck
+    - govet
+    - gosimple
+    - deadcode
+    - gofmt
+    - goimports
+    - bodyclose
+    - dupl
+    - gocognit
+    - gocritic
+    - goimports
+    - nakedret
+    - revive
+    - stylecheck
+    - unconvert
+    - unparam
+    #- forbidigo # <- see later
+    # should remain disabled
+    - maligned
+    - lll
+    - gochecknoinits
+    - gochecknoglobals
+issues:
+  exclude-rules:
+    - linters:
+      - revive
+      text: "var-naming"
+    - linters:
+      - revive
+      text: "type name will be used as (.+?) by other packages, and that stutters"
+    - linters:
+      - stylecheck
+      text: "ST1003"
+run:
+  skip-dirs:
+    - git2go
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -1,127 +1,3 @@
-# Contributor Covenant Code of Conduct
+## Code of Conduct

-## Our Pledge
-
-We as members, contributors, and leaders pledge to make participation in our
-community a harassment-free experience for everyone, regardless of age, body
-size, visible or invisible disability, ethnicity, sex characteristics, gender
-identity and expression, level of experience, education, socio-economic status,
-nationality, personal appearance, race, religion, or sexual identity
-and orientation.
-
-We pledge to act and interact in ways that contribute to an open, welcoming,
-diverse, inclusive, and healthy community.
-
-## Our Standards
-
-Examples of behavior that contributes to a positive environment for our
-community include:
-
-* Demonstrating empathy and kindness toward other people
-* Being respectful of differing opinions, viewpoints, and experiences
-* Giving and gracefully accepting constructive feedback
-* Accepting responsibility and apologizing to those affected by our mistakes,
-  and learning from the experience
-* Focusing on what is best not just for us as individuals, but for the
-  overall community
-
-Examples of unacceptable behavior include:
-
-* The use of sexualized language or imagery, and sexual attention or
-  advances of any kind
-* Trolling, insulting or derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or email
-  address, without their explicit permission
-* Other conduct which could reasonably be considered inappropriate in a
-  professional setting
-
-## Enforcement Responsibilities
-
-Community leaders are responsible for clarifying and enforcing our standards of
-acceptable behavior and will take appropriate and fair corrective action in
-response to any behavior that they deem inappropriate, threatening, offensive,
-or harmful.
-
-Community leaders have the right and responsibility to remove, edit, or reject
-comments, commits, code, wiki edits, issues, and other contributions that are
-not aligned to this Code of Conduct, and will communicate reasons for moderation
-decisions when appropriate.
-
-## Scope
-
-This Code of Conduct applies within all community spaces, and also applies when
-an individual is officially representing the community in public spaces.
-Examples of representing our community include using an official e-mail address,
-posting via an official social media account, or acting as an appointed
-representative at an online or offline event.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
-reported to the community leaders responsible for enforcement [here](mailto:ben@armosec.io).
-All complaints will be reviewed and investigated promptly and fairly.
-
-All community leaders are obligated to respect the privacy and security of the
-reporter of any incident.
-
-## Enforcement Guidelines
-
-Community leaders will follow these Community Impact Guidelines in determining
-the consequences for any action they deem in violation of this Code of Conduct:
-
-### 1. Correction
-
-**Community Impact**: Use of inappropriate language or other behavior deemed
-unprofessional or unwelcome in the community.
-
-**Consequence**: A private, written warning from community leaders, providing
-clarity around the nature of the violation and an explanation of why the
-behavior was inappropriate. A public apology may be requested.
-
-### 2. Warning
-
-**Community Impact**: A violation through a single incident or series
-of actions.
-
-**Consequence**: A warning with consequences for continued behavior. No
-interaction with the people involved, including unsolicited interaction with
-those enforcing the Code of Conduct, for a specified period of time. This
-includes avoiding interactions in community spaces as well as external channels
-like social media. Violating these terms may lead to a temporary or
-permanent ban.
-
-### 3. Temporary Ban
-
-**Community Impact**: A serious violation of community standards, including
-sustained inappropriate behavior.
-
-**Consequence**: A temporary ban from any sort of interaction or public
-communication with the community for a specified period of time. No public or
-private interaction with the people involved, including unsolicited interaction
-with those enforcing the Code of Conduct, is allowed during this period.
-Violating these terms may lead to a permanent ban.
-
-### 4. Permanent Ban
-
-**Community Impact**: Demonstrating a pattern of violation of community
-standards, including sustained inappropriate behavior,  harassment of an
-individual, or aggression toward or disparagement of classes of individuals.
-
-**Consequence**: A permanent ban from any sort of public interaction within
-the community.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage],
-version 2.0, available at
-https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
-
-Community Impact Guidelines were inspired by [Mozilla's code of conduct
-enforcement ladder](https://github.com/mozilla/diversity).
-
-[homepage]: https://www.contributor-covenant.org
-
-For answers to common questions about this code of conduct, see the FAQ at
-https://www.contributor-covenant.org/faq. Translations are available at
-https://www.contributor-covenant.org/translations.
+The Kubescape project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -1,10 +1,11 @@
 # Maintainers

-The following table lists Kubescape project maintainers 
+The following table lists the Kubescape project maintainers:

-| Name | GitHub | Email | Organization | Role | Added/Renewed On |
-| --- | --- | --- | --- | --- | --- |
-| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | ben@armosec.io | [ARMO](https://www.armosec.io/) | VP R&D | 2021-09-01 |
-| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | rrefael@armosec.io | [ARMO](https://www.armosec.io/) | Team Leader | 2021-10-11 |
-| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | dwertent@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape CLI Developer | 2021-09-01 |
-| [Bezalel Brandwine](https://www.linkedin.com/in/bezalel-brandwine) | [@Bezbran](https://github.com/Bezbran) | bbrandwine@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape SaaS Developer | 2021-09-01 |
+| Name | GitHub | Organization | Added/Renewed On |
+| --- | --- | --- | --- |
+| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
+| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | [ARMO](https://www.armosec.io/) | 2021-10-11 |
+| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
+| [Bezalel Brandwine](https://www.linkedin.com/in/bezalel-brandwine) | [@Bezbran](https://github.com/Bezbran) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
+| [Craig Box](https://www.linkedin.com/in/crbnz/) | [@craigbox](https://github.com/craigbox) | [ARMO](https://www.armosec.io/) | 2022-10-31 |
--- a/README.md
+++ b/README.md
@@ -11,11 +11,11 @@
 :sunglasses: [Want to contribute?](#being-a-part-of-the-team) :innocent: 


-Kubescape is a K8s open-source tool providing a Kubernetes single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning. 
-Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/)), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time.
+Kubescape is an open-source Kubernetes security platform. A single pane of glass access to view risk analysis, security compliance, RBAC visualization, and image vulnerability scanning. 
+Kubescape scans Kubernetes clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (such as [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) and [CIS Benchmark](https://www.armosec.io/blog/cis-kubernetes-benchmark-framework-scanning-tools-comparison/?utm_source=github&utm_medium=repository)). Kubescape also helps you find software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline. It calculates your risk score instantly and shows risk trends over time.

-It has become one of the fastest-growing Kubernetes tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins precious time, effort, and resources.
-Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, Prometheus, and Slack, and supports multi-cloud K8s deployments like EKS, GKE, and AKS.
+Kubescape is one of the fastest-growing Kubernetes security tools among developers. It saves Kubernetes users and admins precious time, effort, and resources with its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities.
+Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, Prometheus, and Slack. It supports multi-cloud Kubernetes deployments like EKS, GKE, and AKS.

 </br>

@@ -52,6 +52,9 @@ kubescape scan --enable-host-scan --verbose
 </br>

 ## Architecture in short
+
+[Component architecture](docs/architecture.drawio.svg)
+
 ### [CLI](#kubescape-cli)
 <div align="center">
    <img src="docs/ks-cli-arch.png" width="300" alt="cli-diagram">
@@ -69,12 +72,14 @@ kubescape scan --enable-host-scan --verbose
 # Being a part of the team

 ## Community
-We invite you to our community! We are excited about this project and want to return the love we get.
+You are in vited to our community! We are excited about this project and want to return the love we get.

-We hold community meetings in [Zoom](https://us02web.zoom.us/j/84020231442) on the first Tuesday of every month at 14:00 GMT! :sunglasses:
+We hold community meetings on [Zoom](https://us02web.zoom.us/j/84020231442) on the first Tuesday of every month at 14:00 GMT! :sunglasses:
+
+Please make sure that you follow our [Code Of Conduct](https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md). 

 ## Contributions 
-[Want to contribute?](https://github.com/kubescape/kubescape/blob/master/CONTRIBUTING.md) Want to discuss something? Have an issue? Please make sure that you follow our [Code Of Conduct](https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md) . 
+Want to discuss something? Have an issue? [Want to contribute?](https://github.com/kubescape/kubescape/blob/master/CONTRIBUTING.md)  

 * Feel free to pick a task from the [issues](https://github.com/kubescape/kubescape/issues?q=is%3Aissue+is%3Aopen+label%3A%22open+for+contribution%22), [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) 
 * [Open an issue](https://github.com/kubescape/kubescape/issues/new/choose) , we are trying to respond within 48 hours
@@ -220,6 +225,8 @@ kubescape scan *.yaml
 ```

 #### Scan Kubernetes manifest files from a git repository 
+
+```
 kubescape scan https://github.com/kubescape/kubescape
 ```

@@ -259,7 +266,7 @@ kubescape scan --format prometheus
 kubescape scan --format html --output results.html
 ```

-#### Scan with exceptions, objects with exceptions will be presented as `exclude` and not `fail`
+#### Scan with exceptions. Objects with exceptions will be presented as `exclude` and not `fail`
 [Full documentation](examples/exceptions/README.md)
 ```
 kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json
@@ -271,13 +278,13 @@ kubescape scan </path/to/directory>
 ```
 > Kubescape will load the default value file

-#### Scan Kustomize Directory 
+#### Scan a Kustomize Directory 
 ```
 kubescape scan </path/to/directory>
 ```
-> Kubescape will generate Kubernetes Yaml Objects using 'Kustomize' file and scans them for security.
+> Kubescape will generate Kubernetes YAML objects using a 'Kustomize' file and scan them for security.

-### Offline/Air-gaped Environment Support
+### Offline/Air-gapped Environment Support

 [Video tutorial](https://youtu.be/IGXL9s37smM)

@@ -321,7 +328,7 @@ kubescape scan framework nsa --use-from /path/nsa.json

 ![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/kubescape.kubescape?label=VScode) ![Open VSX](https://img.shields.io/open-vsx/dt/kubescape/kubescape?label=openVSX&color=yellowgreen)

-Scan the YAML files while writing them using the [vs code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) 
+Scan the YAML files while writing them using the [VS Code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) 

 ## Lens Extension

@@ -403,15 +410,15 @@ View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using k
 <details>
 <summary>Instructions to use the playground</summary>

-* Apply changes you wish to make to the kubescape directory using text editors like `Vim`.
+* Apply changes you wish to make to the Kubescape directory using text editors like `Vim`.
 * [Build on Linux](https://github.com/kubescape/kubescape#build-on-linuxmacos)
-* Now, you can use Kubescape just like a normal user. Instead of using `kubescape`, use `./kubescape`. (Make sure you are inside kubescape directory because the command will execute the binary named `kubescape` in `kubescape directory`)
+* Now, you can use Kubescape like a regular user. Instead of using `kubescape`, use `./kubescape`. Make sure you are in the Kubescape directory because the command will execute the binary named `kubescape` in `kubescape directory`)

 </details>

-## VS code configuration samples
+## VS Code configuration samples

-You can use the sample files below to setup your VS code environment for building and debugging purposes.
+You can use the sample files below to setup your VS Code environment for building and debugging purposes.


 <details><summary>.vscode/settings.json</summary>
@@ -458,11 +465,11 @@ You can use the sample files below to setup your VS code environment for buildin
 ## Technology
 Kubescape is based on the [OPA engine](https://github.com/open-policy-agent/opa) and ARMO's posture controls.

-The tools retrieve Kubernetes objects from the API server and run a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).
+The tools retrieve Kubernetes objects from the API server and runs a set of [Rego snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).

-The results by default are printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.
+The results by default are printed in a "console friendly" manner, but they can be retrieved in JSON format for further processing.

-Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests more robust and complete as Kubernetes develops.
+Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and aim to make the tests more robust and complete as Kubernetes develops.

 ## Thanks to all the contributors ❤️
 <a href = "https://github.com/kubescape/kubescape/graphs/contributors">
--- a/build.py
+++ b/build.py
@@ -57,7 +57,7 @@ def main():
    if client_name:
        ldflags += " -X {}={}".format(client_var, client_name)
 
-    build_command = ["go", "build", "-tags=static", "-o", ks_file, "-ldflags" ,ldflags]
+    build_command = ["go", "build", "-buildmode=pie", "-tags=static", "-o", ks_file, "-ldflags" ,ldflags]

    print("Building kubescape and saving here: {}".format(ks_file))
    print("Build command: {}".format(" ".join(build_command)))
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.18-alpine as builder
+FROM golang:1.19-alpine as builder

 ARG image_version
 ARG client
@@ -12,7 +12,7 @@ ENV CGO_ENABLED=1

 # Install required python/pip
 ENV PYTHONUNBUFFERED=1
-RUN apk add --update --no-cache python3 git openssl-dev musl-dev gcc make cmake pkgconfig && ln -sf python3 /usr/bin/python
+RUN apk add --update --no-cache python3 gcc make git libc-dev binutils-gold cmake pkgconfig && ln -sf python3 /usr/bin/python
 RUN python3 -m ensurepip
 RUN pip3 install --no-cache --upgrade pip setuptools

--- a/cmd/completion/completion.go
+++ b/cmd/completion/completion.go
@@ -9,11 +9,11 @@ import (

 var completionCmdExamples = `

-  # Enable BASH shell autocompletion 
-  $ source <(kubescape completion bash) 
+  # Enable BASH shell autocompletion
+  $ source <(kubescape completion bash)
  $ echo 'source <(kubescape completion bash)' >> ~/.bashrc

-  # Enable ZSH shell autocompletion 
+  # Enable ZSH shell autocompletion
  $ source <(kubectl completion zsh)
  $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl"

@@ -27,7 +27,7 @@ func GetCompletionCmd() *cobra.Command {
 		Example:               completionCmdExamples,
 		DisableFlagsInUseLine: true,
 		ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
-		Args:                  cobra.ExactValidArgs(1),
+		Args:                  cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
 		Run: func(cmd *cobra.Command, args []string) {
 			switch strings.ToLower(args[0]) {
 			case "bash":
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -24,8 +24,8 @@ var (
  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
  kubescape download framework nsa

-  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
-  kubescape download control "Allowed hostPath"
+  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
+  kubescape download control "C-0001"

  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
  kubescape download control C-0001
@@ -36,6 +36,8 @@ var (
  # Download the configured controls-inputs 
  kubescape download controls-inputs 

+  # Download the attack tracks
+  kubescape download attack-tracks
 `
 )

@@ -68,7 +70,9 @@ func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
 			}
 			downloadInfo.Target = args[0]
 			if len(args) >= 2 {
-				downloadInfo.Name = args[1]
+
+				downloadInfo.Identifier = args[1]
+
 			}
 			if err := ks.Download(&downloadInfo); err != nil {
 				logger.L().Fatal(err.Error())
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -20,11 +20,8 @@ var (
  # List all supported frameworks names
  kubescape list frameworks --account <account id>
 	
-  # List all supported controls names
+  # List all supported controls names with ids
  kubescape list controls
-
-  # List all supported controls ids
-  kubescape list controls --id 
  
  Control documentation:
  https://hub.armosec.io/docs/controls
@@ -67,8 +64,8 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
 	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
 	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
-	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-printer'/'json'")
-	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")
+	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-print'/'json'")
+	listCmd.PersistentFlags().MarkDeprecated("id", "Control ID's are included in list outpus")

 	return listCmd
 }
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -27,7 +27,7 @@ var rootInfo cautils.RootInfo

 var ksExamples = `
  # Scan command
-  kubescape scan --submit
+  kubescape scan

  # List supported frameworks
  kubescape list frameworks
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -23,7 +23,7 @@ var (
  kubescape scan control "privileged container"
 	
  # Scan list of controls separated with a comma
-  kubescape scan control "privileged container","allowed hostpath"
+  kubescape scan control "privileged container","HostPath mount"
  
  # Scan list of controls using the control ID separated with a comma
  kubescape scan control C-0058,C-0057
@@ -61,7 +61,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			if err := validateFrameworkScanInfo(scanInfo); err != nil {
 				return err
 			}
-			
+
 			// flagValidationControl(scanInfo)
 			scanInfo.PolicyIdentifier = []cautils.PolicyIdentifier{}

@@ -109,7 +109,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
-			enforceSeverityThresholds(&results.GetResults().SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)
+			enforceSeverityThresholds(results.GetResults().SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)

 			return nil
 		},
@@ -120,6 +120,10 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 func validateControlScanInfo(scanInfo *cautils.ScanInfo) error {
 	severity := scanInfo.FailThresholdSeverity

+	if scanInfo.Submit && scanInfo.OmitRawResources {
+		return fmt.Errorf("you can use `omit-raw-resources` or `submit`, but not both")
+	}
+
 	if err := validateSeverity(severity); severity != "" && err != nil {
 		return err
 	}
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -16,14 +16,13 @@ import (
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/meta"

-	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )

 var (
 	frameworkExample = `
-  # Scan all frameworks and submit the results
-  kubescape scan framework all --submit
+  # Scan all frameworks
+  kubescape scan framework all
  
  # Scan the NSA framework
  kubescape scan framework nsa
@@ -35,7 +34,7 @@ var (
  kubescape scan framework all

  # Scan kubernetes YAML manifest files (single file or glob)
-  kubescape scan framework nsa *.yaml
+  kubescape scan framework nsa .

  Run 'kubescape list frameworks' for the list of supported frameworks
 `
@@ -113,13 +112,13 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				logger.L().Fatal(err.Error())
 			}
 			if !scanInfo.VerboseMode {
-				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+				cautils.SimpleDisplay(os.Stderr, "Run with '--verbose'/'-v' flag for detailed resources view\n\n")
 			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}

-			enforceSeverityThresholds(&results.GetData().Report.SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)
+			enforceSeverityThresholds(results.GetData().Report.SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
 			return nil
 		},
 	}
@@ -136,10 +135,10 @@ func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCou
 		SeverityName       string
 		GetFailedResources func() int
 	}{
-		{reporthandlingapis.SeverityLowString, severityCounters.NumberOfResourcesWithLowSeverity},
-		{reporthandlingapis.SeverityMediumString, severityCounters.NumberOfResourcesWithMediumSeverity},
-		{reporthandlingapis.SeverityHighString, severityCounters.NumberOfResourcesWithHighSeverity},
-		{reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfResourcesWithCriticalSeverity},
+		{reporthandlingapis.SeverityLowString, severityCounters.NumberOfLowSeverity},
+		{reporthandlingapis.SeverityMediumString, severityCounters.NumberOfMediumSeverity},
+		{reporthandlingapis.SeverityHighString, severityCounters.NumberOfHighSeverity},
+		{reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfCriticalSeverity},
 	}

 	targetSeverityIdx := 0
@@ -201,7 +200,9 @@ func validateFrameworkScanInfo(scanInfo *cautils.ScanInfo) error {
 	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
 		return fmt.Errorf("bad argument: out of range threshold")
 	}
-
+	if scanInfo.Submit && scanInfo.OmitRawResources {
+		return fmt.Errorf("you can use `omit-raw-resources` or `submit`, but not both")
+	}
 	severity := scanInfo.FailThresholdSeverity
 	if err := validateSeverity(severity); severity != "" && err != nil {
 		return err
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -17,10 +17,10 @@ var scanCmdExamples = `
  kubescape scan --enable-host-scan --verbose

  # Scan kubernetes YAML manifest files
-  kubescape scan *.yaml
+  kubescape scan .

  # Scan and save the results in the JSON format
-  kubescape scan --format json --output results.json
+  kubescape scan --format json --output results.json --format-version=v2

  # Display all resources
  kubescape scan --verbose
@@ -58,6 +58,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 		},
 		PreRun: func(cmd *cobra.Command, args []string) {
 			k8sinterface.SetClusterContextName(scanInfo.KubeContext)
+
 		},
 		PostRun: func(cmd *cobra.Command, args []string) {
 			// TODO - revert context
@@ -65,6 +66,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	}

 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	// scanCmd.PersistentFlags().BoolVar(&scanInfo.CreateAccount, "create-account", false, "Create a Kubescape SaaS account ID account ID is not found in cache. After creating the account, the account ID will be saved in cache. In addition, the scanning results will be uploaded to the Kubescape SaaS")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
@@ -76,7 +78,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")

 	scanCmd.PersistentFlags().StringVar(&scanInfo.FailThresholdSeverity, "severity-threshold", "", "Severity threshold is the severity of failed controls at which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html", "sarif"`)
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "", `Output file format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html", "sarif"`)
 	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to configured backend.")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
@@ -88,11 +90,15 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.CustomClusterName, "cluster-name", "", "Set the custom name of the cluster. Not same as the kube-context flag")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Submit the scan results to Kubescape SaaS where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.OmitRawResources, "omit-raw-resources", "", false, "Omit raw resources from the output. By default the raw resources are included in the output")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.PrintAttackTree, "print-attack-tree", "", false, "Print attack tree")

 	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")

 	// hidden flags
 	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes
+	scanCmd.PersistentFlags().MarkHidden("omit-raw-resources")
+	scanCmd.PersistentFlags().MarkHidden("print-attack-tree")

 	// Retrieve --kubeconfig flag from https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/cmd.go
 	scanCmd.PersistentFlags().AddGoFlag(flag.Lookup("kubeconfig"))
--- a/cmd/scan/scan_test.go
+++ b/cmd/scan/scan_test.go
@@ -24,91 +24,91 @@ func TestExceedsSeverity(t *testing.T) {
 		{
 			Description:      "Critical failed resource should exceed Critical threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Critical failed resource should exceed Critical threshold set as constant",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource should not exceed Critical threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource does not exceed High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Low failed resource does not exceed Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Low failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Unknown severity returns an error",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "unknown"},
-			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
 			Want:             false,
 			Error:            ErrUnknownSeverity,
 		},
@@ -139,7 +139,7 @@ func Test_enforceSeverityThresholds(t *testing.T) {
 	}{
 		{
 			"Exceeding Critical severity counter should call the terminating function",
-			&reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			&reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
 			&cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
 			true,
 		},
--- a/cmd/submit/rbac.go
+++ b/cmd/submit/rbac.go
@@ -31,10 +31,11 @@ var (
 // getRBACCmd represents the RBAC command
 func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 	return &cobra.Command{
-		Use:     "rbac",
-		Example: rbacExamples,
-		Short:   "Submit cluster's Role-Based Access Control(RBAC)",
-		Long:    ``,
+		Use:        "rbac",
+		Deprecated: "This command is deprecated and will not be supported after 1/Jan/2023. Please use the 'scan' command instead.",
+		Example:    rbacExamples,
+		Short:      "Submit cluster's Role-Based Access Control(RBAC)",
+		Long:       ``,
 		RunE: func(cmd *cobra.Command, args []string) error {

 			if err := flagValidationSubmit(submitInfo); err != nil {
--- a/cmd/submit/submit.go
+++ b/cmd/submit/submit.go
@@ -7,16 +7,21 @@ import (
 )

 var submitCmdExamples = `
+# Submit Kubescape scan results file
+kubescape submit results

+# Submit exceptions file to Kubescape SaaS
+kubescape submit exceptions
 `

 func GetSubmitCmd(ks meta.IKubescape) *cobra.Command {
 	var submitInfo metav1.Submit

 	submitCmd := &cobra.Command{
-		Use:   "submit <command>",
-		Short: "Submit an object to the Kubescape SaaS version",
-		Long:  ``,
+		Use:     "submit <command>",
+		Short:   "Submit an object to the Kubescape SaaS version",
+		Long:    ``,
+		Example: submitCmdExamples,
 		Run: func(cmd *cobra.Command, args []string) {
 		},
 	}
--- a/core/cautils/controllink.go
+++ b/core/cautils/controllink.go
@@ -0,0 +1,12 @@
+package cautils
+
+import (
+	"fmt"
+	"strings"
+)
+
+func GetControlLink(controlID string) string {
+	// For CIS Controls, cis-1.1.3 will be transformed to cis-1-1-3 in documentation link.
+	docLinkID := strings.ReplaceAll(controlID, ".", "-")
+	return fmt.Sprintf("https://hub.armosec.io/docs/%s", strings.ToLower(docLinkID))
+}
--- a/core/cautils/customerloader.go
+++ b/core/cautils/customerloader.go
@@ -470,10 +470,7 @@ func (c *ClusterConfig) updateConfigMap() error {
 }

 func updateConfigFile(configObj *ConfigObj) error {
-	if err := os.WriteFile(ConfigFileFullPath(), configObj.Config(), 0664); err != nil {
-		return err
-	}
-	return nil
+	return os.WriteFile(ConfigFileFullPath(), configObj.Config(), 0664) //nolint:gosec
 }

 func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) {
--- a/core/cautils/datastructures.go
+++ b/core/cautils/datastructures.go
@@ -5,6 +5,7 @@ import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/opa-utils/reporthandling"
 	apis "github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/prioritization"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/resourcesresults"
 	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
@@ -18,18 +19,21 @@ type OPASessionObj struct {
 	K8SResources          *K8SResources                                 // input k8s objects
 	ArmoResource          *KSResources                                  // input ARMO objects
 	AllPolicies           *Policies                                     // list of all frameworks
-	Policies              []reporthandling.Framework                    // list of frameworks to scan
 	AllResources          map[string]workloadinterface.IMetadata        // all scanned resources, map[<resource ID>]<resource>
 	ResourcesResult       map[string]resourcesresults.Result            // resources scan results, map[<resource ID>]<resource result>
 	ResourceSource        map[string]reporthandling.Source              // resources sources, map[<resource ID>]<resource result>
 	ResourcesPrioritized  map[string]prioritization.PrioritizedResource // resources prioritization information, map[<resource ID>]<prioritized resource>
-	Report                *reporthandlingv2.PostureReport               // scan results v2 - Remove
-	Exceptions            []armotypes.PostureExceptionPolicy            // list of exceptions to apply on scan results
-	RegoInputData         RegoInputData                                 // input passed to rego for scanning. map[<control name>][<input arguments>]
+	ResourceAttackTracks  map[string]v1alpha1.IAttackTrack              // resources attack tracks, map[<resource ID>]<attack track>
+	AttackTracks          map[string]v1alpha1.IAttackTrack
+	Report                *reporthandlingv2.PostureReport // scan results v2 - Remove
+	RegoInputData         RegoInputData                   // input passed to rego for scanning. map[<control name>][<input arguments>]
 	Metadata              *reporthandlingv2.Metadata
-	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
-	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
-	SessionID             string                     // SessionID
+	InfoMap               map[string]apis.StatusInfo         // Map errors of resources to StatusInfo
+	ResourceToControlsMap map[string][]string                // map[<apigroup/apiversion/resource>] = [<control_IDs>]
+	SessionID             string                             // SessionID
+	Policies              []reporthandling.Framework         // list of frameworks to scan
+	Exceptions            []armotypes.PostureExceptionPolicy // list of exceptions to apply on scan results
+	OmitRawResources      bool                               // omit raw resources from output
 }

 func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
@@ -45,6 +49,7 @@ func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SRe
 		ResourceSource:        make(map[string]reporthandling.Source),
 		SessionID:             scanInfo.ScanID,
 		Metadata:              scanInfoToScanMetadata(scanInfo),
+		OmitRawResources:      scanInfo.OmitRawResources,
 	}
 }

@@ -94,6 +99,7 @@ type Exception struct {

 type RegoInputData struct {
 	PostureControlInputs map[string][]string `json:"postureControlInputs"`
+	DataControlInputs    map[string]string   `json:"dataControlInputs"`
 	// ClusterName          string              `json:"clusterName"`
 	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
 }
--- a/core/cautils/getter/downloadreleasedpolicy.go
+++ b/core/cautils/getter/downloadreleasedpolicy.go
@@ -1,6 +1,7 @@
 package getter

 import (
+	"fmt"
 	"strings"

 	"github.com/armosec/armoapi-go/armotypes"
@@ -24,11 +25,11 @@ func NewDownloadReleasedPolicy() *DownloadReleasedPolicy {
 	}
 }

-func (drp *DownloadReleasedPolicy) GetControl(policyName string) (*reporthandling.Control, error) {
+func (drp *DownloadReleasedPolicy) GetControl(ID string) (*reporthandling.Control, error) {
 	var control *reporthandling.Control
 	var err error

-	control, err = drp.gs.GetOPAControl(policyName)
+	control, err = drp.gs.GetOPAControlByID(ID)
 	if err != nil {
 		return nil, err
 	}
@@ -55,13 +56,29 @@ func (drp *DownloadReleasedPolicy) ListFrameworks() ([]string, error) {
 	return drp.gs.GetOPAFrameworksNamesList()
 }

-func (drp *DownloadReleasedPolicy) ListControls(listType ListType) ([]string, error) {
-	switch listType {
-	case ListID:
-		return drp.gs.GetOPAControlsIDsList()
-	default:
-		return drp.gs.GetOPAControlsNamesList()
+func (drp *DownloadReleasedPolicy) ListControls() ([]string, error) {
+	controlsIDsList, err := drp.gs.GetOPAControlsIDsList()
+	if err != nil {
+		return []string{}, err
 	}
+	controlsNamesList, err := drp.gs.GetOPAControlsNamesList()
+	if err != nil {
+		return []string{}, err
+	}
+	controls, err := drp.gs.GetOPAControls()
+	if err != nil {
+		return []string{}, err
+	}
+	var controlsFrameworksList [][]string
+	for _, control := range controls {
+		controlsFrameworksList = append(controlsFrameworksList, control.FrameworkNames)
+	}
+	controlsNamesWithIDsandFrameworksList := make([]string, len(controlsIDsList))
+	// by design all slices have the same lengt
+	for i := range controlsIDsList {
+		controlsNamesWithIDsandFrameworksList[i] = fmt.Sprintf("%v|%v|%v", controlsIDsList[i], controlsNamesList[i], strings.Join(controlsFrameworksList[i], ","))
+	}
+	return controlsNamesWithIDsandFrameworksList, nil
 }

 func (drp *DownloadReleasedPolicy) GetControlsInputs(clusterName string) (map[string][]string, error) {
--- a/core/cautils/getter/getpolicies.go
+++ b/core/cautils/getter/getpolicies.go
@@ -6,19 +6,13 @@ import (
 	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 )

-// supported listing
-type ListType string
-
-const ListID ListType = "id"
-const ListName ListType = "name"
-
 type IPolicyGetter interface {
 	GetFramework(name string) (*reporthandling.Framework, error)
 	GetFrameworks() ([]reporthandling.Framework, error)
-	GetControl(name string) (*reporthandling.Control, error)
+	GetControl(ID string) (*reporthandling.Control, error)

 	ListFrameworks() ([]string, error)
-	ListControls(ListType) ([]string, error)
+	ListControls() ([]string, error)
 }

 type IExceptionsGetter interface {
--- a/core/cautils/getter/getpoliciesutils.go
+++ b/core/cautils/getter/getpoliciesutils.go
@@ -21,18 +21,19 @@ func SaveInFile(policy interface{}, pathStr string) error {
 	if err != nil {
 		return err
 	}
-	err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+	err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec
 	if err != nil {
 		if os.IsNotExist(err) {
 			pathDir := path.Dir(pathStr)
-			if err := os.Mkdir(pathDir, 0744); err != nil {
+			// pathDir could contain subdirectories
+			if err := os.MkdirAll(pathDir, 0755); err != nil {
 				return err
 			}
 		} else {
 			return err

 		}
-		err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+		err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec
 		if err != nil {
 			return err
 		}
--- a/core/cautils/getter/kscloudapi.go
+++ b/core/cautils/getter/kscloudapi.go
@@ -4,7 +4,7 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"strings"
 	"time"
@@ -192,7 +192,7 @@ func (api *KSCloudAPI) GetFrameworks() ([]reporthandling.Framework, error) {
 	return frameworks, err
 }

-func (api *KSCloudAPI) GetControl(policyName string) (*reporthandling.Control, error) {
+func (api *KSCloudAPI) GetControl(ID string) (*reporthandling.Control, error) {
 	return nil, fmt.Errorf("control api is not public")
 }

@@ -306,7 +306,7 @@ func (api *KSCloudAPI) ListFrameworks() ([]string, error) {
 	return frameworkList, nil
 }

-func (api *KSCloudAPI) ListControls(l ListType) ([]string, error) {
+func (api *KSCloudAPI) ListControls() ([]string, error) {
 	return nil, fmt.Errorf("control api is not public")
 }

@@ -358,7 +358,7 @@ func (api *KSCloudAPI) Login() error {
 		return fmt.Errorf("error authenticating: %d", resp.StatusCode)
 	}

-	responseBody, err := ioutil.ReadAll(resp.Body)
+	responseBody, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return err
 	}
--- a/core/cautils/getter/loadpolicy.go
+++ b/core/cautils/getter/loadpolicy.go
@@ -9,6 +9,7 @@ import (

 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 )

 // =======================================================================================================================
@@ -35,11 +36,11 @@ func NewLoadPolicy(filePaths []string) *LoadPolicy {
 	}
 }

-// Return control from file
-func (lp *LoadPolicy) GetControl(controlName string) (*reporthandling.Control, error) {
-
+// GetControl returns a control from the policy file.
+func (lp *LoadPolicy) GetControl(controlID string) (*reporthandling.Control, error) {
 	control := &reporthandling.Control{}
 	filePath := lp.filePath()
+
 	f, err := os.ReadFile(filePath)
 	if err != nil {
 		return nil, err
@@ -48,20 +49,26 @@ func (lp *LoadPolicy) GetControl(controlName string) (*reporthandling.Control, e
 	if err = json.Unmarshal(f, control); err != nil {
 		return control, err
 	}
-	if controlName != "" && !strings.EqualFold(controlName, control.Name) && !strings.EqualFold(controlName, control.ControlID) {
-		framework, err := lp.GetFramework(control.Name)
-		if err != nil {
-			return nil, fmt.Errorf("control from file not matching")
-		} else {
-			for _, ctrl := range framework.Controls {
-				if strings.EqualFold(ctrl.Name, controlName) || strings.EqualFold(ctrl.ControlID, controlName) {
-					control = &ctrl
-					break
-				}
-			}
+
+	if controlID == "" || strings.EqualFold(controlID, control.ControlID) {
+		return control, nil
+	}
+
+	framework, err := lp.GetFramework(control.Name)
+	if err != nil {
+		return nil, fmt.Errorf("control from file not matching")
+	}
+
+	for _, toPin := range framework.Controls {
+		ctrl := toPin
+		if strings.EqualFold(ctrl.ControlID, controlID) {
+			control = &ctrl
+
+			break
 		}
 	}
-	return control, err
+
+	return control, nil
 }

 func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framework, error) {
@@ -109,7 +116,7 @@ func (lp *LoadPolicy) ListFrameworks() ([]string, error) {
 	return fwNames, nil
 }

-func (lp *LoadPolicy) ListControls(listType ListType) ([]string, error) {
+func (lp *LoadPolicy) ListControls() ([]string, error) {
 	// TODO - Support
 	return []string{}, fmt.Errorf("loading controls list from file is not supported")
 }
@@ -152,3 +159,18 @@ func (lp *LoadPolicy) filePath() string {
 	}
 	return ""
 }
+
+func (lp *LoadPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error) {
+	attackTracks := []v1alpha1.AttackTrack{}
+
+	f, err := os.ReadFile(lp.filePath())
+
+	if err != nil {
+		return nil, err
+	}
+
+	if err := json.Unmarshal(f, &attackTracks); err != nil {
+		return nil, err
+	}
+	return attackTracks, nil
+}
--- a/core/cautils/gitparse_test.go
+++ b/core/cautils/gitparse_test.go
@@ -0,0 +1,16 @@
+package cautils
+
+import (
+	"testing"
+
+	giturl "github.com/kubescape/go-git-url"
+	"github.com/stretchr/testify/require"
+)
+
+func TestEnsureRemoteParsed(t *testing.T) {
+	const remote = "git@gitlab.com:foobar/gitlab-tests/sample-project.git"
+
+	require.NotPanics(t, func() {
+		_, _ = giturl.NewGitURL(remote)
+	})
+}
--- a/core/cautils/helmchart_test.go
+++ b/core/cautils/helmchart_test.go
@@ -3,7 +3,6 @@ package cautils
 import (
 	_ "embed"
 	"encoding/json"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -39,7 +38,7 @@ func (s *HelmChartTestSuite) SetupSuite() {
 	}

 	var obj interface{}
-	file, _ := ioutil.ReadFile(filepath.Join("testdata", "helm_expected_default_values.json"))
+	file, _ := os.ReadFile(filepath.Join("testdata", "helm_expected_default_values.json"))
 	_ = json.Unmarshal([]byte(file), &obj)
 	s.expectedDefaultValues = obj.(map[string]interface{})
 }
--- a/core/cautils/localgitrepository.go
+++ b/core/cautils/localgitrepository.go
@@ -6,10 +6,10 @@ import (
 	"strings"
 	"time"

-	"github.com/armosec/go-git-url/apis"
 	gitv5 "github.com/go-git/go-git/v5"
 	configv5 "github.com/go-git/go-git/v5/config"
 	plumbingv5 "github.com/go-git/go-git/v5/plumbing"
+	"github.com/kubescape/go-git-url/apis"
 	git2go "github.com/libgit2/git2go/v33"
 )

--- a/core/cautils/localgitrepository_test.go
+++ b/core/cautils/localgitrepository_test.go
@@ -27,7 +27,7 @@ func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) {
 		return nil, err
 	}
 	for _, f := range archive.File {
-		filePath := filepath.Join(destinationFolder, f.Name)
+		filePath := filepath.Join(destinationFolder, f.Name) //nolint:gosec
 		if !strings.HasPrefix(filePath, filepath.Clean(destinationFolder)+string(os.PathSeparator)) {
 			return nil, fmt.Errorf("invalid file path")
 		}
@@ -50,7 +50,7 @@ func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) {
 			return nil, err
 		}

-		if _, err := io.Copy(dstFile, fileInArchive); err != nil {
+		if _, err := io.Copy(dstFile, fileInArchive); err != nil { //nolint:gosec
 			return nil, err
 		}

--- a/core/cautils/scaninfo.go
+++ b/core/cautils/scaninfo.go
@@ -3,7 +3,6 @@ package cautils
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -11,7 +10,7 @@ import (
 	"github.com/armosec/armoapi-go/armotypes"
 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"

-	giturl "github.com/armosec/go-git-url"
+	giturl "github.com/kubescape/go-git-url"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
@@ -40,7 +39,8 @@ const (
 	// ScanCluster                string = "cluster"
 	// ScanLocalFiles             string = "yaml"
 	localControlInputsFilename string = "controls-inputs.json"
-	localExceptionsFilename    string = "exceptions.json"
+	LocalExceptionsFilename    string = "exceptions.json"
+	LocalAttackTracksFilename  string = "attack-tracks.json"
 )

 type BoolPtrFlag struct {
@@ -94,7 +94,7 @@ const (
 )

 type PolicyIdentifier struct {
-	Name        string                        // policy name e.g. nsa,mitre,c-0012
+	Identifier  string                        // policy Identifier e.g. c-0012 for control, nsa,mitre for frameworks
 	Kind        apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule
 	Designators armotypes.PortalDesignator
 }
@@ -120,6 +120,7 @@ type ScanInfo struct {
 	FailThreshold         float32            // Failure score threshold
 	FailThresholdSeverity string             // Severity at and above which the command should fail
 	Submit                bool               // Submit results to Kubescape Cloud BE
+	CreateAccount         bool               // Create account in Kubescape Cloud BE if no account found in local cache
 	ScanID                string             // Report id of the current scan
 	HostSensorEnabled     BoolPtrFlag        // Deploy Kubescape K8s host scanner to collect data from certain controls
 	HostSensorYamlPath    string             // Path to hostsensor file
@@ -128,6 +129,8 @@ type ScanInfo struct {
 	KubeContext           string             // context name
 	FrameworkScan         bool               // false if scanning control
 	ScanAll               bool               // true if scan all frameworks
+	OmitRawResources      bool               // true if omit raw resources from the output
+	PrintAttackTree       bool               // true if print attack tree
 }

 type Getters struct {
@@ -139,7 +142,6 @@ type Getters struct {

 func (scanInfo *ScanInfo) Init() {
 	scanInfo.setUseFrom()
-	scanInfo.setOutputFile()
 	scanInfo.setUseArtifactsFrom()
 	if scanInfo.ScanID == "" {
 		scanInfo.ScanID = uuid.NewString()
@@ -159,7 +161,7 @@ func (scanInfo *ScanInfo) setUseArtifactsFrom() {
 		scanInfo.UseArtifactsFrom = dir
 	}
 	// set frameworks files
-	files, err := ioutil.ReadDir(scanInfo.UseArtifactsFrom)
+	files, err := os.ReadDir(scanInfo.UseArtifactsFrom)
 	if err != nil {
 		logger.L().Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
 	}
@@ -176,35 +178,24 @@ func (scanInfo *ScanInfo) setUseArtifactsFrom() {
 	// set config-inputs file
 	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
 	// set exceptions
-	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
+	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, LocalExceptionsFilename)
 }

 func (scanInfo *ScanInfo) setUseFrom() {
 	if scanInfo.UseDefault {
 		for _, policy := range scanInfo.PolicyIdentifier {
-			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
+			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Identifier+".json"))
 		}
 	}
 }

-func (scanInfo *ScanInfo) setOutputFile() {
-	if scanInfo.Output == "" {
-		return
-	}
-	if scanInfo.Format == "json" {
-		if filepath.Ext(scanInfo.Output) != ".json" {
-			scanInfo.Output += ".json"
-		}
-	}
-	if scanInfo.Format == "junit" {
-		if filepath.Ext(scanInfo.Output) != ".xml" {
-			scanInfo.Output += ".xml"
-		}
-	}
-	if scanInfo.Format == "pdf" {
-		if filepath.Ext(scanInfo.Output) != ".pdf" {
-			scanInfo.Output += ".pdf"
-		}
+// Formats returns a slice of output formats that have been requested for a given scan
+func (scanInfo *ScanInfo) Formats() []string {
+	formatString := scanInfo.Format
+	if formatString != "" {
+		return strings.Split(scanInfo.Format, ",")
+	} else {
+		return []string{}
 	}
 }

@@ -213,7 +204,7 @@ func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.No
 		if !scanInfo.contains(policy) {
 			newPolicy := PolicyIdentifier{}
 			newPolicy.Kind = kind
-			newPolicy.Name = policy
+			newPolicy.Identifier = policy
 			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
 		}
 	}
@@ -221,7 +212,7 @@ func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.No

 func (scanInfo *ScanInfo) contains(policyName string) bool {
 	for _, policy := range scanInfo.PolicyIdentifier {
-		if policy.Name == policyName {
+		if policy.Identifier == policyName {
 			return true
 		}
 	}
@@ -249,7 +240,7 @@ func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata {
 	}
 	// append frameworks
 	for _, policy := range scanInfo.PolicyIdentifier {
-		metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Name)
+		metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Identifier)
 	}

 	metadata.ScanMetadata.KubescapeVersion = BuildNumber
@@ -419,7 +410,7 @@ func metadataGitLocal(input string) (*reporthandlingv2.RepoContextMetadata, erro
 		Date:          commit.Committer.Date,
 		CommitterName: commit.Committer.Name,
 	}
-	context.LocalRootPath = getAbsPath(input)
+	context.LocalRootPath, _ = gitParser.GetRootDir()

 	return context, nil
 }
--- a/core/cautils/scaninfo_test.go
+++ b/core/cautils/scaninfo_test.go
@@ -43,3 +43,30 @@ func TestGetScanningContext(t *testing.T) {
 	assert.Equal(t, ContextCluster, GetScanningContext(""))
 	assert.Equal(t, ContextGitURL, GetScanningContext("https://github.com/kubescape/kubescape"))
 }
+
+func TestScanInfoFormats(t *testing.T) {
+	testCases := []struct {
+		Input string
+		Want  []string
+	}{
+		{"", []string{}},
+		{"json", []string{"json"}},
+		{"pdf", []string{"pdf"}},
+		{"html", []string{"html"}},
+		{"sarif", []string{"sarif"}},
+		{"html,pdf,sarif", []string{"html", "pdf", "sarif"}},
+		{"pretty-printer,pdf,sarif", []string{"pretty-printer", "pdf", "sarif"}},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.Input, func(t *testing.T) {
+			input := tc.Input
+			want := tc.Want
+			scanInfo := &ScanInfo{Format: input}
+
+			got := scanInfo.Formats()
+
+			assert.Equal(t, want, got)
+		})
+	}
+}
--- a/core/cautils/versioncheck.go
+++ b/core/cautils/versioncheck.go
@@ -14,8 +14,9 @@ import (
 	"golang.org/x/mod/semver"
 )

-const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
-const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_DEPRECATED_ENV = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_ENV = "KS_SKIP_UPDATE_CHECK"
+const CLIENT_ENV = "KS_CLIENT"

 var BuildNumber string
 var Client string
@@ -31,9 +32,14 @@ func NewIVersionCheckHandler() IVersionCheckHandler {
 	if BuildNumber == "" {
 		logger.L().Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
 	}
-	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && boolutils.StringToBool(v) {
+
+	if v, ok := os.LookupEnv(CLIENT_ENV); ok && v != "" {
+		Client = v
+	}
+
+	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_ENV); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
-	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && boolutils.StringToBool(v) {
+	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED_ENV); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
 	}
 	return NewVersionCheckHandler()
--- a/core/cautils/workloadmappingutils.go
+++ b/core/cautils/workloadmappingutils.go
@@ -19,6 +19,7 @@ var (
 		"KubeletInfo",
 		"KubeProxyInfo",
 		"ControlPlaneInfo",
+		"CloudProviderInfo",
 	}
 	CloudResources = []string{
 		"ClusterDescribe",
--- a/core/core/download.go
+++ b/core/core/download.go
@@ -6,19 +6,28 @@ import (
 	"path/filepath"
 	"strings"

-	"github.com/armosec/armoapi-go/armotypes"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 )

+const (
+	TargetControlsInputs = "controls-inputs"
+	TargetExceptions     = "exceptions"
+	TargetControl        = "control"
+	TargetFramework      = "framework"
+	TargetArtifacts      = "artifacts"
+	TargetAttackTracks   = "attack-tracks"
+)
+
 var downloadFunc = map[string]func(*metav1.DownloadInfo) error{
-	"controls-inputs": downloadConfigInputs,
-	"exceptions":      downloadExceptions,
-	"control":         downloadControl,
-	"framework":       downloadFramework,
-	"artifacts":       downloadArtifacts,
+	TargetControlsInputs: downloadConfigInputs,
+	TargetExceptions:     downloadExceptions,
+	TargetControl:        downloadControl,
+	TargetFramework:      downloadFramework,
+	TargetArtifacts:      downloadArtifacts,
+	TargetAttackTracks:   downloadAttackTracks,
 }

 func DownloadSupportCommands() []string {
@@ -70,6 +79,7 @@ func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error {
 		"controls-inputs": downloadConfigInputs,
 		"exceptions":      downloadExceptions,
 		"framework":       downloadFramework,
+		"attack-tracks":   downloadAttackTracks,
 	}
 	for artifact := range artifacts {
 		if err := downloadArtifact(&metav1.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
@@ -82,7 +92,7 @@ func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error {
 func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())

-	controlsInputsGetter := getConfigInputsGetter(downloadInfo.Name, tenant.GetAccountID(), nil)
+	controlsInputsGetter := getConfigInputsGetter(downloadInfo.Identifier, tenant.GetAccountID(), nil)
 	controlInputs, err := controlsInputsGetter.GetControlsInputs(tenant.GetContextName())
 	if err != nil {
 		return err
@@ -103,17 +113,14 @@ func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
 }

 func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
-	var err error
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
-
 	exceptionsGetter := getExceptionsGetter("", tenant.GetAccountID(), nil)
-	exceptions := []armotypes.PostureExceptionPolicy{}
-	if tenant.GetAccountID() != "" {
-		exceptions, err = exceptionsGetter.GetExceptions(tenant.GetContextName())
-		if err != nil {
-			return err
-		}
+
+	exceptions, err := exceptionsGetter.GetExceptions(tenant.GetContextName())
+	if err != nil {
+		return err
 	}
+
 	if downloadInfo.FileName == "" {
 		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
 	}
@@ -126,13 +133,37 @@ func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 	return nil
 }

+func downloadAttackTracks(downloadInfo *metav1.DownloadInfo) error {
+	var err error
+	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
+
+	attackTracksGetter := getAttackTracksGetter(tenant.GetAccountID(), nil)
+
+	attackTracks, err := attackTracksGetter.GetAttackTracks()
+	if err != nil {
+		return err
+	}
+
+	if downloadInfo.FileName == "" {
+		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
+	}
+	// save in file
+	err = getter.SaveInFile(attackTracks, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
+	if err != nil {
+		return err
+	}
+	logger.L().Success("Downloaded", helpers.String("attack tracks", downloadInfo.Target), helpers.String("path", filepath.Join(downloadInfo.Path, downloadInfo.FileName)))
+	return nil
+
+}
+
 func downloadFramework(downloadInfo *metav1.DownloadInfo) error {

 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())

 	g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)

-	if downloadInfo.Name == "" {
+	if downloadInfo.Identifier == "" {
 		// if framework name not specified - download all frameworks
 		frameworks, err := g.GetFrameworks()
 		if err != nil {
@@ -149,9 +180,9 @@ func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 		// return fmt.Errorf("missing framework name")
 	} else {
 		if downloadInfo.FileName == "" {
-			downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Name)
+			downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Identifier)
 		}
-		framework, err := g.GetFramework(downloadInfo.Name)
+		framework, err := g.GetFramework(downloadInfo.Identifier)
 		if err != nil {
 			return err
 		}
@@ -174,25 +205,25 @@ func downloadControl(downloadInfo *metav1.DownloadInfo) error {

 	g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)

-	if downloadInfo.Name == "" {
+	if downloadInfo.Identifier == "" {
 		// TODO - support
-		return fmt.Errorf("missing control name")
+		return fmt.Errorf("missing control ID")
 	}
 	if downloadInfo.FileName == "" {
-		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Name)
+		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Identifier)
 	}
-	controls, err := g.GetControl(downloadInfo.Name)
+	controls, err := g.GetControl(downloadInfo.Identifier)
 	if err != nil {
-		return err
+		return fmt.Errorf("failed to download control id '%s',  %s", downloadInfo.Identifier, err.Error())
 	}
 	if controls == nil {
-		return fmt.Errorf("failed to download control - received an empty objects")
+		return fmt.Errorf("failed to download control id '%s' - received an empty objects", downloadInfo.Identifier)
 	}
 	downloadTo := filepath.Join(downloadInfo.Path, downloadInfo.FileName)
 	err = getter.SaveInFile(controls, downloadTo)
 	if err != nil {
 		return err
 	}
-	logger.L().Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("name", downloadInfo.Name), helpers.String("path", downloadTo))
+	logger.L().Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("ID", downloadInfo.Identifier), helpers.String("path", downloadTo))
 	return nil
 }
--- a/core/core/initutils.go
+++ b/core/core/initutils.go
@@ -2,6 +2,7 @@ package core

 import (
 	"fmt"
+	"os"

 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
@@ -10,6 +11,8 @@ import (
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	"github.com/kubescape/kubescape/v2/core/pkg/hostsensorutils"
 	"github.com/kubescape/kubescape/v2/core/pkg/resourcehandler"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
+	printerv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer/v2"
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter"
 	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"

@@ -45,8 +48,9 @@ func getExceptionsGetter(useExceptions string, accountID string, downloadRelease
 	if downloadReleasedPolicy == nil {
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
-	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil {
-		logger.L().Warning("failed to get exceptions from github release, this may affect the scanning results", helpers.Error(err))
+	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache
+		logger.L().Warning("failed to get exceptions from github release, loading attack tracks from cache", helpers.Error(err))
+		return getter.NewLoadPolicy([]string{getter.GetDefaultPath(cautils.LocalExceptionsFilename)})
 	}
 	return downloadReleasedPolicy

@@ -98,7 +102,7 @@ func getHostSensorHandler(scanInfo *cautils.ScanInfo, k8s *k8sinterface.Kubernet
 	// we need to determined which controls needs host scanner
 	if scanInfo.HostSensorEnabled.Get() == nil && hasHostSensorControls {
 		scanInfo.HostSensorEnabled.SetBool(false) // default - do not run host scanner
-		logger.L().Warning("Kubernetes cluster nodes scanning is disabled. This is required to collect valuable data for certain controls. You can enable it using  the --enable-host-scan flag")
+		logger.L().Warning("Kubernetes cluster nodes scanning is disabled. This is required to collect valuable data for certain controls. You can enable it using the --enable-host-scan flag")
 	}
 	if hostSensorVal := scanInfo.HostSensorEnabled.Get(); hostSensorVal != nil && *hostSensorVal {
 		hostSensorHandler, err := hostsensorutils.NewHostSensorHandler(k8s, scanInfo.HostSensorYamlPath)
@@ -121,18 +125,18 @@ func getFieldSelector(scanInfo *cautils.ScanInfo) resourcehandler.IFieldSelector
 	return &resourcehandler.EmptySelector{}
 }

-func policyIdentifierNames(pi []cautils.PolicyIdentifier) string {
-	policiesNames := ""
+func policyIdentifierIdentities(pi []cautils.PolicyIdentifier) string {
+	policiesIdentities := ""
 	for i := range pi {
-		policiesNames += pi[i].Name
+		policiesIdentities += pi[i].Identifier
 		if i+1 < len(pi) {
-			policiesNames += ","
+			policiesIdentities += ","
 		}
 	}
-	if policiesNames == "" {
-		policiesNames = "all"
+	if policiesIdentities == "" {
+		policiesIdentities = "all"
 	}
-	return policiesNames
+	return policiesIdentities
 }

 // setSubmitBehavior - Setup the desired cluster behavior regarding submitting to the Kubescape Cloud BE
@@ -178,6 +182,10 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC
 		scanInfo.Submit = true
 	}

+	if scanInfo.CreateAccount {
+		scanInfo.Submit = true
+	}
+
 }

 // setPolicyGetter set the policy getter - local file/github release/Kubescape Cloud API
@@ -247,8 +255,19 @@ func getAttackTracksGetter(accountID string, downloadReleasedPolicy *getter.Down
 	if downloadReleasedPolicy == nil {
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
-	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil {
-		logger.L().Warning("failed to get attack tracks from github release, this may affect the scanning results", helpers.Error(err))
+	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache
+		logger.L().Warning("failed to get attack tracks from github release, loading attack tracks from cache", helpers.Error(err))
+		return getter.NewLoadPolicy([]string{getter.GetDefaultPath(cautils.LocalAttackTracksFilename)})
 	}
 	return downloadReleasedPolicy
 }
+
+// getUIPrinter returns a printer that will be used to print to the program’s UI (terminal)
+func getUIPrinter(verboseMode bool, formatVersion string, attackTree bool, viewType cautils.ViewTypes) printer.IPrinter {
+	p := printerv2.NewPrettyPrinter(verboseMode, formatVersion, attackTree, viewType)
+
+	// Since the UI of the program is a CLI (Stdout), it means that it should always print to Stdout
+	p.SetWriter(os.Stdout.Name())
+
+	return p
+}
--- a/core/core/initutils_test.go
+++ b/core/core/initutils_test.go
@@ -0,0 +1,39 @@
+package core
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/kubescape/kubescape/v2/core/cautils"
+)
+
+func Test_getUIPrinter(t *testing.T) {
+	scanInfo := &cautils.ScanInfo{
+		FormatVersion: "v2",
+		VerboseMode:   true,
+		View:          "control",
+	}
+	wantFormatVersion := scanInfo.FormatVersion
+	wantVerboseMode := scanInfo.VerboseMode
+	wantViewType := cautils.ViewTypes(scanInfo.View)
+
+	got := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View))
+
+	gotValue := reflect.ValueOf(got).Elem()
+	gotFormatVersion := gotValue.FieldByName("formatVersion").String()
+	gotVerboseMode := gotValue.FieldByName("verboseMode").Bool()
+	gotViewType := cautils.ViewTypes(gotValue.FieldByName("viewType").String())
+
+	if gotFormatVersion != wantFormatVersion {
+		t.Errorf("Got: %s, want: %s", gotFormatVersion, wantFormatVersion)
+	}
+
+	if gotVerboseMode != wantVerboseMode {
+		t.Errorf("Got: %t, want: %t", gotVerboseMode, wantVerboseMode)
+	}
+
+	if gotViewType != wantViewType {
+		t.Errorf("Got: %v, want: %v", gotViewType, wantViewType)
+	}
+
+}
--- a/core/core/list.go
+++ b/core/core/list.go
@@ -6,8 +6,11 @@ import (
 	"sort"
 	"strings"

-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/cautils"
 	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
+	v2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer/v2"
+	"github.com/olekukonko/tablewriter"
 )

 var listFunc = map[string]func(*metav1.ListPolicies) ([]string, error){
@@ -16,7 +19,7 @@ var listFunc = map[string]func(*metav1.ListPolicies) ([]string, error){
 	"exceptions": listExceptions,
 }

-var listFormatFunc = map[string]func(*metav1.ListPolicies, []string){
+var listFormatFunc = map[string]func(string, []string){
 	"pretty-print": prettyPrintListFormat,
 	"json":         jsonListFormat,
 }
@@ -29,14 +32,18 @@ func ListSupportActions() []string {
 	return commands
 }
 func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {
-	if f, ok := listFunc[listPolicies.Target]; ok {
-		policies, err := f(listPolicies)
+	if policyListerFunc, ok := listFunc[listPolicies.Target]; ok {
+		policies, err := policyListerFunc(listPolicies)
 		if err != nil {
 			return err
 		}
 		sort.Strings(policies)

-		listFormatFunc[listPolicies.Format](listPolicies, policies)
+		if listFormatFunction, ok := listFormatFunc[listPolicies.Format]; ok {
+			listFormatFunction(listPolicies.Target, policies)
+		} else {
+			return fmt.Errorf("Invalid format \"%s\", Supported formats: 'pretty-print'/'json' ", listPolicies.Format)
+		}

 		return nil
 	}
@@ -45,20 +52,16 @@ func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {

 func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi()) // change k8sinterface
-	g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)
+	policyGetter := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)

-	return listFrameworksNames(g), nil
+	return listFrameworksNames(policyGetter), nil
 }

 func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi()) // change k8sinterface

-	g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
-	l := getter.ListName
-	if listPolicies.ListIDs {
-		l = getter.ListID
-	}
-	return g.ListControls(l)
+	policyGetter := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
+	return policyGetter.ListControls()
 }

 func listExceptions(listPolicies *metav1.ListPolicies) ([]string, error) {
@@ -77,12 +80,73 @@ func listExceptions(listPolicies *metav1.ListPolicies) ([]string, error) {
 	return exceptionsNames, nil
 }

-func prettyPrintListFormat(listPolicies *metav1.ListPolicies, policies []string) {
-	sep := "\n  * "
-	fmt.Printf("Supported %s:%s%s\n", listPolicies.Target, sep, strings.Join(policies, sep))
+func prettyPrintListFormat(targetPolicy string, policies []string) {
+	if targetPolicy == "controls" {
+		prettyPrintControls(policies)
+		return
+	}
+
+	header := fmt.Sprintf("Supported %s", targetPolicy)
+
+	policyTable := tablewriter.NewWriter(printer.GetWriter(""))
+	policyTable.SetAutoWrapText(true)
+	policyTable.SetHeader([]string{header})
+	policyTable.SetHeaderLine(true)
+	policyTable.SetRowLine(true)
+	data := v2.Matrix{}
+
+	controlRows := generatePolicyRows(policies)
+	data = append(data, controlRows...)
+
+	policyTable.SetAlignment(tablewriter.ALIGN_CENTER)
+	policyTable.AppendBulk(data)
+	policyTable.Render()
 }

-func jsonListFormat(listPolicies *metav1.ListPolicies, policies []string) {
+func jsonListFormat(targetPolicy string, policies []string) {
 	j, _ := json.MarshalIndent(policies, "", "  ")
+
 	fmt.Printf("%s\n", j)
 }
+
+func prettyPrintControls(policies []string) {
+	controlsTable := tablewriter.NewWriter(printer.GetWriter(""))
+	controlsTable.SetAutoWrapText(true)
+	controlsTable.SetHeader([]string{"Control ID", "Control Name", "Docs", "Frameworks"})
+	controlsTable.SetHeaderLine(true)
+	controlsTable.SetRowLine(true)
+	data := v2.Matrix{}
+
+	controlRows := generateControlRows(policies)
+	data = append(data, controlRows...)
+
+	controlsTable.AppendBulk(data)
+	controlsTable.Render()
+}
+
+func generateControlRows(policies []string) [][]string {
+	rows := [][]string{}
+
+	for _, control := range policies {
+		idAndControlAndFrameworks := strings.Split(control, "|")
+		id, control, framework := idAndControlAndFrameworks[0], idAndControlAndFrameworks[1], idAndControlAndFrameworks[2]
+
+		docs := cautils.GetControlLink(id)
+
+		currentRow := []string{id, control, docs, framework}
+
+		rows = append(rows, currentRow)
+	}
+
+	return rows
+}
+
+func generatePolicyRows(policies []string) [][]string {
+	rows := [][]string{}
+
+	for _, policy := range policies {
+		currentRow := []string{policy}
+		rows = append(rows, currentRow)
+	}
+	return rows
+}
--- a/core/core/scan.go
+++ b/core/core/scan.go
@@ -27,7 +27,8 @@ type componentInterfaces struct {
 	tenantConfig      cautils.ITenantConfig
 	resourceHandler   resourcehandler.IResourceHandler
 	report            reporter.IReport
-	printerHandler    printer.IPrinter
+	outputPrinters    []printer.IPrinter
+	uiPrinter         printer.IPrinter
 	hostSensorHandler hostsensorutils.IHostSensor
 }

@@ -54,12 +55,16 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 		if err := tenantConfig.SetTenant(); err != nil {
 			logger.L().Error(err.Error())
 		}
+
+		if scanInfo.OmitRawResources {
+			logger.L().Warning("omit-raw-resources flag will be ignored in submit mode")
+		}
 	}

 	// ================== version testing ======================================

 	v := cautils.NewIVersionCheckHandler()
-	v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierNames(scanInfo.PolicyIdentifier), "", cautils.ScanningContextToScanningScope(scanInfo.GetScanningContext())))
+	v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierIdentities(scanInfo.PolicyIdentifier), "", cautils.ScanningContextToScanningScope(scanInfo.GetScanningContext())))

 	// ================== setup host scanner object ======================================

@@ -89,9 +94,17 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// reporting behavior - setup reporter
 	reportHandler := getReporter(tenantConfig, scanInfo.ScanID, scanInfo.Submit, scanInfo.FrameworkScan, scanInfo.GetScanningContext())

-	// setup printer
-	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.FormatVersion, scanInfo.VerboseMode, cautils.ViewTypes(scanInfo.View))
-	printerHandler.SetWriter(scanInfo.Output)
+	// setup printers
+	formats := scanInfo.Formats()
+
+	outputPrinters := make([]printer.IPrinter, 0)
+	for _, format := range formats {
+		printerHandler := resultshandling.NewPrinter(format, scanInfo.FormatVersion, scanInfo.PrintAttackTree, scanInfo.VerboseMode, cautils.ViewTypes(scanInfo.View))
+		printerHandler.SetWriter(scanInfo.Output)
+		outputPrinters = append(outputPrinters, printerHandler)
+	}
+
+	uiPrinter := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View))

 	// ================== return interface ======================================

@@ -99,7 +112,8 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 		tenantConfig:      tenantConfig,
 		resourceHandler:   resourceHandler,
 		report:            reportHandler,
-		printerHandler:    printerHandler,
+		outputPrinters:    outputPrinters,
+		uiPrinter:         uiPrinter,
 		hostSensorHandler: hostSensorHandler,
 	}
 }
@@ -137,7 +151,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH
 		}
 	}()

-	resultsHandling := resultshandling.NewResultsHandler(interfaces.report, interfaces.printerHandler)
+	resultsHandling := resultshandling.NewResultsHandler(interfaces.report, interfaces.outputPrinters, interfaces.uiPrinter)

 	// ===================== policies & resources =====================
 	policyHandler := policyhandler.NewPolicyHandler(interfaces.resourceHandler)
@@ -156,7 +170,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH

 	// ======================== prioritization ===================

-	if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(scanInfo.Getters.AttackTracksGetter); err != nil {
+	if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(scanInfo.Getters.AttackTracksGetter, scanInfo.PrintAttackTree); err != nil {
 		logger.L().Warning("failed to get attack tracks, this may affect the scanning results", helpers.Error(err))
 	} else if err := priotizationHandler.PrioritizeResources(scanData); err != nil {
 		return resultsHandling, fmt.Errorf("%w", err)
--- a/core/meta/datastructures/v1/download.go
+++ b/core/meta/datastructures/v1/download.go
@@ -6,6 +6,6 @@ type DownloadInfo struct {
 	Path        string // directory to save artifact. Default is "~/.kubescape/"
 	FileName    string // can be empty
 	Target      string // type of artifact to download
-	Name        string // name of artifact to download
+	Identifier  string // identifier of artifact to download
 	Credentials cautils.Credentials
 }
--- a/core/meta/datastructures/v1/listpolicies.go
+++ b/core/meta/datastructures/v1/listpolicies.go
@@ -4,7 +4,6 @@ import "github.com/kubescape/kubescape/v2/core/cautils"

 type ListPolicies struct {
 	Target      string
-	ListIDs     bool
 	Format      string
 	Credentials cautils.Credentials
 }
--- a/core/mocks/loadmocks.go
+++ b/core/mocks/loadmocks.go
@@ -8,7 +8,7 @@ import (
 	"github.com/kubescape/opa-utils/reporthandling"
 )

-var mockControl_0006 = `{"guid":"","name":"Allowed hostPath","attributes":{"armoBuiltin":true},"id":"C-0006","controlID":"C-0006","creationTime":"","description":"Mounting host directory to the container can be abused to get access to sensitive data and gain persistence on the host machine.","remediation":"Refrain from using host path mount.","rules":[{"guid":"","name":"alert-rw-hostpath","attributes":{"armoBuiltin":true,"m$K8sThreatMatrix":"Persistence::Writable hostPath mount, Lateral Movement::Writable volume mounts on the host"},"creationTime":"","rule":"package armo_builtins\n\n# input: pod\n# apiversion: v1\n# does: returns hostPath volumes\n\ndeny[msga] {\n    pod := input[_]\n    pod.kind == \"Pod\"\n    volumes := pod.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\tcontainer := pod.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n    podname := pod.metadata.name\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"pod: %v has: %v as hostPath volume\", [podname, volume.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": [result],\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [pod]\n\t\t}\n\t}\n}\n\n#handles majority of workload resources\ndeny[msga] {\n\twl := input[_]\n\tspec_template_spec_patterns := {\"Deployment\",\"ReplicaSet\",\"DaemonSet\",\"StatefulSet\",\"Job\"}\n\tspec_template_spec_patterns[wl.kind]\n    volumes := wl.spec.template.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\tcontainer := wl.spec.template.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.template.spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"%v: %v has: %v as hostPath volume\", [wl.kind, wl.metadata.name, volume.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": [result],\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t\n\t}\n}\n\n#handles CronJobs\ndeny[msga] {\n\twl := input[_]\n\twl.kind == \"CronJob\"\n    volumes := wl.spec.jobTemplate.spec.template.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\n\tcontainer = wl.spec.jobTemplate.spec.template.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.jobTemplate.spec.template.spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n\tmsga := {\n\t\"alertMessage\": sprintf(\"%v: %v has: %v as hostPath volume\", [wl.kind, wl.metadata.name, volume.name]),\n\t\"packagename\": \"armo_builtins\",\n\t\"alertScore\": 7,\n\t\"failedPaths\": [result],\n\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t}\n}\n\nisRWMount(mount, begginingOfPath,  i, k) = path {\n not mount.readOnly == true\n not mount.readOnly == false\n path = \"\"\n}\nisRWMount(mount, begginingOfPath,  i, k) = path {\n  mount.readOnly == false\n  path = sprintf(\"%vcontainers[%v].volumeMounts[%v].readOnly\", [begginingOfPath, format_int(i, 10), format_int(k, 10)])\n} ","resourceEnumerator":"","ruleLanguage":"Rego","match":[{"apiGroups":["*"],"apiVersions":["*"],"resources":["Deployment","ReplicaSet","DaemonSet","StatefulSet","Job","CronJob","Pod"]}],"ruleDependencies":[{"packageName":"cautils"},{"packageName":"kubernetes.api.client"}],"configInputs":null,"controlConfigInputs":null,"description":"determines if any workload contains a hostPath volume with rw permissions","remediation":"Set the readOnly field of the mount to true","ruleQuery":""}],"rulesIDs":[""],"baseScore":6}`
+var mockControl_0006 = `{"guid":"","name":"HostPath mount","attributes":{"armoBuiltin":true},"id":"C-0048","controlID":"C-0048","creationTime":"","description":"Mounting host directory to the container can be abused to get access to sensitive data and gain persistence on the host machine.","remediation":"Refrain from using host path mount.","rules":[{"guid":"","name":"alert-rw-hostpath","attributes":{"armoBuiltin":true,"m$K8sThreatMatrix":"Persistence::Writable hostPath mount, Lateral Movement::Writable volume mounts on the host"},"creationTime":"","rule":"package armo_builtins\n\n# input: pod\n# apiversion: v1\n# does: returns hostPath volumes\n\ndeny[msga] {\n    pod := input[_]\n    pod.kind == \"Pod\"\n    volumes := pod.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\tcontainer := pod.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n    podname := pod.metadata.name\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"pod: %v has: %v as hostPath volume\", [podname, volume.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": [result],\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [pod]\n\t\t}\n\t}\n}\n\n#handles majority of workload resources\ndeny[msga] {\n\twl := input[_]\n\tspec_template_spec_patterns := {\"Deployment\",\"ReplicaSet\",\"DaemonSet\",\"StatefulSet\",\"Job\"}\n\tspec_template_spec_patterns[wl.kind]\n    volumes := wl.spec.template.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\tcontainer := wl.spec.template.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.template.spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"%v: %v has: %v as hostPath volume\", [wl.kind, wl.metadata.name, volume.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": [result],\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t\n\t}\n}\n\n#handles CronJobs\ndeny[msga] {\n\twl := input[_]\n\twl.kind == \"CronJob\"\n    volumes := wl.spec.jobTemplate.spec.template.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\n\tcontainer = wl.spec.jobTemplate.spec.template.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.jobTemplate.spec.template.spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n\tmsga := {\n\t\"alertMessage\": sprintf(\"%v: %v has: %v as hostPath volume\", [wl.kind, wl.metadata.name, volume.name]),\n\t\"packagename\": \"armo_builtins\",\n\t\"alertScore\": 7,\n\t\"failedPaths\": [result],\n\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t}\n}\n\nisRWMount(mount, begginingOfPath,  i, k) = path {\n not mount.readOnly == true\n not mount.readOnly == false\n path = \"\"\n}\nisRWMount(mount, begginingOfPath,  i, k) = path {\n  mount.readOnly == false\n  path = sprintf(\"%vcontainers[%v].volumeMounts[%v].readOnly\", [begginingOfPath, format_int(i, 10), format_int(k, 10)])\n} ","resourceEnumerator":"","ruleLanguage":"Rego","match":[{"apiGroups":["*"],"apiVersions":["*"],"resources":["Deployment","ReplicaSet","DaemonSet","StatefulSet","Job","CronJob","Pod"]}],"ruleDependencies":[{"packageName":"cautils"},{"packageName":"kubernetes.api.client"}],"configInputs":null,"controlConfigInputs":null,"description":"determines if any workload contains a hostPath volume with rw permissions","remediation":"Set the readOnly field of the mount to true","ruleQuery":""}],"rulesIDs":[""],"baseScore":6}`

 var mockControl_0044 = `{"guid":"","name":"Container hostPort","attributes":{"armoBuiltin":true},"id":"C-0044","controlID":"C-0044","creationTime":"","description":"Configuring hostPort limits you to a particular port, and if any two workloads that specify the same HostPort they cannot be deployed to the same node. Therefore, if the number of replica of such workload is higher than the number of nodes, the deployment will fail.","remediation":"Avoid usage of hostPort unless it is absolutely necessary. Use NodePort / ClusterIP instead.","rules":[{"guid":"","name":"container-hostPort","attributes":{"armoBuiltin":true},"creationTime":"","rule":"package armo_builtins\n\n\n# Fails if pod has container with hostPort\ndeny[msga] {\n    pod := input[_]\n    pod.kind == \"Pod\"\n    container := pod.spec.containers[i]\n\tbegginingOfPath := \"spec.\"\n\tpath := isHostPort(container, i, begginingOfPath)\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"Container: %v has Host-port\", [ container.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": path,\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [pod]\n\t\t}\n\t}\n}\n\n# Fails if workload has container with hostPort\ndeny[msga] {\n    wl := input[_]\n\tspec_template_spec_patterns := {\"Deployment\",\"ReplicaSet\",\"DaemonSet\",\"StatefulSet\",\"Job\"}\n\tspec_template_spec_patterns[wl.kind]\n    container := wl.spec.template.spec.containers[i]\n\tbegginingOfPath := \"spec.template.spec.\"\n    path := isHostPort(container, i, begginingOfPath)\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"Container: %v in %v: %v   has Host-port\", [ container.name, wl.kind, wl.metadata.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": path,\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t}\n}\n\n# Fails if cronjob has container with hostPort\ndeny[msga] {\n  \twl := input[_]\n\twl.kind == \"CronJob\"\n\tcontainer = wl.spec.jobTemplate.spec.template.spec.containers[i]\n\tbegginingOfPath := \"spec.jobTemplate.spec.template.spec.\"\n    path := isHostPort(container, i, begginingOfPath)\n    msga := {\n\t\t\"alertMessage\": sprintf(\"Container: %v in %v: %v   has Host-port\", [ container.name, wl.kind, wl.metadata.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": path,\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t}\n}\n\n\n\nisHostPort(container, i, begginingOfPath) = path {\n\tpath = [sprintf(\"%vcontainers[%v].ports[%v].hostPort\", [begginingOfPath, format_int(i, 10), format_int(j, 10)]) | port = container.ports[j];  port.hostPort]\n\tcount(path) > 0\n}\n","resourceEnumerator":"","ruleLanguage":"Rego","match":[{"apiGroups":["*"],"apiVersions":["*"],"resources":["Deployment","ReplicaSet","DaemonSet","StatefulSet","Job","Pod","CronJob"]}],"ruleDependencies":[],"configInputs":null,"controlConfigInputs":null,"description":"fails if container has hostPort","remediation":"Make sure you do not configure hostPort for the container, if necessary use NodePort / ClusterIP","ruleQuery":"armo_builtins"}],"rulesIDs":[""],"baseScore":4}`

@@ -31,7 +31,7 @@ func MockFramework_0013() *reporthandling.Framework {
 	return fw
 }

-// MockFramework_0006_0013 mock control 0013 and control 0006 - "Non-root containers" and "Allowed hostPath"
+// MockFramework_0006_0013 mock control 0013 and control 0006 - "Non-root containers" and "HostPath mount"
 func MockFramework_0006_0013() *reporthandling.Framework {
 	fw := &reporthandling.Framework{
 		PortalBase: armotypes.PortalBase{
--- a/core/pkg/containerscan/containerscan_mock.go
+++ b/core/pkg/containerscan/containerscan_mock.go
@@ -50,7 +50,7 @@ func randSeq(n int, bank []rune) string {

 	b := make([]rune, n)
 	for i := range b {
-		b[i] = bank[rand.Intn(len(bank))]
+		b[i] = bank[rand.Intn(len(bank))] //nolint:gosec
 	}
 	return string(b)
 }
@@ -60,7 +60,7 @@ func GenerateContainerScanLayer(layer *ScanResultLayer) {
 	layer.LayerHash = randSeq(32, hash)
 	layer.Vulnerabilities = make(VulnerabilitiesList, 0)
 	layer.Packages = make(LinuxPkgs, 0)
-	vuls := rand.Intn(10) + 1
+	vuls := rand.Intn(10) + 1 //nolint:gosec

 	for i := 0; i < vuls; i++ {
 		v := Vulnerability{}
--- a/core/pkg/hostsensorutils/hostsensor.yaml
+++ b/core/pkg/hostsensorutils/hostsensor.yaml
@@ -36,8 +36,9 @@ spec:
        effect: NoSchedule
      containers:
      - name: host-sensor
-        image: quay.io/kubescape/host-scanner:v1.0.32
+        image: quay.io/kubescape/host-scanner:v1.0.39
        securityContext:
+          allowPrivilegeEscalation: true
          privileged: true
          readOnlyRootFilesystem: true
          procMount: Unmasked
--- a/core/pkg/hostsensorutils/hostsensorgetfrompod.go
+++ b/core/pkg/hostsensorutils/hostsensorgetfrompod.go
@@ -3,6 +3,7 @@ package hostsensorutils
 import (
 	"encoding/json"
 	"fmt"
+	"strings"
 	"sync"

 	logger "github.com/kubescape/go-logger"
@@ -99,6 +100,30 @@ func (hsh *HostSensorHandler) sendAllPodsHTTPGETRequest(path, requestKind string
 	return res, nil
 }

+// return host-scanner version
+func (hsh *HostSensorHandler) GetVersion() (string, error) {
+	// loop over pods and port-forward it to each of them
+	podList, err := hsh.getPodList()
+	if err != nil {
+		return "", fmt.Errorf("failed to sendAllPodsHTTPGETRequest: %v", err)
+	}
+
+	// initialization of the channels
+	hsh.workerPool.init(len(podList))
+	hsh.workerPool.hostSensorApplyJobs(podList, "/version", "version")
+	for job := range hsh.workerPool.jobs {
+		resBytes, err := hsh.HTTPGetToPod(job.podName, job.path)
+		if err != nil {
+			return "", err
+		} else {
+			version := strings.ReplaceAll(string(resBytes), "\"", "")
+			version = strings.ReplaceAll(version, "\n", "")
+			return version, nil
+		}
+	}
+	return "", nil
+}
+
 // return list of LinuxKernelVariables
 func (hsh *HostSensorHandler) GetKernelVariables() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
@@ -135,6 +160,12 @@ func (hsh *HostSensorHandler) GetControlPlaneInfo() ([]hostsensor.HostSensorData
 	return hsh.sendAllPodsHTTPGETRequest("/controlPlaneInfo", ControlPlaneInfo)
 }

+// return list of KubeProxyInfo
+func (hsh *HostSensorHandler) GetCloudProviderInfo() ([]hostsensor.HostSensorDataEnvelope, error) {
+	// loop over pods and port-forward it to each of them
+	return hsh.sendAllPodsHTTPGETRequest("/cloudProviderInfo", CloudProviderInfo)
+}
+
 // return list of KubeletCommandLine
 func (hsh *HostSensorHandler) GetKubeletCommandLine() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
@@ -192,6 +223,16 @@ func (hsh *HostSensorHandler) CollectResources() ([]hostsensor.HostSensorDataEnv
 	var kcData []hostsensor.HostSensorDataEnvelope
 	var err error
 	logger.L().Debug("Accessing host scanner")
+	version, err := hsh.GetVersion()
+	if err != nil {
+		logger.L().Warning(err.Error())
+	}
+	if len(version) > 0 {
+		logger.L().Info("Host scanner version : " + version)
+	} else {
+		logger.L().Info("Unknown host scanner version")
+	}
+	//
 	kcData, err = hsh.GetKubeletConfigurations()
 	if err != nil {
 		addInfoToMap(KubeletConfiguration, infoMap, err)
@@ -285,6 +326,16 @@ func (hsh *HostSensorHandler) CollectResources() ([]hostsensor.HostSensorDataEnv
 		res = append(res, kcData...)
 	}

+	// GetCloudProviderInfo
+	kcData, err = hsh.GetCloudProviderInfo()
+	if err != nil {
+		addInfoToMap(CloudProviderInfo, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
+
 	logger.L().Debug("Done reading information from host scanner")
 	return res, infoMap, nil
 }
--- a/core/pkg/hostsensorutils/utils.go
+++ b/core/pkg/hostsensorutils/utils.go
@@ -16,6 +16,7 @@ var (
 	KubeletInfo                  = "KubeletInfo"
 	KubeProxyInfo                = "KubeProxyInfo"
 	ControlPlaneInfo             = "ControlPlaneInfo"
+	CloudProviderInfo            = "CloudProviderInfo"

 	MapHostSensorResourceToApiGroup = map[string]string{
 		KubeletConfiguration:         "hostdata.kubescape.cloud/v1beta0",
@@ -28,6 +29,7 @@ var (
 		KubeletInfo:                  "hostdata.kubescape.cloud/v1beta0",
 		KubeProxyInfo:                "hostdata.kubescape.cloud/v1beta0",
 		ControlPlaneInfo:             "hostdata.kubescape.cloud/v1beta0",
+		CloudProviderInfo:            "hostdata.kubescape.cloud/v1beta0",
 	}
 )

--- a/core/pkg/opaprocessor/processorhandler.go
+++ b/core/pkg/opaprocessor/processorhandler.go
@@ -35,6 +35,7 @@ type OPAProcessor struct {
 func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *resources.RegoDependenciesData) *OPAProcessor {
 	if regoDependenciesData != nil && sessionObj != nil {
 		regoDependenciesData.PostureControlInputs = sessionObj.RegoInputData.PostureControlInputs
+		regoDependenciesData.DataControlInputs = sessionObj.RegoInputData.DataControlInputs
 	}
 	return &OPAProcessor{
 		OPASessionObj:        sessionObj,
@@ -68,23 +69,26 @@ func (opap *OPAProcessor) Process(policies *cautils.Policies) error {

 	cautils.StartSpinner()

-	var errs error
-	for _, control := range policies.Controls {
+	for _, toPin := range policies.Controls {
+		control := toPin

 		resourcesAssociatedControl, err := opap.processControl(&control)
 		if err != nil {
 			logger.L().Error(err.Error())
 		}
+
+		if len(resourcesAssociatedControl) == 0 {
+			continue
+		}
+
 		// update resources with latest results
-		if len(resourcesAssociatedControl) != 0 {
-			for resourceID, controlResult := range resourcesAssociatedControl {
-				if _, ok := opap.ResourcesResult[resourceID]; !ok {
-					opap.ResourcesResult[resourceID] = resourcesresults.Result{ResourceID: resourceID}
-				}
-				t := opap.ResourcesResult[resourceID]
-				t.AssociatedControls = append(t.AssociatedControls, controlResult)
-				opap.ResourcesResult[resourceID] = t
+		for resourceID, controlResult := range resourcesAssociatedControl {
+			if _, ok := opap.ResourcesResult[resourceID]; !ok {
+				opap.ResourcesResult[resourceID] = resourcesresults.Result{ResourceID: resourceID}
 			}
+			t := opap.ResourcesResult[resourceID]
+			t.AssociatedControls = append(t.AssociatedControls, controlResult)
+			opap.ResourcesResult[resourceID] = t
 		}
 	}

@@ -94,7 +98,7 @@ func (opap *OPAProcessor) Process(policies *cautils.Policies) error {

 	opap.loggerDoneScanning()

-	return errs
+	return nil
 }

 func (opap *OPAProcessor) loggerStartScanning() {
@@ -153,12 +157,16 @@ func (opap *OPAProcessor) processControl(control *reporthandling.Control) (map[s
 func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule, fixedControlInputs map[string][]string) (map[string]*resourcesresults.ResourceAssociatedRule, error) {

 	postureControlInputs := opap.regoDependenciesData.GetFilteredPostureControlInputs(rule.ConfigInputs) // get store
+	dataControlInputs := map[string]string{"cloudProvider": opap.OPASessionObj.Report.ClusterCloudProvider}

 	// Merge configurable control input and fixed control input
 	for k, v := range fixedControlInputs {
 		postureControlInputs[k] = v
 	}

+	RuleRegoDependenciesData := resources.RegoDependenciesData{DataControlInputs: dataControlInputs,
+		PostureControlInputs: postureControlInputs}
+
 	inputResources, err := reporthandling.RegoResourcesAggregator(rule, getAllSupportedObjects(opap.K8SResources, opap.ArmoResource, opap.AllResources, rule))
 	if err != nil {
 		return nil, fmt.Errorf("error getting aggregated k8sObjects: %s", err.Error())
@@ -185,7 +193,7 @@ func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule, fixedCont
 		opap.AllResources[inputResources[i].GetID()] = inputResources[i]
 	}

-	ruleResponses, err := opap.runOPAOnSingleRule(rule, inputRawResources, ruleData, postureControlInputs)
+	ruleResponses, err := opap.runOPAOnSingleRule(rule, inputRawResources, ruleData, RuleRegoDependenciesData)
 	if err != nil {
 		// TODO - Handle error
 		logger.L().Error(err.Error())
@@ -217,16 +225,16 @@ func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule, fixedCont
 	return resources, err
 }

-func (opap *OPAProcessor) runOPAOnSingleRule(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, postureControlInputs map[string][]string) ([]reporthandling.RuleResponse, error) {
+func (opap *OPAProcessor) runOPAOnSingleRule(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, ruleRegoDependenciesData resources.RegoDependenciesData) ([]reporthandling.RuleResponse, error) {
 	switch rule.RuleLanguage {
 	case reporthandling.RegoLanguage, reporthandling.RegoLanguage2:
-		return opap.runRegoOnK8s(rule, k8sObjects, getRuleData, postureControlInputs)
+		return opap.runRegoOnK8s(rule, k8sObjects, getRuleData, ruleRegoDependenciesData)
 	default:
 		return nil, fmt.Errorf("rule: '%s', language '%v' not supported", rule.Name, rule.RuleLanguage)
 	}
 }

-func (opap *OPAProcessor) runRegoOnK8s(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, postureControlInputs map[string][]string) ([]reporthandling.RuleResponse, error) {
+func (opap *OPAProcessor) runRegoOnK8s(rule *reporthandling.PolicyRule, k8sObjects []map[string]interface{}, getRuleData func(*reporthandling.PolicyRule) string, ruleRegoDependenciesData resources.RegoDependenciesData) ([]reporthandling.RuleResponse, error) {

 	// compile modules
 	modules, err := getRuleDependencies()
@@ -239,7 +247,7 @@ func (opap *OPAProcessor) runRegoOnK8s(rule *reporthandling.PolicyRule, k8sObjec
 		return nil, fmt.Errorf("in 'runRegoOnSingleRule', failed to compile rule, name: %s, reason: %s", rule.Name, err.Error())
 	}

-	store, err := resources.TOStorage(postureControlInputs)
+	store, err := ruleRegoDependenciesData.TOStorage()
 	if err != nil {
 		return nil, err
 	}
@@ -282,8 +290,12 @@ func (opap *OPAProcessor) enumerateData(rule *reporthandling.PolicyRule, k8sObje
 		return k8sObjects, nil
 	}
 	postureControlInputs := opap.regoDependenciesData.GetFilteredPostureControlInputs(rule.ConfigInputs)
+	dataControlInputs := map[string]string{"cloudProvider": opap.OPASessionObj.Report.ClusterCloudProvider}

-	ruleResponse, err := opap.runOPAOnSingleRule(rule, k8sObjects, ruleEnumeratorData, postureControlInputs)
+	RuleRegoDependenciesData := resources.RegoDependenciesData{DataControlInputs: dataControlInputs,
+		PostureControlInputs: postureControlInputs}
+
+	ruleResponse, err := opap.runOPAOnSingleRule(rule, k8sObjects, ruleEnumeratorData, RuleRegoDependenciesData)
 	if err != nil {
 		return nil, err
 	}
--- a/core/pkg/opaprocessor/processorhandlerutils.go
+++ b/core/pkg/opaprocessor/processorhandlerutils.go
@@ -15,9 +15,9 @@ import (
 // updateResults updates the results objects and report objects. This is a critical function - DO NOT CHANGE
 //
 // The function:
-//  - removes sensible data
-//  - adds exceptions
-//  - summarizes results
+//   - removes sensible data
+//   - adds exceptions
+//   - summarizes results
 func (opap *OPAProcessor) updateResults() {

 	// remove data from all objects
@@ -117,9 +117,11 @@ func getKubernetesObjects(k8sResources *cautils.K8SResources, allResources map[s
 					groupResources := k8sinterface.ResourceGroupToString(groups, version, resource)
 					for _, groupResource := range groupResources {
 						if k8sObj, ok := (*k8sResources)[groupResource]; ok {
-							if k8sObj == nil {
-								// logger.L().Debug("skipping", helpers.String("resource", groupResource))
-							}
+							/*
+								if k8sObj == nil {
+									// logger.L().Debug("skipping", helpers.String("resource", groupResource))
+								}
+							*/
 							for i := range k8sObj {
 								k8sObjects = append(k8sObjects, allResources[k8sObj[i]])
 							}
--- a/core/pkg/policyhandler/handlenotification.go
+++ b/core/pkg/policyhandler/handlenotification.go
@@ -2,10 +2,21 @@ package policyhandler

 import (
 	"fmt"
+	"strings"
+
+	helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1"
+
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+
+	cloudsupportv1 "github.com/kubescape/k8s-interface/cloudsupport/v1"
+	reportv2 "github.com/kubescape/opa-utils/reporthandling/v2"

 	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/kubescape/k8s-interface/cloudsupport"
+	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/pkg/resourcehandler"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
 )

 // PolicyHandler -
@@ -49,6 +60,8 @@ func (policyHandler *PolicyHandler) CollectResources(policyIdentifier []cautils.
 func (policyHandler *PolicyHandler) getResources(policyIdentifier []cautils.PolicyIdentifier, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) error {
 	opaSessionObj.Report.ClusterAPIServerInfo = policyHandler.resourceHandler.GetClusterAPIServerInfo()

+	setCloudMetadata(opaSessionObj)
+
 	resourcesMap, allResources, ksResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj, &policyIdentifier[0].Designators)
 	if err != nil {
 		return err
@@ -67,3 +80,70 @@ func getDesignator(policyIdentifier []cautils.PolicyIdentifier) *armotypes.Porta
 	}
 	return &armotypes.PortalDesignator{}
 }
+
+func setCloudMetadata(opaSessionObj *cautils.OPASessionObj) {
+	iCloudMetadata := getCloudMetadata(opaSessionObj, k8sinterface.GetConfig())
+	if iCloudMetadata == nil {
+		return
+	}
+	cloudMetadata := reportv2.NewCloudMetadata(iCloudMetadata)
+	opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata.CloudMetadata = cloudMetadata
+	opaSessionObj.Metadata.ClusterMetadata.CloudMetadata = cloudMetadata             // deprecated - fallback
+	opaSessionObj.Report.ClusterCloudProvider = iCloudMetadata.Provider().ToString() // deprecated - fallback
+}
+
+// getCloudMetadata - get cloud metadata from kubeconfig or API server
+// There are 3 options:
+// 1. Get cloud provider from API server git version (EKS, GKE)
+// 2. Get cloud provider from kubeconfig by parsing the cluster context (EKS, GKE)
+// 3. Get cloud provider from kubeconfig by parsing the server URL (AKS)
+func getCloudMetadata(opaSessionObj *cautils.OPASessionObj, config *clientcmdapi.Config) apis.ICloudParser {
+
+	if config == nil {
+		return nil
+	}
+
+	var provider string
+
+	// attempting to get cloud provider from API server git version
+	if opaSessionObj.Report.ClusterAPIServerInfo != nil {
+		provider = cloudsupport.GetCloudProvider(opaSessionObj.Report.ClusterAPIServerInfo.GitVersion)
+	}
+
+	if provider == cloudsupportv1.AKS || isAKS(config) {
+		return helpersv1.NewAKSMetadata(k8sinterface.GetContextName())
+	}
+	if provider == cloudsupportv1.EKS || isEKS(config) {
+		return helpersv1.NewEKSMetadata(k8sinterface.GetContextName())
+	}
+	if provider == cloudsupportv1.GKE || isGKE(config) {
+		return helpersv1.NewGKEMetadata(k8sinterface.GetContextName())
+	}
+
+	return nil
+}
+
+// check if the server is AKS. e.g. https://XXX.XX.XXX.azmk8s.io:443
+func isAKS(config *clientcmdapi.Config) bool {
+	const serverIdentifierAKS = "azmk8s.io"
+	if cluster, ok := config.Clusters[config.CurrentContext]; ok {
+		return strings.Contains(cluster.Server, serverIdentifierAKS)
+	}
+	return false
+}
+
+// check if the server is EKS. e.g. arn:aws:eks:eu-west-1:xxx:cluster/xxxx
+func isEKS(config *clientcmdapi.Config) bool {
+	if context, ok := config.Contexts[config.CurrentContext]; ok {
+		return strings.Contains(context.Cluster, cloudsupportv1.EKS)
+	}
+	return false
+}
+
+// check if the server is GKE. e.g. gke_xxx-xx-0000_us-central1-c_xxxx-1
+func isGKE(config *clientcmdapi.Config) bool {
+	if context, ok := config.Contexts[config.CurrentContext]; ok {
+		return strings.Contains(context.Cluster, cloudsupportv1.GKE)
+	}
+	return false
+}
--- a/core/pkg/policyhandler/handlenotification_test.go
+++ b/core/pkg/policyhandler/handlenotification_test.go
@@ -0,0 +1,201 @@
+package policyhandler
+
+import (
+	_ "embed"
+	"encoding/json"
+	"testing"
+
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
+	helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
+	"k8s.io/apimachinery/pkg/version"
+	clientcmdapi "k8s.io/client-go/tools/clientcmd/api"
+)
+
+var (
+	//go:embed kubeconfig_mock.json
+	kubeConfigMock string
+)
+
+func getKubeConfigMock() *clientcmdapi.Config {
+	kubeConfig := clientcmdapi.Config{}
+	if err := json.Unmarshal([]byte(kubeConfigMock), &kubeConfig); err != nil {
+		panic(err)
+	}
+	return &kubeConfig
+}
+func Test_getCloudMetadata(t *testing.T) {
+	type args struct {
+		context       string
+		opaSessionObj *cautils.OPASessionObj
+		kubeConfig    *clientcmdapi.Config
+	}
+	kubeConfig := getKubeConfigMock()
+	tests := []struct {
+		want apis.ICloudParser
+		args args
+		name string
+	}{
+		{
+			name: "Test_getCloudMetadata - GitVersion: GKE",
+			args: args{
+				opaSessionObj: &cautils.OPASessionObj{
+					Report: &reporthandlingv2.PostureReport{
+						ClusterAPIServerInfo: &version.Info{
+							GitVersion: "v1.25.4-gke.1600",
+						},
+					},
+				},
+				context:    "",
+				kubeConfig: kubeConfig,
+			},
+			want: helpersv1.NewGKEMetadata(""),
+		},
+		{
+			name: "Test_getCloudMetadata_context_GKE",
+			args: args{
+				opaSessionObj: &cautils.OPASessionObj{
+					Report: &reporthandlingv2.PostureReport{
+						ClusterAPIServerInfo: nil,
+					},
+				},
+				kubeConfig: kubeConfig,
+				context:    "gke_xxx-xx-0000_us-central1-c_xxxx-1",
+			},
+			want: helpersv1.NewGKEMetadata(""),
+		},
+		{
+			name: "Test_getCloudMetadata_context_EKS",
+			args: args{
+				opaSessionObj: &cautils.OPASessionObj{
+					Report: &reporthandlingv2.PostureReport{
+						ClusterAPIServerInfo: nil,
+					},
+				},
+				kubeConfig: kubeConfig,
+				context:    "arn:aws:eks:eu-west-1:xxx:cluster/xxxx",
+			},
+			want: helpersv1.NewEKSMetadata(""),
+		},
+		{
+			name: "Test_getCloudMetadata_context_AKS",
+			args: args{
+				opaSessionObj: &cautils.OPASessionObj{
+					Report: &reporthandlingv2.PostureReport{
+						ClusterAPIServerInfo: nil,
+					},
+				},
+				kubeConfig: kubeConfig,
+				context:    "xxxx-2",
+			},
+			want: helpersv1.NewAKSMetadata(""),
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tt.args.kubeConfig.CurrentContext = tt.args.context
+			got := getCloudMetadata(tt.args.opaSessionObj, tt.args.kubeConfig)
+			if got == nil {
+				t.Errorf("getCloudMetadata() = %v, want %v", got, tt.want.Provider())
+				return
+			}
+			if got.Provider() != tt.want.Provider() {
+				t.Errorf("getCloudMetadata() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_isGKE(t *testing.T) {
+	type args struct {
+		config  *clientcmdapi.Config
+		context string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "Test_isGKE",
+			args: args{
+				config:  getKubeConfigMock(),
+				context: "gke_xxx-xx-0000_us-central1-c_xxxx-1",
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+
+		t.Run(tt.name, func(t *testing.T) {
+			// set context
+			tt.args.config.CurrentContext = tt.args.context
+			if got := isGKE(tt.args.config); got != tt.want {
+				t.Errorf("isGKE() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_isEKS(t *testing.T) {
+	type args struct {
+		config  *clientcmdapi.Config
+		context string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "Test_isEKS",
+			args: args{
+				config:  getKubeConfigMock(),
+				context: "arn:aws:eks:eu-west-1:xxx:cluster/xxxx",
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+
+		t.Run(tt.name, func(t *testing.T) {
+			// set context
+			tt.args.config.CurrentContext = tt.args.context
+			if got := isEKS(tt.args.config); got != tt.want {
+				t.Errorf("isEKS() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
+
+func Test_isAKS(t *testing.T) {
+	type args struct {
+		config  *clientcmdapi.Config
+		context string
+	}
+	tests := []struct {
+		name string
+		args args
+		want bool
+	}{
+		{
+			name: "Test_isAKS",
+			args: args{
+				config:  getKubeConfigMock(),
+				context: "xxxx-2",
+			},
+			want: true,
+		},
+	}
+	for _, tt := range tests {
+
+		t.Run(tt.name, func(t *testing.T) {
+			// set context
+			tt.args.config.CurrentContext = tt.args.context
+			if got := isAKS(tt.args.config); got != tt.want {
+				t.Errorf("isAKS() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/core/pkg/policyhandler/handlepullpolicies.go
+++ b/core/pkg/policyhandler/handlepullpolicies.go
@@ -56,14 +56,16 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P
 	switch getScanKind(policyIdentifier) {
 	case apisv1.KindFramework: // Download frameworks
 		for _, rule := range policyIdentifier {
-			receivedFramework, err := policyHandler.getters.PolicyGetter.GetFramework(rule.Name)
+			receivedFramework, err := policyHandler.getters.PolicyGetter.GetFramework(rule.Identifier)
 			if err != nil {
 				return frameworks, policyDownloadError(err)
 			}
+			if err := validateFramework(receivedFramework); err != nil {
+				return frameworks, err
+			}
 			if receivedFramework != nil {
 				frameworks = append(frameworks, *receivedFramework)
-
-				cache := getter.GetDefaultPath(rule.Name + ".json")
+				cache := getter.GetDefaultPath(rule.Identifier + ".json")
 				if err := getter.SaveInFile(receivedFramework, cache); err != nil {
 					logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err))
 				}
@@ -73,15 +75,15 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P
 		f := reporthandling.Framework{}
 		var receivedControl *reporthandling.Control
 		var err error
-		for _, rule := range policyIdentifier {
-			receivedControl, err = policyHandler.getters.PolicyGetter.GetControl(rule.Name)
+		for _, policy := range policyIdentifier {
+			receivedControl, err = policyHandler.getters.PolicyGetter.GetControl(policy.Identifier)
 			if err != nil {
 				return frameworks, policyDownloadError(err)
 			}
 			if receivedControl != nil {
 				f.Controls = append(f.Controls, *receivedControl)

-				cache := getter.GetDefaultPath(rule.Name + ".json")
+				cache := getter.GetDefaultPath(policy.Identifier + ".json")
 				if err := getter.SaveInFile(receivedControl, cache); err != nil {
 					logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err))
 				}
@@ -98,7 +100,7 @@ func (policyHandler *PolicyHandler) getScanPolicies(policyIdentifier []cautils.P
 func policyIdentifierToSlice(rules []cautils.PolicyIdentifier) []string {
 	s := []string{}
 	for i := range rules {
-		s = append(s, fmt.Sprintf("%s: %s", rules[i].Kind, rules[i].Name))
+		s = append(s, fmt.Sprintf("%s: %s", rules[i].Kind, rules[i].Identifier))
 	}
 	return s
 }
--- a/core/pkg/policyhandler/handlepullpolicies_test.go
+++ b/core/pkg/policyhandler/handlepullpolicies_test.go
@@ -1,23 +0,0 @@
-package policyhandler
-
-// func TestGetPoliciesFromBackend(t *testing.T) {
-// 	notification := reporthandling.PolicyNotification{
-// 		Rules: []reporthandling.PolicyIdentifier{
-// 			{
-// 				Kind: reporthandling.KindFramework,
-// 				Name: "mitretest",
-// 			},
-// 		},
-// 	}
-// 	// os.Setenv(cacli., "")
-// 	ph := PolicyHandler{
-// 		cacli: &cacli.Cacli{},
-// 	}
-// 	f, err := ph.GetPoliciesFromBackend(&notification)
-// 	if err != nil {
-// 		t.Error(err)
-// 	}
-// 	if len(f) == 0 {
-// 		t.Errorf("empty")
-// 	}
-// }
--- a/core/pkg/policyhandler/handlepullpoliciesutils.go
+++ b/core/pkg/policyhandler/handlepullpoliciesutils.go
@@ -5,6 +5,7 @@ import (
 	"strings"

 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
+	"github.com/kubescape/opa-utils/reporthandling"

 	"github.com/kubescape/kubescape/v2/core/cautils"
 )
@@ -21,3 +22,16 @@ func policyDownloadError(err error) error {
 	}
 	return err
 }
+
+// validate the framework
+func validateFramework(framework *reporthandling.Framework) error {
+	if framework == nil {
+		return fmt.Errorf("received empty framework")
+	}
+
+	// validate the controls are not empty
+	if len(framework.Controls) == 0 {
+		return fmt.Errorf("failed to load controls for framework: %s: empty list of controls", framework.Name)
+	}
+	return nil
+}
--- a/core/pkg/policyhandler/handlepullpoliciesutils_test.go
+++ b/core/pkg/policyhandler/handlepullpoliciesutils_test.go
@@ -0,0 +1,48 @@
+package policyhandler
+
+import (
+	"testing"
+
+	"github.com/kubescape/opa-utils/reporthandling"
+)
+
+func Test_validateFramework(t *testing.T) {
+	type args struct {
+		framework *reporthandling.Framework
+	}
+	tests := []struct {
+		name    string
+		args    args
+		wantErr bool
+	}{
+		{
+			name: "empty framework",
+			args: args{
+				framework: &reporthandling.Framework{
+					Controls: []reporthandling.Control{},
+				},
+			},
+			wantErr: true,
+		},
+		{
+			name: "none empty framework",
+			args: args{
+				framework: &reporthandling.Framework{
+					Controls: []reporthandling.Control{
+						{
+							ControlID: "c-0001",
+						},
+					},
+				},
+			},
+			wantErr: false,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if err := validateFramework(tt.args.framework); (err != nil) != tt.wantErr {
+				t.Errorf("validateControls() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}
--- a/core/pkg/policyhandler/kubeconfig_mock.json
+++ b/core/pkg/policyhandler/kubeconfig_mock.json
@@ -0,0 +1,82 @@
+{
+    "preferences": {},
+    "clusters": {
+        "xxxx-2": {
+            "server": "https://XXX.XX.XXX.azmk8s.io:443"
+        },
+        "arn:aws:eks:eu-west-1:xxx:cluster/xxxx": {
+            "server": "https://XX.XX.eu-west-1.eks.amazonaws.com"
+        },
+        "xxxx-0": {
+            "server": "https://kubernetes.docker.XXX:6443"
+        },
+        "xxxx-1": {
+            "server": "https://127.0.0.1:49498"
+        },
+        "gke_xxx-xx-0000_us-central1-c_xxxx-1": {
+            "server": "https://0.0.0.0"
+        },
+        "microk8s-cluster": {
+            "server": "https://0.0.0.0:16443"
+        }
+    },
+    "users": {
+        "arn:aws:eks:eu-west-1:xxx:cluster/xxxx": {
+            "exec": {
+                "command": "aws",
+                "args": [
+                    "--region",
+                    "eu-west-1",
+                    "eks",
+                    "get-token",
+                    "--cluster-name",
+                    "xxx"
+                ],
+                "env": null,
+                "apiVersion": "client.authentication.k8s.io/v1beta1",
+                "provideClusterInfo": false,
+                "Config": null,
+                "InteractiveMode": "IfAvailable",
+                "StdinUnavailable": false,
+                "StdinUnavailableMessage": ""
+            }
+        },
+        "gke_elated-pottery-xxx_us-central1-c_xxxx-1": {
+            "auth-provider": {
+                "name": "gcp",
+                "config": {
+                    "cmd-args": "config config-helper --format=json",
+                    "cmd-path": "/opt/homebrew/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/bin/gcloud"
+                }
+            }
+        }
+    },
+    "contexts": {
+        "xxxx-2": {
+            "cluster": "xxxx-2",
+            "user": "clusterUser_MyResourceGroup_xxxx-2"
+        },
+        "arn:aws:eks:eu-west-1:xxx:cluster/xxxx": {
+            "cluster": "arn:aws:eks:eu-west-1:xxx:cluster/xxxx",
+            "user": "arn:aws:eks:eu-west-1:xxx:cluster/xxxx"
+        },
+        "docker-desktop": {
+            "cluster": "docker-desktop",
+            "user": "docker-desktop"
+        },
+        "xxxx-0": {
+            "cluster": "xxxx-0",
+            "user": "xxxx-0",
+            "namespace": "default"
+        },
+        "gke_xxx-xx-0000_us-central1-c_xxxx-1": {
+            "cluster": "gke_xxx-xx-0000_us-central1-c_xxxx-1",
+            "user": "gke_xxx-xx-0000_us-central1-c_xxxx-1"
+        },
+        "microk8s": {
+            "cluster": "microk8s-cluster",
+            "user": "admin"
+        }
+    },
+    "current-context": "xxxx-0"
+}
--- a/core/pkg/registryadaptors/armosec/v1/civksadaptor.go
+++ b/core/pkg/registryadaptors/armosec/v1/civksadaptor.go
@@ -25,14 +25,17 @@ func (ksCivAdaptor *KSCivAdaptor) Login() error {
 }
 func (ksCivAdaptor *KSCivAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) {
 	resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0)
-	for _, imageID := range imageIDs {
+	for _, toPin := range imageIDs {
+		imageID := toPin
 		result, err := ksCivAdaptor.GetImageVulnerability(&imageID)
-		if err == nil {
-			resultList = append(resultList, *result)
-		} else {
+		if err != nil {
 			logger.L().Debug("failed to get image vulnerabilities", helpers.String("image", imageID.Tag), helpers.Error(err))
+			continue
 		}
+
+		resultList = append(resultList, *result)
 	}
+
 	return resultList, nil
 }

--- a/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go
+++ b/core/pkg/registryadaptors/gcp/v1/gcpadaptor.go
@@ -30,14 +30,17 @@ func (GCPAdaptor *GCPAdaptor) Login() error {

 func (GCPAdaptor *GCPAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) {
 	resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0)
-	for _, imageID := range imageIDs {
+	for _, toPin := range imageIDs {
+		imageID := toPin
 		result, err := GCPAdaptor.GetImageVulnerability(&imageID)
-		if err == nil {
-			resultList = append(resultList, *result)
-		} else {
+		if err != nil {
 			logger.L().Debug("failed to get image vulnerabilities", helpers.String("image", imageID.Tag), helpers.Error(err))
+			continue
 		}
+
+		resultList = append(resultList, *result)
 	}
+
 	return resultList, nil
 }

--- a/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go
+++ b/core/pkg/registryadaptors/gcp/v1/gcpadaptormock.go
@@ -20,15 +20,16 @@ func (GCPAdaptorMock *GCPAdaptorMock) Login() error {

 func (GCPAdaptorMock *GCPAdaptorMock) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) {
 	resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0)
-	for _, imageID := range imageIDs {
+	for _, toPin := range imageIDs {
+		imageID := toPin
 		result, err := GCPAdaptorMock.GetImageVulnerability(&imageID)
-		if err == nil {
-			resultList = append(resultList, *result)
-		} else {
+		if err != nil {
 			return nil, err
 		}

-		return resultList, nil
+		resultList = append(resultList, *result)
+
+		return resultList, nil //nolint:staticcheck // we return at once and shorten the mocked result
 	}

 	GCPAdaptorMock.resultList = resultList
--- a/core/pkg/registryadaptors/registryvulnerabilities/datastructures.go
+++ b/core/pkg/registryadaptors/registryvulnerabilities/datastructures.go
@@ -43,7 +43,7 @@ type Vulnerability struct {
 	Categories               Categories  `json:"categories"`
 	NoteName                 string      `json:",omitempty"`
 	CreateTime               time.Time   `json:",omitempty"`
-	UpdateTime               time.Time      `json:",omitempty"` // Vulnerablity started
+	UpdateTime               time.Time   `json:",omitempty"` // Vulnerablity started
 	CVSS                     float32     `json:",omitempty"` // other cvss versions are available
 	AffectedCPEURI           string      `json:",omitempty"` // Package issue
 	AffectedPackage          string      `json:",omitempty"`
--- a/core/pkg/resourcehandler/filesloader.go
+++ b/core/pkg/resourcehandler/filesloader.go
@@ -76,9 +76,10 @@ func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASess

 	}

-	if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, ksResources); err != nil {
-		logger.L().Warning("failed to collect images vulnerabilities", helpers.Error(err))
-	}
+	// Should Kubescape scan image related controls when scanning local files?
+	// if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, ksResources); err != nil {
+	// 	logger.L().Warning("failed to collect images vulnerabilities", helpers.Error(err))
+	// }

 	cautils.StopSpinner()
 	logger.L().Success("Done accessing local objects")
@@ -103,6 +104,8 @@ func getResourcesFromPath(path string) (map[string]reporthandling.Source, []work
 	gitRepo, err := cautils.NewLocalGitRepository(path)
 	if err == nil && gitRepo != nil {
 		repoRoot, _ = gitRepo.GetRootDir()
+	} else {
+		repoRoot, _ = filepath.Abs(path)
 	}

 	// load resource from local file system
@@ -141,7 +144,7 @@ func getResourcesFromPath(path string) (map[string]reporthandling.Source, []work
 		}

 		workloadSource := reporthandling.Source{
-			RelativePath: source,
+			RelativePath: relSource,
 			FileType:     filetype,
 			LastCommit:   lastCommit,
 		}
--- a/core/pkg/resourcehandler/filesloaderutils.go
+++ b/core/pkg/resourcehandler/filesloaderutils.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"path/filepath"

-	giturl "github.com/armosec/go-git-url"
+	giturl "github.com/kubescape/go-git-url"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
--- a/core/pkg/resourcehandler/k8sresources.go
+++ b/core/pkg/resourcehandler/k8sresources.go
@@ -88,7 +88,6 @@ func (k8sHandler *K8sResourceHandler) GetResources(sessionObj *cautils.OPASessio
 		logger.L().Info("Requesting images vulnerabilities results")
 		cautils.StartSpinner()
 		if err := k8sHandler.registryAdaptors.collectImagesVulnerabilities(k8sResourcesMap, allResources, ksResourceMap); err != nil {
-			logger.L().Warning("failed to collect image vulnerabilities", helpers.Error(err))
 			cautils.SetInfoMapForResources(fmt.Sprintf("failed to pull image scanning data: %s. for more information: https://hub.armosec.io/docs/configuration-of-image-vulnerabilities", err.Error()), imgVulnResources, sessionObj.InfoMap)
 		} else {
 			if isEmptyImgVulns(*ksResourceMap) {
@@ -248,7 +247,7 @@ func (k8sHandler *K8sResourceHandler) pullSingleResource(resource *schema.GroupV
 			clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource)
 		} else if k8sinterface.IsNamespaceScope(resource) {
 			clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource).Namespace(namespace)
-		} else if k8sHandler.fieldSelector.GetClusterScope(*&resource) {
+		} else if k8sHandler.fieldSelector.GetClusterScope(resource) {
 			clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource)
 		} else {
 			continue
--- a/core/pkg/resourcehandler/k8sresourcesutils.go
+++ b/core/pkg/resourcehandler/k8sresourcesutils.go
@@ -23,6 +23,7 @@ var (
 	KubeletInfo                  = "KubeletInfo"
 	KubeProxyInfo                = "KubeProxyInfo"
 	ControlPlaneInfo             = "ControlPlaneInfo"
+	CloudProviderInfo            = "CloudProviderInfo"

 	MapResourceToApiGroup = map[string]string{
 		KubeletConfiguration:         "hostdata.kubescape.cloud/v1beta0",
@@ -35,6 +36,7 @@ var (
 		KubeletInfo:                  "hostdata.kubescape.cloud/v1beta0",
 		KubeProxyInfo:                "hostdata.kubescape.cloud/v1beta0",
 		ControlPlaneInfo:             "hostdata.kubescape.cloud/v1beta0",
+		CloudProviderInfo:            "hostdata.kubescape.cloud/v1beta0",
 	}
 	MapResourceToApiGroupVuln = map[string][]string{
 		ImageVulnerabilities: {"armo.vuln.images/v1", "image.vulnscan.com/v1"}}
--- a/core/pkg/resourcehandler/registrydata.go
+++ b/core/pkg/resourcehandler/registrydata.go
@@ -8,8 +8,8 @@ import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	gcpadaptorv1 "github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/gcp/v1"
 	armosecadaptorv1 "github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/armosec/v1"
+	gcpadaptorv1 "github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/gcp/v1"
 	"github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"

 	"github.com/kubescape/opa-utils/shared"
--- a/core/pkg/resourcehandler/remotegitutils.go
+++ b/core/pkg/resourcehandler/remotegitutils.go
@@ -6,21 +6,21 @@ import (
 	nethttp "net/http"
 	"os"

-	giturl "github.com/armosec/go-git-url"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/plumbing"
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
+	giturl "github.com/kubescape/go-git-url"
 )

 // To Check if the given repository is Public(No Authentication needed), send a HTTP GET request to the URL
 // If response code is 200, the repository is Public.
-func isGitRepoPublic(URL string) bool {
-	resp, err := nethttp.Get(URL)
-
+func isGitRepoPublic(u string) bool {
+	resp, err := nethttp.Get(u) //nolint:gosec
 	if err != nil {
 		return false
 	}
+
 	// if the status code is 200, our get request is successful.
 	// It only happens when the repository is public.
 	if resp.StatusCode == 200 {
@@ -38,6 +38,17 @@ func isGitTokenPresent(gitURL giturl.IGitAPI) bool {
 	return true
 }

+// Get the error message according to the provider
+func getProviderError(gitURL giturl.IGitAPI) error {
+	switch gitURL.GetProvider(){
+	case "github":
+		return fmt.Errorf("%w", errors.New("GITHUB_TOKEN is not present"))
+	case "gitlab":
+		return fmt.Errorf("%w", errors.New("GITLAB_TOKEN is not present"))
+	}
+	return fmt.Errorf("%w", errors.New("unable to find the host name"))
+}
+
 // cloneRepo clones a repository to a local temporary directory and returns the directory
 func cloneRepo(gitURL giturl.IGitAPI) (string, error) {

@@ -60,9 +71,9 @@ func cloneRepo(gitURL giturl.IGitAPI) (string, error) {
 		auth = nil
 	} else {

-		// Return Error if the GITHUB_TOKEN is not present
+		// Return Error if the AUTH_TOKEN is not present
 		if isGitTokenPresent := isGitTokenPresent(gitURL); !isGitTokenPresent {
-			return "", fmt.Errorf("%w", errors.New("GITHUB_TOKEN is not present"))
+			return "", getProviderError(gitURL)
 		}
 		auth = &http.BasicAuth{
 			Username: "anything Except Empty String",
--- a/core/pkg/resourcehandler/urlloader.go
+++ b/core/pkg/resourcehandler/urlloader.go
@@ -1,7 +1,7 @@
 package resourcehandler

 import (
-	giturl "github.com/armosec/go-git-url"
+	giturl "github.com/kubescape/go-git-url"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
--- a/core/pkg/resourcesprioritization/prioritizationhandler.go
+++ b/core/pkg/resourcesprioritization/prioritizationhandler.go
@@ -1,8 +1,11 @@
 package resourcesprioritization

 import (
+	"encoding/json"
 	"fmt"

+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
@@ -11,15 +14,20 @@ import (
 )

 type ResourcesPrioritizationHandler struct {
-	attackTracks []v1alpha1.IAttackTrack
+	resourceToAttackTracks map[string]v1alpha1.IAttackTrack
+	attackTracks           []v1alpha1.IAttackTrack
+	buildResourcesMap      bool
 }

-func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGetter) (*ResourcesPrioritizationHandler, error) {
+func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGetter, buildResourcesMap bool) (*ResourcesPrioritizationHandler, error) {
 	handler := &ResourcesPrioritizationHandler{
-		attackTracks: make([]v1alpha1.IAttackTrack, 0),
+		attackTracks:           make([]v1alpha1.IAttackTrack, 0),
+		resourceToAttackTracks: make(map[string]v1alpha1.IAttackTrack),
+		buildResourcesMap:      buildResourcesMap,
 	}

-	if tracks, err := attackTracksGetter.GetAttackTracks(); err != nil {
+	tracks, err := attackTracksGetter.GetAttackTracks()
+	if err != nil {
 		return nil, err
 	} else {
 		for _, attackTrack := range tracks {
@@ -36,6 +44,12 @@ func NewResourcesPrioritizationHandler(attackTracksGetter getter.IAttackTracksGe
 		return nil, fmt.Errorf("expected to find at least one attack track")
 	}

+	// Store attack tracks in cache
+	cache := getter.GetDefaultPath(cautils.LocalAttackTracksFilename)
+	if err := getter.SaveInFile(tracks, cache); err != nil {
+		logger.L().Warning("failed to cache file", helpers.String("file", cache), helpers.Error(err))
+	}
+
 	return handler, nil
 }

@@ -55,7 +69,7 @@ func (handler *ResourcesPrioritizationHandler) PrioritizeResources(sessionObj *c
 		resourcePriorityVector := []prioritization.ControlsVector{}
 		resource, exist := sessionObj.AllResources[resourceId]
 		if !exist {
-			return fmt.Errorf("expected to find resource id '%s' in scanned resources map", resourceId)
+			continue
 		}

 		workload := workloadinterface.NewWorkloadObj(resource.GetObject())
@@ -76,6 +90,12 @@ func (handler *ResourcesPrioritizationHandler) PrioritizeResources(sessionObj *c
 					// Load the failed controls into the attack track
 					allPathsHandler := v1alpha1.NewAttackTrackAllPathsHandler(attackTrack, &controlsLookup)

+					// only build the map if the user requested it
+					if handler.buildResourcesMap {
+						// Store the attack track for returning to the caller
+						handler.resourceToAttackTracks[resourceId] = handler.copyAttackTrack(attackTrack, &controlsLookup)
+					}
+
 					// Calculate all the paths for the attack track
 					allAttackPaths := allPathsHandler.CalculateAllPaths()

@@ -118,6 +138,8 @@ func (handler *ResourcesPrioritizationHandler) PrioritizeResources(sessionObj *c
 		sessionObj.ResourcesPrioritized[resourceId] = prioritizedResource
 	}

+	sessionObj.ResourceAttackTracks = handler.resourceToAttackTracks
+
 	return nil
 }

@@ -137,3 +159,18 @@ func (handler *ResourcesPrioritizationHandler) isSupportedKind(obj workloadinter
 	}
 	return false
 }
+
+func (handler *ResourcesPrioritizationHandler) copyAttackTrack(attackTrack v1alpha1.IAttackTrack, lookup v1alpha1.IAttackTrackControlsLookup) v1alpha1.IAttackTrack {
+	copyBytes, _ := json.Marshal(attackTrack)
+	var copyObj v1alpha1.AttackTrack
+	json.Unmarshal(copyBytes, &copyObj)
+
+	iter := copyObj.Iterator()
+	for iter.HasNext() {
+		step := iter.Next()
+		failedControls := lookup.GetAssociatedControls(copyObj.GetName(), step.GetName())
+		step.SetControls(failedControls)
+	}
+
+	return &copyObj
+}
--- a/core/pkg/resourcesprioritization/prioritizationhandler_test.go
+++ b/core/pkg/resourcesprioritization/prioritizationhandler_test.go
@@ -97,7 +97,7 @@ func ResourceAssociatedControlMock(controlID string, status apis.ScanningStatus)
 }

 func TestNewResourcesPrioritizationHandler(t *testing.T) {
-	handler, err := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{})
+	handler, err := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{}, false)
 	assert.NoError(t, err)
 	assert.Len(t, handler.attackTracks, 2)
 	assert.Equal(t, handler.attackTracks[0].GetName(), "TestAttackTrack")
@@ -182,7 +182,7 @@ func TestResourcesPrioritizationHandler_PrioritizeResources(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			handler, _ := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{})
+			handler, _ := NewResourcesPrioritizationHandler(&AttackTracksGetterMock{}, false)
 			sessionObj := OPASessionObjMock(tt.allPoliciesControls, tt.results, tt.controls, tt.resources)
 			err := handler.PrioritizeResources(sessionObj)
 			assert.NoError(t, err, "expected to have no errors in PrioritizeResources()")
--- a/core/pkg/resultshandling/gotree/gotree.go
+++ b/core/pkg/resultshandling/gotree/gotree.go
@@ -0,0 +1,128 @@
+package gotree
+
+import (
+	"strings"
+)
+
+const (
+	newLine      = "\n"
+	emptySpace   = "    "
+	middleItem   = "├── "
+	continueItem = "│   "
+	lastItem     = "└── "
+)
+
+type (
+	tree struct {
+		text  string
+		items []Tree
+	}
+
+	// Tree is tree interface
+	Tree interface {
+		Add(text string) Tree
+		AddTree(tree Tree)
+		Items() []Tree
+		Text() string
+		Print() string
+	}
+
+	printer struct {
+	}
+
+	// Printer is printer interface
+	Printer interface {
+		Print(Tree) string
+	}
+)
+
+// New returns a new GoTree.Tree
+func New(text string) Tree {
+	return &tree{
+		text:  text,
+		items: []Tree{},
+	}
+}
+
+// Add adds a node to the tree
+func (t *tree) Add(text string) Tree {
+	n := New(text)
+	t.items = append(t.items, n)
+	return n
+}
+
+// AddTree adds a tree as an item
+func (t *tree) AddTree(tree Tree) {
+	t.items = append(t.items, tree)
+}
+
+// Text returns the node's value
+func (t *tree) Text() string {
+	return t.text
+}
+
+// Items returns all items in the tree
+func (t *tree) Items() []Tree {
+	return t.items
+}
+
+// Print returns an visual representation of the tree
+func (t *tree) Print() string {
+	return newPrinter().Print(t)
+}
+
+func newPrinter() Printer {
+	return &printer{}
+}
+
+// Print prints a tree to a string
+func (p *printer) Print(t Tree) string {
+	return t.Text() + newLine + p.printItems(t.Items(), []bool{})
+}
+
+func (p *printer) printText(text string, spaces []bool, last bool) string {
+	var result string
+	for _, space := range spaces {
+		if space {
+			result += emptySpace
+		} else {
+			result += continueItem
+		}
+	}
+
+	indicator := middleItem
+	if last {
+		indicator = lastItem
+	}
+
+	var out string
+	lines := strings.Split(text, "\n")
+	for i := range lines {
+		text := lines[i]
+		if i == 0 {
+			out += result + indicator + text + newLine
+			continue
+		}
+		if last {
+			indicator = emptySpace
+		} else {
+			indicator = continueItem
+		}
+		out += result + indicator + text + newLine
+	}
+
+	return out
+}
+
+func (p *printer) printItems(t []Tree, spaces []bool) string {
+	var result string
+	for i, f := range t {
+		last := i == len(t)-1
+		result += p.printText(f.Text(), spaces, last)
+		if len(f.Items()) > 0 {
+			spacesChild := append(spaces, last)
+			result += p.printItems(f.Items(), spacesChild)
+		}
+	}
+	return result
+}
--- a/core/pkg/resultshandling/printer/printresults.go
+++ b/core/pkg/resultshandling/printer/printresults.go
@@ -6,6 +6,7 @@ import (
 	"path/filepath"

 	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 )

@@ -43,3 +44,9 @@ func GetWriter(outputFile string) *os.File {
 	return os.Stdout

 }
+
+func LogOutputFile(fileName string) {
+	if fileName != os.Stdout.Name() && fileName != os.Stderr.Name() {
+		logger.L().Success("Scan results saved", helpers.String("filename", fileName))
+	}
+}
--- a/core/pkg/resultshandling/printer/v1/jsonprinter.go
+++ b/core/pkg/resultshandling/printer/v1/jsonprinter.go
@@ -1,15 +1,22 @@
-package v1
+package printer

 import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"path/filepath"
+	"strings"

 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
 )

+const (
+	jsonOutputFile = "report"
+	jsonOutputExt  = ".json"
+)
+
 type JsonPrinter struct {
 	writer *os.File
 }
@@ -19,6 +26,12 @@ func NewJsonPrinter() *JsonPrinter {
 }

 func (jsonPrinter *JsonPrinter) SetWriter(outputFile string) {
+	if strings.TrimSpace(outputFile) == "" {
+		outputFile = jsonOutputFile
+	}
+	if filepath.Ext(strings.TrimSpace(outputFile)) != jsonOutputExt {
+		outputFile = outputFile + jsonOutputExt
+	}
 	jsonPrinter.writer = printer.GetWriter(outputFile)
 }

@@ -41,5 +54,12 @@ func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj
 	if err != nil {
 		logger.L().Fatal("failed to convert posture report object")
 	}
-	jsonPrinter.writer.Write(postureReportStr)
+
+	_, err = jsonPrinter.writer.Write(postureReportStr)
+
+	if err != nil {
+		logger.L().Fatal("failed to Write posture report object into JSON output")
+	} else {
+		printer.LogOutputFile(jsonPrinter.writer.Name())
+	}
 }
--- a/core/pkg/resultshandling/printer/v1/prometheusprinter.go
+++ b/core/pkg/resultshandling/printer/v1/prometheusprinter.go
@@ -1,4 +1,4 @@
-package v1
+package printer

 import (
 	"fmt"
@@ -22,23 +22,23 @@ func NewPrometheusPrinter(verboseMode bool) *PrometheusPrinter {
 	}
 }

-func (prometheusPrinter *PrometheusPrinter) SetWriter(outputFile string) {
-	prometheusPrinter.writer = printer.GetWriter(outputFile)
+func (p *PrometheusPrinter) SetWriter(outputFile string) {
+	p.writer = printer.GetWriter(outputFile)
 }

-func (prometheusPrinter *PrometheusPrinter) Score(score float32) {
+func (p *PrometheusPrinter) Score(score float32) {
 	fmt.Printf("\n# Overall risk-score (0- Excellent, 100- All failed)\nkubescape_score %d\n", cautils.Float32ToInt(score))
 }

-func (printer *PrometheusPrinter) printResources(allResources map[string]workloadinterface.IMetadata, resourcesIDs *reporthandling.ResourcesIDs, frameworkName, controlName string) {
-	printer.printDetails(allResources, resourcesIDs.GetFailedResources(), frameworkName, controlName, "failed")
-	printer.printDetails(allResources, resourcesIDs.GetWarningResources(), frameworkName, controlName, "excluded")
-	if printer.verboseMode {
-		printer.printDetails(allResources, resourcesIDs.GetPassedResources(), frameworkName, controlName, "passed")
+func (p *PrometheusPrinter) printResources(allResources map[string]workloadinterface.IMetadata, resourcesIDs *reporthandling.ResourcesIDs, frameworkName, controlName string) {
+	p.printDetails(allResources, resourcesIDs.GetFailedResources(), frameworkName, controlName, "failed")
+	p.printDetails(allResources, resourcesIDs.GetWarningResources(), frameworkName, controlName, "excluded")
+	if p.verboseMode {
+		p.printDetails(allResources, resourcesIDs.GetPassedResources(), frameworkName, controlName, "passed")
 	}

 }
-func (printer *PrometheusPrinter) printDetails(allResources map[string]workloadinterface.IMetadata, resourcesIDs []string, frameworkName, controlName, status string) {
+func (p *PrometheusPrinter) printDetails(allResources map[string]workloadinterface.IMetadata, resourcesIDs []string, frameworkName, controlName, status string) {
 	objs := make(map[string]map[string]map[string]int)
 	for _, resourceID := range resourcesIDs {
 		resource := allResources[resourceID]
@@ -56,18 +56,18 @@ func (printer *PrometheusPrinter) printDetails(allResources map[string]workloadi
 	for gvk, namespaces := range objs {
 		for namespace, names := range namespaces {
 			for name, value := range names {
-				fmt.Fprintf(printer.writer, "# Failed object from \"%s\" control \"%s\"\n", frameworkName, controlName)
+				fmt.Fprintf(p.writer, "# Failed object from \"%s\" control \"%s\"\n", frameworkName, controlName)
 				if namespace != "" {
-					fmt.Fprintf(printer.writer, "kubescape_object_failed_count{framework=\"%s\",control=\"%s\",namespace=\"%s\",name=\"%s\",groupVersionKind=\"%s\"} %d\n", frameworkName, controlName, namespace, name, gvk, value)
+					fmt.Fprintf(p.writer, "kubescape_object_failed_count{framework=\"%s\",control=\"%s\",namespace=\"%s\",name=\"%s\",groupVersionKind=\"%s\"} %d\n", frameworkName, controlName, namespace, name, gvk, value)
 				} else {
-					fmt.Fprintf(printer.writer, "kubescape_object_failed_count{framework=\"%s\",control=\"%s\",name=\"%s\",groupVersionKind=\"%s\"} %d\n", frameworkName, controlName, name, gvk, value)
+					fmt.Fprintf(p.writer, "kubescape_object_failed_count{framework=\"%s\",control=\"%s\",name=\"%s\",groupVersionKind=\"%s\"} %d\n", frameworkName, controlName, name, gvk, value)
 				}
 			}
 		}
 	}
 }

-func (printer *PrometheusPrinter) printReports(allResources map[string]workloadinterface.IMetadata, frameworks []reporthandling.FrameworkReport) error {
+func (p *PrometheusPrinter) printReports(allResources map[string]workloadinterface.IMetadata, frameworks []reporthandling.FrameworkReport) error {
 	for _, frameworkReport := range frameworks {
 		for _, controlReport := range frameworkReport.ControlReports {
 			if controlReport.GetNumberOfResources() == 0 {
@@ -76,21 +76,24 @@ func (printer *PrometheusPrinter) printReports(allResources map[string]workloadi
 			if controlReport.Passed() {
 				continue // control passed, do not print results
 			}
-			fmt.Fprintf(printer.writer, "# Number of resources found as part of %s control %s\nkubescape_resources_found_count{framework=\"%s\",control=\"%s\"} %d\n", frameworkReport.Name, controlReport.Name, frameworkReport.Name, controlReport.Name, controlReport.GetNumberOfResources())
-			fmt.Fprintf(printer.writer, "# Number of resources excluded as part of %s control %s\nkubescape_resources_excluded_count{framework=\"%s\",control=\"%s\"} %d\n", frameworkReport.Name, controlReport.Name, frameworkReport.Name, controlReport.Name, controlReport.GetNumberOfWarningResources())
-			fmt.Fprintf(printer.writer, "# Number of resources failed as part of %s control %s\nkubescape_resources_failed_count{framework=\"%s\",control=\"%s\"} %d\n", frameworkReport.Name, controlReport.Name, frameworkReport.Name, controlReport.Name, controlReport.GetNumberOfFailedResources())
+			fmt.Fprintf(p.writer, "# Number of resources found as part of %s control %s\nkubescape_resources_found_count{framework=\"%s\",control=\"%s\"} %d\n", frameworkReport.Name, controlReport.Name, frameworkReport.Name, controlReport.Name, controlReport.GetNumberOfResources())
+			fmt.Fprintf(p.writer, "# Number of resources excluded as part of %s control %s\nkubescape_resources_excluded_count{framework=\"%s\",control=\"%s\"} %d\n", frameworkReport.Name, controlReport.Name, frameworkReport.Name, controlReport.Name, controlReport.GetNumberOfWarningResources())
+			fmt.Fprintf(p.writer, "# Number of resources failed as part of %s control %s\nkubescape_resources_failed_count{framework=\"%s\",control=\"%s\"} %d\n", frameworkReport.Name, controlReport.Name, frameworkReport.Name, controlReport.Name, controlReport.GetNumberOfFailedResources())

-			printer.printResources(allResources, controlReport.ListResourcesIDs(), frameworkReport.Name, controlReport.Name)
+			p.printResources(allResources, controlReport.ListResourcesIDs(), frameworkReport.Name, controlReport.Name)
 		}
 	}
 	return nil
 }

-func (printer *PrometheusPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+func (p *PrometheusPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
 	report := cautils.ReportV2ToV1(opaSessionObj)

-	err := printer.printReports(opaSessionObj.AllResources, report.FrameworkReports)
+	err := p.printReports(opaSessionObj.AllResources, report.FrameworkReports)
 	if err != nil {
 		logger.L().Fatal(err.Error())
+	} else {
+		printer.LogOutputFile(p.writer.Name())
 	}
+
 }
--- a/core/pkg/resultshandling/printer/v2/attacktracks.go
+++ b/core/pkg/resultshandling/printer/v2/attacktracks.go
@@ -0,0 +1,138 @@
+package printer
+
+import (
+	"fmt"
+	"os"
+	"sort"
+	"strconv"
+	"strings"
+
+	"github.com/fatih/color"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/gotree"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/prioritization"
+)
+
+const TOP_RESOURCE_COUNT = 15
+const TOP_VECTOR_COUNT = 10
+
+func (prettyPrinter *PrettyPrinter) printAttackTreeNode(node v1alpha1.IAttackTrackStep, depth int) {
+	prefix := strings.Repeat("\t", depth)
+	text := prefix + node.GetName() + "\n"
+	if len(node.GetControls()) > 0 {
+		color.Red(text)
+	} else {
+		color.Green(text)
+	}
+
+	for i := 0; i < node.Length(); i++ {
+		prettyPrinter.printAttackTreeNode(node.SubStepAt(i), depth+1)
+	}
+}
+
+func (prettyPrinter *PrettyPrinter) createFailedControlList(node v1alpha1.IAttackTrackStep) string {
+	var r string
+	for i, control := range node.GetControls() {
+		if i == 0 {
+			r = control.GetControlId()
+		} else {
+			r = fmt.Sprintf("%s, %s", r, control.GetControlId())
+		}
+	}
+	return r
+}
+
+func (prettyPrinter *PrettyPrinter) buildTreeFromAttackTrackStep(tree gotree.Tree, node v1alpha1.IAttackTrackStep) gotree.Tree {
+	nodeName := node.GetName()
+	if len(node.GetControls()) > 0 {
+		red := color.New(color.Bold, color.FgRed).SprintFunc()
+		nodeName = red(nodeName)
+	}
+
+	controlText := prettyPrinter.createFailedControlList(node)
+	if len(controlText) > 0 {
+		controlStyle := color.New(color.FgWhite, color.Faint).SprintFunc()
+		controlText = controlStyle(fmt.Sprintf(" (%s)", controlText))
+	}
+
+	subTree := gotree.New(nodeName + controlText)
+	for i := 0; i < node.Length(); i++ {
+		subTree.AddTree(prettyPrinter.buildTreeFromAttackTrackStep(tree, node.SubStepAt(i)))
+	}
+
+	if tree == nil {
+		return subTree
+	}
+
+	tree.AddTree(subTree)
+	return tree
+}
+
+func (prettyPrinter *PrettyPrinter) printResourceAttackGraph(attackTrack v1alpha1.IAttackTrack) {
+	tree := prettyPrinter.buildTreeFromAttackTrackStep(nil, attackTrack.GetData())
+	fmt.Fprintln(prettyPrinter.writer, tree.Print())
+}
+
+func getNumericValueFromEnvVar(envVar string, defaultValue int) int {
+	value := os.Getenv(envVar)
+	if value != "" {
+		if value, err := strconv.Atoi(value); err == nil {
+			return value
+		}
+	}
+	return defaultValue
+}
+func (prettyPrinter *PrettyPrinter) printAttackTracks(opaSessionObj *cautils.OPASessionObj) {
+	if prettyPrinter.printAttackTree == false || opaSessionObj.ResourceAttackTracks == nil {
+		return
+	}
+
+	// check if counters are set in env vars and use them, otherwise use default values
+	topResourceCount := getNumericValueFromEnvVar("ATTACK_TREE_TOP_RESOURCES", TOP_RESOURCE_COUNT)
+	topVectorCount := getNumericValueFromEnvVar("ATTACK_TREE_TOP_VECTORS", TOP_VECTOR_COUNT)
+
+	prioritizedResources := opaSessionObj.ResourcesPrioritized
+	resourceToAttackTrack := opaSessionObj.ResourceAttackTracks
+
+	resources := make([]prioritization.PrioritizedResource, 0, len(prioritizedResources))
+	for _, value := range prioritizedResources {
+		resources = append(resources, value)
+	}
+
+	sort.Slice(resources, func(i, j int) bool {
+		return resources[i].Score > resources[j].Score
+	})
+
+	for i := 0; i < topResourceCount && i < len(resources); i++ {
+		fmt.Fprintf(prettyPrinter.writer, "\n"+getSeparator("^")+"\n")
+		resource := resources[i]
+		resourceObj := opaSessionObj.AllResources[resource.ResourceID]
+
+		fmt.Fprintf(prettyPrinter.writer, "Name: %s\n", resourceObj.GetName())
+		fmt.Fprintf(prettyPrinter.writer, "Kind: %s\n", resourceObj.GetKind())
+		fmt.Fprintf(prettyPrinter.writer, "Namespace: %s\n\n", resourceObj.GetNamespace())
+
+		fmt.Fprintf(prettyPrinter.writer, "Score: %.2f\n", resource.Score)
+		fmt.Fprintf(prettyPrinter.writer, "Severity: %s\n", apis.SeverityNumberToString(resource.Severity))
+		fmt.Fprintf(prettyPrinter.writer, "Total vectors: %v\n\n", len(resources[i].PriorityVector))
+
+		prettyPrinter.printResourceAttackGraph(resourceToAttackTrack[resource.ResourceID])
+
+		sort.Slice(resource.PriorityVector, func(x, y int) bool {
+			return resource.PriorityVector[x].Score > resource.PriorityVector[y].Score
+		})
+
+		for j := 0; j < topVectorCount && j < len(resources[i].PriorityVector); j++ {
+			priorityVector := resource.PriorityVector[j]
+
+			vectorStrings := []string{}
+			for _, controlId := range priorityVector.ListControls() {
+				vectorStrings = append(vectorStrings, fmt.Sprintf("%s (%s)", controlId.Category, controlId.ControlID))
+			}
+
+			fmt.Fprintf(prettyPrinter.writer, "%v) [%.2f] [Severity: %v] [Attack Track: %v]: %v \n", j+1, priorityVector.Score, apis.SeverityNumberToString(priorityVector.Severity), priorityVector.AttackTrackName, strings.Join(vectorStrings, " -> "))
+		}
+	}
+}
--- a/core/pkg/resultshandling/printer/v2/controltable.go
+++ b/core/pkg/resultshandling/printer/v2/controltable.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	"fmt"
@@ -78,6 +78,19 @@ func getColor(controlSeverity int) color.Attribute {
 	}
 }

+func getSortedControlsIDs(controls reportsummary.ControlSummaries) [][]string {
+	controlIDs := make([][]string, 5)
+	for k := range controls {
+		c := controls[k]
+		i := apis.ControlSeverityToInt(c.GetScoreFactor())
+		controlIDs[i] = append(controlIDs[i], c.GetID())
+	}
+	for i := range controlIDs {
+		sort.Strings(controlIDs[i])
+	}
+	return controlIDs
+}
+
 func getSortedControlsNames(controls reportsummary.ControlSummaries) [][]string {
 	controlNames := make([][]string, 5)
 	for k := range controls {
--- a/core/pkg/resultshandling/printer/v2/html/report.gohtml
+++ b/core/pkg/resultshandling/printer/v2/html/report.gohtml
@@ -142,7 +142,7 @@
        <tr>
          <td class="resourceSeverityCell">{{ .Severity }}</td>
          <td class="resourceNameCell">{{ .Name }}</td>
-          <td class="resourceURLCell"><a href="https://hub.armosec.io/docs/{{ lower .URL }}">{{ .URL }}</a></td>
+          <td class="resourceURLCell"><a href="{{ lower .URL }}">{{ .ID }}</a></td>
          <td class="resourceRemediationCell">{{ range .FailedPaths }} <p>{{ . }}</p> {{ end }}</td>
        </tr>
        {{ end }}
--- a/core/pkg/resultshandling/printer/v2/htmlprinter.go
+++ b/core/pkg/resultshandling/printer/v2/htmlprinter.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	_ "embed"
@@ -38,17 +38,17 @@ func NewHtmlPrinter() *HtmlPrinter {
 	return &HtmlPrinter{}
 }

-func (htmlPrinter *HtmlPrinter) SetWriter(outputFile string) {
-	if outputFile == "" {
+func (hp *HtmlPrinter) SetWriter(outputFile string) {
+	if strings.TrimSpace(outputFile) == "" {
 		outputFile = htmlOutputFile
 	}
 	if filepath.Ext(strings.TrimSpace(outputFile)) != htmlOutputExt {
 		outputFile = outputFile + htmlOutputExt
 	}
-	htmlPrinter.writer = printer.GetWriter(outputFile)
+	hp.writer = printer.GetWriter(outputFile)
 }

-func (htmlPrinter *HtmlPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+func (hp *HtmlPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
 	tplFuncMap := template.FuncMap{
 		"sum": func(nums ...int) int {
 			total := 0
@@ -104,13 +104,16 @@ func (htmlPrinter *HtmlPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj

 	resourceTableView := buildResourceTableView(opaSessionObj)
 	reportingCtx := HTMLReportingCtx{opaSessionObj, resourceTableView}
-	err := tpl.Execute(htmlPrinter.writer, reportingCtx)
+	err := tpl.Execute(hp.writer, reportingCtx)
 	if err != nil {
 		logger.L().Error("failed to render template", helpers.Error(err))
+	} else {
+		printer.LogOutputFile(hp.writer.Name())
 	}
+
 }

-func (htmlPrinter *HtmlPrinter) Score(score float32) {
+func (hp *HtmlPrinter) Score(score float32) {
 	return
 }

@@ -130,17 +133,18 @@ func buildResourceTableView(opaSessionObj *cautils.OPASessionObj) ResourceTableV
 func buildResourceControlResult(resourceControl resourcesresults.ResourceAssociatedControl, control reportsummary.IControlSummary) ResourceControlResult {
 	ctlSeverity := apis.ControlSeverityToString(control.GetScoreFactor())
 	ctlName := resourceControl.GetName()
-	ctlURL := resourceControl.GetID()
+	ctlID := resourceControl.GetID()
+	ctlURL := cautils.GetControlLink(resourceControl.GetID())
 	failedPaths := append(failedPathsToString(&resourceControl), fixPathsToString(&resourceControl)...)

-	return ResourceControlResult{ctlSeverity, ctlName, ctlURL, failedPaths}
+	return ResourceControlResult{ctlSeverity, ctlName, ctlID, ctlURL, failedPaths}
 }

 func buildResourceControlResultTable(resourceControls []resourcesresults.ResourceAssociatedControl, summaryDetails *reportsummary.SummaryDetails) []ResourceControlResult {
 	var ctlResults []ResourceControlResult
 	for _, resourceControl := range resourceControls {
 		if resourceControl.GetStatus(nil).IsFailed() {
-			control := summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, resourceControl.GetName())
+			control := summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, resourceControl.GetID())
 			ctlResult := buildResourceControlResult(resourceControl, control)

 			ctlResults = append(ctlResults, ctlResult)
--- a/core/pkg/resultshandling/printer/v2/jsonprinter.go
+++ b/core/pkg/resultshandling/printer/v2/jsonprinter.go
@@ -1,9 +1,11 @@
-package v2
+package printer

 import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"path/filepath"
+	"strings"

 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
@@ -11,6 +13,11 @@ import (
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
 )

+const (
+	jsonOutputFile = "report"
+	jsonOutputExt  = ".json"
+)
+
 type JsonPrinter struct {
 	writer *os.File
 }
@@ -19,22 +26,29 @@ func NewJsonPrinter() *JsonPrinter {
 	return &JsonPrinter{}
 }

-func (jsonPrinter *JsonPrinter) SetWriter(outputFile string) {
-	jsonPrinter.writer = printer.GetWriter(outputFile)
+func (jp *JsonPrinter) SetWriter(outputFile string) {
+	if strings.TrimSpace(outputFile) == "" {
+		outputFile = jsonOutputFile
+	}
+	if filepath.Ext(strings.TrimSpace(outputFile)) != jsonOutputExt {
+		outputFile = outputFile + jsonOutputExt
+	}
+	jp.writer = printer.GetWriter(outputFile)
 }

-func (jsonPrinter *JsonPrinter) Score(score float32) {
+func (jp *JsonPrinter) Score(score float32) {
 	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", cautils.Float32ToInt(score))
 }

-func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+func (jp *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
 	r, err := json.Marshal(FinalizeResults(opaSessionObj))
 	if err != nil {
 		logger.L().Fatal("failed to Marshal posture report object")
 	}

-	logOUtputFile(jsonPrinter.writer.Name())
-	if _, err := jsonPrinter.writer.Write(r); err != nil {
+	if _, err := jp.writer.Write(r); err != nil {
 		logger.L().Error("failed to write results", helpers.Error(err))
+	} else {
+		printer.LogOutputFile(jp.writer.Name())
 	}
 }
--- a/core/pkg/resultshandling/printer/v2/junit.go
+++ b/core/pkg/resultshandling/printer/v2/junit.go
@@ -1,9 +1,11 @@
-package v2
+package printer

 import (
 	"encoding/xml"
 	"fmt"
 	"os"
+	"path/filepath"
+	"sort"
 	"strings"

 	logger "github.com/kubescape/go-logger"
@@ -11,9 +13,13 @@ import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
-	"github.com/kubescape/opa-utils/reporthandling/apis"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
-	"github.com/kubescape/opa-utils/reporthandling/results/v1/resourcesresults"
+	"github.com/kubescape/opa-utils/shared"
+)
+
+const (
+	junitOutputFile = "report"
+	junitOutputExt  = ".xml"
 )

 /*
@@ -36,7 +42,6 @@ type JUnitTestSuites struct {
 	XMLName  xml.Name         `xml:"testsuites"`
 	Suites   []JUnitTestSuite `xml:"testsuite"`     // list of controls
 	Errors   int              `xml:"errors,attr"`   // total number of tests with error result from all testsuites
-	Disabled int              `xml:"disabled,attr"` // total number of disabled tests from all testsuites
 	Failures int              `xml:"failures,attr"` // total number of failed tests from all testsuites
 	Tests    int              `xml:"tests,attr"`    // total number of tests from all testsuites. Some software may expect to only see the number of successful tests from all testsuites though
 	Time     string           `xml:"time,attr"`     // time in seconds to execute all test suites
@@ -46,8 +51,8 @@ type JUnitTestSuites struct {
 // JUnitTestSuite represents a single control
 type JUnitTestSuite struct {
 	XMLName    xml.Name        `xml:"testsuite"`
+	Tests      int             `xml:"tests,attr"`     // total number of tests from this testsuite. Some software may expect to only see the number of successful tests though
 	Name       string          `xml:"name,attr"`      // Full (class) name of the test for non-aggregated testsuite documents. Class name without the package for aggregated testsuites documents. Required
-	Disabled   int             `xml:"disabled,attr"`  // The total number of disabled tests in the suite. optional. not supported by maven surefire.
 	Errors     int             `xml:"errors,attr"`    // The total number of tests in the suite that errors
 	Failures   int             `xml:"failures,attr"`  // The total number of tests in the suite that failed
 	Hostname   string          `xml:"hostname,attr"`  // Host on which the tests were executed ? cluster name ?
@@ -55,7 +60,6 @@ type JUnitTestSuite struct {
 	Skipped    string          `xml:"skipped,attr"`   // The total number of skipped tests
 	Time       string          `xml:"time,attr"`      // Time taken (in seconds) to execute the tests in the suite
 	Timestamp  string          `xml:"timestamp,attr"` // when the test was executed in ISO 8601 format (2014-01-21T16:17:18)
-	File       string          `xml:"file,attr"`      // The file be tested
 	Properties []JUnitProperty `xml:"properties>property,omitempty"`
 	TestCases  []JUnitTestCase `xml:"testcase"`
 }
@@ -64,7 +68,6 @@ type JUnitTestSuite struct {
 type JUnitTestCase struct {
 	XMLName     xml.Name          `xml:"testcase"`
 	Classname   string            `xml:"classname,attr"` // Full class name for the class the test method is in. required
-	Status      string            `xml:"status,attr"`    // Status
 	Name        string            `xml:"name,attr"`      // Name of the test method, required
 	Time        string            `xml:"time,attr"`      // Time taken (in seconds) to execute the test. optional
 	SkipMessage *JUnitSkipMessage `xml:"skipped,omitempty"`
@@ -89,153 +92,141 @@ type JUnitFailure struct {
 	Contents string `xml:",chardata"`
 }

-const (
-	lineSeparator         = "\n===================================================================================================================\n\n"
-	testCaseTypeResources = "Resources"
-)
-
 func NewJunitPrinter(verbose bool) *JunitPrinter {
 	return &JunitPrinter{
 		verbose: verbose,
 	}
 }

-func (junitPrinter *JunitPrinter) SetWriter(outputFile string) {
-	junitPrinter.writer = printer.GetWriter(outputFile)
+func (jp *JunitPrinter) SetWriter(outputFile string) {
+	if strings.TrimSpace(outputFile) == "" {
+		outputFile = junitOutputFile
+	}
+	if filepath.Ext(strings.TrimSpace(outputFile)) != junitOutputExt {
+		outputFile = outputFile + junitOutputExt
+	}
+	jp.writer = printer.GetWriter(outputFile)
 }

-func (junitPrinter *JunitPrinter) Score(score float32) {
+func (jp *JunitPrinter) Score(score float32) {
 	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", cautils.Float32ToInt(score))
 }

-func (junitPrinter *JunitPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+func (jp *JunitPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
 	junitResult := testsSuites(opaSessionObj)
 	postureReportStr, err := xml.Marshal(junitResult)
 	if err != nil {
 		logger.L().Fatal("failed to Marshal xml result object", helpers.Error(err))
 	}

-	logOUtputFile(junitPrinter.writer.Name())
-	if _, err := junitPrinter.writer.Write(postureReportStr); err != nil {
+	if _, err := jp.writer.Write(postureReportStr); err != nil {
 		logger.L().Error("failed to write results", helpers.Error(err))
+	} else {
+		printer.LogOutputFile(jp.writer.Name())
 	}
 }

 func testsSuites(results *cautils.OPASessionObj) *JUnitTestSuites {
 	return &JUnitTestSuites{
 		Suites:   listTestsSuite(results),
-		Tests:    results.Report.SummaryDetails.NumberOfResources().All(),
+		Tests:    results.Report.SummaryDetails.NumberOfControls().All(),
 		Name:     "Kubescape Scanning",
-		Failures: results.Report.SummaryDetails.NumberOfResources().Failed(),
+		Failures: results.Report.SummaryDetails.NumberOfControls().Failed(),
 	}
 }
-
-// aggregate resources source to a list of resources results
-func sourceToResourcesResults(results *cautils.OPASessionObj) map[string][]resourcesresults.Result {
-	resourceResults := make(map[string][]resourcesresults.Result)
-	for i := range results.ResourceSource {
-		if r, ok := results.ResourcesResult[i]; ok {
-			if _, ok := resourceResults[results.ResourceSource[i].RelativePath]; !ok {
-				resourceResults[results.ResourceSource[i].RelativePath] = []resourcesresults.Result{}
-			}
-			resourceResults[results.ResourceSource[i].RelativePath] = append(resourceResults[results.ResourceSource[i].RelativePath], r)
-		}
-	}
-	return resourceResults
-}
-
-// listTestsSuite returns a list of testsuites
 func listTestsSuite(results *cautils.OPASessionObj) []JUnitTestSuite {
 	var testSuites []JUnitTestSuite
-	resourceResults := sourceToResourcesResults(results)
-	counter := 0
+
 	// control scan
-	for path, resourcesResult := range resourceResults {
+	if len(results.Report.SummaryDetails.ListFrameworks()) == 0 {
 		testSuite := JUnitTestSuite{}
+		testSuite.Tests = results.Report.SummaryDetails.NumberOfControls().All()
+		testSuite.Failures = results.Report.SummaryDetails.NumberOfControls().Failed()
 		testSuite.Timestamp = results.Report.ReportGenerationTime.String()
-		testSuite.ID = counter
-		counter++
-		testSuite.File = path
-		testSuite.TestCases = testsCases(results, resourcesResult)
-		if len(testSuite.TestCases) > 0 {
-			testSuites = append(testSuites, testSuite)
-		}
+		testSuite.ID = 0
+		testSuite.Name = "kubescape"
+		testSuite.Properties = properties(results.Report.SummaryDetails.Score)
+		testSuite.TestCases = testsCases(results, &results.Report.SummaryDetails.Controls, "Kubescape")
+		testSuites = append(testSuites, testSuite)
+		return testSuites
+	}
+
+	for i, f := range results.Report.SummaryDetails.Frameworks {
+		testSuite := JUnitTestSuite{}
+		testSuite.Tests = f.NumberOfControls().All()
+		testSuite.Failures = f.NumberOfControls().Failed()
+		testSuite.Timestamp = results.Report.ReportGenerationTime.String()
+		testSuite.ID = i
+		testSuite.Name = f.Name
+		testSuite.Properties = properties(f.Score)
+		testSuite.TestCases = testsCases(results, f.GetControls(), f.GetName())
+		testSuites = append(testSuites, testSuite)
 	}

 	return testSuites
 }
-
-func failedControlsToFailureMessage(results *cautils.OPASessionObj, controls []resourcesresults.ResourceAssociatedControl, severityCounter []int) string {
-	msg := ""
-	for _, c := range controls {
-		control := results.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, c.GetID())
-		if c.GetStatus(nil).IsFailed() {
-			msg += fmt.Sprintf("Test: %s\n", control.GetName())
-			msg += fmt.Sprintf("Severity: %s\n", apis.ControlSeverityToString(control.GetScoreFactor()))
-			msg += fmt.Sprintf("Remediation: %s\n", control.GetRemediation())
-			msg += fmt.Sprintf("Link: %s\n", getControlLink(control.GetID()))
-			if failedPaths := failedPathsToString(&c); len(failedPaths) > 0 {
-				msg += fmt.Sprintf("Failed paths: \n - %s\n", strings.Join(failedPaths, "\n - "))
-			}
-			if fixPaths := fixPathsToString(&c); len(fixPaths) > 0 {
-				msg += fmt.Sprintf("Available fix: \n - %s\n", strings.Join(fixPaths, "\n - "))
-			}
-			msg += "\n"
-
-			severityCounter[apis.ControlSeverityToInt(control.GetScoreFactor())] += 1
-		}
-	}
-	return msg
-}
-
-// Every testCase includes a file (even if the file contains several resources)
-func testsCases(results *cautils.OPASessionObj, resourcesResult []resourcesresults.Result) []JUnitTestCase {
+func testsCases(results *cautils.OPASessionObj, controls reportsummary.IControlsSummaries, classname string) []JUnitTestCase {
 	var testCases []JUnitTestCase
-	testCase := JUnitTestCase{}
-	testCaseFailure := JUnitFailure{}
-	testCaseFailure.Type = testCaseTypeResources
-	message := ""

-	// severityCounter represents the severities, 0: Unknown, 1: Low, 2: Medium, 3: High, 4: Critical
-	severityCounter := make([]int, apis.NumberOfSeverities, apis.NumberOfSeverities)
+	iter := controls.ListControlsIDs().All()
+	for iter.HasNext() {
+		cID := iter.Next()
+		testCase := JUnitTestCase{}
+		control := results.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, cID)
+
+		testCase.Name = control.GetName()
+		testCase.Classname = classname
+
+		if control.GetStatus().IsFailed() {
+			resources := map[string]interface{}{}
+			resourceIDs := control.ListResourcesIDs().Failed()
+			for j := range resourceIDs {
+				resource := results.AllResources[resourceIDs[j]]
+				sourcePath := ""
+				if ResourceSourcePath, ok := results.ResourceSource[resourceIDs[j]]; ok {
+					sourcePath = ResourceSourcePath.RelativePath
+				}
+				resources[resourceToString(resource, sourcePath)] = nil
+			}
+			resourcesStr := shared.MapStringToSlice(resources)
+			sort.Strings(resourcesStr)
+			testCaseFailure := JUnitFailure{}
+			testCaseFailure.Type = "Control"
+			// testCaseFailure.Contents =
+			testCaseFailure.Message = fmt.Sprintf("Remediation: %s\nMore details: %s\n\n%s", control.GetRemediation(), cautils.GetControlLink(control.GetID()), strings.Join(resourcesStr, "\n"))
+
+			testCase.Failure = &testCaseFailure
+		} else if control.GetStatus().IsSkipped() {
+			testCase.SkipMessage = &JUnitSkipMessage{
+				Message: "", // TODO - fill after statusInfo is supported
+			}

-	for i := range resourcesResult {
-		if failedControls := failedControlsToFailureMessage(results, resourcesResult[i].ListControls(), severityCounter); failedControls != "" {
-			message += fmt.Sprintf("%sResource: %s\n\n%s", lineSeparator, resourceNameToString(results.AllResources[resourcesResult[i].GetResourceID()]), failedControls)
 		}
-	}
-	testCaseFailure.Message += fmt.Sprintf("%s\n%s", getSummaryMessage(severityCounter), message)
-
-	testCase.Failure = &testCaseFailure
-	if testCase.Failure.Message != "" {
 		testCases = append(testCases, testCase)
 	}
-
 	return testCases
 }

-func getSummaryMessage(severityCounter []int) string {
-	total := 0
-	severities := ""
-	for i, count := range severityCounter {
-		if apis.SeverityNumberToString(i) == apis.SeverityNumberToString(apis.SeverityUnknown) {
-			continue
-		}
-		severities += fmt.Sprintf("%s: %d, ", apis.SeverityNumberToString(i), count)
-		total += count
-	}
-	if len(severities) == 0 {
-		return ""
-	}
-	return fmt.Sprintf("Total: %d (%s)", total, severities[:len(severities)-2])
-}
-
-func resourceNameToString(resource workloadinterface.IMetadata) string {
+func resourceToString(resource workloadinterface.IMetadata, sourcePath string) string {
+	sep := "; "
 	s := ""
-	s += fmt.Sprintf("kind=%s/", resource.GetKind())
+	s += fmt.Sprintf("apiVersion: %s", resource.GetApiVersion()) + sep
+	s += fmt.Sprintf("kind: %s", resource.GetKind()) + sep
 	if resource.GetNamespace() != "" {
-		s += fmt.Sprintf("namespace=%s/", resource.GetNamespace())
+		s += fmt.Sprintf("namespace: %s", resource.GetNamespace()) + sep
+	}
+	s += fmt.Sprintf("name: %s", resource.GetName())
+	if sourcePath != "" {
+		s += sep + fmt.Sprintf("sourcePath: %s", sourcePath)
 	}
-	s += fmt.Sprintf("name=%s", resource.GetName())
 	return s
 }
+
+func properties(riskScore float32) []JUnitProperty {
+	return []JUnitProperty{
+		{
+			Name:  "riskScore",
+			Value: fmt.Sprintf("%.2f", riskScore),
+		},
+	}
+}
--- a/core/pkg/resultshandling/printer/v2/pdf.go
+++ b/core/pkg/resultshandling/printer/v2/pdf.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	_ "embed"
@@ -39,22 +39,22 @@ func NewPdfPrinter() *PdfPrinter {
 	return &PdfPrinter{}
 }

-func (pdfPrinter *PdfPrinter) SetWriter(outputFile string) {
+func (pp *PdfPrinter) SetWriter(outputFile string) {
 	// Ensure to have an available output file, otherwise create it.
-	if outputFile == "" {
+	if strings.TrimSpace(outputFile) == "" {
 		outputFile = pdfOutputFile
 	}
 	// Ensure to have the right file extension.
 	if filepath.Ext(strings.TrimSpace(outputFile)) != pdfOutputExt {
 		outputFile = outputFile + pdfOutputExt
 	}
-	pdfPrinter.writer = printer.GetWriter(outputFile)
+	pp.writer = printer.GetWriter(outputFile)
 }

-func (pdfPrinter *PdfPrinter) Score(score float32) {
+func (pp *PdfPrinter) Score(score float32) {
 	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", cautils.Float32ToInt(score))
 }
-func (pdfPrinter *PdfPrinter) printInfo(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, infoMap []infoStars) {
+func (pp *PdfPrinter) printInfo(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, infoMap []infoStars) {
 	emptyRowCounter := 1
 	for i := range infoMap {
 		if infoMap[i].info != "" {
@@ -75,16 +75,16 @@ func (pdfPrinter *PdfPrinter) printInfo(m pdf.Maroto, summaryDetails *reportsumm

 }

-func (pdfPrinter *PdfPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
-	sortedControlNames := getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls)
+func (pp *PdfPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	sortedControlIDs := getSortedControlsIDs(opaSessionObj.Report.SummaryDetails.Controls)

 	infoToPrintInfo := mapInfoToPrintInfo(opaSessionObj.Report.SummaryDetails.Controls)
 	m := pdf.NewMaroto(consts.Portrait, consts.A4)
-	pdfPrinter.printHeader(m)
-	pdfPrinter.printFramework(m, opaSessionObj.Report.SummaryDetails.ListFrameworks())
-	pdfPrinter.printTable(m, &opaSessionObj.Report.SummaryDetails, sortedControlNames)
-	pdfPrinter.printFinalResult(m, &opaSessionObj.Report.SummaryDetails)
-	pdfPrinter.printInfo(m, &opaSessionObj.Report.SummaryDetails, infoToPrintInfo)
+	pp.printHeader(m)
+	pp.printFramework(m, opaSessionObj.Report.SummaryDetails.ListFrameworks())
+	pp.printTable(m, &opaSessionObj.Report.SummaryDetails, sortedControlIDs)
+	pp.printFinalResult(m, &opaSessionObj.Report.SummaryDetails)
+	pp.printInfo(m, &opaSessionObj.Report.SummaryDetails, infoToPrintInfo)

 	// Extrat output buffer.
 	outBuff, err := m.Output()
@@ -93,14 +93,15 @@ func (pdfPrinter *PdfPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj)
 		return
 	}

-	logOUtputFile(pdfPrinter.writer.Name())
-	if _, err := pdfPrinter.writer.Write(outBuff.Bytes()); err != nil {
+	if _, err := pp.writer.Write(outBuff.Bytes()); err != nil {
 		logger.L().Error("failed to write results", helpers.Error(err))
+	} else {
+		printer.LogOutputFile(pp.writer.Name())
 	}
 }

-// Print Kubescape logo and report date.
-func (pdfPrinter *PdfPrinter) printHeader(m pdf.Maroto) {
+// printHeader prints the Kubescape logo and report date
+func (pp *PdfPrinter) printHeader(m pdf.Maroto) {
 	// Retrieve current time (we need it for the report timestamp).
 	t := time.Now()
 	// Enconde PNG into Base64 to embed it into the pdf.
@@ -136,8 +137,8 @@ func (pdfPrinter *PdfPrinter) printHeader(m pdf.Maroto) {
 	m.Line(1)
 }

-// Print pdf frameworks after pdf header.
-func (pdfPrinter *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsummary.IFrameworkSummary) {
+// printFramework prints the PDF frameworks after the PDF header
+func (pp *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsummary.IFrameworkSummary) {
 	m.Row(10, func() {
 		m.Text(frameworksScoresToString(frameworks), props.Text{
 			Align:  consts.Center,
@@ -148,17 +149,17 @@ func (pdfPrinter *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsu
 	})
 }

-// Create pdf table
-func (pdfPrinter *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, sortedControlNames [][]string) {
+// printTable creates the PDF table
+func (pp *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, sortedControlIDs [][]string) {
 	headers := getControlTableHeaders()
 	infoToPrintInfoMap := mapInfoToPrintInfo(summaryDetails.Controls)
-	controls := make([][]string, len(sortedControlNames))
+	controls := make([][]string, len(sortedControlIDs))
 	for i := range controls {
 		controls[i] = make([]string, len(headers))
 	}
-	for i := len(sortedControlNames) - 1; i >= 0; i-- {
-		for _, c := range sortedControlNames[i] {
-			controls[i] = generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, c), infoToPrintInfoMap, true)
+	for i := len(sortedControlIDs) - 1; i >= 0; i-- {
+		for _, c := range sortedControlIDs[i] {
+			controls[i] = generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, c), infoToPrintInfoMap, true)
 		}
 	}

@@ -186,8 +187,8 @@ func (pdfPrinter *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsum
 	m.Row(2, func() {})
 }

-// Add final results.
-func (pdfPrinter *PdfPrinter) printFinalResult(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails) {
+// printFinalResult adds the final results
+func (pp *PdfPrinter) printFinalResult(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails) {
 	m.Row(_rowLen, func() {
 		m.Col(3, func() {
 			m.Text("Resource summary", props.Text{
--- a/core/pkg/resultshandling/printer/v2/prettyprinter.go
+++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go
@@ -1,8 +1,9 @@
-package v2
+package printer

 import (
 	"fmt"
 	"os"
+	"path/filepath"
 	"sort"
 	"strings"

@@ -17,94 +18,123 @@ import (
 	"github.com/olekukonko/tablewriter"
 )

+const (
+	prettyPrinterOutputFile = "report"
+	prettyPrinterOutputExt  = ".txt"
+)
+
 type PrettyPrinter struct {
-	formatVersion string
-	viewType      cautils.ViewTypes
-	writer        *os.File
-	verboseMode   bool
+	writer          *os.File
+	formatVersion   string
+	viewType        cautils.ViewTypes
+	verboseMode     bool
+	printAttackTree bool
 }

-func NewPrettyPrinter(verboseMode bool, formatVersion string, viewType cautils.ViewTypes) *PrettyPrinter {
+func NewPrettyPrinter(verboseMode bool, formatVersion string, attackTree bool, viewType cautils.ViewTypes) *PrettyPrinter {
 	return &PrettyPrinter{
-		verboseMode:   verboseMode,
-		formatVersion: formatVersion,
-		viewType:      viewType,
+		verboseMode:     verboseMode,
+		formatVersion:   formatVersion,
+		viewType:        viewType,
+		printAttackTree: attackTree,
 	}
 }

-func (prettyPrinter *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
-	fmt.Fprintf(prettyPrinter.writer, "\n"+getSeparator("^")+"\n")
+func (pp *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	fmt.Fprintf(pp.writer, "\n"+getSeparator("^")+"\n")

-	sortedControlNames := getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls) // ListControls().All())
+	sortedControlIDs := getSortedControlsIDs(opaSessionObj.Report.SummaryDetails.Controls) // ListControls().All())

-	switch prettyPrinter.viewType {
+	switch pp.viewType {
 	case cautils.ControlViewType:
-		prettyPrinter.printResults(&opaSessionObj.Report.SummaryDetails.Controls, opaSessionObj.AllResources, sortedControlNames)
+		pp.printResults(&opaSessionObj.Report.SummaryDetails.Controls, opaSessionObj.AllResources, sortedControlIDs)
 	case cautils.ResourceViewType:
-		if prettyPrinter.verboseMode {
-			prettyPrinter.resourceTable(opaSessionObj)
+		if pp.verboseMode {
+			pp.resourceTable(opaSessionObj)
 		}
 	}

-	prettyPrinter.printSummaryTable(&opaSessionObj.Report.SummaryDetails, sortedControlNames)
+	pp.printSummaryTable(&opaSessionObj.Report.SummaryDetails, sortedControlIDs)

+	// When writing to Stdout, we aren’t really writing to an output file,
+	// so no need to print that we are
+	if pp.writer.Name() != os.Stdout.Name() {
+		printer.LogOutputFile(pp.writer.Name())
+	}
+
+	pp.printAttackTracks(opaSessionObj)
 }

-func (prettyPrinter *PrettyPrinter) SetWriter(outputFile string) {
-	prettyPrinter.writer = printer.GetWriter(outputFile)
+func (pp *PrettyPrinter) SetWriter(outputFile string) {
+	// PrettyPrinter should accept Stdout at least by its full name (path)
+	// and follow the common behavior of outputting to a default filename
+	// otherwise
+	if outputFile == os.Stdout.Name() {
+		pp.writer = printer.GetWriter("")
+		return
+	}
+
+	if strings.TrimSpace(outputFile) == "" {
+		outputFile = prettyPrinterOutputFile
+	}
+	if filepath.Ext(strings.TrimSpace(outputFile)) != junitOutputExt {
+		outputFile = outputFile + prettyPrinterOutputExt
+	}
+
+	pp.writer = printer.GetWriter(outputFile)
 }

-func (prettyPrinter *PrettyPrinter) Score(score float32) {
+func (pp *PrettyPrinter) Score(score float32) {
 }

-func (prettyPrinter *PrettyPrinter) printResults(controls *reportsummary.ControlSummaries, allResources map[string]workloadinterface.IMetadata, sortedControlNames [][]string) {
-	for i := len(sortedControlNames) - 1; i >= 0; i-- {
-		for _, c := range sortedControlNames[i] {
-			controlSummary := controls.GetControl(reportsummary.EControlCriteriaName, c) //  summaryDetails.Controls ListControls().All() Controls.GetControl(ca)
-			prettyPrinter.printTitle(controlSummary)
-			prettyPrinter.printResources(controlSummary, allResources)
-			prettyPrinter.printSummary(c, controlSummary)
+func (pp *PrettyPrinter) printResults(controls *reportsummary.ControlSummaries, allResources map[string]workloadinterface.IMetadata, sortedControlIDs [][]string) {
+	for i := len(sortedControlIDs) - 1; i >= 0; i-- {
+		for _, c := range sortedControlIDs[i] {
+			controlSummary := controls.GetControl(reportsummary.EControlCriteriaID, c) //  summaryDetails.Controls ListControls().All() Controls.GetControl(ca)
+			pp.printTitle(controlSummary)
+			pp.printResources(controlSummary, allResources)
+			pp.printSummary(c, controlSummary)
 		}
 	}
 }

-func (prettyPrinter *PrettyPrinter) printSummary(controlName string, controlSummary reportsummary.IControlSummary) {
+func (pp *PrettyPrinter) printSummary(controlName string, controlSummary reportsummary.IControlSummary) {
 	if controlSummary.GetStatus().IsSkipped() {
 		return
 	}
-	cautils.SimpleDisplay(prettyPrinter.writer, "Summary - ")
-	cautils.SuccessDisplay(prettyPrinter.writer, "Passed:%v   ", controlSummary.NumberOfResources().Passed())
-	cautils.WarningDisplay(prettyPrinter.writer, "Excluded:%v   ", controlSummary.NumberOfResources().Excluded())
-	cautils.FailureDisplay(prettyPrinter.writer, "Failed:%v   ", controlSummary.NumberOfResources().Failed())
-	cautils.InfoDisplay(prettyPrinter.writer, "Total:%v\n", controlSummary.NumberOfResources().All())
+	cautils.SimpleDisplay(pp.writer, "Summary - ")
+	cautils.SuccessDisplay(pp.writer, "Passed:%v   ", controlSummary.NumberOfResources().Passed())
+	cautils.WarningDisplay(pp.writer, "Excluded:%v   ", controlSummary.NumberOfResources().Excluded())
+	cautils.FailureDisplay(pp.writer, "Failed:%v   ", controlSummary.NumberOfResources().Failed())
+	cautils.InfoDisplay(pp.writer, "Total:%v\n", controlSummary.NumberOfResources().All())
 	if controlSummary.GetStatus().IsFailed() {
-		cautils.DescriptionDisplay(prettyPrinter.writer, "Remediation: %v\n", controlSummary.GetRemediation())
+		cautils.DescriptionDisplay(pp.writer, "Remediation: %v\n", controlSummary.GetRemediation())
 	}
-	cautils.DescriptionDisplay(prettyPrinter.writer, "\n")
+	cautils.DescriptionDisplay(pp.writer, "\n")

 }
-func (prettyPrinter *PrettyPrinter) printTitle(controlSummary reportsummary.IControlSummary) {
-	cautils.InfoDisplay(prettyPrinter.writer, "[control: %s - %s] ", controlSummary.GetName(), getControlLink(controlSummary.GetID()))
+func (pp *PrettyPrinter) printTitle(controlSummary reportsummary.IControlSummary) {
+	cautils.InfoDisplay(pp.writer, "[control: %s - %s] ", controlSummary.GetName(), cautils.GetControlLink(controlSummary.GetID()))
 	switch controlSummary.GetStatus().Status() {
 	case apis.StatusSkipped:
-		cautils.InfoDisplay(prettyPrinter.writer, "skipped %v\n", emoji.ConfusedFace)
+		cautils.InfoDisplay(pp.writer, "skipped %v\n", emoji.ConfusedFace)
 	case apis.StatusFailed:
-		cautils.FailureDisplay(prettyPrinter.writer, "failed %v\n", emoji.SadButRelievedFace)
+		cautils.FailureDisplay(pp.writer, "failed %v\n", emoji.SadButRelievedFace)
 	case apis.StatusExcluded:
-		cautils.WarningDisplay(prettyPrinter.writer, "excluded %v\n", emoji.NeutralFace)
+		cautils.WarningDisplay(pp.writer, "excluded %v\n", emoji.NeutralFace)
 	case apis.StatusIrrelevant:
-		cautils.SuccessDisplay(prettyPrinter.writer, "irrelevant %v\n", emoji.ConfusedFace)
+		cautils.SuccessDisplay(pp.writer, "irrelevant %v\n", emoji.ConfusedFace)
 	case apis.StatusError:
-		cautils.WarningDisplay(prettyPrinter.writer, "error %v\n", emoji.ConfusedFace)
+		cautils.WarningDisplay(pp.writer, "error %v\n", emoji.ConfusedFace)
 	default:
-		cautils.SuccessDisplay(prettyPrinter.writer, "passed %v\n", emoji.ThumbsUp)
+		cautils.SuccessDisplay(pp.writer, "passed %v\n", emoji.ThumbsUp)
 	}
-	cautils.DescriptionDisplay(prettyPrinter.writer, "Description: %s\n", controlSummary.GetDescription())
+	cautils.DescriptionDisplay(pp.writer, "Description: %s\n", controlSummary.GetDescription())
 	if controlSummary.GetStatus().Info() != "" {
-		cautils.WarningDisplay(prettyPrinter.writer, "Reason: %v\n", controlSummary.GetStatus().Info())
+		cautils.WarningDisplay(pp.writer, "Reason: %v\n", controlSummary.GetStatus().Info())
 	}
 }
-func (prettyPrinter *PrettyPrinter) printResources(controlSummary reportsummary.IControlSummary, allResources map[string]workloadinterface.IMetadata) {
+func (pp *PrettyPrinter) printResources(controlSummary reportsummary.IControlSummary, allResources map[string]workloadinterface.IMetadata) {

 	workloadsSummary := listResultSummary(controlSummary, allResources)

@@ -112,35 +142,35 @@ func (prettyPrinter *PrettyPrinter) printResources(controlSummary reportsummary.
 	excludedWorkloads := groupByNamespaceOrKind(workloadsSummary, workloadSummaryExclude)

 	var passedWorkloads map[string][]WorkloadSummary
-	if prettyPrinter.verboseMode {
+	if pp.verboseMode {
 		passedWorkloads = groupByNamespaceOrKind(workloadsSummary, workloadSummaryPassed)
 	}
 	if len(failedWorkloads) > 0 {
-		cautils.FailureDisplay(prettyPrinter.writer, "Failed:\n")
-		prettyPrinter.printGroupedResources(failedWorkloads)
+		cautils.FailureDisplay(pp.writer, "Failed:\n")
+		pp.printGroupedResources(failedWorkloads)
 	}
 	if len(excludedWorkloads) > 0 {
-		cautils.WarningDisplay(prettyPrinter.writer, "Excluded:\n")
-		prettyPrinter.printGroupedResources(excludedWorkloads)
+		cautils.WarningDisplay(pp.writer, "Excluded:\n")
+		pp.printGroupedResources(excludedWorkloads)
 	}
 	if len(passedWorkloads) > 0 {
-		cautils.SuccessDisplay(prettyPrinter.writer, "Passed:\n")
-		prettyPrinter.printGroupedResources(passedWorkloads)
+		cautils.SuccessDisplay(pp.writer, "Passed:\n")
+		pp.printGroupedResources(passedWorkloads)
 	}

 }

-func (prettyPrinter *PrettyPrinter) printGroupedResources(workloads map[string][]WorkloadSummary) {
+func (pp *PrettyPrinter) printGroupedResources(workloads map[string][]WorkloadSummary) {
 	indent := "  "
 	for title, rsc := range workloads {
-		prettyPrinter.printGroupedResource(indent, title, rsc)
+		pp.printGroupedResource(indent, title, rsc)
 	}
 }

-func (prettyPrinter *PrettyPrinter) printGroupedResource(indent string, title string, rsc []WorkloadSummary) {
+func (pp *PrettyPrinter) printGroupedResource(indent string, title string, rsc []WorkloadSummary) {
 	preIndent := indent
 	if title != "" {
-		cautils.SimpleDisplay(prettyPrinter.writer, "%s%s\n", indent, title)
+		cautils.SimpleDisplay(pp.writer, "%s%s\n", indent, title)
 		indent += indent
 	}

@@ -152,7 +182,7 @@ func (prettyPrinter *PrettyPrinter) printGroupedResource(indent string, title st

 	sort.Strings(resources)
 	for i := range resources {
-		cautils.SimpleDisplay(prettyPrinter.writer, resources[i]+"\n")
+		cautils.SimpleDisplay(pp.writer, resources[i]+"\n")
 	}

 	indent = preIndent
@@ -186,33 +216,33 @@ func generateFooter(summaryDetails *reportsummary.SummaryDetails) []string {

 	return row
 }
-func (prettyPrinter *PrettyPrinter) printSummaryTable(summaryDetails *reportsummary.SummaryDetails, sortedControlNames [][]string) {
+func (pp *PrettyPrinter) printSummaryTable(summaryDetails *reportsummary.SummaryDetails, sortedControlIDs [][]string) {

 	if summaryDetails.NumberOfControls().All() == 0 {
-		fmt.Fprintf(prettyPrinter.writer, "\nKubescape did not scan any of the resources, make sure you are scanning valid kubernetes manifests (Deployments, Pods, etc.)\n")
+		fmt.Fprintf(pp.writer, "\nKubescape did not scan any of the resources, make sure you are scanning valid kubernetes manifests (Deployments, Pods, etc.)\n")
 		return
 	}
-	cautils.InfoTextDisplay(prettyPrinter.writer, "\n"+controlCountersForSummary(summaryDetails.NumberOfControls())+"\n")
-	cautils.InfoTextDisplay(prettyPrinter.writer, renderSeverityCountersSummary(&summaryDetails.SeverityCounters)+"\n\n")
+	cautils.InfoTextDisplay(pp.writer, "\n"+controlCountersForSummary(summaryDetails.NumberOfControls())+"\n")
+	cautils.InfoTextDisplay(pp.writer, renderSeverityCountersSummary(summaryDetails.GetResourcesSeverityCounters())+"\n\n")

 	// cautils.InfoTextDisplay(prettyPrinter.writer, "\n"+"Severities: SOME OTHER"+"\n\n")

-	summaryTable := tablewriter.NewWriter(prettyPrinter.writer)
+	summaryTable := tablewriter.NewWriter(pp.writer)
 	summaryTable.SetAutoWrapText(false)
 	summaryTable.SetHeader(getControlTableHeaders())
 	summaryTable.SetHeaderLine(true)
 	summaryTable.SetColumnAlignment(getColumnsAlignments())

-	printAll := prettyPrinter.verboseMode
+	printAll := pp.verboseMode
 	if summaryDetails.NumberOfResources().Failed() == 0 {
 		// if there are no failed controls, print the resource table and detailed information
 		printAll = true
 	}

 	infoToPrintInfo := mapInfoToPrintInfo(summaryDetails.Controls)
-	for i := len(sortedControlNames) - 1; i >= 0; i-- {
-		for _, c := range sortedControlNames[i] {
-			row := generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, c), infoToPrintInfo, printAll)
+	for i := len(sortedControlIDs) - 1; i >= 0; i-- {
+		for _, c := range sortedControlIDs[i] {
+			row := generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, c), infoToPrintInfo, printAll)
 			if len(row) > 0 {
 				summaryTable.Append(row)
 			}
@@ -224,16 +254,16 @@ func (prettyPrinter *PrettyPrinter) printSummaryTable(summaryDetails *reportsumm
 	summaryTable.Render()

 	// When scanning controls the framework list will be empty
-	cautils.InfoTextDisplay(prettyPrinter.writer, frameworksScoresToString(summaryDetails.ListFrameworks()))
+	cautils.InfoTextDisplay(pp.writer, frameworksScoresToString(summaryDetails.ListFrameworks()))

-	prettyPrinter.printInfo(infoToPrintInfo)
+	pp.printInfo(infoToPrintInfo)

 }

-func (prettyPrinter *PrettyPrinter) printInfo(infoToPrintInfo []infoStars) {
+func (pp *PrettyPrinter) printInfo(infoToPrintInfo []infoStars) {
 	fmt.Println()
 	for i := range infoToPrintInfo {
-		cautils.InfoDisplay(prettyPrinter.writer, fmt.Sprintf("%s %s\n", infoToPrintInfo[i].stars, infoToPrintInfo[i].info))
+		cautils.InfoDisplay(pp.writer, fmt.Sprintf("%s %s\n", infoToPrintInfo[i].stars, infoToPrintInfo[i].info))
 	}
 }

@@ -255,16 +285,12 @@ func frameworksScoresToString(frameworks []reportsummary.IFrameworkSummary) stri
 	return ""
 }

-func getControlLink(controlID string) string {
-	return fmt.Sprintf("https://hub.armosec.io/docs/%s", strings.ToLower(controlID))
-}
-
 // renderSeverityCountersSummary renders the string that reports severity counters summary
 func renderSeverityCountersSummary(counters reportsummary.ISeverityCounters) string {
-	critical := counters.NumberOfResourcesWithCriticalSeverity()
-	high := counters.NumberOfResourcesWithHighSeverity()
-	medium := counters.NumberOfResourcesWithMediumSeverity()
-	low := counters.NumberOfResourcesWithLowSeverity()
+	critical := counters.NumberOfCriticalSeverity()
+	high := counters.NumberOfHighSeverity()
+	medium := counters.NumberOfMediumSeverity()
+	low := counters.NumberOfLowSeverity()

 	return fmt.Sprintf(
 		"Failed Resources by Severity: Critical — %d, High — %d, Medium — %d, Low — %d",
--- a/core/pkg/resultshandling/printer/v2/printresults.go
+++ b/core/pkg/resultshandling/printer/v2/printresults.go
@@ -1,3 +1,3 @@
-package v2
+package printer

 var INDENT = "   "
--- a/core/pkg/resultshandling/printer/v2/prometheus.go
+++ b/core/pkg/resultshandling/printer/v2/prometheus.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	"fmt"
@@ -24,15 +24,15 @@ func NewPrometheusPrinter(verboseMode bool) *PrometheusPrinter {
 	}
 }

-func (prometheusPrinter *PrometheusPrinter) SetWriter(outputFile string) {
-	prometheusPrinter.writer = printer.GetWriter(outputFile)
+func (pp *PrometheusPrinter) SetWriter(outputFile string) {
+	pp.writer = printer.GetWriter(outputFile)
 }

-func (prometheusPrinter *PrometheusPrinter) Score(score float32) {
+func (pp *PrometheusPrinter) Score(score float32) {
 	fmt.Printf("\n# Overall risk-score (0- Excellent, 100- All failed)\nkubescape_score %d\n", cautils.Float32ToInt(score))
 }

-func (printer *PrometheusPrinter) generatePrometheusFormat(
+func (pp *PrometheusPrinter) generatePrometheusFormat(
 	resources map[string]workloadinterface.IMetadata,
 	results map[string]resourcesresults.Result,
 	summaryDetails *reportsummary.SummaryDetails) *Metrics {
@@ -44,12 +44,13 @@ func (printer *PrometheusPrinter) generatePrometheusFormat(
 	return m
 }

-func (printer *PrometheusPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+func (pp *PrometheusPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {

-	metrics := printer.generatePrometheusFormat(opaSessionObj.AllResources, opaSessionObj.ResourcesResult, &opaSessionObj.Report.SummaryDetails)
+	metrics := pp.generatePrometheusFormat(opaSessionObj.AllResources, opaSessionObj.ResourcesResult, &opaSessionObj.Report.SummaryDetails)

-	logOUtputFile(printer.writer.Name())
-	if _, err := printer.writer.Write([]byte(metrics.String())); err != nil {
+	if _, err := pp.writer.Write([]byte(metrics.String())); err != nil {
 		logger.L().Error("failed to write results", helpers.Error(err))
+	} else {
+		printer.LogOutputFile(pp.writer.Name())
 	}
 }
--- a/core/pkg/resultshandling/printer/v2/prometheusutils.go
+++ b/core/pkg/resultshandling/printer/v2/prometheusutils.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	"fmt"
@@ -289,7 +289,7 @@ func (m *Metrics) setRiskScores(summaryDetails *reportsummary.SummaryDetails) {
 			controlName: control.GetName(),
 			controlID:   control.GetID(),
 			riskScore:   cautils.Float32ToInt(control.GetScore()),
-			link:        getControlLink(control.GetID()),
+			link:        cautils.GetControlLink(control.GetID()),
 			severity:    apis.ControlSeverityToString(control.GetScoreFactor()),
 			remediation: control.GetRemediation(),
 		}
@@ -319,11 +319,13 @@ func (m *Metrics) setResourcesCounters(
 	resources map[string]workloadinterface.IMetadata,
 	results map[string]resourcesresults.Result) {

-	for resourceID, result := range results {
+	for resourceID, toPin := range results {
 		r, ok := resources[resourceID]
 		if !ok {
 			continue
 		}
+		result := toPin
+
 		passed, excluded, failed := resourceControlStatusCounters(&result)

 		mrc := mResources{}
@@ -339,5 +341,4 @@ func (m *Metrics) setResourcesCounters(

 		m.listResources = append(m.listResources, mrc)
 	}
-
 }
--- a/core/pkg/resultshandling/printer/v2/reportingstructs.go
+++ b/core/pkg/resultshandling/printer/v2/reportingstructs.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
@@ -14,6 +14,7 @@ type ResourceResult struct {
 type ResourceControlResult struct {
 	Severity    string
 	Name        string
+	ID          string
 	URL         string
 	FailedPaths []string
 }
--- a/core/pkg/resultshandling/printer/v2/resourcetable.go
+++ b/core/pkg/resultshandling/printer/v2/resourcetable.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	"fmt"
@@ -73,11 +73,11 @@ func generateResourceRows(controls []resourcesresults.ResourceAssociatedControl,
 			continue
 		}

-		row[resourceColumnURL] = fmt.Sprintf("https://hub.armosec.io/docs/%s", strings.ToLower(controls[i].GetID()))
+		row[resourceColumnURL] = cautils.GetControlLink(controls[i].GetID())
 		row[resourceColumnPath] = strings.Join(append(failedPathsToString(&controls[i]), fixPathsToString(&controls[i])...), "\n")
 		row[resourceColumnName] = controls[i].GetName()

-		if c := summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, controls[i].GetName()); c != nil {
+		if c := summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, controls[i].GetID()); c != nil {
 			row[resourceColumnSeverity] = getSeverityColumn(c)
 		}

--- a/core/pkg/resultshandling/printer/v2/sarifprinter.go
+++ b/core/pkg/resultshandling/printer/v2/sarifprinter.go
@@ -1,6 +1,7 @@
-package v2
+package printer

 import (
+	"fmt"
 	"os"
 	"path"
 	"path/filepath"
@@ -65,7 +66,7 @@ func (sp *SARIFPrinter) Score(score float32) {
 }

 func (sp *SARIFPrinter) SetWriter(outputFile string) {
-	if outputFile == "" {
+	if strings.TrimSpace(outputFile) == "" {
 		outputFile = sarifOutputFile
 	}
 	if filepath.Ext(strings.TrimSpace(outputFile)) != sarifOutputExt {
@@ -84,7 +85,7 @@ func (sp *SARIFPrinter) addRule(scanRun *sarif.Run, control reportsummary.IContr
 		WithDefaultConfiguration(configuration).
 		WithShortDescription(sarif.NewMultiformatMessageString(control.GetName())).
 		WithFullDescription(sarif.NewMultiformatMessageString(control.GetDescription())).
-		WithHelp(sarif.NewMultiformatMessageString(control.GetRemediation()))
+		WithHelp(sarif.NewMultiformatMessageString(sp.generateRemediationMessage(control)))
 }

 // addResult adds a result of checking a rule to the scan run based on the given control summary
@@ -128,7 +129,9 @@ func (sp *SARIFPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
 				logger.L().Debug("failed to create location resolver", helpers.Error(err))
 			}

-			for _, ac := range result.AssociatedControls {
+			for _, toPin := range result.AssociatedControls {
+				ac := toPin
+
 				if ac.GetStatus(nil).IsFailed() {
 					ctl := opaSessionObj.Report.SummaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, ac.GetID())
 					location := sp.resolveFixLocation(opaSessionObj, locationResolver, &ac, resourceID)
@@ -143,6 +146,8 @@ func (sp *SARIFPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
 	report.AddRun(run)

 	report.PrettyWrite(sp.writer)
+
+	printer.LogOutputFile(sp.writer.Name())
 }

 func (sp *SARIFPrinter) resolveFixLocation(opaSessionObj *cautils.OPASessionObj, locationResolver *locationresolver.FixPathLocationResolver, ac *resourcesresults.ResourceAssociatedControl, resourceID string) locationresolver.Location {
@@ -196,3 +201,8 @@ func getBasePathFromMetadata(opaSessionObj cautils.OPASessionObj) string {

 	return ""
 }
+
+// generateRemediationMessage generates a remediation message for the given control summary
+func (sp *SARIFPrinter) generateRemediationMessage(control reportsummary.IControlSummary) string {
+	return fmt.Sprintf("Remediation: %s", control.GetRemediation())
+}
--- a/core/pkg/resultshandling/printer/v2/sarifprinter_test.go
+++ b/core/pkg/resultshandling/printer/v2/sarifprinter_test.go
@@ -1,11 +1,11 @@
-package v2
+package printer

 import "testing"

 func Test_scoreToSeverityLevel(t *testing.T) {
 	tc := []struct {
 		Name               string
-		ScoreFactor              float32
+		ScoreFactor        float32
 		ExpectedSARIFLevel sarifSeverityLevel
 	}{
 		{"Score factor 1.0 should map to 'note' SARIF level", 1.0, sarifSeverityLevelNote},
--- a/core/pkg/resultshandling/printer/v2/silentprinter.go
+++ b/core/pkg/resultshandling/printer/v2/silentprinter.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	"github.com/kubescape/kubescape/v2/core/cautils"
--- a/core/pkg/resultshandling/printer/v2/summaryhelpers.go
+++ b/core/pkg/resultshandling/printer/v2/summaryhelpers.go
@@ -1,4 +1,4 @@
-package v2
+package printer

 import (
 	"github.com/kubescape/k8s-interface/k8sinterface"
--- a/core/pkg/resultshandling/printer/v2/utils.go
+++ b/core/pkg/resultshandling/printer/v2/utils.go
@@ -1,8 +1,6 @@
-package v2
+package printer

 import (
-	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/opa-utils/reporthandling"
@@ -27,7 +25,9 @@ func FinalizeResults(data *cautils.OPASessionObj) *reporthandlingv2.PostureRepor
 	report.Results = make([]resourcesresults.Result, len(data.ResourcesResult))
 	finalizeResults(report.Results, data.ResourcesResult, data.ResourcesPrioritized)

-	report.Resources = finalizeResources(report.Results, data.AllResources, data.ResourceSource)
+	if !data.OmitRawResources {
+		report.Resources = finalizeResources(report.Results, data.AllResources, data.ResourceSource)
+	}

 	return &report
 }
@@ -81,10 +81,3 @@ func finalizeResources(results []resourcesresults.Result, allResources map[strin
 	}
 	return resources
 }
-
-func logOUtputFile(fileName string) {
-	if fileName != "/dev/stdout" && fileName != "/dev/stderr" {
-		logger.L().Success("Scan results saved", helpers.String("filename", fileName))
-	}
-
-}
--- a/core/pkg/resultshandling/reporter/v2/mockreporter.go
+++ b/core/pkg/resultshandling/reporter/v2/mockreporter.go
@@ -1,15 +1,13 @@
-package v2
+package reporter

 import (
 	"fmt"
+	"net/url"
 	"os"

 	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 )

-const NO_SUBMIT_QUERY = "utm_source=GitHub&utm_medium=CLI&utm_campaign=no_submit"
-
 type ReportMock struct {
 	query   string
 	message string
@@ -32,11 +30,19 @@ func (reportMock *ReportMock) SetClusterName(clusterName string) {
 }

 func (reportMock *ReportMock) GetURL() string {
-	u := fmt.Sprintf("https://%s/account/sign-up", getter.GetKSCloudAPIConnector().GetCloudUIURL())
-	if reportMock.query != "" {
-		u += fmt.Sprintf("?%s", reportMock.query)
+	u, err := url.Parse(reportMock.query)
+	if err != nil || u.String() == "" {
+		return ""
 	}
-	return u
+
+	q := u.Query()
+	q.Add("utm_source", "GitHub")
+	q.Add("utm_medium", "CLI")
+	q.Add("utm_campaign", "Submit")
+
+	u.RawQuery = q.Encode()
+
+	return u.String()
 }

 func (reportMock *ReportMock) DisplayReportURL() {
@@ -44,8 +50,8 @@ func (reportMock *ReportMock) DisplayReportURL() {
 	sep := "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
 	message := sep + "\n"
 	message += "Scan results have not been submitted: " + reportMock.message + "\n"
-	if reportMock.query != "" {
-		message += "For more details: " + reportMock.query + "\n"
+	if link := reportMock.GetURL(); link != "" {
+		message += "For more details: " + link + "\n"
 	}
 	message += sep + "\n"
 	cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n%s\n", message))
--- a/core/pkg/resultshandling/reporter/v2/mockreporter_test.go
+++ b/core/pkg/resultshandling/reporter/v2/mockreporter_test.go
@@ -0,0 +1,43 @@
+package reporter
+
+import "testing"
+
+func TestReportMock_GetURL(t *testing.T) {
+	type fields struct {
+		query string
+	}
+	tests := []struct {
+		name   string
+		fields fields
+		want   string
+	}{
+		{
+			name: "TestReportMock_GetURL",
+			fields: struct {
+				query string
+			}{
+				query: "https://kubescape.io",
+			},
+			want: "https://kubescape.io?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub",
+		},
+		{
+			name: "TestReportMock_GetURL_empty",
+			fields: struct {
+				query string
+			}{
+				query: "",
+			},
+			want: "",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			reportMock := &ReportMock{
+				query: tt.fields.query,
+			}
+			if got := reportMock.GetURL(); got != tt.want {
+				t.Errorf("ReportMock.GetURL() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
@@ -1,4 +1,4 @@
-package v2
+package reporter

 import (
 	"encoding/json"
@@ -85,10 +85,18 @@ func (report *ReportEventReceiver) SetClusterName(clusterName string) {
 }

 func (report *ReportEventReceiver) prepareReport(opaSessionObj *cautils.OPASessionObj) error {
-	// All scans whose target is not a cluster, currently their target is a file, which is what the backend expects
-	// (e.g. local-git, directory, etc)
+	// The backend for Kubescape expects scanning targets to be either
+	// Clusters or Files, not other types we support (GitLocal, Directory
+	// etc). So, to submit a compatible report to the backend, we have to
+	// override the scanning target, submit the report and then restore the
+	// original value.
+	originalScanningTarget := opaSessionObj.Metadata.ScanMetadata.ScanningTarget
+
 	if opaSessionObj.Metadata.ScanMetadata.ScanningTarget != reporthandlingv2.Cluster {
 		opaSessionObj.Metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File
+		defer func() {
+			opaSessionObj.Metadata.ScanMetadata.ScanningTarget = originalScanningTarget
+		}()
 	}

 	report.initEventReceiverURL()
@@ -142,7 +150,7 @@ func (report *ReportEventReceiver) setResults(reportObj *reporthandlingv2.Postur
 		// set result.RawResource
 		resourceID := v.GetResourceID()
 		if _, ok := allResources[resourceID]; !ok {
-			return fmt.Errorf("expected to find raw resource object for '%s'", resourceID)
+			continue
 		}
 		resource := reporthandling.NewResourceIMetadata(allResources[resourceID])
 		if r, ok := resourcesSource[resourceID]; ok {
@@ -260,11 +268,11 @@ func (report *ReportEventReceiver) addPathURL(urlObj *url.URL) {
 	if report.customerAdminEMail != "" || report.token == "" { // data has been submitted
 		switch report.submitContext {
 		case SubmitContextScan:
-			urlObj.Path = fmt.Sprintf("configuration-scanning/%s", report.clusterName)
+			urlObj.Path = fmt.Sprintf("config-scanning/%s", report.clusterName)
 		case SubmitContextRBAC:
 			urlObj.Path = "rbac-visualizer"
 		case SubmitContextRepository:
-			urlObj.Path = fmt.Sprintf("repositories-scan/%s", report.reportID)
+			urlObj.Path = fmt.Sprintf("repository-scanning/%s", report.reportID)
 		default:
 			urlObj.Path = "dashboard"
 		}
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver_test.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver_test.go
@@ -1,10 +1,11 @@
-package v2
+package reporter

 import (
 	"net/url"
 	"testing"

 	"github.com/kubescape/kubescape/v2/core/cautils"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 	"github.com/stretchr/testify/assert"
 )

@@ -32,7 +33,7 @@ func TestReportEventReceiver_addPathURL(t *testing.T) {
 			want: &url.URL{
 				Scheme: "https",
 				Host:   "localhost:8080",
-				Path:   "configuration-scanning/test",
+				Path:   "config-scanning/test",
 			},
 		},
 	}
@@ -58,7 +59,7 @@ func TestGetURL(t *testing.T) {
 			"",
 			SubmitContextScan,
 		)
-		assert.Equal(t, "https://cloud.armosec.io/configuration-scanning/test?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", reporter.GetURL())
+		assert.Equal(t, "https://cloud.armosec.io/config-scanning/test?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", reporter.GetURL())
 	}

 	// Test rbac submit and registered url
@@ -88,7 +89,7 @@ func TestGetURL(t *testing.T) {
 			"XXXX",
 			SubmitContextRepository,
 		)
-		assert.Equal(t, "https://cloud.armosec.io/repositories-scan/XXXX?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", reporter.GetURL())
+		assert.Equal(t, "https://cloud.armosec.io/repository-scanning/XXXX?utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", reporter.GetURL())
 	}

 	// Test submit and NOT registered url
@@ -106,3 +107,49 @@ func TestGetURL(t *testing.T) {
 		assert.Equal(t, "https://cloud.armosec.io/account/sign-up?customerGUID=1234&invitationToken=token&utm_campaign=Submit&utm_medium=CLI&utm_source=GitHub", reporter.GetURL())
 	}
 }
+
+func Test_prepareReportKeepsOriginalScanningTarget(t *testing.T) {
+
+	// prepareReport should keep the original scanning target it received, and not mutate it
+	testCases := []struct {
+		Name string
+		Want reporthandlingv2.ScanningTarget
+	}{
+		{"Cluster", reporthandlingv2.Cluster},
+		{"File", reporthandlingv2.File},
+		{"Repo", reporthandlingv2.Repo},
+		{"GitLocal", reporthandlingv2.GitLocal},
+		{"Directory", reporthandlingv2.Directory},
+	}
+
+	reporter := NewReportEventReceiver(
+		&cautils.ConfigObj{
+			AccountID:   "1e3ae7c4-a8bb-4d7c-9bdf-eb86bc25e6bb",
+			Token:       "token",
+			ClusterName: "test",
+		},
+		"",
+		SubmitContextScan,
+	)
+
+	for _, tc := range testCases {
+		t.Run(tc.Name, func(t *testing.T) {
+			want := tc.Want
+
+			opaSessionObj := &cautils.OPASessionObj{
+				Report: &reporthandlingv2.PostureReport{},
+				Metadata: &reporthandlingv2.Metadata{
+					ScanMetadata: reporthandlingv2.ScanMetadata{ScanningTarget: want},
+				},
+			}
+
+			reporter.prepareReport(opaSessionObj)
+
+			got := opaSessionObj.Metadata.ScanMetadata.ScanningTarget
+			if got != want {
+				t.Errorf("Scanning targets don’t match after preparing report. Got: %v, want %v", got, want)
+			}
+		},
+		)
+	}
+}
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go
@@ -1,4 +1,4 @@
-package v2
+package reporter

 import (
 	"net/url"
@@ -45,8 +45,7 @@ func (report *ReportEventReceiver) setSubReport(opaSessionObj *cautils.OPASessio
 	if opaSessionObj.Metadata != nil {
 		reportObj.Metadata = *opaSessionObj.Metadata
 		if opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata != nil {
-			reportObj.ClusterCloudProvider = opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata.CloudProvider // DEPRECATED
-			reportObj.Metadata.ClusterMetadata = *opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata
+			reportObj.ClusterCloudProvider = opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata.CloudProvider // DEPRECATED - left here as fallback
 		}
 	}
 	return reportObj
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils_test.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils_test.go
@@ -1,4 +1,4 @@
-package v2
+package reporter

 import (
 	"net/url"
--- a/Show More
+++ b/Show More