Fixed filepath test (#1577 )

* remove unstable tests Signed-off-by: David Wertenteil <dwertent@armosec.io> * skip tests on windows Signed-off-by: David Wertenteil <dwertent@armosec.io> * temp: skip tests Signed-off-by: David Wertenteil <dwertent@armosec.io> --------- Signed-off-by: David Wertenteil <dwertent@armosec.io>
Fixed filepath test (#1576 )
2026-02-14 18:09:55 +00:00 · 2024-01-08 10:29:31 +02:00 · 2024-01-07 23:00:16 +02:00 · 2024-01-07 20:37:38 +02:00 · 2024-01-07 18:00:45 +02:00 · 2024-01-07 16:26:34 +02:00
346 changed files with 57958 additions and 8964 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +0,0 @@
-git2go
-kubescape
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
--- a/.github/workflows/00-pr-scanner.yaml
+++ b/.github/workflows/00-pr-scanner.yaml
@@ -1,4 +1,5 @@
 name: 00-pr_scanner
+permissions: read-all
 on:
  pull_request:
    types: [opened, reopened, synchronize, ready_for_review]
@@ -12,7 +13,7 @@ on:
      - 'docs/*'
      - 'build/*'
      - '.github/*'
-      
+
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
@@ -20,22 +21,49 @@ concurrency:
 jobs:
  pr-scanner:
    permissions:
+      actions: read
+      checks: read
+      contents: read
+      deployments: read
+      id-token: write
+      issues: read
+      discussions: read
+      packages: read
+      pages: read
      pull-requests: write
+      repository-projects: read
+      security-events: read
+      statuses: read
    uses: ./.github/workflows/a-pr-scanner.yaml
    with:
      RELEASE: ""
      CLIENT: test
    secrets: inherit
- 
+
  binary-build:
+    if: ${{ github.repository_owner == 'kubescape' }}
+    permissions:
+      actions: read
+      checks: read
+      contents: read
+      deployments: read
+      discussions: read
+      id-token: write
+      issues: read
+      packages: write
+      pages: read
+      pull-requests: read
+      repository-projects: read
+      security-events: read
+      statuses: read
    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
    with:
      COMPONENT_NAME: kubescape
      CGO_ENABLED: 1
      GO111MODULE: ""
-      GO_VERSION: "1.20"
-      RELEASE: ""
+      GO_VERSION: "1.21"
+      RELEASE: "latest"
      CLIENT: test
      ARCH_MATRIX: '[ "" ]'
-      OS_MATRIX: '[ "ubuntu-20.04" ]'
+      OS_MATRIX: '[ "ubuntu-20.04", "macos-latest", "windows-latest"]'
    secrets: inherit
--- a/.github/workflows/02-release.yaml
+++ b/.github/workflows/02-release.yaml
@@ -1,4 +1,5 @@
 name: 02-create_release
+permissions: read-all
 on:
  push:
    tags:
@@ -15,19 +16,45 @@ jobs:
        with:
          SUB_STRING: "-rc"
  binary-build:
+    permissions:
+      actions: read
+      checks: read
+      contents: read
+      deployments: read
+      discussions: read
+      id-token: write
+      issues: read
+      packages: write
+      pages: read
+      pull-requests: read
+      repository-projects: read
+      security-events: read
+      statuses: read
    needs: [retag]
    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
    with:
      COMPONENT_NAME: kubescape
      CGO_ENABLED: 1
      GO111MODULE: ""
-      GO_VERSION: "1.20"
+      GO_VERSION: "1.21"
      RELEASE: ${{ needs.retag.outputs.NEW_TAG }}
      CLIENT: release
    secrets: inherit
  create-release:
    permissions:
+      actions: read
+      checks: read
      contents: write
+      deployments: read
+      discussions: read
+      id-token: write
+      issues: read
+      packages: read
+      pages: read
+      pull-requests: read
+      repository-projects: read
+      statuses: read
+      security-events: read
    needs: [retag, binary-build]
    uses: ./.github/workflows/c-create-release.yaml
    with:
@@ -37,14 +64,24 @@ jobs:
    secrets: inherit
  publish-image:
    permissions:
-      id-token: write
-      packages: write
+      actions: read
+      checks: read
      contents: read
+      deployments: read
+      discussions: read
+      id-token: write
+      issues: read
+      packages: write
+      pages: read
+      pull-requests: read
+      repository-projects: read
+      security-events: read
+      statuses: read
    uses: ./.github/workflows/d-publish-image.yaml
    needs: [create-release, retag]
    with:
      client: "image-release"
-      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
+      image_name: "quay.io/${{ github.repository_owner }}/kubescape-cli"
      image_tag: ${{ needs.retag.outputs.NEW_TAG }}
      support_platforms: true
      cosign: true
--- a/.github/workflows/03-post-release.yaml
+++ b/.github/workflows/03-post-release.yaml
@@ -1,4 +1,5 @@
 name: 03-post_release
+permissions: read-all
 on:
  release:
    types: [published]
--- a/.github/workflows/04-publish-krew-plugin.yaml
+++ b/.github/workflows/04-publish-krew-plugin.yaml
@@ -1,4 +1,5 @@
 name: 04-publish_krew_plugin
+permissions: read-all
 on:
  push:
    tags:
--- a/.github/workflows/a-pr-scanner.yaml
+++ b/.github/workflows/a-pr-scanner.yaml
@@ -1,4 +1,5 @@
 name: a-pr-scanner
+permissions: read-all
 on:
  workflow_call:
    inputs:
@@ -22,14 +23,14 @@ jobs:
    name: PR Scanner
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
+      - uses: actions/checkout@v4
        with:
          fetch-depth: 0
          submodules: recursive
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # Install go because go-licenses use it ratchet:actions/setup-go@v3
+      - uses: actions/setup-go@v4
        name: Installing go
        with:
-          go-version: '1.20'
+          go-version: '1.21'
          cache: true
      - name: Scanning - Forbidden Licenses (go-licenses)
        id: licenses-scan
@@ -68,12 +69,12 @@ jobs:

      - name: Convert coverage count to lcov format
        uses: jandelgado/gcov2lcov-action@v1
-        
+
      - name: Submit coverage tests to Coveralls
        continue-on-error: true
        uses: coverallsapp/github-action@v1
        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
          path-to-lcov: coverage.lcov

      - name: Comment results to PR
--- a/.github/workflows/b-binary-build-and-e2e-tests.yaml
+++ b/.github/workflows/b-binary-build-and-e2e-tests.yaml
@@ -1,5 +1,5 @@
 name: b-binary-build-and-e2e-tests
-
+permissions: read-all
 on:
  workflow_dispatch:
    inputs:
@@ -18,7 +18,7 @@ on:
      GO_VERSION:
        required: false
        type: string
-        default: "1.20"
+        default: "1.21"
      GO111MODULE:
        required: false
        type: string
@@ -38,7 +38,7 @@ on:
      BINARY_TESTS:
        type: string
        required: false
-        default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score" ]'
+        default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score", "control_cluster_from_CLI_config_scan_exclude_namespaces", "control_cluster_from_CLI_config_scan_include_namespaces", "control_cluster_from_CLI_config_scan_host_scanner_enabled", "control_cluster_from_CLI_config_scan_MITRE_framework", "control_cluster_from_CLI_vulnerabilities_scan_default", "control_cluster_from_CLI_vulnerabilities_scan_include_namespaces" ]'

  workflow_call:
    inputs:
@@ -53,7 +53,7 @@ on:
        type: string
      GO_VERSION:
        type: string
-        default: "1.20"
+        default: "1.21"
      GO111MODULE:
        required: true
        type: string
@@ -62,7 +62,7 @@ on:
        default: 1
      BINARY_TESTS:
        type: string
-        default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score", "scan_custom_framework_scanning_file_scope_testing", "scan_custom_framework_scanning_cluster_scope_testing", "scan_custom_framework_scanning_cluster_and_file_scope_testing", "unified_configuration_config_view", "unified_configuration_config_set", "unified_configuration_config_delete" ]'
+        default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score", "scan_custom_framework_scanning_file_scope_testing", "scan_custom_framework_scanning_cluster_scope_testing", "scan_custom_framework_scanning_cluster_and_file_scope_testing" ]'
      OS_MATRIX:
        type: string
        required: false
@@ -71,7 +71,7 @@ on:
        type: string
        required: false
        default: '[ "", "arm64"]'
-  
+
 jobs:
  wf-preparation:
    name: secret-validator
@@ -115,7 +115,20 @@ jobs:
          echo "ARCH_MATRIX=$input" >> $GITHUB_OUTPUT
        env:
          input: ${{ inputs.ARCH_MATRIX }}
-      
+
+  check-secret:
+    name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets
+    runs-on: ubuntu-latest
+    outputs:
+      is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }}
+    steps:
+      - name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets
+        id: check-secret-set
+        env:
+          QUAYIO_REGISTRY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
+          QUAYIO_REGISTRY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
+        run: |
+          echo "is-secret-set=${{ env.QUAYIO_REGISTRY_USERNAME != '' && env.QUAYIO_REGISTRY_PASSWORD != '' }}" >> $GITHUB_OUTPUT

  binary-build:
    name: Create cross-platform build
@@ -194,11 +207,6 @@ jobs:
          echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
        if: matrix.os == 'ubuntu-20.04' && matrix.arch != ''

-      - name: Install MSYS2 & libgit2 (Windows)
-        shell: pwsh
-        run: .\build.ps1 all
-        if: matrix.os == 'windows-latest'
-
      - name: Install pkg-config (macOS)
        run: brew install pkg-config
        if: matrix.os == 'macos-latest'
@@ -207,13 +215,13 @@ jobs:
        run: ${{ env.DOCKER_CMD }} make libgit2${{ matrix.arch }}
        if: matrix.os != 'windows-latest'

-      - name: Test core pkg
-        run: ${{ env.DOCKER_CMD }} go test "-tags=static,gitenabled" -v ./...
-        if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"
+      # - name: Test core pkg
+      #   run: ${{ env.DOCKER_CMD }} go test -v ./...
+      #   if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"

-      - name: Test httphandler pkg
-        run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test "-tags=static,gitenabled" -v ./...'
-        if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"
+      # - name: Test httphandler pkg
+      #   run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test -v ./...'
+      #   if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"

      - name: Build
        env:
@@ -268,6 +276,39 @@ jobs:
          path: build/
          if-no-files-found: error

+  build-http-image:
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
+      pull-requests: read
+    needs: [check-secret]
+    uses: kubescape/workflows/.github/workflows/incluster-comp-pr-merged.yaml@main
+    with:
+      IMAGE_NAME: quay.io/${{ github.repository_owner }}/kubescape
+      IMAGE_TAG: ${{ inputs.RELEASE }}
+      COMPONENT_NAME: kubescape
+      CGO_ENABLED: 0
+      GO111MODULE: "on"
+      BUILD_PLATFORM: linux/amd64,linux/arm64
+      GO_VERSION: "1.21"
+      REQUIRED_TESTS: '[
+                "ks_microservice_create_2_cronjob_mitre_and_nsa_proxy", 
+                "ks_microservice_triggering_with_cron_job",
+                "ks_microservice_update_cronjob_schedule",
+                "ks_microservice_delete_cronjob",
+                "ks_microservice_create_2_cronjob_mitre_and_nsa",
+                "ks_microservice_ns_creation",
+                "ks_microservice_on_demand",
+                "ks_microservice_mitre_framework_on_demand",
+                "ks_microservice_nsa_and_mitre_framework_demand",
+                "scan_compliance_score"
+              ]'
+      COSIGN: true
+      HELM_E2E_TEST: true
+      FORCE: true
+    secrets: inherit
+
  run-tests:
    strategy:
      fail-fast: false
--- a/.github/workflows/build-image.yaml
+++ b/.github/workflows/build-image.yaml
@@ -1,5 +1,5 @@
 name: build-image
-
+permissions: read-all
 on:
    workflow_dispatch:
      inputs:
@@ -19,16 +19,23 @@ on:
            required: false
            default: false
 jobs:
-  publish-image:
+  build-http-image:
    permissions:
      id-token: write
      packages: write
      contents: read
-    uses: ./.github/workflows/d-publish-image.yaml
+      pull-requests: read
+    uses: kubescape/workflows/.github/workflows/incluster-comp-pr-merged.yaml@main
    with:
-      client: ${{ inputs.CLIENT }}
-      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
-      image_tag: ${{ inputs.IMAGE_TAG }}
-      support_platforms: ${{ inputs.PLATFORMS }}
-      cosign: ${{ inputs.CO_SIGN }}
-    secrets: inherit
+      IMAGE_NAME: quay.io/${{ github.repository_owner }}/kubescape
+      IMAGE_TAG: ${{ inputs.IMAGE_TAG }}
+      COMPONENT_NAME: kubescape
+      CGO_ENABLED: 0
+      GO111MODULE: "on"
+      BUILD_PLATFORM: ${{ inputs.PLATFORMS && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
+      GO_VERSION: "1.21"
+      REQUIRED_TESTS: '[]'
+      COSIGN: ${{ inputs.CO_SIGN }}
+      HELM_E2E_TEST: false
+      FORCE: true
+    secrets: inherit
--- a/.github/workflows/c-create-release.yaml
+++ b/.github/workflows/c-create-release.yaml
@@ -1,4 +1,5 @@
 name: c-create_release
+permissions: read-all
 on:
  workflow_call:
    inputs:
--- a/.github/workflows/codesee-arch-diagram.yml
+++ b/.github/workflows/codesee-arch-diagram.yml
@@ -1,30 +0,0 @@
-# This workflow was added by CodeSee. Learn more at https://codesee.io/
-# This is v2.0 of this workflow file
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-    paths-ignore:
-    - '**.yaml'
-    - '**.yml'
-    - '**.md'
-    - '**.sh'
-    - 'website/*'
-    - 'examples/*'
-    - 'docs/*'
-    - 'build/*'
-    - '.github/*'  
-
-name: CodeSee
-
-permissions: read-all
-
-jobs:
-  codesee:
-    runs-on: ubuntu-latest
-    continue-on-error: true
-    name: Analyze the repo with CodeSee
-    steps:
-      - uses: Codesee-io/codesee-action@v2
-        with:
-          codesee-token: ${{ secrets.CODESEE_ARCH_DIAG_API_TOKEN }}
-          codesee-url: https://app.codesee.io
--- a/.github/workflows/comments.yaml
+++ b/.github/workflows/comments.yaml
@@ -1,14 +1,13 @@
 name: pr-agent
-
+permissions: read-all
 on:
  issue_comment:

-permissions:
-  issues: write
-  pull-requests: write
-
 jobs:
  pr_agent:
+    permissions:
+      issues: write
+      pull-requests: write
    runs-on: ubuntu-latest
    name: Run pr agent on every pull request, respond to user comments
    steps:
@@ -19,5 +18,3 @@ jobs:
        env:
          OPENAI_KEY: ${{ secrets.OPENAI_KEY }}
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-   
-
--- a/.github/workflows/d-publish-image.yaml
+++ b/.github/workflows/d-publish-image.yaml
@@ -1,4 +1,5 @@
 name: d-publish-image
+permissions: read-all
 on:
  workflow_call:
    inputs:
@@ -38,7 +39,8 @@ jobs:
          QUAYIO_REGISTRY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
        run: |
          echo "is-secret-set=${{ env.QUAYIO_REGISTRY_USERNAME != '' && env.QUAYIO_REGISTRY_PASSWORD != '' }}" >> $GITHUB_OUTPUT
-  build-image:
+
+  build-cli-image:
    needs: [check-secret]
    if: needs.check-secret.outputs.is-secret-set == 'true'
    name: Build image and upload to registry
@@ -56,19 +58,39 @@ jobs:
          QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
          QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
        run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
-      - name: Build and push image
-        if: ${{ inputs.support_platforms }}
-        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push --platform linux/amd64,linux/arm64
-      - name: Build and push image without amd64/arm64 support
-        if: ${{ !inputs.support_platforms }}
-        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push
-      - name: Install cosign
-        uses: sigstore/cosign-installer@4079ad3567a89f68395480299c77e40170430341 # ratchet:sigstore/cosign-installer@main
+      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
+        id: download-artifact
        with:
-          cosign-release: 'v1.12.0'
+          path: .
+      - name: mv kubescape amd64 binary
+        run: mv kubescape-ubuntu-latest/kubescape-ubuntu-latest kubescape-amd64-ubuntu-latest
+      - name: mv kubescape arm64 binary
+        run: mv kubescape-ubuntu-latest/kubescape-arm64-ubuntu-latest kubescape-arm64-ubuntu-latest
+      - name: chmod +x
+        run: chmod +x -v kubescape-a*
+      - name: Build and push images
+        run: docker buildx build . --file build/kubescape-cli.Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push --platform linux/amd64,linux/arm64
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v2.2.2'
      - name: sign kubescape container image
        if: ${{ inputs.cosign }}
        env:
          COSIGN_EXPERIMENTAL: "true"
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY_V1 }}
+          COSIGN_PRIVATE_KEY_PASSWORD: ${{ secrets.COSIGN_PRIVATE_KEY_V1_PASSWORD }}
+          COSIGN_PUBLIC_KEY: ${{ secrets.COSIGN_PUBLIC_KEY_V1 }}
        run: |
-          cosign sign --force ${{ inputs.image_name }}
+            # Sign the image with keyless mode
+            cosign sign -y ${{ inputs.image_name }}:${{ inputs.image_tag }}
+
+            # Sign the image with key for verifier clients without keyless support
+            # Put the key from environment variable to a file
+            echo "$COSIGN_PRIVATE_KEY" > cosign.key
+            printf "$COSIGN_PRIVATE_KEY_PASSWORD" | cosign sign -key cosign.key -y ${{ inputs.image_name }}:${{ inputs.image_tag }}
+            rm cosign.key
+            # Verify the image
+            echo "$COSIGN_PUBLIC_KEY" > cosign.pub
+            cosign verify -key cosign.pub ${{ inputs.image_name }}:${{ inputs.image_tag }}
+
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -0,0 +1,72 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+  # For Branch-Protection check. Only the default branch is supported. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+  branch_protection_rule:
+  # To guarantee Maintained check is occasionally updated. See
+  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+  schedule:
+    - cron: '0 00 * * 1'
+  push:
+    branches: [ "master" ]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+  analysis:
+    name: Scorecard analysis
+    runs-on: ubuntu-latest
+    permissions:
+      # Needed to upload the results to code-scanning dashboard.
+      security-events: write
+      # Needed to publish results and get a badge (see publish_results below).
+      id-token: write
+      # Uncomment the permissions below if installing in a private repository.
+      # contents: read
+      # actions: read
+
+    steps:
+      - name: "Checkout code"
+        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        with:
+          persist-credentials: false
+
+      - name: "Run analysis"
+        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        with:
+          results_file: results.sarif
+          results_format: sarif
+          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+          # - you want to enable the Branch-Protection check on a *public* repository, or
+          # - you are installing Scorecard on a *private* repository
+          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+          # Public repositories:
+          #   - Publish results to OpenSSF REST API for easy access by consumers
+          #   - Allows the repository to include the Scorecard badge.
+          #   - See https://github.com/ossf/scorecard-action#publishing-results.
+          # For private repositories:
+          #   - `publish_results` will always be set to `false`, regardless
+          #     of the value entered here.
+          publish_results: true
+
+      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+      # format to the repository Actions tab.
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      # Upload the results to GitHub's code scanning dashboard.
+      - name: "Upload to code-scanning"
+        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        with:
+          sarif_file: results.sarif
--- a/.github/workflows/z-close-typos-issues.yaml
+++ b/.github/workflows/z-close-typos-issues.yaml
@@ -1,3 +1,4 @@
+permissions: read-all
 on:
  issues:
    types: [opened, labeled]
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,6 @@
 *.vs*
 *kubescape*
+!*Dockerfile*
 *debug*
 *vendor*
 *.pyc*
@@ -7,4 +8,4 @@
 .history
 ca.srl
 *.out
-ks
+ks
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@@ -0,0 +1,22 @@
+# Adopters
+
+# Well-known companies
+Well-known companies who are using and/or contributing to Kubescape are (in alphabetical order):
+* Accenture
+* Amazon.com
+* IBM
+* Intel
+* Meetup
+* RedHat
+* Scaleway
+
+# Users
+
+If you want to be listed here and share with others your experience, open a PR and add the bellow table:
+
+
+| Name | Company | Use case | Contact for questions (optional) |
+| ---- | ------- | -------- | -------------------------------- |
+| Yonathan Amzallag | ARMO | Vulnerability monitoring | yonatana@armosec.io |
+| Engin Diri | Schwarz IT (SIT) | Ensure continuous compliance for edge k8s cluster | engin.diri@mail.schwarz |
+| Idan Bidani | Cox Communications | Security analysis for k8s best practices in CI pipelines of 3,000 applications 🔒☸ | idan.bidani@cox.com |
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -0,0 +1,65 @@
+# Governance of Kubescape
+
+## Overview
+
+The Kubescape project is an open-source initiative dedicated to improve security and best practices in Kubernetes environments. This document outlines the governance structure of the Kubescape project and provides guidance for its community contributors.
+
+## Decision Making
+
+### Maintainers
+
+- Maintainers are responsible for the smooth operation of the project.
+- They review and merge pull requests, manage releases, and ensure the quality and stability of the codebase.
+- Maintainers are chosen based on their ongoing contributions and their demonstrated commitment to the project.
+- Everyone who had at least 5 code contribution in the last 12 month can submit her/himself for joining the maintainer team
+- Maintainers who are not taken part in the project work (code, reviews, discussions) for 12 month are automaticaly removed from the maintainer team
+
+
+### Committers
+
+- Committers are contributors who have made significant and consistent contributions to the project.
+- They have the ability to merge minor pull requests if assigned by maintainers.
+- A contributor can be proposed as a committer by any existing maintainer. The proposal will be reviewed and voted on by the existing maintainers.
+
+### Community Members
+
+- Anyone can become a community member by contributing to the project. This can be in the form of code contributions, documentation, or any other form of project support.
+
+## Processes
+
+### Proposing Changes
+
+1. Open an issue on the project repository to discuss the proposed change.
+2. Once there is consensus around the proposed change, create a pull request.
+3. Pull requests will be reviewed by committers and/or maintainers.
+4. Once the pull request has received approval, it can be merged into the main codebase.
+
+### Conflict Resolution
+
+1. In case of any conflicts, it is primarily the responsibility of the parties involved to resolve it.
+2. If the conflict cannot be resolved, it will be escalated to the maintainers for resolution.
+3. Maintainers' decision will be final in case of unresolved conflicts.
+
+## Roles and Responsibilities
+
+### Maintainers
+
+- Ensure the quality and stability of the project.
+- Resolve conflicts.
+- Provide direction and set priorities for the project.
+
+### Committers
+
+- Review and merge minor pull requests.
+- Assist maintainers in project tasks.
+- Promote best practices within the community.
+
+### Community Members
+
+- Contribute to the project in any form.
+- Participate in discussions and provide feedback.
+- Respect the code of conduct and governance of the project.
+
+## Changes to the Governance Document
+
+Proposed changes to this governance document should follow the same process as any other code change to the Kubescape project (see "Proposing Changes").
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -1,11 +1,12 @@
 # Maintainers

-The following table lists the Kubescape project maintainers:
+The following table lists the Kubescape project core maintainers:

 | Name | GitHub | Organization | Added/Renewed On |
 | --- | --- | --- | --- |
+| [Matthias Bertschy](https://www.linkedin.com/in/matthias-bertschy-b427b815/) | [@matthyx](https://github.com/matthyx) | [ARMO](https://www.armosec.io/) | 2023-01-01 |
+| [Craig Box](https://www.linkedin.com/in/crbnz/) | [@craigbox](https://github.com/craigbox) | [Solo.io](https://www.solo.io/) | 2022-10-31 |
 | [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
 | [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | [ARMO](https://www.armosec.io/) | 2021-10-11 |
 | [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
-| [Bezalel Brandwine](https://www.linkedin.com/in/bezalel-brandwine) | [@Bezbran](https://github.com/Bezbran) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
-| [Craig Box](https://www.linkedin.com/in/crbnz/) | [@craigbox](https://github.com/craigbox) | [ARMO](https://www.armosec.io/) | 2022-10-31 |
+
--- a/README.md
+++ b/README.md
@@ -4,7 +4,13 @@
 [![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-Ready--to--Code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/kubescape/kubescape)
 [![GitHub](https://img.shields.io/github/license/kubescape/kubescape)](https://github.com/kubescape/kubescape/blob/master/LICENSE)
 [![CNCF](https://shields.io/badge/CNCF-Sandbox%20project-blue?logo=linux-foundation&style=flat)](https://landscape.cncf.io/card-mode?project=sandbox&selected=kubescape)
+[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubescape)](https://artifacthub.io/packages/search?repo=kubescape)
+[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fkubescape%2Fkubescape.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fkubescape%2Fkubescape?ref=badge_shield&issueType=license)
+[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6944/badge)](https://www.bestpractices.dev/projects/6944)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kubescape/kubescape/badge)](https://securityscorecards.dev/viewer/?uri=github.com/kubescape/kubescape)
+[![Stars](https://img.shields.io/github/stars/kubescape/kubescape?style=social)](https://github.com/kubescape/kubescape/stargazers)
 [![Twitter Follow](https://img.shields.io/twitter/follow/kubescape?style=social)](https://twitter.com/kubescape)
+[![Slack](https://img.shields.io/badge/slack-kubescape-blueviolet?logo=slack)](https://cloud-native.slack.com/archives/C04EY3ZF9GE)

 # Kubescape

@@ -14,16 +20,18 @@
  <img alt="Kubescape logo" align="right" src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/color/kubescape-stacked-color.svg" width="150">
 </picture>

-_An open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters_
+_An open-source Kubernetes security platform for your clusters, CI/CD pipelines, and IDE that seperates out the security signal from the scanner noise_

-Kubescape is an open-source Kubernetes security platform. It includes risk analysis, security compliance, and misconfiguration scanning. Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.
+Kubescape is an open-source Kubernetes security platform, built for use in your day-to-day workflow, by fitting into your clusters, CI/CD pipelines and IDE. It serves as a one-stop-shop for Kuberenetes security and includes vulnerability and misconfiguration scanning. You can run scans via the CLI, or add the Kubescape Helm chart, which gives an in-depth view of what is going on in the cluster.
+
+Kubescape includes misconfiguration and vulnerability scanning as well as risk analysis and security compliance indicators. All results are presented in context and users get many cues on what to do based on scan results.Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.

 Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) and the [CIS Benchmark](https://www.armosec.io/blog/cis-kubernetes-benchmark-framework-scanning-tools-comparison/?utm_source=github&utm_medium=repository)).

 Kubescape was created by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository) and is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/).

 ## Demo
-<img src="docs/img/demo.gif">
+<img src="docs/img/demo-v3.gif">

 _Please [star ⭐](https://github.com/kubescape/kubescape/stargazers) the repo if you want us to continue developing and improving Kubescape! 😀_

@@ -69,7 +77,11 @@ We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, on the firs

 The Kubescape project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).

-## Contributions 
+### Adopters
+
+See [here](ADOPTERS.md) a list of adopters.
+
+## Contributions

 Thanks to all our contributors!  Check out our [CONTRIBUTING](CONTRIBUTING.md) file to learn how to join them.

@@ -83,6 +95,10 @@ Thanks to all our contributors!  Check out our [CONTRIBUTING](CONTRIBUTING.md) f
  <img src = "https://contrib.rocks/image?repo=kubescape/kubescape"/>
 </a>

+## Changelog
+
+Kubescape changes are tracked on the [release](https://github.com/kubescape/kubescape/releases) page
+
 ## License

 Copyright 2021-2023, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
--- a/SECURITY-INSIGHTS.yml
+++ b/SECURITY-INSIGHTS.yml
@@ -0,0 +1,52 @@
+header:
+  schema-version: 1.0.0
+  last-updated: '2023-10-12'
+  last-reviewed: '2023-10-12'
+  expiration-date: '2024-10-12T01:00:00.000Z'
+  project-url: https://github.com/kubescape/kubescape/
+  project-release: '1.0.0'
+project-lifecycle:
+  status: active
+  bug-fixes-only: false
+  core-maintainers:
+  - github:slashben
+  - github:craigbox
+  - github:matthyx
+  - github:dwertent
+contribution-policy:
+  accepts-pull-requests: true
+  accepts-automated-pull-requests: false
+  code-of-conduct: https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md
+dependencies:
+  third-party-packages: true
+  dependencies-lists:
+  - https://github.com/kubescape/kubescape/blob/master/go.mod
+  - https://github.com/kubescape/kubescape/blob/master/httphandler/go.mod
+  env-dependencies-policy:
+    policy-url: https://github.com/kubescape/kubescape/blob/master/docs/environment-dependencies-policy.md
+documentation:
+- https://github.com/kubescape/kubescape/tree/master/docs
+distribution-points:
+- https://github.com/kubescape/kubescape/
+security-artifacts:
+  threat-model:
+    threat-model-created: false
+security-testing:
+- tool-type: sca
+  tool-name: Dependabot
+  tool-version: latest
+  integration:
+    ad-hoc: false
+    ci: true
+    before-release: true
+  comment: |
+    Dependabot is enabled for this repo.
+security-contacts:
+- type: email
+  value: cncf-kubescape-maintainers@lists.cncf.io
+vulnerability-reporting:
+  accepts-vulnerability-reports: true
+  security-policy: https://github.com/kubescape/kubescape/security/policy
+  email-contact: cncf-kubescape-maintainers@lists.cncf.io
+  comment: |
+    The first and best way to report a vulnerability is by using private security issues in GitHub.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -0,0 +1,7 @@
+# Reporting Security Issues
+
+To report a security issue or vulnerability, submit a [private vulnerability report via GitHub](https://github.com/kubescape/kubescape/security/advisories/new) to the repository maintainers with a description of the issue, the steps you took to create the issue, affected versions, and, if known, mitigations for the issue.
+
+The maintainers will respond within 7 working days of your report. If the issue is confirmed as a vulnerability, we will open a Security Advisory and acknowledge your contributions as part of it. This project follows a 90 day disclosure timeline.
+
+Other contacts: cncf-kubescape-maintainers@lists.cncf.io
--- a/build.py
+++ b/build.py
@@ -5,7 +5,7 @@ import platform
 import subprocess
 import tarfile

-BASE_GETTER_CONST = "github.com/kubescape/kubescape/v2/core/cautils/getter"
+BASE_GETTER_CONST = "github.com/kubescape/kubescape/v3/core/cautils/getter"
 CURRENT_PLATFORM = platform.system()

 platformSuffixes = {
@@ -41,10 +41,10 @@ def main():

    # Set some variables
    package_name = get_package_name()
-    build_url = "github.com/kubescape/kubescape/v2/core/cautils.BuildNumber"
+    build_url = "github.com/kubescape/kubescape/v3/core/cautils.BuildNumber"
    release_version = os.getenv("RELEASE")

-    client_var = "github.com/kubescape/kubescape/v2/core/cautils.Client"
+    client_var = "github.com/kubescape/kubescape/v3/core/cautils.Client"
    client_name = os.getenv("CLIENT")

    # Create build directory
@@ -65,6 +65,9 @@ def main():
        ldflags += " -X {}={}".format(client_var, client_name)

    build_command = ["go", "build", "-buildmode=pie", "-tags=static,gitenabled", "-o", ks_file, "-ldflags" ,ldflags]
+    if CURRENT_PLATFORM == "Windows":
+        os.putenv("CGO_ENABLED", "0")
+        build_command = ["go", "build", "-o", ks_file, "-ldflags", ldflags]

    print("Building kubescape and saving here: {}".format(ks_file))
    print("Build command: {}".format(" ".join(build_command)))
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,39 +1,22 @@
-FROM golang:1.20-bullseye as builder
+FROM --platform=$BUILDPLATFORM golang:1.21-bullseye as builder
+
+ENV GO111MODULE=on CGO_ENABLED=0
+WORKDIR /work
+ARG TARGETOS TARGETARCH
+
+RUN --mount=target=. \
+    --mount=type=cache,target=/root/.cache/go-build \
+    --mount=type=cache,target=/go/pkg \
+    cd httphandler && GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/ksserver .
+
+FROM gcr.io/distroless/static-debian11:nonroot
+
+USER nonroot
+WORKDIR /home/nonroot/
+
+COPY --from=builder /out/ksserver /usr/bin/ksserver
+
 ARG image_version client
-ENV GO111MODULE=on CGO_ENABLED=1 PYTHONUNBUFFERED=1 RELEASE=$image_version CLIENT=$client
-
-# Install required python/pip
-RUN apt update
-RUN apt install -y cmake python3-pip
-RUN pip3 install --no-cache --upgrade pip setuptools
-
-WORKDIR /work
-ADD . .
-
-# install libgit2
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg \
-    make libgit2
-
-# build kubescape server
-WORKDIR /work/httphandler
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg \
-    python3 build.py
-RUN ls -ltr build/
-
-# build kubescape cmd
-WORKDIR /work
-RUN --mount=type=cache,target=/root/.cache/go-build \
-    --mount=type=cache,target=/go/pkg \
-    python3 build.py
-
-RUN /work/build/kubescape-ubuntu-latest download artifacts -o /work/artifacts
-
-FROM gcr.io/distroless/base-debian11:nonroot
-
-COPY --from=builder /work/artifacts/ /home/nonroot/.kubescape
-COPY --from=builder /work/httphandler/build/kubescape-ubuntu-latest /usr/bin/ksserver
-COPY --from=builder /work/build/kubescape-ubuntu-latest /usr/bin/kubescape
+ENV RELEASE=$image_version CLIENT=$client

 ENTRYPOINT ["ksserver"]
--- a/build/Dockerfile.dockerignore
+++ b/build/Dockerfile.dockerignore
@@ -0,0 +1,3 @@
+.git
+git2go
+kubescape*
--- a/build/README.md
+++ b/build/README.md
@@ -7,7 +7,13 @@
 git clone https://github.com/kubescape/kubescape.git kubescape && cd "$_"
 ```

-2. Build
+2. Build kubescape CLI Docker image
+```
+make all
+docker buildx build -t kubescape-cli -f build/kubescape-cli.Dockerfile --build-arg="ks_binary=kubescape" --load .
+```
+
+3. Build kubescape Docker image
+```
+docker buildx build -t kubescape -f build/Dockerfile --load .
 ```
-docker build -t kubescape -f build/Dockerfile .
-```
--- a/build/kubescape-cli.Dockerfile
+++ b/build/kubescape-cli.Dockerfile
@@ -0,0 +1,12 @@
+FROM gcr.io/distroless/base-debian11:debug-nonroot
+
+USER nonroot
+WORKDIR /home/nonroot/
+
+ARG image_version client TARGETARCH
+ENV RELEASE=$image_version CLIENT=$client
+
+COPY kubescape-${TARGETARCH}-ubuntu-latest /usr/bin/kubescape
+RUN ["kubescape", "download", "artifacts"]
+
+ENTRYPOINT ["kubescape"]
--- a/build/kubescape-cli.Dockerfile.dockerignore
+++ b/build/kubescape-cli.Dockerfile.dockerignore
@@ -0,0 +1,2 @@
+.git
+git2go
--- a/cmd/completion/completion.go
+++ b/cmd/completion/completion.go
@@ -5,7 +5,7 @@ import (
 	"os"
 	"strings"

-	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/spf13/cobra"
 )

@@ -29,6 +29,12 @@ func GetCompletionCmd() *cobra.Command {
 		ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
 		Args:                  cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
 		Run: func(cmd *cobra.Command, args []string) {
+			// Check if args array is not empty
+			if len(args) == 0 {
+				fmt.Println("No arguements provided.")
+				return
+			}
+
 			switch strings.ToLower(args[0]) {
 			case "bash":
 				cmd.Root().GenBashCompletion(os.Stdout)
@@ -38,6 +44,8 @@ func GetCompletionCmd() *cobra.Command {
 				cmd.Root().GenFishCompletion(os.Stdout, true)
 			case "powershell":
 				cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
+			default:
+				fmt.Printf("Invalid arguement %s", args[0])
 			}
 		},
 	}
--- a/cmd/completion/completion_test.go
+++ b/cmd/completion/completion_test.go
@@ -0,0 +1,187 @@
+package completion
+
+import (
+	"io"
+	"os"
+	"testing"
+
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+// Generates autocompletion script for valid shell types
+func TestGetCompletionCmd(t *testing.T) {
+	// Arrange
+	completionCmd := GetCompletionCmd()
+	assert.Equal(t, "completion [bash|zsh|fish|powershell]", completionCmd.Use)
+	assert.Equal(t, "Generate autocompletion script", completionCmd.Short)
+	assert.Equal(t, "To load completions", completionCmd.Long)
+	assert.Equal(t, completionCmdExamples, completionCmd.Example)
+	assert.Equal(t, true, completionCmd.DisableFlagsInUseLine)
+	assert.Equal(t, []string{"bash", "zsh", "fish", "powershell"}, completionCmd.ValidArgs)
+}
+
+func TestGetCompletionCmd_RunExpectedOutputs(t *testing.T) {
+	tests := []struct {
+		name string
+		args []string
+		want string
+	}{
+		{
+			name: "Unknown completion",
+			args: []string{"unknown"},
+			want: "Invalid arguement unknown",
+		},
+		{
+			name: "Empty arguements",
+			args: []string{},
+			want: "No arguements provided.\n",
+		},
+	}
+
+	completionCmd := GetCompletionCmd()
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			completionCmd.Run(&cobra.Command{}, tt.args)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestGetCompletionCmd_RunNotExpectedOutputs(t *testing.T) {
+	notExpectedOutput1 := "No arguments provided."
+	notExpectedOutput2 := "No arguments provided."
+
+	tests := []struct {
+		name string
+		args []string
+	}{
+		{
+			name: "Bash completion",
+			args: []string{"bash"},
+		},
+		{
+			name: "Zsh completion",
+			args: []string{"zsh"},
+		},
+		{
+			name: "Fish completion",
+			args: []string{"fish"},
+		},
+		{
+			name: "PowerShell completion",
+			args: []string{"powershell"},
+		},
+	}
+
+	completionCmd := GetCompletionCmd()
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			completionCmd.Run(&cobra.Command{}, tt.args)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.NotEqual(t, notExpectedOutput1, string(got))
+			assert.NotEqual(t, notExpectedOutput2, string(got))
+		})
+	}
+}
+
+func TestGetCompletionCmd_RunBashCompletionNotExpectedOutputs(t *testing.T) {
+	notExpectedOutput1 := "Unexpected output for bash completion test 1."
+	notExpectedOutput2 := "Unexpected output for bash completion test 2."
+
+	// Redirect stdout to a buffer
+	rescueStdout := os.Stdout
+	r, w, _ := os.Pipe()
+	os.Stdout = w
+
+	completionCmd := GetCompletionCmd()
+	completionCmd.Run(&cobra.Command{}, []string{"bash"})
+
+	w.Close()
+	got, _ := io.ReadAll(r)
+	os.Stdout = rescueStdout
+
+	assert.NotEqual(t, notExpectedOutput1, string(got))
+	assert.NotEqual(t, notExpectedOutput2, string(got))
+}
+
+func TestGetCompletionCmd_RunZshCompletionNotExpectedOutputs(t *testing.T) {
+	notExpectedOutput1 := "Unexpected output for zsh completion test 1."
+	notExpectedOutput2 := "Unexpected output for zsh completion test 2."
+
+	// Redirect stdout to a buffer
+	rescueStdout := os.Stdout
+	r, w, _ := os.Pipe()
+	os.Stdout = w
+
+	completionCmd := GetCompletionCmd()
+	completionCmd.Run(&cobra.Command{}, []string{"zsh"})
+
+	w.Close()
+	got, _ := io.ReadAll(r)
+	os.Stdout = rescueStdout
+
+	assert.NotEqual(t, notExpectedOutput1, string(got))
+	assert.NotEqual(t, notExpectedOutput2, string(got))
+}
+
+func TestGetCompletionCmd_RunFishCompletionNotExpectedOutputs(t *testing.T) {
+	notExpectedOutput1 := "Unexpected output for fish completion test 1."
+	notExpectedOutput2 := "Unexpected output for fish completion test 2."
+
+	// Redirect stdout to a buffer
+	rescueStdout := os.Stdout
+	r, w, _ := os.Pipe()
+	os.Stdout = w
+
+	completionCmd := GetCompletionCmd()
+	completionCmd.Run(&cobra.Command{}, []string{"fish"})
+
+	w.Close()
+	got, _ := io.ReadAll(r)
+	os.Stdout = rescueStdout
+
+	assert.NotEqual(t, notExpectedOutput1, string(got))
+	assert.NotEqual(t, notExpectedOutput2, string(got))
+}
+
+func TestGetCompletionCmd_RunPowerShellCompletionNotExpectedOutputs(t *testing.T) {
+	notExpectedOutput1 := "Unexpected output for powershell completion test 1."
+	notExpectedOutput2 := "Unexpected output for powershell completion test 2."
+
+	// Redirect stdout to a buffer
+	rescueStdout := os.Stdout
+	r, w, _ := os.Pipe()
+	os.Stdout = w
+
+	completionCmd := GetCompletionCmd()
+	completionCmd.Run(&cobra.Command{}, []string{"powershell"})
+
+	w.Close()
+	got, _ := io.ReadAll(r)
+	os.Stdout = rescueStdout
+
+	assert.NotEqual(t, notExpectedOutput1, string(got))
+	assert.NotEqual(t, notExpectedOutput2, string(got))
+}
--- a/cmd/config/config.go
+++ b/cmd/config/config.go
@@ -3,8 +3,8 @@ package config
 import (
 	"fmt"

-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"
 	"github.com/spf13/cobra"
 )

@@ -23,14 +23,8 @@ var (
  # Set account id
  %[1]s config set accountID <account id>

-  # Set client id
-  %[1]s config set clientID <client id> 
-
-  # Set access key
-  %[1]s config set secretKey <access key>
-
-  # Set cloudAPIURL
-  %[1]s config set cloudAPIURL <cloud API URL>
+  # Set cloud report URL
+  %[1]s config set cloudReportURL <cloud Report URL>
 `, cautils.ExecName())
 )

--- a/cmd/config/config_test.go
+++ b/cmd/config/config_test.go
@@ -0,0 +1,44 @@
+package config
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetConfigCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetConfigCmd function
+	configCmd := GetConfigCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "config", configCmd.Use)
+	assert.Equal(t, "Handle cached configurations", configCmd.Short)
+	assert.Equal(t, configExample, configCmd.Example)
+
+	// Verify that the subcommands are added correctly
+	assert.Equal(t, 3, len(configCmd.Commands()))
+
+	for _, subcmd := range configCmd.Commands() {
+		switch subcmd.Name() {
+		case "delete":
+			// Verify that the delete subcommand is added correctly
+			assert.Equal(t, "delete", subcmd.Use)
+			assert.Equal(t, "Delete cached configurations", subcmd.Short)
+		case "set":
+			// Verify that the set subcommand is added correctly
+			assert.Equal(t, "set", subcmd.Use)
+			assert.Equal(t, "Set configurations, supported: "+strings.Join(stringKeysToSlice(supportConfigSet), "/"), subcmd.Short)
+		case "view":
+			// Verify that the view subcommand is added correctly
+			assert.Equal(t, "view", subcmd.Use)
+			assert.Equal(t, "View cached configurations", subcmd.Short)
+		default:
+			t.Errorf("Unexpected subcommand name: %s", subcmd.Name())
+		}
+	}
+}
--- a/cmd/config/delete.go
+++ b/cmd/config/delete.go
@@ -4,8 +4,8 @@ import (
 	"context"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

--- a/cmd/config/delete_test.go
+++ b/cmd/config/delete_test.go
@@ -0,0 +1,21 @@
+package config
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetDeleteCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetConfigCmd function
+	configCmd := getDeleteCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "delete", configCmd.Use)
+	assert.Equal(t, "Delete cached configurations", configCmd.Short)
+	assert.Equal(t, "", configCmd.Long)
+}
--- a/cmd/config/set.go
+++ b/cmd/config/set.go
@@ -2,11 +2,12 @@ package config

 import (
 	"fmt"
+	"sort"
 	"strings"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

@@ -33,20 +34,23 @@ func getSetCmd(ks meta.IKubescape) *cobra.Command {
 }

 var supportConfigSet = map[string]func(*metav1.SetConfig, string){
+	"accessKey":      func(s *metav1.SetConfig, accessKey string) { s.AccessKey = accessKey },
 	"accountID":      func(s *metav1.SetConfig, account string) { s.Account = account },
-	"clientID":       func(s *metav1.SetConfig, clientID string) { s.ClientID = clientID },
-	"secretKey":      func(s *metav1.SetConfig, secretKey string) { s.SecretKey = secretKey },
 	"cloudAPIURL":    func(s *metav1.SetConfig, cloudAPIURL string) { s.CloudAPIURL = cloudAPIURL },
-	"cloudAuthURL":   func(s *metav1.SetConfig, cloudAuthURL string) { s.CloudAuthURL = cloudAuthURL },
 	"cloudReportURL": func(s *metav1.SetConfig, cloudReportURL string) { s.CloudReportURL = cloudReportURL },
-	"cloudUIURL":     func(s *metav1.SetConfig, cloudUIURL string) { s.CloudUIURL = cloudUIURL },
 }

 func stringKeysToSlice(m map[string]func(*metav1.SetConfig, string)) []string {
-	l := []string{}
-	for i := range m {
-		l = append(l, i)
+	keys := []string{}
+	for key := range m {
+		keys = append(keys, key)
 	}
+
+	// Sort the keys of the map
+	sort.Strings(keys)
+
+	l := []string{}
+	l = append(l, keys...)
 	return l
 }

--- a/cmd/config/set_test.go
+++ b/cmd/config/set_test.go
@@ -0,0 +1,81 @@
+package config
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetSetCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetConfigCmd function
+	configSetCmd := getSetCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "set", configSetCmd.Use)
+	assert.Equal(t, "Set configurations, supported: "+strings.Join(stringKeysToSlice(supportConfigSet), "/"), configSetCmd.Short)
+	assert.Equal(t, setConfigExample, configSetCmd.Example)
+	assert.Equal(t, stringKeysToSlice(supportConfigSet), configSetCmd.ValidArgs)
+
+	err := configSetCmd.RunE(&cobra.Command{}, []string{"accountID=value1"})
+	assert.Nil(t, err)
+
+	err = configSetCmd.RunE(&cobra.Command{}, []string{})
+	expectedErrorMessage := "key '' unknown . supported: accessKey/accountID/cloudAPIURL/cloudReportURL"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
+
+// Should return a slice of keys when given a non-empty map
+func TestStringKeysToSlice(t *testing.T) {
+	m := map[string]func(*metav1.SetConfig, string){
+		"key1": nil,
+		"key2": nil,
+		"key3": nil,
+	}
+	result := stringKeysToSlice(m)
+	expected := []string{"key1", "key2", "key3"}
+	assert.ElementsMatch(t, expected, result)
+}
+
+func TestParseSetArgs_InvalidFormat(t *testing.T) {
+	args := []string{"key"}
+	setConfig, err := parseSetArgs(args)
+	assert.Equal(t, "", setConfig.Account)
+	assert.Equal(t, "", setConfig.AccessKey)
+	assert.Equal(t, "", setConfig.CloudReportURL)
+	assert.Equal(t, "", setConfig.CloudAPIURL)
+
+	expectedErrorMessage := fmt.Sprintf("key '' unknown . supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/"))
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
+
+func TestParseSetArgs_AccessKey(t *testing.T) {
+	args := []string{"accessKey", "value1"}
+	setConfig, _ := parseSetArgs(args)
+	assert.Equal(t, "", setConfig.Account)
+	assert.Equal(t, "value1", setConfig.AccessKey)
+	assert.Equal(t, "", setConfig.CloudReportURL)
+	assert.Equal(t, "", setConfig.CloudAPIURL)
+}
+
+func TestParseSetArgs_Single(t *testing.T) {
+	args := []string{"accountID=value1"}
+	setConfig, _ := parseSetArgs(args)
+	assert.Equal(t, "value1", setConfig.Account)
+	assert.Equal(t, "", setConfig.AccessKey)
+	assert.Equal(t, "", setConfig.CloudReportURL)
+	assert.Equal(t, "", setConfig.CloudAPIURL)
+}
+
+func TestParseSetArgs_InvalidKey(t *testing.T) {
+	args := []string{"invalidKey=value1"}
+	_, err := parseSetArgs(args)
+	assert.Equal(t, "key 'invalidKey' unknown . supported: accessKey/accountID/cloudAPIURL/cloudReportURL", err.Error())
+}
--- a/cmd/config/view.go
+++ b/cmd/config/view.go
@@ -4,8 +4,8 @@ import (
 	"os"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

--- a/cmd/config/view_test.go
+++ b/cmd/config/view_test.go
@@ -0,0 +1,21 @@
+package config
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetViewCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetConfigCmd function
+	configCmd := getViewCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "view", configCmd.Use)
+	assert.Equal(t, "View cached configurations", configCmd.Short)
+	assert.Equal(t, "", configCmd.Long)
+}
--- a/cmd/delete/delete.go
+++ b/cmd/delete/delete.go
@@ -1,37 +0,0 @@
-package delete
-
-import (
-	"fmt"
-
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
-	"github.com/spf13/cobra"
-)
-
-var deleteExceptionsExamples = fmt.Sprintf(`
-  # Delete single exception
-  %[1]s delete exceptions "exception name"
-
-  # Delete multiple exceptions
-  %[1]s delete exceptions "first exception;second exception;third exception"
-`, cautils.ExecName())
-
-func GetDeleteCmd(ks meta.IKubescape) *cobra.Command {
-	var deleteInfo v1.Delete
-
-	var deleteCmd = &cobra.Command{
-		Use:   "delete <command>",
-		Short: "Delete configurations in Kubescape SaaS version",
-		Long:  ``,
-		Run: func(cmd *cobra.Command, args []string) {
-		},
-	}
-	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
-	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
-	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
-
-	deleteCmd.AddCommand(getExceptionsCmd(ks, &deleteInfo))
-
-	return deleteCmd
-}
--- a/cmd/delete/exceptions.go
+++ b/cmd/delete/exceptions.go
@@ -1,47 +0,0 @@
-package delete
-
-import (
-	"fmt"
-	"strings"
-
-	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
-	"github.com/spf13/cobra"
-)
-
-func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command {
-	return &cobra.Command{
-		Use:     "exceptions <exception name>",
-		Short:   fmt.Sprintf("Delete exceptions from Kubescape SaaS version. Run '%[1]s list exceptions' for all exceptions names", cautils.ExecName()),
-		Example: deleteExceptionsExamples,
-		Args: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 1 {
-				return fmt.Errorf("missing exceptions names")
-			}
-			return nil
-		},
-		Run: func(cmd *cobra.Command, args []string) {
-
-			if err := flagValidationDelete(deleteInfo); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-
-			exceptionsNames := strings.Split(args[0], ";")
-			if len(exceptionsNames) == 0 {
-				logger.L().Fatal("missing exceptions names")
-			}
-			if err := ks.DeleteExceptions(&v1.DeleteExceptions{Credentials: deleteInfo.Credentials, Exceptions: exceptionsNames}); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-		},
-	}
-}
-
-// Check if the flag entered are valid
-func flagValidationDelete(deleteInfo *v1.Delete) error {
-
-	// Validate the user's credentials
-	return deleteInfo.Credentials.Validate()
-}
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -7,10 +7,10 @@ import (
 	"strings"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/core"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/core"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 	"golang.org/x/exp/slices"
 )
@@ -37,9 +37,6 @@ var (

  # Download the configured controls-inputs 
  %[1]s download controls-inputs 
-
-  # Download the attack tracks
-  %[1]s download attack-tracks
 `, cautils.ExecName())
 )

@@ -70,6 +67,11 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 			if filepath.Ext(downloadInfo.Path) == ".json" {
 				downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
 			}
+
+			if len(args) == 0 {
+				return fmt.Errorf("no arguements provided")
+			}
+
 			downloadInfo.Target = args[0]
 			if len(args) >= 2 {

@@ -83,9 +85,8 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 		},
 	}

-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.AccountID, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.AccessKey, "access-key", "", "", "Kubescape SaaS access key. Default will load access key from cache")
 	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")

 	return downloadCmd
@@ -95,5 +96,5 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 func flagValidationDownload(downloadInfo *v1.DownloadInfo) error {

 	// Validate the user's credentials
-	return downloadInfo.Credentials.Validate()
+	return cautils.ValidateAccountID(downloadInfo.AccountID)
 }
--- a/cmd/download/download_test.go
+++ b/cmd/download/download_test.go
@@ -0,0 +1,102 @@
+package download
+
+import (
+	"fmt"
+	"strings"
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/core"
+	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetViewCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetConfigCmd function
+	configCmd := GetDownloadCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "download <policy> <policy name>", configCmd.Use)
+	assert.Equal(t, fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")), configCmd.Short)
+	assert.Equal(t, "", configCmd.Long)
+	assert.Equal(t, downloadExample, configCmd.Example)
+}
+
+func TestGetViewCmd_Args(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetConfigCmd function
+	downloadCmd := GetDownloadCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "download <policy> <policy name>", downloadCmd.Use)
+	assert.Equal(t, fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")), downloadCmd.Short)
+	assert.Equal(t, "", downloadCmd.Long)
+	assert.Equal(t, downloadExample, downloadCmd.Example)
+
+	err := downloadCmd.RunE(&cobra.Command{}, []string{})
+	expectedErrorMessage := "no arguements provided"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = downloadCmd.RunE(&cobra.Command{}, []string{"config"})
+	assert.Nil(t, err)
+
+	err = downloadCmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage = "policy type required, supported: artifacts,attack-tracks,control,controls-inputs,exceptions,framework"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = downloadCmd.Args(&cobra.Command{}, []string{"invalid"})
+	expectedErrorMessage = "invalid parameter 'invalid'. Supported parameters: artifacts,attack-tracks,control,controls-inputs,exceptions,framework"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = downloadCmd.Args(&cobra.Command{}, []string{"attack-tracks"})
+	assert.Nil(t, err)
+
+	err = downloadCmd.Args(&cobra.Command{}, []string{"control", "random.json"})
+	assert.Nil(t, err)
+
+	err = downloadCmd.Args(&cobra.Command{}, []string{"control", "C-0001"})
+	assert.Nil(t, err)
+
+	err = downloadCmd.Args(&cobra.Command{}, []string{"control", "C-0001", "C-0002"})
+	assert.Nil(t, err)
+
+	err = downloadCmd.RunE(&cobra.Command{}, []string{"control", "C-0001", "C-0002"})
+	assert.Nil(t, err)
+}
+
+func TestFlagValidationDownload_NoError(t *testing.T) {
+	downloadInfo := v1.DownloadInfo{
+		AccessKey: "",
+		AccountID: "",
+	}
+	assert.Equal(t, nil, flagValidationDownload(&downloadInfo))
+}
+
+func TestFlagValidationDownload_Error(t *testing.T) {
+	tests := []struct {
+		downloadInfo v1.DownloadInfo
+	}{
+		{
+			downloadInfo: v1.DownloadInfo{
+				AccountID: "12345678",
+			},
+		},
+		{
+			downloadInfo: v1.DownloadInfo{
+				AccountID: "New",
+			},
+		},
+	}
+	want := "bad argument: accound ID must be a valid UUID"
+	for _, tt := range tests {
+		t.Run(tt.downloadInfo.AccountID, func(t *testing.T) {
+			assert.Equal(t, want, flagValidationDownload(&tt.downloadInfo).Error())
+		})
+	}
+}
--- a/cmd/fix/fix.go
+++ b/cmd/fix/fix.go
@@ -5,9 +5,9 @@ import (
 	"errors"
 	"fmt"

-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"

 	"github.com/spf13/cobra"
 )
@@ -27,7 +27,7 @@ func GetFixCmd(ks meta.IKubescape) *cobra.Command {

 	fixCmd := &cobra.Command{
 		Use:     "fix <report output file>",
-		Short:   "Fix misconfiguration in files",
+		Short:   "Propose a fix for the misconfiguration found when scanning Kubernetes manifest files",
 		Long:    ``,
 		Example: fixCmdExamples,
 		RunE: func(cmd *cobra.Command, args []string) error {
--- a/cmd/fix/fix_test.go
+++ b/cmd/fix/fix_test.go
@@ -0,0 +1,30 @@
+package fix
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetFixCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetFixCmd function
+	fixCmd := GetFixCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "fix <report output file>", fixCmd.Use)
+	assert.Equal(t, "Propose a fix for the misconfiguration found when scanning Kubernetes manifest files", fixCmd.Short)
+	assert.Equal(t, "", fixCmd.Long)
+	assert.Equal(t, fixCmdExamples, fixCmd.Example)
+
+	err := fixCmd.RunE(&cobra.Command{}, []string{})
+	expectedErrorMessage := "report output file is required"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = fixCmd.RunE(&cobra.Command{}, []string{"random-file.json"})
+	assert.Nil(t, err)
+}
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -2,14 +2,15 @@ package list

 import (
 	"context"
+	"errors"
 	"fmt"
 	"strings"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/core"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/core"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 	"golang.org/x/exp/slices"
 )
@@ -55,6 +56,10 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 				return err
 			}

+			if len(args) < 1 {
+				return errors.New("no arguements provided")
+			}
+
 			listPolicies.Target = args[0]

 			if err := ks.List(context.TODO(), &listPolicies); err != nil {
@@ -63,7 +68,8 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 			return nil
 		},
 	}
-	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.AccountID, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.AccessKey, "access-key", "", "", "Kubescape SaaS access key. Default will load access key from cache")
 	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-print'/'json'")
 	listCmd.PersistentFlags().MarkDeprecated("id", "Control ID's are included in list outputs")

@@ -74,5 +80,5 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 func flagValidationList(listPolicies *v1.ListPolicies) error {

 	// Validate the user's credentials
-	return listPolicies.Credentials.Validate()
+	return cautils.ValidateAccountID(listPolicies.AccountID)
 }
--- a/cmd/list/list_test.go
+++ b/cmd/list/list_test.go
@@ -0,0 +1,44 @@
+package list
+
+import (
+	"strings"
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/core"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetListCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetListCmd function
+	listCmd := GetListCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "list <policy> [flags]", listCmd.Use)
+	assert.Equal(t, "List frameworks/controls will list the supported frameworks and controls", listCmd.Short)
+	assert.Equal(t, "", listCmd.Long)
+	assert.Equal(t, listExample, listCmd.Example)
+	supported := strings.Join(core.ListSupportActions(), ",")
+
+	err := listCmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage := "policy type requeued, supported: " + supported
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = listCmd.Args(&cobra.Command{}, []string{"not-frameworks"})
+	expectedErrorMessage = "invalid parameter 'not-frameworks'. Supported parameters: " + supported
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = listCmd.Args(&cobra.Command{}, []string{"frameworks"})
+	assert.Nil(t, err)
+
+	err = listCmd.RunE(&cobra.Command{}, []string{})
+	expectedErrorMessage = "no arguements provided"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = listCmd.RunE(&cobra.Command{}, []string{"some-value"})
+	assert.Nil(t, err)
+}
--- a/cmd/operator/configscan.go
+++ b/cmd/operator/configscan.go
@@ -0,0 +1,56 @@
+package operator
+
+import (
+	"fmt"
+
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/core"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	"github.com/spf13/cobra"
+)
+
+var operatorScanConfigExamples = fmt.Sprintf(`
+  
+  # Run a configuration scan
+  %[1]s operator scan configurations
+
+`, cautils.ExecName())
+
+func getOperatorScanConfigCmd(ks meta.IKubescape, operatorInfo cautils.OperatorInfo) *cobra.Command {
+	configCmd := &cobra.Command{
+		Use:     "configurations",
+		Short:   "Trigger configuration scanning from the Kubescape Operator microservice",
+		Long:    ``,
+		Example: operatorScanConfigExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "config")
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			operatorAdapter, err := core.NewOperatorAdapter(operatorInfo.OperatorScanInfo, operatorInfo.Namespace)
+			if err != nil {
+				return err
+			}
+			logger.L().Start("Kubescape Operator Triggering for configuration scanning")
+			_, err = operatorAdapter.OperatorScan()
+			if err != nil {
+				logger.L().StopError("Failed to triggering Kubescape Operator for configuration scanning", helpers.Error(err))
+				return err
+			}
+			logger.L().StopSuccess("Triggered Kubescape Operator for configuration scanning")
+			return nil
+		},
+	}
+
+	configScanInfo := &cautils.ConfigScanInfo{}
+	operatorInfo.OperatorScanInfo = configScanInfo
+
+	configCmd.PersistentFlags().StringSliceVar(&configScanInfo.IncludedNamespaces, "include-namespaces", nil, "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
+	configCmd.PersistentFlags().StringSliceVar(&configScanInfo.ExcludedNamespaces, "exclude-namespaces", nil, "Namespaces to exclude from scanning. e.g: --exclude-namespaces ns-a,ns-b. Notice, when running with `exclude-namespace` kubescape does not scan cluster-scoped objects.")
+	configCmd.PersistentFlags().StringSliceVar(&configScanInfo.Frameworks, "frameworks", nil, "Load frameworks for configuration scanning")
+	configCmd.PersistentFlags().BoolVarP(&configScanInfo.HostScanner, "enable-host-scan", "", false, "Deploy Kubescape host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/kubescape/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
+
+	return configCmd
+}
--- a/cmd/operator/configscan_test.go
+++ b/cmd/operator/configscan_test.go
@@ -0,0 +1,32 @@
+package operator
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetOperatorScanConfigCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	operatorInfo := cautils.OperatorInfo{
+		Namespace: "namespace",
+	}
+
+	cmd := getOperatorScanConfigCmd(mockKubescape, operatorInfo)
+
+	// Verify the command name and short description
+	assert.Equal(t, "configurations", cmd.Use)
+	assert.Equal(t, "Trigger configuration scanning from the Kubescape Operator microservice", cmd.Short)
+	assert.Equal(t, "", cmd.Long)
+	assert.Equal(t, operatorScanConfigExamples, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	assert.Nil(t, err)
+
+	err = cmd.Args(&cobra.Command{}, []string{"configurations"})
+	assert.Nil(t, err)
+}
--- a/cmd/operator/operator.go
+++ b/cmd/operator/operator.go
@@ -0,0 +1,56 @@
+package operator
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"
+
+	"github.com/spf13/cobra"
+)
+
+const (
+	scanSubCommand string = "scan"
+)
+
+var operatorExamples = fmt.Sprintf(`
+  
+  # Trigger a configuration scan
+  %[1]s operator scan configurations
+
+  # Trigger a vulnerabilities scan
+  %[1]s operator scan vulnerabilities
+
+`, cautils.ExecName())
+
+func GetOperatorCmd(ks meta.IKubescape) *cobra.Command {
+	var operatorInfo cautils.OperatorInfo
+
+	operatorCmd := &cobra.Command{
+		Use:     "operator",
+		Short:   "The operator is used to communicate with the Kubescape Operator within the cluster components.",
+		Long:    ``,
+		Example: operatorExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "operator")
+			if len(args) < 2 {
+				return errors.New("For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above.")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) < 2 {
+				return errors.New("For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above.")
+			}
+			if args[0] != scanSubCommand {
+				return errors.New(fmt.Sprintf("For the operator sub-command, only %s is supported. Refer to the examples above.", scanSubCommand))
+			}
+			return nil
+		},
+	}
+
+	operatorCmd.AddCommand(getOperatorScanCmd(ks, operatorInfo))
+
+	return operatorCmd
+}
--- a/cmd/operator/operator_test.go
+++ b/cmd/operator/operator_test.go
@@ -0,0 +1,42 @@
+package operator
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetOperatorCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	cmd := GetOperatorCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "operator", cmd.Use)
+	assert.Equal(t, "The operator is used to communicate with the Kubescape Operator within the cluster components.", cmd.Short)
+	assert.Equal(t, "", cmd.Long)
+	assert.Equal(t, operatorExamples, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage := "For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above."
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.Args(&cobra.Command{}, []string{"scan", "configurations"})
+	assert.Nil(t, err)
+
+	err = cmd.RunE(&cobra.Command{}, []string{})
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.RunE(&cobra.Command{}, []string{"scan", "configurations"})
+	assert.Nil(t, err)
+
+	err = cmd.RunE(&cobra.Command{}, []string{"scan"})
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.RunE(&cobra.Command{}, []string{"random-subcommand", "random-config"})
+	expectedErrorMessage = "For the operator sub-command, only " + scanSubCommand + " is supported. Refer to the examples above."
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
--- a/cmd/operator/scan.go
+++ b/cmd/operator/scan.go
@@ -0,0 +1,46 @@
+package operator
+
+import (
+	"errors"
+	"fmt"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	"github.com/spf13/cobra"
+)
+
+const (
+	vulnerabilitiesSubCommand string = "vulnerabilities"
+	configurationsSubCommand  string = "configurations"
+)
+
+func getOperatorScanCmd(ks meta.IKubescape, operatorInfo cautils.OperatorInfo) *cobra.Command {
+	operatorCmd := &cobra.Command{
+		Use:     "scan",
+		Short:   "Scan your cluster using the Kubescape-operator within the cluster components",
+		Long:    ``,
+		Example: operatorExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "scan")
+			if len(args) < 1 {
+				return errors.New("for operator scan sub command, you must pass at least 1 more sub commands, see above examples")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) < 1 {
+				return errors.New("for operator scan sub command, you must pass at least 1 more sub commands, see above examples")
+			}
+			if (args[0] != vulnerabilitiesSubCommand) && (args[0] != configurationsSubCommand) {
+				return errors.New(fmt.Sprintf("For the operator sub-command, only %s and %s are supported. Refer to the examples above.", vulnerabilitiesSubCommand, configurationsSubCommand))
+			}
+			return nil
+		},
+	}
+
+	operatorCmd.PersistentFlags().StringVar(&operatorInfo.Namespace, "namespace", "kubescape", "namespace of the Kubescape Operator")
+	operatorCmd.AddCommand(getOperatorScanConfigCmd(ks, operatorInfo))
+	operatorCmd.AddCommand(getOperatorScanVulnerabilitiesCmd(ks, operatorInfo))
+
+	return operatorCmd
+}
--- a/cmd/operator/scan_test.go
+++ b/cmd/operator/scan_test.go
@@ -0,0 +1,46 @@
+package operator
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetOperatorScanCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	operatorInfo := cautils.OperatorInfo{
+		Namespace: "namespace",
+	}
+
+	cmd := getOperatorScanCmd(mockKubescape, operatorInfo)
+
+	// Verify the command name and short description
+	assert.Equal(t, "scan", cmd.Use)
+	assert.Equal(t, "Scan your cluster using the Kubescape-operator within the cluster components", cmd.Short)
+	assert.Equal(t, "", cmd.Long)
+	assert.Equal(t, operatorExamples, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage := "for operator scan sub command, you must pass at least 1 more sub commands, see above examples"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.Args(&cobra.Command{}, []string{"operator"})
+	assert.Nil(t, err)
+
+	err = cmd.RunE(&cobra.Command{}, []string{})
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.RunE(&cobra.Command{}, []string{"configurations"})
+	assert.Nil(t, err)
+
+	err = cmd.RunE(&cobra.Command{}, []string{"vulnerabilities"})
+	assert.Nil(t, err)
+
+	err = cmd.RunE(&cobra.Command{}, []string{"random"})
+	expectedErrorMessage = "For the operator sub-command, only " + vulnerabilitiesSubCommand + " and " + configurationsSubCommand + " are supported. Refer to the examples above."
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
--- a/cmd/operator/vulnerabilitiesscan.go
+++ b/cmd/operator/vulnerabilitiesscan.go
@@ -0,0 +1,56 @@
+package operator
+
+import (
+	"fmt"
+
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/core"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	"github.com/spf13/cobra"
+)
+
+var operatorScanVulnerabilitiesExamples = fmt.Sprintf(`
+
+  # Trigger a vulnerabilities scan
+  %[1]s operator scan vulnerabilities
+
+`, cautils.ExecName())
+
+func getOperatorScanVulnerabilitiesCmd(ks meta.IKubescape, operatorInfo cautils.OperatorInfo) *cobra.Command {
+	configCmd := &cobra.Command{
+		Use:     "vulnerabilities",
+		Short:   "Vulnerabilities use for scan your cluster vulnerabilities using Kubescape operator in the in cluster components",
+		Long:    ``,
+		Example: operatorScanVulnerabilitiesExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "vulnerabilities")
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			operatorAdapter, err := core.NewOperatorAdapter(operatorInfo.OperatorScanInfo, operatorInfo.Namespace)
+			if err != nil {
+				return err
+			}
+			logger.L().Start("Triggering the Kubescape Operator for vulnerability scanning")
+			_, err = operatorAdapter.OperatorScan()
+			if err != nil {
+				logger.L().StopError("Failed to trigger the Kubescape Operator for vulnerability scanning", helpers.Error(err))
+				return err
+			}
+			logger.L().StopSuccess("Triggered Kubescape Operator for vulnerability scanning. View the scanning results once they are ready using the following command: \"kubectl get vulnerabilitysummaries\"")
+			return err
+		},
+	}
+
+	vulnerabilitiesScanInfo := &cautils.VulnerabilitiesScanInfo{
+		ClusterName: k8sinterface.GetContextName(),
+	}
+	operatorInfo.OperatorScanInfo = vulnerabilitiesScanInfo
+
+	configCmd.PersistentFlags().StringSliceVar(&vulnerabilitiesScanInfo.IncludeNamespaces, "include-namespaces", nil, "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
+
+	return configCmd
+}
--- a/cmd/operator/vulnerabilitiesscan_test.go
+++ b/cmd/operator/vulnerabilitiesscan_test.go
@@ -0,0 +1,29 @@
+package operator
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetOperatorScanVulnerabilitiesCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	operatorInfo := cautils.OperatorInfo{
+		Namespace: "namespace",
+	}
+
+	cmd := getOperatorScanVulnerabilitiesCmd(mockKubescape, operatorInfo)
+
+	// Verify the command name and short description
+	assert.Equal(t, "vulnerabilities", cmd.Use)
+	assert.Equal(t, "Vulnerabilities use for scan your cluster vulnerabilities using Kubescape operator in the in cluster components", cmd.Short)
+	assert.Equal(t, "", cmd.Long)
+	assert.Equal(t, operatorScanVulnerabilitiesExamples, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{"random-arg"})
+	assert.Nil(t, err)
+}
--- a/cmd/patch/README.md
+++ b/cmd/patch/README.md
@@ -0,0 +1,141 @@
+# Patch Command
+
+The patch command is used for patching container images with vulnerabilities.  
+It uses [copa](https://github.com/project-copacetic/copacetic) and [buildkit](https://github.com/moby/buildkit) under the hood for patching the container images, and [grype](https://github.com/anchore/grype) as the engine for scanning the images (at the moment).
+
+## Usage
+
+```bash
+kubescape patch --image <image-name> [flags]
+```
+
+The patch command can be run in 2 ways:
+1. **With sudo privileges**
+
+    You will need to start `buildkitd` if it is not already running
+
+    ```bash
+    sudo buildkitd & 
+    sudo kubescape patch --image <image-name>
+    ```
+
+2. **Without sudo privileges**
+   ```bash
+    export BUILDKIT_VERSION=v0.11.4
+    export BUILDKIT_PORT=8888
+
+    docker run \
+        --detach \
+        --rm \
+        --privileged \
+        -p 127.0.0.1:$BUILDKIT_PORT:$BUILDKIT_PORT/tcp \
+        --name buildkitd \
+        --entrypoint buildkitd \
+        "moby/buildkit:$BUILDKIT_VERSION" \
+        --addr tcp://0.0.0.0:$BUILDKIT_PORT
+
+    kubescape patch \
+        -i <image-name> \
+        -a tcp://0.0.0.0:$BUILDKIT_PORT
+   ```
+
+### Flags
+
+| Flag           | Description                                            | Required | Default                             |
+| -------------- | ------------------------------------------------------ | -------- | ----------------------------------- |
+| -i, --image    | Image name to be patched (should be in canonical form) | Yes      |                                     |
+| -a, --addr     | Address of the buildkitd service                       | No       | unix:///run/buildkit/buildkitd.sock |
+| -t, --tag      | Tag of the resultant patched image                     | No       | image_name-patched                  |
+| --timeout      | Timeout for the patching process                       | No       | 5m                                  |
+| -u, --username | Username for the image registry login                  | No       |                                     |
+| -p, --password | Password for the image registry login                  | No       |                                     |
+| -f, --format   | Output file format.                                    | No       |                                     |
+| -o, --output   | Output file. Print output to file and not stdout       | No       |                                     |
+| -v, --verbose  | Display full report. Default to false                  | No       |                                     |
+| -h, --help     | help for patch                                         | No       |                                     |
+
+
+## Example
+
+We will demonstrate how to use the patch command with an example of [nginx](https://www.nginx.com/) image.
+
+### Pre-requisites
+
+- [docker](https://docs.docker.com/desktop/install/linux-install/#generic-installation-steps) daemon must be installed and running.
+- [buildkit](https://github.com/moby/buildkit) daemon must be installed
+    
+### Steps
+
+1. Run `buildkitd` service:
+
+    ```bash
+    sudo buildkitd
+    ```
+
+2. In a seperate terminal, run the `kubescape patch` command: 
+    
+    ```bash
+    sudo kubescape patch --image docker.io/library/nginx:1.22
+    ```
+
+3. You will get an output like below:
+
+    ```bash
+    ✅  Successfully scanned image: docker.io/library/nginx:1.22
+    ✅  Patched image successfully. Loaded image: nginx:1.22-patched
+    ✅  Successfully re-scanned image: nginx:1.22-patched
+
+    | Severity | Vulnerability  | Component     | Version                 | Fixed In |
+    | -------- | -------------- | ------------- | ----------------------- | -------- |
+    | Critical | CVE-2023-23914 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
+    | Critical | CVE-2019-8457  | libdb5.3      | 5.3.28+dfsg1-0.8        | wont-fix |
+    | High     | CVE-2022-42916 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2022-1304  | libext2fs2    | 1.46.2-2                | wont-fix |
+    | High     | CVE-2022-42916 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2022-1304  | e2fsprogs     | 1.46.2-2                | wont-fix |
+    | High     | CVE-2022-1304  | libcom-err2   | 1.46.2-2                | wont-fix |
+    | High     | CVE-2023-27533 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2023-27534 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2023-27533 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2022-43551 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2022-3715  | bash          | 5.1-2+deb11u1           | wont-fix |
+    | High     | CVE-2023-27534 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2022-43551 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
+    | High     | CVE-2021-33560 | libgcrypt20   | 1.8.7-6                 | wont-fix |
+    | High     | CVE-2023-2953  | libldap-2.4-2 | 2.4.57+dfsg-3+deb11u1   | wont-fix |
+    | High     | CVE-2022-1304  | libss2        | 1.46.2-2                | wont-fix |
+    | High     | CVE-2020-22218 | libssh2-1     | 1.9.0-2                 | wont-fix |
+    | High     | CVE-2023-29491 | libtinfo6     | 6.2+20201114-2+deb11u1  | wont-fix |
+    | High     | CVE-2022-2309  | libxml2       | 2.9.10+dfsg-6.7+deb11u4 | wont-fix |
+    | High     | CVE-2022-4899  | libzstd1      | 1.4.8+dfsg-2.1          | wont-fix |
+    | High     | CVE-2022-1304  | logsave       | 1.46.2-2                | wont-fix |
+    | High     | CVE-2023-29491 | ncurses-base  | 6.2+20201114-2+deb11u1  | wont-fix |
+    | High     | CVE-2023-29491 | ncurses-bin   | 6.2+20201114-2+deb11u1  | wont-fix |
+    | High     | CVE-2023-31484 | perl-base     | 5.32.1-4+deb11u2        | wont-fix |
+    | High     | CVE-2020-16156 | perl-base     | 5.32.1-4+deb11u2        | wont-fix |
+    
+    Vulnerability summary - 161 vulnerabilities found:
+    Image: nginx:1.22-patched
+      * 3 Critical
+      * 24 High
+      * 31 Medium
+      * 103 Other
+
+    Most vulnerable components:
+      * curl (7.74.0-1.3+deb11u7) - 1 Critical, 4 High, 5 Medium, 1 Low, 3 Negligible
+      * libcurl4 (7.74.0-1.3+deb11u7) - 1 Critical, 4 High, 5 Medium, 1 Low, 3 Negligible
+      * libtiff5 (4.2.0-1+deb11u4) - 7 Medium, 10 Negligible, 2 Unknown
+      * libxml2 (2.9.10+dfsg-6.7+deb11u4) - 1 High, 2 Medium
+      * perl-base (5.32.1-4+deb11u2) - 2 High, 2 Negligible
+    
+    What now?
+    ─────────
+    * Run with '--verbose'/'-v' flag for detailed vulnerabilities view
+    * Install Kubescape in your cluster for continuous monitoring and a full vulnerability report: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-cloud-operator
+    ```
+
+## Limitations
+
+- The patch command can only fix OS-level vulnerability. It cannot fix application-level vulnerabilities. This is a limitation of copa. The reason behind this is that application level vulnerabilities are best suited to be fixed by the developers of the application.
+Hence, this is not really a limitation but a design decision.
+- No support for windows containers given the dependency on buildkit.
--- a/cmd/patch/patch.go
+++ b/cmd/patch/patch.go
@@ -0,0 +1,144 @@
+package patch
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	ref "github.com/distribution/distribution/reference"
+	"github.com/docker/distribution/reference"
+
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v3/cmd/shared"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/pkg/imagescan"
+
+	"github.com/spf13/cobra"
+)
+
+var patchCmdExamples = fmt.Sprintf(`
+  # Patch the nginx:1.22 image
+  1) sudo buildkitd        # start buildkitd service, run in seperate terminal
+  2) sudo %[1]s patch --image docker.io/library/nginx:1.22   # patch the image
+
+  # The patch command can also be run without sudo privileges
+  # Documentation: https://github.com/kubescape/kubescape/tree/master/cmd/patch
+`, cautils.ExecName())
+
+func GetPatchCmd(ks meta.IKubescape) *cobra.Command {
+	var patchInfo metav1.PatchInfo
+	var scanInfo cautils.ScanInfo
+
+	patchCmd := &cobra.Command{
+		Use:     "patch --image <image>:<tag> [flags]",
+		Short:   "Patch container images with vulnerabilities",
+		Long:    `Patch command is for automatically patching images with vulnerabilities.`,
+		Example: patchCmdExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 0 {
+				return fmt.Errorf("the command takes no arguments")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if err := shared.ValidateImageScanInfo(&scanInfo); err != nil {
+				return err
+			}
+
+			if err := validateImagePatchInfo(&patchInfo); err != nil {
+				return err
+			}
+
+			results, err := ks.Patch(context.Background(), &patchInfo, &scanInfo)
+			if err != nil {
+				return err
+			}
+
+			if imagescan.ExceedsSeverityThreshold(results, imagescan.ParseSeverity(scanInfo.FailThresholdSeverity)) {
+				shared.TerminateOnExceedingSeverity(&scanInfo, logger.L())
+			}
+
+			return nil
+		},
+	}
+
+	patchCmd.PersistentFlags().StringVarP(&patchInfo.Image, "image", "i", "", "Application image name and tag to patch")
+	patchCmd.PersistentFlags().StringVarP(&patchInfo.PatchedImageTag, "tag", "t", "", "Tag for the patched image. Defaults to '<image-tag>-patched' ")
+	patchCmd.PersistentFlags().StringVarP(&patchInfo.BuildkitAddress, "address", "a", "unix:///run/buildkit/buildkitd.sock", "Address of buildkitd service, defaults to local buildkitd.sock")
+	patchCmd.PersistentFlags().DurationVar(&patchInfo.Timeout, "timeout", 5*time.Minute, "Timeout for the operation, defaults to '5m'")
+
+	patchCmd.PersistentFlags().StringVarP(&patchInfo.Username, "username", "u", "", "Username for registry login")
+	patchCmd.PersistentFlags().StringVarP(&patchInfo.Password, "password", "p", "", "Password for registry login")
+
+	patchCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "", `Output file format. Supported formats: "pretty-printer", "json", "sarif"`)
+	patchCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
+	patchCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display full report. Default to false")
+
+	patchCmd.PersistentFlags().StringVarP(&scanInfo.FailThresholdSeverity, "severity-threshold", "s", "", "Severity threshold is the severity of a vulnerability at which the command fails and returns exit code 1")
+
+	return patchCmd
+}
+
+// validateImagePatchInfo validates the image patch info for the `patch` command
+func validateImagePatchInfo(patchInfo *metav1.PatchInfo) error {
+
+	if patchInfo.Image == "" {
+		return errors.New("image tag is required")
+	}
+
+	// Convert image to canonical format (required by copacetic for patching images)
+	patchInfoImage, err := cautils.NormalizeImageName(patchInfo.Image)
+	if err != nil {
+		return nil
+	}
+
+	// Parse the image full name to get image name and tag
+	named, err := ref.ParseNamed(patchInfoImage)
+	if err != nil {
+		return err
+	}
+
+	// If no tag or digest is provided, default to 'latest'
+	if ref.IsNameOnly(named) {
+		logger.L().Warning("Image name has no tag or digest, using latest as tag")
+		named = ref.TagNameOnly(named)
+	}
+	patchInfo.Image = named.String()
+
+	// If no patched image tag is provided, default to '<image-tag>-patched'
+	if patchInfo.PatchedImageTag == "" {
+
+		taggedName, ok := named.(ref.Tagged)
+		if !ok {
+			return errors.New("unexpected error while parsing image tag")
+		}
+
+		patchInfo.ImageTag = taggedName.Tag()
+
+		if patchInfo.ImageTag == "" {
+			logger.L().Warning("No tag provided, defaulting to 'patched'")
+			patchInfo.PatchedImageTag = "patched"
+		} else {
+			patchInfo.PatchedImageTag = fmt.Sprintf("%s-%s", patchInfo.ImageTag, "patched")
+		}
+
+	}
+
+	// Extract the "image" name from the canonical Image URL
+	// If it's an official docker image, we store just the "image-name". Else if a docker repo then we store as "repo/image". Else complete URL
+	ref, _ := reference.ParseNormalizedNamed(patchInfo.Image)
+	imageName := named.Name()
+	if strings.Contains(imageName, "docker.io/library/") {
+		imageName = reference.Path(ref)
+		imageName = imageName[strings.LastIndex(imageName, "/")+1:]
+	} else if strings.Contains(imageName, "docker.io/") {
+		imageName = reference.Path(ref)
+	}
+	patchInfo.ImageName = imageName
+
+	return nil
+}
--- a/cmd/patch/patch_test.go
+++ b/cmd/patch/patch_test.go
@@ -0,0 +1,52 @@
+package patch
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetPatchCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	cmd := GetPatchCmd(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "patch --image <image>:<tag> [flags]", cmd.Use)
+	assert.Equal(t, "Patch container images with vulnerabilities", cmd.Short)
+	assert.Equal(t, "Patch command is for automatically patching images with vulnerabilities.", cmd.Long)
+	assert.Equal(t, patchCmdExamples, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	assert.Nil(t, err)
+
+	err = cmd.Args(&cobra.Command{}, []string{"test"})
+	expectedErrorMessage := "the command takes no arguments"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.RunE(&cobra.Command{}, []string{})
+	expectedErrorMessage = "image tag is required"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.RunE(&cobra.Command{}, []string{"patch", "--image", "docker.io/library/nginx:1.22"})
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
+
+func TestGetPatchCmdWithNonExistentImage(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	// Call the GetPatchCmd function
+	cmd := GetPatchCmd(mockKubescape)
+
+	// Run the command with a non-existent image argument
+	err := cmd.RunE(&cobra.Command{}, []string{"patch", "--image", "non-existent-image"})
+
+	// Check that there is an error and the error message is as expected
+	expectedErrorMessage := "image tag is required"
+	assert.Error(t, err)
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -6,20 +6,21 @@ import (

 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v2/cmd/completion"
-	"github.com/kubescape/kubescape/v2/cmd/config"
-	"github.com/kubescape/kubescape/v2/cmd/delete"
-	"github.com/kubescape/kubescape/v2/cmd/download"
-	"github.com/kubescape/kubescape/v2/cmd/fix"
-	"github.com/kubescape/kubescape/v2/cmd/list"
-	"github.com/kubescape/kubescape/v2/cmd/scan"
-	"github.com/kubescape/kubescape/v2/cmd/submit"
-	"github.com/kubescape/kubescape/v2/cmd/update"
-	"github.com/kubescape/kubescape/v2/cmd/version"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	"github.com/kubescape/kubescape/v2/core/core"
-	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v3/cmd/completion"
+	"github.com/kubescape/kubescape/v3/cmd/config"
+	"github.com/kubescape/kubescape/v3/cmd/download"
+	"github.com/kubescape/kubescape/v3/cmd/fix"
+	"github.com/kubescape/kubescape/v3/cmd/list"
+	"github.com/kubescape/kubescape/v3/cmd/operator"
+	"github.com/kubescape/kubescape/v3/cmd/patch"
+	"github.com/kubescape/kubescape/v3/cmd/scan"
+	"github.com/kubescape/kubescape/v3/cmd/update"
+	"github.com/kubescape/kubescape/v3/cmd/version"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/cautils/getter"
+	"github.com/kubescape/kubescape/v3/core/core"
+	"github.com/kubescape/kubescape/v3/core/meta"

 	"github.com/spf13/cobra"
 )
@@ -27,11 +28,11 @@ import (
 var rootInfo cautils.RootInfo

 var ksExamples = fmt.Sprintf(`
-  # Scan command
+  # Scan a Kubernetes cluster or YAML files for image vulnerabilities and misconfigurations
  %[1]s scan

-  # List supported frameworks
-  %[1]s list frameworks
+  # List supported controls
+  %[1]s list controls

  # Download artifacts (air-gapped environment support)
  %[1]s download artifacts
@@ -51,6 +52,13 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 		Use:     "kubescape",
 		Short:   "Kubescape is a tool for testing Kubernetes security posture. Docs: https://hub.armosec.io/docs",
 		Example: ksExamples,
+		PersistentPreRun: func(cmd *cobra.Command, args []string) {
+			k8sinterface.SetClusterContextName(rootInfo.KubeContext)
+			initLogger()
+			initLoggerLevel()
+			initEnvironment()
+			initCacheDir()
+		},
 	}

 	if cautils.IsKrewPlugin() {
@@ -63,9 +71,10 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 		rootCmd.SetUsageTemplate(newUsageTemplate)
 	}

-	rootCmd.PersistentFlags().StringVar(&rootInfo.KSCloudBEURLsDep, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().StringVar(&rootInfo.KSCloudBEURLs, "env", "", envFlagUsage)
-	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
+	rootCmd.PersistentFlags().StringVar(&rootInfo.DiscoveryServerURL, "server", "", "Backend discovery server URL")
+
+	rootCmd.PersistentFlags().MarkDeprecated("environment", "'environment' is no longer supported, Use 'server' instead. Feel free to contact the Kubescape maintainers for more information.")
+	rootCmd.PersistentFlags().MarkDeprecated("env", "'env' is no longer supported, Use 'server' instead. Feel free to contact the Kubescape maintainers for more information.")
 	rootCmd.PersistentFlags().MarkHidden("environment")
 	rootCmd.PersistentFlags().MarkHidden("env")

@@ -74,22 +83,31 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {

 	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
 	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
-	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
-	rootCmd.PersistentFlags().BoolVarP(&rootInfo.EnableColor, "enable-color", "", false, "Force enable Color output for logging")
-
-	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable color output for logging")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.EnableColor, "enable-color", "", false, "Force enable color output for logging")

+	rootCmd.PersistentFlags().StringVarP(&rootInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
 	// Supported commands
 	rootCmd.AddCommand(scan.GetScanCommand(ks))
 	rootCmd.AddCommand(download.GetDownloadCmd(ks))
-	rootCmd.AddCommand(delete.GetDeleteCmd(ks))
 	rootCmd.AddCommand(list.GetListCmd(ks))
-	rootCmd.AddCommand(submit.GetSubmitCmd(ks))
 	rootCmd.AddCommand(completion.GetCompletionCmd())
 	rootCmd.AddCommand(version.GetVersionCmd())
 	rootCmd.AddCommand(config.GetConfigCmd(ks))
 	rootCmd.AddCommand(update.GetUpdateCmd())
 	rootCmd.AddCommand(fix.GetFixCmd(ks))
+	rootCmd.AddCommand(patch.GetPatchCmd(ks))
+	rootCmd.AddCommand(operator.GetOperatorCmd(ks))
+
+	// deprecated commands
+	rootCmd.AddCommand(&cobra.Command{
+		Use:        "submit",
+		Deprecated: "This command is deprecated. Contact Kubescape maintainers for more information.",
+	})
+	rootCmd.AddCommand(&cobra.Command{
+		Use:        "delete",
+		Deprecated: "This command is deprecated. Contact Kubescape maintainers for more information.",
+	})

 	return rootCmd
 }
--- a/cmd/rootutils.go
+++ b/cmd/rootutils.go
@@ -5,15 +5,19 @@ import (
 	"os"
 	"strings"

+	v1 "github.com/kubescape/backend/pkg/client/v1"
+	"github.com/kubescape/backend/pkg/servicediscovery"
+	sdClientV2 "github.com/kubescape/backend/pkg/servicediscovery/v2"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/go-logger/iconlogger"
+	"github.com/kubescape/go-logger/zaplogger"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/cautils/getter"

 	"github.com/mattn/go-isatty"
 )

-const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
-
 func initLogger() {
 	logger.DisableColor(rootInfo.DisableColor)
 	logger.EnableColor(rootInfo.EnableColor)
@@ -23,9 +27,9 @@ func initLogger() {
 			rootInfo.LoggerName = l
 		} else {
 			if isatty.IsTerminal(os.Stdout.Fd()) {
-				rootInfo.LoggerName = "pretty"
+				rootInfo.LoggerName = iconlogger.LoggerName
 			} else {
-				rootInfo.LoggerName = "zap"
+				rootInfo.LoggerName = zaplogger.LoggerName
 			}
 		}
 	}
@@ -56,40 +60,51 @@ func initCacheDir() {
 	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
 }
 func initEnvironment() {
-	if rootInfo.KSCloudBEURLs == "" {
-		rootInfo.KSCloudBEURLs = rootInfo.KSCloudBEURLsDep
+	if rootInfo.DiscoveryServerURL == "" {
+		return
 	}
-	urlSlices := strings.Split(rootInfo.KSCloudBEURLs, ",")
-	if len(urlSlices) != 1 && len(urlSlices) < 3 {
-		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
-	}
-	switch len(urlSlices) {
-	case 1:
-		switch urlSlices[0] {
-		case "dev", "development":
-			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIDev())
-		case "stage", "staging":
-			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIStaging())
-		case "":
-			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIProd())
-		default:
-			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-		}
-	case 2:
-		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-	case 3, 4:
-		var ksAuthURL string
-		ksEventReceiverURL := urlSlices[0] // mandatory
-		ksBackendURL := urlSlices[1]       // mandatory
-		ksFrontendURL := urlSlices[2]      // mandatory
-		if len(urlSlices) >= 4 {
-			ksAuthURL = urlSlices[3]
-		}

-		getter.SetKSCloudAPIConnector(getter.NewKSCloudAPICustomized(
-			ksBackendURL, ksAuthURL,
-			getter.WithReportURL(ksEventReceiverURL),
-			getter.WithFrontendURL(ksFrontendURL),
-		))
+	logger.L().Debug("fetching URLs from service discovery server", helpers.String("server", rootInfo.DiscoveryServerURL))
+
+	client, err := sdClientV2.NewServiceDiscoveryClientV2(rootInfo.DiscoveryServerURL)
+	if err != nil {
+		logger.L().Fatal("failed to create service discovery client", helpers.Error(err), helpers.String("server", rootInfo.DiscoveryServerURL))
+		return
 	}
+
+	services, err := servicediscovery.GetServices(
+		client,
+	)
+
+	if err != nil {
+		logger.L().Fatal("failed to to get services from server", helpers.Error(err), helpers.String("server", rootInfo.DiscoveryServerURL))
+		return
+	}
+
+	logger.L().Debug("configuring service discovery URLs", helpers.String("cloudAPIURL", services.GetApiServerUrl()), helpers.String("cloudReportURL", services.GetReportReceiverHttpUrl()))
+
+	tenant := cautils.GetTenantConfig("", "", "", "", nil)
+	if services.GetApiServerUrl() != "" {
+		tenant.GetConfigObj().CloudAPIURL = services.GetApiServerUrl()
+	}
+	if services.GetReportReceiverHttpUrl() != "" {
+		tenant.GetConfigObj().CloudReportURL = services.GetReportReceiverHttpUrl()
+	}
+
+	if err = tenant.UpdateCachedConfig(); err != nil {
+		logger.L().Error("failed to update cached config", helpers.Error(err))
+	}
+
+	ksCloud, err := v1.NewKSCloudAPI(
+		services.GetApiServerUrl(),
+		services.GetReportReceiverHttpUrl(),
+		"",
+		"",
+	)
+	if err != nil {
+		logger.L().Fatal("failed to create KS Cloud client", helpers.Error(err))
+		return
+	}
+
+	getter.SetKSCloudAPIConnector(ksCloud)
 }
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -11,8 +11,9 @@ import (

 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v3/cmd/shared"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"

 	"github.com/spf13/cobra"
 )
@@ -91,6 +92,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			}

 			scanInfo.FrameworkScan = false
+			scanInfo.SetScanType(cautils.ScanTypeControl)

 			if err := validateControlScanInfo(scanInfo); err != nil {
 				return err
@@ -128,7 +130,7 @@ func validateControlScanInfo(scanInfo *cautils.ScanInfo) error {
 		return fmt.Errorf("you can use `omit-raw-resources` or `submit`, but not both")
 	}

-	if err := validateSeverity(severity); severity != "" && err != nil {
+	if err := shared.ValidateSeverity(severity); severity != "" && err != nil {
 		return err
 	}
 	return nil
--- a/cmd/scan/control_test.go
+++ b/cmd/scan/control_test.go
@@ -0,0 +1,60 @@
+package scan
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetControlCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	scanInfo := cautils.ScanInfo{
+		AccountID: "new",
+	}
+
+	cmd := getControlCmd(mockKubescape, &scanInfo)
+
+	// Verify the command name and short description
+	assert.Equal(t, "control <control names list>/<control ids list>", cmd.Use)
+	assert.Equal(t, fmt.Sprintf("The controls you wish to use. Run '%[1]s list controls' for the list of supported controls", cautils.ExecName()), cmd.Short)
+	assert.Equal(t, controlExample, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage := "requires at least one control name"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.Args(&cobra.Command{}, []string{"C-0001,C-0002"})
+	assert.Nil(t, err)
+
+	err = cmd.Args(&cobra.Command{}, []string{"C-0001,C-0002,"})
+	expectedErrorMessage = "usage: <control-0>,<control-1>"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.RunE(&cobra.Command{}, []string{})
+	expectedErrorMessage = "bad argument: accound ID must be a valid UUID"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
+
+func TestGetControlCmdWithNonExistentControl(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	scanInfo := cautils.ScanInfo{
+		AccountID: "new",
+	}
+
+	// Call the GetControlCmd function
+	cmd := getControlCmd(mockKubescape, &scanInfo)
+
+	// Run the command with a non-existent control argument
+	err := cmd.RunE(&cobra.Command{}, []string{"control", "C-0001,C-0002"})
+
+	// Check that there is an error and the error message is as expected
+	expectedErrorMessage := "bad argument: accound ID must be a valid UUID"
+	assert.Error(t, err)
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -15,9 +15,10 @@ import (

 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v3/cmd/shared"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/cautils/getter"
+	"github.com/kubescape/kubescape/v3/core/meta"

 	"github.com/spf13/cobra"
 )
@@ -42,7 +43,10 @@ var (
  Run '%[1]s list frameworks' for the list of supported frameworks
 `, cautils.ExecName())

-	ErrUnknownSeverity = errors.New("unknown severity")
+	ErrSecurityViewNotSupported = errors.New("security view is not supported for framework scan")
+	ErrBadThreshold             = errors.New("bad argument: out of range threshold")
+	ErrKeepLocalOrSubmit        = errors.New("you can use `keep-local` or `submit`, but not both")
+	ErrOmitRawResourcesOrSubmit = errors.New("you can use `omit-raw-resources` or `submit`, but not both")
 )

 func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
@@ -122,9 +126,6 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				logger.L().Fatal(err.Error())
 			}

-			if !scanInfo.VerboseMode && scanInfo.ScanType == cautils.ScanTypeFramework {
-				logger.L().Info("Run with '--verbose'/'-v' flag for detailed resources view\n")
-			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
@@ -136,12 +137,13 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 			return nil
 		},
 	}
+
 }

 // countersExceedSeverityThreshold returns true if severity of failed controls exceed the set severity threshold, else returns false
 func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo) (bool, error) {
 	targetSeverity := scanInfo.FailThresholdSeverity
-	if err := validateSeverity(targetSeverity); err != nil {
+	if err := shared.ValidateSeverity(targetSeverity); err != nil {
 		return false, err
 	}

@@ -195,36 +197,29 @@ func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters,
 	}
 }

-// validateSeverity returns an error if a given severity is not known, nil otherwise
-func validateSeverity(severity string) error {
-	for _, val := range reporthandlingapis.GetSupportedSeverities() {
-		if strings.EqualFold(severity, val) {
-			return nil
-		}
-	}
-	return ErrUnknownSeverity
-
-}
-
 // validateFrameworkScanInfo validates the scan info struct for the `scan framework` command
 func validateFrameworkScanInfo(scanInfo *cautils.ScanInfo) error {
+	if scanInfo.View == string(cautils.SecurityViewType) {
+		scanInfo.View = string(cautils.ResourceViewType)
+	}
+
 	if scanInfo.Submit && scanInfo.Local {
-		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
+		return ErrKeepLocalOrSubmit
 	}
 	if 100 < scanInfo.ComplianceThreshold || 0 > scanInfo.ComplianceThreshold {
-		return fmt.Errorf("bad argument: out of range threshold")
+		return ErrBadThreshold
 	}
 	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
-		return fmt.Errorf("bad argument: out of range threshold")
+		return ErrBadThreshold
 	}
 	if scanInfo.Submit && scanInfo.OmitRawResources {
-		return fmt.Errorf("you can use `omit-raw-resources` or `submit`, but not both")
+		return ErrOmitRawResourcesOrSubmit
 	}
 	severity := scanInfo.FailThresholdSeverity
-	if err := validateSeverity(severity); severity != "" && err != nil {
+	if err := shared.ValidateSeverity(severity); severity != "" && err != nil {
 		return err
 	}

 	// Validate the user's credentials
-	return scanInfo.Credentials.Validate()
+	return cautils.ValidateAccountID(scanInfo.AccountID)
 }
--- a/cmd/scan/framework_test.go
+++ b/cmd/scan/framework_test.go
@@ -0,0 +1,60 @@
+package scan
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetFrameworkCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	scanInfo := cautils.ScanInfo{
+		AccountID: "new",
+	}
+
+	cmd := getFrameworkCmd(mockKubescape, &scanInfo)
+
+	// Verify the command name and short description
+	assert.Equal(t, "framework <framework names list> [`<glob pattern>`/`-`] [flags]", cmd.Use)
+	assert.Equal(t, fmt.Sprintf("The framework you wish to use. Run '%[1]s list frameworks' for the list of supported frameworks", cautils.ExecName()), cmd.Short)
+	assert.Equal(t, frameworkExample, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage := "requires at least one framework name"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.Args(&cobra.Command{}, []string{"nsa,mitre"})
+	assert.Nil(t, err)
+
+	err = cmd.Args(&cobra.Command{}, []string{"nsa,mitre,"})
+	expectedErrorMessage = "usage: <framework-0>,<framework-1>"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.RunE(&cobra.Command{}, []string{})
+	expectedErrorMessage = "bad argument: accound ID must be a valid UUID"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
+
+func TestGetFrameworkCmdWithNonExistentFramework(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	scanInfo := cautils.ScanInfo{
+		AccountID: "new",
+	}
+
+	// Call the GetFrameworkCmd function
+	cmd := getFrameworkCmd(mockKubescape, &scanInfo)
+
+	// Run the command with a non-existent framework argument
+	err := cmd.RunE(&cobra.Command{}, []string{"framework", "nsa,mitre"})
+
+	// Check that there is an error and the error message is as expected
+	expectedErrorMessage := "bad argument: accound ID must be a valid UUID"
+	assert.Error(t, err)
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
--- a/cmd/scan/image.go
+++ b/cmd/scan/image.go
@@ -5,40 +5,34 @@ import (
 	"fmt"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/iconlogger"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/core"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling"
-	"github.com/kubescape/kubescape/v2/pkg/imagescan"
+	"github.com/kubescape/kubescape/v3/cmd/shared"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"
+	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v3/pkg/imagescan"

 	"github.com/spf13/cobra"
 )

-type imageScanInfo struct {
-	Username string
-	Password string
-}
-
 // TODO(vladklokun): document image scanning on the Kubescape Docs Hub?
 var (
 	imageExample = fmt.Sprintf(`
-  This command is still in BETA. Feel free to contact the kubescape maintainers for more information.
-  
  Scan an image for vulnerabilities. 

  # Scan the 'nginx' image
  %[1]s scan image "nginx"

-  # Image scan documentation:
-  # https://hub.armosec.io/docs/images
+  # Scan the 'nginx' image and see the full report 
+  %[1]s scan image "nginx" -v
+
 `, cautils.ExecName())
 )

-// imageCmd represents the image command
-func getImageCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo, imgScanInfo *imageScanInfo) *cobra.Command {
+// getImageCmd returns the scan image command
+func getImageCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
+	var imgCredentials shared.ImageCredentials
 	cmd := &cobra.Command{
-		Use:     "image <IMAGE_NAME>",
+		Use:     "image <image>:<tag> [flags]",
 		Short:   "Scan an image for vulnerabilities",
 		Example: imageExample,
 		Args: func(cmd *cobra.Command, args []string) error {
@@ -48,70 +42,35 @@ func getImageCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo, imgScanInfo *im
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
-			if err := validateImageScanInfo(scanInfo); err != nil {
+			if len(args) != 1 {
+				return fmt.Errorf("the command takes exactly one image name as an argument")
+			}
+
+			if err := shared.ValidateImageScanInfo(scanInfo); err != nil {
 				return err
 			}
-			failOnSeverity := imagescan.ParseSeverity(scanInfo.FailThresholdSeverity)

-			ctx := context.Background()
-
-			logger.InitLogger(iconlogger.LoggerName)
-
-			dbCfg, _ := imagescan.NewDefaultDBConfig()
-			svc := imagescan.NewScanService(dbCfg)
-
-			creds := imagescan.RegistryCredentials{
-				Username: imgScanInfo.Username,
-				Password: imgScanInfo.Password,
+			imgScanInfo := &metav1.ImageScanInfo{
+				Image:    args[0],
+				Username: imgCredentials.Username,
+				Password: imgCredentials.Password,
 			}

-			userInput := args[0]
-
-			logger.L().Start(fmt.Sprintf("Scanning image: %s", userInput))
-			scanResults, err := svc.Scan(ctx, userInput, creds)
+			results, err := ks.ScanImage(context.Background(), imgScanInfo, scanInfo)
 			if err != nil {
-				logger.L().StopError(fmt.Sprintf("Failed to scan image: %s", userInput))
 				return err
 			}
-			logger.L().StopSuccess(fmt.Sprintf("Successfully scanned image: %s", userInput))

-			scanInfo.SetScanType(cautils.ScanTypeImage)
-
-			outputPrinters := core.GetOutputPrinters(scanInfo, ctx)
-
-			uiPrinter := core.GetUIPrinter(ctx, scanInfo)
-
-			resultsHandler := resultshandling.NewResultsHandler(nil, outputPrinters, uiPrinter)
-
-			resultsHandler.ImageScanData = []cautils.ImageScanData{
-				{
-					PresenterConfig: scanResults,
-					Image:           userInput,
-				},
+			if imagescan.ExceedsSeverityThreshold(results, imagescan.ParseSeverity(scanInfo.FailThresholdSeverity)) {
+				shared.TerminateOnExceedingSeverity(scanInfo, logger.L())
 			}

-			resultsHandler.HandleResults(ctx)
-
-			if imagescan.ExceedsSeverityThreshold(scanResults, failOnSeverity) {
-				terminateOnExceedingSeverity(scanInfo, logger.L())
-			}
-
-			return err
+			return nil
 		},
 	}

-	cmd.PersistentFlags().StringVarP(&imgScanInfo.Username, "username", "u", "", "Username for registry login")
-	cmd.PersistentFlags().StringVarP(&imgScanInfo.Password, "password", "p", "", "Password for registry login")
+	cmd.PersistentFlags().StringVarP(&imgCredentials.Username, "username", "u", "", "Username for registry login")
+	cmd.PersistentFlags().StringVarP(&imgCredentials.Password, "password", "p", "", "Password for registry login")

 	return cmd
 }
-
-// validateImageScanInfo validates the ScanInfo struct for the `image` command
-func validateImageScanInfo(scanInfo *cautils.ScanInfo) error {
-	severity := scanInfo.FailThresholdSeverity
-
-	if err := validateSeverity(severity); severity != "" && err != nil {
-		return err
-	}
-	return nil
-}
--- a/cmd/scan/image_test.go
+++ b/cmd/scan/image_test.go
@@ -0,0 +1,35 @@
+package scan
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetImageCmd(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	scanInfo := cautils.ScanInfo{
+		AccountID: "new",
+	}
+
+	cmd := getImageCmd(mockKubescape, &scanInfo)
+
+	// Verify the command name and short description
+	assert.Equal(t, "image <image>:<tag> [flags]", cmd.Use)
+	assert.Equal(t, "Scan an image for vulnerabilities", cmd.Short)
+	assert.Equal(t, imageExample, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage := "the command takes exactly one image name as an argument"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.Args(&cobra.Command{}, []string{"nginx"})
+	assert.Nil(t, err)
+
+	err = cmd.RunE(&cobra.Command{}, []string{})
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -6,10 +6,9 @@ import (
 	"fmt"
 	"strings"

-	"github.com/kubescape/k8s-interface/k8sinterface"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/cautils/getter"
+	"github.com/kubescape/kubescape/v3/core/meta"
 	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	"github.com/spf13/cobra"
 )
@@ -17,14 +16,14 @@ import (
 var scanCmdExamples = fmt.Sprintf(`
  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defined frameworks 
  
-  # Scan current cluster with all frameworks
+  # Scan current cluster
  %[1]s scan

-  # Scan kubernetes YAML manifest files
+  # Scan kubernetes manifest files 
  %[1]s scan .

  # Scan and save the results in the JSON format
-  %[1]s scan --format json --output results.json --format-version=v2
+  %[1]s scan --format json --output results.json

  # Display all resources
  %[1]s scan --verbose
@@ -39,18 +38,9 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	// scanCmd represents the scan command
 	scanCmd := &cobra.Command{
 		Use:     "scan",
-		Short:   "Scan the current running cluster or yaml files",
+		Short:   "Scan a Kubernetes cluster or YAML files for image vulnerabilities and misconfigurations",
 		Long:    `The action you want to perform`,
 		Example: scanCmdExamples,
-		Args: func(cmd *cobra.Command, args []string) error {
-			// setting input patterns for framework scan is only relevancy for non-security view
-			if len(args) > 0 && scanInfo.View != string(cautils.SecurityViewType) {
-				if args[0] != "framework" && args[0] != "control" {
-					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{strings.Join(getter.NativeFrameworks, ",")}, args...))
-				}
-			}
-			return nil
-		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			if scanInfo.View == string(cautils.SecurityViewType) {
 				setSecurityViewScanInfo(args, &scanInfo)
@@ -58,23 +48,18 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 				return securityScan(scanInfo, ks)
 			}

-			if len(args) == 0 {
-				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{strings.Join(getter.NativeFrameworks, ",")})
+			if len(args) == 0 || (args[0] != "framework" && args[0] != "control") {
+				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{strings.Join(getter.NativeFrameworks, ",")}, args...))
 			}
 			return nil
 		},
-		PreRun: func(cmd *cobra.Command, args []string) {
-			k8sinterface.SetClusterContextName(scanInfo.KubeContext)
-
-		},
 		PostRun: func(cmd *cobra.Command, args []string) {
 			// TODO - revert context
 		},
 	}

-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.CreateAccount, "create-account", false, "Create a Kubescape SaaS account ID account ID is not found in cache. After creating the account, the account ID will be saved in cache. In addition, the scanning results will be uploaded to the Kubescape SaaS")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.AccountID, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.AccessKey, "access-key", "", "", "Kubescape SaaS access key. Default will load access key from cache")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
@@ -84,12 +69,12 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().Float32VarP(&scanInfo.ComplianceThreshold, "compliance-threshold", "", 0, "Compliance threshold is the percent below which the command fails and returns exit code 1")

 	scanCmd.PersistentFlags().StringVar(&scanInfo.FailThresholdSeverity, "severity-threshold", "", "Severity threshold is the severity of failed controls at which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "", `Output file format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html", "sarif"`)
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output file format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html", "sarif"`)
 	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to configured backend.")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display all of the input resources and not only failed resources")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.View, "view", string(cautils.ResourceViewType), fmt.Sprintf("View results based on the %s/%s/%s. default is --view=%s", cautils.ResourceViewType, cautils.ControlViewType, cautils.SecurityViewType, cautils.ResourceViewType))
+	scanCmd.PersistentFlags().StringVar(&scanInfo.View, "view", string(cautils.SecurityViewType), fmt.Sprintf("View results based on the %s/%s/%s. default is --view=%s", cautils.ResourceViewType, cautils.ControlViewType, cautils.SecurityViewType, cautils.SecurityViewType))
 	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
 	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host scanner DaemonSet. Use this flag cautiously")
@@ -100,17 +85,13 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.PrintAttackTree, "print-attack-tree", "", false, "Print attack tree")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.ScanImages, "scan-images", "", false, "Scan resources images")

-	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")
 	scanCmd.PersistentFlags().MarkDeprecated("fail-threshold", "use '--compliance-threshold' flag instead. Flag will be removed at 1.Dec.2023")
-
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
-	scanCmd.PersistentFlags().MarkDeprecated("client-id", "login to Kubescape SaaS will be unsupported, please contact the Kubescape maintainers for more information")
-	scanCmd.PersistentFlags().MarkDeprecated("secret-key", "login to Kubescape SaaS will be unsupported, please contact the Kubescape maintainers for more information")
+	scanCmd.PersistentFlags().MarkDeprecated("create-account", "Create account is no longer supported. In case of a missing Account ID and a configured backend server, a new account id will be generated automatically by Kubescape. Feel free to contact the Kubescape maintainers for more information.")

 	// hidden flags
 	scanCmd.PersistentFlags().MarkHidden("omit-raw-resources")
 	scanCmd.PersistentFlags().MarkHidden("print-attack-tree")
+	scanCmd.PersistentFlags().MarkHidden("format-version")

 	// Retrieve --kubeconfig flag from https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/cmd.go
 	scanCmd.PersistentFlags().AddGoFlag(flag.Lookup("kubeconfig"))
@@ -119,17 +100,16 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	hostF.NoOptDefVal = "true"
 	hostF.DefValue = "false, for no TTY in stdin"
 	scanCmd.PersistentFlags().MarkHidden("enable-host-scan")
-	scanCmd.PersistentFlags().MarkDeprecated("enable-host-scan", "To activate the host scanner capability, proceed with the installation of the kubescape operator chart found here: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-cloud-operator. The flag will be removed at 1.Dec.2023")
+	scanCmd.PersistentFlags().MarkDeprecated("enable-host-scan", "To activate the host scanner capability, proceed with the installation of the kubescape operator chart found here: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator. The flag will be removed at 1.Dec.2023")

 	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes
-	scanCmd.PersistentFlags().MarkDeprecated("host-scan-yaml", "To activate the host scanner capability, proceed with the installation of the kubescape operator chart found here: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-cloud-operator. The flag will be removed at 1.Dec.2023")
+	scanCmd.PersistentFlags().MarkDeprecated("host-scan-yaml", "To activate the host scanner capability, proceed with the installation of the kubescape operator chart found here: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator. The flag will be removed at 1.Dec.2023")

 	scanCmd.AddCommand(getControlCmd(ks, &scanInfo))
 	scanCmd.AddCommand(getFrameworkCmd(ks, &scanInfo))
 	scanCmd.AddCommand(getWorkloadCmd(ks, &scanInfo))

-	isi := &imageScanInfo{}
-	scanCmd.AddCommand(getImageCmd(ks, &scanInfo, isi))
+	scanCmd.AddCommand(getImageCmd(ks, &scanInfo))

 	return scanCmd
 }
--- a/cmd/scan/scan_test.go
+++ b/cmd/scan/scan_test.go
@@ -4,8 +4,11 @@ import (
 	"context"

 	"github.com/kubescape/go-logger/helpers"
+	"github.com/stretchr/testify/assert"

-	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v3/cmd/shared"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
 	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
@@ -112,7 +115,7 @@ func TestExceedsSeverity(t *testing.T) {
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "unknown"},
 			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
 			Want:             false,
-			Error:            ErrUnknownSeverity,
+			Error:            shared.ErrUnknownSeverity,
 		},
 	}

@@ -361,3 +364,16 @@ func TestSetSecurityViewScanInfo(t *testing.T) {
 	}

 }
+
+func TestGetScanCommand(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+
+	cmd := GetScanCommand(mockKubescape)
+
+	// Verify the command name and short description
+	assert.Equal(t, "scan", cmd.Use)
+	assert.Equal(t, "Scan a Kubernetes cluster or YAML files for image vulnerabilities and misconfigurations", cmd.Short)
+	assert.Equal(t, "The action you want to perform", cmd.Long)
+	assert.Equal(t, scanCmdExamples, cmd.Example)
+}
--- a/cmd/scan/validators_test.go
+++ b/cmd/scan/validators_test.go
@@ -3,7 +3,8 @@ package scan
 import (
 	"testing"

-	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v3/cmd/shared"
+	"github.com/kubescape/kubescape/v3/core/cautils"
 )

 // Test_validateControlScanInfo tests how scan info is validated for the `scan control` command
@@ -26,7 +27,7 @@ func Test_validateControlScanInfo(t *testing.T) {
 		{
 			"Unknown severity should be invalid for scan info",
 			&cautils.ScanInfo{FailThresholdSeverity: "Unknown"},
-			ErrUnknownSeverity,
+			shared.ErrUnknownSeverity,
 		},
 	}

@@ -66,7 +67,17 @@ func Test_validateFrameworkScanInfo(t *testing.T) {
 		{
 			"Unknown severity should be invalid for scan info",
 			&cautils.ScanInfo{FailThresholdSeverity: "Unknown"},
-			ErrUnknownSeverity,
+			shared.ErrUnknownSeverity,
+		},
+		{
+			"Security view should be invalid for scan info",
+			&cautils.ScanInfo{View: string(cautils.SecurityViewType)},
+			nil,
+		},
+		{
+			"Empty view should be valid for scan info",
+			&cautils.ScanInfo{},
+			nil,
 		},
 	}

@@ -86,35 +97,6 @@ func Test_validateFrameworkScanInfo(t *testing.T) {
 	}
 }

-func Test_validateSeverity(t *testing.T) {
-	testCases := []struct {
-		Description string
-		Input       string
-		Want        error
-	}{
-		{"low should be a valid severity", "low", nil},
-		{"Low should be a valid severity", "Low", nil},
-		{"medium should be a valid severity", "medium", nil},
-		{"Medium should be a valid severity", "Medium", nil},
-		{"high should be a valid severity", "high", nil},
-		{"Critical should be a valid severity", "Critical", nil},
-		{"critical should be a valid severity", "critical", nil},
-		{"Unknown should be an invalid severity", "Unknown", ErrUnknownSeverity},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.Description, func(t *testing.T) {
-			input := testCase.Input
-			want := testCase.Want
-			got := validateSeverity(input)
-
-			if got != want {
-				t.Errorf("got: %v, want: %v", got, want)
-			}
-		})
-	}
-}
-
 func Test_validateWorkloadIdentifier(t *testing.T) {
 	testCases := []struct {
 		Description string
--- a/cmd/scan/workload.go
+++ b/cmd/scan/workload.go
@@ -7,8 +7,8 @@ import (
 	"strings"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/meta"
 	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	"github.com/kubescape/opa-utils/objectsenvelopes"

@@ -17,8 +17,6 @@ import (

 var (
 	workloadExample = fmt.Sprintf(`
-  This command is still in BETA. Feel free to contact the kubescape maintainers for more information.
-
  Scan a workload for misconfigurations and image vulnerabilities.

  # Scan an workload
@@ -52,6 +50,7 @@ func getWorkloadCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comma
 				return fmt.Errorf("usage: <kind>/<name> [`<glob pattern>`/`-`] [flags]")
 			}

+			// Looks strange, a bug maybe????
 			if scanInfo.ChartPath != "" && scanInfo.FilePath == "" {
 				return fmt.Errorf("usage: --chart-path <chart path> --file-path <file path>")
 			}
--- a/cmd/scan/workload_test.go
+++ b/cmd/scan/workload_test.go
@@ -3,9 +3,12 @@ package scan
 import (
 	"testing"

-	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/kubescape/v3/core/mocks"
 	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	"github.com/kubescape/opa-utils/objectsenvelopes"
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
 )

 func TestSetWorkloadScanInfo(t *testing.T) {
@@ -67,3 +70,27 @@ func TestSetWorkloadScanInfo(t *testing.T) {
 		)
 	}
 }
+
+func TestGetWorkloadCmd_ChartPathAndFilePathEmpty(t *testing.T) {
+	// Create a mock Kubescape interface
+	mockKubescape := &mocks.MockIKubescape{}
+	scanInfo := cautils.ScanInfo{
+		ChartPath: "temp",
+		FilePath:  "",
+	}
+
+	cmd := getWorkloadCmd(mockKubescape, &scanInfo)
+
+	// Verify the command name and short description
+	assert.Equal(t, "workload <kind>/<name> [`<glob pattern>`/`-`] [flags]", cmd.Use)
+	assert.Equal(t, "Scan a workload for misconfigurations and image vulnerabilities", cmd.Short)
+	assert.Equal(t, workloadExample, cmd.Example)
+
+	err := cmd.Args(&cobra.Command{}, []string{})
+	expectedErrorMessage := "usage: <kind>/<name> [`<glob pattern>`/`-`] [flags]"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+
+	err = cmd.Args(&cobra.Command{}, []string{"nginx"})
+	expectedErrorMessage = "invalid workload identifier"
+	assert.Equal(t, expectedErrorMessage, err.Error())
+}
--- a/cmd/shared/image_scan.go
+++ b/cmd/shared/image_scan.go
@@ -0,0 +1,18 @@
+package shared
+
+import "github.com/kubescape/kubescape/v3/core/cautils"
+
+type ImageCredentials struct {
+	Username string
+	Password string
+}
+
+// ValidateImageScanInfo validates the ScanInfo struct for image scanning commands
+func ValidateImageScanInfo(scanInfo *cautils.ScanInfo) error {
+	severity := scanInfo.FailThresholdSeverity
+
+	if err := ValidateSeverity(severity); severity != "" && err != nil {
+		return err
+	}
+	return nil
+}
--- a/cmd/shared/image_scan_test.go
+++ b/cmd/shared/image_scan_test.go
@@ -0,0 +1,61 @@
+package shared
+
+import (
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/stretchr/testify/assert"
+)
+
+// Validate a scanInfo struct with a valid fail threshold severity
+func TestValidateImageScanInfo(t *testing.T) {
+	testCases := []struct {
+		Description string
+		ScanInfo    *cautils.ScanInfo
+		Want        error
+	}{
+		{
+			"Empty scanInfo is valid",
+			&cautils.ScanInfo{},
+			nil,
+		},
+		{
+			"Empty severity is valid",
+			&cautils.ScanInfo{FailThresholdSeverity: ""},
+			nil,
+		},
+		{
+			"High severity is valid",
+			&cautils.ScanInfo{FailThresholdSeverity: "High"},
+			nil,
+		},
+		{
+			"HIGH severity is valid",
+			&cautils.ScanInfo{FailThresholdSeverity: "HIGH"},
+			nil,
+		},
+		{
+			"high severity is valid",
+			&cautils.ScanInfo{FailThresholdSeverity: "high"},
+			nil,
+		},
+		{
+			"Unknown severity is invalid",
+			&cautils.ScanInfo{FailThresholdSeverity: "unknown"},
+			ErrUnknownSeverity,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(
+			tc.Description,
+			func(t *testing.T) {
+				var want error = tc.Want
+
+				got := ValidateImageScanInfo(tc.ScanInfo)
+
+				assert.Equal(t, want, got)
+			},
+		)
+	}
+}
--- a/cmd/shared/scan.go
+++ b/cmd/shared/scan.go
@@ -0,0 +1,28 @@
+package shared
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	reporthandlingapis "github.com/kubescape/opa-utils/reporthandling/apis"
+)
+
+var ErrUnknownSeverity = fmt.Errorf("unknown severity. Supported severities are: %s", strings.Join(reporthandlingapis.GetSupportedSeverities(), ", "))
+
+// ValidateSeverity returns an error if a given severity is not known, nil otherwise
+func ValidateSeverity(severity string) error {
+	for _, val := range reporthandlingapis.GetSupportedSeverities() {
+		if strings.EqualFold(severity, val) {
+			return nil
+		}
+	}
+	return ErrUnknownSeverity
+
+}
+
+// TerminateOnExceedingSeverity terminates the program if the result exceeds the severity threshold
+func TerminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l helpers.ILogger) {
+	l.Fatal("result exceeds severity threshold", helpers.String("Set severity threshold", scanInfo.FailThresholdSeverity))
+}
--- a/cmd/shared/scan_test.go
+++ b/cmd/shared/scan_test.go
@@ -0,0 +1,124 @@
+package shared
+
+import (
+	"context"
+	"os"
+	"reflect"
+	"testing"
+
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
+)
+
+type spyLogMessage struct {
+	Message string
+	Details map[string]string
+}
+
+type spyLogger struct {
+	setItems []spyLogMessage
+}
+
+func (l *spyLogger) Error(msg string, details ...helpers.IDetails)       {}
+func (l *spyLogger) Success(msg string, details ...helpers.IDetails)     {}
+func (l *spyLogger) Warning(msg string, details ...helpers.IDetails)     {}
+func (l *spyLogger) Info(msg string, details ...helpers.IDetails)        {}
+func (l *spyLogger) Debug(msg string, details ...helpers.IDetails)       {}
+func (l *spyLogger) SetLevel(level string) error                         { return nil }
+func (l *spyLogger) GetLevel() string                                    { return "" }
+func (l *spyLogger) SetWriter(w *os.File)                                {}
+func (l *spyLogger) GetWriter() *os.File                                 { return &os.File{} }
+func (l *spyLogger) LoggerName() string                                  { return "" }
+func (l *spyLogger) Ctx(_ context.Context) helpers.ILogger               { return l }
+func (l *spyLogger) Start(msg string, details ...helpers.IDetails)       {}
+func (l *spyLogger) StopSuccess(msg string, details ...helpers.IDetails) {}
+func (l *spyLogger) StopError(msg string, details ...helpers.IDetails)   {}
+
+func (l *spyLogger) Fatal(msg string, details ...helpers.IDetails) {
+	firstDetail := details[0]
+	detailsMap := map[string]string{firstDetail.Key(): firstDetail.Value().(string)}
+
+	newMsg := spyLogMessage{msg, detailsMap}
+	l.setItems = append(l.setItems, newMsg)
+}
+
+func (l *spyLogger) GetSpiedItems() []spyLogMessage {
+	return l.setItems
+}
+
+func TestTerminateOnExceedingSeverity(t *testing.T) {
+	expectedMessage := "result exceeds severity threshold"
+	expectedKey := "Set severity threshold"
+
+	testCases := []struct {
+		Description     string
+		ExpectedMessage string
+		ExpectedKey     string
+		ExpectedValue   string
+		Logger          *spyLogger
+	}{
+		{
+			"Should log the Critical threshold that was set in scan info",
+			expectedMessage,
+			expectedKey,
+			apis.SeverityCriticalString,
+			&spyLogger{},
+		},
+		{
+			"Should log the High threshold that was set in scan info",
+			expectedMessage,
+			expectedKey,
+			apis.SeverityHighString,
+			&spyLogger{},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(
+			tc.Description,
+			func(t *testing.T) {
+				want := []spyLogMessage{
+					{tc.ExpectedMessage, map[string]string{tc.ExpectedKey: tc.ExpectedValue}},
+				}
+				scanInfo := &cautils.ScanInfo{FailThresholdSeverity: tc.ExpectedValue}
+
+				TerminateOnExceedingSeverity(scanInfo, tc.Logger)
+
+				got := tc.Logger.GetSpiedItems()
+				if !reflect.DeepEqual(got, want) {
+					t.Errorf("got: %v, want: %v", got, want)
+				}
+			},
+		)
+	}
+}
+
+func TestValidateSeverity(t *testing.T) {
+	testCases := []struct {
+		Description string
+		Input       string
+		Want        error
+	}{
+		{"low should be a valid severity", "low", nil},
+		{"Low should be a valid severity", "Low", nil},
+		{"medium should be a valid severity", "medium", nil},
+		{"Medium should be a valid severity", "Medium", nil},
+		{"high should be a valid severity", "high", nil},
+		{"Critical should be a valid severity", "Critical", nil},
+		{"critical should be a valid severity", "critical", nil},
+		{"Unknown should be an invalid severity", "Unknown", ErrUnknownSeverity},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.Description, func(t *testing.T) {
+			input := testCase.Input
+			want := testCase.Want
+			got := ValidateSeverity(input)
+
+			if got != want {
+				t.Errorf("got: %v, want: %v", got, want)
+			}
+		})
+	}
+}
--- a/cmd/submit/exceptions.go
+++ b/cmd/submit/exceptions.go
@@ -1,35 +0,0 @@
-package submit
-
-import (
-	"context"
-	"fmt"
-
-	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
-
-	"github.com/spf13/cobra"
-)
-
-func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Command {
-	return &cobra.Command{
-		Use:   "exceptions <full path to exceptions file>",
-		Short: "Submit exceptions to the Kubescape SaaS version",
-		Args: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 1 {
-				return fmt.Errorf("missing full path to exceptions file")
-			}
-			return nil
-		},
-		Run: func(cmd *cobra.Command, args []string) {
-
-			if err := flagValidationSubmit(submitInfo); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-
-			if err := ks.SubmitExceptions(context.TODO(), &submitInfo.Credentials, args[0]); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-		},
-	}
-}
--- a/cmd/submit/rbac.go
+++ b/cmd/submit/rbac.go
@@ -1,98 +0,0 @@
-package submit
-
-import (
-	"context"
-	"fmt"
-
-	"github.com/google/uuid"
-	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/k8s-interface/k8sinterface"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
-	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
-
-	"github.com/kubescape/rbac-utils/rbacscanner"
-	"github.com/spf13/cobra"
-)
-
-var (
-	rbacExamples = fmt.Sprintf(`
-	# Submit cluster's Role-Based Access Control(RBAC)
-	%[1]s submit rbac
-
-	# Submit cluster's Role-Based Access Control(RBAC) with account ID 
-	%[1]s submit rbac --account <account-id>
-	`, cautils.ExecName())
-)
-
-// getRBACCmd represents the RBAC command
-func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
-	return &cobra.Command{
-		Use:        "rbac",
-		Deprecated: "This command is deprecated and will not be supported after 1/Jan/2023. Please use the 'scan' command instead.",
-		Example:    rbacExamples,
-		Short:      "Submit cluster's Role-Based Access Control(RBAC)",
-		Long:       ``,
-		RunE: func(_ *cobra.Command, args []string) error {
-
-			if err := flagValidationSubmit(submitInfo); err != nil {
-				return err
-			}
-
-			k8s := k8sinterface.NewKubernetesApi()
-
-			// get config
-			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", "", k8s)
-			if err := clusterConfig.SetTenant(); err != nil {
-				logger.L().Error("failed setting account ID", helpers.Error(err))
-			}
-
-			if clusterConfig.GetAccountID() == "" {
-				return fmt.Errorf("account ID is not set, run '%[1]s submit rbac --account <account-id>'", cautils.ExecName())
-			}
-
-			// list RBAC
-			rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetContextName()))
-
-			// submit resources
-			r := reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj(), uuid.NewString(), reporterv2.SubmitContextRBAC)
-
-			submitInterfaces := cliinterfaces.SubmitInterfaces{
-				ClusterConfig: clusterConfig,
-				SubmitObjects: rbacObjects,
-				Reporter:      r,
-			}
-
-			if err := ks.Submit(context.TODO(), submitInterfaces); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-			return nil
-		},
-	}
-
-}
-
-// getKubernetesApi
-func getKubernetesApi() *k8sinterface.KubernetesApi {
-	if !k8sinterface.IsConnectedToCluster() {
-		return nil
-	}
-	return k8sinterface.NewKubernetesApi()
-}
-func getTenantConfig(credentials *cautils.Credentials, clusterName string, customClusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
-	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
-		return cautils.NewLocalConfig(getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
-	}
-	return cautils.NewClusterConfig(k8s, getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
-}
-
-// Check if the flag entered are valid
-func flagValidationSubmit(submitInfo *v1.Submit) error {
-
-	// Validate the user's credentials
-	return submitInfo.Credentials.Validate()
-}
--- a/cmd/submit/results.go
+++ b/cmd/submit/results.go
@@ -1,106 +0,0 @@
-package submit
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"os"
-
-	"github.com/google/uuid"
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
-
-	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/k8s-interface/workloadinterface"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
-	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
-	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
-
-	"github.com/spf13/cobra"
-)
-
-var formatVersion string
-
-type ResultsObject struct {
-	filePath     string
-	customerGUID string
-	clusterName  string
-}
-
-func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
-	return &ResultsObject{
-		filePath:     filePath,
-		customerGUID: customerGUID,
-		clusterName:  clusterName,
-	}
-}
-
-func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandlingv2.PostureReport, error) {
-	// load framework results from json file
-	report, err := loadResultsFromFile(resultsObject.filePath)
-	if err != nil {
-		return nil, err
-	}
-	return report, nil
-}
-
-func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
-	return map[string]workloadinterface.IMetadata{}, nil
-}
-
-func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
-	var resultsCmd = &cobra.Command{
-		Use:   fmt.Sprintf("results <json file>\nExample:\n$ %[1]s submit results path/to/results.json --format-version v2", cautils.ExecName()),
-		Short: "Submit a pre scanned results file. The file must be in json format",
-		Long:  ``,
-		RunE: func(cmd *cobra.Command, args []string) error {
-
-			if err := flagValidationSubmit(submitInfo); err != nil {
-				return err
-			}
-
-			if len(args) == 0 {
-				return fmt.Errorf("missing results file")
-			}
-
-			k8s := getKubernetesApi()
-
-			// get config
-			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", "", k8s)
-			if err := clusterConfig.SetTenant(); err != nil {
-				logger.L().Error("failed setting account ID", helpers.Error(err))
-			}
-
-			resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetContextName(), args[0])
-
-			r := reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj(), uuid.NewString(), reporterv2.SubmitContextScan)
-
-			submitInterfaces := cliinterfaces.SubmitInterfaces{
-				ClusterConfig: clusterConfig,
-				SubmitObjects: resultsObjects,
-				Reporter:      r,
-			}
-
-			if err := ks.Submit(context.TODO(), submitInterfaces); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-			return nil
-		},
-	}
-	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v2", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
-
-	return resultsCmd
-}
-func loadResultsFromFile(filePath string) (*reporthandlingv2.PostureReport, error) {
-	report := &reporthandlingv2.PostureReport{}
-	f, err := os.ReadFile(filePath)
-	if err != nil {
-		return nil, err
-	}
-	if err = json.Unmarshal(f, report); err != nil {
-		return report, fmt.Errorf("failed to unmarshal results file: %s, make sure you run kubescape with '--format=json --format-version=v2'", err.Error())
-	}
-	return report, nil
-}
--- a/cmd/submit/submit.go
+++ b/cmd/submit/submit.go
@@ -1,40 +0,0 @@
-package submit
-
-import (
-	"fmt"
-
-	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/meta"
-	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
-	"github.com/spf13/cobra"
-)
-
-var submitCmdExamples = fmt.Sprintf(`
-# Submit Kubescape scan results file
-%[1]s submit results
-
-# Submit exceptions file to Kubescape SaaS
-%[1]s submit exceptions
-`, cautils.ExecName())
-
-func GetSubmitCmd(ks meta.IKubescape) *cobra.Command {
-	var submitInfo metav1.Submit
-
-	submitCmd := &cobra.Command{
-		Use:     "submit <command>",
-		Short:   "Submit an object to the Kubescape SaaS version",
-		Long:    ``,
-		Example: submitCmdExamples,
-		Run: func(cmd *cobra.Command, args []string) {
-		},
-	}
-	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
-	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
-	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
-
-	submitCmd.AddCommand(getExceptionsCmd(ks, &submitInfo))
-	submitCmd.AddCommand(getResultsCmd(ks, &submitInfo))
-	submitCmd.AddCommand(getRBACCmd(ks, &submitInfo))
-
-	return submitCmd
-}
--- a/cmd/update/update.go
+++ b/cmd/update/update.go
@@ -5,15 +5,18 @@ package update
 //          kubescape update

 import (
+	"context"
 	"fmt"
+	"strings"

 	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/spf13/cobra"
 )

 const (
-	installationLink string = "https://github.com/kubescape/kubescape/blob/master/docs/installation.md"
+	installationLink string = "https://kubescape.io/docs/install-cli/"
 )

 var updateCmdExamples = fmt.Sprintf(`
@@ -24,16 +27,27 @@ var updateCmdExamples = fmt.Sprintf(`
 func GetUpdateCmd() *cobra.Command {
 	updateCmd := &cobra.Command{
 		Use:     "update",
-		Short:   "Update your version",
+		Short:   "Update to latest release version",
 		Long:    ``,
 		Example: updateCmdExamples,
 		RunE: func(_ *cobra.Command, args []string) error {
+			ctx := context.TODO()
+			v := cautils.NewVersionCheckHandler()
+			versionCheckRequest := cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "update")
+			v.CheckLatestVersion(ctx, versionCheckRequest)
+
 			//Checking the user's version of kubescape to the latest release
-			if cautils.BuildNumber == cautils.LatestReleaseVersion {
+			if cautils.BuildNumber == "" || strings.Contains(cautils.BuildNumber, "rc") {
+				//your version is unknown
+				fmt.Printf("Nothing to update: you are running the development version\n")
+			} else if cautils.LatestReleaseVersion == "" {
+				//Failed to check for updates
+				logger.L().Info(("Failed to check for updates"))
+			} else if cautils.BuildNumber == cautils.LatestReleaseVersion {
 				//your version == latest version
-				logger.L().Info(("You are in the latest version"))
+				logger.L().Info(("Nothing to update: you are running the latest version"), helpers.String("Version", cautils.BuildNumber))
 			} else {
-				fmt.Printf("please refer to our installation docs in the following link: %s", installationLink)
+				fmt.Printf("Version %s is available. Please refer to our installation documentation: %s\n", cautils.LatestReleaseVersion, installationLink)
 			}
 			return nil
 		},
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@@ -3,9 +3,9 @@ package version
 import (
 	"context"
 	"fmt"
-	"os"

-	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/spf13/cobra"
 )

@@ -17,12 +17,13 @@ func GetVersionCmd() *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			ctx := context.TODO()
 			v := cautils.NewIVersionCheckHandler(ctx)
-			v.CheckLatestVersion(ctx, cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
-			fmt.Fprintf(os.Stdout,
-				"Your current version is: %s [git enabled in build: %t]\n",
-				cautils.BuildNumber,
-				isGitEnabled(),
+			versionCheckRequest := cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version")
+			v.CheckLatestVersion(ctx, versionCheckRequest)
+			fmt.Fprintf(cmd.OutOrStdout(),
+				"Your current version is: %s\n",
+				versionCheckRequest.ClientVersion,
 			)
+			logger.L().Debug(fmt.Sprintf("git enabled in build: %t", isGitEnabled()))
 			return nil
 		},
 	}
--- a/cmd/version/version_test.go
+++ b/cmd/version/version_test.go
@@ -0,0 +1,45 @@
+package version
+
+import (
+	"bytes"
+	"io"
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetVersionCmd(t *testing.T) {
+	tests := []struct {
+		name        string
+		buildNumber string
+		want        string
+	}{
+		{
+			name:        "Undefined Build Number",
+			buildNumber: "",
+			want:        "Your current version is: unknown\n",
+		},
+		{
+			name:        "Defined Build Number: v3.0.1",
+			buildNumber: "v3.0.1",
+			want:        "Your current version is: v3.0.1\n",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			cautils.BuildNumber = tt.buildNumber
+
+			if cmd := GetVersionCmd(); cmd != nil {
+				buf := bytes.NewBufferString("")
+				cmd.SetOut(buf)
+				cmd.Execute()
+				out, err := io.ReadAll(buf)
+				if err != nil {
+					t.Fatal(err)
+				}
+				assert.Equal(t, tt.want, string(out))
+			}
+		})
+	}
+}
--- a/core/cautils/controllink_test.go
+++ b/core/cautils/controllink_test.go
@@ -0,0 +1,53 @@
+package cautils
+
+import (
+	"testing"
+)
+
+// Returns a valid URL when given a valid control ID.
+func TestGetControlLink_ValidControlID(t *testing.T) {
+	controlID := "cis-1.1.3"
+	expectedURL := "https://hub.armosec.io/docs/cis-1-1-3"
+
+	result := GetControlLink(controlID)
+
+	if result != expectedURL {
+		t.Errorf("Expected URL: %s, but got: %s", expectedURL, result)
+	}
+}
+
+// Replaces dots with hyphens in the control ID to generate the correct documentation link.
+func TestGetControlLink_DotsInControlID(t *testing.T) {
+	controlID := "cis.1.1.3"
+	expectedURL := "https://hub.armosec.io/docs/cis-1-1-3"
+
+	result := GetControlLink(controlID)
+
+	if result != expectedURL {
+		t.Errorf("Expected URL: %s, but got: %s", expectedURL, result)
+	}
+}
+
+// Returns a lowercase URL.
+func TestGetControlLink_LowercaseURL(t *testing.T) {
+	controlID := "CIS-1.1.3"
+	expectedURL := "https://hub.armosec.io/docs/cis-1-1-3"
+
+	result := GetControlLink(controlID)
+
+	if result != expectedURL {
+		t.Errorf("Expected URL: %s, but got: %s", expectedURL, result)
+	}
+}
+
+// Returns URL to armosec docs when given an empty control ID.
+func TestGetControlLink_EmptyControlID(t *testing.T) {
+	controlID := ""
+	expectedURL := "https://hub.armosec.io/docs/"
+
+	result := GetControlLink(controlID)
+
+	if result != expectedURL {
+		t.Errorf("Expected URL: %s, but got: %s", expectedURL, result)
+	}
+}
--- a/core/cautils/customerloader.go
+++ b/core/cautils/customerloader.go
@@ -3,24 +3,40 @@ package cautils
 import (
 	"context"
 	"encoding/json"
-	"fmt"
 	"os"
+	"path/filepath"
 	"regexp"
-	"strings"

 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

+	"github.com/google/uuid"
+	v1 "github.com/kubescape/backend/pkg/client/v1"
+	"github.com/kubescape/backend/pkg/servicediscovery"
+	servicediscoveryv1 "github.com/kubescape/backend/pkg/servicediscovery/v1"
+	servicediscoveryv2 "github.com/kubescape/backend/pkg/servicediscovery/v2"
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v3/core/cautils/getter"
 	corev1 "k8s.io/api/core/v1"
 )

 const (
-	configFileName         string = "config"
-	kubescapeNamespace     string = "kubescape"
-	kubescapeConfigMapName string = "kubescape-config"
+	configFileName     string = "config"
+	kubescapeNamespace string = "kubescape"
+
+	kubescapeConfigMapName      string = "kubescape-config" // deprecated - for backward compatibility
+	kubescapeCloudConfigMapName string = "ks-cloud-config"  // deprecated - for backward compatibility
+
+	cloudConfigMapLabelSelector string = "kubescape.io/infra=config"
+	credsLabelSelectors         string = "kubescape.io/infra=credentials" //nolint:gosec
+
+	// env vars
+	defaultConfigMapNamespaceEnvVar string = "KS_DEFAULT_CONFIGMAP_NAMESPACE"
+	accountIdEnvVar                 string = "KS_ACCOUNT_ID"
+	accessKeyEnvVar                 string = "KS_ACCESS_KEY"
+	cloudApiUrlEnvVar               string = "KS_CLOUD_API_URL"
+	cloudReportUrlEnvVar            string = "KS_CLOUD_REPORT_URL"
 )

 func ConfigFileFullPath() string { return getter.GetDefaultPath(configFileName + ".json") }
@@ -30,16 +46,11 @@ func ConfigFileFullPath() string { return getter.GetDefaultPath(configFileName +
 // ======================================================================================

 type ConfigObj struct {
-	AccountID          string `json:"accountID,omitempty"`
-	ClientID           string `json:"clientID,omitempty"`
-	SecretKey          string `json:"secretKey,omitempty"`
-	Token              string `json:"invitationParam,omitempty"`
-	CustomerAdminEMail string `json:"adminMail,omitempty"`
-	ClusterName        string `json:"clusterName,omitempty"`
-	CloudReportURL     string `json:"cloudReportURL,omitempty"`
-	CloudAPIURL        string `json:"cloudAPIURL,omitempty"`
-	CloudUIURL         string `json:"cloudUIURL,omitempty"`
-	CloudAuthURL       string `json:"cloudAuthURL,omitempty"`
+	AccountID      string `json:"accountID,omitempty"`
+	ClusterName    string `json:"clusterName,omitempty"`
+	CloudReportURL string `json:"cloudReportURL,omitempty"`
+	CloudAPIURL    string `json:"cloudAPIURL,omitempty"`
+	AccessKey      string `json:"accessKey,omitempty"`
 }

 // Config - convert ConfigObj to config file
@@ -47,17 +58,11 @@ func (co *ConfigObj) Config() []byte {

 	// remove cluster name before saving to file
 	clusterName := co.ClusterName
-	customerAdminEMail := co.CustomerAdminEMail
-	token := co.Token
 	co.ClusterName = ""
-	co.Token = ""
-	co.CustomerAdminEMail = ""

 	b, err := json.MarshalIndent(co, "", "  ")

 	co.ClusterName = clusterName
-	co.CustomerAdminEMail = customerAdminEMail
-	co.Token = token

 	if err == nil {
 		return b
@@ -73,24 +78,12 @@ func (co *ConfigObj) updateEmptyFields(inCO *ConfigObj) error {
 	if inCO.CloudAPIURL != "" {
 		co.CloudAPIURL = inCO.CloudAPIURL
 	}
-	if inCO.CloudAuthURL != "" {
-		co.CloudAuthURL = inCO.CloudAuthURL
-	}
 	if inCO.CloudReportURL != "" {
 		co.CloudReportURL = inCO.CloudReportURL
 	}
-	if inCO.CloudUIURL != "" {
-		co.CloudUIURL = inCO.CloudUIURL
-	}
 	if inCO.ClusterName != "" {
 		co.ClusterName = inCO.ClusterName
 	}
-	if inCO.CustomerAdminEMail != "" {
-		co.CustomerAdminEMail = inCO.CustomerAdminEMail
-	}
-	if inCO.Token != "" {
-		co.Token = inCO.Token
-	}

 	return nil
 }
@@ -99,27 +92,18 @@ func (co *ConfigObj) updateEmptyFields(inCO *ConfigObj) error {
 // =============================== interface ============================================
 // ======================================================================================
 type ITenantConfig interface {
-	// set
-	SetTenant() error
 	UpdateCachedConfig() error
 	DeleteCachedConfig(ctx context.Context) error
+	GenerateAccountID() (string, error)
+	DeleteCredentials() error

 	// getters
 	GetContextName() string
 	GetAccountID() string
-	GetTenantEmail() string
-	GetToken() string
-	GetClientID() string
-	GetSecretKey() string
+	GetAccessKey() string
 	GetConfigObj() *ConfigObj
 	GetCloudReportURL() string
 	GetCloudAPIURL() string
-	GetCloudUIURL() string
-	GetCloudAuthURL() string
-	// GetBackendAPI() getter.IBackend
-	// GenerateURL()
-
-	IsConfigFound() bool
 }

 // ======================================================================================
@@ -130,23 +114,19 @@ type ITenantConfig interface {
 var _ ITenantConfig = &LocalConfig{}

 type LocalConfig struct {
-	backendAPI getter.IBackend
-	configObj  *ConfigObj
+	configObj *ConfigObj
 }

-func NewLocalConfig(
-	backendAPI getter.IBackend, credentials *Credentials, clusterName string, customClusterName string) *LocalConfig {
-
+func NewLocalConfig(accountID, accessKey, clusterName, customClusterName string) *LocalConfig {
 	lc := &LocalConfig{
-		backendAPI: backendAPI,
-		configObj:  &ConfigObj{},
+		configObj: &ConfigObj{},
 	}
 	// get from configMap
 	if existsConfigFile() { // get from file
 		loadConfigFromFile(lc.configObj)
 	}

-	updateCredentials(lc.configObj, credentials)
+	updateCredentials(lc.configObj, accountID, accessKey)
 	updateCloudURLs(lc.configObj)

 	// If a custom cluster name is provided then set that name, else use the cluster's original name
@@ -156,59 +136,32 @@ func NewLocalConfig(
 		lc.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
 	}

-	lc.backendAPI.SetAccountID(lc.configObj.AccountID)
-	lc.backendAPI.SetClientID(lc.configObj.ClientID)
-	lc.backendAPI.SetSecretKey(lc.configObj.SecretKey)
-	if lc.configObj.CloudAPIURL != "" {
-		lc.backendAPI.SetCloudAPIURL(lc.configObj.CloudAPIURL)
-	} else {
-		lc.configObj.CloudAPIURL = lc.backendAPI.GetCloudAPIURL()
-	}
-	if lc.configObj.CloudAuthURL != "" {
-		lc.backendAPI.SetCloudAuthURL(lc.configObj.CloudAuthURL)
-	} else {
-		lc.configObj.CloudAuthURL = lc.backendAPI.GetCloudAuthURL()
-	}
-	if lc.configObj.CloudReportURL != "" {
-		lc.backendAPI.SetCloudReportURL(lc.configObj.CloudReportURL)
-	} else {
-		lc.configObj.CloudReportURL = lc.backendAPI.GetCloudReportURL()
-	}
-	if lc.configObj.CloudUIURL != "" {
-		lc.backendAPI.SetCloudUIURL(lc.configObj.CloudUIURL)
-	} else {
-		lc.configObj.CloudUIURL = lc.backendAPI.GetCloudUIURL()
-	}
-	logger.L().Debug("Kubescape Cloud URLs", helpers.String("api", lc.backendAPI.GetCloudAPIURL()), helpers.String("auth", lc.backendAPI.GetCloudAuthURL()), helpers.String("report", lc.backendAPI.GetCloudReportURL()), helpers.String("UI", lc.backendAPI.GetCloudUIURL()))
-
 	initializeCloudAPI(lc)

 	return lc
 }

 func (lc *LocalConfig) GetConfigObj() *ConfigObj  { return lc.configObj }
-func (lc *LocalConfig) GetTenantEmail() string    { return lc.configObj.CustomerAdminEMail }
 func (lc *LocalConfig) GetAccountID() string      { return lc.configObj.AccountID }
-func (lc *LocalConfig) GetClientID() string       { return lc.configObj.ClientID }
-func (lc *LocalConfig) GetSecretKey() string      { return lc.configObj.SecretKey }
 func (lc *LocalConfig) GetContextName() string    { return lc.configObj.ClusterName }
-func (lc *LocalConfig) GetToken() string          { return lc.configObj.Token }
 func (lc *LocalConfig) GetCloudReportURL() string { return lc.configObj.CloudReportURL }
 func (lc *LocalConfig) GetCloudAPIURL() string    { return lc.configObj.CloudAPIURL }
-func (lc *LocalConfig) GetCloudUIURL() string     { return lc.configObj.CloudUIURL }
-func (lc *LocalConfig) GetCloudAuthURL() string   { return lc.configObj.CloudAuthURL }
-func (lc *LocalConfig) IsConfigFound() bool       { return existsConfigFile() }
-func (lc *LocalConfig) SetTenant() error {
-
-	// Kubescape Cloud tenant GUID
-	if err := getTenantConfigFromBE(lc.backendAPI, lc.configObj); err != nil {
-		return err
-	}
-	lc.UpdateCachedConfig()
-	return nil
+func (lc *LocalConfig) GetAccessKey() string      { return lc.configObj.AccessKey }

+func (lc *LocalConfig) GenerateAccountID() (string, error) {
+	lc.configObj.AccountID = uuid.NewString()
+	err := lc.UpdateCachedConfig()
+	return lc.configObj.AccountID, err
 }
+
+func (lc *LocalConfig) DeleteCredentials() error {
+	lc.configObj.AccessKey = ""
+	lc.configObj.AccountID = ""
+	return lc.UpdateCachedConfig()
+}
+
 func (lc *LocalConfig) UpdateCachedConfig() error {
+	logger.L().Debug("updating cached config", helpers.Interface("configObj", lc.configObj))
 	return updateConfigFile(lc.configObj)
 }

@@ -219,26 +172,6 @@ func (lc *LocalConfig) DeleteCachedConfig(ctx context.Context) error {
 	return nil
 }

-func getTenantConfigFromBE(backendAPI getter.IBackend, configObj *ConfigObj) error {
-
-	// get from Kubescape Cloud API
-	tenantResponse, err := backendAPI.GetTenant()
-	if err == nil && tenantResponse != nil {
-		if tenantResponse.AdminMail != "" { // registered tenant
-			configObj.CustomerAdminEMail = tenantResponse.AdminMail
-		} else { // new tenant
-			configObj.Token = tenantResponse.Token
-			configObj.AccountID = tenantResponse.TenantID
-		}
-	} else {
-		if err != nil && !strings.Contains(err.Error(), "already exists") {
-			return err
-		}
-	}
-
-	return nil
-}
-
 // ======================================================================================
 // ========================== Cluster Config ============================================
 // ======================================================================================
@@ -251,8 +184,6 @@ KS_DEFAULT_CONFIGMAP_NAME  // name of configmap, if not set default is 'kubescap
 KS_DEFAULT_CONFIGMAP_NAMESPACE   // configmap namespace, if not set default is 'default'

 KS_ACCOUNT_ID
-KS_CLIENT_ID
-KS_SECRET_KEY

 TODO - support:
 KS_CACHE // path to cached files
@@ -260,20 +191,15 @@ KS_CACHE // path to cached files
 var _ ITenantConfig = &ClusterConfig{}

 type ClusterConfig struct {
-	backendAPI         getter.IBackend
 	k8s                *k8sinterface.KubernetesApi
 	configObj          *ConfigObj
-	configMapName      string
 	configMapNamespace string
 }

-func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, credentials *Credentials, clusterName string, customClusterName string) *ClusterConfig {
-	// var configObj *ConfigObj
+func NewClusterConfig(k8s *k8sinterface.KubernetesApi, accountID, accessKey, clusterName, customClusterName string) *ClusterConfig {
 	c := &ClusterConfig{
 		k8s:                k8s,
-		backendAPI:         backendAPI,
 		configObj:          &ConfigObj{},
-		configMapName:      getConfigMapName(),
 		configMapNamespace: GetConfigMapNamespace(),
 	}

@@ -282,12 +208,13 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 		loadConfigFromFile(c.configObj)
 	}

-	// second, load from configMap
-	if c.existsConfigMap() {
-		c.updateConfigEmptyFieldsFromConfigMap()
-	}
+	// second, load urls from config map
+	c.updateConfigEmptyFieldsFromKubescapeConfigMap()

-	updateCredentials(c.configObj, credentials)
+	// third, credentials from secret
+	c.updateConfigEmptyFieldsFromCredentialsSecret()
+
+	updateCredentials(c.configObj, accountID, accessKey)
 	updateCloudURLs(c.configObj)

 	// If a custom cluster name is provided then set that name, else use the cluster's original name
@@ -302,80 +229,23 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 	} else { // override the cluster name if it has unwanted characters
 		c.configObj.ClusterName = AdoptClusterName(c.configObj.ClusterName)
 	}
-
-	c.backendAPI.SetAccountID(c.configObj.AccountID)
-	c.backendAPI.SetClientID(c.configObj.ClientID)
-	c.backendAPI.SetSecretKey(c.configObj.SecretKey)
-	if c.configObj.CloudAPIURL != "" {
-		c.backendAPI.SetCloudAPIURL(c.configObj.CloudAPIURL)
-	} else {
-		c.configObj.CloudAPIURL = c.backendAPI.GetCloudAPIURL()
-	}
-	if c.configObj.CloudAuthURL != "" {
-		c.backendAPI.SetCloudAuthURL(c.configObj.CloudAuthURL)
-	} else {
-		c.configObj.CloudAuthURL = c.backendAPI.GetCloudAuthURL()
-	}
-	if c.configObj.CloudReportURL != "" {
-		c.backendAPI.SetCloudReportURL(c.configObj.CloudReportURL)
-	} else {
-		c.configObj.CloudReportURL = c.backendAPI.GetCloudReportURL()
-	}
-	if c.configObj.CloudUIURL != "" {
-		c.backendAPI.SetCloudUIURL(c.configObj.CloudUIURL)
-	} else {
-		c.configObj.CloudUIURL = c.backendAPI.GetCloudUIURL()
-	}
-	logger.L().Debug("Kubescape Cloud URLs", helpers.String("api", c.backendAPI.GetCloudAPIURL()), helpers.String("auth", c.backendAPI.GetCloudAuthURL()), helpers.String("report", c.backendAPI.GetCloudReportURL()), helpers.String("UI", c.backendAPI.GetCloudUIURL()))
-
 	initializeCloudAPI(c)
-
 	return c
 }

 func (c *ClusterConfig) GetConfigObj() *ConfigObj  { return c.configObj }
 func (c *ClusterConfig) GetDefaultNS() string      { return c.configMapNamespace }
 func (c *ClusterConfig) GetAccountID() string      { return c.configObj.AccountID }
-func (c *ClusterConfig) GetClientID() string       { return c.configObj.ClientID }
-func (c *ClusterConfig) GetSecretKey() string      { return c.configObj.SecretKey }
-func (c *ClusterConfig) GetTenantEmail() string    { return c.configObj.CustomerAdminEMail }
-func (c *ClusterConfig) GetToken() string          { return c.configObj.Token }
 func (c *ClusterConfig) GetCloudReportURL() string { return c.configObj.CloudReportURL }
 func (c *ClusterConfig) GetCloudAPIURL() string    { return c.configObj.CloudAPIURL }
-func (c *ClusterConfig) GetCloudUIURL() string     { return c.configObj.CloudUIURL }
-func (c *ClusterConfig) GetCloudAuthURL() string   { return c.configObj.CloudAuthURL }
-
-func (c *ClusterConfig) IsConfigFound() bool { return existsConfigFile() || c.existsConfigMap() }
-
-func (c *ClusterConfig) SetTenant() error {
-
-	// ARMO tenant GUID
-	if err := getTenantConfigFromBE(c.backendAPI, c.configObj); err != nil {
-		return err
-	}
-	c.UpdateCachedConfig()
-	return nil
-
-}
+func (c *ClusterConfig) GetAccessKey() string      { return c.configObj.AccessKey }

 func (c *ClusterConfig) UpdateCachedConfig() error {
-	// update/create config
-	if c.existsConfigMap() {
-		if err := c.updateConfigMap(); err != nil {
-			return err
-		}
-	} else {
-		if err := c.createConfigMap(); err != nil {
-			return err
-		}
-	}
+	logger.L().Debug("updating cached config", helpers.Interface("configObj", c.configObj))
 	return updateConfigFile(c.configObj)
 }

 func (c *ClusterConfig) DeleteCachedConfig(ctx context.Context) error {
-	if err := c.deleteConfigMap(); err != nil {
-		logger.L().Ctx(ctx).Warning(err.Error())
-	}
 	if err := DeleteConfigFile(); err != nil {
 		logger.L().Ctx(ctx).Warning(err.Error())
 	}
@@ -393,28 +263,86 @@ func (c *ClusterConfig) ToMapString() map[string]interface{} {
 	return m
 }

-func (c *ClusterConfig) updateConfigEmptyFieldsFromConfigMap() error {
-	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
+func (c *ClusterConfig) updateConfigEmptyFieldsFromKubescapeConfigMap() error {
+	configMaps, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).List(context.Background(), metav1.ListOptions{
+		LabelSelector: cloudConfigMapLabelSelector,
+	})
 	if err != nil {
 		return err
 	}
-
-	tempCO := ConfigObj{}
-	if jsonConf, ok := configMap.Data["config.json"]; ok {
-		json.Unmarshal([]byte(jsonConf), &tempCO)
-		return c.configObj.updateEmptyFields(&tempCO)
+	var ksConfigMap *corev1.ConfigMap
+	var urlsConfigMap *corev1.ConfigMap
+	if len(configMaps.Items) == 0 {
+		// try to find configmaps by name (for backward compatibility)
+		ksConfigMap, _ = c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), kubescapeConfigMapName, metav1.GetOptions{})
+		urlsConfigMap, _ = c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), kubescapeCloudConfigMapName, metav1.GetOptions{})
+	} else {
+		// use the first configmap with the label
+		ksConfigMap = &configMaps.Items[0]
+		urlsConfigMap = &configMaps.Items[0]
 	}
-	return err

+	if ksConfigMap != nil {
+		if jsonConf, ok := ksConfigMap.Data["clusterData"]; ok {
+			tempCO := ConfigObj{}
+			if err = json.Unmarshal([]byte(jsonConf), &tempCO); err != nil {
+				return err
+			}
+			c.configObj.updateEmptyFields(&tempCO)
+		}
+	}
+
+	if urlsConfigMap != nil {
+		if jsonConf, ok := urlsConfigMap.Data["services"]; ok {
+			services, err := servicediscovery.GetServices(
+				servicediscoveryv2.NewServiceDiscoveryStreamV2([]byte(jsonConf)),
+			)
+			if err != nil {
+				// try to parse as v1
+				services, err = servicediscovery.GetServices(
+					servicediscoveryv1.NewServiceDiscoveryStreamV1([]byte(jsonConf)),
+				)
+				if err != nil {
+					return err
+				}
+			}
+
+			if services.GetApiServerUrl() != "" {
+				c.configObj.CloudAPIURL = services.GetApiServerUrl()
+			}
+			if services.GetReportReceiverHttpUrl() != "" {
+				c.configObj.CloudReportURL = services.GetReportReceiverHttpUrl()
+			}
+		}
+	}
+
+	return err
 }

-func (c *ClusterConfig) loadConfigFromConfigMap() error {
-	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
+func (c *ClusterConfig) updateConfigEmptyFieldsFromCredentialsSecret() error {
+	secrets, err := c.k8s.KubernetesClient.CoreV1().Secrets(c.configMapNamespace).List(context.Background(),
+		metav1.ListOptions{LabelSelector: credsLabelSelectors})
 	if err != nil {
 		return err
 	}

-	return loadConfigFromData(c.configObj, configMap.Data)
+	if len(secrets.Items) == 0 {
+		return nil
+	}
+
+	if jsonConf, ok := secrets.Items[0].Data["account"]; ok {
+		if account := string(jsonConf); account != "" {
+			c.configObj.AccountID = account
+		}
+	}
+
+	if jsonConf, ok := secrets.Items[0].Data["accessKey"]; ok {
+		if accessKey := string(jsonConf); accessKey != "" {
+			c.configObj.AccessKey = accessKey
+		}
+	}
+
+	return nil
 }

 func loadConfigFromData(co *ConfigObj, data map[string]string) error {
@@ -428,107 +356,32 @@ func loadConfigFromData(co *ConfigObj, data map[string]string) error {

 	return e
 }
-func (c *ClusterConfig) existsConfigMap() bool {
-	_, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
-	// TODO - check if has customerGUID
-	return err == nil
-}
-
-func (c *ClusterConfig) GetValueByKeyFromConfigMap(key string) (string, error) {
-
-	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
-
-	if err != nil {
-		return "", err
-	}
-	if val, ok := configMap.Data[key]; ok {
-		return val, nil
-	} else {
-		return "", fmt.Errorf("value does not exist")
-	}
-}
-
-func GetValueFromConfigJson(key string) (string, error) {
-	data, err := os.ReadFile(ConfigFileFullPath())
-	if err != nil {
-		return "", err
-	}
-	var obj map[string]interface{}
-	if err := json.Unmarshal(data, &obj); err != nil {
-		return "", err
-	}
-	if val, ok := obj[key]; ok {
-		return fmt.Sprint(val), nil
-	} else {
-		return "", fmt.Errorf("value does not exist")
-	}
-
-}
-
-func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error {
-
-	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
-	if err != nil {
-		configMap = &corev1.ConfigMap{
-			ObjectMeta: metav1.ObjectMeta{
-				Name: c.configMapName,
-			},
-		}
-	}
-
-	if len(configMap.Data) == 0 {
-		configMap.Data = make(map[string]string)
-	}
-
-	configMap.Data[key] = value
-
-	if err != nil {
-		_, err = c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Create(context.Background(), configMap, metav1.CreateOptions{})
-	} else {
-		_, err = c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Update(context.Background(), configMap, metav1.UpdateOptions{})
-	}
-
-	return err
-}

 func existsConfigFile() bool {
 	_, err := os.ReadFile(ConfigFileFullPath())
 	return err == nil
 }

-func (c *ClusterConfig) createConfigMap() error {
-	if c.k8s == nil {
-		return nil
-	}
-	configMap := &corev1.ConfigMap{
-		ObjectMeta: metav1.ObjectMeta{
-			Name: c.configMapName,
-		},
-	}
-	c.updateConfigData(configMap)
-
-	_, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Create(context.Background(), configMap, metav1.CreateOptions{})
-	return err
-}
-
-func (c *ClusterConfig) updateConfigMap() error {
-	if c.k8s == nil {
-		return nil
-	}
-	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
-
-	if err != nil {
+func updateConfigFile(configObj *ConfigObj) error {
+	fullPath := ConfigFileFullPath()
+	dir := filepath.Dir(fullPath)
+	if err := os.MkdirAll(dir, 0755); err != nil {
 		return err
 	}

-	c.updateConfigData(configMap)
-
-	_, err = c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Update(context.Background(), configMap, metav1.UpdateOptions{})
-	return err
+	return os.WriteFile(fullPath, configObj.Config(), 0664) //nolint:gosec
 }

-func updateConfigFile(configObj *ConfigObj) error {
-	return os.WriteFile(ConfigFileFullPath(), configObj.Config(), 0664) //nolint:gosec
+func (c *ClusterConfig) GenerateAccountID() (string, error) {
+	c.configObj.AccountID = uuid.NewString()
+	err := c.UpdateCachedConfig()
+	return c.configObj.AccountID, err
+}
+
+func (c *ClusterConfig) DeleteCredentials() error {
+	c.configObj.AccountID = ""
+	c.configObj.AccessKey = ""
+	return c.UpdateCachedConfig()
 }

 func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) {
@@ -561,28 +414,6 @@ func readConfig(dat []byte, configObj *ConfigObj) error {
 	return nil
 }

-// Check if the customer is submitted
-func (clusterConfig *ClusterConfig) IsSubmitted() bool {
-	return clusterConfig.existsConfigMap() || existsConfigFile()
-}
-
-// Check if the customer is registered
-func (clusterConfig *ClusterConfig) IsRegistered() bool {
-
-	// get from armoBE
-	tenantResponse, err := clusterConfig.backendAPI.GetTenant()
-	if err == nil && tenantResponse != nil {
-		if tenantResponse.AdminMail != "" { // this customer already belongs to some user
-			return true
-		}
-	}
-	return false
-}
-
-func (clusterConfig *ClusterConfig) deleteConfigMap() error {
-	return clusterConfig.k8s.KubernetesClient.CoreV1().ConfigMaps(clusterConfig.configMapNamespace).Delete(context.Background(), clusterConfig.configMapName, metav1.DeleteOptions{})
-}
-
 func DeleteConfigFile() error {
 	return os.Remove(ConfigFileFullPath())
 }
@@ -595,67 +426,42 @@ func AdoptClusterName(clusterName string) string {
 	return re.ReplaceAllString(clusterName, "-")
 }

-func getConfigMapName() string {
-	if n := os.Getenv("KS_DEFAULT_CONFIGMAP_NAME"); n != "" {
-		return n
-	}
-	return kubescapeConfigMapName
-}
-
 // GetConfigMapNamespace returns the namespace of the cluster config, which is the same for all in-cluster components
 func GetConfigMapNamespace() string {
-	if n := os.Getenv("KS_DEFAULT_CONFIGMAP_NAMESPACE"); n != "" {
+	if n := os.Getenv(defaultConfigMapNamespaceEnvVar); n != "" {
 		return n
 	}
 	return kubescapeNamespace
 }

-func getAccountFromEnv(credentials *Credentials) {
-	// load from env
-	if accountID := os.Getenv("KS_ACCOUNT_ID"); credentials.Account == "" && accountID != "" {
-		credentials.Account = accountID
-	}
-	if clientID := os.Getenv("KS_CLIENT_ID"); credentials.ClientID == "" && clientID != "" {
-		credentials.ClientID = clientID
-	}
-	if secretKey := os.Getenv("KS_SECRET_KEY"); credentials.SecretKey == "" && secretKey != "" {
-		credentials.SecretKey = secretKey
-	}
-}
-
-func updateCredentials(configObj *ConfigObj, credentials *Credentials) {
-
-	if credentials == nil {
-		credentials = &Credentials{}
-	}
-	getAccountFromEnv(credentials)
-
-	if credentials.Account != "" {
-		configObj.AccountID = credentials.Account // override config Account
-	}
-	if credentials.ClientID != "" {
-		configObj.ClientID = credentials.ClientID // override config ClientID
-	}
-	if credentials.SecretKey != "" {
-		configObj.SecretKey = credentials.SecretKey // override config SecretKey
+func updateCredentials(configObj *ConfigObj, accountID, accessKey string) {
+	if accessKey != "" {
+		configObj.AccessKey = accessKey
 	}

+	if envAccessKey := os.Getenv(accessKeyEnvVar); envAccessKey != "" {
+		configObj.AccessKey = envAccessKey
+	}
+
+	if accountID != "" {
+		configObj.AccountID = accountID
+	}
+
+	if envAccountID := os.Getenv(accountIdEnvVar); envAccountID != "" {
+		configObj.AccountID = envAccountID
+	}
 }

 func getCloudURLsFromEnv(cloudURLs *CloudURLs) {
 	// load from env
-	if cloudAPIURL := os.Getenv("KS_CLOUD_API_URL"); cloudAPIURL != "" {
+	if cloudAPIURL := os.Getenv(cloudApiUrlEnvVar); cloudAPIURL != "" {
+		logger.L().Debug("cloud API URL updated from env var", helpers.Interface(cloudApiUrlEnvVar, cloudAPIURL))
 		cloudURLs.CloudAPIURL = cloudAPIURL
 	}
-	if cloudAuthURL := os.Getenv("KS_CLOUD_AUTH_URL"); cloudAuthURL != "" {
-		cloudURLs.CloudAuthURL = cloudAuthURL
-	}
-	if cloudReportURL := os.Getenv("KS_CLOUD_REPORT_URL"); cloudReportURL != "" {
+	if cloudReportURL := os.Getenv(cloudReportUrlEnvVar); cloudReportURL != "" {
+		logger.L().Debug("cloud Report URL updated from env var", helpers.Interface(cloudReportUrlEnvVar, cloudReportURL))
 		cloudURLs.CloudReportURL = cloudReportURL
 	}
-	if cloudUIURL := os.Getenv("KS_CLOUD_UI_URL"); cloudUIURL != "" {
-		cloudURLs.CloudUIURL = cloudUIURL
-	}
 }

 func updateCloudURLs(configObj *ConfigObj) {
@@ -666,26 +472,59 @@ func updateCloudURLs(configObj *ConfigObj) {
 	if cloudURLs.CloudAPIURL != "" {
 		configObj.CloudAPIURL = cloudURLs.CloudAPIURL // override config CloudAPIURL
 	}
-	if cloudURLs.CloudAuthURL != "" {
-		configObj.CloudAuthURL = cloudURLs.CloudAuthURL // override config CloudAuthURL
-	}
 	if cloudURLs.CloudReportURL != "" {
 		configObj.CloudReportURL = cloudURLs.CloudReportURL // override config CloudReportURL
 	}
-	if cloudURLs.CloudUIURL != "" {
-		configObj.CloudUIURL = cloudURLs.CloudUIURL // override config CloudUIURL
+
+}
+
+func initializeCloudAPI(c ITenantConfig) *v1.KSCloudAPI {
+	if ksCloud := getter.GetKSCloudAPIConnector(); ksCloud != nil {
+
+		if val := c.GetCloudAPIURL(); val != "" && val != ksCloud.GetCloudAPIURL() {
+			logger.L().Debug("updating KS Cloud API from config", helpers.String("old", ksCloud.GetCloudAPIURL()), helpers.String("new", val))
+			ksCloud.SetCloudAPIURL(val)
+		}
+		if val := c.GetCloudReportURL(); val != "" && val != ksCloud.GetCloudReportURL() {
+			logger.L().Debug("updating KS Cloud Report from config", helpers.String("old", ksCloud.GetCloudReportURL()), helpers.String("new", val))
+			ksCloud.SetCloudReportURL(val)
+		}
+		if val := c.GetAccountID(); val != "" && val != ksCloud.GetAccountID() {
+			logger.L().Debug("updating Account ID from config", helpers.String("old", ksCloud.GetAccountID()), helpers.String("new", val))
+			ksCloud.SetAccountID(val)
+		}
+		if val := c.GetAccessKey(); val != "" && val != ksCloud.GetAccessKey() {
+			logger.L().Debug("updating Access Key from config", helpers.Int("old (len)", len(ksCloud.GetAccessKey())), helpers.Int("new (len)", len(val)))
+			ksCloud.SetAccessKey(val)
+		}
+		getter.SetKSCloudAPIConnector(ksCloud)
+	} else {
+		logger.L().Debug("initializing KS Cloud API from config", helpers.String("accountID", c.GetAccountID()), helpers.String("cloudAPIURL", c.GetCloudAPIURL()), helpers.String("cloudReportURL", c.GetCloudReportURL()))
+		cloud, err := v1.NewKSCloudAPI(
+			c.GetCloudAPIURL(),
+			c.GetCloudReportURL(),
+			c.GetAccountID(),
+			c.GetAccessKey())
+		if err != nil {
+			logger.L().Fatal("failed to create KS Cloud client", helpers.Error(err))
+		}
+		getter.SetKSCloudAPIConnector(cloud)
 	}

+	return getter.GetKSCloudAPIConnector()
 }

-func initializeCloudAPI(c ITenantConfig) {
-	cloud := getter.GetKSCloudAPIConnector()
-	cloud.SetAccountID(c.GetAccountID())
-	cloud.SetClientID(c.GetClientID())
-	cloud.SetSecretKey(c.GetSecretKey())
-	cloud.SetCloudAuthURL(c.GetCloudAuthURL())
-	cloud.SetCloudReportURL(c.GetCloudReportURL())
-	cloud.SetCloudUIURL(c.GetCloudUIURL())
-	cloud.SetCloudAPIURL(c.GetCloudAPIURL())
-	getter.SetKSCloudAPIConnector(cloud)
+func GetTenantConfig(accountID, accessKey, clusterName, customClusterName string, k8s *k8sinterface.KubernetesApi) ITenantConfig {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
+		return NewLocalConfig(accountID, accessKey, clusterName, customClusterName)
+	}
+	return NewClusterConfig(k8s, accountID, accessKey, clusterName, customClusterName)
+}
+
+// firstNonEmpty returns the first non-empty string
+func firstNonEmpty(s1, s2 string) string {
+	if s1 != "" {
+		return s1
+	}
+	return s2
 }
--- a/core/cautils/customerloader_test.go
+++ b/core/cautils/customerloader_test.go
@@ -5,36 +5,28 @@ import (
 	"os"
 	"testing"

-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v3/core/cautils/getter"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 )

 func mockConfigObj() *ConfigObj {
 	return &ConfigObj{
-		AccountID:          "aaa",
-		ClientID:           "bbb",
-		SecretKey:          "ccc",
-		ClusterName:        "ddd",
-		CustomerAdminEMail: "ab@cd",
-		Token:              "eee",
-		CloudReportURL:     "report.armo.cloud",
-		CloudAPIURL:        "api.armosec.io",
-		CloudUIURL:         "cloud.armosec.io",
-		CloudAuthURL:       "auth.armosec.io",
+		AccountID:      "aaa",
+		ClusterName:    "ddd",
+		CloudReportURL: "report.domain.com",
+		CloudAPIURL:    "api.domain.com",
 	}
 }
 func mockLocalConfig() *LocalConfig {
 	return &LocalConfig{
-		backendAPI: nil,
-		configObj:  mockConfigObj(),
+		configObj: mockConfigObj(),
 	}
 }

 func mockClusterConfig() *ClusterConfig {
 	return &ClusterConfig{
-		backendAPI: nil,
-		configObj:  mockConfigObj(),
+		configObj: mockConfigObj(),
 	}
 }
 func TestConfig(t *testing.T) {
@@ -43,15 +35,9 @@ func TestConfig(t *testing.T) {

 	assert.NoError(t, json.Unmarshal(co.Config(), &cop))
 	assert.Equal(t, co.AccountID, cop.AccountID)
-	assert.Equal(t, co.ClientID, cop.ClientID)
-	assert.Equal(t, co.SecretKey, cop.SecretKey)
 	assert.Equal(t, co.CloudReportURL, cop.CloudReportURL)
 	assert.Equal(t, co.CloudAPIURL, cop.CloudAPIURL)
-	assert.Equal(t, co.CloudUIURL, cop.CloudUIURL)
-	assert.Equal(t, co.CloudAuthURL, cop.CloudAuthURL)
-	assert.Equal(t, "", cop.ClusterName)        // Not copied to bytes
-	assert.Equal(t, "", cop.CustomerAdminEMail) // Not copied to bytes
-	assert.Equal(t, "", cop.Token)              // Not copied to bytes
+	assert.Equal(t, "", cop.ClusterName) // Not copied to bytes

 }

@@ -65,27 +51,15 @@ func TestITenantConfig(t *testing.T) {

 	// test LocalConfig methods
 	assert.Equal(t, co.AccountID, lc.GetAccountID())
-	assert.Equal(t, co.ClientID, lc.GetClientID())
-	assert.Equal(t, co.SecretKey, lc.GetSecretKey())
 	assert.Equal(t, co.ClusterName, lc.GetContextName())
-	assert.Equal(t, co.CustomerAdminEMail, lc.GetTenantEmail())
-	assert.Equal(t, co.Token, lc.GetToken())
 	assert.Equal(t, co.CloudReportURL, lc.GetCloudReportURL())
 	assert.Equal(t, co.CloudAPIURL, lc.GetCloudAPIURL())
-	assert.Equal(t, co.CloudUIURL, lc.GetCloudUIURL())
-	assert.Equal(t, co.CloudAuthURL, lc.GetCloudAuthURL())

 	// test ClusterConfig methods
 	assert.Equal(t, co.AccountID, c.GetAccountID())
-	assert.Equal(t, co.ClientID, c.GetClientID())
-	assert.Equal(t, co.SecretKey, c.GetSecretKey())
 	assert.Equal(t, co.ClusterName, c.GetContextName())
-	assert.Equal(t, co.CustomerAdminEMail, c.GetTenantEmail())
-	assert.Equal(t, co.Token, c.GetToken())
 	assert.Equal(t, co.CloudReportURL, c.GetCloudReportURL())
 	assert.Equal(t, co.CloudAPIURL, c.GetCloudAPIURL())
-	assert.Equal(t, co.CloudUIURL, c.GetCloudUIURL())
-	assert.Equal(t, co.CloudAuthURL, c.GetCloudAuthURL())
 }

 func TestUpdateConfigData(t *testing.T) {
@@ -96,12 +70,8 @@ func TestUpdateConfigData(t *testing.T) {
 	c.updateConfigData(configMap)

 	assert.Equal(t, c.GetAccountID(), configMap.Data["accountID"])
-	assert.Equal(t, c.GetClientID(), configMap.Data["clientID"])
-	assert.Equal(t, c.GetSecretKey(), configMap.Data["secretKey"])
 	assert.Equal(t, c.GetCloudReportURL(), configMap.Data["cloudReportURL"])
 	assert.Equal(t, c.GetCloudAPIURL(), configMap.Data["cloudAPIURL"])
-	assert.Equal(t, c.GetCloudUIURL(), configMap.Data["cloudUIURL"])
-	assert.Equal(t, c.GetCloudAuthURL(), configMap.Data["cloudAuthURL"])
 }

 func TestReadConfig(t *testing.T) {
@@ -114,15 +84,9 @@ func TestReadConfig(t *testing.T) {
 	readConfig(b, co)

 	assert.Equal(t, com.AccountID, co.AccountID)
-	assert.Equal(t, com.ClientID, co.ClientID)
-	assert.Equal(t, com.SecretKey, co.SecretKey)
 	assert.Equal(t, com.ClusterName, co.ClusterName)
-	assert.Equal(t, com.CustomerAdminEMail, co.CustomerAdminEMail)
-	assert.Equal(t, com.Token, co.Token)
 	assert.Equal(t, com.CloudReportURL, co.CloudReportURL)
 	assert.Equal(t, com.CloudAPIURL, co.CloudAPIURL)
-	assert.Equal(t, com.CloudUIURL, co.CloudUIURL)
-	assert.Equal(t, com.CloudAuthURL, co.CloudAuthURL)
 }

 func TestLoadConfigFromData(t *testing.T) {
@@ -141,15 +105,9 @@ func TestLoadConfigFromData(t *testing.T) {
 		loadConfigFromData(c.configObj, configMap.Data)

 		assert.Equal(t, c.GetAccountID(), co.AccountID)
-		assert.Equal(t, c.GetClientID(), co.ClientID)
-		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
 		assert.Equal(t, c.GetContextName(), co.ClusterName)
-		assert.Equal(t, c.GetTenantEmail(), co.CustomerAdminEMail)
-		assert.Equal(t, c.GetToken(), co.Token)
 		assert.Equal(t, c.GetCloudReportURL(), co.CloudReportURL)
 		assert.Equal(t, c.GetCloudAPIURL(), co.CloudAPIURL)
-		assert.Equal(t, c.GetCloudUIURL(), co.CloudUIURL)
-		assert.Equal(t, c.GetCloudAuthURL(), co.CloudAuthURL)
 	}

 	// use case: all data is in config.json
@@ -167,12 +125,8 @@ func TestLoadConfigFromData(t *testing.T) {
 		loadConfigFromData(c.configObj, configMap.Data)

 		assert.Equal(t, c.GetAccountID(), co.AccountID)
-		assert.Equal(t, c.GetClientID(), co.ClientID)
-		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
 		assert.Equal(t, c.GetCloudReportURL(), co.CloudReportURL)
 		assert.Equal(t, c.GetCloudAPIURL(), co.CloudAPIURL)
-		assert.Equal(t, c.GetCloudUIURL(), co.CloudUIURL)
-		assert.Equal(t, c.GetCloudAuthURL(), co.CloudAuthURL)
 	}

 	// use case: some data is in config.json
@@ -183,21 +137,15 @@ func TestLoadConfigFromData(t *testing.T) {
 		}

 		// add to map
-		configMap.Data["clientID"] = c.configObj.ClientID
-		configMap.Data["secretKey"] = c.configObj.SecretKey
 		configMap.Data["cloudReportURL"] = c.configObj.CloudReportURL

 		// delete the content
-		c.configObj.ClientID = ""
-		c.configObj.SecretKey = ""
 		c.configObj.CloudReportURL = ""

 		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
 		loadConfigFromData(c.configObj, configMap.Data)

 		assert.NotEmpty(t, c.GetAccountID())
-		assert.NotEmpty(t, c.GetClientID())
-		assert.NotEmpty(t, c.GetSecretKey())
 		assert.NotEmpty(t, c.GetCloudReportURL())
 	}

@@ -212,19 +160,11 @@ func TestLoadConfigFromData(t *testing.T) {

 		// add to map
 		configMap.Data["accountID"] = mockConfigObj().AccountID
-		configMap.Data["clientID"] = c.configObj.ClientID
-		configMap.Data["secretKey"] = c.configObj.SecretKey
-
-		// delete the content
-		c.configObj.ClientID = ""
-		c.configObj.SecretKey = ""

 		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
 		loadConfigFromData(c.configObj, configMap.Data)

 		assert.Equal(t, mockConfigObj().AccountID, c.GetAccountID())
-		assert.NotEmpty(t, c.GetClientID())
-		assert.NotEmpty(t, c.GetSecretKey())
 	}

 }
@@ -289,13 +229,9 @@ func Test_initializeCloudAPI(t *testing.T) {
 		t.Run(tt.name, func(t *testing.T) {
 			initializeCloudAPI(tt.args.c)
 			cloud := getter.GetKSCloudAPIConnector()
-			assert.Equal(t, tt.args.c.GetCloudAPIURL(), cloud.GetCloudAPIURL())
-			assert.Equal(t, tt.args.c.GetCloudAuthURL(), cloud.GetCloudAuthURL())
-			assert.Equal(t, tt.args.c.GetCloudUIURL(), cloud.GetCloudUIURL())
-			assert.Equal(t, tt.args.c.GetCloudReportURL(), cloud.GetCloudReportURL())
+			assert.Equal(t, "https://api.domain.com", cloud.GetCloudAPIURL())
+			assert.Equal(t, "https://report.domain.com", cloud.GetCloudReportURL())
 			assert.Equal(t, tt.args.c.GetAccountID(), cloud.GetAccountID())
-			assert.Equal(t, tt.args.c.GetClientID(), cloud.GetClientID())
-			assert.Equal(t, tt.args.c.GetSecretKey(), cloud.GetSecretKey())
 		})
 	}
 }
@@ -354,90 +290,58 @@ func TestUpdateEmptyFields(t *testing.T) {
 	}{
 		{
 			outCo: &ConfigObj{
-				AccountID:          "",
-				Token:              "",
-				CustomerAdminEMail: "",
-				ClusterName:        "",
-				CloudReportURL:     "",
-				CloudAPIURL:        "",
-				CloudUIURL:         "",
-				CloudAuthURL:       "",
+				AccountID:      "",
+				ClusterName:    "",
+				CloudReportURL: "",
+				CloudAPIURL:    "",
 			},
 			inCo: &ConfigObj{
-				AccountID:          shouldUpdate,
-				Token:              shouldUpdate,
-				CustomerAdminEMail: shouldUpdate,
-				ClusterName:        shouldUpdate,
-				CloudReportURL:     shouldUpdate,
-				CloudAPIURL:        shouldUpdate,
-				CloudUIURL:         shouldUpdate,
-				CloudAuthURL:       shouldUpdate,
+				AccountID:      shouldUpdate,
+				ClusterName:    shouldUpdate,
+				CloudReportURL: shouldUpdate,
+				CloudAPIURL:    shouldUpdate,
 			},
 		},
 		{
 			outCo: &ConfigObj{
-				AccountID:          anyString,
-				Token:              anyString,
-				CustomerAdminEMail: "",
-				ClusterName:        "",
-				CloudReportURL:     "",
-				CloudAPIURL:        "",
-				CloudUIURL:         "",
-				CloudAuthURL:       "",
+				AccountID:      anyString,
+				ClusterName:    "",
+				CloudReportURL: "",
+				CloudAPIURL:    "",
 			},
 			inCo: &ConfigObj{
-				AccountID:          shouldNotUpdate,
-				Token:              shouldNotUpdate,
-				CustomerAdminEMail: shouldUpdate,
-				ClusterName:        shouldUpdate,
-				CloudReportURL:     shouldUpdate,
-				CloudAPIURL:        shouldUpdate,
-				CloudUIURL:         shouldUpdate,
-				CloudAuthURL:       shouldUpdate,
+				AccountID:      shouldNotUpdate,
+				ClusterName:    shouldUpdate,
+				CloudReportURL: shouldUpdate,
+				CloudAPIURL:    shouldUpdate,
 			},
 		},
 		{
 			outCo: &ConfigObj{
-				AccountID:          "",
-				Token:              "",
-				CustomerAdminEMail: anyString,
-				ClusterName:        anyString,
-				CloudReportURL:     anyString,
-				CloudAPIURL:        anyString,
-				CloudUIURL:         anyString,
-				CloudAuthURL:       anyString,
+				AccountID:      "",
+				ClusterName:    anyString,
+				CloudReportURL: anyString,
+				CloudAPIURL:    anyString,
 			},
 			inCo: &ConfigObj{
-				AccountID:          shouldUpdate,
-				Token:              shouldUpdate,
-				CustomerAdminEMail: shouldNotUpdate,
-				ClusterName:        shouldNotUpdate,
-				CloudReportURL:     shouldNotUpdate,
-				CloudAPIURL:        shouldNotUpdate,
-				CloudUIURL:         shouldNotUpdate,
-				CloudAuthURL:       shouldNotUpdate,
+				AccountID:      shouldUpdate,
+				ClusterName:    shouldNotUpdate,
+				CloudReportURL: shouldNotUpdate,
+				CloudAPIURL:    shouldNotUpdate,
 			},
 		},
 		{
 			outCo: &ConfigObj{
-				AccountID:          anyString,
-				Token:              anyString,
-				CustomerAdminEMail: "",
-				ClusterName:        anyString,
-				CloudReportURL:     "",
-				CloudAPIURL:        anyString,
-				CloudUIURL:         "",
-				CloudAuthURL:       anyString,
+				AccountID:      anyString,
+				ClusterName:    anyString,
+				CloudReportURL: "",
+				CloudAPIURL:    anyString,
 			},
 			inCo: &ConfigObj{
-				AccountID:          shouldNotUpdate,
-				Token:              shouldNotUpdate,
-				CustomerAdminEMail: shouldUpdate,
-				ClusterName:        shouldNotUpdate,
-				CloudReportURL:     shouldUpdate,
-				CloudAPIURL:        shouldNotUpdate,
-				CloudUIURL:         shouldUpdate,
-				CloudAuthURL:       shouldNotUpdate,
+				AccountID:      shouldNotUpdate,
+				ClusterName:    shouldNotUpdate,
+				CloudReportURL: shouldUpdate,
+				CloudAPIURL:    shouldNotUpdate,
 			},
 		},
 	}
@@ -447,11 +351,7 @@ func TestUpdateEmptyFields(t *testing.T) {
 		tests[i].outCo.updateEmptyFields(tests[i].inCo)
 		checkIsUpdateCorrectly(t, beforeChangesOutCO.AccountID, tests[i].outCo.AccountID)
 		checkIsUpdateCorrectly(t, beforeChangesOutCO.CloudAPIURL, tests[i].outCo.CloudAPIURL)
-		checkIsUpdateCorrectly(t, beforeChangesOutCO.CloudAuthURL, tests[i].outCo.CloudAuthURL)
 		checkIsUpdateCorrectly(t, beforeChangesOutCO.CloudReportURL, tests[i].outCo.CloudReportURL)
-		checkIsUpdateCorrectly(t, beforeChangesOutCO.CloudUIURL, tests[i].outCo.CloudUIURL)
 		checkIsUpdateCorrectly(t, beforeChangesOutCO.ClusterName, tests[i].outCo.ClusterName)
-		checkIsUpdateCorrectly(t, beforeChangesOutCO.CustomerAdminEMail, tests[i].outCo.CustomerAdminEMail)
-		checkIsUpdateCorrectly(t, beforeChangesOutCO.Token, tests[i].outCo.Token)
 	}
 }
--- a/core/cautils/datastructures.go
+++ b/core/cautils/datastructures.go
@@ -27,12 +27,13 @@ type ImageScanData struct {
 type ScanTypes string

 const (
-	TopWorkloadsNumber           = 5
+	TopWorkloadsNumber           = 3
 	ScanTypeCluster    ScanTypes = "cluster"
 	ScanTypeRepo       ScanTypes = "repo"
 	ScanTypeImage      ScanTypes = "image"
 	ScanTypeWorkload   ScanTypes = "workload"
 	ScanTypeFramework  ScanTypes = "framework"
+	ScanTypeControl    ScanTypes = "control"
 )

 type OPASessionObj struct {
@@ -56,6 +57,7 @@ type OPASessionObj struct {
 	Exceptions            []armotypes.PostureExceptionPolicy // list of exceptions to apply on scan results
 	OmitRawResources      bool                               // omit raw resources from output
 	SingleResourceScan    workloadinterface.IWorkload        // single resource scan
+	TopWorkloadsByScore   []reporthandling.IResource
 }

 func NewOPASessionObj(ctx context.Context, frameworks []reporthandling.Framework, k8sResources K8SResources, scanInfo *ScanInfo) *OPASessionObj {
@@ -109,7 +111,7 @@ func (sessionObj *OPASessionObj) SetTopWorkloads() {
 			Source:    &source,
 		}

-		sessionObj.Report.SummaryDetails.TopWorkloadsByScore = append(sessionObj.Report.SummaryDetails.TopWorkloadsByScore, wlObj)
+		sessionObj.TopWorkloadsByScore = append(sessionObj.TopWorkloadsByScore, wlObj)
 		count++
 	}
 }
--- a/core/cautils/datastructuresmethods.go
+++ b/core/cautils/datastructuresmethods.go
@@ -3,9 +3,6 @@ package cautils
 import (
 	"golang.org/x/mod/semver"

-	"github.com/armosec/utils-go/boolutils"
-	cloudsupport "github.com/kubescape/k8s-interface/cloudsupport/v1"
-	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/opa-utils/reporthandling"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
@@ -35,7 +32,7 @@ func (policies *Policies) Set(frameworks []reporthandling.Framework, version str
 					}
 				}

-				if !ruleWithKSOpaDependency(frameworks[i].Controls[j].Rules[r].Attributes) && isRuleKubescapeVersionCompatible(frameworks[i].Controls[j].Rules[r].Attributes, version) && isControlFitToScanScope(frameworks[i].Controls[j], scanningScope) {
+				if isRuleKubescapeVersionCompatible(frameworks[i].Controls[j].Rules[r].Attributes, version) && isControlFitToScanScope(frameworks[i].Controls[j], scanningScope) {
 					compatibleRules = append(compatibleRules, frameworks[i].Controls[j].Rules[r])
 				}
 			}
@@ -57,90 +54,54 @@ func (policies *Policies) Set(frameworks []reporthandling.Framework, version str
 	}
 }

-func ruleWithKSOpaDependency(attributes map[string]interface{}) bool {
-	if attributes == nil {
-		return false
-	}
-	if s, ok := attributes["armoOpa"]; ok { // TODO - make global
-		return boolutils.StringToBool(s.(string))
-	}
-	return false
-}
-
 // Checks that kubescape version is in range of use for this rule
 // In local build (BuildNumber = ""):
 // returns true only if rule doesn't have the "until" attribute
 func isRuleKubescapeVersionCompatible(attributes map[string]interface{}, version string) bool {
 	if from, ok := attributes["useFromKubescapeVersion"]; ok && from != nil {
-		if version != "" {
-			if semver.Compare(version, from.(string)) == -1 {
+		switch sfrom := from.(type) {
+		case string:
+			if version != "" && semver.Compare(version, sfrom) == -1 {
 				return false
 			}
-		}
-	}
-	if until, ok := attributes["useUntilKubescapeVersion"]; ok && until != nil {
-		if version == "" {
+		default:
+			// Handle case where useFromKubescapeVersion is not a string
 			return false
 		}
-		if semver.Compare(version, until.(string)) >= 0 {
+	}
+
+	if until, ok := attributes["useUntilKubescapeVersion"]; ok && until != nil {
+		switch suntil := until.(type) {
+		case string:
+			if version == "" || semver.Compare(version, suntil) >= 0 {
+				return false
+			}
+		default:
+			// Handle case where useUntilKubescapeVersion is not a string
 			return false
 		}
 	}
 	return true
 }

-func getCloudType(scanInfo *ScanInfo) (bool, reporthandling.ScanningScopeType) {
-	if cloudsupport.IsAKS() {
-		return true, reporthandling.ScopeCloudAKS
-	}
-	if cloudsupport.IsEKS(k8sinterface.GetConfig()) {
-		return true, reporthandling.ScopeCloudEKS
-	}
-	if cloudsupport.IsGKE(k8sinterface.GetConfig()) {
-		return true, reporthandling.ScopeCloudGKE
-	}
-	return false, ""
-}
-
-func GetScanningScope(scanInfo *ScanInfo) reporthandling.ScanningScopeType {
-	var result reporthandling.ScanningScopeType
-
-	switch scanInfo.GetScanningContext() {
-	case ContextCluster:
-		isCloud, cloudType := getCloudType(scanInfo)
-		if isCloud {
-			result = cloudType
-		} else {
-			result = reporthandling.ScopeCluster
-		}
-	default:
-		result = reporthandling.ScopeFile
-	}
-
-	return result
-}
-
 func isScanningScopeMatchToControlScope(scanScope reporthandling.ScanningScopeType, controlScope reporthandling.ScanningScopeType) bool {
-	result := false

 	switch controlScope {
 	case reporthandling.ScopeFile:
-		result = (reporthandling.ScopeFile == scanScope)
+		return reporthandling.ScopeFile == scanScope
 	case reporthandling.ScopeCluster:
-		result = (reporthandling.ScopeCluster == scanScope) || (reporthandling.ScopeCloud == scanScope) || (reporthandling.ScopeCloudAKS == scanScope) || (reporthandling.ScopeCloudEKS == scanScope) || (reporthandling.ScopeCloudGKE == scanScope)
+		return reporthandling.ScopeCluster == scanScope || reporthandling.ScopeCloud == scanScope || reporthandling.ScopeCloudAKS == scanScope || reporthandling.ScopeCloudEKS == scanScope || reporthandling.ScopeCloudGKE == scanScope
 	case reporthandling.ScopeCloud:
-		result = (reporthandling.ScopeCloud == scanScope) || (reporthandling.ScopeCloudAKS == scanScope) || (reporthandling.ScopeCloudEKS == scanScope) || (reporthandling.ScopeCloudGKE == scanScope)
+		return reporthandling.ScopeCloud == scanScope || reporthandling.ScopeCloudAKS == scanScope || reporthandling.ScopeCloudEKS == scanScope || reporthandling.ScopeCloudGKE == scanScope
 	case reporthandling.ScopeCloudAKS:
-		result = (reporthandling.ScopeCloudAKS == scanScope)
+		return reporthandling.ScopeCloudAKS == scanScope
 	case reporthandling.ScopeCloudEKS:
-		result = (reporthandling.ScopeCloudEKS == scanScope)
+		return reporthandling.ScopeCloudEKS == scanScope
 	case reporthandling.ScopeCloudGKE:
-		result = (reporthandling.ScopeCloudGKE == scanScope)
+		return reporthandling.ScopeCloudGKE == scanScope
 	default:
-		result = true
+		return true
 	}
-
-	return result
 }

 func isControlFitToScanScope(control reporthandling.Control, scanScopeMatches reporthandling.ScanningScopeType) bool {
--- a/core/cautils/datastructuresmethods_test.go
+++ b/core/cautils/datastructuresmethods_test.go
@@ -4,101 +4,238 @@ import (
 	"fmt"
 	"testing"

+	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/kubescape/opa-utils/reporthandling"
-
 	"github.com/stretchr/testify/assert"
 )

-func TestIsControlFitToScanScope(t *testing.T) {
+func TestIsScanningScopeMatchToControlScope(t *testing.T) {
 	tests := []struct {
-		scanInfo     *ScanInfo
-		Control      reporthandling.Control
-		expected_res bool
+		scanScope    reporthandling.ScanningScopeType
+		controlScope reporthandling.ScanningScopeType
+		expected     bool
 	}{
 		{
-			scanInfo: &ScanInfo{
-				InputPatterns: []string{
-					"./testdata/any_file_for_test.json",
-				},
-			},
-			Control: reporthandling.Control{
-				ScanningScope: &reporthandling.ScanningScope{
-					Matches: []reporthandling.ScanningScopeType{
-						reporthandling.ScopeFile,
-					},
-				},
-			},
-			expected_res: true,
+			scanScope:    reporthandling.ScopeFile,
+			controlScope: reporthandling.ScopeFile,
+			expected:     true,
 		},
 		{
-			scanInfo: &ScanInfo{
-				InputPatterns: []string{
-					"./testdata/any_file_for_test.json",
-				},
-			},
-			Control: reporthandling.Control{
-				ScanningScope: &reporthandling.ScanningScope{
+			scanScope:    ScopeCluster,
+			controlScope: ScopeCluster,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloud,
+			controlScope: reporthandling.ScopeCloud,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudAKS,
+			controlScope: reporthandling.ScopeCloudAKS,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudEKS,
+			controlScope: reporthandling.ScopeCloudEKS,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudGKE,
+			controlScope: reporthandling.ScopeCloudGKE,
+			expected:     true,
+		},
+		{
+			scanScope:    ScopeCluster,
+			controlScope: reporthandling.ScopeCloud,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloud,
+			controlScope: ScopeCluster,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudAKS,
+			controlScope: ScopeCluster,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudEKS,
+			controlScope: ScopeCluster,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudGKE,
+			controlScope: ScopeCluster,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloud,
+			controlScope: reporthandling.ScopeCloudAKS,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudAKS,
+			controlScope: reporthandling.ScopeCloud,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudEKS,
+			controlScope: reporthandling.ScopeCloud,
+			expected:     true,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudGKE,
+			controlScope: reporthandling.ScopeCloud,
+			expected:     true,
+		},
+		{
+			scanScope:    ScopeCluster,
+			controlScope: reporthandling.ScopeCloudAKS,
+			expected:     false,
+		},
+		{
+			scanScope:    ScopeCluster,
+			controlScope: reporthandling.ScopeCloudEKS,
+			expected:     false,
+		},
+		{
+			scanScope:    ScopeCluster,
+			controlScope: reporthandling.ScopeCloudGKE,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeFile,
+			controlScope: ScopeCluster,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeFile,
+			controlScope: reporthandling.ScopeCloud,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeFile,
+			controlScope: reporthandling.ScopeCloudAKS,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeFile,
+			controlScope: reporthandling.ScopeCloudEKS,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeFile,
+			controlScope: reporthandling.ScopeCloudGKE,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloud,
+			controlScope: reporthandling.ScopeCloudEKS,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloud,
+			controlScope: reporthandling.ScopeCloudGKE,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudAKS,
+			controlScope: reporthandling.ScopeCloudEKS,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudAKS,
+			controlScope: reporthandling.ScopeCloudGKE,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudEKS,
+			controlScope: reporthandling.ScopeCloudAKS,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudEKS,
+			controlScope: reporthandling.ScopeCloudGKE,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudGKE,
+			controlScope: reporthandling.ScopeCloudAKS,
+			expected:     false,
+		},
+		{
+			scanScope:    reporthandling.ScopeCloudGKE,
+			controlScope: reporthandling.ScopeCloudEKS,
+			expected:     false,
+		},
+	}

-					Matches: []reporthandling.ScanningScopeType{
-						reporthandling.ScopeCluster,
-						reporthandling.ScopeFile,
-					},
-				},
-			},
-			expected_res: true,
-		},
-		{
-			scanInfo: &ScanInfo{},
-			Control: reporthandling.Control{
-				ScanningScope: &reporthandling.ScanningScope{
-
-					Matches: []reporthandling.ScanningScopeType{
-						reporthandling.ScopeCluster,
-					},
-				},
-			},
-			expected_res: true,
-		},
-		{
-			scanInfo: &ScanInfo{
-				InputPatterns: []string{
-					"./testdata/any_file_for_test.json",
-				},
-			},
-			Control: reporthandling.Control{
-				ScanningScope: &reporthandling.ScanningScope{
-
-					Matches: []reporthandling.ScanningScopeType{
-						reporthandling.ScopeCloudGKE,
-					},
-				},
-			},
-			expected_res: false,
-		},
-		{
-			scanInfo: &ScanInfo{},
-			Control: reporthandling.Control{
-				ScanningScope: &reporthandling.ScanningScope{
-
-					Matches: []reporthandling.ScanningScopeType{
-						reporthandling.ScopeCloudEKS,
-					},
-				},
-			},
-			expected_res: false,
-		},
-		{
-			scanInfo: &ScanInfo{},
-			Control: reporthandling.Control{
-				ScanningScope: &reporthandling.ScanningScope{
-					Matches: []reporthandling.ScanningScopeType{
-						reporthandling.ScopeCloud,
-					},
-				},
-			},
-			expected_res: false,
-		}}
-	for i := range tests {
-		assert.Equal(t, isControlFitToScanScope(tests[i].Control, GetScanningScope(tests[i].scanInfo)), tests[i].expected_res, fmt.Sprintf("tests_true index %d", i))
+	for _, test := range tests {
+		result := isScanningScopeMatchToControlScope(test.scanScope, test.controlScope)
+		assert.Equal(t, test.expected, result, fmt.Sprintf("scanScope: %v, controlScope: %v", test.scanScope, test.controlScope))
+	}
+}
+
+func TestIsFrameworkFitToScanScope(t *testing.T) {
+	tests := []struct {
+		name           string
+		framework      reporthandling.Framework
+		scanScopeMatch reporthandling.ScanningScopeType
+		want           bool
+	}{
+		{
+			name: "Framework with nil ScanningScope should return true",
+			framework: reporthandling.Framework{
+				PortalBase: armotypes.PortalBase{
+					Name: "test-framework",
+				},
+			},
+			scanScopeMatch: reporthandling.ScopeFile,
+			want:           true,
+		},
+		{
+			name: "Framework with empty ScanningScope.Matches should return true",
+			framework: reporthandling.Framework{
+				PortalBase: armotypes.PortalBase{
+					Name: "test-framework",
+				}, ScanningScope: &reporthandling.ScanningScope{},
+			},
+			scanScopeMatch: reporthandling.ScopeFile,
+			want:           true,
+		},
+		{
+			name: "Framework with matching ScanningScope.Matches should return true",
+			framework: reporthandling.Framework{
+				PortalBase: armotypes.PortalBase{
+					Name: "test-framework",
+				}, ScanningScope: &reporthandling.ScanningScope{
+					Matches: []reporthandling.ScanningScopeType{reporthandling.ScopeFile},
+				},
+			},
+			scanScopeMatch: reporthandling.ScopeFile,
+			want:           true,
+		},
+		{
+			name: "Framework with non-matching ScanningScope.Matches should return false",
+			framework: reporthandling.Framework{
+				PortalBase: armotypes.PortalBase{
+					Name: "test-framework",
+				}, ScanningScope: &reporthandling.ScanningScope{
+					Matches: []reporthandling.ScanningScopeType{reporthandling.ScopeCluster},
+				},
+			},
+			scanScopeMatch: reporthandling.ScopeFile,
+			want:           false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := isFrameworkFitToScanScope(tt.framework, tt.scanScopeMatch); got != tt.want {
+				t.Errorf("isFrameworkFitToScanScope() = %v, want %v", got, tt.want)
+			}
+		})
 	}
 }
--- a/core/cautils/display.go
+++ b/core/cautils/display.go
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"strings"
 	"time"

 	spinnerpkg "github.com/briandowns/spinner"
@@ -27,7 +28,7 @@ func FailureTextDisplay(w io.Writer, format string, a ...interface{}) {
 }

 func InfoDisplay(w io.Writer, format string, a ...interface{}) {
-	fmt.Fprintf(w, gchalk.WithCyan().Bold(format), a...)
+	fmt.Fprintf(w, gchalk.WithBrightWhite().Bold(format), a...)
 }

 func InfoTextDisplay(w io.Writer, format string, a ...interface{}) {
@@ -50,6 +51,20 @@ func BoldDisplay(w io.Writer, format string, a ...interface{}) {
 	fmt.Fprintf(w, gchalk.Bold(format), a...)
 }

+func LineDisplay(w io.Writer, format string, a ...interface{}) {
+	fmt.Fprintf(w, gchalk.WithAnsi256(238).Bold(format), a...)
+}
+
+func SectionHeadingDisplay(w io.Writer, format string, a ...interface{}) {
+	fmt.Fprintf(w, "\n"+
+		gchalk.WithBrightWhite().Bold(format)+
+		gchalk.WithAnsi256(238).Bold(fmt.Sprintf("\n%s\n\n", strings.Repeat("─", len(format)))), a...)
+}
+
+func StarDisplay(w io.Writer, format string, a ...interface{}) {
+	fmt.Fprintf(w, gchalk.WithAnsi256(238).Bold("* ")+gchalk.White(format), a...)
+}
+
 var spinner *spinnerpkg.Spinner

 func StartSpinner() {
--- a/core/cautils/display_test.go
+++ b/core/cautils/display_test.go
@@ -1,9 +1,12 @@
 package cautils

 import (
+	"io"
+	"os"
 	"testing"

 	"github.com/kubescape/go-logger"
+	"github.com/stretchr/testify/assert"
 )

 func TestStartSpinner(t *testing.T) {
@@ -30,3 +33,422 @@ func TestStartSpinner(t *testing.T) {
 		})
 	}
 }
+
+func TestFailureDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			FailureDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestWarningDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			WarningDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestFailureTextDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			FailureTextDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestInfoDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			InfoDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestInfoTextDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			InfoTextDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestSimpleDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			SimpleDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestSuccessDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			SuccessDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestDescriptionDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			DescriptionDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestBoldDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			BoldDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestLineDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "Test",
+		},
+		{
+			text: "",
+			want: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			LineDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestSectionHeadingDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test Section",
+			want: "\nTest Section\n────────────\n\n",
+		},
+		{
+			text: "",
+			want: "\n\n\n\n",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			SectionHeadingDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+func TestStarDisplay(t *testing.T) {
+	tests := []struct {
+		text string
+		want string
+	}{
+		{
+			text: "Test",
+			want: "* Test",
+		},
+		{
+			text: "",
+			want: "* ",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.text, func(t *testing.T) {
+			// Redirect stdout to a buffer
+			rescueStdout := os.Stdout
+			r, w, _ := os.Pipe()
+			os.Stdout = w
+
+			StarDisplay(os.Stdout, tt.text)
+
+			w.Close()
+			got, _ := io.ReadAll(r)
+			os.Stdout = rescueStdout
+
+			assert.Equal(t, tt.want, string(got))
+		})
+	}
+}
+
+// Returns a new instance of ProgressHandler with the given title.
+func TestNewProgressHandler_(t *testing.T) {
+	tests := []struct {
+		title string
+	}{
+		{
+			title: "Test title",
+		},
+		{
+			title: "",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.title, func(t *testing.T) {
+			progressHandler := NewProgressHandler(tt.title)
+			assert.NotNil(t, progressHandler)
+
+			assert.Equal(t, tt.title, progressHandler.title)
+		})
+	}
+}
--- a/core/cautils/environments.go
+++ b/core/cautils/environments.go
@@ -1,7 +0,0 @@
-package cautils
-
-// Kubescape Cloud environment vars
-var (
-	CustomerGUID = ""
-	ClusterName  = ""
-)
--- a/core/cautils/fileutils.go
+++ b/core/cautils/fileutils.go
@@ -74,7 +74,7 @@ func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[stri
 // If the contents at given path is a Kustomize Directory, LoadResourcesFromKustomizeDirectory will
 // generate yaml files using "Kustomize" & renders a map of workloads from those yaml files
 func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, string) {
-	isKustomizeDirectory := IsKustomizeDirectory(basePath)
+	isKustomizeDirectory := isKustomizeDirectory(basePath)
 	isKustomizeFile := IsKustomizeFile(basePath)
 	if ok := isKustomizeDirectory || isKustomizeFile; !ok {
 		return nil, ""
@@ -94,7 +94,7 @@ func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (
 	}

 	wls, errs := kustomizeDirectory.GetWorkloads(newBasePath)
-	kustomizeDirectoryName := GetKustomizeDirectoryName(newBasePath)
+	kustomizeDirectoryName := getKustomizeDirectoryName(newBasePath)

 	if len(errs) > 0 {
 		logger.L().Ctx(ctx).Warning(fmt.Sprintf("Rendering yaml from Kustomize failed: %v", errs))
@@ -137,7 +137,7 @@ func loadFiles(rootPath string, filePaths []string) (map[string][]workloadinterf
 			continue // empty file
 		}

-		w, e := ReadFile(f, GetFileFormat(filePaths[i]))
+		w, e := ReadFile(f, getFileFormat(filePaths[i]))
 		if e != nil {
 			logger.L().Debug("failed to read file", helpers.String("file", filePaths[i]), helpers.Error(e))
 		}
@@ -196,14 +196,14 @@ func listFilesOrDirectories(pattern string, onlyDirectories bool) ([]string, []e
 		pattern = filepath.Join(o, pattern)
 	}

-	if !onlyDirectories && IsFile(pattern) {
+	if !onlyDirectories && isFile(pattern) {
 		paths = append(paths, pattern)
 		return paths, errs
 	}

 	root, shouldMatch := filepath.Split(pattern)

-	if IsDir(pattern) {
+	if isDir(pattern) {
 		root = pattern
 		shouldMatch = "*"
 	}
@@ -324,7 +324,7 @@ func glob(root, pattern string, onlyDirectories bool) ([]string, error) {
 		if info.IsDir() {
 			return nil
 		}
-		fileFormat := GetFileFormat(path)
+		fileFormat := getFileFormat(path)
 		if !(fileFormat == JSON_FILE_FORMAT || fileFormat == YAML_FILE_FORMAT) {
 			return nil
 		}
@@ -342,8 +342,8 @@ func glob(root, pattern string, onlyDirectories bool) ([]string, error) {
 	return matches, nil
 }

-// IsFile checks if a given path is a file
-func IsFile(name string) bool {
+// isFile checks if a given path is a file
+func isFile(name string) bool {
 	if fi, err := os.Stat(name); err == nil {
 		if fi.Mode().IsRegular() {
 			return true
@@ -352,8 +352,8 @@ func IsFile(name string) bool {
 	return false
 }

-// IsDir checks if a given path is a directory
-func IsDir(name string) bool {
+// isDir checks if a given path is a directory
+func isDir(name string) bool {
 	if info, err := os.Stat(name); err == nil {
 		if info.IsDir() {
 			return true
@@ -362,7 +362,7 @@ func IsDir(name string) bool {
 	return false
 }

-func GetFileFormat(filePath string) FileFormat {
+func getFileFormat(filePath string) FileFormat {
 	if IsYaml(filePath) {
 		return YAML_FILE_FORMAT
 	} else if IsJson(filePath) {
--- a/core/cautils/fileutils_test.go
+++ b/core/cautils/fileutils_test.go
@@ -27,7 +27,7 @@ func TestListFiles(t *testing.T) {

 	files, errs := listFiles(filesPath)
 	assert.Equal(t, 0, len(errs))
-	assert.Equal(t, 12, len(files))
+	assert.Equal(t, 13, len(files))
 }

 func TestLoadResourcesFromFiles(t *testing.T) {
@@ -105,3 +105,110 @@ func getRelativePath(p string) string {
 	pp := strings.SplitAfter(p, "api=")
 	return pp[1]
 }
+
+// Converts a YAML object to a JSON object
+func TestConvertYamlToJson(t *testing.T) {
+	tests := []struct {
+		yamlObj map[interface{}]interface{}
+		jsonObj map[string]interface{}
+	}{
+		{
+			yamlObj: map[interface{}]interface{}{
+				"name": "John",
+				"age":  30,
+				"city": "New York",
+			},
+			jsonObj: map[string]interface{}{
+				"name": "John",
+				"age":  30,
+				"city": "New York",
+			},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run("", func(t *testing.T) {
+			assert.Equal(t, tt.jsonObj, convertYamlToJson(tt.yamlObj))
+		})
+	}
+}
+
+func TestIsYaml(t *testing.T) {
+	tests := []struct {
+		path string
+		want bool
+	}{
+		{
+			path: "temp.yaml",
+			want: true,
+		},
+		{
+			path: "temp.json",
+			want: false,
+		},
+		{
+			path: "random.txt",
+			want: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.path, func(t *testing.T) {
+			assert.Equal(t, tt.want, IsYaml(tt.path))
+		})
+	}
+}
+
+func TestIsJson(t *testing.T) {
+	tests := []struct {
+		path string
+		want bool
+	}{
+		{
+			path: "temp.yaml",
+			want: false,
+		},
+		{
+			path: "temp.json",
+			want: true,
+		},
+		{
+			path: "random.txt",
+			want: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.path, func(t *testing.T) {
+			assert.Equal(t, tt.want, IsJson(tt.path))
+		})
+	}
+
+}
+
+func TestGetFileFormat(t *testing.T) {
+	tests := []struct {
+		path string
+		want FileFormat
+	}{
+		{
+			path: "temp.yaml",
+			want: YAML_FILE_FORMAT,
+		},
+		{
+			path: "temp.json",
+			want: JSON_FILE_FORMAT,
+		},
+		{
+			path: "random.txt",
+			want: "random.txt",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.path, func(t *testing.T) {
+			assert.Equal(t, tt.want, getFileFormat(tt.path))
+		})
+	}
+
+}
--- a/core/cautils/getter/datastructures.go
+++ b/core/cautils/getter/datastructures.go
@@ -1,61 +1,4 @@
 package getter

-import (
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/kubescape/opa-utils/reporthandling"
-	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
-	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
-)
-
 // NativeFrameworks identifies all pre-built, native frameworks.
 var NativeFrameworks = []string{"allcontrols", "nsa", "mitre"}
-
-type (
-	// TenantResponse holds the credentials for a tenant.
-	TenantResponse struct {
-		TenantID  string `json:"tenantId"`
-		Token     string `json:"token"`
-		Expires   string `json:"expires"`
-		AdminMail string `json:"adminMail,omitempty"`
-	}
-
-	// AttackTrack is an alias to the API type definition for attack tracks.
-	AttackTrack = v1alpha1.AttackTrack
-
-	// Framework is an alias to the API type definition for a framework.
-	Framework = reporthandling.Framework
-
-	// Control is an alias to the API type definition for a control.
-	Control = reporthandling.Control
-
-	// PostureExceptionPolicy is an alias to the API type definition for posture exception policy.
-	PostureExceptionPolicy = armotypes.PostureExceptionPolicy
-
-	// CustomerConfig is an alias to the API type definition for a customer configuration.
-	CustomerConfig = armotypes.CustomerConfig
-
-	// PostureReport is an alias to the API type definition for a posture report.
-	PostureReport = reporthandlingv2.PostureReport
-)
-
-type (
-	// internal data descriptors
-
-	// feLoginData describes the input to a login challenge.
-	feLoginData struct {
-		Secret   string `json:"secret"`
-		ClientId string `json:"clientId"`
-	}
-
-	// feLoginResponse describes the response to a login challenge.
-	feLoginResponse struct {
-		Token        string `json:"accessToken"`
-		RefreshToken string `json:"refreshToken"`
-		Expires      string `json:"expires"`
-		ExpiresIn    int32  `json:"expiresIn"`
-	}
-
-	ksCloudSelectCustomer struct {
-		SelectedCustomerGuid string `json:"selectedCustomer"`
-	}
-)
--- a/core/cautils/getter/downloadreleasedpolicy.go
+++ b/core/cautils/getter/downloadreleasedpolicy.go
@@ -5,6 +5,7 @@ import (
 	"strings"

 	"github.com/armosec/armoapi-go/armotypes"
+
 	"github.com/kubescape/opa-utils/reporthandling"
 	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"

--- a/core/cautils/getter/downloadreleasedpolicy_test.go
+++ b/core/cautils/getter/downloadreleasedpolicy_test.go
@@ -9,11 +9,19 @@ import (
 	"strings"
 	"testing"

-	"github.com/kubescape/kubescape/v2/internal/testutils"
 	jsoniter "github.com/json-iterator/go"
+	"github.com/kubescape/kubescape/v3/internal/testutils"
 	"github.com/stretchr/testify/require"
 )

+func min(a, b int64) int64 {
+	if a < b {
+		return a
+	}
+
+	return b
+}
+
 func TestReleasedPolicy(t *testing.T) {
 	t.Parallel()

--- a/core/cautils/getter/gcpcloudapi.go
+++ b/core/cautils/getter/gcpcloudapi.go
@@ -1,42 +0,0 @@
-package getter
-
-import (
-	"context"
-	"os"
-
-	containeranalysis "cloud.google.com/go/containeranalysis/apiv1"
-)
-
-type GCPCloudAPI struct {
-	credentialsPath  string
-	context          context.Context
-	client           *containeranalysis.Client
-	projectID        string
-	credentialsCheck bool
-}
-
-func GetGlobalGCPCloudAPIConnector() *GCPCloudAPI {
-
-	if os.Getenv("KS_GCP_CREDENTIALS_PATH") == "" || os.Getenv("KS_GCP_PROJECT_ID") == "" {
-		return &GCPCloudAPI{
-			credentialsCheck: false,
-		}
-	} else {
-		return &GCPCloudAPI{
-			context:          context.Background(),
-			credentialsPath:  os.Getenv("KS_GCP_CREDENTIALS_PATH"),
-			projectID:        os.Getenv("KS_GCP_PROJECT_ID"),
-			credentialsCheck: true,
-		}
-	}
-}
-
-func (api *GCPCloudAPI) SetClient(client *containeranalysis.Client) {
-	api.client = client
-}
-
-func (api *GCPCloudAPI) GetCredentialsPath() string           { return api.credentialsPath }
-func (api *GCPCloudAPI) GetClient() *containeranalysis.Client { return api.client }
-func (api *GCPCloudAPI) GetProjectID() string                 { return api.projectID }
-func (api *GCPCloudAPI) GetCredentialsCheck() bool            { return api.credentialsCheck }
-func (api *GCPCloudAPI) GetContext() context.Context          { return api.context }
--- a/core/cautils/getter/getpoliciesutils.go
+++ b/core/cautils/getter/getpoliciesutils.go
@@ -1,7 +1,6 @@
 package getter

 import (
-	"bytes"
 	"fmt"
 	"io"
 	"net/http"
@@ -86,26 +85,6 @@ func HttpGetter(httpClient *http.Client, fullURL string, headers map[string]stri
 	return respStr, nil
 }

-// HttpPost provides a low-level capability to send a HTTP POST request and serialize the response as a string.
-//
-// Deprecated: use methods of the KSCloudAPI client instead.
-func HttpPost(httpClient *http.Client, fullURL string, headers map[string]string, body []byte) (string, error) {
-	req, err := http.NewRequest("POST", fullURL, bytes.NewReader(body))
-	if err != nil {
-		return "", err
-	}
-	setHeaders(req, headers)
-	resp, err := httpClient.Do(req)
-	if err != nil {
-		return "", err
-	}
-	respStr, err := httpRespToString(resp)
-	if err != nil {
-		return "", err
-	}
-	return respStr, nil
-}
-
 func setHeaders(req *http.Request, headers map[string]string) {
 	if len(headers) >= 0 { // might be nil
 		for k, v := range headers {
--- a/core/cautils/getter/getpoliciesutils_test.go
+++ b/core/cautils/getter/getpoliciesutils_test.go
@@ -1,11 +1,15 @@
 package getter

 import (
+	"io/ioutil"
 	"net/http"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"

+	beClient "github.com/kubescape/backend/pkg/client/v1"
+	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 )

@@ -72,7 +76,7 @@ func TestHttpMethods(t *testing.T) {
 	client := http.DefaultClient
 	hdrs := map[string]string{"key": "value"}

-	srv := mockAPIServer(t)
+	srv := beClient.MockAPIServer(t)
 	t.Cleanup(srv.Close)

 	t.Run("HttpGetter should GET", func(t *testing.T) {
@@ -81,17 +85,51 @@ func TestHttpMethods(t *testing.T) {
 		require.EqualValues(t, "body-get", resp)
 	})

-	t.Run("HttpPost should POST", func(t *testing.T) {
-		body := []byte("body-post")
-
-		resp, err := HttpPost(client, srv.URL(pathTestPost), hdrs, body)
-		require.NoError(t, err)
-		require.EqualValues(t, string(body), resp)
-	})
-
 	t.Run("HttpDelete should DELETE", func(t *testing.T) {
 		resp, err := HttpDelete(client, srv.URL(pathTestDelete), hdrs)
 		require.NoError(t, err)
 		require.EqualValues(t, "body-delete", resp)
 	})
 }
+
+// Returns an empty string and nil error when given a nil response or nil response body.
+func TestHttpRespToString_NilResponse(t *testing.T) {
+	resp := &http.Response{}
+	result, err := httpRespToString(resp)
+	assert.Equal(t, "", result)
+	assert.Nil(t, err)
+}
+
+func TestHttpRespToString_ValidResponse(t *testing.T) {
+	resp := &http.Response{
+		Body:       ioutil.NopCloser(strings.NewReader("test response")),
+		Status:     "200 OK",
+		StatusCode: 200,
+	}
+	result, err := httpRespToString(resp)
+	assert.Equal(t, "test response", result)
+	assert.Nil(t, err)
+}
+
+// Returns an error with status and reason when unable to read response body.
+func TestHttpRespToString_ReadError(t *testing.T) {
+	resp := &http.Response{
+		Body: ioutil.NopCloser(strings.NewReader("test response")),
+	}
+	resp.Body.Close()
+	result, err := httpRespToString(resp)
+	assert.EqualError(t, err, "http-error: '', reason: 'test response'")
+	assert.Equal(t, "test response", result)
+}
+
+// Returns an error with status and reason when unable to read response body.
+func TestHttpRespToString_ErrorCodeLessThan200(t *testing.T) {
+	resp := &http.Response{
+		Body:       ioutil.NopCloser(strings.NewReader("test response")),
+		StatusCode: 100,
+	}
+	resp.Body.Close()
+	result, err := httpRespToString(resp)
+	assert.EqualError(t, err, "http-error: '', reason: 'test response'")
+	assert.Equal(t, "test response", result)
+}
--- a/core/cautils/getter/interfaces.go
+++ b/core/cautils/getter/interfaces.go
@@ -31,25 +31,4 @@ type (
 	IAttackTracksGetter interface {
 		GetAttackTracks() ([]v1alpha1.AttackTrack, error)
 	}
-
-	// IBackend knows how to configure a KS Cloud client
-	IBackend interface {
-		GetAccountID() string
-		GetClientID() string
-		GetSecretKey() string
-		GetCloudReportURL() string
-		GetCloudAPIURL() string
-		GetCloudUIURL() string
-		GetCloudAuthURL() string
-
-		SetAccountID(accountID string)
-		SetClientID(clientID string)
-		SetSecretKey(secretKey string)
-		SetCloudReportURL(cloudReportURL string)
-		SetCloudAPIURL(cloudAPIURL string)
-		SetCloudUIURL(cloudUIURL string)
-		SetCloudAuthURL(cloudAuthURL string)
-
-		GetTenant() (*TenantResponse, error)
-	}
 )
--- a/core/cautils/getter/json.go
+++ b/core/cautils/getter/json.go
@@ -1,9 +1,6 @@
 package getter

 import (
-	"io"
-	"strings"
-
 	jsoniter "github.com/json-iterator/go"
 )

@@ -14,25 +11,3 @@ func init() {
 	// For finer-grained config, see: https://pkg.go.dev/github.com/json-iterator/go#section-readme
 	json = jsoniter.ConfigFastest
 }
-
-// JSONDecoder provides a low-level utility that returns a JSON decoder for given string.
-//
-// Deprecated: use higher level methods from the KSCloudAPI client instead.
-func JSONDecoder(origin string) *jsoniter.Decoder {
-	dec := jsoniter.NewDecoder(strings.NewReader(origin))
-	dec.UseNumber()
-
-	return dec
-}
-
-func decode[T any](rdr io.Reader) (T, error) {
-	var receiver T
-	dec := newDecoder(rdr)
-	err := dec.Decode(&receiver)
-
-	return receiver, err
-}
-
-func newDecoder(rdr io.Reader) *jsoniter.Decoder {
-	return json.NewDecoder(rdr)
-}
--- a/Show More
+++ b/Show More