Update README.md

Update output format

.github/workflows/build.yaml

@@ -50,4 +50,4 @@ jobs:
         upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps 
         asset_path: build/kubescape
         asset_name: kubescape
-        asset_content_type: application/octet-stream
+        asset_content_type: application/octet-stream

README.md

@@ -9,14 +9,20 @@ Tests are configured with YAML files, making this tool easy to update as test sp
 ## Installation
 To install the tool locally, run this:
 
-`curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash`
+```
+curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
+```
 
 <img src="docs/install.jpeg">
 
 ## Run
 To get a fast check of the security posture of your Kubernetes cluster, run this:
 
-`kubescape scan framework nsa`
+```
+kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
+```
+
+If you wish to scan all namespaces in your cluster, remove the `--exclude-namespaces` flag.
 
 <img src="docs/run.jpeg">
 
@@ -42,6 +48,7 @@ Kubescape is running the following tests according to what is defined by [Kubern
 * Resource policies
 * Control plane hardening 
 * Exposed dashboard
+* Allow privilege escalation
 
 
 ## Technology

cautils/display.go

@@ -16,6 +16,7 @@ var InfoDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
 var InfoTextDisplay = color.New(color.Faint, color.FgHiYellow).FprintfFunc()
 var SimpleDisplay = color.New(color.Bold, color.FgHiWhite).FprintfFunc()
 var SuccessDisplay = color.New(color.Bold, color.FgHiGreen).FprintfFunc()
+var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()
 
 var Spinner *spinner.Spinner
 

install.sh

@@ -6,7 +6,9 @@ echo
  
 BASE_DIR=~/.kubescape
 KUBESCAPE_EXEC=kubescape
-RELEASE=v0.0.27
+
+RELEASE=v0.0.31
+
 DOWNLOAD_URL="https://github.com/armosec/kubescape/releases/download/$RELEASE/kubescape"
 
 mkdir -p $BASE_DIR 

policyhandler/k8sresources.go

@@ -60,7 +60,7 @@ func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVer
 
 	// set labels
 	listOptions := metav1.ListOptions{}
-	if excludedNamespaces != "" {
+	if excludedNamespaces != "" && k8sinterface.IsNamespaceScope(resource.Group, resource.Resource) {
 		excludedNamespacesSlice := strings.Split(excludedNamespaces, ",")
 		for _, excludedNamespace := range excludedNamespacesSlice {
 			listOptions.FieldSelector += "metadata.namespace!=" + excludedNamespace + ","
@@ -73,7 +73,6 @@ func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVer
 
 	// set dynamic object
 	var clientResource dynamic.ResourceInterface
-
 	if namespace != "" && k8sinterface.IsNamespaceScope(resource.Group, resource.Resource) {
 		clientResource = policyHandler.k8s.DynamicClient.Resource(*resource).Namespace(namespace)
 	} else {

printer/printresults.go

@@ -13,7 +13,7 @@ import (
 	"github.com/olekukonko/tablewriter"
 )
 
-var INDENT = "    "
+var INDENT = "   "
 
 type Printer struct {
 	opaSessionObj *chan *cautils.OPASessionObj
@@ -83,7 +83,7 @@ func (print *Printer) printSummery(controlName string, controlSummery *ControlSu
 	cautils.SimpleDisplay(os.Stdout, "Summary - ")
 	cautils.SuccessDisplay(os.Stdout, "Passed:%v   ", controlSummery.TotalResources-controlSummery.TotalFailed)
 	cautils.FailureDisplay(os.Stdout, "Failed:%v   ", controlSummery.TotalFailed)
-	cautils.InfoDisplay(os.Stdout, "Total:%v\n", controlSummery.TotalResources)
+	cautils.InfoDisplay(os.Stdout, "Total:%v\n\n", controlSummery.TotalResources)
 }
 
 func (printer *Printer) printTitle(controlName string, controlSummery *ControlSummery) {
@@ -96,7 +96,7 @@ func (printer *Printer) printTitle(controlName string, controlSummery *ControlSu
 		cautils.FailureDisplay(os.Stdout, "failed %v\n", emoji.SadButRelievedFace)
 	}
 
-	cautils.SimpleDisplay(os.Stdout, "Description: %s\n", controlSummery.Description)
+	cautils.DescriptionDisplay(os.Stdout, "Description: %s\n", controlSummery.Description)
 
 }
 func (printer *Printer) printResult(controlName string, controlSummery *ControlSummery) {
@@ -104,8 +104,9 @@ func (printer *Printer) printResult(controlName string, controlSummery *ControlS
 	indent := INDENT
 	for ns, rsc := range controlSummery.WorkloadSummery {
 		preIndent := indent
-		indent += indent
-		cautils.SimpleDisplay(os.Stdout, "%sNamespace %s\n", indent, ns)
+		if ns != "" {
+			cautils.SimpleDisplay(os.Stdout, "%sNamespace %s\n", indent, ns)
+		}
 		preIndent2 := indent
 		for r := range rsc {
 			indent += indent