update naming convention

Merge remote-tracking branch 'upstream/dev'
Merge pull request #199 from Daniel-GrunbergerCA/master
2026-02-19 20:39:56 +00:00 · 2021-10-28 10:05:30 +03:00 · 2021-10-28 09:40:26 +03:00 · 2021-10-28 09:35:07 +03:00 · 2021-10-28 09:15:22 +03:00 · 2021-10-28 09:10:37 +03:00
66 changed files with 1909 additions and 775 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -29,7 +29,6 @@ jobs:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
      - uses: actions/checkout@v1
-
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
@@ -62,7 +61,7 @@ jobs:
  build-docker:
    name: Build docker container, tag and upload to registry
    needs: build
-    if: ${{ github.workflow == 'armosec/kubescape' }}
+    if: ${{ github.repository == 'armosec/kubescape' }}
    runs-on: ubuntu-latest

    steps:
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -40,7 +40,7 @@ jobs:
  build-docker:
    name: Build docker container, tag and upload to registry
    needs: build
-    if: ${{ github.workflow == 'armosec/kubescape' }}
+    if: ${{ github.repository == 'armosec/kubescape' }}
    runs-on: ubuntu-latest

    steps:
--- a/.gitignore
+++ b/.gitignore
@@ -1,4 +1,5 @@
 *.vs*
 *kubescape*
 *debug*
+*vender*
 .idea
--- a/README.md
+++ b/README.md
@@ -3,9 +3,12 @@
 [![build](https://github.com/armosec/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/armosec/kubescape/actions/workflows/build.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/armosec/kubescape)](https://goreportcard.com/report/github.com/armosec/kubescape)

-Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in [Kubernetes Hardening Guidance by NSA and CISA](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
+Kubescape is the first open-source tool for testing if Kubernetes is deployed securely according to multiple frameworks:
+regulatory, customized company policies and DevSecOps best practices, such as the  [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo) and the [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) .  
+Kubescape scans K8s clusters, YAML files, and HELM charts, and detect misconfigurations and software vulnerabilities at early stages of the CI/CD pipeline and provides a risk score instantly and risk trends over time.
+Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI and Github workflows.

-Use Kubescape to test clusters or scan single YAML files and integrate it to your processes.
+</br>

 <img src="docs/demo.gif">

@@ -21,11 +24,9 @@ curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh |

 ## Run:
 ```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
+kubescape scan framework nsa
 ```

-If you wish to scan all namespaces in your cluster, remove the `--exclude-namespaces` flag.
-
 <img src="docs/summary.png">

 ### Click [👍](https://github.com/armosec/kubescape/stargazers) if you want us to continue to develop and improve Kubescape 😀
@@ -86,15 +87,21 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser

 ### Examples

-* Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework and submit results to [Armo portal](https://portal.armo.cloud/)
+* Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --submit
+kubescape scan framework nsa --submit
 ```


-* Scan a running Kubernetes cluster with [`mitre`](https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/) framework and submit results to [Armo portal](https://portal.armo.cloud/)
+* Scan a running Kubernetes cluster with [`MITRE ATT&CK®`](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) framework and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan framework mitre --exclude-namespaces kube-system,kube-public --submit
+kubescape scan framework mitre --submit
+```
+
+
+* Scan a running Kubernetes cluster with a specific control using the control name or control ID. [List of controls](https://hub.armo.cloud/docs/controls) 
+```
+kubescape scan control "Privileged container"
 ```

 * Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI)
@@ -103,9 +110,9 @@ kubescape scan framework nsa *.yaml
 ```


-* Scan `yaml`/`json` files from url
+* Scan kubernetes manifest files from a public github repository 
 ```
-kubescape scan framework nsa https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
+kubescape scan framework nsa https://github.com/armosec/kubescape
 ```

 * Output in `json` format
@@ -118,11 +125,15 @@ kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --form
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format junit --output results.xml
 ```

-* Scan with exceptions, objects with exceptions will be presented as `warning` and not `fail`  <img src="docs/new-feature.svg">
+* Scan with exceptions, objects with exceptions will be presented as `exclude` and not `fail`
 ```
 kubescape scan framework nsa --exceptions examples/exceptions.json
 ```

+### Repeatedly Kubescape Scanning using a CronJob
+
+For setting up a cronJob please follow the [instructions](examples/cronJob-support/README.md) 
+
 ### Helm Support

 * Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout
@@ -187,12 +198,18 @@ go build -o kubescape .

 3. Run
 ```
-./kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
+./kubescape scan framework nsa
 ```

 4. Enjoy :zany_face:

-## How to build in Docker
+## Docker Support
+
+### Official Docker image
+```
+quay.io/armosec/kubescape
+```
+### Build your own Docker image

 1. Clone Project
 ```
--- a/build.py
+++ b/build.py
@@ -41,7 +41,7 @@ def main():

    # Set some variables
    packageName = getPackageName()
-    buildUrl = "github.com/armosec/kubescape/cmd.BuildNumber"
+    buildUrl = "github.com/armosec/kubescape/clihandler/cmd.BuildNumber"
    releaseVersion = os.getenv("RELEASE")
    ArmoBEServer = os.getenv("ArmoBEServer")
    ArmoERServer = os.getenv("ArmoERServer")
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -24,4 +24,4 @@ COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape
 # # Download the frameworks. Use the "--use-default" flag when running kubescape
 # RUN kubescape download framework nsa && kubescape download framework mitre

-CMD ["kubescape"]
+ENTRYPOINT ["kubescape"]
--- a/cautils/customerloader.go
+++ b/cautils/customerloader.go
@@ -30,6 +30,7 @@ type ConfigObj struct {
 	CustomerGUID       string `json:"customerGUID"`
 	Token              string `json:"invitationParam"`
 	CustomerAdminEMail string `json:"adminMail"`
+	ClusterName        string `json:"clusterName"`
 }

 func (co *ConfigObj) Json() []byte {
@@ -39,14 +40,30 @@ func (co *ConfigObj) Json() []byte {
 	return []byte{}
 }

+// Config - convert ConfigObj to config file
+func (co *ConfigObj) Config() []byte {
+	clusterName := co.ClusterName
+	co.ClusterName = "" // remove cluster name before saving to file
+	b, err := json.Marshal(co)
+	co.ClusterName = clusterName
+
+	if err == nil {
+		return b
+	}
+
+	return []byte{}
+}
+
 // ======================================================================================
 // =============================== interface ============================================
 // ======================================================================================
 type IClusterConfig interface {
-	// setters
-	SetCustomerGUID(customerGUID string) error
+
+	// set
+	SetConfig(customerGUID string) error

 	// getters
+	GetClusterName() string
 	GetCustomerGUID() string
 	GetConfigObj() *ConfigObj
 	GetK8sAPI() *k8sinterface.KubernetesApi
@@ -92,8 +109,10 @@ func ClusterConfigSetup(scanInfo *ScanInfo, k8s *k8sinterface.KubernetesApi, beA
 		return NewEmptyConfig() // local - Delete local config & Do not send report
 	}
 	if scanInfo.Local {
+		scanInfo.Submit = false
 		return NewEmptyConfig() // local - Do not send report
 	}
+	scanInfo.Submit = true
 	return clusterConfig // submit/default -  Submit report
 }

@@ -103,16 +122,17 @@ func ClusterConfigSetup(scanInfo *ScanInfo, k8s *k8sinterface.KubernetesApi, beA
 type EmptyConfig struct {
 }

-func NewEmptyConfig() *EmptyConfig                               { return &EmptyConfig{} }
-func (c *EmptyConfig) GetConfigObj() *ConfigObj                  { return &ConfigObj{} }
-func (c *EmptyConfig) SetCustomerGUID(customerGUID string) error { return nil }
-func (c *EmptyConfig) GetCustomerGUID() string                   { return "" }
-func (c *EmptyConfig) GetK8sAPI() *k8sinterface.KubernetesApi    { return nil } // TODO: return mock obj
-func (c *EmptyConfig) GetDefaultNS() string                      { return k8sinterface.GetDefaultNamespace() }
-func (c *EmptyConfig) GetBackendAPI() getter.IBackend            { return nil } // TODO: return mock obj
+func NewEmptyConfig() *EmptyConfig                            { return &EmptyConfig{} }
+func (c *EmptyConfig) SetConfig(customerGUID string) error    { return nil }
+func (c *EmptyConfig) GetConfigObj() *ConfigObj               { return &ConfigObj{} }
+func (c *EmptyConfig) GetCustomerGUID() string                { return "" }
+func (c *EmptyConfig) GetK8sAPI() *k8sinterface.KubernetesApi { return nil } // TODO: return mock obj
+func (c *EmptyConfig) GetDefaultNS() string                   { return k8sinterface.GetDefaultNamespace() }
+func (c *EmptyConfig) GetBackendAPI() getter.IBackend         { return nil } // TODO: return mock obj
+func (c *EmptyConfig) GetClusterName() string                 { return adoptClusterName(k8sinterface.GetClusterName()) }
 func (c *EmptyConfig) GenerateURL() {
-	message := fmt.Sprintf("You can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more by registering here: https://%s", getter.GetArmoAPIConnector().GetFrontendURL())
-	InfoTextDisplay(os.Stdout, message+"\n")
+	message := fmt.Sprintf("\nCheckout for more cool features: https://%s\n", getter.GetArmoAPIConnector().GetFrontendURL())
+	InfoTextDisplay(os.Stdout, fmt.Sprintf("\n%s\n", message))
 }

 // ======================================================================================
@@ -140,6 +160,7 @@ func (c *ClusterConfig) GetDefaultNS() string                   { return c.defau
 func (c *ClusterConfig) GetBackendAPI() getter.IBackend         { return c.backendAPI }

 func (c *ClusterConfig) GenerateURL() {
+	message := "Checkout for more cool features: "

 	u := url.URL{}
 	u.Scheme = "https"
@@ -147,9 +168,8 @@ func (c *ClusterConfig) GenerateURL() {
 	if c.configObj == nil {
 		return
 	}
-	message := fmt.Sprintf("You can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more by registering here: %s", u.String())
 	if c.configObj.CustomerAdminEMail != "" {
-		InfoTextDisplay(os.Stdout, message+"\n")
+		InfoTextDisplay(os.Stdout, "\n\n"+message+u.String()+"\n\n")
 		return
 	}
 	u.Path = "account/sign-up"
@@ -158,8 +178,7 @@ func (c *ClusterConfig) GenerateURL() {
 	q.Add("customerGUID", c.configObj.CustomerGUID)

 	u.RawQuery = q.Encode()
-	InfoTextDisplay(os.Stdout, message+"\n")
-
+	InfoTextDisplay(os.Stdout, "\n\n"+message+u.String()+"\n\n")
 }

 func (c *ClusterConfig) GetCustomerGUID() string {
@@ -169,10 +188,19 @@ func (c *ClusterConfig) GetCustomerGUID() string {
 	return ""
 }

-func (c *ClusterConfig) SetCustomerGUID(customerGUID string) error {
+func (c *ClusterConfig) SetConfig(customerGUID string) error {
+	if c.configObj == nil {
+		c.configObj = &ConfigObj{}
+	}

+	// cluster name
+	if c.GetClusterName() == "" {
+		c.setClusterName(k8sinterface.GetClusterName())
+	}
+
+	// ARMO customer GUID
 	if customerGUID != "" && c.GetCustomerGUID() != customerGUID {
-		c.configObj.CustomerGUID = customerGUID // override config customerGUID
+		c.setCustomerGUID(customerGUID) // override config customerGUID
 	}

 	customerGUID = c.GetCustomerGUID()
@@ -181,10 +209,10 @@ func (c *ClusterConfig) SetCustomerGUID(customerGUID string) error {
 	tenantResponse, err := c.backendAPI.GetCustomerGUID(customerGUID)
 	if err == nil && tenantResponse != nil {
 		if tenantResponse.AdminMail != "" { // this customer already belongs to some user
-			c.configObj.CustomerAdminEMail = tenantResponse.AdminMail
+			c.setCustomerAdminEMail(tenantResponse.AdminMail)
 		} else {
-			c.configObj.Token = tenantResponse.Token
-			c.configObj.CustomerGUID = tenantResponse.TenantID
+			c.setToken(tenantResponse.Token)
+			c.setCustomerGUID(tenantResponse.TenantID)
 		}
 	} else {
 		if err != nil && !strings.Contains(err.Error(), "already exists") {
@@ -198,15 +226,28 @@ func (c *ClusterConfig) SetCustomerGUID(customerGUID string) error {
 	} else {
 		c.createConfigMap()
 	}
-	if existsConfigFile() {
-		c.updateConfigFile()
-	} else {
-		c.createConfigFile()
-	}
+	c.updateConfigFile()

 	return nil
 }

+func (c *ClusterConfig) setToken(token string) {
+	c.configObj.Token = token
+}
+
+func (c *ClusterConfig) setCustomerAdminEMail(customerAdminEMail string) {
+	c.configObj.CustomerAdminEMail = customerAdminEMail
+}
+func (c *ClusterConfig) setCustomerGUID(customerGUID string) {
+	c.configObj.CustomerGUID = customerGUID
+}
+
+func (c *ClusterConfig) setClusterName(clusterName string) {
+	c.configObj.ClusterName = adoptClusterName(clusterName)
+}
+func (c *ClusterConfig) GetClusterName() string {
+	return c.configObj.ClusterName
+}
 func (c *ClusterConfig) LoadConfig() {
 	// get from configMap
 	if c.existsConfigMap() {
@@ -220,8 +261,9 @@ func (c *ClusterConfig) LoadConfig() {

 func (c *ClusterConfig) ToMapString() map[string]interface{} {
 	m := map[string]interface{}{}
-	bc, _ := json.Marshal(c.configObj)
-	json.Unmarshal(bc, &m)
+	if bc, err := json.Marshal(c.configObj); err == nil {
+		json.Unmarshal(bc, &m)
+	}
 	return m
 }
 func (c *ClusterConfig) loadConfigFromConfigMap() (*ConfigObj, error) {
@@ -360,14 +402,7 @@ func (c *ClusterConfig) updateConfigMap() error {
 }

 func (c *ClusterConfig) updateConfigFile() error {
-	if err := os.WriteFile(ConfigFileFullPath(), c.configObj.Json(), 0664); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (c *ClusterConfig) createConfigFile() error {
-	if err := os.WriteFile(ConfigFileFullPath(), c.configObj.Json(), 0664); err != nil {
+	if err := os.WriteFile(ConfigFileFullPath(), c.configObj.Config(), 0664); err != nil {
 		return err
 	}
 	return nil
@@ -437,3 +472,7 @@ func DeleteConfigMap(k8s *k8sinterface.KubernetesApi) error {
 func DeleteConfigFile() error {
 	return os.Remove(ConfigFileFullPath())
 }
+
+func adoptClusterName(clusterName string) string {
+	return strings.ReplaceAll(clusterName, "/", "-")
+}
--- a/cautils/downloadinfo.go
+++ b/cautils/downloadinfo.go
@@ -3,4 +3,5 @@ package cautils
 type DownloadInfo struct {
 	Path          string
 	FrameworkName string
+	ControlName   string
 }
--- a/cautils/getter/downloadreleasedpolicy.go
+++ b/cautils/getter/downloadreleasedpolicy.go
@@ -1,12 +1,9 @@
 package getter

 import (
-	"encoding/json"
-	"fmt"
-	"io"
-	"net/http"
-	"time"
+	"strings"

+	"github.com/armosec/opa-utils/gitregostore"
 	"github.com/armosec/opa-utils/reporthandling"
 )

@@ -16,71 +13,34 @@ import (

 // Download released version
 type DownloadReleasedPolicy struct {
-	hostURL    string
-	httpClient *http.Client
+	gs *gitregostore.GitRegoStore
 }

 func NewDownloadReleasedPolicy() *DownloadReleasedPolicy {
 	return &DownloadReleasedPolicy{
-		hostURL:    "",
-		httpClient: &http.Client{Timeout: 61 * time.Second},
+		gs: gitregostore.InitDefaultGitRegoStore(-1),
 	}
 }

+// Return control per name/id using ARMO api
+func (drp *DownloadReleasedPolicy) GetControl(policyName string) (*reporthandling.Control, error) {
+	var control *reporthandling.Control
+	var err error
+	if strings.HasPrefix(policyName, "C-") || strings.HasPrefix(policyName, "c-") {
+		control, err = drp.gs.GetOPAControlByID(policyName)
+	} else {
+		control, err = drp.gs.GetOPAControlByName(policyName)
+	}
+	if err != nil {
+		return nil, err
+	}
+	return control, nil
+}
+
 func (drp *DownloadReleasedPolicy) GetFramework(name string) (*reporthandling.Framework, error) {
-	if err := drp.setURL(name); err != nil {
-		return nil, err
-	}
-	respStr, err := HttpGetter(drp.httpClient, drp.hostURL)
+	framework, err := drp.gs.GetOPAFrameworkByName(name)
 	if err != nil {
 		return nil, err
 	}
-
-	framework := &reporthandling.Framework{}
-	if err = JSONDecoder(respStr).Decode(framework); err != nil {
-		return framework, err
-	}
-
-	SaveFrameworkInFile(framework, GetDefaultPath(name+".json"))
 	return framework, err
 }
-
-func (drp *DownloadReleasedPolicy) setURL(frameworkName string) error {
-
-	latestReleases := "https://api.github.com/repos/armosec/regolibrary/releases/latest"
-	resp, err := http.Get(latestReleases)
-	if err != nil {
-		return fmt.Errorf("failed to get latest releases from '%s', reason: %s", latestReleases, err.Error())
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode < 200 || 301 < resp.StatusCode {
-		return fmt.Errorf("failed to download file, status code: %s", resp.Status)
-	}
-
-	body, err := io.ReadAll(resp.Body)
-	if err != nil {
-		return fmt.Errorf("failed to read response body from '%s', reason: %s", latestReleases, err.Error())
-	}
-	var data map[string]interface{}
-	err = json.Unmarshal(body, &data)
-	if err != nil {
-		return fmt.Errorf("failed to unmarshal response body from '%s', reason: %s", latestReleases, err.Error())
-	}
-
-	if assets, ok := data["assets"].([]interface{}); ok {
-		for i := range assets {
-			if asset, ok := assets[i].(map[string]interface{}); ok {
-				if name, ok := asset["name"].(string); ok {
-					if name == frameworkName {
-						if url, ok := asset["browser_download_url"].(string); ok {
-							drp.hostURL = url
-							return nil
-						}
-					}
-				}
-			}
-		}
-	}
-	return fmt.Errorf("failed to download '%s' - not found", frameworkName)
-
-}
--- a/cautils/getter/getpolicies.go
+++ b/cautils/getter/getpolicies.go
@@ -7,6 +7,7 @@ import (

 type IPolicyGetter interface {
 	GetFramework(name string) (*reporthandling.Framework, error)
+	GetControl(policyName string) (*reporthandling.Control, error)
 }

 type IExceptionsGetter interface {
--- a/cautils/getter/getpoliciesutils.go
+++ b/cautils/getter/getpoliciesutils.go
@@ -21,6 +21,31 @@ func GetDefaultPath(name string) string {
 	return defaultfilePath
 }

+// Save control as json in file
+func SaveControlInFile(control *reporthandling.Control, pathStr string) error {
+	encodedData, err := json.Marshal(control)
+	if err != nil {
+		return err
+	}
+	err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+	if err != nil {
+		if os.IsNotExist(err) {
+			pathDir := path.Dir(pathStr)
+			if err := os.Mkdir(pathDir, 0744); err != nil {
+				return err
+			}
+		} else {
+			return err
+
+		}
+		err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
 func SaveFrameworkInFile(framework *reporthandling.Framework, pathStr string) error {
 	encodedData, err := json.Marshal(framework)
 	if err != nil {
--- a/cautils/getter/loadpolicy.go
+++ b/cautils/getter/loadpolicy.go
@@ -17,34 +17,71 @@ const DefaultLocalStore = ".kubescape"

 // Load policies from a local repository
 type LoadPolicy struct {
-	filePath string
+	filePaths []string
 }

-func NewLoadPolicy(filePath string) *LoadPolicy {
+func NewLoadPolicy(filePaths []string) *LoadPolicy {
 	return &LoadPolicy{
-		filePath: filePath,
+		filePaths: filePaths,
 	}
 }

-func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framework, error) {
+// Return control from file
+func (lp *LoadPolicy) GetControl(controlName string) (*reporthandling.Control, error) {

-	framework := &reporthandling.Framework{}
-	f, err := os.ReadFile(lp.filePath)
+	control := &reporthandling.Control{}
+	filePath := lp.getFileForControl()
+	f, err := os.ReadFile(filePath)
 	if err != nil {
 		return nil, err
 	}

-	err = json.Unmarshal(f, framework)
+	if err = json.Unmarshal(f, control); err != nil {
+		return control, err
+	}
+	if controlName != "" && !strings.EqualFold(controlName, control.Name) && !strings.EqualFold(controlName, control.ControlID) {
+		framework, err := lp.GetFramework(controlName)
+		if err != nil {
+			return nil, fmt.Errorf("control from file not matching")
+		} else {
+			for _, ctrl := range framework.Controls {
+				if strings.EqualFold(ctrl.Name, controlName) || strings.EqualFold(ctrl.ControlID, controlName) {
+					control = &ctrl
+					break
+				}
+			}
+		}
+	}
+	return control, err
+}
+
+func (lp *LoadPolicy) GetFramework(frameworkName string) (*reporthandling.Framework, error) {
+	framework := &reporthandling.Framework{}
+	var err error
+	for _, filePath := range lp.filePaths {
+		f, err := os.ReadFile(filePath)
+		if err != nil {
+			return nil, err
+		}
+
+		if err = json.Unmarshal(f, framework); err != nil {
+			return framework, err
+		}
+		if strings.EqualFold(frameworkName, framework.Name) {
+			break
+		}
+	}
 	if frameworkName != "" && !strings.EqualFold(frameworkName, framework.Name) {
+
 		return nil, fmt.Errorf("framework from file not matching")
 	}
 	return framework, err
 }

 func (lp *LoadPolicy) GetExceptions(customerGUID, clusterName string) ([]armotypes.PostureExceptionPolicy, error) {
-
+	filePath := lp.getFileForException()
 	exception := []armotypes.PostureExceptionPolicy{}
-	f, err := os.ReadFile(lp.filePath)
+	f, err := os.ReadFile(filePath)
 	if err != nil {
 		return nil, err
 	}
@@ -52,3 +89,11 @@ func (lp *LoadPolicy) GetExceptions(customerGUID, clusterName string) ([]armotyp
 	err = json.Unmarshal(f, &exception)
 	return exception, err
 }
+
+func (lp *LoadPolicy) getFileForException() string {
+	return lp.filePaths[0]
+}
+
+func (lp *LoadPolicy) getFileForControl() string {
+	return lp.filePaths[0]
+}
--- a/cautils/scaninfo.go
+++ b/cautils/scaninfo.go
@@ -9,9 +9,9 @@ import (

 type ScanInfo struct {
 	Getters
-	PolicyIdentifier   reporthandling.PolicyIdentifier
+	PolicyIdentifier   []reporthandling.PolicyIdentifier
 	UseExceptions      string   // Load exceptions configuration
-	UseFrom            string   // Load framework from local file (instead of download). Use when running offline
+	UseFrom            []string // Load framework from local file (instead of download). Use when running offline
 	UseDefault         bool     // Load framework from cached file (instead of download). Use when running offline
 	Format             string   // Format results (table, json, junit ...)
 	Output             string   // Store results in an output file, Output file name
@@ -22,6 +22,7 @@ type ScanInfo struct {
 	Submit             bool     // Submit results to Armo BE
 	Local              bool     // Do not submit results
 	Account            string   // account ID
+	FrameworkScan      bool     // false if scanning control
 }

 type Getters struct {
@@ -40,23 +41,21 @@ func (scanInfo *ScanInfo) Init() {
 func (scanInfo *ScanInfo) setUseExceptions() {
 	if scanInfo.UseExceptions != "" {
 		// load exceptions from file
-		scanInfo.ExceptionsGetter = getter.NewLoadPolicy(scanInfo.UseExceptions)
+		scanInfo.ExceptionsGetter = getter.NewLoadPolicy([]string{scanInfo.UseExceptions})
 	} else {
 		scanInfo.ExceptionsGetter = getter.GetArmoAPIConnector()
 	}

 }
 func (scanInfo *ScanInfo) setUseFrom() {
-	if scanInfo.UseFrom != "" {
-		return
-	}
 	if scanInfo.UseDefault {
-		scanInfo.UseFrom = getter.GetDefaultPath(scanInfo.PolicyIdentifier.Name + ".json")
+		for _, policy := range scanInfo.PolicyIdentifier {
+			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
+		}
 	}
-
 }
 func (scanInfo *ScanInfo) setGetter() {
-	if scanInfo.UseFrom != "" {
+	if len(scanInfo.UseFrom) > 0 {
 		// load from file
 		scanInfo.PolicyGetter = getter.NewLoadPolicy(scanInfo.UseFrom)
 	} else {
@@ -83,8 +82,3 @@ func (scanInfo *ScanInfo) setOutputFile() {
 func (scanInfo *ScanInfo) ScanRunningCluster() bool {
 	return len(scanInfo.InputPatterns) == 0
 }
-
-// func (scanInfo *ScanInfo) ConnectedToCluster(k8s k8sinterface.) bool {
-// 	_, err := k8s.KubernetesClient.CoreV1().Pods("").List(context.TODO(), metav1.ListOptions{})
-// 	return err == nil
-// }
--- a/clihandler/cmd/cluster.go
+++ b/clihandler/cmd/cluster.go
--- a/clihandler/cmd/cluster_get.go
+++ b/clihandler/cmd/cluster_get.go
@@ -7,6 +7,7 @@ import (
 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/clihandler"
 	"github.com/spf13/cobra"
 )

@@ -14,7 +15,7 @@ var getCmd = &cobra.Command{
 	Use:       "get <key>",
 	Short:     "Get configuration in cluster",
 	Long:      ``,
-	ValidArgs: supportedFrameworks,
+	ValidArgs: clihandler.SupportedFrameworks,
 	Args: func(cmd *cobra.Command, args []string) error {
 		if len(args) < 1 || len(args) > 1 {
 			return fmt.Errorf("requires  one argument")
--- a/clihandler/cmd/cluster_set.go
+++ b/clihandler/cmd/cluster_set.go
--- a/clihandler/cmd/config.go
+++ b/clihandler/cmd/config.go
--- a/clihandler/cmd/control.go
+++ b/clihandler/cmd/control.go
@@ -0,0 +1,90 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/clihandler"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/spf13/cobra"
+)
+
+// controlCmd represents the control command
+var controlCmd = &cobra.Command{
+	Use:   "control <control names list>/<control ids list>.\nExamples:\n$ kubescape scan control C-0058,C-0057 [flags]\n$ kubescape scan contol C-0058 [flags]\n$ kubescape scan control 'privileged container,allowed hostpath' [flags]",
+	Short: fmt.Sprintf("The control you wish to use for scan. It must be present in at least one of the folloiwng frameworks: %s", clihandler.ValidFrameworks),
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) > 0 {
+			controls := strings.Split(args[0], ",")
+			if len(controls) > 1 {
+				if controls[1] == "" {
+					return fmt.Errorf("usage: <control_one>,<control_two>")
+				}
+			}
+		} else {
+			return fmt.Errorf("requires at least one control name")
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		flagValidationControl()
+		scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
+
+		if len(args) < 1 {
+			scanInfo.PolicyIdentifier = SetScanForGivenFrameworks(clihandler.SupportedFrameworks)
+		} else {
+			var controls []string
+			if len(args) > 0 {
+				controls = strings.Split(args[0], ",")
+				scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
+				scanInfo.PolicyIdentifier = setScanForFirstControl(controls)
+			}
+
+			if len(controls) > 1 {
+				scanInfo.PolicyIdentifier = SetScanForGivenControls(controls[1:])
+			}
+		}
+		scanInfo.FrameworkScan = false
+		scanInfo.Init()
+		cautils.SetSilentMode(scanInfo.Silent)
+		err := clihandler.CliSetup(&scanInfo)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "error: %v\n", err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func init() {
+	scanInfo = cautils.ScanInfo{}
+	scanCmd.AddCommand(controlCmd)
+}
+
+func flagValidationControl() {
+	if 100 < scanInfo.FailThreshold {
+		fmt.Println("bad argument: out of range threshold")
+		os.Exit(1)
+	}
+}
+
+func setScanForFirstControl(controls []string) []reporthandling.PolicyIdentifier {
+	newPolicy := reporthandling.PolicyIdentifier{}
+	newPolicy.Kind = reporthandling.KindControl
+	newPolicy.Name = controls[0]
+	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+	return scanInfo.PolicyIdentifier
+}
+
+func SetScanForGivenControls(controls []string) []reporthandling.PolicyIdentifier {
+	for _, control := range controls {
+		control := strings.TrimLeft(control, " ")
+		newPolicy := reporthandling.PolicyIdentifier{}
+		newPolicy.Kind = reporthandling.KindControl
+		newPolicy.Name = control
+		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+	}
+	return scanInfo.PolicyIdentifier
+}
--- a/clihandler/cmd/download.go
+++ b/clihandler/cmd/download.go
@@ -0,0 +1,67 @@
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/clihandler"
+	"github.com/spf13/cobra"
+)
+
+var downloadInfo cautils.DownloadInfo
+
+var downloadCmd = &cobra.Command{
+	Use:   fmt.Sprintf("download framework/control <framework-name>/<control-name> [flags]\nSupported frameworks: %s", clihandler.ValidFrameworks),
+	Short: "Download framework/control",
+	Long:  ``,
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) != 2 {
+			return fmt.Errorf("requires two arguments : framework/control <framework-name>/<control-name>")
+		}
+		if !strings.EqualFold(args[0], "framework") && !strings.EqualFold(args[0], "control") {
+			return fmt.Errorf("invalid parameter '%s'. Supported parameters: framework, control", args[0])
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		if strings.EqualFold(args[0], "framework") {
+			downloadInfo.FrameworkName = strings.ToLower(args[1])
+			g := getter.NewDownloadReleasedPolicy()
+			if downloadInfo.Path == "" {
+				downloadInfo.Path = getter.GetDefaultPath(downloadInfo.FrameworkName + ".json")
+			}
+			frameworks, err := g.GetFramework(downloadInfo.FrameworkName)
+			if err != nil {
+				return err
+			}
+			err = getter.SaveFrameworkInFile(frameworks, downloadInfo.Path)
+			if err != nil {
+				return err
+			}
+		} else if strings.EqualFold(args[0], "control") {
+			downloadInfo.ControlName = strings.ToLower(args[1])
+			g := getter.NewDownloadReleasedPolicy()
+			if downloadInfo.Path == "" {
+				downloadInfo.Path = getter.GetDefaultPath(downloadInfo.ControlName + ".json")
+			}
+			controls, err := g.GetControl(downloadInfo.ControlName)
+			if err != nil {
+				return err
+			}
+			err = getter.SaveControlInFile(controls, downloadInfo.Path)
+			if err != nil {
+				return err
+			}
+		}
+
+		return nil
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(downloadCmd)
+	downloadInfo = cautils.DownloadInfo{}
+	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If specified, will store save to `~/.kubescape/<framework name>.json`")
+}
--- a/clihandler/cmd/framework.go
+++ b/clihandler/cmd/framework.go
@@ -0,0 +1,115 @@
+package cmd
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/clihandler"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/spf13/cobra"
+)
+
+var frameworkCmd = &cobra.Command{
+	Use:       fmt.Sprintf("framework <framework names list> [`<glob pattern>`/`-`] [flags]\nExamples:\n$ kubescape scan framework nsa [flags]\n$ kubescape scan framework mitre,nsa [flags]\n$ kubescape scan framework 'nsa, mitre' [flags]\nSupported frameworks: %s", clihandler.ValidFrameworks),
+	Short:     fmt.Sprintf("The framework you wish to use. Supported frameworks: %s", strings.Join(clihandler.SupportedFrameworks, ", ")),
+	Long:      "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
+	ValidArgs: clihandler.SupportedFrameworks,
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) > 0 {
+			// "nsa, mitre" -> ["nsa", "mitre"] and nsa,mitre -> ["nsa", "mitre"]
+			frameworks := strings.Split(strings.Join(strings.Fields(args[0]), ""), ",")
+			for _, framework := range frameworks {
+				if !isValidFramework(strings.ToLower(framework)) {
+					return fmt.Errorf(fmt.Sprintf("supported frameworks: %s", strings.Join(clihandler.SupportedFrameworks, ", ")))
+				}
+			}
+		} else {
+			return fmt.Errorf("requires at least one framework name")
+		}
+		return nil
+	},
+	RunE: func(cmd *cobra.Command, args []string) error {
+		flagValidationFramework()
+		scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
+		// If no framework provided, use all
+		if len(args) < 1 {
+			scanInfo.PolicyIdentifier = SetScanForGivenFrameworks(clihandler.SupportedFrameworks)
+		} else {
+			// Read frameworks from input args
+			scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
+			frameworks := strings.Split(strings.Join(strings.Fields(args[0]), ""), ",")
+			scanInfo.PolicyIdentifier = SetScanForFirstFramework(frameworks)
+			if len(frameworks) > 1 {
+				scanInfo.PolicyIdentifier = SetScanForGivenFrameworks(frameworks[1:])
+			}
+		}
+		if len(args) > 0 {
+			if len(args[1:]) == 0 || args[1] != "-" {
+				scanInfo.InputPatterns = args[1:]
+			} else { // store stout to file
+				tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
+				if err != nil {
+					return err
+				}
+				defer os.Remove(tempFile.Name())
+
+				if _, err := io.Copy(tempFile, os.Stdin); err != nil {
+					return err
+				}
+				scanInfo.InputPatterns = []string{tempFile.Name()}
+			}
+		}
+		scanInfo.Init()
+		cautils.SetSilentMode(scanInfo.Silent)
+		err := clihandler.CliSetup(&scanInfo)
+		if err != nil {
+			fmt.Fprintf(os.Stderr, "error: %v\n", err)
+			os.Exit(1)
+		}
+		return nil
+	},
+}
+
+func isValidFramework(framework string) bool {
+	return cautils.StringInSlice(clihandler.SupportedFrameworks, framework) != cautils.ValueNotFound
+}
+
+func init() {
+	scanCmd.AddCommand(frameworkCmd)
+	scanInfo = cautils.ScanInfo{}
+	scanInfo.FrameworkScan = true
+	frameworkCmd.Flags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
+	frameworkCmd.Flags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to Armo backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
+	frameworkCmd.Flags().StringVarP(&scanInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
+}
+func SetScanForGivenFrameworks(frameworks []string) []reporthandling.PolicyIdentifier {
+	for _, framework := range frameworks {
+		newPolicy := reporthandling.PolicyIdentifier{}
+		newPolicy.Kind = reporthandling.KindFramework
+		newPolicy.Name = framework
+		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+	}
+	return scanInfo.PolicyIdentifier
+}
+
+func SetScanForFirstFramework(frameworks []string) []reporthandling.PolicyIdentifier {
+	newPolicy := reporthandling.PolicyIdentifier{}
+	newPolicy.Kind = reporthandling.KindFramework
+	newPolicy.Name = frameworks[0]
+	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+	return scanInfo.PolicyIdentifier
+}
+
+func flagValidationFramework() {
+	if scanInfo.Submit && scanInfo.Local {
+		fmt.Println("You can use `keep-local` or `submit`, but not both")
+		os.Exit(1)
+	}
+	if 100 < scanInfo.FailThreshold {
+		fmt.Println("bad argument: out of range threshold")
+		os.Exit(1)
+	}
+}
--- a/clihandler/cmd/local.go
+++ b/clihandler/cmd/local.go
--- a/clihandler/cmd/local_get.go
+++ b/clihandler/cmd/local_get.go
--- a/clihandler/cmd/local_set.go
+++ b/clihandler/cmd/local_set.go
--- a/clihandler/cmd/root.go
+++ b/clihandler/cmd/root.go
--- a/clihandler/cmd/scan.go
+++ b/clihandler/cmd/scan.go
@@ -0,0 +1,46 @@
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/clihandler"
+	"github.com/spf13/cobra"
+)
+
+var scanInfo cautils.ScanInfo
+
+// scanCmd represents the scan command
+var scanCmd = &cobra.Command{
+	Use:   "scan <command>",
+	Short: "Scan the current running cluster or yaml files",
+	Long:  `The action you want to perform`,
+	Args: func(cmd *cobra.Command, args []string) error {
+		if len(args) > 0 {
+			if !strings.EqualFold(args[0], "framework") && !strings.EqualFold(args[0], "control") {
+				return fmt.Errorf("invalid parameter '%s'. Supported parameters: framework, control", args[0])
+			}
+		}
+		return nil
+	},
+	Run: func(cmd *cobra.Command, args []string) {
+		if len(args) == 0 {
+			frameworkArgs := []string{clihandler.ValidFrameworks}
+			frameworkArgs = append(frameworkArgs, args...)
+			frameworkCmd.RunE(cmd, frameworkArgs)
+		}
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(scanCmd)
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system, kube-public")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer"/"json"/"junit"`)
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
+	scanCmd.PersistentFlags().Uint16VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 0, "Failure threshold is the percent bellow which the command fails and returns exit code 1")
+	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
+	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from Armo management portal")
+}
--- a/clihandler/cmd/version.go
+++ b/clihandler/cmd/version.go
@@ -25,21 +25,21 @@ func GetLatestVersion() (string, error) {
 	latestVersion := "https://api.github.com/repos/armosec/kubescape/releases/latest"
 	resp, err := http.Get(latestVersion)
 	if err != nil {
-		return "", fmt.Errorf("failed to get latest releases from '%s', reason: %s", latestVersion, err.Error())
+		return "unknown", fmt.Errorf("failed to get latest releases from '%s', reason: %s", latestVersion, err.Error())
 	}
 	defer resp.Body.Close()
 	if resp.StatusCode < 200 || 301 < resp.StatusCode {
-		return "", fmt.Errorf("failed to download file, status code: %s", resp.Status)
+		return "unknown", nil
 	}

 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
-		return "", fmt.Errorf("failed to read response body from '%s', reason: %s", latestVersion, err.Error())
+		return "unknown", fmt.Errorf("failed to read response body from '%s', reason: %s", latestVersion, err.Error())
 	}
 	var data map[string]interface{}
 	err = json.Unmarshal(body, &data)
 	if err != nil {
-		return "", fmt.Errorf("failed to unmarshal response body from '%s', reason: %s", latestVersion, err.Error())
+		return "unknown", fmt.Errorf("failed to unmarshal response body from '%s', reason: %s", latestVersion, err.Error())
 	}
 	return fmt.Sprintf("%v", data["tag_name"]), nil
 }
--- a/clihandler/initcli.go
+++ b/clihandler/initcli.go
@@ -0,0 +1,151 @@
+package clihandler
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/opaprocessor"
+	"github.com/armosec/kubescape/policyhandler"
+	"github.com/armosec/kubescape/resourcehandler"
+	"github.com/armosec/kubescape/resultshandling"
+	"github.com/armosec/kubescape/resultshandling/printer"
+	"github.com/armosec/kubescape/resultshandling/reporter"
+	"github.com/armosec/opa-utils/reporthandling"
+)
+
+type CLIHandler struct {
+	policyHandler *policyhandler.PolicyHandler
+	scanInfo      *cautils.ScanInfo
+}
+
+var SupportedFrameworks = []string{"nsa", "mitre"}
+var ValidFrameworks = strings.Join(SupportedFrameworks, ", ")
+
+type componentInterfaces struct {
+	clusterConfig   cautils.IClusterConfig
+	resourceHandler resourcehandler.IResourceHandler
+	report          reporter.IReport
+	printerHandler  printer.IPrinter
+}
+
+func getReporter(scanInfo *cautils.ScanInfo) reporter.IReport {
+	if !scanInfo.Submit {
+		return reporter.NewReportMock()
+	}
+	if !scanInfo.FrameworkScan {
+		return reporter.NewReportMock()
+	}
+
+	return reporter.NewReportEventReceiver()
+}
+func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
+	var resourceHandler resourcehandler.IResourceHandler
+	var clusterConfig cautils.IClusterConfig
+	var reportHandler reporter.IReport
+
+	if !scanInfo.ScanRunningCluster() {
+		k8sinterface.ConnectedToCluster = false
+		clusterConfig = cautils.NewEmptyConfig()
+
+		// load fom file
+		resourceHandler = resourcehandler.NewFileResourceHandler(scanInfo.InputPatterns)
+
+		// set mock report (do not send report)
+		reportHandler = reporter.NewReportMock()
+	} else {
+		k8s := k8sinterface.NewKubernetesApi()
+		resourceHandler = resourcehandler.NewK8sResourceHandler(k8s, scanInfo.ExcludedNamespaces)
+		clusterConfig = cautils.ClusterConfigSetup(scanInfo, k8s, getter.GetArmoAPIConnector())
+
+		// setup reporter
+		reportHandler = getReporter(scanInfo)
+	}
+
+	// setup printer
+	printerHandler := printer.GetPrinter(scanInfo.Format)
+	printerHandler.SetWriter(scanInfo.Output)
+
+	return componentInterfaces{
+		clusterConfig:   clusterConfig,
+		resourceHandler: resourceHandler,
+		report:          reportHandler,
+		printerHandler:  printerHandler,
+	}
+}
+
+func CliSetup(scanInfo *cautils.ScanInfo) error {
+
+	interfaces := getInterfaces(scanInfo)
+
+	processNotification := make(chan *cautils.OPASessionObj)
+	reportResults := make(chan *cautils.OPASessionObj)
+
+	if err := interfaces.clusterConfig.SetConfig(scanInfo.Account); err != nil {
+		fmt.Println(err)
+	}
+
+	cautils.ClusterName = interfaces.clusterConfig.GetClusterName()   // TODO - Deprecated
+	cautils.CustomerGUID = interfaces.clusterConfig.GetCustomerGUID() // TODO - Deprecated
+	interfaces.report.SetClusterName(interfaces.clusterConfig.GetClusterName())
+	interfaces.report.SetCustomerGUID(interfaces.clusterConfig.GetCustomerGUID())
+	// cli handler setup
+	go func() {
+		// policy handler setup
+		policyHandler := policyhandler.NewPolicyHandler(&processNotification, interfaces.resourceHandler)
+		cli := NewCLIHandler(policyHandler, scanInfo)
+		if err := cli.Scan(); err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+	}()
+
+	// processor setup - rego run
+	go func() {
+		opaprocessorObj := opaprocessor.NewOPAProcessorHandler(&processNotification, &reportResults)
+		opaprocessorObj.ProcessRulesListenner()
+	}()
+
+	resultsHandling := resultshandling.NewResultsHandler(&reportResults, interfaces.report, interfaces.printerHandler)
+	score := resultsHandling.HandleResults(scanInfo)
+
+	// print report url
+	interfaces.clusterConfig.GenerateURL()
+
+	adjustedFailThreshold := float32(scanInfo.FailThreshold) / 100
+	if score < adjustedFailThreshold {
+		return fmt.Errorf("Scan score is bellow threshold")
+	}
+
+	return nil
+}
+
+func NewCLIHandler(policyHandler *policyhandler.PolicyHandler, scanInfo *cautils.ScanInfo) *CLIHandler {
+	return &CLIHandler{
+		scanInfo:      scanInfo,
+		policyHandler: policyHandler,
+	}
+}
+
+func (clihandler *CLIHandler) Scan() error {
+	cautils.ScanStartDisplay()
+	policyNotification := &reporthandling.PolicyNotification{
+		NotificationType: reporthandling.TypeExecPostureScan,
+		Rules:            clihandler.scanInfo.PolicyIdentifier,
+		Designators:      armotypes.PortalDesignator{},
+	}
+	switch policyNotification.NotificationType {
+	case reporthandling.TypeExecPostureScan:
+		if err := clihandler.policyHandler.HandleNotificationRequest(policyNotification, clihandler.scanInfo); err != nil {
+			return err
+		}
+
+	default:
+		return fmt.Errorf("notification type '%s' Unknown", policyNotification.NotificationType)
+	}
+	return nil
+}
--- a/cmd/download.go
+++ b/cmd/download.go
@@ -1,45 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/spf13/cobra"
-)
-
-var downloadInfo cautils.DownloadInfo
-
-var downloadCmd = &cobra.Command{
-	Use:   fmt.Sprintf("download framework <framework-name> [flags]\nSupported frameworks: %s", validFrameworks),
-	Short: "Download framework controls",
-	Long:  ``,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) != 2 {
-			return fmt.Errorf("requires two arguments : framework <framework-name>")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		downloadInfo.FrameworkName = args[1]
-		g := getter.NewDownloadReleasedPolicy()
-		if downloadInfo.Path == "" {
-			downloadInfo.Path = getter.GetDefaultPath(downloadInfo.FrameworkName + ".json")
-		}
-		frameworks, err := g.GetFramework(downloadInfo.FrameworkName)
-		if err != nil {
-			return err
-		}
-		err = getter.SaveFrameworkInFile(frameworks, downloadInfo.Path)
-		if err != nil {
-			return err
-		}
-		return nil
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(downloadCmd)
-	downloadInfo = cautils.DownloadInfo{}
-	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If specified, will store save to `~/.kubescape/<framework name>.json`")
-}
--- a/cmd/framework.go
+++ b/cmd/framework.go
@@ -1,197 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/opaprocessor"
-	"github.com/armosec/kubescape/policyhandler"
-	"github.com/armosec/kubescape/resultshandling"
-	"github.com/armosec/kubescape/resultshandling/printer"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	"github.com/armosec/opa-utils/reporthandling"
-
-	"github.com/spf13/cobra"
-)
-
-var scanInfo cautils.ScanInfo
-var supportedFrameworks = []string{"nsa", "mitre"}
-var validFrameworks = strings.Join(supportedFrameworks, ", ")
-
-type CLIHandler struct {
-	policyHandler *policyhandler.PolicyHandler
-	scanInfo      *cautils.ScanInfo
-}
-
-var frameworkCmd = &cobra.Command{
-
-	Use:       fmt.Sprintf("framework <framework name> [`<glob pattern>`/`-`] [flags]\nSupported frameworks: %s", validFrameworks),
-	Short:     fmt.Sprintf("The framework you wish to use. Supported frameworks: %s", strings.Join(supportedFrameworks, ", ")),
-	Long:      "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
-	ValidArgs: supportedFrameworks,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 && !(cmd.Flags().Lookup("use-from").Changed) {
-			return fmt.Errorf("requires at least one argument")
-		} else if len(args) > 0 {
-			if !isValidFramework(strings.ToLower(args[0])) {
-				return fmt.Errorf(fmt.Sprintf("supported frameworks: %s", strings.Join(supportedFrameworks, ", ")))
-			}
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		scanInfo.PolicyIdentifier = reporthandling.PolicyIdentifier{}
-		scanInfo.PolicyIdentifier.Kind = reporthandling.KindFramework
-
-		if !(cmd.Flags().Lookup("use-from").Changed) {
-			scanInfo.PolicyIdentifier.Name = strings.ToLower(args[0])
-		}
-		if len(args) > 0 {
-			if len(args[1:]) == 0 || args[1] != "-" {
-				scanInfo.InputPatterns = args[1:]
-			} else { // store stout to file
-				tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
-				if err != nil {
-					return err
-				}
-				defer os.Remove(tempFile.Name())
-
-				if _, err := io.Copy(tempFile, os.Stdin); err != nil {
-					return err
-				}
-				scanInfo.InputPatterns = []string{tempFile.Name()}
-			}
-		}
-		scanInfo.Init()
-		cautils.SetSilentMode(scanInfo.Silent)
-		err := CliSetup()
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "error: %v\n", err)
-			os.Exit(1)
-		}
-		return nil
-	},
-}
-
-func isValidFramework(framework string) bool {
-	return cautils.StringInSlice(supportedFrameworks, framework) != cautils.ValueNotFound
-}
-
-func init() {
-	scanCmd.AddCommand(frameworkCmd)
-	scanInfo = cautils.ScanInfo{}
-	frameworkCmd.Flags().StringVar(&scanInfo.UseFrom, "use-from", "", "Load local framework object from specified path. If not used will download latest")
-	frameworkCmd.Flags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local framework object from default path. If not used will download latest")
-	frameworkCmd.Flags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from Armo management portal")
-	frameworkCmd.Flags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system, kube-public")
-	frameworkCmd.Flags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer"/"json"/"junit"`)
-	frameworkCmd.Flags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
-	frameworkCmd.Flags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
-	frameworkCmd.Flags().Uint16VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 0, "Failure threshold is the percent bellow which the command fails and returns exit code 1")
-	frameworkCmd.Flags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
-	frameworkCmd.Flags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to Armo backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
-	frameworkCmd.Flags().StringVarP(&scanInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-
-}
-
-func CliSetup() error {
-	flagValidation()
-
-	var k8s *k8sinterface.KubernetesApi
-	var clusterConfig cautils.IClusterConfig
-	if !scanInfo.ScanRunningCluster() {
-		k8sinterface.ConnectedToCluster = false
-		clusterConfig = cautils.NewEmptyConfig()
-	} else {
-		k8s = k8sinterface.NewKubernetesApi()
-		// setup cluster config
-		clusterConfig = cautils.ClusterConfigSetup(&scanInfo, k8s, getter.GetArmoAPIConnector())
-	}
-
-	processNotification := make(chan *cautils.OPASessionObj)
-	reportResults := make(chan *cautils.OPASessionObj)
-
-	// policy handler setup
-	policyHandler := policyhandler.NewPolicyHandler(&processNotification, k8s)
-
-	if err := clusterConfig.SetCustomerGUID(scanInfo.Account); err != nil {
-		fmt.Println(err)
-	}
-
-	cautils.CustomerGUID = clusterConfig.GetCustomerGUID()
-	cautils.ClusterName = k8sinterface.GetClusterName()
-
-	// cli handler setup
-	go func() {
-		cli := NewCLIHandler(policyHandler)
-		if err := cli.Scan(); err != nil {
-			fmt.Println(err)
-			os.Exit(1)
-		}
-	}()
-
-	// processor setup - rego run
-	go func() {
-		opaprocessorObj := opaprocessor.NewOPAProcessorHandler(&processNotification, &reportResults)
-		opaprocessorObj.ProcessRulesListenner()
-	}()
-
-	resultsHandling := resultshandling.NewResultsHandler(&reportResults, reporter.NewReportEventReceiver(), printer.NewPrinter(scanInfo.Format, scanInfo.Output))
-	score := resultsHandling.HandleResults()
-
-	// print report url
-	clusterConfig.GenerateURL()
-
-	adjustedFailThreshold := float32(scanInfo.FailThreshold) / 100
-	if score < adjustedFailThreshold {
-		return fmt.Errorf("Scan score is bellow threshold")
-	}
-
-	return nil
-}
-
-func NewCLIHandler(policyHandler *policyhandler.PolicyHandler) *CLIHandler {
-	return &CLIHandler{
-		scanInfo:      &scanInfo,
-		policyHandler: policyHandler,
-	}
-}
-
-func (clihandler *CLIHandler) Scan() error {
-	cautils.ScanStartDisplay()
-	policyNotification := &reporthandling.PolicyNotification{
-		NotificationType: reporthandling.TypeExecPostureScan,
-		Rules: []reporthandling.PolicyIdentifier{
-			clihandler.scanInfo.PolicyIdentifier,
-		},
-		Designators: armotypes.PortalDesignator{},
-	}
-	switch policyNotification.NotificationType {
-	case reporthandling.TypeExecPostureScan:
-		//
-		if err := clihandler.policyHandler.HandleNotificationRequest(policyNotification, clihandler.scanInfo); err != nil {
-			return err
-		}
-	default:
-		return fmt.Errorf("notification type '%s' Unknown", policyNotification.NotificationType)
-	}
-	return nil
-}
-
-func flagValidation() {
-
-	if scanInfo.Submit && scanInfo.Local {
-		fmt.Println("You can use `keep-local` or `submit`, but not both")
-		os.Exit(1)
-	}
-	if 100 < scanInfo.FailThreshold {
-		fmt.Println("bad argument: out of range threshold")
-		os.Exit(1)
-	}
-}
--- a/cmd/scan.go
+++ b/cmd/scan.go
@@ -1,18 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-// scanCmd represents the scan command
-var scanCmd = &cobra.Command{
-	Use:   "scan",
-	Short: "Scan the current running cluster or yaml files",
-	Long:  `The action you want to perform`,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(scanCmd)
-}
--- a/docs/run-options.md
+++ b/docs/run-options.md
@@ -51,7 +51,7 @@ kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --form
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format junit --output results.xml
 ```

-* Scan with exceptions, objects with exceptions will be presented as `warning` and not `fail`  <img src="docs/new-feature.svg">
+* Scan with exceptions, objects with exceptions will be presented as `warning` and not `fail`
 ```
 kubescape scan framework nsa --exceptions examples/exceptions.json
 ```
--- a/examples/cronJob-support/README.md
+++ b/examples/cronJob-support/README.md
@@ -0,0 +1,83 @@
+# Repeatedly Kubescape Scanning
+
+You can scan your cluster repeatedly by adding a `CronJob` that will repeatedly trigger kubescape
+
+* Setup [scanning & submitting](#scanning-&-submitting)
+* Setup [scanning without submitting](#scanning-without-submitting)
+
+## Scanning & Submitting
+
+If you wish to repeatedly scan and submit the result to the [Kubescape SaaS version](https://portal.armo.cloud/) where you can benefit the features the SaaS version provides, please follow this instructions ->
+
+1. Apply kubescape namespace
+    ```
+    kubectl apply ks-namespace.yaml
+    ```
+
+2. Apply serviceAccount and roles
+    ```
+    kubectl apply ks-serviceAccount.yaml
+    ```
+
+3. Setup and apply configMap
+   
+    Before you apply the configMap you need to set the account ID and cluster name in the `ks-configMap.yaml` file.
+
+    * Set cluster name:
+        Run `kubectl config current-context` and set the result in the `data.clusterName` field
+    * Set account ID:
+        1. Navigate to the [Kubescape SaaS version](https://portal.armo.cloud/) and login/sign up for free 
+        2. Click the `Add Cluster` button on the top right of the page 
+            <img src="screenshots/add-cluster.png"  alt="add-cluster">
+        3. Copy the value of `--account` and set it in the `data.customerGUID` field
+            <img src="screenshots/account.png"  alt="account">
+
+        Make sure the configMap looks as following;
+        ```
+        kind: ConfigMap 
+        apiVersion: v1 
+        metadata:
+        name: kubescape 
+        labels:
+            app: kubescape
+        namespace: kubescape
+        data:
+        config.json: |
+            {
+                "customerGUID": "XXXXXXXX-XXXX-XXXX-XXXXXXXXXXXX",
+                "clusterName": "my-awesome-cluster-name"
+            }
+        ```
+
+    Finally, apply the configMap
+    ```
+    kubectl apply ks-configMap.yaml
+    ```
+
+4. Apply CronJob
+
+    Before you apply the cronJob, make sure the scanning frequency suites your needs
+    ```
+    kubectl apply ks-cronJob-submit.yaml
+    ```
+
+## Scanning Without Submitting
+
+If you wish to repeatedly scan but not submit the scan results, follow this instructions ->
+
+1. Apply kubescape namespace
+    ```
+    kubectl apply ks-namespace.yaml
+    ```
+
+2. Apply serviceAccount and roles
+    ```
+    kubectl apply ks-serviceAccount.yaml
+    ```
+
+3. Apply CronJob
+
+    Before you apply the cronJob, make sure the scanning frequency suites your needs
+    ```
+    kubectl apply ks-cronJob-non-submit.yaml
+    ```
--- a/examples/cronJob-support/ks-configMap.yaml
+++ b/examples/cronJob-support/ks-configMap.yaml
@@ -0,0 +1,14 @@
+# ------------------- Kubescape User/Customer ID ------------------- #
+kind: ConfigMap 
+apiVersion: v1 
+metadata:
+  name: kubescape 
+  labels:
+    app: kubescape
+  namespace: kubescape
+data:
+  config.json: |
+    {
+      "customerGUID": "<ID>",
+      "clusterName": "<cluster name>"
+    }
--- a/examples/cronJob-support/ks-cronJob-non-submit.yaml
+++ b/examples/cronJob-support/ks-cronJob-non-submit.yaml
@@ -0,0 +1,32 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: kubescape
+  labels:
+    app: kubescape
+  namespace: kubescape
+spec:
+  #      ┌────────────────── timezone (optional)
+  #      |      ┌───────────── minute (0 - 59)
+  #      |      │ ┌───────────── hour (0 - 23)
+  #      |      │ │ ┌───────────── day of the month (1 - 31)
+  #      |      │ │ │ ┌───────────── month (1 - 12)
+  #      |      │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
+  #      |      │ │ │ │ │                         7 is also Sunday on some systems)
+  #      |      │ │ │ │ │
+  #      |      │ │ │ │ │
+  # CRON_TZ=UTC * * * * *
+  schedule: "0 0 1 * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: kubescape
+            image: quay.io/armosec/kubescape:latest
+            imagePullPolicy: IfNotPresent
+            command: ["/bin/sh","-c"]
+            args: 
+            - kubescape scan framework nsa
+          restartPolicy: OnFailure
+          serviceAccountName: kubescape-discovery
--- a/examples/cronJob-support/ks-cronJob-submit.yaml
+++ b/examples/cronJob-support/ks-cronJob-submit.yaml
@@ -0,0 +1,40 @@
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: kubescape
+  labels:
+    app: kubescape
+  namespace: kubescape
+spec:
+  #      ┌────────────────── timezone (optional)
+  #      |      ┌───────────── minute (0 - 59)
+  #      |      │ ┌───────────── hour (0 - 23)
+  #      |      │ │ ┌───────────── day of the month (1 - 31)
+  #      |      │ │ │ ┌───────────── month (1 - 12)
+  #      |      │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
+  #      |      │ │ │ │ │                         7 is also Sunday on some systems)
+  #      |      │ │ │ │ │
+  #      |      │ │ │ │ │
+  # CRON_TZ=UTC * * * * *
+  schedule: "0 0 1 * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: kubescape
+            image: quay.io/armosec/kubescape:latest
+            imagePullPolicy: IfNotPresent
+            command: ["/bin/sh","-c"]
+            args: 
+            - kubescape scan framework nsa --submit
+            volumeMounts:
+            - name: kubescape-config-volume
+              mountPath: /root/.kubescape/config.json
+              subPath: config.json
+          restartPolicy: OnFailure
+          serviceAccountName: kubescape-discovery
+          volumes:
+          - name: kubescape-config-volume
+            configMap:
+              name: kubescape
--- a/examples/cronJob-support/ks-namespace.yaml
+++ b/examples/cronJob-support/ks-namespace.yaml
@@ -0,0 +1,7 @@
+# ------------------- Kubescape User/Customer ID ------------------- #
+kind: Namespace 
+apiVersion: v1 
+metadata:
+  name: kubescape
+  labels:
+    app: kubescape
--- a/examples/cronJob-support/ks-serviceAccount.yaml
+++ b/examples/cronJob-support/ks-serviceAccount.yaml
@@ -0,0 +1,61 @@
+---
+# ------------------- Kubescape Service Account ------------------- #
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: kubescape
+  name: kubescape-discovery
+  namespace: kubescape
+
+---
+# ------------------- Kubescape Role & Role Binding ------------------- #
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-role
+  namespace: kubescape
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "list", "describe"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubescape-discovery-binding
+  namespace: kubescape
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubescape-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: kubescape-discovery
+
+---
+# ------------------- Kubescape Cluster Role & Cluster Role Binding ------------------- #
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-clusterroles
+  # "namespace" omitted since ClusterRoles are not namespaced
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "list", "describe"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubescape-discovery-clusterroles
+subjects:
+- kind: ServiceAccount
+  name: kubescape-discovery
+  namespace: kubescape
--- a/examples/cronJob-support/screenshots/account.png
+++ b/examples/cronJob-support/screenshots/account.png
--- a/examples/cronJob-support/screenshots/add-cluster.png
+++ b/examples/cronJob-support/screenshots/add-cluster.png
--- a/examples/cronjob/ks-cronjob.yaml
+++ b/examples/cronjob/ks-cronjob.yaml
@@ -0,0 +1,130 @@
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# 
+# This file is DEPRECATE, please navigate to the official docs ->
+# https://github.com/armosec/kubescape/tree/master/examples/cronJob-support/README.md
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+
+---
+# ------------------- Kubescape Service Account ------------------- #
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: kubescape
+  name: kubescape-discovery
+  namespace: kubescape
+
+---
+# ------------------- Kubescape Role & Role Binding ------------------- #
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-role
+  namespace: kubescape
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "list", "describe"]
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: kubescape-discovery-binding
+  namespace: kubescape
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: kubescape-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: kubescape-discovery
+
+---
+# ------------------- Kubescape Cluster Role & Cluster Role Binding ------------------- #
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-clusterroles
+  # "namespace" omitted since ClusterRoles are not namespaced
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "list", "describe"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubescape-discovery-clusterroles
+subjects:
+- kind: ServiceAccount
+  name: kubescape-discovery
+  namespace: kubescape
+
+---
+# ------------------- Kubescape User/Customer GUID ------------------- #
+kind: ConfigMap 
+apiVersion: v1 
+metadata:
+  name: kubescape-configmap 
+  labels:
+    app: kubescape
+  namespace: kubescape
+data:
+  config.json: |
+    {
+      "customerGUID": <MyGUID>,
+      "clusterName": <MyK8sClusterName>
+    }
+
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: kubescape
+  labels:
+    app: kubescape
+  namespace: kubescape
+spec:
+  #      ┌────────────────── timezone (optional)
+  #      |      ┌───────────── minute (0 - 59)
+  #      |      │ ┌───────────── hour (0 - 23)
+  #      |      │ │ ┌───────────── day of the month (1 - 31)
+  #      |      │ │ │ ┌───────────── month (1 - 12)
+  #      |      │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
+  #      |      │ │ │ │ │                         7 is also Sunday on some systems)
+  #      |      │ │ │ │ │
+  #      |      │ │ │ │ │
+  # CRON_TZ=UTC * * * * *
+  schedule: "0 0 1 * *"
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          containers:
+          - name: kubescape
+            image: quay.io/armosec/kubescape:latest
+            imagePullPolicy: IfNotPresent
+            command: ["/bin/sh","-c"]
+            args: 
+            - kubescape scan framework nsa --submit
+            volumeMounts:
+            - name: kubescape-config-volume
+              mountPath: /root/.kubescape/config.json
+              subPath: config.json
+          restartPolicy: OnFailure
+          serviceAccountName: kubescape-discovery
+          volumes:
+          - name: kubescape-config-volume
+            configMap:
+              name: kubescape-configmap
+
+---
+
+
--- a/go.mod
+++ b/go.mod
@@ -3,36 +3,24 @@ module github.com/armosec/kubescape
 go 1.17

 require (
+	github.com/armosec/armoapi-go v0.0.8
+	github.com/armosec/k8s-interface v0.0.8
+	github.com/armosec/opa-utils v0.0.18
+	github.com/armosec/utils-go v0.0.3
 	github.com/briandowns/spinner v1.16.0
-	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
-	github.com/docker/docker v20.10.9+incompatible // indirect
-	github.com/docker/go-connections v0.4.0 // indirect
-	github.com/docker/go-units v0.4.0 // indirect
 	github.com/enescakir/emoji v1.0.0
-	github.com/fatih/color v1.12.0
-	github.com/francoispqt/gojay v1.2.13 // indirect
-	github.com/gofrs/uuid v4.0.0+incompatible
+	github.com/fatih/color v1.13.0
+	github.com/gofrs/uuid v4.1.0+incompatible
 	github.com/golang/glog v1.0.0
-	github.com/mattn/go-isatty v0.0.13
+	github.com/mattn/go-isatty v0.0.14
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/open-policy-agent/opa v0.33.1
-	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.1 // indirect
 	github.com/satori/go.uuid v1.2.0
 	github.com/spf13/cobra v1.2.1
-	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1 // indirect
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.22.2
 	k8s.io/apimachinery v0.22.2
 	k8s.io/client-go v0.22.2
-	sigs.k8s.io/controller-runtime v0.10.2 // indirect
-)
-
-require (
-	github.com/armosec/armoapi-go v0.0.7
-	github.com/armosec/k8s-interface v0.0.5
-	github.com/armosec/opa-utils v0.0.7
-	github.com/armosec/utils-go v0.0.3
 )

 require (
@@ -45,9 +33,15 @@ require (
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/armosec/utils-k8s-go v0.0.1 // indirect
+	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/docker/docker v20.10.9+incompatible // indirect
+	github.com/docker/go-connections v0.4.0 // indirect
+	github.com/docker/go-units v0.4.0 // indirect
 	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
+	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/go-gota/gota v0.12.0 // indirect
 	github.com/go-logr/logr v0.4.0 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -58,10 +52,12 @@ require (
 	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.11 // indirect
-	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-colorable v0.1.9 // indirect
 	github.com/mattn/go-runewidth v0.0.9 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/opencontainers/go-digest v1.0.0 // indirect
+	github.com/opencontainers/image-spec v1.0.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
@@ -69,12 +65,17 @@ require (
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b // indirect
+	go.uber.org/atomic v1.7.0 // indirect
+	go.uber.org/multierr v1.6.0 // indirect
+	go.uber.org/zap v1.19.1 // indirect
 	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 // indirect
 	golang.org/x/net v0.0.0-20210825183410-e898025ed96a // indirect
+	golang.org/x/oauth2 v0.0.0-20211005180243-6b3c2da341f1 // indirect
 	golang.org/x/sys v0.0.0-20210823070655-63515b42dcdf // indirect
 	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect
 	golang.org/x/text v0.3.6 // indirect
 	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	gonum.org/v1/gonum v0.9.1 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.27.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
@@ -82,6 +83,7 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	k8s.io/klog/v2 v2.9.0 // indirect
 	k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a // indirect
+	sigs.k8s.io/controller-runtime v0.10.2 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
 	sigs.k8s.io/yaml v1.2.0 // indirect
 )
--- a/go.sum
+++ b/go.sum
@@ -44,6 +44,7 @@ dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7
 dmitri.shuralyov.com/html/belt v0.0.0-20180602232347-f7d459c86be0/go.mod h1:JLBrvjyP0v+ecvNYvCpyZgu5/xkfAUhi6wJj28eUfSU=
 dmitri.shuralyov.com/service/change v0.0.0-20181023043359-a85b471d5412/go.mod h1:a1inKt/atXimZ4Mv927x+r7UpyzRUf4emIoiiSC2TN4=
 dmitri.shuralyov.com/state v0.0.0-20180228185332-28bcc343414c/go.mod h1:0PRwlb0D6DFvNNtx+9ybjezNCa8XF0xaYcETyp6rHWU=
+gioui.org v0.0.0-20210308172011-57750fc8a0a6/go.mod h1:RSH6KIUZ0p2xy5zHDxgAM4zumjgTw83q2ge/PI+yyw8=
 git.apache.org/thrift.git v0.0.0-20180902110319-2566ecd5d999/go.mod h1:fPE2ZNJGynbRyZ4dJvy6G277gSllfV2HJqblrnkyeyg=
 github.com/Azure/go-ansiterm v0.0.0-20210608223527-2377c96fe795/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
@@ -70,6 +71,7 @@ github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
 github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
 github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
@@ -82,12 +84,14 @@ github.com/armon/consul-api v0.0.0-20180202201655-eb2c6b5be1b6/go.mod h1:grANhF5
 github.com/armon/go-metrics v0.0.0-20180917152333-f0300d1749da/go.mod h1:Q73ZrmVTwzkszR9V5SSuryQ31EELlFMUz1kKyl939pY=
 github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armosec/armoapi-go v0.0.2/go.mod h1:vIK17yoKbJRQyZXWWLe3AqfqCRITxW8qmSkApyq5xFs=
-github.com/armosec/armoapi-go v0.0.7 h1:SN13+iYrIkxgatU+MwuWnSlhxP1G7rZP7dC8us2I7v0=
 github.com/armosec/armoapi-go v0.0.7/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
-github.com/armosec/k8s-interface v0.0.5 h1:DWQXZNMSsYQeLQ6xpB21ueFMR9oFnz28iWQTNn31TAk=
+github.com/armosec/armoapi-go v0.0.8 h1:JPa9rZynuE2RucamDh6dsy/sjCScmWDsyt1zagJFCDo=
+github.com/armosec/armoapi-go v0.0.8/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
 github.com/armosec/k8s-interface v0.0.5/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM=
-github.com/armosec/opa-utils v0.0.7 h1:cafKzdQcCVqaOz6zNdne+wxNqajZFd6Ad2KJpHM3gF8=
-github.com/armosec/opa-utils v0.0.7/go.mod h1:fxPGsKEKOf0FDQVciKiCTZv4iibRkbld5lK1hyUyVcA=
+github.com/armosec/k8s-interface v0.0.8 h1:Eo3Qen4yFXxzVem49FNeij2ckyzHSAJ0w6PZMaSEIm8=
+github.com/armosec/k8s-interface v0.0.8/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM=
+github.com/armosec/opa-utils v0.0.18 h1:1hL5v2KCD8yStuwzul+gq1zg9+RCV9N3kHoRepKnrg0=
+github.com/armosec/opa-utils v0.0.18/go.mod h1:E0mFTVx+4BYAVvO2hxWnIniv/IZIogRCak8BkKd7KK4=
 github.com/armosec/utils-go v0.0.2/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
 github.com/armosec/utils-go v0.0.3 h1:uyQI676yRciQM0sSN9uPoqHkbspTxHO0kmzXhBeE/xU=
 github.com/armosec/utils-go v0.0.3/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
@@ -96,6 +100,7 @@ github.com/armosec/utils-k8s-go v0.0.1/go.mod h1:qrU4pmY2iZsOb39Eltpm0sTTNM3E4pm
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.41.1/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/benbjohnson/clock v1.0.3/go.mod h1:bGMdMPoPVvcYyt1gHDf4J2KE153Yf9BuiUKYMaxlTDM=
+github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8=
 github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -104,6 +109,7 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB
 github.com/bketelsen/crypt v0.0.3-0.20200106085610-5cbc8cc4026c/go.mod h1:MKsuJmJgSg28kpZDP6UIiPt0e0Oz0kqKNGyRaWEPv84=
 github.com/bketelsen/crypt v0.0.4/go.mod h1:aI6NrJ0pMGgvZKL1iVgXLnfIFJtfV+bKCoqOes/6LfM=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
+github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/briandowns/spinner v1.16.0 h1:DFmp6hEaIx2QXXuqSJmtfSBSAjRmpGiKG6ip2Wm/yOs=
 github.com/briandowns/spinner v1.16.0/go.mod h1:QOuQk7x+EaDASo80FEXwlwiA+j/PPIcX3FScO+3/ZPQ=
@@ -181,10 +187,12 @@ github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMi
 github.com/evanphx/json-patch v4.11.0+incompatible h1:glyUF9yIYtMHzn8xaKw5rMhdWcwsYV8dZHIq5567/xs=
 github.com/evanphx/json-patch v4.11.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fatih/color v1.12.0 h1:mRhaKNwANqRgUBGKmnI5ZxEk7QXmjQeCcuYFMX2bfcc=
-github.com/fatih/color v1.12.0/go.mod h1:ELkj/draVOlAH/xkhN6mQ50Qd0MPOk5AAr3maGEBuJM=
+github.com/fatih/color v1.13.0 h1:8LOYc1KYPPmyKMuN8QV2DNRWNbLo6LZ0iLs8+mlH53w=
+github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
 github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/fogleman/gg v1.2.1-0.20190220221249-0403632d5b90/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
+github.com/fogleman/gg v1.3.0/go.mod h1:R/bRT+9gY/C5z7JzPU0zXsXHKM4/ayA+zqcVNZzPa1k=
 github.com/form3tech-oss/jwt-go v3.2.2+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible h1:7ZaBxOI7TMoYBfyA3cQHErNNyAWIKUMIwqxEtgHOs5c=
 github.com/form3tech-oss/jwt-go v3.2.3+incompatible/go.mod h1:pbq4aXjuKjdthFRnoDwaVPLA+WlJuPGy+QneDUgJi2k=
@@ -201,12 +209,19 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/gliderlabs/ssh v0.1.1/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-fonts/dejavu v0.1.0/go.mod h1:4Wt4I4OU2Nq9asgDCteaAaWZOV24E+0/Pwo0gppep4g=
+github.com/go-fonts/latin-modern v0.2.0/go.mod h1:rQVLdDMK+mK1xscDwsqM5J8U2jrRa3T0ecnM9pNujks=
+github.com/go-fonts/liberation v0.1.1/go.mod h1:K6qoJYypsmfVjWg8KOVDQhLc8UDgIK2HYqyqAO9z7GY=
+github.com/go-fonts/stix v0.1.0/go.mod h1:w/c1f0ldAUlJmLBvlbkvVXLAD+tAMqobIIQpmnUIzUY=
 github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gota/gota v0.12.0 h1:T5BDg1hTf5fZ/CO+T/N0E+DDqUhvoKBl+UVckgcAAQg=
+github.com/go-gota/gota v0.12.0/go.mod h1:UT+NsWpZC/FhaOyWb9Hui0jXg0Iq8e/YugZHTbyW/34=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
+github.com/go-latex/latex v0.0.0-20210118124228-b3d85cf34e07/go.mod h1:CO1AlKB2CSIqUrmQPqA0gdRIlnLEY0gK5JGjh37zN5U=
 github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
@@ -227,13 +242,15 @@ github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg78
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
 github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
 github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
-github.com/gofrs/uuid v4.0.0+incompatible h1:1SD/1F5pU8p29ybwgQSwpQk+mwdRrXCYuPhW6m+TnJw=
 github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
+github.com/gofrs/uuid v4.1.0+incompatible h1:sIa2eCvUTwgjbqXrPLfNwUf9S3i3mpH1O1atV+iL/Wk=
+github.com/gofrs/uuid v4.1.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
 github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
 github.com/gogo/protobuf v1.2.1/go.mod h1:hp+jE20tsWTFYpLwKvXlhS1hjn+gTNwPg2I6zVXpSg4=
 github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o=
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0/go.mod h1:E/TSTwGwJL78qG/PmXZO1EjYhfJinVAhrmmHX6Z8B9k=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
 github.com/golang/glog v1.0.0 h1:nfP3RFugxnNRyKgeWd4oI1nYvXpxrx8ck8ZrcizshdQ=
 github.com/golang/glog v1.0.0/go.mod h1:EWib/APOK0SL3dFbYqvxE3UYd8E6s1ouQ7iEp/0LWV4=
@@ -375,6 +392,8 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
+github.com/jung-kurt/gofpdf v1.0.0/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
+github.com/jung-kurt/gofpdf v1.0.3-0.20190309125859-24315acbbda5/go.mod h1:7Id9E/uU8ce6rXgefFLlgrJj/GYY22cpxn+r32jIOes=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00=
 github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
@@ -403,13 +422,13 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
 github.com/mattn/go-colorable v0.1.2/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE=
-github.com/mattn/go-colorable v0.1.8 h1:c1ghPdyEDarC70ftn0y+A/Ee++9zz8ljHG1b13eJ0s8=
-github.com/mattn/go-colorable v0.1.8/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
+github.com/mattn/go-colorable v0.1.9 h1:sqDoxXbdeALODt0DAeJCVp38ps9ZogZEAXjus69YV3U=
+github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
 github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
 github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.13 h1:qdl+GuBjcsKKDco5BsxPJlId98mSWNKqYA+Co0SC1yA=
-github.com/mattn/go-isatty v0.0.13/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/mattn/go-isatty v0.0.14 h1:yVuAays6BHfxijgZPzw+3Zlu5yQgKGP2/hcQbHb7S9Y=
+github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
 github.com/mattn/go-runewidth v0.0.9 h1:Lm995f3rfxdpd6TSmuVCHVb/QhupuXlYr8sCI/QdE+0=
 github.com/mattn/go-runewidth v0.0.9/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
@@ -472,6 +491,8 @@ github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/9
 github.com/pelletier/go-toml v1.9.3/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/peterbourgon/diskv v2.0.1+incompatible/go.mod h1:uqqh8zWWbv1HBMNONnaR/tNboyR3/BZd58JJSHlUSCU=
 github.com/peterh/liner v0.0.0-20170211195444-bf27d3ba8e1d/go.mod h1:xIteQHvHuaLYG9IFj6mSxM0fCKrs34IrEQUhOYuGPHc=
+github.com/phpdave11/gofpdf v1.4.2/go.mod h1:zpO6xFn9yxo3YLyMvW8HcKWVdbNqgIfOOp2dXMnm1mY=
+github.com/phpdave11/gofpdi v1.0.12/go.mod h1:vBmVV0Do6hSBHC8uKUQ71JGW+ZGQq74llk/7bXwjDoI=
 github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -514,6 +535,7 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
 github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
+github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
@@ -638,6 +660,7 @@ go.uber.org/atomic v1.7.0 h1:ADUqmZGgLDDfbSL9ZmPxKTybcoEYHgpYfELNoN+7hsw=
 go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc=
 go.uber.org/automaxprocs v1.4.0/go.mod h1:/mTEdr7LvHhs0v7mjdxDreTz1OG5zdZGqgOnhWiR/+Q=
 go.uber.org/goleak v1.1.10/go.mod h1:8a7PlsEVH3e/a/GLqe5IIrQx6GzcnRmZEufDUTk4A7A=
+go.uber.org/goleak v1.1.11-0.20210813005559-691160354723 h1:sHOAIxRGBp443oHZIPB+HsUGaksVCXVQENPxwTfQdH4=
 go.uber.org/goleak v1.1.11-0.20210813005559-691160354723/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ=
 go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0=
 go.uber.org/multierr v1.6.0 h1:y6IPFStTAIT5Ytl7/XYmHvzXQ7S3g/IeZW9hyZ5thw4=
@@ -663,18 +686,30 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
 golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 h1:/ZScEX8SfEmUGRHs0gxpqteO5nfNW6axyZbBdw9A12g=
 golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83/go.mod h1:jdWPYTVW3xRLrWPugEBEK3UY2ZEsg3UU495nc5E+M+I=
+golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20180807140117-3d87b88a115f/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191002040644-a1355ae1e2c3/go.mod h1:NOZ3BPKG0ec/BKJQgnvsSFpcKLM5xXVWnvZS97DWHgE=
 golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20190910094157-69e4b8554b2a/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20200119044424-58c23975cae1/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -745,6 +780,7 @@ golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
 golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc=
 golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
+golang.org/x/net v0.0.0-20210423184538-5f58ad60dda6/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210428140749-89ef3d95e781/go.mod h1:OJAsFXCWl8Ukc7SiCT/9KSuxbyM7479/AVlXFRxuMCk=
 golang.org/x/net v0.0.0-20210520170846-37e1c6afe023/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20210525063256-abc453219eb5/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
@@ -836,6 +872,7 @@ golang.org/x/sys v0.0.0-20210112080510-489259a85091/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210304124612-50617c2ba197/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
@@ -870,11 +907,13 @@ golang.org/x/time v0.0.0-20210220033141-f8bda1e9f3ba/go.mod h1:tRJNPiyCQ0inRvYxb
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac h1:7zkz7BUtwNFFqcowJ+RIgu2MaV/MapERkDIy+mwPyjs=
 golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180221164845-07fd8470d635/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030000716-a0a13e073c7b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190206041539-40960b6deb8e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
 golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
@@ -889,6 +928,7 @@ golang.org/x/tools v0.0.0-20190624222133-a101b041ded4/go.mod h1:/rFqwRUd4F7ZHNgw
 golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
 golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190927191325-030b2cf1153e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191108193012-7d206e10da11/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191112195655-aa38f8e97acc/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
@@ -935,6 +975,14 @@ golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8T
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 h1:go1bK/D/BFZV2I8cIQd1NKEZ+0owSTG1fDTci4IqFcE=
 golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gomodules.xyz/jsonpatch/v2 v2.2.0/go.mod h1:WXp+iVDkoLQqPudfQ9GBlwB2eZ5DKOnjQZCYdOS8GPY=
+gonum.org/v1/gonum v0.0.0-20180816165407-929014505bf4/go.mod h1:Y+Yx5eoAFn32cQvJDxZx5Dpnq+c3wtXuadVZAcxbbBo=
+gonum.org/v1/gonum v0.8.2/go.mod h1:oe/vMfY3deqTw+1EZJhuvEW2iwGF1bW9wwu7XCu0+v0=
+gonum.org/v1/gonum v0.9.1 h1:HCWmqqNoELL0RAQeKBXWtkp04mGk8koafcB4He6+uhc=
+gonum.org/v1/gonum v0.9.1/go.mod h1:TZumC3NeyVQskjXqmyWt4S3bINhy7B4eYwW69EbyX+0=
+gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0 h1:OE9mWmgKkjJyEmDAAtGMPjXu+YNeGvK9VTSHY6+Qihc=
+gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
+gonum.org/v1/plot v0.0.0-20190515093506-e2840ee46a6b/go.mod h1:Wt8AAjI+ypCyYX3nZBvf6cAIx93T+c/OS2HFAYskSZc=
+gonum.org/v1/plot v0.9.0/go.mod h1:3Pcqqmp6RHvJI72kgb8fThyUnav364FOsdDo2aGW5lY=
 google.golang.org/api v0.0.0-20180910000450-7ca32eb868bf/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.0.0-20181030000543-1d582fd0359e/go.mod h1:4mhQ8q/RsB7i+udVvVy5NUi08OU8ZlA0gRVgrF7VFY0=
 google.golang.org/api v0.1.0/go.mod h1:UGEZY7KEX120AnNLIHFMKIo4obdJhkp2tPbaPlQx13Y=
@@ -1121,6 +1169,7 @@ k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e/go.mod h1:vHXdDvt9+2spS2R
 k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a h1:8dYfu/Fc9Gz2rNJKB9IQRGgQOh2clmRzNIPPY1xLY5g=
 k8s.io/utils v0.0.0-20210819203725-bdf08cb9a70a/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4=
 rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.22/go.mod h1:LEScyzhFmoF5pso/YSeBstl57mOzx9xlU9n85RGrDQg=
--- a/install.sh
+++ b/install.sh
@@ -53,6 +53,6 @@ echo -e "\033[0m"
 $KUBESCAPE_EXEC version
 echo

-echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan framework nsa --exclude-namespaces kube-system,kube-public"
+echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan framework nsa"

 echo -e "\033[0m"
--- a/main.go
+++ b/main.go
@@ -4,20 +4,26 @@ import (
 	"fmt"
 	"os"

-	"github.com/armosec/kubescape/cmd"
+	"github.com/armosec/kubescape/clihandler/cmd"
+	pkgutils "github.com/armosec/utils-go/utils"
 )

+const SKIP_VERSION_CHECK = "KUBESCAPE_SKIP_UPDATE_CHECK"
+
 func main() {
 	CheckLatestVersion()
 	cmd.Execute()
 }

 func CheckLatestVersion() {
+	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && pkgutils.StringToBool(v) {
+		return
+	}
 	latest, err := cmd.GetLatestVersion()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "error: %v\n", err)
-	} else if latest != cmd.BuildNumber {
+	if err != nil || latest == "unknown" {
+		return
+	}
+	if latest != cmd.BuildNumber {
 		fmt.Println("Warning: You are not updated to the latest release: " + latest)
 	}
-
 }
--- a/opaprocessor/processorhandler.go
+++ b/opaprocessor/processorhandler.go
@@ -8,7 +8,6 @@ import (
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/opa-utils/exceptions"
 	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/score"

 	"github.com/armosec/k8s-interface/k8sinterface"

@@ -226,17 +225,6 @@ func (opap *OPAProcessor) regoEval(inputObj []map[string]interface{}, compiledRe
 	return results, nil
 }

-func (opap *OPAProcessor) updateScore() {
-
-	if !k8sinterface.ConnectedToCluster {
-		return
-	}
-
-	// calculate score
-	s := score.NewScore(k8sinterface.NewKubernetesApi(), ScoreConfigPath)
-	s.Calculate(opap.PostureReport.FrameworkReports)
-}
-
 func (opap *OPAProcessor) updateResults() {
 	for f := range opap.PostureReport.FrameworkReports {
 		// set exceptions
--- a/policyhandler/handlenotification.go
+++ b/policyhandler/handlenotification.go
@@ -4,25 +4,25 @@ import (
 	"fmt"

 	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/resourcehandler"
 	"github.com/armosec/opa-utils/reporthandling"

 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/k8sinterface"
 )

 // PolicyHandler -
 type PolicyHandler struct {
-	k8s *k8sinterface.KubernetesApi
+	resourceHandler resourcehandler.IResourceHandler
 	// we are listening on this chan in opaprocessor/processorhandler.go/ProcessRulesListenner func
 	processPolicy *chan *cautils.OPASessionObj
 	getters       *cautils.Getters
 }

 // CreatePolicyHandler Create ws-handler obj
-func NewPolicyHandler(processPolicy *chan *cautils.OPASessionObj, k8s *k8sinterface.KubernetesApi) *PolicyHandler {
+func NewPolicyHandler(processPolicy *chan *cautils.OPASessionObj, resourceHandler resourcehandler.IResourceHandler) *PolicyHandler {
 	return &PolicyHandler{
-		k8s:           k8s,
-		processPolicy: processPolicy,
+		resourceHandler: resourceHandler,
+		processPolicy:   processPolicy,
 	}
 }

@@ -59,7 +59,7 @@ func (policyHandler *PolicyHandler) HandleNotificationRequest(notification *repo

 func (policyHandler *PolicyHandler) getPolicies(notification *reporthandling.PolicyNotification) ([]reporthandling.Framework, []armotypes.PostureExceptionPolicy, error) {

-	cautils.ProgressTextDisplay("Downloading/Loading framework definitions")
+	cautils.ProgressTextDisplay("Downloading/Loading policy definitions")

 	frameworks, exceptions, err := policyHandler.GetPoliciesFromBackend(notification)
 	if err != nil {
@@ -70,19 +70,14 @@ func (policyHandler *PolicyHandler) getPolicies(notification *reporthandling.Pol
 		err := fmt.Errorf("could not download any policies, please check previous logs")
 		return frameworks, exceptions, err
 	}
-	cautils.SuccessTextDisplay("Downloaded/Loaded framework")
+	//if notification.Rules
+	cautils.SuccessTextDisplay("Downloaded/Loaded policy")

 	return frameworks, exceptions, nil
 }

 func (policyHandler *PolicyHandler) getResources(notification *reporthandling.PolicyNotification, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) (*cautils.K8SResources, error) {
-	var k8sResources *cautils.K8SResources
-	var err error
-	if k8sinterface.ConnectedToCluster {
-		k8sResources, err = policyHandler.getK8sResources(opaSessionObj.Frameworks, &notification.Designators, scanInfo.ExcludedNamespaces)
-	} else {
-		k8sResources, err = policyHandler.loadResources(opaSessionObj.Frameworks, scanInfo)
-	}

-	return k8sResources, err
+	opaSessionObj.PostureReport.ClusterAPIServerInfo = policyHandler.resourceHandler.GetClusterAPIServerInfo()
+	return policyHandler.resourceHandler.GetResources(opaSessionObj.Frameworks, &notification.Designators)
 }
--- a/policyhandler/handlepullpolicies.go
+++ b/policyhandler/handlepullpolicies.go
@@ -13,11 +13,12 @@ func (policyHandler *PolicyHandler) GetPoliciesFromBackend(notification *reporth
 	var errs error
 	frameworks := []reporthandling.Framework{}
 	exceptionPolicies := []armotypes.PostureExceptionPolicy{}
-
 	// Get - cacli opa get
-	for _, rule := range notification.Rules {
-		switch rule.Kind {
-		case reporthandling.KindFramework:
+	rule := GetScanKind(notification)
+
+	switch rule.Kind {
+	case reporthandling.KindFramework:
+		for _, rule := range notification.Rules {
 			receivedFramework, recExceptionPolicies, err := policyHandler.getFrameworkPolicies(rule.Name)
 			if receivedFramework != nil {
 				frameworks = append(frameworks, *receivedFramework)
@@ -30,11 +31,32 @@ func (policyHandler *PolicyHandler) GetPoliciesFromBackend(notification *reporth
 				}
 				return nil, nil, fmt.Errorf("kind: %v, name: %s, error: %s", rule.Kind, rule.Name, err.Error())
 			}
-
-		default:
-			err := fmt.Errorf("missing rule kind, expected: %s", reporthandling.KindFramework)
-			errs = fmt.Errorf("%s", err.Error())
 		}
+	case reporthandling.KindControl:
+		f := reporthandling.Framework{}
+		var receivedControl *reporthandling.Control
+		var recExceptionPolicies []armotypes.PostureExceptionPolicy
+		var err error
+		for _, rule := range notification.Rules {
+			receivedControl, recExceptionPolicies, err = policyHandler.getControl(rule.Name)
+			if receivedControl != nil {
+				f.Controls = append(f.Controls, *receivedControl)
+				if recExceptionPolicies != nil {
+					exceptionPolicies = append(exceptionPolicies, recExceptionPolicies...)
+				}
+
+			} else if err != nil {
+				if strings.Contains(err.Error(), "unsupported protocol scheme") {
+					err = fmt.Errorf("failed to download from GitHub release, try running with `--use-default` flag")
+				}
+				return nil, nil, fmt.Errorf("error: %s", err.Error())
+			}
+		}
+		frameworks = append(frameworks, f)
+		// TODO: add case for control from file
+	default:
+		err := fmt.Errorf("missing rule kind, expected: %s", reporthandling.KindFramework)
+		errs = fmt.Errorf("%s", err.Error())
 	}
 	return frameworks, exceptionPolicies, errs
 }
@@ -52,3 +74,31 @@ func (policyHandler *PolicyHandler) getFrameworkPolicies(policyName string) (*re

 	return receivedFramework, receivedException, nil
 }
+
+func GetScanKind(notification *reporthandling.PolicyNotification) *reporthandling.PolicyIdentifier {
+	if len(notification.Rules) > 0 {
+		return &notification.Rules[0]
+	}
+	return nil
+}
+
+// Get control by name
+func (policyHandler *PolicyHandler) getControl(policyName string) (*reporthandling.Control, []armotypes.PostureExceptionPolicy, error) {
+
+	control := &reporthandling.Control{}
+	var err error
+	control, err = policyHandler.getters.PolicyGetter.GetControl(policyName)
+	if err != nil {
+		return control, nil, err
+	}
+	// if control == nil {
+	// 	return control, nil, fmt.Errorf("control not found")
+	// }
+
+	exceptions, err := policyHandler.getters.ExceptionsGetter.GetExceptions(cautils.CustomerGUID, cautils.ClusterName)
+	if err != nil {
+		return control, nil, err
+	}
+
+	return control, exceptions, nil
+}
--- a/resourcehandler/filesloader.go
+++ b/resourcehandler/filesloader.go
@@ -1,4 +1,4 @@
-package policyhandler
+package resourcehandler

 import (
 	"bytes"
@@ -8,7 +8,9 @@ import (
 	"path/filepath"
 	"strings"

+	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/k8s-interface/workloadinterface"
+	"k8s.io/apimachinery/pkg/version"

 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/cautils"
@@ -29,11 +31,22 @@ const (
 	JSON_FILE_FORMAT FileFormat = "json"
 )

-func (policyHandler *PolicyHandler) loadResources(frameworks []reporthandling.Framework, scanInfo *cautils.ScanInfo) (*cautils.K8SResources, error) {
+// FileResourceHandler handle resources from files and URLs
+type FileResourceHandler struct {
+	inputPatterns []string
+}
+
+func NewFileResourceHandler(inputPatterns []string) *FileResourceHandler {
+	return &FileResourceHandler{
+		inputPatterns: inputPatterns,
+	}
+}
+
+func (fileHandler *FileResourceHandler) GetResources(frameworks []reporthandling.Framework, designator *armotypes.PortalDesignator) (*cautils.K8SResources, error) {
 	workloads := []k8sinterface.IWorkload{}

 	// load resource from local file system
-	w, err := loadResourcesFromFiles(scanInfo.InputPatterns)
+	w, err := loadResourcesFromFiles(fileHandler.inputPatterns)
 	if err != nil {
 		return nil, err
 	}
@@ -42,7 +55,7 @@ func (policyHandler *PolicyHandler) loadResources(frameworks []reporthandling.Fr
 	}

 	// load resources from url
-	w, err = loadResourcesFromUrl(scanInfo.InputPatterns)
+	w, err = loadResourcesFromUrl(fileHandler.inputPatterns)
 	if err != nil {
 		return nil, err
 	}
@@ -59,7 +72,7 @@ func (policyHandler *PolicyHandler) loadResources(frameworks []reporthandling.Fr

 	// build resources map
 	// map resources based on framework required resources: map["/group/version/kind"][]<k8s workloads>
-	k8sResources := setResourceMap(frameworks)
+	k8sResources := setResourceMap(frameworks) // TODO - support designators

 	// save only relevant resources
 	for i := range allResources {
@@ -72,6 +85,10 @@ func (policyHandler *PolicyHandler) loadResources(frameworks []reporthandling.Fr

 }

+func (fileHandler *FileResourceHandler) GetClusterAPIServerInfo() *version.Info {
+	return nil
+}
+
 func loadResourcesFromFiles(inputPatterns []string) ([]k8sinterface.IWorkload, error) {
 	files, errs := listFiles(inputPatterns)
 	if len(errs) > 0 {
--- a/resourcehandler/filesloader_test.go
+++ b/resourcehandler/filesloader_test.go
@@ -1,4 +1,4 @@
-package policyhandler
+package resourcehandler

 import (
 	"fmt"
--- a/resourcehandler/k8sresources.go
+++ b/resourcehandler/k8sresources.go
@@ -1,6 +1,7 @@
-package policyhandler
+package resourcehandler

 import (
+	"context"
 	"fmt"
 	"strings"

@@ -15,12 +16,23 @@ import (
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
 	k8slabels "k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
+	"k8s.io/apimachinery/pkg/version"
 	"k8s.io/client-go/dynamic"
 )

-const SelectAllResources = "*"
+type K8sResourceHandler struct {
+	k8s                *k8sinterface.KubernetesApi
+	excludedNamespaces string // excluded namespaces (separated by comma)
+}

-func (policyHandler *PolicyHandler) getK8sResources(frameworks []reporthandling.Framework, designator *armotypes.PortalDesignator, excludedNamespaces string) (*cautils.K8SResources, error) {
+func NewK8sResourceHandler(k8s *k8sinterface.KubernetesApi, excludedNamespaces string) *K8sResourceHandler {
+	return &K8sResourceHandler{
+		k8s:                k8s,
+		excludedNamespaces: excludedNamespaces,
+	}
+}
+
+func (k8sHandler *K8sResourceHandler) GetResources(frameworks []reporthandling.Framework, designator *armotypes.PortalDesignator) (*cautils.K8SResources, error) {
 	// get k8s resources
 	cautils.ProgressTextDisplay("Accessing Kubernetes objects")

@@ -31,7 +43,7 @@ func (policyHandler *PolicyHandler) getK8sResources(frameworks []reporthandling.
 	_, namespace, labels := armotypes.DigestPortalDesignator(designator)

 	// pull k8s recourses
-	if err := policyHandler.pullResources(k8sResourcesMap, namespace, labels, excludedNamespaces); err != nil {
+	if err := k8sHandler.pullResources(k8sResourcesMap, namespace, labels, k8sHandler.excludedNamespaces); err != nil {
 		return k8sResourcesMap, err
 	}

@@ -39,13 +51,21 @@ func (policyHandler *PolicyHandler) getK8sResources(frameworks []reporthandling.
 	return k8sResourcesMap, nil
 }

-func (policyHandler *PolicyHandler) pullResources(k8sResources *cautils.K8SResources, namespace string, labels map[string]string, excludedNamespaces string) error {
+func (k8sHandler *K8sResourceHandler) GetClusterAPIServerInfo() *version.Info {
+	clusterAPIServerInfo, err := k8sHandler.k8s.KubernetesClient.Discovery().ServerVersion()
+	if err != nil {
+		cautils.ErrorDisplay(fmt.Sprintf("Failed to discover API server information: %v", err))
+		return nil
+	}
+	return clusterAPIServerInfo
+}
+func (k8sHandler *K8sResourceHandler) pullResources(k8sResources *cautils.K8SResources, namespace string, labels map[string]string, excludedNamespaces string) error {

 	var errs error
 	for groupResource := range *k8sResources {
 		apiGroup, apiVersion, resource := k8sinterface.StringToResourceGroup(groupResource)
 		gvr := schema.GroupVersionResource{Group: apiGroup, Version: apiVersion, Resource: resource}
-		result, err := policyHandler.pullSingleResource(&gvr, namespace, labels, excludedNamespaces)
+		result, err := k8sHandler.pullSingleResource(&gvr, namespace, labels, excludedNamespaces)
 		if err != nil {
 			// handle error
 			if errs == nil {
@@ -61,7 +81,7 @@ func (policyHandler *PolicyHandler) pullResources(k8sResources *cautils.K8SResou
 	return errs
 }

-func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVersionResource, namespace string, labels map[string]string, excludedNamespaces string) ([]unstructured.Unstructured, error) {
+func (k8sHandler *K8sResourceHandler) pullSingleResource(resource *schema.GroupVersionResource, namespace string, labels map[string]string, excludedNamespaces string) ([]unstructured.Unstructured, error) {

 	// set labels
 	listOptions := metav1.ListOptions{}
@@ -76,13 +96,13 @@ func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVer
 	// set dynamic object
 	var clientResource dynamic.ResourceInterface
 	if namespace != "" && k8sinterface.IsNamespaceScope(resource.Group, resource.Resource) {
-		clientResource = policyHandler.k8s.DynamicClient.Resource(*resource).Namespace(namespace)
+		clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource).Namespace(namespace)
 	} else {
-		clientResource = policyHandler.k8s.DynamicClient.Resource(*resource)
+		clientResource = k8sHandler.k8s.DynamicClient.Resource(*resource)
 	}

 	// list resources
-	result, err := clientResource.List(policyHandler.k8s.Context, listOptions)
+	result, err := clientResource.List(context.Background(), listOptions)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get resource: %v, namespace: %s, labelSelector: %v, reason: %s", resource, namespace, listOptions.LabelSelector, err.Error())
 	}
--- a/resourcehandler/k8sresourcesutils.go
+++ b/resourcehandler/k8sresourcesutils.go
@@ -1,4 +1,4 @@
-package policyhandler
+package resourcehandler

 import (
 	"github.com/armosec/kubescape/cautils"
--- a/resourcehandler/k8sresourcesutils_test.go
+++ b/resourcehandler/k8sresourcesutils_test.go
@@ -1,4 +1,4 @@
-package policyhandler
+package resourcehandler

 import (
 	"github.com/armosec/k8s-interface/k8sinterface"
--- a/resourcehandler/repositoryscanner.go
+++ b/resourcehandler/repositoryscanner.go
@@ -0,0 +1,155 @@
+package resourcehandler
+
+import (
+	"encoding/json"
+	"fmt"
+	"net/http"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils/getter"
+)
+
+type IRepository interface {
+	setBranch(string) error
+	setTree() error
+	getYamlFromTree() []string
+}
+
+type innerTree struct {
+	Path string `json:"path"`
+}
+type tree struct {
+	InnerTrees []innerTree `json:"tree"`
+}
+
+type GitHubRepository struct {
+	host   string
+	name   string // <org>/<repo>
+	branch string
+	tree   tree
+}
+type githubDefaultBranchAPI struct {
+	DefaultBranch string `json:"default_branch"`
+}
+
+func NewGitHubRepository(rep string) *GitHubRepository {
+	return &GitHubRepository{
+		host: "github",
+		name: rep,
+	}
+}
+
+func ScanRepository(command string, branchOptional string) ([]string, error) {
+	repo, err := getRepository(command)
+	if err != nil {
+		return nil, err
+	}
+
+	err = repo.setBranch(branchOptional)
+	if err != nil {
+		return nil, err
+	}
+
+	err = repo.setTree()
+	if err != nil {
+		return nil, err
+	}
+
+	// get all paths that are of the yaml type, and build them into a valid url
+	return repo.getYamlFromTree(), nil
+}
+
+func getHostAndRepoName(url string) (string, string, error) {
+	splitUrl := strings.Split(url, "/")
+
+	if len(splitUrl) != 5 {
+		return "", "", fmt.Errorf("failed to pars url: %s", url)
+	}
+
+	hostUrl := splitUrl[2]                                               // github.com, gitlab.com, etc.
+	repository := splitUrl[3] + "/" + strings.Split(splitUrl[4], ".")[0] // user/reposetory
+
+	return hostUrl, repository, nil
+}
+
+func getRepository(url string) (IRepository, error) {
+	hostUrl, repoName, err := getHostAndRepoName(url)
+	if err != nil {
+		return nil, err
+	}
+
+	var repo IRepository
+	switch repoHost := strings.Split(hostUrl, ".")[0]; repoHost {
+	case "github":
+		repo = NewGitHubRepository(repoName)
+	default:
+		return nil, fmt.Errorf("unknown repository host: %s", repoHost)
+	}
+
+	// Returns the host-url, and the part of the user and repository from the url
+	return repo, nil
+}
+
+func (g *GitHubRepository) setBranch(branchOptional string) error {
+	// Checks whether the repository type is a master or another type.
+	// By default it is "master", unless the branchOptional came with a value
+	if branchOptional == "" {
+
+		body, err := getter.HttpGetter(&http.Client{}, g.defaultBranchAPI())
+		if err != nil {
+			return err
+		}
+
+		var data githubDefaultBranchAPI
+		err = json.Unmarshal([]byte(body), &data)
+		if err != nil {
+			return err
+		}
+		g.branch = data.DefaultBranch
+	} else {
+		g.branch = branchOptional
+	}
+	return nil
+}
+
+func (g *GitHubRepository) defaultBranchAPI() string {
+	return fmt.Sprintf("https://api.github.com/repos/%s", g.name)
+}
+
+func (g *GitHubRepository) setTree() error {
+	body, err := getter.HttpGetter(&http.Client{}, g.treeAPI())
+	if err != nil {
+		return err
+	}
+
+	// press all tree to json
+	var tree tree
+	err = json.Unmarshal([]byte(body), &tree)
+	if err != nil {
+		return fmt.Errorf("failed to unmarshal response body from '%s', reason: %s", g.treeAPI(), err.Error())
+		// fmt.Printf("failed to unmarshal response body from '%s', reason: %s", urlCommand, err.Error())
+		// return nil
+	}
+	g.tree = tree
+
+	return nil
+}
+
+func (g *GitHubRepository) treeAPI() string {
+	return fmt.Sprintf("https://api.github.com/repos/%s/git/trees/%s?recursive=1", g.name, g.branch)
+}
+
+// return a list of yaml for a given repository tree
+func (g *GitHubRepository) getYamlFromTree() []string {
+	var urls []string
+	for _, path := range g.tree.InnerTrees {
+		if strings.HasSuffix(path.Path, ".yaml") {
+			urls = append(urls, fmt.Sprintf("%s/%s", g.rowYamlUrl(), path.Path))
+		}
+	}
+	return urls
+}
+
+func (g *GitHubRepository) rowYamlUrl() string {
+	return fmt.Sprintf("https://raw.githubusercontent.com/%s/%s", g.name, g.branch)
+}
--- a/resourcehandler/resourceshandler.go
+++ b/resourcehandler/resourceshandler.go
@@ -0,0 +1,13 @@
+package resourcehandler
+
+import (
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/opa-utils/reporthandling"
+	"k8s.io/apimachinery/pkg/version"
+)
+
+type IResourceHandler interface {
+	GetResources(frameworks []reporthandling.Framework, designator *armotypes.PortalDesignator) (*cautils.K8SResources, error)
+	GetClusterAPIServerInfo() *version.Info
+}
--- a/resourcehandler/urlloader.go
+++ b/resourcehandler/urlloader.go
@@ -1,4 +1,4 @@
-package policyhandler
+package resourcehandler

 import (
 	"bytes"
@@ -28,9 +28,18 @@ func listUrls(patterns []string) []string {
 	urls := []string{}
 	for i := range patterns {
 		if strings.HasPrefix(patterns[i], "http") {
-			urls = append(urls, patterns[i])
+			if !isYaml(patterns[i]) || !isJson(patterns[i]) { // if url of repo
+				if yamls, err := ScanRepository(patterns[i], ""); err == nil { // TODO - support branch
+					urls = append(urls, yamls...)
+				} else {
+					fmt.Print(err) // TODO - handle errors
+				}
+			} else { // url of single file
+				urls = append(urls, patterns[i])
+			}
 		}
 	}
+
 	return urls
 }

--- a/resultshandling/printer/jsonprinter.go
+++ b/resultshandling/printer/jsonprinter.go
@@ -0,0 +1,42 @@
+package printer
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/armosec/kubescape/cautils"
+)
+
+type JsonPrinter struct {
+	writer *os.File
+}
+
+func NewJsonPrinter() *JsonPrinter {
+	return &JsonPrinter{}
+}
+
+func (jsonPrinter *JsonPrinter) SetWriter(outputFile string) {
+	jsonPrinter.writer = getWriter(outputFile)
+}
+
+func (jsonPrinter *JsonPrinter) Score(score float32) {
+	fmt.Printf("\nFinal score: %d", int(score*100))
+}
+
+func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	var postureReportStr []byte
+	var err error
+
+	if len(opaSessionObj.PostureReport.FrameworkReports) == 1 {
+		postureReportStr, err = json.Marshal(opaSessionObj.PostureReport.FrameworkReports[0])
+	} else {
+		postureReportStr, err = json.Marshal(opaSessionObj.PostureReport.FrameworkReports)
+	}
+
+	if err != nil {
+		fmt.Println("Failed to convert posture report object!")
+		os.Exit(1)
+	}
+	jsonPrinter.writer.Write(postureReportStr)
+}
--- a/resultshandling/printer/junit.go
+++ b/resultshandling/printer/junit.go
@@ -3,10 +3,42 @@ package printer
 import (
 	"encoding/xml"
 	"fmt"
+	"os"

+	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/opa-utils/reporthandling"
 )

+type JunitPrinter struct {
+	writer *os.File
+}
+
+func NewJunitPrinter() *JunitPrinter {
+	return &JunitPrinter{}
+}
+
+func (junitPrinter *JunitPrinter) SetWriter(outputFile string) {
+	junitPrinter.writer = getWriter(outputFile)
+}
+
+func (junitPrinter *JunitPrinter) Score(score float32) {
+	fmt.Printf("\nFinal score: %d", int(score*100))
+}
+
+func (junitPrinter *JunitPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	junitResult, err := convertPostureReportToJunitResult(opaSessionObj.PostureReport)
+	if err != nil {
+		fmt.Println("Failed to convert posture report object!")
+		os.Exit(1)
+	}
+	postureReportStr, err := xml.Marshal(junitResult)
+	if err != nil {
+		fmt.Println("Failed to convert posture report object!")
+		os.Exit(1)
+	}
+	junitPrinter.writer.Write(postureReportStr)
+}
+
 type JUnitTestSuites struct {
 	XMLName xml.Name         `xml:"testsuites"`
 	Suites  []JUnitTestSuite `xml:"testsuite"`
@@ -17,9 +49,11 @@ type JUnitTestSuites struct {
 type JUnitTestSuite struct {
 	XMLName    xml.Name        `xml:"testsuite"`
 	Tests      int             `xml:"tests,attr"`
-	Failures   int             `xml:"failures,attr"`
 	Time       string          `xml:"time,attr"`
 	Name       string          `xml:"name,attr"`
+	Resources  int             `xml:"resources,attr"`
+	Excluded   int             `xml:"excluded,attr"`
+	Failed     int             `xml:"filed,attr"`
 	Properties []JUnitProperty `xml:"properties>property,omitempty"`
 	TestCases  []JUnitTestCase `xml:"testcase"`
 }
@@ -30,6 +64,9 @@ type JUnitTestCase struct {
 	Classname   string            `xml:"classname,attr"`
 	Name        string            `xml:"name,attr"`
 	Time        string            `xml:"time,attr"`
+	Resources   int               `xml:"resources,attr"`
+	Excluded    int               `xml:"excluded,attr"`
+	Failed      int               `xml:"filed,attr"`
 	SkipMessage *JUnitSkipMessage `xml:"skipped,omitempty"`
 	Failure     *JUnitFailure     `xml:"failure,omitempty"`
 }
@@ -55,7 +92,12 @@ type JUnitFailure struct {
 func convertPostureReportToJunitResult(postureResult *reporthandling.PostureReport) (*JUnitTestSuites, error) {
 	juResult := JUnitTestSuites{XMLName: xml.Name{Local: "Kubescape scan results"}}
 	for _, framework := range postureResult.FrameworkReports {
-		suite := JUnitTestSuite{Name: framework.Name}
+		suite := JUnitTestSuite{
+			Name:      framework.Name,
+			Resources: framework.GetNumberOfResources(),
+			Excluded:  framework.GetNumberOfWarningResources(),
+			Failed:    framework.GetNumberOfFailedResources(),
+		}
 		for _, controlReports := range framework.ControlReports {
 			suite.Tests = suite.Tests + 1
 			testCase := JUnitTestCase{}
@@ -63,9 +105,12 @@ func convertPostureReportToJunitResult(postureResult *reporthandling.PostureRepo
 			testCase.Classname = "Kubescape"
 			testCase.Time = "0"
 			if 0 < len(controlReports.RuleReports[0].RuleResponses) {
-				suite.Failures = suite.Failures + 1
+
+				testCase.Resources = controlReports.GetNumberOfResources()
+				testCase.Excluded = controlReports.GetNumberOfWarningResources()
+				testCase.Failed = controlReports.GetNumberOfFailedResources()
 				failure := JUnitFailure{}
-				failure.Message = fmt.Sprintf("%d resources failed", len(controlReports.RuleReports[0].RuleResponses))
+				failure.Message = fmt.Sprintf("%d resources failed", testCase.Failed)
 				for _, ruleResponses := range controlReports.RuleReports[0].RuleResponses {
 					failure.Contents = fmt.Sprintf("%s\n%s", failure.Contents, ruleResponses.AlertMessage)
 				}
--- a/resultshandling/printer/prettyprinter.go
+++ b/resultshandling/printer/prettyprinter.go
@@ -0,0 +1,239 @@
+package printer
+
+import (
+	"fmt"
+	"os"
+	"sort"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/enescakir/emoji"
+	"github.com/olekukonko/tablewriter"
+)
+
+type PrettyPrinter struct {
+	writer             *os.File
+	summary            Summary
+	sortedControlNames []string
+	frameworkSummary   ControlSummary
+}
+
+func NewPrettyPrinter() *PrettyPrinter {
+	return &PrettyPrinter{
+		summary: NewSummary(),
+	}
+}
+
+// Initializes empty printer for new table
+func (printer *PrettyPrinter) init() *PrettyPrinter {
+	printer.frameworkSummary = ControlSummary{}
+	printer.summary = Summary{}
+	printer.sortedControlNames = []string{}
+	return printer
+}
+
+func (printer *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+	// score := calculatePostureScore(opaSessionObj.PostureReport)
+	for _, report := range opaSessionObj.PostureReport.FrameworkReports {
+		// Print summary table together for control scan
+		if report.Name != "" {
+			printer = printer.init()
+		}
+		printer.summarySetup(report)
+		printer.printResults()
+		printer.printSummaryTable(report.Name)
+	}
+
+	// return score
+}
+
+func (printer *PrettyPrinter) SetWriter(outputFile string) {
+	printer.writer = getWriter(outputFile)
+}
+
+func (printer *PrettyPrinter) Score(score float32) {
+}
+
+func (printer *PrettyPrinter) summarySetup(fr reporthandling.FrameworkReport) {
+	printer.frameworkSummary = ControlSummary{
+		TotalResources: fr.GetNumberOfResources(),
+		TotalFailed:    fr.GetNumberOfFailedResources(),
+		TotalWarnign:   fr.GetNumberOfWarningResources(),
+	}
+	for _, cr := range fr.ControlReports {
+		if len(cr.RuleReports) == 0 {
+			continue
+		}
+		workloadsSummary := listResultSummary(cr.RuleReports)
+
+		printer.summary[cr.Name] = ControlSummary{
+			TotalResources:    cr.GetNumberOfResources(),
+			TotalFailed:       cr.GetNumberOfFailedResources(),
+			TotalWarnign:      cr.GetNumberOfWarningResources(),
+			FailedWorkloads:   groupByNamespace(workloadsSummary, workloadSummaryFailed),
+			ExcludedWorkloads: groupByNamespace(workloadsSummary, workloadSummaryExclude),
+			Description:       cr.Description,
+			Remediation:       cr.Remediation,
+			ListInputKinds:    cr.ListControlsInputKinds(),
+		}
+	}
+	printer.sortedControlNames = printer.getSortedControlsNames()
+}
+func (printer *PrettyPrinter) printResults() {
+	for i := 0; i < len(printer.sortedControlNames); i++ {
+		controlSummary := printer.summary[printer.sortedControlNames[i]]
+		printer.printTitle(printer.sortedControlNames[i], &controlSummary)
+		printer.printResources(&controlSummary)
+		if printer.summary[printer.sortedControlNames[i]].TotalResources > 0 {
+			printer.printSummary(printer.sortedControlNames[i], &controlSummary)
+		}
+
+	}
+}
+
+func (printer *PrettyPrinter) printSummary(controlName string, controlSummary *ControlSummary) {
+	cautils.SimpleDisplay(printer.writer, "Summary - ")
+	cautils.SuccessDisplay(printer.writer, "Passed:%v   ", controlSummary.TotalResources-controlSummary.TotalFailed-controlSummary.TotalWarnign)
+	cautils.WarningDisplay(printer.writer, "Excluded:%v   ", controlSummary.TotalWarnign)
+	cautils.FailureDisplay(printer.writer, "Failed:%v   ", controlSummary.TotalFailed)
+	cautils.InfoDisplay(printer.writer, "Total:%v\n", controlSummary.TotalResources)
+	if controlSummary.TotalFailed > 0 {
+		cautils.DescriptionDisplay(printer.writer, "Remediation: %v\n", controlSummary.Remediation)
+	}
+	cautils.DescriptionDisplay(printer.writer, "\n")
+
+}
+
+func (printer *PrettyPrinter) printTitle(controlName string, controlSummary *ControlSummary) {
+	cautils.InfoDisplay(printer.writer, "[control: %s] ", controlName)
+	if controlSummary.TotalResources == 0 {
+		cautils.InfoDisplay(printer.writer, "resources not found %v\n", emoji.ConfusedFace)
+	} else if controlSummary.TotalFailed != 0 {
+		cautils.FailureDisplay(printer.writer, "failed %v\n", emoji.SadButRelievedFace)
+	} else if controlSummary.TotalWarnign != 0 {
+		cautils.WarningDisplay(printer.writer, "excluded %v\n", emoji.NeutralFace)
+	} else {
+		cautils.SuccessDisplay(printer.writer, "passed %v\n", emoji.ThumbsUp)
+	}
+
+	cautils.DescriptionDisplay(printer.writer, "Description: %s\n", controlSummary.Description)
+
+}
+func (printer *PrettyPrinter) printResources(controlSummary *ControlSummary) {
+
+	if len(controlSummary.FailedWorkloads) > 0 {
+		cautils.FailureDisplay(printer.writer, "Failed:\n")
+		printer.printGroupedResources(controlSummary.FailedWorkloads)
+	}
+	if len(controlSummary.ExcludedWorkloads) > 0 {
+		cautils.WarningDisplay(printer.writer, "Excluded:\n")
+		printer.printGroupedResources(controlSummary.ExcludedWorkloads)
+	}
+
+}
+
+func (printer *PrettyPrinter) printGroupedResources(workloads map[string][]WorkloadSummary) {
+
+	indent := INDENT
+
+	for ns, rsc := range workloads {
+		preIndent := indent
+		if ns != "" {
+			cautils.SimpleDisplay(printer.writer, "%sNamespace %s\n", indent, ns)
+		}
+		preIndent2 := indent
+		for r := range rsc {
+			indent += indent
+			cautils.SimpleDisplay(printer.writer, fmt.Sprintf("%s%s - %s\n", indent, rsc[r].Kind, rsc[r].Name))
+			indent = preIndent2
+		}
+		indent = preIndent
+	}
+
+}
+
+func generateRow(control string, cs ControlSummary) []string {
+	row := []string{control}
+	row = append(row, cs.ToSlice()...)
+	if cs.TotalResources != 0 {
+		row = append(row, fmt.Sprintf("%d%s", percentage(cs.TotalResources, cs.TotalFailed), "%"))
+	} else {
+		row = append(row, EmptyPercentage)
+	}
+	return row
+}
+
+func generateHeader() []string {
+	return []string{"Control Name", "Failed Resources", "Excluded Resources", "All Resources", "% success"}
+}
+
+func percentage(big, small int) int {
+	if big == 0 {
+		if small == 0 {
+			return 100
+		}
+		return 0
+	}
+	return int(float64(float64(big-small)/float64(big)) * 100)
+}
+func generateFooter(numControlers, sumFailed, sumWarning, sumTotal int) []string {
+	// Control name | # failed resources | all resources | % success
+	row := []string{}
+	row = append(row, "Resource Summary") //fmt.Sprintf(""%d", numControlers"))
+	row = append(row, fmt.Sprintf("%d", sumFailed))
+	row = append(row, fmt.Sprintf("%d", sumWarning))
+	row = append(row, fmt.Sprintf("%d", sumTotal))
+	if sumTotal != 0 {
+		row = append(row, fmt.Sprintf("%d%s", percentage(sumTotal, sumFailed), "%"))
+	} else {
+		row = append(row, EmptyPercentage)
+	}
+	return row
+}
+func (printer *PrettyPrinter) printSummaryTable(framework string) {
+	// For control scan framework will be nil
+	printer.printFramework(framework)
+
+	summaryTable := tablewriter.NewWriter(printer.writer)
+	summaryTable.SetAutoWrapText(false)
+	summaryTable.SetHeader(generateHeader())
+	summaryTable.SetHeaderLine(true)
+	alignments := []int{tablewriter.ALIGN_LEFT, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER}
+	summaryTable.SetColumnAlignment(alignments)
+
+	for i := 0; i < len(printer.sortedControlNames); i++ {
+		controlSummary := printer.summary[printer.sortedControlNames[i]]
+		summaryTable.Append(generateRow(printer.sortedControlNames[i], controlSummary))
+	}
+	summaryTable.SetFooter(generateFooter(len(printer.summary), printer.frameworkSummary.TotalFailed, printer.frameworkSummary.TotalWarnign, printer.frameworkSummary.TotalResources))
+	summaryTable.Render()
+}
+
+func (printer *PrettyPrinter) printFramework(framework string) {
+	if framework != "" {
+		cautils.InfoTextDisplay(printer.writer, fmt.Sprintf("%s FRAMEWORK\n", framework))
+	}
+}
+
+func (printer *PrettyPrinter) getSortedControlsNames() []string {
+	controlNames := make([]string, 0, len(printer.summary))
+	for k := range printer.summary {
+		controlNames = append(controlNames, k)
+	}
+	sort.Strings(controlNames)
+	return controlNames
+}
+
+func getWriter(outputFile string) *os.File {
+	os.Remove(outputFile)
+	if outputFile != "" {
+		f, err := os.OpenFile(outputFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+		if err != nil {
+			fmt.Println("Error opening file")
+			return os.Stdout
+		}
+		return f
+	}
+	return os.Stdout
+
+}
--- a/resultshandling/printer/printresults.go
+++ b/resultshandling/printer/printresults.go
@@ -1,17 +1,7 @@
 package printer

 import (
-	"encoding/json"
-	"encoding/xml"
-	"fmt"
-	"os"
-	"sort"
-
 	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/opa-utils/reporthandling"
-
-	"github.com/enescakir/emoji"
-	"github.com/olekukonko/tablewriter"
 )

 var INDENT = "   "
@@ -19,239 +9,24 @@ var INDENT = "   "
 const EmptyPercentage = "NaN"

 const (
-	PrettyPrinter      string = "pretty-printer"
-	JsonPrinter        string = "json"
+	PrettyFormat       string = "pretty-printer"
+	JsonFormat         string = "json"
 	JunitResultPrinter string = "junit"
 )

-type Printer struct {
-	writer             *os.File
-	summary            Summary
-	sortedControlNames []string
-	printerType        string
-	frameworkSummary   ControlSummary
+type IPrinter interface {
+	ActionPrint(opaSessionObj *cautils.OPASessionObj)
+	SetWriter(outputFile string)
+	Score(score float32)
 }

-func NewPrinter(printerType, outputFile string) *Printer {
-	return &Printer{
-		summary:     NewSummary(),
-		writer:      getWriter(outputFile),
-		printerType: printerType,
+func GetPrinter(printFormat string) IPrinter {
+	switch printFormat {
+	case JsonFormat:
+		return NewJsonPrinter()
+	case JunitResultPrinter:
+		return NewJunitPrinter()
+	default:
+		return NewPrettyPrinter()
 	}
 }
-
-func calculatePostureScore(postureReport *reporthandling.PostureReport) float32 {
-	totalResources := 0
-	totalFailed := 0
-	for _, frameworkReport := range postureReport.FrameworkReports {
-		totalFailed += frameworkReport.GetNumberOfFailedResources()
-		totalResources += frameworkReport.GetNumberOfResources()
-	}
-	if totalResources == 0 {
-		return float32(0)
-	}
-	return (float32(totalResources) - float32(totalFailed)) / float32(totalResources)
-}
-
-func (printer *Printer) ActionPrint(opaSessionObj *cautils.OPASessionObj) float32 {
-	var score float32
-
-	if printer.printerType == PrettyPrinter {
-		printer.SummarySetup(opaSessionObj.PostureReport)
-		printer.PrintResults()
-		printer.PrintSummaryTable()
-	} else if printer.printerType == JsonPrinter {
-		postureReportStr, err := json.Marshal(opaSessionObj.PostureReport.FrameworkReports[0])
-		if err != nil {
-			fmt.Println("Failed to convert posture report object!")
-			os.Exit(1)
-		}
-		printer.writer.Write(postureReportStr)
-	} else if printer.printerType == JunitResultPrinter {
-		junitResult, err := convertPostureReportToJunitResult(opaSessionObj.PostureReport)
-		if err != nil {
-			fmt.Println("Failed to convert posture report object!")
-			os.Exit(1)
-		}
-		postureReportStr, err := xml.Marshal(junitResult)
-		if err != nil {
-			fmt.Println("Failed to convert posture report object!")
-			os.Exit(1)
-		}
-		printer.writer.Write(postureReportStr)
-	} else if !cautils.IsSilent() {
-		fmt.Println("unknown output printer")
-		os.Exit(1)
-	}
-
-	score = calculatePostureScore(opaSessionObj.PostureReport)
-
-	return score
-}
-
-func (printer *Printer) SummarySetup(postureReport *reporthandling.PostureReport) {
-	for _, fr := range postureReport.FrameworkReports {
-		printer.frameworkSummary = ControlSummary{
-			TotalResources: fr.GetNumberOfResources(),
-			TotalFailed:    fr.GetNumberOfFailedResources(),
-			TotalWarnign:   fr.GetNumberOfWarningResources(),
-		}
-		for _, cr := range fr.ControlReports {
-			if len(cr.RuleReports) == 0 {
-				continue
-			}
-			workloadsSummary := listResultSummary(cr.RuleReports)
-			mapResources := groupByNamespace(workloadsSummary)
-
-			printer.summary[cr.Name] = ControlSummary{
-				TotalResources:  cr.GetNumberOfResources(),
-				TotalFailed:     cr.GetNumberOfFailedResources(),
-				TotalWarnign:    cr.GetNumberOfWarningResources(),
-				WorkloadSummary: mapResources,
-				Description:     cr.Description,
-				Remediation:     cr.Remediation,
-				ListInputKinds:  cr.ListControlsInputKinds(),
-			}
-		}
-	}
-	printer.sortedControlNames = printer.getSortedControlsNames()
-}
-func (printer *Printer) PrintResults() {
-	for i := 0; i < len(printer.sortedControlNames); i++ {
-		controlSummary := printer.summary[printer.sortedControlNames[i]]
-		printer.printTitle(printer.sortedControlNames[i], &controlSummary)
-		printer.printResult(printer.sortedControlNames[i], &controlSummary)
-
-		if printer.summary[printer.sortedControlNames[i]].TotalResources > 0 {
-			printer.printSummary(printer.sortedControlNames[i], &controlSummary)
-		}
-
-	}
-}
-
-func (printer *Printer) printSummary(controlName string, controlSummary *ControlSummary) {
-	cautils.SimpleDisplay(printer.writer, "Summary - ")
-	cautils.SuccessDisplay(printer.writer, "Passed:%v   ", controlSummary.TotalResources-controlSummary.TotalFailed-controlSummary.TotalWarnign)
-	cautils.WarningDisplay(printer.writer, "Excluded:%v   ", controlSummary.TotalWarnign)
-	cautils.FailureDisplay(printer.writer, "Failed:%v   ", controlSummary.TotalFailed)
-	cautils.InfoDisplay(printer.writer, "Total:%v\n", controlSummary.TotalResources)
-	if controlSummary.TotalFailed > 0 {
-		cautils.DescriptionDisplay(printer.writer, "Remediation: %v\n", controlSummary.Remediation)
-	}
-	cautils.DescriptionDisplay(printer.writer, "\n")
-
-}
-
-func (printer *Printer) printTitle(controlName string, controlSummary *ControlSummary) {
-	cautils.InfoDisplay(printer.writer, "[control: %s] ", controlName)
-	if controlSummary.TotalResources == 0 && len(controlSummary.ListInputKinds) > 0 {
-		cautils.InfoDisplay(printer.writer, "resources not found %v\n", emoji.ConfusedFace)
-	} else if controlSummary.TotalFailed != 0 {
-		cautils.FailureDisplay(printer.writer, "failed %v\n", emoji.SadButRelievedFace)
-	} else if controlSummary.TotalWarnign != 0 {
-		cautils.WarningDisplay(printer.writer, "excluded %v\n", emoji.NeutralFace)
-	} else {
-		cautils.SuccessDisplay(printer.writer, "passed %v\n", emoji.ThumbsUp)
-	}
-
-	cautils.DescriptionDisplay(printer.writer, "Description: %s\n", controlSummary.Description)
-
-}
-func (printer *Printer) printResult(controlName string, controlSummary *ControlSummary) {
-
-	indent := INDENT
-	for ns, rsc := range controlSummary.WorkloadSummary {
-		preIndent := indent
-		if ns != "" {
-			cautils.SimpleDisplay(printer.writer, "%sNamespace %s\n", indent, ns)
-		}
-		preIndent2 := indent
-		for r := range rsc {
-			indent += indent
-			cautils.SimpleDisplay(printer.writer, fmt.Sprintf("%s%s - %s\n", indent, rsc[r].Kind, rsc[r].Name))
-			indent = preIndent2
-		}
-		indent = preIndent
-	}
-
-}
-
-func (printer *Printer) PrintUrl(url string) {
-	cautils.InfoTextDisplay(printer.writer, url)
-}
-
-func generateRow(control string, cs ControlSummary) []string {
-	row := []string{control}
-	row = append(row, cs.ToSlice()...)
-	if cs.TotalResources != 0 {
-		row = append(row, fmt.Sprintf("%d%s", percentage(cs.TotalResources, cs.TotalFailed), "%"))
-	} else {
-		row = append(row, EmptyPercentage)
-	}
-	return row
-}
-
-func generateHeader() []string {
-	return []string{"Control Name", "Failed Resources", "Excluded Resources", "All Resources", "% success"}
-}
-
-func percentage(big, small int) int {
-	if big == 0 {
-		if small == 0 {
-			return 100
-		}
-		return 0
-	}
-	return int(float64(float64(big-small)/float64(big)) * 100)
-}
-func generateFooter(numControlers, sumFailed, sumWarning, sumTotal int) []string {
-	// Control name | # failed resources | all resources | % success
-	row := []string{}
-	row = append(row, fmt.Sprintf("%d", numControlers))
-	row = append(row, fmt.Sprintf("%d", sumFailed))
-	row = append(row, fmt.Sprintf("%d", sumWarning))
-	row = append(row, fmt.Sprintf("%d", sumTotal))
-	if sumTotal != 0 {
-		row = append(row, fmt.Sprintf("%d%s", percentage(sumTotal, sumFailed), "%"))
-	} else {
-		row = append(row, EmptyPercentage)
-	}
-	return row
-}
-func (printer *Printer) PrintSummaryTable() {
-	summaryTable := tablewriter.NewWriter(printer.writer)
-	summaryTable.SetAutoWrapText(false)
-	summaryTable.SetHeader(generateHeader())
-	summaryTable.SetHeaderLine(true)
-	summaryTable.SetAlignment(tablewriter.ALIGN_LEFT)
-
-	for i := 0; i < len(printer.sortedControlNames); i++ {
-		controlSummary := printer.summary[printer.sortedControlNames[i]]
-		summaryTable.Append(generateRow(printer.sortedControlNames[i], controlSummary))
-	}
-	summaryTable.SetFooter(generateFooter(len(printer.summary), printer.frameworkSummary.TotalFailed, printer.frameworkSummary.TotalWarnign, printer.frameworkSummary.TotalResources))
-	summaryTable.Render()
-}
-
-func (printer *Printer) getSortedControlsNames() []string {
-	controlNames := make([]string, 0, len(printer.summary))
-	for k := range printer.summary {
-		controlNames = append(controlNames, k)
-	}
-	sort.Strings(controlNames)
-	return controlNames
-}
-
-func getWriter(outputFile string) *os.File {
-	os.Remove(outputFile)
-	if outputFile != "" {
-		f, err := os.OpenFile(outputFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
-		if err != nil {
-			fmt.Println("Error opening file")
-			return os.Stdout
-		}
-		return f
-	}
-	return os.Stdout
-
-}
--- a/resultshandling/printer/silentprinter.go
+++ b/resultshandling/printer/silentprinter.go
@@ -0,0 +1,11 @@
+package printer
+
+import (
+	"github.com/armosec/kubescape/cautils"
+)
+
+type SilentPrinter struct {
+}
+
+func (silentPrinter *SilentPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+}
--- a/resultshandling/printer/summary.go
+++ b/resultshandling/printer/summary.go
@@ -13,13 +13,14 @@ func NewSummary() Summary {
 }

 type ControlSummary struct {
-	TotalResources  int
-	TotalFailed     int
-	TotalWarnign    int
-	Description     string
-	Remediation     string
-	ListInputKinds  []string
-	WorkloadSummary map[string][]WorkloadSummary // <namespace>:[<WorkloadSummary>]
+	TotalResources    int
+	TotalFailed       int
+	TotalWarnign      int
+	Description       string
+	Remediation       string
+	ListInputKinds    []string
+	FailedWorkloads   map[string][]WorkloadSummary // <namespace>:[<WorkloadSummary>]
+	ExcludedWorkloads map[string][]WorkloadSummary // <namespace>:[<WorkloadSummary>]
 }

 type WorkloadSummary struct {
@@ -41,3 +42,11 @@ func (controlSummary *ControlSummary) ToSlice() []string {
 func (workloadSummary *WorkloadSummary) ToString() string {
 	return fmt.Sprintf("/%s/%s/%s/%s", workloadSummary.Group, workloadSummary.Namespace, workloadSummary.Kind, workloadSummary.Name)
 }
+
+func workloadSummaryFailed(workloadSummary *WorkloadSummary) bool {
+	return workloadSummary.Exception == nil
+}
+
+func workloadSummaryExclude(workloadSummary *WorkloadSummary) bool {
+	return workloadSummary.Exception != nil && workloadSummary.Exception.IsAlertOnly()
+}
--- a/resultshandling/printer/summeryhelpers.go
+++ b/resultshandling/printer/summeryhelpers.go
@@ -8,14 +8,16 @@ import (
 )

 // Group workloads by namespace - return {"namespace": <[]WorkloadSummary>}
-func groupByNamespace(resources []WorkloadSummary) map[string][]WorkloadSummary {
+func groupByNamespace(resources []WorkloadSummary, status func(workloadSummary *WorkloadSummary) bool) map[string][]WorkloadSummary {
 	mapResources := make(map[string][]WorkloadSummary)
 	for i := range resources {
-		if r, ok := mapResources[resources[i].Namespace]; ok {
-			r = append(r, resources[i])
-			mapResources[resources[i].Namespace] = r
-		} else {
-			mapResources[resources[i].Namespace] = []WorkloadSummary{resources[i]}
+		if status(&resources[i]) {
+			if r, ok := mapResources[resources[i].Namespace]; ok {
+				r = append(r, resources[i])
+				mapResources[resources[i].Namespace] = r
+			} else {
+				mapResources[resources[i].Namespace] = []WorkloadSummary{resources[i]}
+			}
 		}
 	}
 	return mapResources
--- a/resultshandling/reporter/mockreporter.go
+++ b/resultshandling/reporter/mockreporter.go
@@ -0,0 +1,17 @@
+package reporter
+
+import "github.com/armosec/kubescape/cautils"
+
+type ReportMock struct {
+}
+
+func NewReportMock() *ReportMock {
+	return &ReportMock{}
+}
+func (reportMock *ReportMock) ActionSendReport(opaSessionObj *cautils.OPASessionObj) {}
+
+func (reportMock *ReportMock) SetCustomerGUID(customerGUID string) {
+}
+
+func (reportMock *ReportMock) SetClusterName(clusterName string) {
+}
--- a/resultshandling/reporter/reporteventreceiver.go
+++ b/resultshandling/reporter/reporteventreceiver.go
@@ -5,47 +5,55 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
-	"net/url"

 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/opa-utils/reporthandling"
 )

+type IReport interface {
+	ActionSendReport(opaSessionObj *cautils.OPASessionObj)
+	SetCustomerGUID(customerGUID string)
+	SetClusterName(clusterName string)
+}
+
 type ReportEventReceiver struct {
-	httpClient http.Client
-	host       url.URL
+	httpClient   http.Client
+	clusterName  string
+	customerGUID string
 }

 func NewReportEventReceiver() *ReportEventReceiver {
-	hostURL := initEventReceiverURL()
 	return &ReportEventReceiver{
 		httpClient: http.Client{},
-		host:       *hostURL,
 	}
 }

-func (report *ReportEventReceiver) ActionSendReportListenner(opaSessionObj *cautils.OPASessionObj) {
-	if cautils.CustomerGUID == "" {
-		return
-	}
-	//Add score
-
+func (report *ReportEventReceiver) ActionSendReport(opaSessionObj *cautils.OPASessionObj) {
 	// Remove data before reporting
 	keepFields := []string{"kind", "apiVersion", "metadata"}
 	keepMetadataFields := []string{"name", "namespace", "labels"}
 	opaSessionObj.PostureReport.RemoveData(keepFields, keepMetadataFields)

-	if err := report.Send(opaSessionObj.PostureReport); err != nil {
+	if err := report.send(opaSessionObj.PostureReport); err != nil {
 		fmt.Println(err)
 	}
 }
-func (report *ReportEventReceiver) Send(postureReport *reporthandling.PostureReport) error {
+
+func (report *ReportEventReceiver) SetCustomerGUID(customerGUID string) {
+	report.customerGUID = customerGUID
+}
+
+func (report *ReportEventReceiver) SetClusterName(clusterName string) {
+	report.clusterName = clusterName
+}
+
+func (report *ReportEventReceiver) send(postureReport *reporthandling.PostureReport) error {

 	reqBody, err := json.Marshal(*postureReport)
 	if err != nil {
 		return fmt.Errorf("in 'Send' failed to json.Marshal, reason: %v", err)
 	}
-	host := hostToString(&report.host, postureReport.ReportID)
+	host := hostToString(report.initEventReceiverURL(), postureReport.ReportID)

 	req, err := http.NewRequest("POST", host, bytes.NewReader(reqBody))
 	if err != nil {
--- a/resultshandling/reporter/reporteventreceiverutils.go
+++ b/resultshandling/reporter/reporteventreceiverutils.go
@@ -7,7 +7,6 @@ import (
 	"net/url"
 	"strings"

-	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/getter"
 	"github.com/gofrs/uuid"
 )
@@ -33,15 +32,15 @@ func httpRespToString(resp *http.Response) (string, error) {
 	return strBuilder.String(), err
 }

-func initEventReceiverURL() *url.URL {
+func (report *ReportEventReceiver) initEventReceiverURL() *url.URL {
 	urlObj := url.URL{}

 	urlObj.Scheme = "https"
 	urlObj.Host = getter.GetArmoAPIConnector().GetReportReceiverURL()
 	urlObj.Path = "/k8s/postureReport"
 	q := urlObj.Query()
-	q.Add("customerGUID", uuid.FromStringOrNil(cautils.CustomerGUID).String())
-	q.Add("clusterName", cautils.ClusterName)
+	q.Add("customerGUID", uuid.FromStringOrNil(report.customerGUID).String())
+	q.Add("clusterName", report.clusterName)

 	urlObj.RawQuery = q.Encode()

--- a/resultshandling/results.go
+++ b/resultshandling/results.go
@@ -4,15 +4,16 @@ import (
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/resultshandling/printer"
 	"github.com/armosec/kubescape/resultshandling/reporter"
+	"github.com/armosec/opa-utils/reporthandling"
 )

 type ResultsHandler struct {
 	opaSessionObj *chan *cautils.OPASessionObj
-	reporterObj   *reporter.ReportEventReceiver
-	printerObj    *printer.Printer
+	reporterObj   reporter.IReport
+	printerObj    printer.IPrinter
 }

-func NewResultsHandler(opaSessionObj *chan *cautils.OPASessionObj, reporterObj *reporter.ReportEventReceiver, printerObj *printer.Printer) *ResultsHandler {
+func NewResultsHandler(opaSessionObj *chan *cautils.OPASessionObj, reporterObj reporter.IReport, printerObj printer.IPrinter) *ResultsHandler {
 	return &ResultsHandler{
 		opaSessionObj: opaSessionObj,
 		reporterObj:   reporterObj,
@@ -20,13 +21,36 @@ func NewResultsHandler(opaSessionObj *chan *cautils.OPASessionObj, reporterObj *
 	}
 }

-func (resultsHandler *ResultsHandler) HandleResults() float32 {
+func (resultsHandler *ResultsHandler) HandleResults(scanInfo *cautils.ScanInfo) float32 {

 	opaSessionObj := <-*resultsHandler.opaSessionObj

-	score := resultsHandler.printerObj.ActionPrint(opaSessionObj)
+	resultsHandler.printerObj.ActionPrint(opaSessionObj)

-	resultsHandler.reporterObj.ActionSendReportListenner(opaSessionObj)
+	resultsHandler.reporterObj.ActionSendReport(opaSessionObj)
+
+	// TODO - get score from table
+	score := CalculatePostureScore(opaSessionObj.PostureReport)
+	resultsHandler.printerObj.Score(score)

 	return score
 }
+
+// CalculatePostureScore calculate final score
+func CalculatePostureScore(postureReport *reporthandling.PostureReport) float32 {
+	lowestScore := float32(100)
+	for _, frameworkReport := range postureReport.FrameworkReports {
+		totalFailed := frameworkReport.GetNumberOfFailedResources()
+		totalResources := frameworkReport.GetNumberOfResources()
+
+		frameworkScore := float32(0)
+		if float32(totalResources) > 0 {
+			frameworkScore = (float32(totalResources) - float32(totalFailed)) / float32(totalResources)
+		}
+		if lowestScore > frameworkScore {
+			lowestScore = frameworkScore
+		}
+	}
+
+	return lowestScore
+}
Author	SHA1	Message	Date
dwertent	ca927dec30	update naming convention	2021-10-28 10:05:30 +03:00
dwertent	3a78ef46a3	Merge remote-tracking branch 'upstream/dev'	2021-10-28 09:40:26 +03:00
David Wertenteil	bdb1cd0905	Merge pull request #199 from Daniel-GrunbergerCA/master Scan with multiple frameworks/control support	2021-10-28 09:35:07 +03:00
dwertent	ffb556a637	update readme	2021-10-28 09:15:22 +03:00
dwertent	40acfb5e9d	Adding cronJob doc	2021-10-28 09:10:37 +03:00
Daniel-GrunbergerCA	de8bcfa0d2	enhance help msgs	2021-10-27 14:44:25 +03:00
Daniel-GrunbergerCA	9439f407da	add env var to not check latest release	2021-10-27 13:39:03 +03:00
Daniel-GrunbergerCA	5095e62961	support scanning multiple frameworks from multiple files	2021-10-27 13:02:45 +03:00
Daniel-GrunbergerCA	3301907864	print only one table for controls & enhance help msg	2021-10-27 10:25:26 +03:00
Daniel-GrunbergerCA	151175c40f	read single control from framework file	2021-10-27 08:49:40 +03:00
Daniel-GrunbergerCA	234d4fa537	Merge remote-tracking branch 'upstream/dev'	2021-10-27 08:27:21 +03:00
dwertent	66068757e1	update cluster name in mock struct	2021-10-26 20:39:18 +03:00
dwertent	8a7cda5dd1	adopt cluster name	2021-10-26 20:27:33 +03:00
Daniel-GrunbergerCA	a0ca68cc41	update json and junit for multiple frameworks	2021-10-26 13:55:12 +03:00
Daniel-GrunbergerCA	41cae0bc93	Merge remote-tracking branch 'upstream/dev'	2021-10-26 13:23:00 +03:00
David Wertenteil	b4198fde8c	Merge pull request #198 from dwertent/master update pkg tag	2021-10-26 12:28:02 +03:00
dwertent	bd24f35738	update tag	2021-10-26 12:26:44 +03:00
Daniel-GrunbergerCA	6fcbb757b5	Merge remote-tracking branch 'upstream/dev'	2021-10-25 17:41:15 +03:00
Daniel-GrunbergerCA	3b8825e5d2	scan multiple frameworks and controls	2021-10-25 17:41:04 +03:00
Rotem Refael	5cf3244918	Merge pull request #192 from dwertent/master Update multiple score	2021-10-25 17:40:19 +03:00
dwertent	934c9ccc8b	fixed lowest	2021-10-25 15:51:23 +03:00
dwertent	41dfdfd1e8	support more than score	2021-10-25 15:14:31 +03:00
David Wertenteil	427fb59c99	Merge pull request #190 from dwertent/master Fixed submit and url	2021-10-25 12:08:23 +03:00
David Wertenteil	ae825800f6	Merge pull request #189 from Daniel-GrunbergerCA/master Update tag for newest release of k8s-interface	2021-10-25 12:08:06 +03:00
dwertent	d72700acf6	update submit	2021-10-25 12:05:51 +03:00
dwertent	3310a6a26f	Merge remote-tracking branch 'upstream/dev'	2021-10-25 11:55:30 +03:00
dwertent	740b5aa772	add full url	2021-10-25 11:55:08 +03:00
Daniel-GrunbergerCA	04b55e764a	fix k8s-interface pkg tag	2021-10-25 10:44:43 +03:00
Daniel-GrunbergerCA	beb4062bb1	update tag	2021-10-25 09:29:43 +03:00
David Wertenteil	5d4cd4acdc	Merge pull request #188 from dwertent/master Use interfaces	2021-10-25 09:21:43 +03:00
dwertent	aec8198131	adding score to interface	2021-10-25 08:41:15 +03:00
dwertent	0a850e47df	use interfaces	2021-10-24 17:51:03 +03:00
dwertent	4f466d517a	fixed junit counter	2021-10-21 16:05:51 +03:00
Rotem Refael	548201c256	Merge pull request #185 from dwertent/master Update readme with new featurs	2021-10-21 13:46:33 +03:00
dwertent	a54e5d9f8b	update readme with new featurs	2021-10-21 13:25:41 +03:00
dwertent	536257afa1	fixed version in build.py	2021-10-21 12:48:52 +03:00
dwertent	d194dd173f	fixed image and entrypoint	2021-10-21 11:32:20 +03:00
dwertent	a90177e7c0	update go mod file	2021-10-21 09:56:05 +03:00
Rotem Refael	be9e8ca47d	Merge pull request #184 from Daniel-GrunbergerCA/master Implementing single control scan (from file and and from regolibrary) & download single control	2021-10-21 08:33:26 +03:00
Daniel-GrunbergerCA	eb9fe85c75	add error handling	2021-10-20 17:45:11 +03:00
Daniel-GrunbergerCA	47183c405f	add some comments	2021-10-20 17:29:25 +03:00
Daniel-GrunbergerCA	2725923b9b	case insensitive	2021-10-20 16:58:09 +03:00
Daniel-GrunbergerCA	f6c03ed7a2	fix offline support	2021-10-20 16:50:59 +03:00
Daniel-GrunbergerCA	76b5548216	Merge remote-tracking branch 'upstream/dev'	2021-10-20 16:29:56 +03:00
Daniel-GrunbergerCA	cc57a34a32	run control scan form file	2021-10-20 16:18:53 +03:00
Bezbran	f7099b62e6	Merge pull request #182 from Bezbran/dev Add API version to report structure	2021-10-20 16:05:46 +03:00
Bezalel Brandwine	093ee8916e	Add API version to report structure	2021-10-20 16:04:10 +03:00
David Wertenteil	ac0259157b	Merge pull request #181 from dwertent/master Update junit results	2021-10-20 15:57:34 +03:00
dwertent	9cb937798f	update readme	2021-10-20 14:53:19 +03:00
dwertent	11d4926c85	updte junit results	2021-10-20 14:49:27 +03:00
Daniel-GrunbergerCA	836211ae2b	update go mod	2021-10-20 14:39:33 +03:00
Daniel-GrunbergerCA	fddf3d3f58	Merge remote-tracking branch 'upstream/dev'	2021-10-20 14:15:46 +03:00
Daniel-GrunbergerCA	b036d1079e	support control scan with new api	2021-10-20 14:15:27 +03:00
Rotem Refael	137c39e918	Merge pull request #180 from AvnerTzurArmo/dev add cronjob sample for kubescape	2021-10-20 13:57:26 +03:00
Avner Tzur	8778d022cf	add cronjob sample for kubescape	2021-10-20 10:59:30 +03:00
Bezbran	043bdbacec	Merge pull request #8 from armosec/dev Dev	2021-10-20 10:49:28 +03:00
Daniel-GrunbergerCA	e0e19b0258	Merge remote-tracking branch 'upstream/dev'	2021-10-20 09:05:37 +03:00
David Wertenteil	c72e0f790a	Merge pull request #179 from dwertent/master fallback get customer guid from configMap	2021-10-19 16:30:47 +03:00
dwertent	87e79110a2	fallback customer guid from configMap	2021-10-19 16:25:54 +03:00
David Wertenteil	faeae1af60	Merge pull request #178 from dwertent/master adding summary changes	2021-10-19 15:09:05 +03:00
dwertent	b371fbad01	adding summary	2021-10-19 15:08:00 +03:00
David Wertenteil	90831e153d	Merge pull request #177 from dwertent/master Distinct exclude and failed resources	2021-10-19 14:24:10 +03:00
dwertent	009d8275c1	Distinct exclude and failed resources	2021-10-19 14:22:09 +03:00
Daniel-GrunbergerCA	05c88e0ffc	Merge remote-tracking branch 'upstream/dev'	2021-10-18 17:40:11 +03:00
Daniel-GrunbergerCA	7d12552932	add option to run single control	2021-10-18 17:39:35 +03:00
Rotem Refael	b761505bb1	Merge pull request #172 from Moshe-Rappaport-CA/master Support scanning yamls from gitHub repo	2021-10-18 14:51:42 +03:00
moshep	63367f4f31	support yamls from repo	2021-10-18 14:29:44 +03:00
Rotem Refael	6f9d6b4af3	Update README.md	2021-10-18 14:16:29 +03:00
Rotem Refael	6ed8287b01	Update README.md	2021-10-18 14:15:45 +03:00
Rotem Refael	d948e20682	Change readme text	2021-10-18 14:12:57 +03:00
Rotem Refael	42929dac58	Merge pull request #171 from armosec/dev Fix workflow for building image	2021-10-18 11:59:29 +03:00
Rotem Refael	74449c64a2	Merge pull request #170 from Daniel-GrunbergerCA/master Fix env var name	2021-10-18 11:26:18 +03:00
Daniel-GrunbergerCA	0bd164c69e	fix workflow for dev	2021-10-18 11:15:55 +03:00
Daniel-GrunbergerCA	d44c082134	fix env var name	2021-10-18 11:11:32 +03:00
Daniel-GrunbergerCA	d756b9bfe4	check repo name	2021-10-18 11:04:57 +03:00
Daniel-GrunbergerCA	6144050212	echo repo	2021-10-18 11:02:54 +03:00
Daniel-GrunbergerCA	b5fe456b0d	fix test	2021-10-18 10:59:41 +03:00
Daniel-GrunbergerCA	37791ff391	testing workflow output	2021-10-18 10:57:04 +03:00
Daniel-GrunbergerCA	c2d99163a6	test output for workflow	2021-10-18 10:55:13 +03:00
Daniel-GrunbergerCA	d948353b99	test env var output for build	2021-10-18 10:51:50 +03:00
Daniel-GrunbergerCA	2649cb75f6	Revert "check env var output" This reverts commit `7c8da4a4b9`.	2021-10-18 10:51:28 +03:00
Daniel-GrunbergerCA	7c8da4a4b9	check env var output	2021-10-18 10:49:53 +03:00
Bezbran	54a6a8324a	Merge pull request #7 from armosec/dev Dev	2021-10-14 14:54:14 +03:00