store file localy

* update module

README.md

@@ -28,20 +28,17 @@ If you wish to scan all namespaces in your cluster, remove the `--exclude-namesp
 <img src="docs/summary.png">
 
 
+### Flags
+
+| flag |  default | description | options |
+| --- | --- | --- | --- |
+| `-e`/`--exclude-namespaces` | Scan all namespaces | Namespaces to exclude from scanning, Recommended to exclude `kube-system` and `kube-public` namespaces |
+| `-s`/`--silent` | Display progress messages | Silent progress messages |
+| `-f`/`--format` | `pretty-printer` | Output format | `pretty-printer`/`json`/`junit` | 
+| `-o`/`--output` | print to stdout | Save scan result in file |
+
 ## Usage & Examples
-
-### Pre-Deployment Testing
-Check your YAML files before you're deploying, simply add them at the end of command line:
-```
-kubescape scan framework nsa *.yaml
-```
-
-### Integration with other tools
-
-Kubescape can produce output fitting for later processing:
-* JSON (`-f json`)
-* JUnit XML (`-f junit`)
-
+ 
 ### Examples
 
 * Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework
@@ -49,32 +46,32 @@ Kubescape can produce output fitting for later processing:
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
 ```
 
-* Scan local `yaml`/`json` files
+* Scan local `yaml`/`json` files before deploying <img src="docs/new-feature.svg">
 ```
-kubescape scan framework nsa examples/online-boutique/*
+kubescape scan framework nsa *.yaml
 ```
 
 
-* Scan `yaml`/`json` files from url
+* Scan `yaml`/`json` files from url  <img src="docs/new-feature.svg">
 ```
 kubescape scan framework nsa https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
 ```
 
-* Output in `json` format
+* Output in `json` format  <img src="docs/new-feature.svg">
 ```
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format json --output results.json
 ```
 
-* Output in `junit xml` format
+* Output in `junit xml` format  <img src="docs/new-feature.svg">
 ```
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format junit --output results.xml
 ```
 
 ### Helm Support
 
-Render the helm template and pass as stdout
+* Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout   <img src="docs/new-feature.svg">
 ```
-helm template [CHART] [flags] --generate-name --dry-run | kubescape scan framework nsa -
+helm template [NAME] [CHART] [flags] --dry-run | kubescape scan framework nsa -
 ```
 
 for example:
@@ -126,7 +123,7 @@ Kubescape is running the following tests according to what is defined by [Kubern
 * Linux hardening
 * Ingress and Egress blocked
 * Container hostPort
-* Anonymous requests
+
 
 
 ## Technology

cmd/framework.go

@@ -75,10 +75,10 @@ func isValidFramework(framework string) bool {
 func init() {
 	scanCmd.AddCommand(frameworkCmd)
 	scanInfo = opapolicy.ScanInfo{}
-	frameworkCmd.Flags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "namespaces to exclude from check")
-	frameworkCmd.Flags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `output format. supported formats: "pretty-printer"/"json"/"junit"`)
-	frameworkCmd.Flags().StringVarP(&scanInfo.Output, "output", "o", "", "output file. print output to file and not stdout")
-	frameworkCmd.Flags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "silent progress output")
+	frameworkCmd.Flags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from check")
+	frameworkCmd.Flags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. supported formats: "pretty-printer"/"json"/"junit"`)
+	frameworkCmd.Flags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. print output to file and not stdout")
+	frameworkCmd.Flags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
 }
 
 func CliSetup() error {

cmd/root.go

@@ -9,7 +9,7 @@ var cfgFile string
 var rootCmd = &cobra.Command{
 	Use:   "kubescape",
 	Short: "Kubescape is a tool for testing Kubernetes security posture",
-	Long:  `Kubescape is a tool for testing Kubernetes security posture based on NSA and MITRE specifications.`,
+	Long:  `Kubescape is a tool for testing Kubernetes security posture based on NSA specifications.`,
 }
 
 func Execute() {

download.sh

@@ -0,0 +1,27 @@
+#!/bin/bash
+set -e
+
+echo "Downloading Kubescape..."
+echo
+
+osName=$(uname -s)
+if [[ $osName == *"MINGW"* ]]; then
+    osName=windows-latest
+elif [[ $osName == *"Darwin"* ]]; then
+    osName=macos-latest
+else
+    osName=ubuntu-latest
+fi
+
+GITHUB_OWNER=armosec
+
+DOWNLOAD_URL=$(curl --silent "https://api.github.com/repos/$GITHUB_OWNER/kubescape/releases/latest" | grep -o "browser_download_url.*${osName}.*")
+DOWNLOAD_URL=${DOWNLOAD_URL//\"}
+DOWNLOAD_URL=${DOWNLOAD_URL/browser_download_url: /}
+
+KUBESCAPE_EXEC=kubescape
+
+curl --progress-bar -L $DOWNLOAD_URL -o $KUBESCAPE_EXEC
+echo -e "\033[32m[V] Downloaded Kubescape"
+
+chmod +x $KUBESCAPE_EXEC || sudo chmod +x $KUBESCAPE_EXEC

install.sh

@@ -29,9 +29,9 @@ OUTPUT=$BASE_DIR/$KUBESCAPE_EXEC
 curl --progress-bar -L $DOWNLOAD_URL -o $OUTPUT
 echo -e "\033[32m[V] Downloaded Kubescape"
 
-sudo chmod +x $OUTPUT
-sudo rm -f /usr/local/bin/$KUBESCAPE_EXEC
-sudo cp $OUTPUT /usr/local/bin
+chmod +x $OUTPUT || sudo chmod +x $OUTPUT
+rm -f /usr/local/bin/$KUBESCAPE_EXEC || sudo rm -f /usr/local/bin/$KUBESCAPE_EXEC
+cp $OUTPUT /usr/local/bin || sudo cp $OUTPUT /usr/local/bin
 rm -rf $BASE_DIR
 
 echo -e "[V] Finished Installation"