Merge pull request #169 from armosec/rotemamsa-patch-1

Delete backendconnectormethods.go
2026-02-19 20:39:56 +00:00 · 2021-10-18 10:28:19 +03:00 · 2021-10-18 10:26:59 +03:00 · 2021-10-14 15:43:28 +03:00 · 2021-10-14 14:48:47 +03:00 · 2021-10-14 14:48:16 +03:00
56 changed files with 1968 additions and 561 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -2,10 +2,7 @@ name: build

 on:
  push:
-    branches: [ master ]
-  pull_request:
-    branches: [ master ]
-    types: [ closed ]
+    branches: [ master ] 
 jobs:
  once:
    name: Create release
@@ -36,15 +33,19 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.16
+          go-version: 1.17
+
+      - name: Test
+        run: go test -v ./...
+
      - name: Build
        env:
          RELEASE: v1.0.${{ github.run_number }} 
          ArmoBEServer: api.armo.cloud
-          ArmoERServer: report.euprod1.cyberarmorsoft.com
+          ArmoERServer: report.armo.cloud
          ArmoWebsite: portal.armo.cloud
          CGO_ENABLED: 0
-        run: mkdir -p build/${{ matrix.os }}  && go mod tidy && go build -ldflags "-w -s -X github.com/armosec/kubescape/cmd.BuildNumber=$RELEASE -X github.com/armosec/kubescape/cautils/getter.ArmoBEURL=$ArmoBEServer -X github.com/armosec/kubescape/cautils/getter.ArmoERURL=$ArmoERServer -X github.com/armosec/kubescape/cautils/getter.ArmoFEURL=$ArmoWebsite" -o build/${{ matrix.os }}/kubescape # && md5sum build/${{ matrix.os }}/kubescape > build/${{ matrix.os }}/kubescape.md5
+        run: python3 --version && python3 build.py
      
      - name: Upload Release binaries
        id: upload-release-asset
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -19,7 +19,11 @@ jobs:
      - name: Set up Go
        uses: actions/setup-go@v2
        with:
-          go-version: 1.16
+          go-version: 1.17
+          
+      - name: Test
+        run: go test -v ./...
+
      - name: Build
        env:
          RELEASE: v1.0.${{ github.run_number }} 
@@ -27,7 +31,7 @@ jobs:
          ArmoERServer: report.euprod1.cyberarmorsoft.com
          ArmoWebsite: portal.armo.cloud
          CGO_ENABLED: 0
-        run: mkdir -p build/${{ matrix.os }}  && go mod tidy && go build -ldflags "-w -s -X github.com/armosec/kubescape/cmd.BuildNumber=$RELEASE -X github.com/armosec/kubescape/cautils/getter.ArmoBEURL=$ArmoBEServer -X github.com/armosec/kubescape/cautils/getter.ArmoERURL=$ArmoERServer -X github.com/armosec/kubescape/cautils/getter.ArmoFEURL=$ArmoWebsite" -o build/${{ matrix.os }}/kubescape # && md5sum build/${{ matrix.os }}/kubescape > build/${{ matrix.os }}/kubescape.md5
+        run: python3 --version && python3 build.py
      
      - name: Upload build artifacts 
        uses: actions/upload-artifact@v2
--- a/.github/workflows/master_pr_checks.yaml
+++ b/.github/workflows/master_pr_checks.yaml
@@ -0,0 +1,38 @@
+name: master-pr
+
+on:
+  pull_request:
+    branches: [ master ]
+    types: [ edited, opened, synchronize, reopened ]
+jobs:
+  build:
+    name: Create cross-platform build
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    steps:
+      - uses: actions/checkout@v1
+
+      - name: Set up Go
+        uses: actions/setup-go@v2
+        with:
+          go-version: 1.17
+
+      - name: Test
+        run: go test -v ./...
+
+      - name: Build
+        env:
+          RELEASE: v1.0.${{ github.run_number }} 
+          ArmoBEServer: api.armo.cloud
+          ArmoERServer: report.armo.cloud
+          ArmoWebsite: portal.armo.cloud
+          CGO_ENABLED: 0
+        run: python3 --version && python3 build.py
+
+      - name: Upload build artifacts 
+        uses: actions/upload-artifact@v2
+        with:
+          name: kubescape-${{ matrix.os }}
+          path: build/${{ matrix.os }}/kubescape 
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,4 @@
 *.vs*
-*go.sum*
 *kubescape*
 *debug*
 .idea
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@

 Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in [Kubernetes Hardening Guidance by NSA and CISA](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)

-Use Kubescape to test clusters or scan single YAML files and integrate it to your processes. 
+Use Kubescape to test clusters or scan single YAML files and integrate it to your processes.

 <img src="docs/demo.gif">

@@ -15,6 +15,10 @@ Use Kubescape to test clusters or scan single YAML files and integrate it to you
 curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
 ```

+[Install on windows](#install-on-windows)
+
+[Install on macOS](#install-on-macos)
+
 ## Run:
 ```
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
@@ -24,19 +28,44 @@ If you wish to scan all namespaces in your cluster, remove the `--exclude-namesp

 <img src="docs/summary.png">

+### Click [👍](https://github.com/armosec/kubescape/stargazers) if you want us to continue to develop and improve Kubescape 😀
+
 # Being part of the team

-We invite you to our team! We are excited about this project and want to return the love we get. 
+We invite you to our team! We are excited about this project and want to return the love we get.

 Want to contribute? Want to discuss something? Have an issue?

 * Open a issue, we are trying to respond within 48 hours
-* [Join us](https://discordapp.com/invite/CTcCaBbb) in a discussion on our discord server! 
+* [Join us](https://armosec.github.io/kubescape/) in a discussion on our discord server!

-[<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://discordapp.com/invite/CTcCaBbb)
+[<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://armosec.github.io/kubescape/)

 # Options and examples

+## Install on Windows
+
+**Requires powershell v5.0+**
+
+``` powershell
+iwr -useb https://raw.githubusercontent.com/armosec/kubescape/master/install.ps1 | iex
+```
+
+Note: if you get an error you might need to change the execution policy (i.e. enable Powershell) with
+
+``` powershell
+Set-ExecutionPolicy RemoteSigned -scope CurrentUser
+```
+
+## Install on macOS
+
+1. ```
+    brew tap armosec/kubescape
+    ```
+2. ```
+    brew install kubescape
+    ```
+
 ## Flags

 | flag |  default | description | options |
@@ -44,39 +73,47 @@ Want to contribute? Want to discuss something? Have an issue?
 | `-e`/`--exclude-namespaces` | Scan all namespaces | Namespaces to exclude from scanning. Recommended to exclude `kube-system` and `kube-public` namespaces |
 | `-s`/`--silent` | Display progress messages | Silent progress messages |
 | `-t`/`--fail-threshold` | `0` (do not fail) | fail command (return exit code 1) if result bellow threshold| `0` -> `100` |
-| `-f`/`--format` | `pretty-printer` | Output format | `pretty-printer`/`json`/`junit` | 
+| `-f`/`--format` | `pretty-printer` | Output format | `pretty-printer`/`json`/`junit` |
 | `-o`/`--output` | print to stdout | Save scan result in file |
 | `--use-from` | | Load local framework object from specified path. If not used will download latest |
 | `--use-default` | `false` | Load local framework object from default path. If not used will download latest | `true`/`false` |
 | `--exceptions` | | Path to an [exceptions obj](examples/exceptions.json). If not set will download exceptions from Armo management portal |
-| `--results-locally` | `false` | Kubescape sends scan results to Armo management portal to allow users to control exceptions and maintain chronological scan results. Use this flag if you do not wish to use these features | `true`/`false`|
+| `--submit` | `false` | If set, Kubescape will send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not sent | `true`/`false`|
+| `--keep-local` | `false` | Kubescape will not send scan results to Armo management portal. Use this flag if you ran with the `--submit` flag in the past and you do not want to submit your current scan results | `true`/`false`|
+| `--account` | | Armo portal account ID. Default will load account ID from configMap or config file | |

 ## Usage & Examples
- 
+
 ### Examples

-* Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework
+* Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework and submit results to [Armo portal](https://portal.armo.cloud/)
 ```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
+kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --submit
 ```

-* Scan local `yaml`/`json` files before deploying
+
+* Scan a running Kubernetes cluster with [`mitre`](https://www.microsoft.com/security/blog/2020/04/02/attack-matrix-kubernetes/) framework and submit results to [Armo portal](https://portal.armo.cloud/)
+```
+kubescape scan framework mitre --exclude-namespaces kube-system,kube-public --submit
+```
+
+* Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI)
 ```
 kubescape scan framework nsa *.yaml
 ```


-* Scan `yaml`/`json` files from url 
+* Scan `yaml`/`json` files from url
 ```
 kubescape scan framework nsa https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
 ```

-* Output in `json` format 
+* Output in `json` format
 ```
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format json --output results.json
 ```

-* Output in `junit xml` format 
+* Output in `junit xml` format
 ```
 kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format junit --output results.xml
 ```
@@ -88,7 +125,7 @@ kubescape scan framework nsa --exceptions examples/exceptions.json

 ### Helm Support

-* Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout 
+* Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout
 ```
 helm template [NAME] [CHART] [flags] --dry-run | kubescape scan framework nsa -
 ```
@@ -97,38 +134,55 @@ for example:
 ```
 helm template bitnami/mysql --generate-name --dry-run | kubescape scan framework nsa -
 ```
-### Offline Support <img src="docs/new-feature.svg">
+### Offline Support

 It is possible to run Kubescape offline!

 First download the framework and then scan with `--use-from` flag

-* Download and save in file, if file name not specified, will store save to `~/.kubescape/<framework name>.json`
+1. Download and save in file, if file name not specified, will store save to `~/.kubescape/<framework name>.json`
 ```
 kubescape download framework nsa --output nsa.json
 ```

-* Scan using the downloaded framework 
+2. Scan using the downloaded framework
 ```
 kubescape scan framework nsa --use-from nsa.json
 ```

 Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests themselves more robust and complete as Kubernetes develops.

-# How to build 
+# How to build

-## For development
+## Build using python (3.7^) script

-Note: development (and the release process) is done with Go `1.16`
+Kubescpae can be built using:
+
+``` sh
+python build.py
+```
+
+Note: In order to built using the above script, one must set the environment
+variables in this script:
+
+ RELEASE
+ ArmoBEServer
+ ArmoERServer
+ ArmoWebsite
+
+
+## Build using go
+
+Note: development (and the release process) is done with Go `1.17`

 1. Clone Project
 ```
-git clone git@github.com:armosec/kubescape.git kubescape && cd "$_"
+git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
 ```

 2. Build
 ```
-go mod tidy && go build -o kubescape .
+go build -o kubescape .
 ```

 3. Run
@@ -142,7 +196,7 @@ go mod tidy && go build -o kubescape .

 1. Clone Project
 ```
-git clone git@github.com:armosec/kubescape.git kubescape && cd "$_"
+git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
 ```

 2. Build
@@ -155,14 +209,14 @@ docker build -t kubescape -f build/Dockerfile .
 ## Tests
 Kubescape is running the following tests according to what is defined by [Kubernetes Hardening Guidance by NSA and CISA](https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
 * Non-root containers
-* Immutable container filesystem 
-* Privileged containers 
+* Immutable container filesystem
+* Privileged containers
 * hostPID, hostIPC privileges
 * hostNetwork access
 * allowedHostPaths field
 * Protecting pod service account tokens
 * Resource policies
-* Control plane hardening 
+* Control plane hardening
 * Exposed dashboard
 * Allow privilege escalation
 * Applications credentials in configuration files
@@ -179,12 +233,10 @@ Kubescape is running the following tests according to what is defined by [Kubern


 ## Technology
-Kubescape based on OPA engine: https://github.com/open-policy-agent/opa and ARMO's posture controls. 
+Kubescape based on OPA engine: https://github.com/open-policy-agent/opa and ARMO's posture controls.

-The tools retrieves Kubernetes objects from the API server and runs a set of [regos snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/). 
+The tools retrieves Kubernetes objects from the API server and runs a set of [regos snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/).

 The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.

 Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests themselves more robust and complete as Kubernetes develops.
-
-
--- a/build.py
+++ b/build.py
@@ -0,0 +1,82 @@
+import os
+import sys
+import hashlib
+import platform
+import subprocess
+
+BASE_GETTER_CONST = "github.com/armosec/kubescape/cautils/getter"
+BE_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoBEURL"
+ER_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoERURL"
+WEBSITE_CONST     = BASE_GETTER_CONST + ".ArmoFEURL"
+
+def checkStatus(status, msg):
+    if status != 0:
+        sys.stderr.write(msg)
+        exit(status)
+
+
+def getBuildDir():
+    currentPlatform = platform.system()
+    buildDir = "build/"
+
+    if currentPlatform == "Windows": buildDir += "windows-latest"
+    elif currentPlatform == "Linux": buildDir += "ubuntu-latest"
+    elif currentPlatform == "Darwin": buildDir += "macos-latest"
+    else: raise OSError("Platform %s is not supported!" % (currentPlatform))
+
+    return buildDir
+
+def getPackageName():
+    packageName = "kubescape"
+    # if platform.system() == "Windows": packageName += ".exe"
+
+    return packageName
+
+
+def main():
+    print("Building Kubescape")
+
+    # print environment variables
+    print(os.environ)
+
+    # Set some variables
+    packageName = getPackageName()
+    buildUrl = "github.com/armosec/kubescape/cmd.BuildNumber"
+    releaseVersion = os.getenv("RELEASE")
+    ArmoBEServer = os.getenv("ArmoBEServer")
+    ArmoERServer = os.getenv("ArmoERServer")
+    ArmoWebsite = os.getenv("ArmoWebsite")
+
+    # Create build directory
+    buildDir = getBuildDir()
+
+    if not os.path.isdir(buildDir):
+        os.makedirs(buildDir)
+
+    # Build kubescape
+    ldflags = "-w -s -X %s=%s -X %s=%s -X %s=%s -X %s=%s" \
+        % (buildUrl, releaseVersion, BE_SERVER_CONST, ArmoBEServer,
+           ER_SERVER_CONST, ArmoERServer, WEBSITE_CONST, ArmoWebsite)
+    status = subprocess.call(["go", "build", "-o", "%s/%s" % (buildDir, packageName), "-ldflags" ,ldflags])
+    checkStatus(status, "Failed to build kubescape")
+    
+    test_cli_prints(buildDir,packageName)
+
+
+    sha1 = hashlib.sha1()
+    with open(buildDir + "/" + packageName, "rb") as kube:
+        sha1.update(kube.read())
+        with open(buildDir + "/" + packageName + ".sha1", "w") as kube_sha:
+            kube_sha.write(sha1.hexdigest())
+
+    print("Build Done")
+
+def test_cli_prints(buildDir,packageName):
+    bin_cli = os.path.abspath(os.path.join(buildDir,packageName))
+
+    print(f"testing CLI prints on {bin_cli}")
+    status = str(subprocess.check_output([bin_cli, "-h"]))
+    assert "download" in status, "download is missing: " + status    
+
+if __name__ == "__main__":
+    main()
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,13 +1,15 @@
-FROM golang:1.16-alpine as builder
+FROM golang:1.17-alpine as builder
 ENV GOPROXY=https://goproxy.io,direct
 ENV GO111MODULE=on

 WORKDIR /work
 ADD . .
-RUN go mod tidy
 RUN GOOS=linux CGO_ENABLED=0 go build -ldflags="-s -w " -installsuffix cgo  -o kubescape .

 FROM alpine
 COPY --from=builder /work/kubescape /usr/bin/kubescape

+# # Download the frameworks. Use the "--use-default" flag when running kubescape
+# RUN kubescape download framework nsa && kubescape download framework mitre
+
 CMD ["kubescape"]
--- a/cautils/apis/backendconnector.go
+++ b/cautils/apis/backendconnector.go
@@ -3,7 +3,7 @@ package apis
 import (
 	"bytes"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 )

@@ -66,7 +66,7 @@ func BEHttpRequest(loginobj *LoginObject, beURL,
 		return nil, fmt.Errorf("Error #%v Due to: %v", resp.StatusCode, resp.Status)
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/cautils/apis/backendconnectormethods.go
+++ b/cautils/apis/backendconnectormethods.go
@@ -1,128 +0,0 @@
-package apis
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"strings"
-)
-
-func MakeBackendConnector(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) (*BackendConnector, error) {
-	if err := ValidateBEConnectorMakerInput(client, baseURL, loginDetails); err != nil {
-		return nil, err
-	}
-	conn := &BackendConnector{BaseURL: baseURL, Credentials: loginDetails, HTTPClient: client}
-	err := conn.Login()
-
-	return conn, err
-}
-
-func ValidateBEConnectorMakerInput(client *http.Client, baseURL string, loginDetails *CustomerLoginDetails) error {
-	if client == nil {
-		fmt.Errorf("You must provide an initialized httpclient")
-	}
-	if len(baseURL) == 0 {
-		return fmt.Errorf("you must provide a valid backend url")
-	}
-
-	if loginDetails == nil || (len(loginDetails.Email) == 0 && len(loginDetails.Password) == 0) {
-		return fmt.Errorf("you must provide valid login details")
-	}
-	return nil
-
-}
-
-func (r *BackendConnector) Login() error {
-	if !r.IsExpired() {
-		return nil
-	}
-
-	loginInfoBytes, err := json.Marshal(r.Credentials)
-	if err != nil {
-		return fmt.Errorf("unable to marshal credentials properly")
-	}
-
-	beURL := fmt.Sprintf("%v/%v", r.BaseURL, "login")
-
-	req, err := http.NewRequest("POST", beURL, bytes.NewReader(loginInfoBytes))
-	if err != nil {
-		return err
-	}
-
-	req.Header.Set("Referer", strings.Replace(beURL, "dashbe", "cpanel", 1))
-	resp, err := r.HTTPClient.Do(req)
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return fmt.Errorf("unable to read login response")
-	}
-
-	loginS := &BELoginResponse{}
-	json.Unmarshal(body, &loginS)
-
-	loginS.Cookies = resp.Cookies()
-	r.BELoginResponse = loginS
-
-	return nil
-}
-
-func (r *BackendConnector) IsExpired() bool {
-	return r.BELoginResponse == nil || r.BELoginResponse.ToLoginObject().IsExpired()
-}
-
-func (r *BackendConnector) GetBaseURL() string {
-	return r.BaseURL
-}
-func (r *BackendConnector) GetLoginObj() *LoginObject {
-	return r.BELoginResponse.ToLoginObject()
-}
-func (r *BackendConnector) GetClient() *http.Client {
-	return r.HTTPClient
-}
-
-func (r *BackendConnector) HTTPSend(httpverb string,
-	endpoint string,
-	payload []byte,
-	f HTTPReqFunc,
-	qryData interface{}) ([]byte, error) {
-
-	beURL := fmt.Sprintf("%v/%v", r.GetBaseURL(), endpoint)
-	req, err := http.NewRequest(httpverb, beURL, bytes.NewReader(payload))
-	if err != nil {
-		return nil, err
-	}
-
-	if r.IsExpired() {
-		r.Login()
-	}
-
-	loginobj := r.GetLoginObj()
-	req.Header.Set("Authorization", loginobj.Authorization)
-	f(req, qryData)
-	q := req.URL.Query()
-	q.Set("customerGUID", loginobj.GUID)
-	req.URL.RawQuery = q.Encode()
-
-	for _, cookie := range loginobj.Cookies {
-		req.AddCookie(cookie)
-	}
-	resp, err := r.GetClient().Do(req)
-	if err != nil {
-		return nil, err
-	}
-	if resp.StatusCode < 200 || resp.StatusCode >= 300 {
-		fmt.Printf("req:\n%v\nresp:%v\n", req, resp)
-		return nil, fmt.Errorf("Error #%v Due to: %v", resp.StatusCode, resp.Status)
-	}
-	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return nil, err
-	}
-	return body, nil
-}
--- a/cautils/apis/login.go
+++ b/cautils/apis/login.go
@@ -2,11 +2,10 @@ package apis

 import (
 	"bytes"
+	"io"
 	"net/http"
 	"time"

-	"io/ioutil"
-
 	oidc "github.com/coreos/go-oidc"
 	uuid "github.com/satori/go.uuid"

@@ -231,7 +230,7 @@ func BELogin(loginDetails *CustomerLoginDetails, login string, cfg string) (*BEL
 		return nil, err
 	}
 	defer resp.Body.Close()
-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return nil, err
 	}
--- a/cautils/apis/login_test.go
+++ b/cautils/apis/login_test.go
@@ -1,41 +0,0 @@
-package apis
-
-// func TestLogin2BE(t *testing.T) {
-
-// 	loginDetails := CustomerLoginDetails{Email: "lalafi@cyberarmor.io", Password: "***", CustomerName: "CyberArmorTests"}
-// 	res, err := BELogin(loginDetails, "login")
-// 	if err != nil {
-// 		t.Errorf("failed to get raw audit is different ")
-// 	}
-// 	k := res.ToLoginObject()
-
-// 	fmt.Printf("%v\n", k)
-
-// }
-
-// func TestGetMicroserviceOverview(t *testing.T) {
-// 	// client := &http.Client{}
-// 	loginDetails := CustomerLoginDetails{Email: "lalafi@cyberarmor.io", Password: "***", CustomerName: "CyberArmorTests"}
-// 	loginobj, err := BELogin(loginDetails, "login")
-// 	if err != nil {
-// 		t.Errorf("failed to get raw audit is different ")
-// 	}
-// 	k := loginobj.ToLoginObject()
-// 	beURL := GetBEInfo("")
-
-// 	res, err := BEHttpRequest(k, beURL,
-// 		"GET",
-// 		"v1/microservicesOverview",
-// 		nil,
-// 		BasicBEQuery,
-// 		k)
-
-// 	if err != nil {
-// 		t.Errorf("failed to get raw audit is different ")
-// 	}
-
-// 	s := string(res)
-
-// 	fmt.Printf("%v\n", s)
-
-// }
--- a/cautils/cautils/armometadata.go
+++ b/cautils/cautils/armometadata.go
@@ -3,7 +3,6 @@ package cautils
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"strings"

@@ -154,7 +153,7 @@ func LoadConfig(configPath string, loadToEnv bool) (*ClusterConfig, error) {
 		configPath = "/etc/config/clusterData.json"
 	}

-	dat, err := ioutil.ReadFile(configPath)
+	dat, err := os.ReadFile(configPath)
 	if err != nil || len(dat) == 0 {
 		return nil, fmt.Errorf("Config empty or not found. path: %s", configPath)
 	}
@@ -191,7 +190,7 @@ func (clusterConfig *ClusterConfig) LoadConfigToEnv() {
 func SetEnv(key, value string) {
 	if e := os.Getenv(key); e == "" {
 		if err := os.Setenv(key, value); err != nil {
-			glog.Warning("%s: %s", key, err.Error())
+			glog.Warningf("%s: %s", key, err.Error())
 		}
 	}
 }
--- a/cautils/customerloader.go
+++ b/cautils/customerloader.go
@@ -4,7 +4,6 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"net/url"
 	"os"
 	"strings"
@@ -18,9 +17,15 @@ import (

 const (
 	configMapName  = "kubescape"
-	ConfigFileName = "config"
+	configFileName = "config"
 )

+func ConfigFileFullPath() string { return getter.GetDefaultPath(configFileName + ".json") }
+
+// ======================================================================================
+// =============================== Config structure =====================================
+// ======================================================================================
+
 type ConfigObj struct {
 	CustomerGUID       string `json:"customerGUID"`
 	Token              string `json:"invitationParam"`
@@ -34,62 +39,117 @@ func (co *ConfigObj) Json() []byte {
 	return []byte{}
 }

+// ======================================================================================
+// =============================== interface ============================================
+// ======================================================================================
 type IClusterConfig interface {
-	SetCustomerGUID() error
+	// setters
+	SetCustomerGUID(customerGUID string) error
+
+	// getters
 	GetCustomerGUID() string
+	GetConfigObj() *ConfigObj
+	GetK8sAPI() *k8sinterface.KubernetesApi
+	GetBackendAPI() getter.IBackend
+	GetDefaultNS() string
 	GenerateURL()
 }

-type ClusterConfig struct {
-	k8s       *k8sinterface.KubernetesApi
-	defaultNS string
-	armoAPI   *getter.ArmoAPI
-	configObj *ConfigObj
+// ClusterConfigSetup - Setup the desired cluster behavior regarding submittion to the Armo BE
+func ClusterConfigSetup(scanInfo *ScanInfo, k8s *k8sinterface.KubernetesApi, beAPI getter.IBackend) IClusterConfig {
+	/*
+
+		If "First run (local config not found)" -
+			Default - Do not send report (local)
+			Local - Do not send report
+			Submit - Create tenant & Submit report
+
+		If "Submitted but not signed up" -
+			Default	- Delete local config & Do not send report (local)
+			Local - Delete local config & Do not send report
+			Submit - Submit report
+
+		If "Signed up user" -
+			Default	- Submit report (submit)
+			Local - Do not send report
+			Submit - Submit report
+
+	*/
+	clusterConfig := NewClusterConfig(k8s, beAPI)
+	clusterConfig.LoadConfig()
+
+	if !IsSubmitted(clusterConfig) {
+		if scanInfo.Submit {
+			return clusterConfig // submit - Create tenant & Submit report
+		}
+		return NewEmptyConfig() // local/default - Do not send report
+	}
+	if !IsRegistered(clusterConfig) {
+		if scanInfo.Submit {
+			return clusterConfig // submit/default - Submit report
+		}
+		DeleteConfig(k8s)
+		return NewEmptyConfig() // local - Delete local config & Do not send report
+	}
+	if scanInfo.Local {
+		return NewEmptyConfig() // local - Do not send report
+	}
+	return clusterConfig // submit/default -  Submit report
 }

+// ======================================================================================
+// ============================= Mock Config ============================================
+// ======================================================================================
 type EmptyConfig struct {
 }

+func NewEmptyConfig() *EmptyConfig                               { return &EmptyConfig{} }
+func (c *EmptyConfig) GetConfigObj() *ConfigObj                  { return &ConfigObj{} }
+func (c *EmptyConfig) SetCustomerGUID(customerGUID string) error { return nil }
+func (c *EmptyConfig) GetCustomerGUID() string                   { return "" }
+func (c *EmptyConfig) GetK8sAPI() *k8sinterface.KubernetesApi    { return nil } // TODO: return mock obj
+func (c *EmptyConfig) GetDefaultNS() string                      { return k8sinterface.GetDefaultNamespace() }
+func (c *EmptyConfig) GetBackendAPI() getter.IBackend            { return nil } // TODO: return mock obj
 func (c *EmptyConfig) GenerateURL() {
+	message := fmt.Sprintf("You can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more by registering here: https://%s", getter.GetArmoAPIConnector().GetFrontendURL())
+	InfoTextDisplay(os.Stdout, message+"\n")
 }

-func (c *EmptyConfig) SetCustomerGUID() error {
-	return nil
+// ======================================================================================
+// ========================== Cluster Config ============================================
+// ======================================================================================
+
+type ClusterConfig struct {
+	k8s        *k8sinterface.KubernetesApi
+	defaultNS  string
+	backendAPI getter.IBackend
+	configObj  *ConfigObj
 }

-func (c *EmptyConfig) GetCustomerGUID() string {
-	return ""
-}
-
-func NewEmptyConfig() *EmptyConfig {
-	return &EmptyConfig{}
-}
-
-func NewClusterConfig(k8s *k8sinterface.KubernetesApi, armoAPI *getter.ArmoAPI) *ClusterConfig {
+func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend) *ClusterConfig {
 	return &ClusterConfig{
-		k8s:       k8s,
-		armoAPI:   armoAPI,
-		defaultNS: k8sinterface.GetDefaultNamespace(),
+		k8s:        k8s,
+		backendAPI: backendAPI,
+		configObj:  &ConfigObj{},
+		defaultNS:  k8sinterface.GetDefaultNamespace(),
 	}
 }
-func createConfigJson() {
-	ioutil.WriteFile(getter.GetDefaultPath(ConfigFileName+".json"), nil, 0664)
+func (c *ClusterConfig) GetConfigObj() *ConfigObj               { return c.configObj }
+func (c *ClusterConfig) GetK8sAPI() *k8sinterface.KubernetesApi { return c.k8s }
+func (c *ClusterConfig) GetDefaultNS() string                   { return c.defaultNS }
+func (c *ClusterConfig) GetBackendAPI() getter.IBackend         { return c.backendAPI }

-}
-
-func update(configObj *ConfigObj) {
-	ioutil.WriteFile(getter.GetDefaultPath(ConfigFileName+".json"), configObj.Json(), 0664)
-}
 func (c *ClusterConfig) GenerateURL() {
+
 	u := url.URL{}
 	u.Scheme = "https"
-	u.Host = getter.ArmoFEURL
+	u.Host = getter.GetArmoAPIConnector().GetFrontendURL()
 	if c.configObj == nil {
 		return
 	}
+	message := fmt.Sprintf("You can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more by registering here: %s", u.String())
 	if c.configObj.CustomerAdminEMail != "" {
-		msgStr := fmt.Sprintf("To view all controls and get remediations ask access permissions to %s from %s", u.String(), c.configObj.CustomerAdminEMail)
-		InfoTextDisplay(os.Stdout, msgStr+"\n")
+		InfoTextDisplay(os.Stdout, message+"\n")
 		return
 	}
 	u.Path = "account/sign-up"
@@ -98,8 +158,7 @@ func (c *ClusterConfig) GenerateURL() {
 	q.Add("customerGUID", c.configObj.CustomerGUID)

 	u.RawQuery = q.Encode()
-	fmt.Println("To view all controls and get remediations visit:")
-	InfoTextDisplay(os.Stdout, u.String()+"\n")
+	InfoTextDisplay(os.Stdout, message+"\n")

 }

@@ -110,6 +169,82 @@ func (c *ClusterConfig) GetCustomerGUID() string {
 	return ""
 }

+func (c *ClusterConfig) SetCustomerGUID(customerGUID string) error {
+
+	if customerGUID != "" && c.GetCustomerGUID() != customerGUID {
+		c.configObj.CustomerGUID = customerGUID // override config customerGUID
+	}
+
+	customerGUID = c.GetCustomerGUID()
+
+	// get from armoBE
+	tenantResponse, err := c.backendAPI.GetCustomerGUID(customerGUID)
+	if err == nil && tenantResponse != nil {
+		if tenantResponse.AdminMail != "" { // this customer already belongs to some user
+			c.configObj.CustomerAdminEMail = tenantResponse.AdminMail
+		} else {
+			c.configObj.Token = tenantResponse.Token
+			c.configObj.CustomerGUID = tenantResponse.TenantID
+		}
+	} else {
+		if err != nil && !strings.Contains(err.Error(), "already exists") {
+			return err
+		}
+	}
+
+	// update/create config
+	if c.existsConfigMap() {
+		c.updateConfigMap()
+	} else {
+		c.createConfigMap()
+	}
+	if existsConfigFile() {
+		c.updateConfigFile()
+	} else {
+		c.createConfigFile()
+	}
+
+	return nil
+}
+
+func (c *ClusterConfig) LoadConfig() {
+	// get from configMap
+	if c.existsConfigMap() {
+		c.configObj, _ = c.loadConfigFromConfigMap()
+	} else if existsConfigFile() { // get from file
+		c.configObj, _ = loadConfigFromFile()
+	} else {
+		c.configObj = &ConfigObj{}
+	}
+}
+
+func (c *ClusterConfig) ToMapString() map[string]interface{} {
+	m := map[string]interface{}{}
+	bc, _ := json.Marshal(c.configObj)
+	json.Unmarshal(bc, &m)
+	return m
+}
+func (c *ClusterConfig) loadConfigFromConfigMap() (*ConfigObj, error) {
+	if c.k8s == nil {
+		return nil, nil
+	}
+	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.defaultNS).Get(context.Background(), configMapName, metav1.GetOptions{})
+	if err != nil {
+		return nil, err
+	}
+
+	if bData, err := json.Marshal(configMap.Data); err == nil {
+		return readConfig(bData)
+	}
+	return nil, nil
+}
+
+func (c *ClusterConfig) existsConfigMap() bool {
+	_, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.defaultNS).Get(context.Background(), configMapName, metav1.GetOptions{})
+	// TODO - check if has customerGUID
+	return err == nil
+}
+
 func (c *ClusterConfig) GetValueByKeyFromConfigMap(key string) (string, error) {

 	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.defaultNS).Get(context.Background(), configMapName, metav1.GetOptions{})
@@ -122,16 +257,17 @@ func (c *ClusterConfig) GetValueByKeyFromConfigMap(key string) (string, error) {
 	} else {
 		return "", fmt.Errorf("value does not exist")
 	}
-
 }

 func GetValueFromConfigJson(key string) (string, error) {
-	data, err := ioutil.ReadFile(getter.GetDefaultPath(ConfigFileName + ".json"))
+	data, err := os.ReadFile(ConfigFileFullPath())
 	if err != nil {
 		return "", err
 	}
 	var obj map[string]interface{}
-	err = json.Unmarshal(data, &obj)
+	if err := json.Unmarshal(data, &obj); err != nil {
+		return "", err
+	}
 	if val, ok := obj[key]; ok {
 		return fmt.Sprint(val), nil
 	} else {
@@ -141,7 +277,7 @@ func GetValueFromConfigJson(key string) (string, error) {
 }

 func SetKeyValueInConfigJson(key string, value string) error {
-	data, err := ioutil.ReadFile(getter.GetDefaultPath(ConfigFileName + ".json"))
+	data, err := os.ReadFile(ConfigFileFullPath())
 	if err != nil {
 		return err
 	}
@@ -157,7 +293,7 @@ func SetKeyValueInConfigJson(key string, value string) error {
 		return err
 	}

-	return ioutil.WriteFile(getter.GetDefaultPath(ConfigFileName+".json"), newData, 0664)
+	return os.WriteFile(ConfigFileFullPath(), newData, 0664)

 }

@@ -187,76 +323,11 @@ func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error {
 	return err
 }

-func (c *ClusterConfig) SetCustomerGUID() error {
-
-	// get from file
-	if existsConfigJson() {
-		c.configObj, _ = loadConfigFromFile()
-	} else if c.existsConfigMap() {
-		c.configObj, _ = c.loadConfigFromConfigMap()
-	} else {
-		c.createConfigMap()
-		createConfigJson()
-	}
-
-	customerGUID := c.GetCustomerGUID()
-	// get from armoBE
-	tenantResponse, err := c.armoAPI.GetCustomerGUID(customerGUID)
-
-	if err == nil && tenantResponse != nil {
-		if tenantResponse.AdminMail != "" { // this customer already belongs to some user
-			if existsConfigJson() {
-				update(&ConfigObj{CustomerGUID: customerGUID, CustomerAdminEMail: tenantResponse.AdminMail})
-			}
-			if c.existsConfigMap() {
-				c.configObj.CustomerAdminEMail = tenantResponse.AdminMail
-				c.updateConfigMap()
-			}
-		} else {
-			if existsConfigJson() {
-				update(&ConfigObj{CustomerGUID: tenantResponse.TenantID, Token: tenantResponse.Token})
-			}
-			if c.existsConfigMap() {
-				c.configObj = &ConfigObj{CustomerGUID: tenantResponse.TenantID, Token: tenantResponse.Token}
-				c.updateConfigMap()
-			}
-		}
-	} else {
-		if err != nil && strings.Contains(err.Error(), "Invitation for tenant already exists") {
-			return nil
-		}
-		return err
-	}
-	return nil
-}
-
-func (c *ClusterConfig) loadConfigFromConfigMap() (*ConfigObj, error) {
-	if c.k8s == nil {
-		return nil, nil
-	}
-	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.defaultNS).Get(context.Background(), configMapName, metav1.GetOptions{})
-	if err != nil {
-		return nil, err
-	}
-
-	if bData, err := json.Marshal(configMap.Data); err == nil {
-		return readConfig(bData)
-	}
-	return nil, nil
-}
-
-func (c *ClusterConfig) existsConfigMap() bool {
-	_, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.defaultNS).Get(context.Background(), configMapName, metav1.GetOptions{})
+func existsConfigFile() bool {
+	_, err := os.ReadFile(ConfigFileFullPath())
 	return err == nil
 }

-func existsConfigJson() bool {
-	_, err := ioutil.ReadFile(getter.GetDefaultPath(ConfigFileName + ".json"))
-
-	return err == nil
-
-}
-
 func (c *ClusterConfig) createConfigMap() error {
 	if c.k8s == nil {
 		return nil
@@ -288,6 +359,20 @@ func (c *ClusterConfig) updateConfigMap() error {
 	return err
 }

+func (c *ClusterConfig) updateConfigFile() error {
+	if err := os.WriteFile(ConfigFileFullPath(), c.configObj.Json(), 0664); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (c *ClusterConfig) createConfigFile() error {
+	if err := os.WriteFile(ConfigFileFullPath(), c.configObj.Json(), 0664); err != nil {
+		return err
+	}
+	return nil
+}
+
 func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) {
 	if len(configMap.Data) == 0 {
 		configMap.Data = make(map[string]string)
@@ -300,7 +385,7 @@ func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) {
 	}
 }
 func loadConfigFromFile() (*ConfigObj, error) {
-	dat, err := ioutil.ReadFile(getter.GetDefaultPath(ConfigFileName + ".json"))
+	dat, err := os.ReadFile(ConfigFileFullPath())
 	if err != nil {
 		return nil, err
 	}
@@ -317,9 +402,38 @@ func readConfig(dat []byte) (*ConfigObj, error) {

 	return configObj, err
 }
-func (c *ClusterConfig) ToMapString() map[string]interface{} {
-	m := map[string]interface{}{}
-	bc, _ := json.Marshal(c.configObj)
-	json.Unmarshal(bc, &m)
-	return m
+
+// Check if the customer is submitted
+func IsSubmitted(clusterConfig *ClusterConfig) bool {
+	return clusterConfig.existsConfigMap() || existsConfigFile()
+}
+
+// Check if the customer is registered
+func IsRegistered(clusterConfig *ClusterConfig) bool {
+
+	// get from armoBE
+	tenantResponse, err := clusterConfig.backendAPI.GetCustomerGUID(clusterConfig.GetCustomerGUID())
+	if err == nil && tenantResponse != nil {
+		if tenantResponse.AdminMail != "" { // this customer already belongs to some user
+			return true
+		}
+	}
+	return false
+}
+
+func DeleteConfig(k8s *k8sinterface.KubernetesApi) error {
+	if err := DeleteConfigMap(k8s); err != nil {
+		return err
+	}
+	if err := DeleteConfigFile(); err != nil {
+		return err
+	}
+	return nil
+}
+func DeleteConfigMap(k8s *k8sinterface.KubernetesApi) error {
+	return k8s.KubernetesClient.CoreV1().ConfigMaps(k8sinterface.GetDefaultNamespace()).Delete(context.Background(), configMapName, metav1.DeleteOptions{})
+}
+
+func DeleteConfigFile() error {
+	return os.Remove(ConfigFileFullPath())
 }
--- a/cautils/display.go
+++ b/cautils/display.go
@@ -24,8 +24,8 @@ var FailureDisplay = color.New(color.Bold, color.FgHiRed).FprintfFunc()
 var WarningDisplay = color.New(color.Bold, color.FgCyan).FprintfFunc()
 var FailureTextDisplay = color.New(color.Faint, color.FgHiRed).FprintfFunc()
 var InfoDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
-var InfoTextDisplay = color.New(color.Faint, color.FgHiYellow).FprintfFunc()
-var SimpleDisplay = color.New(color.Bold, color.FgHiWhite).FprintfFunc()
+var InfoTextDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
+var SimpleDisplay = color.New().FprintfFunc()
 var SuccessDisplay = color.New(color.Bold, color.FgHiGreen).FprintfFunc()
 var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()

--- a/cautils/getter/armoapi.go
+++ b/cautils/getter/armoapi.go
@@ -3,9 +3,11 @@ package getter
 import (
 	"fmt"
 	"net/http"
+	"time"

 	"github.com/armosec/kubescape/cautils/armotypes"
 	"github.com/armosec/kubescape/cautils/opapolicy"
+	"github.com/golang/glog"
 )

 // =======================================================================================================================
@@ -15,22 +17,80 @@ import (
 var (
 	// ATTENTION!!!
 	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFULL
-	ArmoBEURL = "eggdashbe.eudev3.cyberarmorsoft.com"
-	ArmoERURL = "report.eudev3.cyberarmorsoft.com"
-	ArmoFEURL = "armoui.eudev3.cyberarmorsoft.com"
-	// ArmoURL = "https://dashbe.euprod1.cyberarmorsoft.com"
+	armoERURL = "report.armo.cloud"
+	armoBEURL = "api.armo.cloud"
+	armoFEURL = "portal.armo.cloud"
+
+	armoDevERURL = "report.eudev3.cyberarmorsoft.com"
+	armoDevBEURL = "eggdashbe.eudev3.cyberarmorsoft.com"
+	armoDevFEURL = "armoui.eudev3.cyberarmorsoft.com"
 )

 // Armo API for downloading policies
 type ArmoAPI struct {
 	httpClient *http.Client
+	apiURL     string
+	erURL      string
+	feURL      string
 }

-func NewArmoAPI() *ArmoAPI {
+var globalArmoAPIConnecctor *ArmoAPI
+
+func SetARMOAPIConnector(armoAPI *ArmoAPI) {
+	globalArmoAPIConnecctor = armoAPI
+}
+
+func GetArmoAPIConnector() *ArmoAPI {
+	if globalArmoAPIConnecctor == nil {
+		glog.Error("returning nil API connector")
+	}
+	return globalArmoAPIConnecctor
+}
+
+func NewARMOAPIDev() *ArmoAPI {
+	apiObj := newArmoAPI()
+
+	apiObj.apiURL = armoDevBEURL
+	apiObj.erURL = armoDevERURL
+	apiObj.feURL = armoDevFEURL
+
+	return apiObj
+}
+
+func NewARMOAPIProd() *ArmoAPI {
+	apiObj := newArmoAPI()
+
+	apiObj.apiURL = armoBEURL
+	apiObj.erURL = armoERURL
+	apiObj.feURL = armoFEURL
+
+	return apiObj
+}
+
+func NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL string) *ArmoAPI {
+	apiObj := newArmoAPI()
+
+	apiObj.erURL = armoERURL
+	apiObj.apiURL = armoBEURL
+	apiObj.feURL = armoFEURL
+
+	return apiObj
+}
+
+func newArmoAPI() *ArmoAPI {
 	return &ArmoAPI{
-		httpClient: &http.Client{},
+		httpClient: &http.Client{Timeout: time.Duration(61) * time.Second},
 	}
 }
+
+func (armoAPI *ArmoAPI) GetFrontendURL() string {
+	return armoAPI.feURL
+}
+
+func (armoAPI *ArmoAPI) GetReportReceiverURL() string {
+	return armoAPI.erURL
+}
+
 func (armoAPI *ArmoAPI) GetFramework(name string) (*opapolicy.Framework, error) {
 	respStr, err := HttpGetter(armoAPI.httpClient, armoAPI.getFrameworkURL(name))
 	if err != nil {
--- a/cautils/getter/armoapiutils.go
+++ b/cautils/getter/armoapiutils.go
@@ -8,7 +8,7 @@ import (
 func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 	u := url.URL{}
 	u.Scheme = "https"
-	u.Host = ArmoBEURL
+	u.Host = armoAPI.apiURL
 	u.Path = "v1/armoFrameworks"
 	q := u.Query()
 	q.Add("customerGUID", "11111111-1111-1111-1111-111111111111")
@@ -22,7 +22,7 @@ func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 func (armoAPI *ArmoAPI) getExceptionsURL(customerGUID, clusterName string) string {
 	u := url.URL{}
 	u.Scheme = "https"
-	u.Host = ArmoBEURL
+	u.Host = armoAPI.apiURL
 	u.Path = "api/v1/armoPostureExceptions"

 	q := u.Query()
@@ -38,7 +38,7 @@ func (armoAPI *ArmoAPI) getExceptionsURL(customerGUID, clusterName string) strin
 func (armoAPI *ArmoAPI) getCustomerURL() string {
 	u := url.URL{}
 	u.Scheme = "https"
-	u.Host = ArmoBEURL
+	u.Host = armoAPI.apiURL
 	u.Path = "api/v1/createTenant"
 	return u.String()
 }
--- a/cautils/getter/downloadreleasedpolicy.go
+++ b/cautils/getter/downloadreleasedpolicy.go
@@ -3,8 +3,9 @@ package getter
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
+	"time"

 	"github.com/armosec/kubescape/cautils/opapolicy"
 )
@@ -22,7 +23,7 @@ type DownloadReleasedPolicy struct {
 func NewDownloadReleasedPolicy() *DownloadReleasedPolicy {
 	return &DownloadReleasedPolicy{
 		hostURL:    "",
-		httpClient: &http.Client{},
+		httpClient: &http.Client{Timeout: 61 * time.Second},
 	}
 }

@@ -56,7 +57,7 @@ func (drp *DownloadReleasedPolicy) setURL(frameworkName string) error {
 		return fmt.Errorf("failed to download file, status code: %s", resp.Status)
 	}

-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return fmt.Errorf("failed to read response body from '%s', reason: %s", latestReleases, err.Error())
 	}
--- a/cautils/getter/getpolicies.go
+++ b/cautils/getter/getpolicies.go
@@ -12,3 +12,6 @@ type IPolicyGetter interface {
 type IExceptionsGetter interface {
 	GetExceptions(customerGUID, clusterName string) ([]armotypes.PostureExceptionPolicy, error)
 }
+type IBackend interface {
+	GetCustomerGUID(customerGUID string) (*TenantResponse, error)
+}
--- a/cautils/getter/getpoliciesutils.go
+++ b/cautils/getter/getpoliciesutils.go
@@ -5,8 +5,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"net/url"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"

@@ -21,14 +21,26 @@ func GetDefaultPath(name string) string {
 	return defaultfilePath
 }

-func SaveFrameworkInFile(framework *opapolicy.Framework, path string) error {
+func SaveFrameworkInFile(framework *opapolicy.Framework, pathStr string) error {
 	encodedData, err := json.Marshal(framework)
 	if err != nil {
 		return err
 	}
-	err = os.WriteFile(path, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+	err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
 	if err != nil {
-		return err
+		if os.IsNotExist(err) {
+			pathDir := path.Dir(pathStr)
+			if err := os.Mkdir(pathDir, 0744); err != nil {
+				return err
+			}
+		} else {
+			return err
+
+		}
+		err = os.WriteFile(pathStr, []byte(fmt.Sprintf("%v", string(encodedData))), 0644)
+		if err != nil {
+			return err
+		}
 	}
 	return nil
 }
@@ -86,29 +98,3 @@ func httpRespToString(resp *http.Response) (string, error) {

 	return respStr, err
 }
-
-// URLEncoder encode url
-func urlEncoder(oldURL string) string {
-	fullURL := strings.Split(oldURL, "?")
-	baseURL, err := url.Parse(fullURL[0])
-	if err != nil {
-		return ""
-	}
-
-	// Prepare Query Parameters
-	if len(fullURL) > 1 {
-		params := url.Values{}
-		queryParams := strings.Split(fullURL[1], "&")
-		for _, i := range queryParams {
-			queryParam := strings.Split(i, "=")
-			val := ""
-			if len(queryParam) > 1 {
-				val = queryParam[1]
-			}
-			params.Add(queryParam[0], val)
-		}
-		baseURL.RawQuery = params.Encode()
-	}
-
-	return baseURL.String()
-}
--- a/cautils/getter/loadpolicy.go
+++ b/cautils/getter/loadpolicy.go
@@ -3,7 +3,7 @@ package getter
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strings"

 	"github.com/armosec/kubescape/cautils/armotypes"
@@ -29,7 +29,7 @@ func NewLoadPolicy(filePath string) *LoadPolicy {
 func (lp *LoadPolicy) GetFramework(frameworkName string) (*opapolicy.Framework, error) {

 	framework := &opapolicy.Framework{}
-	f, err := ioutil.ReadFile(lp.filePath)
+	f, err := os.ReadFile(lp.filePath)
 	if err != nil {
 		return nil, err
 	}
@@ -44,7 +44,7 @@ func (lp *LoadPolicy) GetFramework(frameworkName string) (*opapolicy.Framework,
 func (lp *LoadPolicy) GetExceptions(customerGUID, clusterName string) ([]armotypes.PostureExceptionPolicy, error) {

 	exception := []armotypes.PostureExceptionPolicy{}
-	f, err := ioutil.ReadFile(lp.filePath)
+	f, err := os.ReadFile(lp.filePath)
 	if err != nil {
 		return nil, err
 	}
--- a/cautils/k8sinterface/cloudvendorregistrycreds.go
+++ b/cautils/k8sinterface/cloudvendorregistrycreds.go
@@ -5,7 +5,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"
 	"net/url"
 	"strings"
@@ -105,7 +105,7 @@ func getAzureAADAccessToken() (string, error) {
 	}

 	// Pull out response body
-	responseBytes, err := ioutil.ReadAll(resp.Body)
+	responseBytes, err := io.ReadAll(resp.Body)
 	defer resp.Body.Close()
 	if err != nil {
 		return "", fmt.Errorf("reading response body : %v", err)
@@ -173,7 +173,7 @@ func excahngeAzureAADAccessTokenForACRRefreshToken(registry, tenantID, azureAADA
 	}

 	// Pull out response body
-	responseBytes, err := ioutil.ReadAll(resp.Body)
+	responseBytes, err := io.ReadAll(resp.Body)
 	defer resp.Body.Close()
 	if err != nil {
 		return "", fmt.Errorf("reading response body : %v", err)
--- a/cautils/k8sinterface/k8sconfig.go
+++ b/cautils/k8sinterface/k8sconfig.go
@@ -104,13 +104,18 @@ func GetClusterName() string {
 }

 func GetDefaultNamespace() string {
+	defaultNamespace := "default"
 	clientCfg, err := clientcmd.NewDefaultClientConfigLoadingRules().Load()
 	if err != nil {
-		return "default"
+		return defaultNamespace
 	}
-	namespace := clientCfg.Contexts[clientCfg.CurrentContext].Namespace
-	if namespace == "" {
-		namespace = "default"
+	apiContext, ok := clientCfg.Contexts[clientCfg.CurrentContext]
+	if !ok || apiContext == nil {
+		return defaultNamespace
+	}
+	namespace := apiContext.Namespace
+	if apiContext.Namespace == "" {
+		namespace = defaultNamespace
 	}
 	return namespace
 }
--- a/cautils/k8sinterface/k8sdynamic_test.go
+++ b/cautils/k8sinterface/k8sdynamic_test.go
@@ -37,7 +37,7 @@ func NewKubernetesApiMock() *KubernetesApi {
 // 	} else {
 // 		bla, _ := json.Marshal(clientResource)
 // 		// t.Errorf("BearerToken: %v", *K8SConfig)
-// 		// ioutil.WriteFile("bla.json", bla, 777)
+// 		// os.WriteFile("bla.json", bla, 777)
 // 		t.Errorf("clientResource: %s", string(bla))
 // 	}
 // }
--- a/cautils/opapolicy/datastructures.go
+++ b/cautils/opapolicy/datastructures.go
@@ -41,7 +41,8 @@ type FrameworkReport struct {
 }
 type ControlReport struct {
 	armotypes.PortalBase `json:",inline"`
-	ControlID            string       `json:"id"`
+	Control_ID           string       `json:"id,omitempty"` // to be Deprecated
+	ControlID            string       `json:"controlID"`
 	Name                 string       `json:"name"`
 	RuleReports          []RuleReport `json:"ruleReports"`
 	Remediation          string       `json:"remediation"`
@@ -101,7 +102,8 @@ type PolicyRule struct {
 // Control represents a collection of rules which are combined together to single purpose
 type Control struct {
 	armotypes.PortalBase `json:",inline"`
-	ControlID            string       `json:"id"`
+	Control_ID           string       `json:"id,omitempty"` // to be Deprecated
+	ControlID            string       `json:"controlID"`
 	CreationTime         string       `json:"creationTime"`
 	Description          string       `json:"description"`
 	Remediation          string       `json:"remediation"`
--- a/cautils/opapolicy/datastructuresmethods.go
+++ b/cautils/opapolicy/datastructuresmethods.go
@@ -3,8 +3,6 @@ package opapolicy
 import (
 	"bytes"
 	"encoding/json"
-
-	"github.com/armosec/kubescape/cautils/k8sinterface"
 )

 func (pn *PolicyNotification) ToJSONBytesBuffer() (*bytes.Buffer, error) {
@@ -124,53 +122,17 @@ func (ruleReport *RuleReport) GetNumberOfFailedResources() int {
 	sum := 0
 	for i := len(ruleReport.RuleResponses) - 1; i >= 0; i-- {
 		if ruleReport.RuleResponses[i].GetSingleResultStatus() == "failed" {
-			if !ruleReport.DeleteIfRedundantResponse(&ruleReport.RuleResponses[i], i) {
-				sum++
-			}
+			sum += len(ruleReport.RuleResponses[i].AlertObject.K8SApiObjects)
 		}
 	}
 	return sum
 }

-func (ruleReport *RuleReport) DeleteIfRedundantResponse(RuleResponse *RuleResponse, index int) bool {
-	if b, rr := ruleReport.IsDuplicateResponseOfResource(RuleResponse, index); b {
-		rr.AddMessageToResponse(RuleResponse.AlertMessage)
-		ruleReport.RuleResponses = removeResponse(ruleReport.RuleResponses, index)
-		return true
-	}
-	return false
-}
-
-func (ruleResponse *RuleResponse) AddMessageToResponse(message string) {
-	ruleResponse.AlertMessage += message
-}
-
-func (ruleReport *RuleReport) IsDuplicateResponseOfResource(RuleResponse *RuleResponse, index int) (bool, *RuleResponse) {
-	for i := range ruleReport.RuleResponses {
-		if i != index {
-			for j := range ruleReport.RuleResponses[i].AlertObject.K8SApiObjects {
-				for k := range RuleResponse.AlertObject.K8SApiObjects {
-					w1 := k8sinterface.NewWorkloadObj(ruleReport.RuleResponses[i].AlertObject.K8SApiObjects[j])
-					w2 := k8sinterface.NewWorkloadObj(RuleResponse.AlertObject.K8SApiObjects[k])
-					if w1.GetName() == w2.GetName() && w1.GetNamespace() == w2.GetNamespace() && w1.GetKind() != "Role" && w1.GetKind() != "ClusterRole" {
-						return true, &ruleReport.RuleResponses[i]
-					}
-				}
-			}
-		}
-	}
-	return false, nil
-}
-
-func removeResponse(slice []RuleResponse, index int) []RuleResponse {
-	return append(slice[:index], slice[index+1:]...)
-}
-
 func (ruleReport *RuleReport) GetNumberOfWarningResources() int {
 	sum := 0
 	for i := range ruleReport.RuleResponses {
 		if ruleReport.RuleResponses[i].GetSingleResultStatus() == "warning" {
-			sum += 1
+			sum += len(ruleReport.RuleResponses[i].AlertObject.K8SApiObjects)
 		}
 	}
 	return sum
--- a/cautils/opapolicy/resources/resourcesutils.go
+++ b/cautils/opapolicy/resources/resourcesutils.go
@@ -3,7 +3,6 @@ package resources
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -94,7 +93,7 @@ func LoadRegoFiles(dir string) map[string]string {
 	// Compile the module. The keys are used as identifiers in error messages.
 	filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 		if err == nil && strings.HasSuffix(path, ".rego") && !info.IsDir() {
-			content, err := ioutil.ReadFile(path)
+			content, err := os.ReadFile(path)
 			if err != nil {
 				glog.Errorf("LoadRegoFiles, Failed to load: %s: %v", path, err)
 			} else {
--- a/cautils/opapolicy/resources/resourcesutils_test.go
+++ b/cautils/opapolicy/resources/resourcesutils_test.go
@@ -1,17 +1 @@
 package resources
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-)
-
-func TestLoadRegoDependenciesFromDir(t *testing.T) {
-	dir, _ := os.Getwd()
-	t.Errorf("%s", filepath.Join(dir, "rego/dependencies"))
-	return
-	// modules := LoadRegoDependenciesFromDir("")
-	// if len(modules) == 0 {
-	// 	t.Errorf("modules len == 0")
-	// }
-}
--- a/cautils/scaninfo.go
+++ b/cautils/scaninfo.go
@@ -10,16 +10,19 @@ import (
 type ScanInfo struct {
 	Getters
 	PolicyIdentifier   opapolicy.PolicyIdentifier
-	UseExceptions      string
-	UseFrom            string
-	UseDefault         bool
-	Format             string
-	Output             string
-	ExcludedNamespaces string
-	InputPatterns      []string
-	Silent             bool
-	FailThreshold      uint16
-	DoNotSendResults   bool
+	UseExceptions      string   // Load exceptions configuration
+	UseFrom            string   // Load framework from local file (instead of download). Use when running offline
+	UseDefault         bool     // Load framework from cached file (instead of download). Use when running offline
+	Format             string   // Format results (table, json, junit ...)
+	Output             string   // Store results in an output file, Output file name
+	ExcludedNamespaces string   // DEPRECATED?
+	InputPatterns      []string // Yaml files input patterns
+	Silent             bool     // Silent mode - Do not print progress logs
+	FailThreshold      uint16   // Failure score threshold
+	DoNotSendResults   bool     // DEPRECATED
+	Submit             bool     // Submit results to Armo BE
+	Local              bool     // Do not submit results
+	Account            string   // account ID
 }

 type Getters struct {
@@ -40,7 +43,7 @@ func (scanInfo *ScanInfo) setUseExceptions() {
 		// load exceptions from file
 		scanInfo.ExceptionsGetter = getter.NewLoadPolicy(scanInfo.UseExceptions)
 	} else {
-		scanInfo.ExceptionsGetter = getter.NewArmoAPI()
+		scanInfo.ExceptionsGetter = getter.GetArmoAPIConnector()
 	}

 }
--- a/cautils/strutils_test.go
+++ b/cautils/strutils_test.go
@@ -13,7 +13,13 @@ func TestConvertLabelsToString(t *testing.T) {
 	spilltedA := strings.Split(rsrt, ";")
 	spilltedB := strings.Split(str, ";")
 	for i := range spilltedA {
-		if spilltedA[i] != spilltedB[i] {
+		exists := false
+		for j := range spilltedB {
+			if spilltedB[j] == spilltedA[i] {
+				exists = true
+			}
+		}
+		if !exists {
 			t.Errorf("%s != %s", spilltedA[i], spilltedB[i])
 		}
 	}
--- a/cmd/cluster_get.go
+++ b/cmd/cluster_get.go
@@ -31,7 +31,7 @@ var getCmd = &cobra.Command{
 		key := keyValue[0]

 		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.NewArmoAPI())
+		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector())
 		val, err := clusterConfig.GetValueByKeyFromConfigMap(key)
 		if err != nil {
 			if err.Error() == "value does not exist." {
--- a/cmd/cluster_set.go
+++ b/cmd/cluster_set.go
@@ -30,7 +30,7 @@ var setCmd = &cobra.Command{
 		data := keyValue[1]

 		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.NewArmoAPI())
+		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector())
 		if err := clusterConfig.SetKeyValueInConfigmap(key, data); err != nil {
 			return err
 		}
--- a/cmd/config.go
+++ b/cmd/config.go
@@ -10,7 +10,6 @@ var configCmd = &cobra.Command{
 	Short: "Set configuration",
 	Long:  ``,
 	Run: func(cmd *cobra.Command, args []string) {
-
 	},
 }

--- a/cmd/download.go
+++ b/cmd/download.go
@@ -11,7 +11,7 @@ import (
 var downloadInfo cautils.DownloadInfo

 var downloadCmd = &cobra.Command{
-	Use:   "download framework <framework-name>",
+	Use:   fmt.Sprintf("download framework <framework-name> [flags]\nSupported frameworks: %s", validFrameworks),
 	Short: "Download framework controls",
 	Long:  ``,
 	Args: func(cmd *cobra.Command, args []string) error {
--- a/cmd/framework.go
+++ b/cmd/framework.go
@@ -1,10 +1,8 @@
 package cmd

 import (
-	"flag"
 	"fmt"
 	"io"
-	"io/ioutil"
 	"os"
 	"strings"

@@ -23,7 +21,8 @@ import (
 )

 var scanInfo cautils.ScanInfo
-var supportedFrameworks = []string{"nsa"}
+var supportedFrameworks = []string{"nsa", "mitre"}
+var validFrameworks = strings.Join(supportedFrameworks, ", ")

 type CLIHandler struct {
 	policyHandler *policyhandler.PolicyHandler
@@ -31,7 +30,8 @@ type CLIHandler struct {
 }

 var frameworkCmd = &cobra.Command{
-	Use:       "framework <framework name> [`<glob patter>`/`-`] [flags]",
+
+	Use:       fmt.Sprintf("framework <framework name> [`<glob pattern>`/`-`] [flags]\nSupported frameworks: %s", validFrameworks),
 	Short:     fmt.Sprintf("The framework you wish to use. Supported frameworks: %s", strings.Join(supportedFrameworks, ", ")),
 	Long:      "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
 	ValidArgs: supportedFrameworks,
@@ -39,7 +39,7 @@ var frameworkCmd = &cobra.Command{
 		if len(args) < 1 && !(cmd.Flags().Lookup("use-from").Changed) {
 			return fmt.Errorf("requires at least one argument")
 		} else if len(args) > 0 {
-			if !isValidFramework(args[0]) {
+			if !isValidFramework(strings.ToLower(args[0])) {
 				return fmt.Errorf(fmt.Sprintf("supported frameworks: %s", strings.Join(supportedFrameworks, ", ")))
 			}
 		}
@@ -50,13 +50,13 @@ var frameworkCmd = &cobra.Command{
 		scanInfo.PolicyIdentifier.Kind = opapolicy.KindFramework

 		if !(cmd.Flags().Lookup("use-from").Changed) {
-			scanInfo.PolicyIdentifier.Name = args[0]
+			scanInfo.PolicyIdentifier.Name = strings.ToLower(args[0])
 		}
 		if len(args) > 0 {
 			if len(args[1:]) == 0 || args[1] != "-" {
 				scanInfo.InputPatterns = args[1:]
 			} else { // store stout to file
-				tempFile, err := ioutil.TempFile(".", "tmp-kubescape*.yaml")
+				tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 				if err != nil {
 					return err
 				}
@@ -86,30 +86,33 @@ func isValidFramework(framework string) bool {
 func init() {
 	scanCmd.AddCommand(frameworkCmd)
 	scanInfo = cautils.ScanInfo{}
-	frameworkCmd.Flags().StringVar(&scanInfo.UseFrom, "use-from", "", "Path to load framework from")
-	frameworkCmd.Flags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load framework from default path")
-	frameworkCmd.Flags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to file containing list of exceptions")
-	frameworkCmd.Flags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from check")
-	frameworkCmd.Flags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. supported formats: "pretty-printer"/"json"/"junit"`)
-	frameworkCmd.Flags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. print output to file and not stdout")
+	frameworkCmd.Flags().StringVar(&scanInfo.UseFrom, "use-from", "", "Load local framework object from specified path. If not used will download latest")
+	frameworkCmd.Flags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local framework object from default path. If not used will download latest")
+	frameworkCmd.Flags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from Armo management portal")
+	frameworkCmd.Flags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system, kube-public")
+	frameworkCmd.Flags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer"/"json"/"junit"`)
+	frameworkCmd.Flags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
 	frameworkCmd.Flags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
-	frameworkCmd.Flags().Uint16VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 0, "Failure threshold is the percent bellow which the command fails and returns exit code -1")
-	frameworkCmd.Flags().BoolVarP(&scanInfo.DoNotSendResults, "results-locally", "", false, "Kubescape sends scan results to Armosec backend to allow users to control exceptions and maintain chronological scan results. Use this flag if you do not wish to use these features")
+	frameworkCmd.Flags().Uint16VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 0, "Failure threshold is the percent bellow which the command fails and returns exit code 1")
+	frameworkCmd.Flags().BoolVarP(&scanInfo.DoNotSendResults, "results-locally", "", false, "Deprecated. Please use `--keep-local` instead")
+	frameworkCmd.Flags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
+	frameworkCmd.Flags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to Armo backend. Use this flag if you ran with the `--submit` flag in the past and you do not want to submit your current scan results")
+	frameworkCmd.Flags().StringVarP(&scanInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
+
 }

 func CliSetup() error {
-	flag.Parse()
-
-	if 100 < scanInfo.FailThreshold {
-		fmt.Println("bad argument: out of range threshold")
-		os.Exit(1)
-	}
+	flagValidation()

 	var k8s *k8sinterface.KubernetesApi
+	var clusterConfig cautils.IClusterConfig
 	if !scanInfo.ScanRunningCluster() {
 		k8sinterface.ConnectedToCluster = false
+		clusterConfig = cautils.NewEmptyConfig()
 	} else {
 		k8s = k8sinterface.NewKubernetesApi()
+		// setup cluster config
+		clusterConfig =  cautils.ClusterConfigSetup(&scanInfo, k8s, getter.GetArmoAPIConnector())
 	}

 	processNotification := make(chan *cautils.OPASessionObj)
@@ -118,17 +121,10 @@ func CliSetup() error {
 	// policy handler setup
 	policyHandler := policyhandler.NewPolicyHandler(&processNotification, k8s)

-	// load cluster config
-	var clusterConfig cautils.IClusterConfig
-	if !scanInfo.DoNotSendResults && k8sinterface.ConnectedToCluster {
-		clusterConfig = cautils.NewClusterConfig(k8s, getter.NewArmoAPI())
-	} else {
-		clusterConfig = cautils.NewEmptyConfig()
-	}
-
-	if err := clusterConfig.SetCustomerGUID(); err != nil {
+	if err := clusterConfig.SetCustomerGUID(scanInfo.Account); err != nil {
 		fmt.Println(err)
 	}
+
 	cautils.CustomerGUID = clusterConfig.GetCustomerGUID()
 	cautils.ClusterName = k8sinterface.GetClusterName()

@@ -188,3 +184,18 @@ func (clihandler *CLIHandler) Scan() error {
 	}
 	return nil
 }
+
+func flagValidation() {
+	if scanInfo.DoNotSendResults {
+		fmt.Println("Deprecated. Please use `--keep-local` instead")
+	}
+
+	if scanInfo.Submit && scanInfo.Local {
+		fmt.Println("You can use `keep-local` or `submit`, but not both")
+		os.Exit(1)
+	}
+	if 100 < scanInfo.FailThreshold {
+		fmt.Println("bad argument: out of range threshold")
+		os.Exit(1)
+	}
+}
--- a/cmd/local_get.go
+++ b/cmd/local_get.go
@@ -5,7 +5,6 @@ import (
 	"strings"

 	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
 	"github.com/spf13/cobra"
 )

@@ -31,7 +30,7 @@ var localGetCmd = &cobra.Command{
 		val, err := cautils.GetValueFromConfigJson(key)
 		if err != nil {
 			if err.Error() == "value does not exist." {
-				fmt.Printf("Could net get value from: %s, reason: %s\n", getter.GetDefaultPath(cautils.ConfigFileName+".json"), err)
+				fmt.Printf("Could net get value from: %s, reason: %s\n", cautils.ConfigFileFullPath(), err)
 				return nil
 			}
 			return err
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,15 +1,29 @@
 package cmd

 import (
+	"flag"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/golang/glog"
 	"github.com/spf13/cobra"
 )

 var cfgFile string
+var armoBEURLs = ""
+
+const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"

 var rootCmd = &cobra.Command{
 	Use:   "kubescape",
 	Short: "Kubescape is a tool for testing Kubernetes security posture",
-	Long:  `Kubescape is a tool for testing Kubernetes security posture based on NSA specifications.`,
+	Long:  `Kubescape is a tool for testing Kubernetes security posture based on NSA \ MITRE ATT&CK® specifications.`,
+	PersistentPreRunE: func(cmd *cobra.Command, args []string) error {
+		flag.Parse()
+		InitArmoBEConnector()
+		return nil
+	},
 }

 func Execute() {
@@ -17,9 +31,38 @@ func Execute() {
 }

 func init() {
+	flag.CommandLine.StringVar(&armoBEURLs, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&armoBEURLs, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().MarkHidden("environment")
 	cobra.OnInitialize(initConfig)
+
 }

 // initConfig reads in config file and ENV variables if set.
 func initConfig() {
 }
+
+func InitArmoBEConnector() {
+	urlSlices := strings.Split(armoBEURLs, ",")
+	if len(urlSlices) > 3 {
+		glog.Errorf("Too many URLs")
+		os.Exit(1)
+	}
+	switch len(urlSlices) {
+	case 1:
+		switch urlSlices[0] {
+		case "dev":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+		case "":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+		default:
+			glog.Errorf("--environment flag usage: %s", envFlagUsage)
+			os.Exit(1)
+		}
+	case 2:
+		glog.Errorf("--environment flag usage: %s", envFlagUsage)
+		os.Exit(1)
+	case 3:
+		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(urlSlices[0], urlSlices[1], urlSlices[2]))
+	}
+}
--- a/cmd/version.go
+++ b/cmd/version.go
@@ -3,7 +3,7 @@ package cmd
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"io"
 	"net/http"

 	"github.com/spf13/cobra"
@@ -32,7 +32,7 @@ func GetLatestVersion() (string, error) {
 		return "", fmt.Errorf("failed to download file, status code: %s", resp.Status)
 	}

-	body, err := ioutil.ReadAll(resp.Body)
+	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return "", fmt.Errorf("failed to read response body from '%s', reason: %s", latestVersion, err.Error())
 	}
--- a/docs/favicon.ico
+++ b/docs/favicon.ico
--- a/docs/index.html
+++ b/docs/index.html
@@ -0,0 +1,24 @@
+<html>
+
+<head>
+    <title>
+        Kubscape Website
+    </title>
+    <link rel="icon" type="image/x-icon" href="favicon.ico">
+</head>
+<style>
+    img {
+        display: block;
+        margin-left: auto;
+        margin-right: auto;
+    }
+</style>
+
+<body style="text-align: center;">
+    <img src="kubescape.png" alt="Kubescap logo" style="width:20%">
+    <iframe src="https://discordapp.com/widget?id=893048809884643379&theme=dark" width="350" height="500"
+        allowtransparency="true" frameborder="0"
+        sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"></iframe>
+</body>
+
+</html>
--- a/docs/summary.png
+++ b/docs/summary.png
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/armosec/kubescape

-go 1.16
+go 1.17

 require (
 	github.com/aws/aws-sdk-go v1.40.30
@@ -28,3 +28,57 @@ require (
 	k8s.io/client-go v0.22.1
 	sigs.k8s.io/controller-runtime v0.9.6
 )
+
+require (
+	cloud.google.com/go v0.81.0 // indirect
+	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+	github.com/Azure/go-autorest/autorest v0.11.18 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.13 // indirect
+	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+	github.com/Azure/go-autorest/logger v0.2.1 // indirect
+	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
+	github.com/OneOfOne/xxhash v1.2.8 // indirect
+	github.com/bytecodealliance/wasmtime-go v0.28.0 // indirect
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/evanphx/json-patch v4.11.0+incompatible // indirect
+	github.com/form3tech-oss/jwt-go v3.2.3+incompatible // indirect
+	github.com/ghodss/yaml v1.0.0 // indirect
+	github.com/go-logr/logr v0.4.0 // indirect
+	github.com/gobwas/glob v0.2.3 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.2 // indirect
+	github.com/google/go-cmp v0.5.5 // indirect
+	github.com/google/gofuzz v1.1.0 // indirect
+	github.com/googleapis/gnostic v0.5.5 // indirect
+	github.com/imdario/mergo v0.3.12 // indirect
+	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/jmespath/go-jmespath v0.4.0 // indirect
+	github.com/json-iterator/go v1.1.11 // indirect
+	github.com/mattn/go-colorable v0.1.8 // indirect
+	github.com/mattn/go-runewidth v0.0.9 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.1 // indirect
+	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pquerna/cachecontrol v0.0.0-20171018203845-0dec1b30a021 // indirect
+	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
+	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
+	github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b // indirect
+	golang.org/x/crypto v0.0.0-20210220033148-5ea612d1eb83 // indirect
+	golang.org/x/net v0.0.0-20210614182718-04defd469f4e // indirect
+	golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c // indirect
+	golang.org/x/term v0.0.0-20210220032956-6a3ed077a48d // indirect
+	golang.org/x/text v0.3.6 // indirect
+	golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.26.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/square/go-jose.v2 v2.2.2 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
+	k8s.io/klog/v2 v2.9.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20210421082810-95288971da7e // indirect
+	k8s.io/utils v0.0.0-20210722164352-7f3ee0f31471 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.1.2 // indirect
+	sigs.k8s.io/yaml v1.2.0 // indirect
+)
--- a/go.sum
+++ b/go.sum
--- a/install.ps1
+++ b/install.ps1
@@ -0,0 +1,26 @@
+Write-Host "Installing Kubescape..." -ForegroundColor Cyan
+
+$BASE_DIR=$env:USERPROFILE + "\.kubescape"
+$packageName = "/kubescape-windows-latest"
+
+# Get latest release url
+$config = Invoke-WebRequest "https://api.github.com/repos/armosec/kubescape/releases/latest" | ConvertFrom-Json
+$url = $config.html_url.Replace("/tag/","/download/")
+$fullUrl = $url + $packageName
+
+# Create a new directory if needed
+New-Item -Path $BASE_DIR -ItemType "directory" -ErrorAction SilentlyContinue
+
+# Download the binary
+Invoke-WebRequest -Uri $fullUrl -OutFile $BASE_DIR\kubescape.exe
+
+# Update user PATH if needed
+$currentPath = [Environment]::GetEnvironmentVariable("Path", "User")
+if (-not $currentPath.Contains($BASE_DIR)) {
+    $confirmation = Read-Host "Add kubescape to user path? (y/n)"
+    if ($confirmation -eq 'y') {
+        [Environment]::SetEnvironmentVariable("Path", [Environment]::GetEnvironmentVariable("Path", "User") + ";$BASE_DIR;", "User")
+    }
+}
+
+Write-Host "Finished Installation" -ForegroundColor Green 
--- a/install.sh
+++ b/install.sh
@@ -9,23 +9,17 @@ KUBESCAPE_EXEC=kubescape

 osName=$(uname -s)
 if [[ $osName == *"MINGW"* ]]; then
-    osName=windows-latest
+    osName=windows
 elif [[ $osName == *"Darwin"* ]]; then
-    osName=macos-latest
+    osName=macos
 else
-    osName=ubuntu-latest
+    osName=ubuntu
 fi

-GITHUB_OWNER=armosec
-
-DOWNLOAD_URL=$(curl --silent "https://api.github.com/repos/$GITHUB_OWNER/kubescape/releases/latest" | grep -o "browser_download_url.*${osName}.*")
-DOWNLOAD_URL=${DOWNLOAD_URL//\"}
-DOWNLOAD_URL=${DOWNLOAD_URL/browser_download_url: /}
-
 mkdir -p $BASE_DIR 

 OUTPUT=$BASE_DIR/$KUBESCAPE_EXEC
-
+DOWNLOAD_URL="https://github.com/armosec/kubescape/releases/latest/download/kubescape-${osName}-latest"
 curl --progress-bar -L $DOWNLOAD_URL -o $OUTPUT

 # Checking if SUDO needed/exists 
--- a/opaprocessor/processorhandler.go
+++ b/opaprocessor/processorhandler.go
@@ -112,7 +112,9 @@ func (opap *OPAProcessor) processFramework(framework *opapolicy.Framework) (*opa
 		if err != nil {
 			errs = fmt.Errorf("%v\n%s", errs, err.Error())
 		}
-		controlReports = append(controlReports, *controlReport)
+		if controlReport != nil {
+			controlReports = append(controlReports, *controlReport)
+		}
 	}
 	frameworkReport.ControlReports = controlReports
 	return &frameworkReport, errs
@@ -124,6 +126,7 @@ func (opap *OPAProcessor) processControl(control *opapolicy.Control) (*opapolicy
 	controlReport := opapolicy.ControlReport{}
 	controlReport.PortalBase = control.PortalBase
 	controlReport.ControlID = control.ControlID
+	controlReport.Control_ID = control.Control_ID // TODO: delete when 'id' is deprecated

 	controlReport.Name = control.Name
 	controlReport.Description = control.Description
@@ -139,6 +142,9 @@ func (opap *OPAProcessor) processControl(control *opapolicy.Control) (*opapolicy
 			ruleReports = append(ruleReports, *ruleReport)
 		}
 	}
+	if len(ruleReports) == 0 {
+		return nil, nil
+	}
 	controlReport.RuleReports = ruleReports
 	return &controlReport, errs
 }
--- a/opaprocessor/processorhandlerutils.go
+++ b/opaprocessor/processorhandlerutils.go
@@ -98,6 +98,7 @@ func editRuleResponses(ruleResponses []opapolicy.RuleResponse) []opapolicy.RuleR
 				// resource found -> remove from slice
 				ruleResponses = removeFromSlice(ruleResponses, i)
 				lenRuleResponses -= 1
+				i -= 1
 				break
 			} else {
 				cleanRuleResponses(w)
--- a/policyhandler/filesloader.go
+++ b/policyhandler/filesloader.go
@@ -4,7 +4,6 @@ import (
 	"bytes"
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
 	"os"
 	"path/filepath"
 	"strings"
@@ -131,7 +130,7 @@ func loadFiles(filePaths []string) ([]k8sinterface.IWorkload, []error) {
 }

 func loadFile(filePath string) ([]byte, error) {
-	return ioutil.ReadFile(filePath)
+	return os.ReadFile(filePath)
 }
 func readFile(fileContent []byte, fileFromat FileFormat) ([]k8sinterface.IWorkload, []error) {

--- a/policyhandler/filesloader_test.go
+++ b/policyhandler/filesloader_test.go
@@ -6,29 +6,20 @@ import (
 	"path/filepath"
 	"strings"
 	"testing"
-
-	"github.com/armosec/kubescape/cautils"
 )

-func combine(base, rel string) string {
-	finalPath := []string{}
-	sBase := strings.Split(base, "/")
-	sRel := strings.Split(rel, "/")
-	for i := range sBase {
-		if cautils.StringInSlice(sRel, sBase[i]) != cautils.ValueNotFound {
-			finalPath = append(finalPath, sRel...)
-			break
-		}
-		finalPath = append(finalPath, sBase[i])
-	}
-	return fmt.Sprintf("/%s", filepath.Join(finalPath...))
-}
 func onlineBoutiquePath() string {
 	o, _ := os.Getwd()
-	return combine(o, "github.com/armosec/kubescape/examples/online-boutique/*")
+	return filepath.Join(filepath.Dir(o), "examples/online-boutique/*")
 }
+
 func TestListFiles(t *testing.T) {
-	files, errs := listFiles([]string{onlineBoutiquePath()})
+	workDir, err := os.Getwd()
+	fmt.Printf("\n------------------\n%s,%v\n--------------\n", workDir, err)
+	filesPath := onlineBoutiquePath()
+	fmt.Printf("\n------------------\n%s\n--------------\n", filesPath)
+
+	files, errs := listFiles([]string{filesPath})
 	if len(errs) > 0 {
 		t.Error(errs)
 	}
@@ -44,15 +35,15 @@ func TestLoadFiles(t *testing.T) {
 }

 func TestLoadFile(t *testing.T) {
-	files, _ := listFiles([]string{strings.Replace(onlineBoutiquePath(), "*", "bi-monitor.yaml", 1)})
+	files, _ := listFiles([]string{strings.Replace(onlineBoutiquePath(), "*", "adservice.yaml", 1)})
 	_, err := loadFile(files[0])
 	if err != nil {
 		t.Errorf("%v", err)
 	}
 }
 func TestLoadResources(t *testing.T) {
-
-	// k8sResources, err = policyHandler.loadResources(opaSessionObj.Frameworks, scanInfo)
+	// policyHandler := &PolicyHandler{}
+	// k8sResources, err := policyHandler.loadResources(opaSessionObj.Frameworks, scanInfo)
 	// files, _ := listFiles([]string{onlineBoutiquePath()})
 	// bb, err := loadFile(files[0])
 	// if len(err) > 0 {
--- a/policyhandler/handlepullpolicies.go
+++ b/policyhandler/handlepullpolicies.go
@@ -2,6 +2,7 @@ package policyhandler

 import (
 	"fmt"
+	"strings"

 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/armotypes"
@@ -18,14 +19,16 @@ func (policyHandler *PolicyHandler) GetPoliciesFromBackend(notification *opapoli
 		switch rule.Kind {
 		case opapolicy.KindFramework:
 			receivedFramework, recExceptionPolicies, err := policyHandler.getFrameworkPolicies(rule.Name)
-			if err != nil {
-				return nil, nil, fmt.Errorf("kind: %v, name: %s, error: %s", rule.Kind, rule.Name, err.Error())
-			}
 			if receivedFramework != nil {
 				frameworks = append(frameworks, *receivedFramework)
 				if recExceptionPolicies != nil {
 					exceptionPolicies = append(exceptionPolicies, recExceptionPolicies...)
 				}
+			} else if err != nil {
+				if strings.Contains(err.Error(), "unsupported protocol scheme") {
+					err = fmt.Errorf("failed to download from GitHub release, try running with `--use-default` flag")
+				}
+				return nil, nil, fmt.Errorf("kind: %v, name: %s, error: %s", rule.Kind, rule.Name, err.Error())
 			}

 		default:
--- a/policyhandler/k8sresources.go
+++ b/policyhandler/k8sresources.go
@@ -65,11 +65,8 @@ func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVer

 	// set labels
 	listOptions := metav1.ListOptions{}
-	if excludedNamespaces != "" && k8sinterface.IsNamespaceScope(resource.Group, resource.Resource) {
-		excludedNamespacesSlice := strings.Split(excludedNamespaces, ",")
-		for _, excludedNamespace := range excludedNamespacesSlice {
-			listOptions.FieldSelector += "metadata.namespace!=" + excludedNamespace + ","
-		}
+	if excludedNamespaces != "" {
+		setFieldSelector(&listOptions, resource, excludedNamespaces)
 	}
 	if len(labels) > 0 {
 		set := k8slabels.Set(labels)
@@ -93,3 +90,18 @@ func (policyHandler *PolicyHandler) pullSingleResource(resource *schema.GroupVer
 	return result.Items, nil

 }
+
+func setFieldSelector(listOptions *metav1.ListOptions, resource *schema.GroupVersionResource, excludedNamespaces string) {
+	fieldSelector := "metadata."
+	if resource.Resource == "namespaces" {
+		fieldSelector += "name"
+	} else if k8sinterface.IsNamespaceScope(resource.Group, resource.Resource) {
+		fieldSelector += "namespace"
+	} else {
+		return
+	}
+	excludedNamespacesSlice := strings.Split(excludedNamespaces, ",")
+	for _, excludedNamespace := range excludedNamespacesSlice {
+		listOptions.FieldSelector += fmt.Sprintf("%s!=%s,", fieldSelector, excludedNamespace)
+	}
+}
--- a/resultshandling/printer/printresults.go
+++ b/resultshandling/printer/printresults.go
@@ -45,12 +45,7 @@ func calculatePostureScore(postureReport *opapolicy.PostureReport) float32 {
 	totalFailed := 0
 	for _, frameworkReport := range postureReport.FrameworkReports {
 		for _, controlReport := range frameworkReport.ControlReports {
-			for _, ruleReport := range controlReport.RuleReports {
-				for _, ruleResponses := range ruleReport.RuleResponses {
-					totalFailed += len(ruleResponses.AlertObject.K8SApiObjects)
-					totalFailed += len(ruleResponses.AlertObject.ExternalObjects)
-				}
-			}
+			totalFailed += controlReport.GetNumberOfFailedResources()
 			totalResources += controlReport.GetNumberOfResources()
 		}
 	}
@@ -133,8 +128,8 @@ func (printer *Printer) PrintResults() {

 func (printer *Printer) printSummary(controlName string, controlSummary *ControlSummary) {
 	cautils.SimpleDisplay(printer.writer, "Summary - ")
-	cautils.SuccessDisplay(printer.writer, "Passed:%v   ", controlSummary.TotalResources-controlSummary.TotalFailed)
-	cautils.WarningDisplay(printer.writer, "Warning:%v   ", controlSummary.TotalWarnign)
+	cautils.SuccessDisplay(printer.writer, "Passed:%v   ", controlSummary.TotalResources-controlSummary.TotalFailed-controlSummary.TotalWarnign)
+	cautils.WarningDisplay(printer.writer, "Excluded:%v   ", controlSummary.TotalWarnign)
 	cautils.FailureDisplay(printer.writer, "Failed:%v   ", controlSummary.TotalFailed)
 	cautils.InfoDisplay(printer.writer, "Total:%v\n", controlSummary.TotalResources)
 	if controlSummary.TotalFailed > 0 {
@@ -151,7 +146,7 @@ func (printer *Printer) printTitle(controlName string, controlSummary *ControlSu
 	} else if controlSummary.TotalFailed != 0 {
 		cautils.FailureDisplay(printer.writer, "failed %v\n", emoji.SadButRelievedFace)
 	} else if controlSummary.TotalWarnign != 0 {
-		cautils.WarningDisplay(printer.writer, "warning %v\n", emoji.NeutralFace)
+		cautils.WarningDisplay(printer.writer, "excluded %v\n", emoji.NeutralFace)
 	} else {
 		cautils.SuccessDisplay(printer.writer, "passed %v\n", emoji.ThumbsUp)
 	}
@@ -194,7 +189,7 @@ func generateRow(control string, cs ControlSummary) []string {
 }

 func generateHeader() []string {
-	return []string{"Control Name", "Failed Resources", "Warning Resources", "All Resources", "% success"}
+	return []string{"Control Name", "Failed Resources", "Excluded Resources", "All Resources", "% success"}
 }

 func percentage(big, small int) int {
--- a/resultshandling/reporter/reporteventreceiverutils.go
+++ b/resultshandling/reporter/reporteventreceiverutils.go
@@ -37,7 +37,7 @@ func initEventReceiverURL() *url.URL {
 	urlObj := url.URL{}

 	urlObj.Scheme = "https"
-	urlObj.Host = getter.ArmoERURL
+	urlObj.Host = getter.GetArmoAPIConnector().GetReportReceiverURL()
 	urlObj.Path = "/k8s/postureReport"
 	q := urlObj.Query()
 	q.Add("customerGUID", uuid.FromStringOrNil(cautils.CustomerGUID).String())
--- a/scapepkg/exceptions/exceptionprocessor.go
+++ b/scapepkg/exceptions/exceptionprocessor.go
@@ -1,6 +1,8 @@
 package exceptions

 import (
+	"regexp"
+
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/k8sinterface"

@@ -96,7 +98,7 @@ func hasException(designator *armotypes.PortalDesignator, workload k8sinterface.
 		return false // if designators are empty
 	}

-	if cluster != "" && cautils.ClusterName != "" && cluster != cautils.ClusterName { // TODO - where do we receive cluster name from?
+	if cluster != "" && cautils.ClusterName != "" && !regexCompare(cluster, cautils.ClusterName) { // TODO - where do we receive cluster name from?
 		return false // cluster name does not match
 	}

@@ -120,17 +122,17 @@ func hasException(designator *armotypes.PortalDesignator, workload k8sinterface.

 func compareNamespace(workload k8sinterface.IWorkload, namespace string) bool {
 	if workload.GetKind() == "Namespace" {
-		return namespace == workload.GetName()
+		return regexCompare(namespace, workload.GetName())
 	}
-	return namespace == workload.GetNamespace()
+	return regexCompare(namespace, workload.GetNamespace())
 }

 func compareKind(workload k8sinterface.IWorkload, kind string) bool {
-	return kind == workload.GetKind()
+	return regexCompare(kind, workload.GetKind())
 }

 func compareName(workload k8sinterface.IWorkload, name string) bool {
-	return name == workload.GetName()
+	return regexCompare(workload.GetName(), name)
 }

 func compareLabels(workload k8sinterface.IWorkload, attributes map[string]string) bool {
@@ -139,3 +141,8 @@ func compareLabels(workload k8sinterface.IWorkload, attributes map[string]string

 	return designators.Matches(workloadLabels)
 }
+
+func regexCompare(reg, name string) bool {
+	r, _ := regexp.MatchString(reg, name)
+	return r
+}
--- a/scapepkg/score/score.go
+++ b/scapepkg/score/score.go
@@ -3,7 +3,7 @@ package score
 import (
 	"encoding/json"
 	"fmt"
-	"io/ioutil"
+	"os"
 	"strings"

 	appsv1 "k8s.io/api/apps/v1"
@@ -157,7 +157,7 @@ func getPostureFrameworksScores(weightPath string) map[string]map[string]Control
 		weightPath = weightPath + "/"
 	}
 	frameworksScoreMap := make(map[string]map[string]ControlScoreWeights)
-	dat, err := ioutil.ReadFile(weightPath + "frameworkdict.json")
+	dat, err := os.ReadFile(weightPath + "frameworkdict.json")
 	if err != nil {
 		return nil
 	}
@@ -174,7 +174,7 @@ func getPostureResourceScores(weightPath string) map[string]float32 {
 		weightPath = weightPath + "/"
 	}
 	resourceScoreMap := make(map[string]float32)
-	dat, err := ioutil.ReadFile(weightPath + "resourcesdict.json")
+	dat, err := os.ReadFile(weightPath + "resourcesdict.json")
 	if err != nil {
 		return nil
 	}
--- a/scapepkg/score/score_mocks.go
+++ b/scapepkg/score/score_mocks.go
@@ -2,7 +2,7 @@ package score

 import (
 	"encoding/json"
-	"io/ioutil"
+	"os"
 	"strings"

 	k8sinterface "github.com/armosec/kubescape/cautils/k8sinterface"
@@ -12,7 +12,7 @@ import (
 func loadResourcesMock() []map[string]interface{} {
 	resources := make([]map[string]interface{}, 0)

-	dat, err := ioutil.ReadFile("resourcemocks.json")
+	dat, err := os.ReadFile("resourcemocks.json")

 	if err != nil {
 		return resources
@@ -51,7 +51,7 @@ func getResouceByType(desiredType string) map[string]interface{} {
 func loadFrameworkMock() *opapolicy.FrameworkReport {
 	report := &opapolicy.FrameworkReport{}

-	dat, err := ioutil.ReadFile("frameworkmock.json")
+	dat, err := os.ReadFile("frameworkmock.json")

 	if err != nil {
 		return report
--- a/website/index.html
+++ b/website/index.html
@@ -0,0 +1,14 @@
+<html>
+    <head>
+        <title>
+            Kubscape Website
+        </title>
+        <h1>Kubscape Website</h1>
+    </head>
+    <body>
+<h2>
+    Join us!!!
+    <iframe src="https://discordapp.com/widget?id=893048809884643379&theme=dark" width="350" height="500" allowtransparency="true" frameborder="0" sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"></iframe>
+</h2>
+    </body>
+</html>
Author	SHA1	Message	Date
David Wertenteil	906c69a86d	Merge pull request #169 from armosec/rotemamsa-patch-1 Delete backendconnectormethods.go	2021-10-18 10:28:19 +03:00
Rotem Refael	9c65aadcc7	Delete backendconnectormethods.go	2021-10-18 10:26:59 +03:00
Rotem Refael	89a05d247b	Merge pull request #159 from armosec/dev test help message after build	2021-10-14 15:43:28 +03:00
Bezbran	7faf24cf88	build python3 --version && python3 build.py	2021-10-14 14:48:47 +03:00
Bezbran	7bebc7a814	master PR python 3 for build	2021-10-14 14:48:16 +03:00
Bezbran	8647a087dd	Merge pull request #162 from Bezbran/dev python3 for build	2021-10-14 14:40:25 +03:00
Bezalel Brandwine	78670665c4	build.py support only pthon 3.7 and above	2021-10-14 14:39:43 +03:00
Bezalel Brandwine	1dd587cd83	try python3	2021-10-14 14:30:58 +03:00
Bezalel Brandwine	d69cccf821	print python version	2021-10-14 14:24:49 +03:00
Bezbran	8ae3b9c28f	Merge pull request #161 from Bezbran/dev adapt test_cli_prints to windows	2021-10-14 14:17:42 +03:00
Bezalel Brandwine	9b6ad102b1	adapt test_cli_prints to windows	2021-10-14 14:16:12 +03:00
Bezbran	e6787b77fb	Merge pull request #160 from Bezbran/dev files tests passed locally on windows	2021-10-14 14:10:35 +03:00
Bezalel Brandwine	46449045a6	files tests passed locally on windows	2021-10-14 14:04:55 +03:00
Bezalel Brandwine	d81984b4c6	try to adapt path to windows	2021-10-14 13:28:10 +03:00
Bezbran	22b463f306	Merge pull request #158 from Bezbran/dev test help message after build	2021-10-14 12:13:32 +03:00
Bezalel Brandwine	475e45b848	add CLI prints checks skeleton	2021-10-14 12:07:51 +03:00
Rotem Refael	32fac97d21	Merge pull request #157 from armosec/dev fix --help flag	2021-10-14 11:47:22 +03:00
Bezalel Brandwine	f9f32a1062	comment in file loading tests	2021-10-14 11:43:11 +03:00
Bezbran	c90c3bbd05	test help message	2021-10-14 11:32:59 +03:00
Bezbran	cbae9a087b	Merge pull request #6 from armosec/dev Dev	2021-10-14 10:56:39 +03:00
Bezbran	4da199c43e	Merge pull request #156 from Bezbran/dev fix --help flag	2021-10-14 10:55:43 +03:00
Bezalel Brandwine	00d8660a91	fix --help flag	2021-10-14 10:46:42 +03:00
Rotem Refael	76c2f6afe0	Merge pull request #155 from armosec/dev Fixed #148	2021-10-14 10:20:35 +03:00
dwertent	efa53bd83c	fixed loop	2021-10-14 09:13:07 +03:00
dwertent	01f6a1e1c0	fixed counters	2021-10-13 20:41:30 +03:00
Rotem Refael	9f78703dee	Merge pull request #154 from armosec/dev Support in --environment	2021-10-13 17:05:52 +03:00
Bezbran	1a0e96338e	Merge pull request #5 from armosec/dev Merge back pull request #153 from Bezbran/dev	2021-10-13 16:58:31 +03:00
Bezbran	eff4690e0e	Merge pull request #153 from Bezbran/dev add support in --environment=dev or customized URLs	2021-10-13 16:57:39 +03:00
Bezbran	266480c234	Merge branch 'dev' into dev	2021-10-13 16:57:14 +03:00
Bezalel Brandwine	a922d01005	add support in --environment=dev or customized URLs	2021-10-13 16:45:06 +03:00
David Wertenteil	0d9711c8bb	Merge pull request #151 from armosec/dev Fixed issues	2021-10-13 13:02:52 +03:00
David Wertenteil	edab68f4fb	Merge pull request #152 from Bezbran/dev fix download framework command	2021-10-13 12:35:26 +03:00
Bezalel Brandwine	08f04e19ef	fix download framework (create dir if necessary, lower case "download")	2021-10-13 12:24:21 +03:00
David Wertenteil	e62234a6ac	Merge pull request #150 from dwertent/master Fixed issues #149 #76	2021-10-13 12:07:12 +03:00
dwertent	5499c7a96f	fixed #149	2021-10-13 12:03:57 +03:00
dwertent	7f9c5c25ae	fixed #76	2021-10-13 11:58:22 +03:00
Bezbran	b1276d56f7	Merge pull request #4 from armosec/dev Dev	2021-10-13 09:11:24 +03:00
Rotem Refael	b53bf320a6	Merge pull request #141 from armosec/dev Update default upload of results to be opt-in	2021-10-12 18:31:16 +03:00
Daniel Grunberger	81a4c168ed	Merge pull request #147 from Daniel-GrunbergerCA/master fix warning numbers of resources	2021-10-12 18:13:51 +03:00
Daniel-GrunbergerCA	512a1a806e	fix warning numbers of resources	2021-10-12 18:12:49 +03:00
David Wertenteil	c95ef05177	Merge pull request #146 from dwertent/master update flag to keep-local	2021-10-12 18:06:02 +03:00
Daniel Grunberger	563bd8a6a3	Merge pull request #145 from Daniel-GrunbergerCA/master fix number of resources	2021-10-12 17:41:48 +03:00
dwertent	b444542f4d	update flag to keep-local	2021-10-12 17:40:56 +03:00
Daniel-GrunbergerCA	6eded41eee	fix number of resources	2021-10-12 17:08:03 +03:00
YiscahLevySilas1	de91ce182d	Merge pull request #144 from YiscahLevySilas1/dev add controlID field, 'id' to be deprecated	2021-10-12 15:07:10 +03:00
dwertent	afc7f85460	adding demo link to readme	2021-10-12 12:39:26 +03:00
yiscah	c1b4d7de39	add controlID field, 'id' to be deprecated	2021-10-12 10:48:46 +03:00
dwertent	cde5b83bca	update summary	2021-10-12 10:26:30 +03:00
Bezbran	f00106a502	Merge pull request #143 from Bezbran/dev Run release workflow just for merged PRs to master	2021-10-12 10:17:26 +03:00
Bezalel Brandwine	3ae2742717	rmove workflow dependency	2021-10-12 10:05:55 +03:00
David Wertenteil	8deac19945	Merge pull request #142 from dwertent/master Update default unregistered behavior	2021-10-12 10:00:46 +03:00
dwertent	2ad469a5f4	update summary image	2021-10-12 09:57:46 +03:00
dwertent	c67b111c77	do not submit unregisred user	2021-10-12 09:51:14 +03:00
Bezalel Brandwine	ee770e7429	add github actions workflow for opened PRs to master	2021-10-12 09:49:26 +03:00
Bezalel Brandwine	197a3adf6a	trigger release only for push to master to avoid release on closed PRs without merging	2021-10-12 09:38:52 +03:00
Bezbran	269d39497b	Merge pull request #1 from armosec/dev Dev	2021-10-12 09:29:28 +03:00
David Wertenteil	0c3a7ac02b	Merge pull request #140 from dwertent/master split setCustomer func	2021-10-12 08:10:02 +03:00
dwertent	07443548c9	split setCustomer func	2021-10-12 07:59:41 +03:00
Ben Hirschberg	e561f78ada	Merge pull request #133 from clfs/clfs/bugfixes Add missing return	2021-10-11 23:22:29 +03:00
Ben Hirschberg	bb88272251	Merge pull request #129 from ferhaty/dev removed references to go mod tidy	2021-10-11 23:21:08 +03:00
Ferhat Yildiz	ce2f3dafae	removed references to go mod tidy since there is a go.sum file now	2021-10-11 17:02:21 +02:00
David Wertenteil	488c67056c	Merge pull request #138 from dwertent/master Update readme	2021-10-11 16:32:25 +03:00
dwertent	351e51208d	Merge remote-tracking branch 'upstream/dev'	2021-10-11 16:29:43 +03:00
dwertent	0c79df7299	restore id after local run, update readme	2021-10-11 16:29:26 +03:00
David Wertenteil	b9a5c5af35	Merge pull request #137 from dwertent/master Update default upload of results to be opt-in	2021-10-11 15:04:07 +03:00
dwertent	59741b84d1	Update default upload of results to be opt-in	2021-10-11 15:00:23 +03:00
David Wertenteil	25efcdf750	Merge pull request #135 from Daniel-GrunbergerCA/master Improve help msgs	2021-10-10 18:50:46 +03:00
Daniel-GrunbergerCA	49dfa6c2a6	Merge remote-tracking branch 'upstream/dev'	2021-10-10 15:50:44 +03:00
Daniel-GrunbergerCA	659647353e	fix return code in help msg	2021-10-10 15:43:08 +03:00
Daniel-GrunbergerCA	0eba51c80b	beautify help msgs	2021-10-10 14:38:14 +03:00
David Wertenteil	35996d11f4	Merge pull request #134 from Daniel-GrunbergerCA/master fix TestConvertLabelsToString test	2021-10-10 14:06:03 +03:00
Daniel-GrunbergerCA	e0e0a811eb	Add supported frameworks to help msg	2021-10-10 14:01:35 +03:00
Daniel-GrunbergerCA	76f400d0aa	fix TestConvertLabelsToString test	2021-10-10 13:06:51 +03:00
Calvin Figuereo-Supraner	8e950e0f54	Add missing return	2021-10-09 21:25:01 -07:00
Rotem Refael	0adb9dd540	Merge pull request #126 from armosec/dev	2021-10-07 19:18:10 +03:00
David Wertenteil	5825555534	Merge pull request #127 from dwertent/master Adding unittest to workflow	2021-10-07 18:24:56 +03:00
dwertent	306a8c6201	Merge remote-tracking branch 'upstream/dev'	2021-10-07 18:19:00 +03:00
dwertent	123b620085	Merge branch 'master' of github.com:armosec/kubescape into dev	2021-10-07 18:14:29 +03:00
dwertent	831e7814be	ignore files	2021-10-07 18:12:21 +03:00
Ben Hirschberg	7c85199ac2	Merge pull request #106 from Juneezee/go1.17 build: upgrade to Go 1.17	2021-10-07 18:05:42 +03:00
dwertent	efec8e4f2f	adding unittest to workflow	2021-10-07 18:02:44 +03:00
Avner Tzur	af4faef9cf	Add macOS brew installation	2021-10-07 17:30:12 +03:00
dwertent	90052ad9e3	Merge branch 'master' of github.com:armosec/kubescape into dev	2021-10-07 15:46:50 +03:00
Rotem Refael	35c7b16e4a	Update build.yaml change report link	2021-10-07 15:18:37 +03:00
David Wertenteil	7ac75acfc2	Merge pull request #125 from dwertent/master Update display color	2021-10-07 15:11:43 +03:00
dwertent	22662fddcd	update display color	2021-10-07 15:03:48 +03:00
David Wertenteil	6df1cdf5d8	Merge pull request #124 from dwertent/master Changing warning to excluded in results	2021-10-07 14:00:19 +03:00
dwertent	2287c51d73	changing warning to excluded	2021-10-07 13:59:20 +03:00
David Wertenteil	372942a14f	Merge pull request #122 from dwertent/master Adding go sum	2021-10-07 10:18:23 +03:00
dwertent	6362246da4	Merge remote-tracking branch 'upstream/dev'	2021-10-07 10:11:41 +03:00
dwertent	9986d69215	adding go sum	2021-10-07 10:11:14 +03:00
Eng Zer Jun	21644e5cba	refactor: move from io/ioutil to io and os package The io/ioutil package has been deprecated as of Go 1.16, see https://golang.org/doc/go1.16#ioutil. This commit replaces the existing io/ioutil functions with their new definitions in io and os packages. Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2021-10-07 00:23:09 +08:00
Eng Zer Jun	ad93217bf6	build: upgrade to Go 1.17 Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	2021-10-07 00:23:04 +08:00
Ben Hirschberg	ca49bc1ddd	Merge pull request #121 from armosec/dev Fixed issues, update windows support	2021-10-06 18:20:37 +03:00
David Wertenteil	1229c73ddc	Merge pull request #120 from dwertent/master Fixing exception cluster name support	2021-10-06 18:16:51 +03:00
dwertent	7416202555	adding mitre example	2021-10-06 18:14:24 +03:00
dwertent	a0ba683eea	Merge remote-tracking branch 'upstream/dev'	2021-10-06 18:12:48 +03:00
dwertent	89654eb26f	update exception cluster name compare	2021-10-06 18:12:33 +03:00
Bezbran	9d1736a141	Typo in readme built.py -->> build.py	2021-10-06 15:22:38 +03:00
David Wertenteil	eaa4ed3da5	Merge pull request #118 from xdavidel/master Update windows support in build	2021-10-06 15:10:02 +03:00
David Delarosa	0db3f65312	Merge remote-tracking branch 'upstream/dev'	2021-10-06 15:05:07 +03:00
David Wertenteil	1ea0a3ccc5	Merge pull request #117 from dwertent/master load configMap configuration before file configuration	2021-10-06 14:24:30 +03:00
dwertent	16cd30bea8	load configMap before file	2021-10-06 14:06:36 +03:00
David Delarosa	075ba4c603	Comment out this windows exe The build workflow relay on the same binary name - so we won't change that right now.	2021-10-06 11:23:56 +03:00
David Delarosa	2d898822df	Merge branch 'dev-win'	2021-10-06 10:36:11 +03:00
David Delarosa	25b8ec82e8	Cannot use both 'uses' and 'run'	2021-10-06 10:21:29 +03:00
David Delarosa	44b74e2681	Change workflow to use build.py script	2021-10-05 17:28:38 +03:00
David Wertenteil	485e171008	Merge pull request #116 from dwertent/master Revert python script build	2021-10-05 17:17:13 +03:00
dwertent	c12eb83b4b	remove comment	2021-10-05 17:12:43 +03:00
dwertent	84060e7823	revert python build	2021-10-05 17:07:30 +03:00
David Wertenteil	d80d50b59d	Merge pull request #115 from dwertent/master fixed in cluster crash - #114	2021-10-05 16:56:00 +03:00
dwertent	f11f054fea	offline not new feature	2021-10-05 16:51:03 +03:00
dwertent	4c1d491d5a	Merge remote-tracking branch 'upstream/dev'	2021-10-05 16:43:54 +03:00
dwertent	2b67cc520c	windows install support	2021-10-05 16:43:05 +03:00
dwertent	2a5712bd3c	fixed in cluster crash	2021-10-05 16:11:41 +03:00
Ben Hirschberg	ccbc11408b	Merge pull request #109 from armosec/dev Update master with fixed issues #95 #96	2021-10-05 09:25:35 +03:00
Bezbran	22bae315be	Merge pull request #112 from Bezbran/dev Add discord using github pages	2021-10-05 09:23:17 +03:00
Bezalel Brandwine	740ab7cb46	point readme discord to github pages	2021-10-05 09:21:58 +03:00
Bezalel Brandwine	cdaa9aa1b0	discord UI beautify	2021-10-05 09:18:39 +03:00
Bezbran	875f82dcbb	Merge pull request #4 from armosec/dev Dev from org	2021-10-05 09:18:03 +03:00
Ben Hirschberg	e8f6bdd64a	Merge pull request #108 from YiscahLevySilas1/master added mitre to supported frameworks	2021-10-04 17:06:00 +03:00
yiscah	25247491ee	add mitre to supportedFrameworks, accept upper/lowercase "MITRE"	2021-10-04 16:56:18 +03:00
Ben Hirschberg	57ae3dc3a7	Merge pull request #107 from dwertent/master Fixed #95, #96	2021-10-04 16:53:48 +03:00
dwertent	27d00b58d7	Adding star to readme, support wild labels	2021-10-04 15:15:18 +03:00
Bezalel Brandwine	263821ce67	landing page in docs dir	2021-10-04 14:57:11 +03:00
Bezalel Brandwine	3c12247b00	add index html as GitHub pages landing page	2021-10-04 14:54:04 +03:00
Bezbran	56d41596f6	Merge pull request #3 from armosec/dev Dev merge	2021-10-04 14:32:51 +03:00
Avner Tzur	f0cd1965b4	update git repo URL using https	2021-10-04 13:51:47 +03:00
dwertent	3a4c06a818	fixed issue #95	2021-10-03 17:22:50 +03:00