update go mod

update readme
2026-02-14 18:09:55 +00:00 · 2022-07-05 11:20:44 +03:00 · 2022-07-05 11:13:39 +03:00 · 2022-07-05 11:12:58 +03:00 · 2022-07-05 11:11:17 +03:00 · 2022-07-05 10:34:33 +03:00
254 changed files with 13776 additions and 4625 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -28,18 +28,25 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
      - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
-          go-version: 1.17
-
-      - name: Test
+          go-version: 1.18
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: go test -v ./...

+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
      - name: Build
        env:
          RELEASE: v2.0.${{ github.run_number }} 
+          CLIENT: release
          ArmoBEServer: api.armo.cloud
          ArmoAuthServer: auth.armo.cloud
          ArmoERServer: report.armo.cloud
@@ -74,9 +81,6 @@ jobs:
          asset_path: build/${{ matrix.os }}/kubescape.sha256
          asset_name: kubescape-${{ matrix.os }}-sha256
          asset_content_type: application/octet-stream
-
-
-
  build-docker:
    name: Build docker container, tag and upload to registry
    needs: build
@@ -98,28 +102,28 @@ jobs:
        id: image-name
        run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/kubescape'

-      - name: Build the Docker image
-        run: docker build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
-      - name: Re-Tag Image to latest
-        run: docker tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} ${{ steps.image-name.outputs.IMAGE_NAME }}:latest
-      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
      - name: Login to Quay.io
-        env: # Or as an environment variable
+        env:
          QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
          QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
        run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
+
+      - name: Build the Docker image
+        run: docker buildx build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:latest --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg client=image-release --push --platform linux/amd64,linux/arm64
+
      # - name: Login to GitHub Container Registry
      #   uses: docker/login-action@v1
      #   with:
      #     registry: ghcr.io
      #     username: ${{ github.actor }}
      #     password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push Docker image
-        run: |
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }}
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:latest
-      
+    
      # TODO - Wait for casign to support fixed tags -> https://github.com/sigstore/cosign/issues/1424
      # - name: Install cosign
      #   uses: sigstore/cosign-installer@main
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -11,19 +11,35 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
-      - uses: actions/checkout@v1
-
+      - uses: actions/checkout@v3
      - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
-          go-version: 1.17
+          go-version: 1.18
          
-      - name: Test
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      
+      # - name: Test core pkg
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   run: cd core && go test -v ./...
+
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: go test -v ./...

+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
      - name: Build
        env:
          RELEASE: v2.0.${{ github.run_number }} 
+          CLIENT: release-dev
          ArmoBEServer: api.armo.cloud
          ArmoAuthServer: auth.armo.cloud
          ArmoERServer: report.armo.cloud
@@ -64,21 +80,17 @@ jobs:
        id: image-name
        run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/kubescape'

-      - name: Build the Docker image
-        run: docker build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
      - name: Login to Quay.io
        env:
          QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
          QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
        run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
-      # - name: Login to GitHub Container Registry
-      #   uses: docker/login-action@v1
-      #   with:
-      #     registry: ghcr.io
-      #     username: ${{ github.actor }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push Docker image
-        run: |
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
+
+      - name: Build the Docker image
+        run: docker buildx build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg client=image-dev --push --platform linux/amd64,linux/arm64
--- a/.github/workflows/master_pr_checks.yaml
+++ b/.github/workflows/master_pr_checks.yaml
@@ -12,19 +12,27 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
-      - uses: actions/checkout@v1
-
+      - uses: actions/checkout@v3
      - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
-          go-version: 1.17
+          go-version: 1.18

-      - name: Test
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: go test -v ./...

+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
      - name: Build
        env:
          RELEASE: v2.0.${{ github.run_number }} 
+          CLIENT: test
          ArmoBEServer: api.armo.cloud
          ArmoAuthServer: auth.armo.cloud
          ArmoERServer: report.armo.cloud
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@
 *vender*
 *.pyc*
 .idea
+.history
 ca.srl
--- a/README.md
+++ b/README.md
@@ -12,11 +12,23 @@ Kubescape integrates natively with other DevOps tools, including Jenkins, Circle

 </br>

+<!-- # Kubescape Coverage
+<img src="docs/ksfromcodetodeploy.png">
+
+</br> -->
+
+
+# Kubescape CLI:
 <img src="docs/demo.gif">

+</br>
+
+<!-- # Kubescape overview:
+<img src="docs/ARMO-header-2022.gif"> -->
+
 # TL;DR
 ## Install:
-```
+```sh
 curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
 ```

@@ -24,9 +36,13 @@ curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh |

 [Install on macOS](#install-on-macos)

+[Install on NixOS or Linux/macOS via nix](#install-on-nixos-or-with-nix-community)
+
+[Install using Go](#install-using-go)
+
 ## Run:
-```
-kubescape scan --submit --enable-host-scan
+```sh
+kubescape scan --submit --enable-host-scan --verbose
 ```

 <img src="docs/summary.png">
@@ -89,13 +105,49 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser

 ## Install on macOS

-1. ```
+1. ```sh
    brew tap armosec/kubescape
    ```
-2. ```
+2. ```sh
    brew install kubescape
    ```

+## Install on NixOS or with nix (Community)
+
+Direct issues installing `kubescape` via `nix` through the channels mentioned [here](https://nixos.wiki/wiki/Support)
+
+You can use `nix` on Linux or macOS and on other platforms unofficially.
+
+Try it out in an ephemeral shell: `nix-shell -p kubescape`
+
+Install declarative as usual
+
+NixOS:
+
+```nix
+  # your other config ...
+  environment.systemPackages = with pkgs; [
+    # your other packages ...
+    kubescape
+  ];
+```
+
+home-manager:
+
+```nix
+  # your other config ...
+  home.packages = with pkgs; [
+    # your other packages ...
+    kubescape
+  ];
+```
+
+Or to your profile (not preferred): `nix-env --install -A nixpkgs.kubescape`
+
+## Install using Go
+
+With a sufficient version of `go` you can install and build with `go install github.com/armosec/kubescape/v2@latest`
+
 ## Usage & Examples

 ### Examples
@@ -103,7 +155,7 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser

 #### Scan a running Kubernetes cluster and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan --submit --enable-host-scan
+kubescape scan --submit --enable-host-scan  --verbose
 ```

 > Read [here](https://hub.armo.cloud/docs/host-sensor) more about the `enable-host-scan` flag
@@ -135,14 +187,14 @@ kubescape scan --include-namespaces development,staging,production
 kubescape scan --exclude-namespaces kube-system,kube-public
 ```

-#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI)
+#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI) Submit the results in case the directory is a git repo. [docs](https://hub.armo.cloud/docs/repository-scanning)
 ```
-kubescape scan *.yaml
+kubescape scan *.yaml --submit
 ```

-#### Scan kubernetes manifest files from a public github repository 
+#### Scan kubernetes manifest files from a git repository [and submit the results](https://hub.armo.cloud/docs/repository-scanning)
 ```
-kubescape scan https://github.com/armosec/kubescape
+kubescape scan https://github.com/armosec/kubescape --submit
 ```

 #### Display all scanned resources (including the resources who passed) 
@@ -181,16 +233,11 @@ kubescape scan --format prometheus
 kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json
 ```

-#### Scan Helm charts - Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout
+#### Scan Helm charts 
 ```
-helm template [NAME] [CHART] [flags] --dry-run | kubescape scan -
+kubescape scan </path/to/directory> --submit
 ```
-
-e.g.
-```
-helm template bitnami/mysql --generate-name --dry-run | kubescape scan -
-```
-
+> Kubescape will load the default values file

 ### Offline/Air-gaped Environment Support

@@ -255,6 +302,19 @@ Now you can submit the results to the Kubescape SaaS version -
 kubescape submit results path/to/results.json
 ```

+
+# Integrations
+
+## VS Code Extension 
+
+![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/kubescape.kubescape?label=VScode) ![Open VSX](https://img.shields.io/open-vsx/dt/kubescape/kubescape?label=openVSX&color=yellowgreen)
+
+Scan the YAML files while writing them using the [vs code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) 
+
+## Lens Extension
+
+View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using kubescape [Lens extension](https://github.com/armosec/lens-kubescape/blob/master/README.md)
+
 # Under the hood

 ## Technology
--- a/build.py
+++ b/build.py
@@ -4,80 +4,82 @@ import hashlib
 import platform
 import subprocess

-BASE_GETTER_CONST = "github.com/armosec/kubescape/cautils/getter"
+BASE_GETTER_CONST = "github.com/armosec/kubescape/v2/core/cautils/getter"
 BE_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoBEURL"
 ER_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoERURL"
 WEBSITE_CONST     = BASE_GETTER_CONST + ".ArmoFEURL"
 AUTH_SERVER_CONST = BASE_GETTER_CONST + ".armoAUTHURL"

-def checkStatus(status, msg):
+def check_status(status, msg):
    if status != 0:
        sys.stderr.write(msg)
        exit(status)


-def getBuildDir():
-    currentPlatform = platform.system()
-    buildDir = "build/"
+def get_build_dir():
+    current_platform = platform.system()
+    build_dir = "./build/"

-    if currentPlatform == "Windows": buildDir += "windows-latest"
-    elif currentPlatform == "Linux": buildDir += "ubuntu-latest"
-    elif currentPlatform == "Darwin": buildDir += "macos-latest"
-    else: raise OSError("Platform %s is not supported!" % (currentPlatform))
+    if current_platform == "Windows": build_dir += "windows-latest"
+    elif current_platform == "Linux": build_dir += "ubuntu-latest"
+    elif current_platform == "Darwin": build_dir += "macos-latest"
+    else: raise OSError("Platform %s is not supported!" % (current_platform))

-    return buildDir
+    return build_dir

-def getPackageName():
-    packageName = "kubescape"
-    # if platform.system() == "Windows": packageName += ".exe"
+def get_package_name():
+    package_name = "kubescape"
+    # if platform.system() == "Windows": package_name += ".exe"

-    return packageName
+    return package_name


 def main():
    print("Building Kubescape")

-    # print environment variables
-    # print(os.environ)
-
    # Set some variables
-    packageName = getPackageName()
-    buildUrl = "github.com/armosec/kubescape/cautils.BuildNumber"
-    releaseVersion = os.getenv("RELEASE")
-    ArmoBEServer = os.getenv("ArmoBEServer")
-    ArmoERServer = os.getenv("ArmoERServer")
-    ArmoWebsite = os.getenv("ArmoWebsite")
-    ArmoAuthServer = os.getenv("ArmoAuthServer")
+    package_name = get_package_name()
+    build_url = "github.com/armosec/kubescape/v2/core/cautils.BuildNumber"
+    release_version = os.getenv("RELEASE")
+    armo_be_server = os.getenv("ArmoBEServer")
+    armo_er_server = os.getenv("ArmoERServer")
+    armo_website = os.getenv("ArmoWebsite")
+    armo_auth_server = os.getenv("ArmoAuthServer")

+    client_var = "github.com/armosec/kubescape/v2/core/cautils.Client"
+    client_name = os.getenv("CLIENT")
+    
    # Create build directory
-    buildDir = getBuildDir()
+    build_dir = get_build_dir()

-    ks_file = os.path.join(buildDir, packageName)
+    ks_file = os.path.join(build_dir, package_name)
    hash_file = ks_file + ".sha256"

-    if not os.path.isdir(buildDir):
-        os.makedirs(buildDir)
+    if not os.path.isdir(build_dir):
+        os.makedirs(build_dir)

    # Build kubescape
    ldflags = "-w -s"
-    if releaseVersion:
-        ldflags += " -X {}={}".format(buildUrl, releaseVersion)
-    if ArmoBEServer:
-        ldflags += " -X {}={}".format(BE_SERVER_CONST, ArmoBEServer)
-    if ArmoERServer:
-        ldflags += " -X {}={}".format(ER_SERVER_CONST, ArmoERServer)
-    if ArmoWebsite:
-        ldflags += " -X {}={}".format(WEBSITE_CONST, ArmoWebsite)
-    if ArmoAuthServer:
-        ldflags += " -X {}={}".format(AUTH_SERVER_CONST, ArmoAuthServer)
-
+    if release_version:
+        ldflags += " -X {}={}".format(build_url, release_version)
+    if client_name:
+        ldflags += " -X {}={}".format(client_var, client_name)
+    if armo_be_server:
+        ldflags += " -X {}={}".format(BE_SERVER_CONST, armo_be_server)
+    if armo_er_server:
+        ldflags += " -X {}={}".format(ER_SERVER_CONST, armo_er_server)
+    if armo_website:
+        ldflags += " -X {}={}".format(WEBSITE_CONST, armo_website)
+    if armo_auth_server:
+        ldflags += " -X {}={}".format(AUTH_SERVER_CONST, armo_auth_server)
+ 
    build_command = ["go", "build", "-o", ks_file, "-ldflags" ,ldflags]

    print("Building kubescape and saving here: {}".format(ks_file))
    print("Build command: {}".format(" ".join(build_command)))

    status = subprocess.call(build_command)
-    checkStatus(status, "Failed to build kubescape")
+    check_status(status, "Failed to build kubescape")
    
    sha256 = hashlib.sha256()
    with open(ks_file, "rb") as kube:
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,9 +1,10 @@
-FROM golang:1.17-alpine as builder
-#ENV GOPROXY=https://goproxy.io,direct
+FROM golang:1.18-alpine as builder

 ARG image_version
+ARG client

 ENV RELEASE=$image_version
+ENV CLIENT=$client

 ENV GO111MODULE=

@@ -18,14 +19,30 @@ RUN pip3 install --no-cache --upgrade pip setuptools
 WORKDIR /work
 ADD . .

+# build kubescape server
+WORKDIR /work/httphandler
 RUN python build.py
-
 RUN ls -ltr build/ubuntu-latest

+# build kubescape cmd
+WORKDIR /work
+RUN python build.py
+
+RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts
+
 FROM alpine
+
+RUN addgroup -S armo && adduser -S armo -G armo
+
+RUN mkdir /home/armo/.kubescape
+COPY --from=builder /work/artifacts/ /home/armo/.kubescape
+
+RUN chown -R armo:armo /home/armo/.kubescape
+
+USER armo
+WORKDIR /home/armo
+
+COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver
 COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape

-# # Download the frameworks. Use the "--use-default" flag when running kubescape
-# RUN kubescape download framework nsa && kubescape download framework mitre
-
-ENTRYPOINT ["kubescape"]
+ENTRYPOINT ["ksserver"]
--- a/cautils/datastructures.go
+++ b/cautils/datastructures.go
@@ -1,75 +0,0 @@
-package cautils
-
-import (
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
-)
-
-// K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
-type K8SResources map[string][]string
-
-type OPASessionObj struct {
-	K8SResources    *K8SResources                          // input k8s objects
-	Frameworks      []reporthandling.Framework             // list of frameworks to scan
-	AllResources    map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
-	ResourcesResult map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
-	PostureReport   *reporthandling.PostureReport          // scan results v1
-	Report          *reporthandlingv2.PostureReport        // scan results v2
-	Exceptions      []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
-	RegoInputData   RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
-}
-
-func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources) *OPASessionObj {
-	return &OPASessionObj{
-		Report:          &reporthandlingv2.PostureReport{},
-		Frameworks:      frameworks,
-		K8SResources:    k8sResources,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
-		PostureReport: &reporthandling.PostureReport{
-			ClusterName:  ClusterName,
-			CustomerGUID: CustomerGUID,
-		},
-	}
-}
-
-func NewOPASessionObjMock() *OPASessionObj {
-	return &OPASessionObj{
-		Frameworks:      nil,
-		K8SResources:    nil,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
-		Report:          &reporthandlingv2.PostureReport{},
-		PostureReport: &reporthandling.PostureReport{
-			ClusterName:  "",
-			CustomerGUID: "",
-			ReportID:     "",
-			JobID:        "",
-		},
-	}
-}
-
-type ComponentConfig struct {
-	Exceptions Exception `json:"exceptions"`
-}
-
-type Exception struct {
-	Ignore        *bool                      `json:"ignore"`        // ignore test results
-	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
-	Namespaces    []string                   `json:"namespaces"`
-	Regex         string                     `json:"regex"` // not supported
-}
-
-type RegoInputData struct {
-	PostureControlInputs map[string][]string `json:"postureControlInputs"`
-	// ClusterName          string              `json:"clusterName"`
-	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
-}
-
-type Policies struct {
-	Frameworks []string
-	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
-}
--- a/cautils/downloadinfo.go
+++ b/cautils/downloadinfo.go
@@ -1,9 +0,0 @@
-package cautils
-
-type DownloadInfo struct {
-	Path     string // directory to save artifact. Default is "~/.kubescape/"
-	FileName string // can be empty
-	Target   string // type of artifact to download
-	Name     string // name of artifact to download
-	Account  string // customerGUID
-}
--- a/cautils/environments.go
+++ b/cautils/environments.go
@@ -1,11 +0,0 @@
-package cautils
-
-// CA environment vars
-var (
-	CustomerGUID          = ""
-	ClusterName           = ""
-	EventReceiverURL      = ""
-	NotificationServerURL = ""
-	DashboardBackendURL   = ""
-	RestAPIPort           = "4001"
-)
--- a/cautils/fileutils.go
+++ b/cautils/fileutils.go
@@ -1,239 +0,0 @@
-package cautils
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/opa-utils/objectsenvelopes"
-	"gopkg.in/yaml.v2"
-)
-
-var (
-	YAML_PREFIX = []string{".yaml", ".yml"}
-	JSON_PREFIX = []string{".json"}
-)
-
-type FileFormat string
-
-const (
-	YAML_FILE_FORMAT FileFormat = "yaml"
-	JSON_FILE_FORMAT FileFormat = "json"
-)
-
-func LoadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetadata, error) {
-	files, errs := listFiles(inputPatterns)
-	if len(errs) > 0 {
-		logger.L().Error(fmt.Sprintf("%v", errs))
-	}
-	if len(files) == 0 {
-		return nil, nil
-	}
-
-	workloads, errs := loadFiles(files)
-	if len(errs) > 0 {
-		logger.L().Error(fmt.Sprintf("%v", errs))
-	}
-	return workloads, nil
-}
-
-func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
-	workloads := []workloadinterface.IMetadata{}
-	errs := []error{}
-	for i := range filePaths {
-		f, err := loadFile(filePaths[i])
-		if err != nil {
-			errs = append(errs, err)
-			continue
-		}
-		w, e := ReadFile(f, GetFileFormat(filePaths[i]))
-		errs = append(errs, e...)
-		if w != nil {
-			workloads = append(workloads, w...)
-		}
-	}
-	return workloads, errs
-}
-
-func loadFile(filePath string) ([]byte, error) {
-	return os.ReadFile(filePath)
-}
-func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IMetadata, []error) {
-
-	switch fileFromat {
-	case YAML_FILE_FORMAT:
-		return readYamlFile(fileContent)
-	case JSON_FILE_FORMAT:
-		return readJsonFile(fileContent)
-	default:
-		return nil, nil // []error{fmt.Errorf("file extension %s not supported", fileFromat)}
-	}
-
-}
-
-func listFiles(patterns []string) ([]string, []error) {
-	files := []string{}
-	errs := []error{}
-	for i := range patterns {
-		if strings.HasPrefix(patterns[i], "http") {
-			continue
-		}
-		if !filepath.IsAbs(patterns[i]) {
-			o, _ := os.Getwd()
-			patterns[i] = filepath.Join(o, patterns[i])
-		}
-		if IsFile(patterns[i]) {
-			files = append(files, patterns[i])
-		} else {
-			f, err := glob(filepath.Split(patterns[i])) //filepath.Glob(patterns[i])
-			if err != nil {
-				errs = append(errs, err)
-			} else {
-				files = append(files, f...)
-			}
-		}
-	}
-	return files, errs
-}
-
-func readYamlFile(yamlFile []byte) ([]workloadinterface.IMetadata, []error) {
-	errs := []error{}
-
-	r := bytes.NewReader(yamlFile)
-	dec := yaml.NewDecoder(r)
-	yamlObjs := []workloadinterface.IMetadata{}
-
-	var t interface{}
-	for dec.Decode(&t) == nil {
-		j := convertYamlToJson(t)
-		if j == nil {
-			continue
-		}
-		if obj, ok := j.(map[string]interface{}); ok {
-			if o := objectsenvelopes.NewObject(obj); o != nil {
-				if o.GetKind() == "List" {
-					yamlObjs = append(yamlObjs, handleListObject(o)...)
-				} else {
-					yamlObjs = append(yamlObjs, o)
-				}
-			}
-		} else {
-			errs = append(errs, fmt.Errorf("failed to convert yaml file to map[string]interface, file content: %v", j))
-		}
-	}
-
-	return yamlObjs, errs
-}
-
-func readJsonFile(jsonFile []byte) ([]workloadinterface.IMetadata, []error) {
-	workloads := []workloadinterface.IMetadata{}
-	var jsonObj interface{}
-	if err := json.Unmarshal(jsonFile, &jsonObj); err != nil {
-		return workloads, []error{err}
-	}
-
-	convertJsonToWorkload(jsonObj, &workloads)
-
-	return workloads, nil
-}
-func convertJsonToWorkload(jsonObj interface{}, workloads *[]workloadinterface.IMetadata) {
-
-	switch x := jsonObj.(type) {
-	case map[string]interface{}:
-		if o := objectsenvelopes.NewObject(x); o != nil {
-			(*workloads) = append(*workloads, o)
-		}
-	case []interface{}:
-		for i := range x {
-			convertJsonToWorkload(x[i], workloads)
-		}
-	}
-}
-func convertYamlToJson(i interface{}) interface{} {
-	switch x := i.(type) {
-	case map[interface{}]interface{}:
-		m2 := map[string]interface{}{}
-		for k, v := range x {
-			if s, ok := k.(string); ok {
-				m2[s] = convertYamlToJson(v)
-			}
-		}
-		return m2
-	case []interface{}:
-		for i, v := range x {
-			x[i] = convertYamlToJson(v)
-		}
-	}
-	return i
-}
-
-func IsYaml(filePath string) bool {
-	return StringInSlice(YAML_PREFIX, filepath.Ext(filePath)) != ValueNotFound
-}
-
-func IsJson(filePath string) bool {
-	return StringInSlice(JSON_PREFIX, filepath.Ext(filePath)) != ValueNotFound
-}
-
-func glob(root, pattern string) ([]string, error) {
-	var matches []string
-
-	err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		if info.IsDir() {
-			return nil
-		}
-		if matched, err := filepath.Match(pattern, filepath.Base(path)); err != nil {
-			return err
-		} else if matched {
-			matches = append(matches, path)
-		}
-		return nil
-	})
-	if err != nil {
-		return nil, err
-	}
-	return matches, nil
-}
-func IsFile(name string) bool {
-	if fi, err := os.Stat(name); err == nil {
-		if fi.Mode().IsRegular() {
-			return true
-		}
-	}
-	return false
-}
-
-func GetFileFormat(filePath string) FileFormat {
-	if IsYaml(filePath) {
-		return YAML_FILE_FORMAT
-	} else if IsJson(filePath) {
-		return JSON_FILE_FORMAT
-	} else {
-		return FileFormat(filePath)
-	}
-}
-
-// handleListObject handle a List manifest
-func handleListObject(obj workloadinterface.IMetadata) []workloadinterface.IMetadata {
-	yamlObjs := []workloadinterface.IMetadata{}
-	if i, ok := workloadinterface.InspectMap(obj.GetObject(), "items"); ok && i != nil {
-		if items, ok := i.([]interface{}); ok && items != nil {
-			for item := range items {
-				if m, ok := items[item].(map[string]interface{}); ok && m != nil {
-					if o := objectsenvelopes.NewObject(m); o != nil {
-						yamlObjs = append(yamlObjs, o)
-					}
-				}
-			}
-		}
-	}
-	return yamlObjs
-}
--- a/cautils/fileutils_test.go
+++ b/cautils/fileutils_test.go
@@ -1,50 +0,0 @@
-package cautils
-
-import (
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func onlineBoutiquePath() string {
-	o, _ := os.Getwd()
-	return filepath.Join(filepath.Dir(o), "examples/online-boutique/*")
-}
-
-func TestListFiles(t *testing.T) {
-
-	filesPath := onlineBoutiquePath()
-
-	files, errs := listFiles([]string{filesPath})
-	assert.Equal(t, 0, len(errs))
-	assert.Equal(t, 12, len(files))
-}
-
-func TestLoadFiles(t *testing.T) {
-	files, _ := listFiles([]string{onlineBoutiquePath()})
-	_, err := loadFiles(files)
-	assert.Equal(t, 0, len(err))
-}
-
-func TestLoadFile(t *testing.T) {
-	files, _ := listFiles([]string{strings.Replace(onlineBoutiquePath(), "*", "adservice.yaml", 1)})
-	assert.Equal(t, 1, len(files))
-
-	_, err := loadFile(files[0])
-	assert.NoError(t, err)
-}
-func TestMapResources(t *testing.T) {
-	// policyHandler := &PolicyHandler{}
-	// k8sResources, err := policyHandler.loadResources(opaSessionObj.Frameworks, scanInfo)
-	// files, _ := listFiles([]string{onlineBoutiquePath()})
-	// bb, err := loadFile(files[0])
-	// if len(err) > 0 {
-	// 	t.Errorf("%v", err)
-	// }
-	// for i := range bb {
-	// 	t.Errorf("%s", bb[i].ToString())
-	// }
-}
--- a/cautils/logger/methods.go
+++ b/cautils/logger/methods.go
@@ -1,51 +0,0 @@
-package logger
-
-import (
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/cautils/logger/prettylogger"
-	"github.com/armosec/kubescape/cautils/logger/zaplogger"
-	"github.com/mattn/go-isatty"
-)
-
-type ILogger interface {
-	Fatal(msg string, details ...helpers.IDetails) // print log and exit 1
-	Error(msg string, details ...helpers.IDetails)
-	Success(msg string, details ...helpers.IDetails)
-	Warning(msg string, details ...helpers.IDetails)
-	Info(msg string, details ...helpers.IDetails)
-	Debug(msg string, details ...helpers.IDetails)
-
-	SetLevel(level string) error
-	GetLevel() string
-
-	SetWriter(w *os.File)
-	GetWriter() *os.File
-}
-
-var l ILogger
-
-func L() ILogger {
-	if l == nil {
-		InitializeLogger("")
-	}
-	return l
-}
-
-func InitializeLogger(loggerName string) {
-
-	switch strings.ToLower(loggerName) {
-	case "zap":
-		l = zaplogger.NewZapLogger()
-	case "pretty":
-		l = prettylogger.NewPrettyLogger()
-	default:
-		if isatty.IsTerminal(os.Stdout.Fd()) {
-			l = prettylogger.NewPrettyLogger()
-		} else {
-			l = zaplogger.NewZapLogger()
-		}
-	}
-}
--- a/cautils/scaninfo.go
+++ b/cautils/scaninfo.go
@@ -1,194 +0,0 @@
-package cautils
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/opa-utils/reporthandling"
-)
-
-const (
-	ScanCluster                string = "cluster"
-	ScanLocalFiles             string = "yaml"
-	localControlInputsFilename string = "controls-inputs.json"
-	localExceptionsFilename    string = "exceptions.json"
-)
-
-type BoolPtrFlag struct {
-	valPtr *bool
-}
-
-func (bpf *BoolPtrFlag) Type() string {
-	return "bool"
-}
-
-func (bpf *BoolPtrFlag) String() string {
-	if bpf.valPtr != nil {
-		return fmt.Sprintf("%v", *bpf.valPtr)
-	}
-	return ""
-}
-func (bpf *BoolPtrFlag) Get() *bool {
-	return bpf.valPtr
-}
-
-func (bpf *BoolPtrFlag) SetBool(val bool) {
-	bpf.valPtr = &val
-}
-
-func (bpf *BoolPtrFlag) Set(val string) error {
-	switch val {
-	case "true":
-		bpf.SetBool(true)
-	case "false":
-		bpf.SetBool(false)
-	}
-	return nil
-}
-
-type RootInfo struct {
-	Logger   string // logger level
-	CacheDir string // cached dir
-}
-type ScanInfo struct {
-	Getters
-	PolicyIdentifier   []reporthandling.PolicyIdentifier
-	UseExceptions      string      // Load file with exceptions configuration
-	ControlsInputs     string      // Load file with inputs for controls
-	UseFrom            []string    // Load framework from local file (instead of download). Use when running offline
-	UseDefault         bool        // Load framework from cached file (instead of download). Use when running offline
-	UseArtifactsFrom   string      // Load artifacts from local path. Use when running offline
-	VerboseMode        bool        // Display all of the input resources and not only failed resources
-	Format             string      // Format results (table, json, junit ...)
-	Output             string      // Store results in an output file, Output file name
-	FormatVersion      string      // Output object can be differnet between versions, this is for testing and backward compatibility
-	ExcludedNamespaces string      // used for host sensor namespace
-	IncludeNamespaces  string      // DEPRECATED?
-	InputPatterns      []string    // Yaml files input patterns
-	Silent             bool        // Silent mode - Do not print progress logs
-	FailThreshold      float32     // Failure score threshold
-	Submit             bool        // Submit results to Armo BE
-	HostSensorEnabled  BoolPtrFlag // Deploy ARMO K8s host sensor to collect data from certain controls
-	HostSensorYamlPath string      // Path to hostsensor file
-	Local              bool        // Do not submit results
-	Account            string      // account ID
-	KubeContext        string      // context name
-	FrameworkScan      bool        // false if scanning control
-	ScanAll            bool        // true if scan all frameworks
-}
-
-type Getters struct {
-	ExceptionsGetter     getter.IExceptionsGetter
-	ControlsInputsGetter getter.IControlsInputsGetter
-	PolicyGetter         getter.IPolicyGetter
-}
-
-func (scanInfo *ScanInfo) Init() {
-	scanInfo.setUseFrom()
-	scanInfo.setOutputFile()
-	scanInfo.setUseArtifactsFrom()
-}
-
-func (scanInfo *ScanInfo) setUseArtifactsFrom() {
-	if scanInfo.UseArtifactsFrom == "" {
-		return
-	}
-	// UseArtifactsFrom must be a path without a filename
-	dir, file := filepath.Split(scanInfo.UseArtifactsFrom)
-	if dir == "" {
-		scanInfo.UseArtifactsFrom = file
-	} else if strings.Contains(file, ".json") {
-		scanInfo.UseArtifactsFrom = dir
-	}
-	// set frameworks files
-	files, err := ioutil.ReadDir(scanInfo.UseArtifactsFrom)
-	if err != nil {
-		logger.L().Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
-	}
-	framework := &reporthandling.Framework{}
-	for _, f := range files {
-		filePath := filepath.Join(scanInfo.UseArtifactsFrom, f.Name())
-		file, err := os.ReadFile(filePath)
-		if err == nil {
-			if err := json.Unmarshal(file, framework); err == nil {
-				scanInfo.UseFrom = append(scanInfo.UseFrom, filepath.Join(scanInfo.UseArtifactsFrom, f.Name()))
-			}
-		}
-	}
-	// set config-inputs file
-	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
-	// set exceptions
-	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
-}
-
-func (scanInfo *ScanInfo) setUseExceptions() {
-	if scanInfo.UseExceptions != "" {
-		// load exceptions from file
-		scanInfo.ExceptionsGetter = getter.NewLoadPolicy([]string{scanInfo.UseExceptions})
-	} else {
-		scanInfo.ExceptionsGetter = getter.GetArmoAPIConnector()
-	}
-}
-
-func (scanInfo *ScanInfo) setUseFrom() {
-	if scanInfo.UseDefault {
-		for _, policy := range scanInfo.PolicyIdentifier {
-			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) setOutputFile() {
-	if scanInfo.Output == "" {
-		return
-	}
-	if scanInfo.Format == "json" {
-		if filepath.Ext(scanInfo.Output) != ".json" {
-			scanInfo.Output += ".json"
-		}
-	}
-	if scanInfo.Format == "junit" {
-		if filepath.Ext(scanInfo.Output) != ".xml" {
-			scanInfo.Output += ".xml"
-		}
-	}
-	if scanInfo.Format == "pdf" {
-		if filepath.Ext(scanInfo.Output) != ".pdf" {
-			scanInfo.Output += ".pdf"
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) GetScanningEnvironment() string {
-	if len(scanInfo.InputPatterns) != 0 {
-		return ScanLocalFiles
-	}
-	return ScanCluster
-}
-
-func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind reporthandling.NotificationPolicyKind) {
-	for _, policy := range policies {
-		if !scanInfo.contains(policy) {
-			newPolicy := reporthandling.PolicyIdentifier{}
-			newPolicy.Kind = kind // reporthandling.KindFramework
-			newPolicy.Name = policy
-			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) contains(policyName string) bool {
-	for _, policy := range scanInfo.PolicyIdentifier {
-		if policy.Name == policyName {
-			return true
-		}
-	}
-	return false
-}
--- a/clihandler/cliconfigdelete.go
+++ b/clihandler/cliconfigdelete.go
@@ -1,7 +0,0 @@
-package clihandler
-
-func CliDelete() error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	return tenant.DeleteCachedConfig()
-}
--- a/clihandler/cliobjects/listpolicies.go
+++ b/clihandler/cliobjects/listpolicies.go
@@ -1,8 +0,0 @@
-package cliobjects
-
-type ListPolicies struct {
-	Target  string
-	ListIDs bool
-	Account string
-	Format  string
-}
--- a/clihandler/cliobjects/set.go
+++ b/clihandler/cliobjects/set.go
@@ -1,7 +0,0 @@
-package cliobjects
-
-type SetConfig struct {
-	Account   string
-	ClientID  string
-	SecretKey string
-}
--- a/clihandler/cliobjects/submit.go
+++ b/clihandler/cliobjects/submit.go
@@ -1,9 +0,0 @@
-package cliobjects
-
-type Submit struct {
-	Account string
-}
-
-type Delete struct {
-	Account string
-}
--- a/clihandler/cliset.go
+++ b/clihandler/cliset.go
@@ -1,22 +0,0 @@
-package clihandler
-
-import (
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-)
-
-func CliSetConfig(setConfig *cliobjects.SetConfig) error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi())
-
-	if setConfig.Account != "" {
-		tenant.GetConfigObj().AccountID = setConfig.Account
-	}
-	if setConfig.SecretKey != "" {
-		tenant.GetConfigObj().SecretKey = setConfig.SecretKey
-	}
-	if setConfig.ClientID != "" {
-		tenant.GetConfigObj().ClientID = setConfig.ClientID
-	}
-
-	return tenant.UpdateCachedConfig()
-}
--- a/clihandler/cliview.go
+++ b/clihandler/cliview.go
@@ -1,12 +0,0 @@
-package clihandler
-
-import (
-	"fmt"
-	"os"
-)
-
-func CliView() error {
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	fmt.Fprintf(os.Stderr, "%s\n", tenant.GetConfigObj().Config())
-	return nil
-}
--- a/clihandler/cmd/cluster.go
+++ b/clihandler/cmd/cluster.go
@@ -1,19 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-// clusterCmd represents the cluster command
-var clusterCmd = &cobra.Command{
-	Use:        "cluster",
-	Short:      "Set configuration for cluster",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-func init() {
-	configCmd.AddCommand(clusterCmd)
-}
--- a/clihandler/cmd/cluster_get.go
+++ b/clihandler/cmd/cluster_get.go
@@ -1,50 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/spf13/cobra"
-)
-
-var getCmd = &cobra.Command{
-	Use:        "get <key>",
-	Short:      "Get configuration in cluster",
-	Long:       ``,
-	Deprecated: "use the 'view' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-
-		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
-		val, err := clusterConfig.GetValueByKeyFromConfigMap(key)
-		if err != nil {
-			if err.Error() == "value does not exist." {
-				return fmt.Errorf("failed to get value from configmap, reason: %s", err.Error())
-			}
-			return err
-		}
-		logger.L().Info(key + "=" + val)
-		return nil
-	},
-}
-
-func init() {
-	clusterCmd.AddCommand(getCmd)
-}
--- a/clihandler/cmd/cluster_set.go
+++ b/clihandler/cmd/cluster_set.go
@@ -1,46 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/spf13/cobra"
-)
-
-var setClusterCmd = &cobra.Command{
-	Use:        "set <key>=<value>",
-	Short:      "Set configuration in cluster",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 2 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-		data := keyValue[1]
-
-		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
-		if err := clusterConfig.SetKeyValueInConfigmap(key, data); err != nil {
-			return err
-		}
-		logger.L().Info("value added successfully.")
-		return nil
-	},
-}
-
-func init() {
-	clusterCmd.AddCommand(setClusterCmd)
-}
--- a/clihandler/cmd/completion.go
+++ b/clihandler/cmd/completion.go
@@ -1,45 +0,0 @@
-package cmd
-
-import (
-	"os"
-	"strings"
-
-	"github.com/spf13/cobra"
-)
-
-var completionCmdExamples = `
-
-  # Enable BASH shell autocompletion 
-  $ source <(kubescape completion bash) 
-  $ echo 'source <(kubescape completion bash)' >> ~/.bashrc
-
-  # Enable ZSH shell autocompletion 
-  $ source <(kubectl completion zsh)
-  $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl"
-
-`
-var completionCmd = &cobra.Command{
-	Use:                   "completion [bash|zsh|fish|powershell]",
-	Short:                 "Generate autocompletion script",
-	Long:                  "To load completions",
-	Example:               completionCmdExamples,
-	DisableFlagsInUseLine: true,
-	ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
-	Args:                  cobra.ExactValidArgs(1),
-	Run: func(cmd *cobra.Command, args []string) {
-		switch strings.ToLower(args[0]) {
-		case "bash":
-			cmd.Root().GenBashCompletion(os.Stdout)
-		case "zsh":
-			cmd.Root().GenZshCompletion(os.Stdout)
-		case "fish":
-			cmd.Root().GenFishCompletion(os.Stdout, true)
-		case "powershell":
-			cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
-		}
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(completionCmd)
-}
--- a/clihandler/cmd/config.go
+++ b/clihandler/cmd/config.go
@@ -1,124 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var (
-	configExample = `
-  # View cached configurations 
-  kubescape config view
-
-  # Delete cached configurations
-  kubescape config delete
-
-  # Set cached configurations
-  kubescape config set --help
-`
-	setConfigExample = `
-  # Set account id
-  kubescape config set accountID <account id>
-
-  # Set client id
-  kubescape config set clientID <client id> 
-
-  # Set access key
-  kubescape config set secretKey <access key>
-`
-)
-
-// configCmd represents the config command
-var configCmd = &cobra.Command{
-	Use:     "config",
-	Short:   "handle cached configurations",
-	Example: configExample,
-}
-
-var setConfig = cliobjects.SetConfig{}
-
-// configCmd represents the config command
-var configSetCmd = &cobra.Command{
-	Use:       "set",
-	Short:     fmt.Sprintf("Set configurations, supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/")),
-	Example:   setConfigExample,
-	ValidArgs: stringKeysToSlice(supportConfigSet),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if err := parseSetArgs(args); err != nil {
-			return err
-		}
-		if err := clihandler.CliSetConfig(&setConfig); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-var supportConfigSet = map[string]func(*cliobjects.SetConfig, string){
-	"accountID": func(s *cliobjects.SetConfig, account string) { s.Account = account },
-	"clientID":  func(s *cliobjects.SetConfig, clientID string) { s.ClientID = clientID },
-	"secretKey": func(s *cliobjects.SetConfig, secretKey string) { s.SecretKey = secretKey },
-}
-
-func stringKeysToSlice(m map[string]func(*cliobjects.SetConfig, string)) []string {
-	l := []string{}
-	for i := range m {
-		l = append(l, i)
-	}
-	return l
-}
-
-func parseSetArgs(args []string) error {
-	var key string
-	var value string
-	if len(args) == 1 {
-		if keyValue := strings.Split(args[0], "="); len(keyValue) == 2 {
-			key = keyValue[0]
-			value = keyValue[1]
-		}
-	} else if len(args) == 2 {
-		key = args[0]
-		value = args[1]
-	}
-	if setConfigFunc, ok := supportConfigSet[key]; ok {
-		setConfigFunc(&setConfig, value)
-	} else {
-		return fmt.Errorf("key '%s' unknown . supported: %s", key, strings.Join(stringKeysToSlice(supportConfigSet), "/"))
-	}
-	return nil
-}
-
-var configDeleteCmd = &cobra.Command{
-	Use:   "delete",
-	Short: "Delete cached configurations",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.CliDelete(); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-// configCmd represents the config command
-var configViewCmd = &cobra.Command{
-	Use:   "view",
-	Short: "View cached configurations",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.CliView(); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(configCmd)
-	configCmd.AddCommand(configSetCmd)
-	configCmd.AddCommand(configDeleteCmd)
-	configCmd.AddCommand(configViewCmd)
-}
--- a/clihandler/cmd/control.go
+++ b/clihandler/cmd/control.go
@@ -1,122 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/spf13/cobra"
-)
-
-var (
-	controlExample = `
-  # Scan the 'privileged container' control
-  kubescape scan control "privileged container"
-	
-  # Scan list of controls separated with a comma
-  kubescape scan control "privileged container","allowed hostpath"
-  
-  # Scan list of controls using the control ID separated with a comma
-  kubescape scan control C-0058,C-0057
-  
-  Run 'kubescape list controls' for the list of supported controls
-  
-  Control documentation:
-  https://hub.armo.cloud/docs/controls
-`
-)
-
-// controlCmd represents the control command
-var controlCmd = &cobra.Command{
-	Use:     "control <control names list>/<control ids list>",
-	Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
-	Example: controlExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			controls := strings.Split(args[0], ",")
-			if len(controls) > 1 {
-				for _, control := range controls {
-					if control == "" {
-						return fmt.Errorf("usage: <control-0>,<control-1>")
-					}
-				}
-			}
-		} else {
-			return fmt.Errorf("requires at least one control name")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		flagValidationControl()
-		scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
-
-		if len(args) == 0 {
-			scanInfo.ScanAll = true
-		} else { // expected control or list of control sepparated by ","
-
-			// Read controls from input args
-			scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), reporthandling.KindControl)
-
-			if len(args) > 1 {
-				if len(args[1:]) == 0 || args[1] != "-" {
-					scanInfo.InputPatterns = args[1:]
-				} else { // store stdin to file - do NOT move to separate function !!
-					tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
-					if err != nil {
-						return err
-					}
-					defer os.Remove(tempFile.Name())
-
-					if _, err := io.Copy(tempFile, os.Stdin); err != nil {
-						return err
-					}
-					scanInfo.InputPatterns = []string{tempFile.Name()}
-				}
-			}
-		}
-
-		scanInfo.FrameworkScan = false
-		scanInfo.Init()
-		cautils.SetSilentMode(scanInfo.Silent)
-		err := clihandler.ScanCliSetup(&scanInfo)
-		if err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	scanInfo = cautils.ScanInfo{}
-	scanCmd.AddCommand(controlCmd)
-}
-
-func flagValidationControl() {
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
-	}
-}
-
-func setScanForFirstControl(controls []string) []reporthandling.PolicyIdentifier {
-	newPolicy := reporthandling.PolicyIdentifier{}
-	newPolicy.Kind = reporthandling.KindControl
-	newPolicy.Name = controls[0]
-	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-	return scanInfo.PolicyIdentifier
-}
-
-func SetScanForGivenControls(controls []string) []reporthandling.PolicyIdentifier {
-	for _, control := range controls {
-		control := strings.TrimLeft(control, " ")
-		newPolicy := reporthandling.PolicyIdentifier{}
-		newPolicy.Kind = reporthandling.KindControl
-		newPolicy.Name = control
-		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-	}
-	return scanInfo.PolicyIdentifier
-}
--- a/clihandler/cmd/delete.go
+++ b/clihandler/cmd/delete.go
@@ -1,57 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var deleteInfo cliobjects.Delete
-
-var deleteExceptionsExamples = `
-  # Delete single exception
-  kubescape delete exceptions "exception name"
-
-  # Delete multiple exceptions
-  kubescape delete exceptions "first exception;second exception;third exception"
-`
-
-var deleteCmd = &cobra.Command{
-	Use:   "delete <command>",
-	Short: "Delete configurations in Kubescape SaaS version",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var deleteExceptionsCmd = &cobra.Command{
-	Use:     "exceptions <exception name>",
-	Short:   "Delete exceptions from Kubescape SaaS version. Run 'kubescape list exceptions' for all exceptions names",
-	Example: deleteExceptionsExamples,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) != 1 {
-			return fmt.Errorf("missing exceptions names")
-		}
-		return nil
-	},
-	Run: func(cmd *cobra.Command, args []string) {
-		exceptionsNames := strings.Split(args[0], ";")
-		if len(exceptionsNames) == 0 {
-			logger.L().Fatal("missing exceptions names")
-		}
-		if err := clihandler.DeleteExceptions(deleteInfo.Account, exceptionsNames); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-func init() {
-	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	rootCmd.AddCommand(deleteCmd)
-
-	deleteCmd.AddCommand(deleteExceptionsCmd)
-}
--- a/clihandler/cmd/download.go
+++ b/clihandler/cmd/download.go
@@ -1,81 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/spf13/cobra"
-)
-
-var downloadInfo = cautils.DownloadInfo{}
-
-var (
-	downloadExample = `
-  # Download all artifacts and save them in the default path (~/.kubescape)
-  kubescape download artifacts
-  
-  # Download all artifacts and save them in /tmp path
-  kubescape download artifacts --output /tmp
-  
-  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
-  kubescape download framework nsa
-
-  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
-  kubescape download control "Allowed hostPath"
-
-  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
-  kubescape download control C-0001
-
-  # Download the configured exceptions
-  kubescape download exceptions 
-
-  # Download the configured controls-inputs 
-  kubescape download controls-inputs 
-
-`
-)
-var downloadCmd = &cobra.Command{
-	Use:     "download <policy> <policy name>",
-	Short:   fmt.Sprintf("Download %s", strings.Join(clihandler.DownloadSupportCommands(), ",")),
-	Long:    ``,
-	Example: downloadExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		supported := strings.Join(clihandler.DownloadSupportCommands(), ",")
-		if len(args) < 1 {
-			return fmt.Errorf("policy type required, supported: %v", supported)
-		}
-		if cautils.StringInSlice(clihandler.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
-			return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		downloadInfo.Target = args[0]
-		if len(args) >= 2 {
-			downloadInfo.Name = args[1]
-		}
-		if err := clihandler.CliDownload(&downloadInfo); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	cobra.OnInitialize(initDownload)
-
-	rootCmd.AddCommand(downloadCmd)
-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")
-
-}
-
-func initDownload() {
-	if filepath.Ext(downloadInfo.Path) == ".json" {
-		downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
-	}
-}
--- a/clihandler/cmd/framework.go
+++ b/clihandler/cmd/framework.go
@@ -1,121 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/spf13/cobra"
-)
-
-var (
-	frameworkExample = `
-  # Scan all frameworks and submit the results
-  kubescape scan framework all --submit
-  
-  # Scan the NSA framework
-  kubescape scan framework nsa
-  
-  # Scan the NSA and MITRE framework
-  kubescape scan framework nsa,mitre
-  
-  # Scan all frameworks
-  kubescape scan framework all
-
-  # Scan kubernetes YAML manifest files
-  kubescape scan framework nsa *.yaml
-
-  Run 'kubescape list frameworks' for the list of supported frameworks
-`
-)
-var frameworkCmd = &cobra.Command{
-	Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
-	Short:   "The framework you wish to use. Run 'kubescape list frameworks' for the list of supported frameworks",
-	Example: frameworkExample,
-	Long:    "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			frameworks := strings.Split(args[0], ",")
-			if len(frameworks) > 1 {
-				for _, framework := range frameworks {
-					if framework == "" {
-						return fmt.Errorf("usage: <framework-0>,<framework-1>")
-					}
-				}
-			}
-		} else {
-			return fmt.Errorf("requires at least one framework name")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		flagValidationFramework()
-		var frameworks []string
-
-		if len(args) == 0 { // scan all frameworks
-			scanInfo.ScanAll = true
-		} else {
-			// Read frameworks from input args
-			frameworks = strings.Split(args[0], ",")
-			if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
-				scanInfo.ScanAll = true
-				frameworks = []string{}
-			}
-			if len(args) > 1 {
-				if len(args[1:]) == 0 || args[1] != "-" {
-					scanInfo.InputPatterns = args[1:]
-				} else { // store stdin to file - do NOT move to separate function !!
-					tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
-					if err != nil {
-						return err
-					}
-					defer os.Remove(tempFile.Name())
-
-					if _, err := io.Copy(tempFile, os.Stdin); err != nil {
-						return err
-					}
-					scanInfo.InputPatterns = []string{tempFile.Name()}
-				}
-			}
-		}
-		scanInfo.FrameworkScan = true
-
-		scanInfo.SetPolicyIdentifiers(frameworks, reporthandling.KindFramework)
-
-		scanInfo.Init()
-		cautils.SetSilentMode(scanInfo.Silent)
-		err := clihandler.ScanCliSetup(&scanInfo)
-		if err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	scanCmd.AddCommand(frameworkCmd)
-	scanInfo = cautils.ScanInfo{}
-	scanInfo.FrameworkScan = true
-}
-
-// func SetScanForFirstFramework(frameworks []string) []reporthandling.PolicyIdentifier {
-// 	newPolicy := reporthandling.PolicyIdentifier{}
-// 	newPolicy.Kind = reporthandling.KindFramework
-// 	newPolicy.Name = frameworks[0]
-// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	return scanInfo.PolicyIdentifier
-// }
-
-func flagValidationFramework() {
-	if scanInfo.Submit && scanInfo.Local {
-		logger.L().Fatal("you can use `keep-local` or `submit`, but not both")
-	}
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
-	}
-}
--- a/clihandler/cmd/list.go
+++ b/clihandler/cmd/list.go
@@ -1,67 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var (
-	listExample = `
-  # List default supported frameworks names
-  kubescape list frameworks
-  
-  # List all supported frameworks names
-  kubescape list frameworks --account <account id>
-	
-  # List all supported controls names
-  kubescape list controls
-
-  # List all supported controls ids
-  kubescape list controls --id 
-  
-  Control documentation:
-  https://hub.armo.cloud/docs/controls
-`
-)
-var listPolicies = cliobjects.ListPolicies{}
-
-var listCmd = &cobra.Command{
-	Use:     "list <policy> [flags]",
-	Short:   "List frameworks/controls will list the supported frameworks and controls",
-	Long:    ``,
-	Example: listExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		supported := strings.Join(clihandler.ListSupportCommands(), ",")
-
-		if len(args) < 1 {
-			return fmt.Errorf("policy type requeued, supported: %s", supported)
-		}
-		if cautils.StringInSlice(clihandler.ListSupportCommands(), args[0]) == cautils.ValueNotFound {
-			return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		listPolicies.Target = args[0]
-
-		if err := clihandler.CliList(&listPolicies); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	// cobra.OnInitialize(initConfig)
-
-	rootCmd.AddCommand(listCmd)
-	listCmd.PersistentFlags().StringVar(&listPolicies.Account, "account", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-printer'/'json'")
-	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")
-}
--- a/clihandler/cmd/local.go
+++ b/clihandler/cmd/local.go
@@ -1,18 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-var localCmd = &cobra.Command{
-	Use:        "local",
-	Short:      "Set configuration locally (for config.json)",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-func init() {
-	configCmd.AddCommand(localCmd)
-}
--- a/clihandler/cmd/local_get.go
+++ b/clihandler/cmd/local_get.go
@@ -1,45 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var localGetCmd = &cobra.Command{
-	Use:        "get <key>",
-	Short:      "Get configuration locally",
-	Long:       ``,
-	Deprecated: "use the 'view' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-
-		val, err := cautils.GetValueFromConfigJson(key)
-		if err != nil {
-			if err.Error() == "value does not exist." {
-				return fmt.Errorf("failed to get value from: %s, reason: %s", cautils.ConfigFileFullPath(), err.Error())
-			}
-			return err
-		}
-		fmt.Println(key + "=" + val)
-		return nil
-	},
-}
-
-func init() {
-	localCmd.AddCommand(localGetCmd)
-}
--- a/clihandler/cmd/local_set.go
+++ b/clihandler/cmd/local_set.go
@@ -1,41 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var localSetCmd = &cobra.Command{
-	Use:        "set <key>=<value>",
-	Short:      "Set configuration locally",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 2 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-		data := keyValue[1]
-
-		if err := cautils.SetKeyValueInConfigJson(key, data); err != nil {
-			return err
-		}
-		fmt.Println("Value added successfully.")
-		return nil
-	},
-}
-
-func init() {
-	localCmd.AddCommand(localSetCmd)
-}
--- a/clihandler/cmd/rbac.go
+++ b/clihandler/cmd/rbac.go
@@ -1,66 +0,0 @@
-package cmd
-
-import (
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	"github.com/armosec/rbac-utils/rbacscanner"
-	"github.com/spf13/cobra"
-)
-
-// rabcCmd represents the RBAC command
-var rabcCmd = &cobra.Command{
-	Use:   "rbac \nExample:\n$ kubescape submit rbac",
-	Short: "Submit cluster's Role-Based Access Control(RBAC)",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		k8s := k8sinterface.NewKubernetesApi()
-
-		// get config
-		clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
-		if err := clusterConfig.SetTenant(); err != nil {
-			logger.L().Error("failed setting account ID", helpers.Error(err))
-		}
-
-		// list RBAC
-		rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetClusterName()))
-
-		// submit resources
-		r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
-
-		submitInterfaces := cliinterfaces.SubmitInterfaces{
-			ClusterConfig: clusterConfig,
-			SubmitObjects: rbacObjects,
-			Reporter:      r,
-		}
-
-		if err := clihandler.Submit(submitInterfaces); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	submitCmd.AddCommand(rabcCmd)
-}
-
-// getKubernetesApi
-func getKubernetesApi() *k8sinterface.KubernetesApi {
-	if !k8sinterface.IsConnectedToCluster() {
-		return nil
-	}
-	return k8sinterface.NewKubernetesApi()
-}
-func getTenantConfig(Account, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
-	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
-		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), Account, clusterName)
-	}
-	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), Account, clusterName)
-}
--- a/clihandler/cmd/results.go
+++ b/clihandler/cmd/results.go
@@ -1,118 +0,0 @@
-package cmd
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/google/uuid"
-	"github.com/spf13/cobra"
-)
-
-var formatVersion string
-
-type ResultsObject struct {
-	filePath     string
-	customerGUID string
-	clusterName  string
-}
-
-func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
-	return &ResultsObject{
-		filePath:     filePath,
-		customerGUID: customerGUID,
-		clusterName:  clusterName,
-	}
-}
-
-func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandling.PostureReport, error) {
-	// load framework results from json file
-	frameworkReports, err := loadResultsFromFile(resultsObject.filePath)
-	if err != nil {
-		return nil, err
-	}
-	return &reporthandling.PostureReport{
-		FrameworkReports:     frameworkReports,
-		ReportID:             uuid.NewString(),
-		ReportGenerationTime: time.Now().UTC(),
-		CustomerGUID:         resultsObject.customerGUID,
-		ClusterName:          resultsObject.clusterName,
-	}, nil
-}
-
-func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
-	return map[string]workloadinterface.IMetadata{}, nil
-}
-
-var resultsCmd = &cobra.Command{
-	Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json --format-version v2",
-	Short: "Submit a pre scanned results file. The file must be in json format",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if len(args) == 0 {
-			return fmt.Errorf("missing results file")
-		}
-
-		k8s := getKubernetesApi()
-
-		// get config
-		clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
-		if err := clusterConfig.SetTenant(); err != nil {
-			logger.L().Error("failed setting account ID", helpers.Error(err))
-		}
-
-		resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetClusterName(), args[0])
-
-		// submit resources
-		var r reporter.IReport
-		switch formatVersion {
-		case "v2":
-			r = reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj())
-		default:
-			logger.L().Warning("Deprecated results version. run with '--format-version' flag", helpers.String("your version", formatVersion), helpers.String("latest version", "v2"))
-			r = reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
-		}
-
-		submitInterfaces := cliinterfaces.SubmitInterfaces{
-			ClusterConfig: clusterConfig,
-			SubmitObjects: resultsObjects,
-			Reporter:      r,
-		}
-
-		if err := clihandler.Submit(submitInterfaces); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	submitCmd.AddCommand(resultsCmd)
-	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
-}
-
-func loadResultsFromFile(filePath string) ([]reporthandling.FrameworkReport, error) {
-	frameworkReports := []reporthandling.FrameworkReport{}
-	f, err := os.ReadFile(filePath)
-	if err != nil {
-		return nil, err
-	}
-	if err = json.Unmarshal(f, &frameworkReports); err != nil {
-		frameworkReport := reporthandling.FrameworkReport{}
-		if err = json.Unmarshal(f, &frameworkReport); err != nil {
-			return frameworkReports, err
-		}
-		frameworkReports = append(frameworkReports, frameworkReport)
-	}
-	return frameworkReports, nil
-}
--- a/clihandler/cmd/root.go
+++ b/clihandler/cmd/root.go
@@ -1,119 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/spf13/cobra"
-)
-
-var armoBEURLs = ""
-var armoBEURLsDep = ""
-var rootInfo cautils.RootInfo
-
-const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
-
-var ksExamples = `
-  # Scan command
-  kubescape scan --submit
-
-  # List supported frameworks
-  kubescape list frameworks
-
-  # Download artifacts (air-gapped environment support)
-  kubescape download artifacts
-
-  # View cached configurations
-  kubescape config view
-`
-
-var rootCmd = &cobra.Command{
-	Use:     "kubescape",
-	Version: cautils.BuildNumber,
-	Short:   "Kubescape is a tool for testing Kubernetes security posture",
-	Long:    `Based on NSA \ MITRE ATT&CK® and other frameworks specifications`,
-	Example: ksExamples,
-}
-
-func Execute() {
-	rootCmd.Execute()
-}
-
-func init() {
-
-	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
-
-	rootCmd.PersistentFlags().StringVar(&armoBEURLsDep, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().StringVar(&armoBEURLs, "env", "", envFlagUsage)
-	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
-	rootCmd.PersistentFlags().MarkHidden("environment")
-	rootCmd.PersistentFlags().MarkHidden("env")
-
-	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
-	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
-}
-
-func initLogger() {
-	if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
-		logger.InitializeLogger(l)
-	}
-}
-func initLoggerLevel() {
-	if rootInfo.Logger != helpers.InfoLevel.String() {
-	} else if l := os.Getenv("KS_LOGGER"); l != "" {
-		rootInfo.Logger = l
-	}
-	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
-		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
-	}
-}
-
-func initCacheDir() {
-	if rootInfo.CacheDir != getter.DefaultLocalStore {
-		getter.DefaultLocalStore = rootInfo.CacheDir
-	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
-		getter.DefaultLocalStore = cacheDir
-	} else {
-		return // using default cache di location
-	}
-
-	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
-}
-func initEnvironment() {
-	if armoBEURLsDep != "" {
-		armoBEURLs = armoBEURLsDep
-	}
-	urlSlices := strings.Split(armoBEURLs, ",")
-	if len(urlSlices) != 1 && len(urlSlices) < 3 {
-		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
-	}
-	switch len(urlSlices) {
-	case 1:
-		switch urlSlices[0] {
-		case "dev", "development":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
-		case "stage", "staging":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
-		case "":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
-		default:
-			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-		}
-	case 2:
-		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-	case 3, 4:
-		var armoAUTHURL string
-		armoERURL := urlSlices[0] // mandatory
-		armoBEURL := urlSlices[1] // mandatory
-		armoFEURL := urlSlices[2] // mandatory
-		if len(urlSlices) <= 4 {
-			armoAUTHURL = urlSlices[3]
-		}
-		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
-	}
-}
--- a/clihandler/cmd/submit.go
+++ b/clihandler/cmd/submit.go
@@ -1,46 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var submitInfo cliobjects.Submit
-
-var submitCmdExamples = `
-
-`
-var submitCmd = &cobra.Command{
-	Use:   "submit <command>",
-	Short: "Submit an object to the Kubescape SaaS version",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var submitExceptionsCmd = &cobra.Command{
-	Use:   "exceptions <full path to exceptins file>",
-	Short: "Submit exceptions to the Kubescape SaaS version",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) != 1 {
-			return fmt.Errorf("missing full path to exceptions file")
-		}
-		return nil
-	},
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.SubmitExceptions(submitInfo.Account, args[0]); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-func init() {
-	submitCmd.PersistentFlags().StringVarP(&submitInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	rootCmd.AddCommand(submitCmd)
-
-	submitCmd.AddCommand(submitExceptionsCmd)
-}
--- a/clihandler/cmd/version.go
+++ b/clihandler/cmd/version.go
@@ -1,25 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var versionCmd = &cobra.Command{
-	Use:   "version",
-	Short: "Get current version",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		v := cautils.NewIVersionCheckHandler()
-		v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
-		fmt.Fprintln(os.Stdout, "Your current version is: "+cautils.BuildNumber)
-		return nil
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(versionCmd)
-}
--- a/clihandler/initcli.go
+++ b/clihandler/initcli.go
@@ -1,209 +0,0 @@
-package clihandler
-
-import (
-	"fmt"
-	"io/fs"
-	"os"
-
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/resultshandling/printer"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/hostsensorutils"
-	"github.com/armosec/kubescape/opaprocessor"
-	"github.com/armosec/kubescape/policyhandler"
-	"github.com/armosec/kubescape/resourcehandler"
-	"github.com/armosec/kubescape/resultshandling"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/mattn/go-isatty"
-)
-
-type componentInterfaces struct {
-	tenantConfig      cautils.ITenantConfig
-	resourceHandler   resourcehandler.IResourceHandler
-	report            reporter.IReport
-	printerHandler    printer.IPrinter
-	hostSensorHandler hostsensorutils.IHostSensor
-}
-
-func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
-
-	// ================== setup k8s interface object ======================================
-	var k8s *k8sinterface.KubernetesApi
-	if scanInfo.GetScanningEnvironment() == cautils.ScanCluster {
-		k8s = getKubernetesApi()
-		if k8s == nil {
-			logger.L().Fatal("failed connecting to Kubernetes cluster")
-		}
-	}
-
-	// ================== setup tenant object ======================================
-
-	tenantConfig := getTenantConfig(scanInfo.Account, scanInfo.KubeContext, k8s)
-
-	// Set submit behavior AFTER loading tenant config
-	setSubmitBehavior(scanInfo, tenantConfig)
-
-	if scanInfo.Submit {
-		// submit - Create tenant & Submit report
-		if err := tenantConfig.SetTenant(); err != nil {
-			logger.L().Error(err.Error())
-		}
-	}
-
-	// ================== version testing ======================================
-
-	v := cautils.NewIVersionCheckHandler()
-	v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierNames(scanInfo.PolicyIdentifier), "", scanInfo.GetScanningEnvironment()))
-
-	// ================== setup host sensor object ======================================
-
-	hostSensorHandler := getHostSensorHandler(scanInfo, k8s)
-	if err := hostSensorHandler.Init(); err != nil {
-		logger.L().Error("failed to init host sensor", helpers.Error(err))
-		hostSensorHandler = &hostsensorutils.HostSensorHandlerMock{}
-	}
-	// excluding hostsensor namespace
-	if len(scanInfo.IncludeNamespaces) == 0 && hostSensorHandler.GetNamespace() != "" {
-		scanInfo.ExcludedNamespaces = fmt.Sprintf("%s,%s", scanInfo.ExcludedNamespaces, hostSensorHandler.GetNamespace())
-	}
-
-	// ================== setup registry adaptors ======================================
-
-	registryAdaptors, err := resourcehandler.NewRegistryAdaptors()
-	if err != nil {
-		logger.L().Error("failed to initialize registry adaptors", helpers.Error(err))
-	}
-
-	// ================== setup resource collector object ======================================
-
-	resourceHandler := getResourceHandler(scanInfo, tenantConfig, k8s, hostSensorHandler, registryAdaptors)
-
-	// ================== setup reporter & printer objects ======================================
-
-	// reporting behavior - setup reporter
-	reportHandler := getReporter(tenantConfig, scanInfo.Submit, scanInfo.FrameworkScan, len(scanInfo.InputPatterns) == 0)
-
-	// setup printer
-	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.FormatVersion, scanInfo.VerboseMode)
-	printerHandler.SetWriter(scanInfo.Output)
-
-	// ================== return interface ======================================
-
-	return componentInterfaces{
-		tenantConfig:      tenantConfig,
-		resourceHandler:   resourceHandler,
-		report:            reportHandler,
-		printerHandler:    printerHandler,
-		hostSensorHandler: hostSensorHandler,
-	}
-}
-
-func ScanCliSetup(scanInfo *cautils.ScanInfo) error {
-	logger.L().Info("ARMO security scanner starting")
-
-	interfaces := getInterfaces(scanInfo)
-	// setPolicyGetter(scanInfo, interfaces.clusterConfig.GetCustomerGUID())
-
-	processNotification := make(chan *cautils.OPASessionObj)
-	reportResults := make(chan *cautils.OPASessionObj)
-
-	cautils.ClusterName = interfaces.tenantConfig.GetClusterName() // TODO - Deprecated
-	cautils.CustomerGUID = interfaces.tenantConfig.GetAccountID()  // TODO - Deprecated
-	interfaces.report.SetClusterName(interfaces.tenantConfig.GetClusterName())
-	interfaces.report.SetCustomerGUID(interfaces.tenantConfig.GetAccountID())
-
-	downloadReleasedPolicy := getter.NewDownloadReleasedPolicy() // download config inputs from github release
-
-	// set policy getter only after setting the customerGUID
-	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetAccountID(), scanInfo.FrameworkScan, downloadReleasedPolicy)
-	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
-	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(scanInfo.UseExceptions)
-
-	// TODO - list supported frameworks/controls
-	if scanInfo.ScanAll {
-		scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), reporthandling.KindFramework)
-	}
-
-	//
-	defer func() {
-		if err := interfaces.hostSensorHandler.TearDown(); err != nil {
-			logger.L().Error("failed to tear down host sensor", helpers.Error(err))
-		}
-	}()
-
-	// cli handler setup
-	go func() {
-		// policy handler setup
-		policyHandler := policyhandler.NewPolicyHandler(&processNotification, interfaces.resourceHandler)
-
-		if err := Scan(policyHandler, scanInfo); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	}()
-
-	// processor setup - rego run
-	go func() {
-		opaprocessorObj := opaprocessor.NewOPAProcessorHandler(&processNotification, &reportResults)
-		opaprocessorObj.ProcessRulesListenner()
-	}()
-
-	resultsHandling := resultshandling.NewResultsHandler(&reportResults, interfaces.report, interfaces.printerHandler)
-	score := resultsHandling.HandleResults(scanInfo)
-
-	// print report url
-	interfaces.report.DisplayReportURL()
-
-	if score > float32(scanInfo.FailThreshold) {
-		return fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", score, scanInfo.FailThreshold)
-	}
-
-	return nil
-}
-
-func Scan(policyHandler *policyhandler.PolicyHandler, scanInfo *cautils.ScanInfo) error {
-	policyNotification := &reporthandling.PolicyNotification{
-		Rules: scanInfo.PolicyIdentifier,
-		KubescapeNotification: reporthandling.KubescapeNotification{
-			Designators:      armotypes.PortalDesignator{},
-			NotificationType: reporthandling.TypeExecPostureScan,
-		},
-	}
-	switch policyNotification.KubescapeNotification.NotificationType {
-	case reporthandling.TypeExecPostureScan:
-		if err := policyHandler.HandleNotificationRequest(policyNotification, scanInfo); err != nil {
-			return err
-		}
-
-	default:
-		return fmt.Errorf("notification type '%s' Unknown", policyNotification.KubescapeNotification.NotificationType)
-	}
-	return nil
-}
-
-func askUserForHostSensor() bool {
-	return false
-
-	if !isatty.IsTerminal(os.Stdin.Fd()) {
-		return false
-	}
-	if ssss, err := os.Stdin.Stat(); err == nil {
-		// fmt.Printf("Found stdin type: %s\n", ssss.Mode().Type())
-		if ssss.Mode().Type()&(fs.ModeDevice|fs.ModeCharDevice) > 0 { //has TTY
-			fmt.Fprintf(os.Stderr, "Would you like to scan K8s nodes? [y/N]. This is required to collect valuable data for certain controls\n")
-			fmt.Fprintf(os.Stderr, "Use --enable-host-scan flag to suppress this message\n")
-			var b []byte = make([]byte, 1)
-			if n, err := os.Stdin.Read(b); err == nil {
-				if n > 0 && len(b) > 0 && (b[0] == 'y' || b[0] == 'Y') {
-					return true
-				}
-			}
-		}
-	}
-	return false
-}
--- a/cmd/completion/completion.go
+++ b/cmd/completion/completion.go
@@ -0,0 +1,49 @@
+package completion
+
+import (
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+var completionCmdExamples = `
+
+  # Enable BASH shell autocompletion 
+  $ source <(kubescape completion bash) 
+  $ echo 'source <(kubescape completion bash)' >> ~/.bashrc
+
+  # Enable ZSH shell autocompletion 
+  $ source <(kubectl completion zsh)
+  $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl"
+
+`
+
+func GetCompletionCmd() *cobra.Command {
+	completionCmd := &cobra.Command{
+		Use:                   "completion [bash|zsh|fish|powershell]",
+		Short:                 "Generate autocompletion script",
+		Long:                  "To load completions",
+		Example:               completionCmdExamples,
+		DisableFlagsInUseLine: true,
+		ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
+		Args:                  cobra.ExactValidArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			switch strings.ToLower(args[0]) {
+			case "bash":
+				cmd.Root().GenBashCompletion(os.Stdout)
+			case "zsh":
+				cmd.Root().GenZshCompletion(os.Stdout)
+			case "fish":
+				cmd.Root().GenFishCompletion(os.Stdout, true)
+			case "powershell":
+				cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
+			}
+		},
+	}
+	return completionCmd
+}
+
+// func init() {
+// 	rootCmd.AddCommand(completionCmd)
+// }
--- a/cmd/config/config.go
+++ b/cmd/config/config.go
@@ -0,0 +1,45 @@
+package config
+
+import (
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/spf13/cobra"
+)
+
+var (
+	configExample = `
+  # View cached configurations 
+  kubescape config view
+
+  # Delete cached configurations
+  kubescape config delete
+
+  # Set cached configurations
+  kubescape config set --help
+`
+	setConfigExample = `
+  # Set account id
+  kubescape config set accountID <account id>
+
+  # Set client id
+  kubescape config set clientID <client id> 
+
+  # Set access key
+  kubescape config set secretKey <access key>
+`
+)
+
+func GetConfigCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	configCmd := &cobra.Command{
+		Use:     "config",
+		Short:   "Handle cached configurations",
+		Example: configExample,
+	}
+
+	configCmd.AddCommand(getDeleteCmd(ks))
+	configCmd.AddCommand(getSetCmd(ks))
+	configCmd.AddCommand(getViewCmd(ks))
+
+	return configCmd
+}
--- a/cmd/config/delete.go
+++ b/cmd/config/delete.go
@@ -0,0 +1,21 @@
+package config
+
+import (
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	return &cobra.Command{
+		Use:   "delete",
+		Short: "Delete cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.DeleteCachedConfig(&v1.DeleteConfig{}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/config/set.go
+++ b/cmd/config/set.go
@@ -0,0 +1,69 @@
+package config
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getSetCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	configSetCmd := &cobra.Command{
+		Use:       "set",
+		Short:     fmt.Sprintf("Set configurations, supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/")),
+		Example:   setConfigExample,
+		ValidArgs: stringKeysToSlice(supportConfigSet),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			setConfig, err := parseSetArgs(args)
+			if err != nil {
+				return err
+			}
+			if err := ks.SetCachedConfig(setConfig); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	return configSetCmd
+}
+
+var supportConfigSet = map[string]func(*metav1.SetConfig, string){
+	"accountID": func(s *metav1.SetConfig, account string) { s.Account = account },
+	"clientID":  func(s *metav1.SetConfig, clientID string) { s.ClientID = clientID },
+	"secretKey": func(s *metav1.SetConfig, secretKey string) { s.SecretKey = secretKey },
+}
+
+func stringKeysToSlice(m map[string]func(*metav1.SetConfig, string)) []string {
+	l := []string{}
+	for i := range m {
+		l = append(l, i)
+	}
+	return l
+}
+
+func parseSetArgs(args []string) (*metav1.SetConfig, error) {
+	var key string
+	var value string
+	if len(args) == 1 {
+		if keyValue := strings.Split(args[0], "="); len(keyValue) == 2 {
+			key = keyValue[0]
+			value = keyValue[1]
+		}
+	} else if len(args) == 2 {
+		key = args[0]
+		value = args[1]
+	}
+	setConfig := &metav1.SetConfig{}
+
+	if setConfigFunc, ok := supportConfigSet[key]; ok {
+		setConfigFunc(setConfig, value)
+	} else {
+		return setConfig, fmt.Errorf("key '%s' unknown . supported: %s", key, strings.Join(stringKeysToSlice(supportConfigSet), "/"))
+	}
+	return setConfig, nil
+}
--- a/cmd/config/view.go
+++ b/cmd/config/view.go
@@ -0,0 +1,25 @@
+package config
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getViewCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	return &cobra.Command{
+		Use:   "view",
+		Short: "View cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.ViewCachedConfig(&v1.ViewConfig{Writer: os.Stdout}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/delete/delete.go
+++ b/cmd/delete/delete.go
@@ -0,0 +1,34 @@
+package delete
+
+import (
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var deleteExceptionsExamples = `
+  # Delete single exception
+  kubescape delete exceptions "exception name"
+
+  # Delete multiple exceptions
+  kubescape delete exceptions "first exception;second exception;third exception"
+`
+
+func GetDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	var deleteInfo v1.Delete
+
+	var deleteCmd = &cobra.Command{
+		Use:   "delete <command>",
+		Short: "Delete configurations in Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+
+	deleteCmd.AddCommand(getExceptionsCmd(ks, &deleteInfo))
+
+	return deleteCmd
+}
--- a/cmd/delete/exceptions.go
+++ b/cmd/delete/exceptions.go
@@ -0,0 +1,34 @@
+package delete
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command {
+	return &cobra.Command{
+		Use:     "exceptions <exception name>",
+		Short:   "Delete exceptions from Kubescape SaaS version. Run 'kubescape list exceptions' for all exceptions names",
+		Example: deleteExceptionsExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing exceptions names")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			exceptionsNames := strings.Split(args[0], ";")
+			if len(exceptionsNames) == 0 {
+				logger.L().Fatal("missing exceptions names")
+			}
+			if err := ks.DeleteExceptions(&v1.DeleteExceptions{Credentials: deleteInfo.Credentials, Exceptions: exceptionsNames}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -0,0 +1,82 @@
+package download
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var (
+	downloadExample = `
+  # Download all artifacts and save them in the default path (~/.kubescape)
+  kubescape download artifacts
+  download
+  # Download all artifacts and save them in /tmp path
+  kubescape download artifacts --output /tmp
+  
+  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
+  kubescape download framework nsa
+
+  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
+  kubescape download control "Allowed hostPath"
+
+  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
+  kubescape download control C-0001
+
+  # Download the configured exceptions
+  kubescape download exceptions 
+
+  # Download the configured controls-inputs 
+  kubescape download controls-inputs 
+
+`
+)
+
+func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
+	var downloadInfo = v1.DownloadInfo{}
+
+	downloadCmd := &cobra.Command{
+		Use:     "download <policy> <policy name>",
+		Short:   fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")),
+		Long:    ``,
+		Example: downloadExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			supported := strings.Join(core.DownloadSupportCommands(), ",")
+			if len(args) < 1 {
+				return fmt.Errorf("policy type required, supported: %v", supported)
+			}
+			if cautils.StringInSlice(core.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
+				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if filepath.Ext(downloadInfo.Path) == ".json" {
+				downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
+			}
+			downloadInfo.Target = args[0]
+			if len(args) >= 2 {
+				downloadInfo.Name = args[1]
+			}
+			if err := ks.Download(&downloadInfo); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")
+
+	return downloadCmd
+}
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -0,0 +1,69 @@
+package list
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var (
+	listExample = `
+  # List default supported frameworks names
+  kubescape list frameworks
+  
+  # List all supported frameworks names
+  kubescape list frameworks --account <account id>
+	
+  # List all supported controls names
+  kubescape list controls
+
+  # List all supported controls ids
+  kubescape list controls --id 
+  
+  Control documentation:
+  https://hub.armo.cloud/docs/controls
+`
+)
+
+func GetListCmd(ks meta.IKubescape) *cobra.Command {
+	var listPolicies = v1.ListPolicies{}
+
+	listCmd := &cobra.Command{
+		Use:     "list <policy> [flags]",
+		Short:   "List frameworks/controls will list the supported frameworks and controls",
+		Long:    ``,
+		Example: listExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			supported := strings.Join(core.ListSupportActions(), ",")
+
+			if len(args) < 1 {
+				return fmt.Errorf("policy type requeued, supported: %s", supported)
+			}
+			if cautils.StringInSlice(core.ListSupportActions(), args[0]) == cautils.ValueNotFound {
+				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			listPolicies.Target = args[0]
+
+			if err := ks.List(&listPolicies); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-printer'/'json'")
+	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")
+
+	return listCmd
+}
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -0,0 +1,86 @@
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/cmd/completion"
+	"github.com/armosec/kubescape/v2/cmd/config"
+	"github.com/armosec/kubescape/v2/cmd/delete"
+	"github.com/armosec/kubescape/v2/cmd/download"
+	"github.com/armosec/kubescape/v2/cmd/list"
+	"github.com/armosec/kubescape/v2/cmd/scan"
+	"github.com/armosec/kubescape/v2/cmd/submit"
+	"github.com/armosec/kubescape/v2/cmd/version"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+
+	"github.com/spf13/cobra"
+)
+
+var rootInfo cautils.RootInfo
+
+var ksExamples = `
+  # Scan command
+  kubescape scan --submit
+
+  # List supported frameworks
+  kubescape list frameworks
+
+  # Download artifacts (air-gapped environment support)
+  kubescape download artifacts
+
+  # View cached configurations
+  kubescape config view
+`
+
+func NewDefaultKubescapeCommand() *cobra.Command {
+	ks := core.NewKubescape()
+	return getRootCmd(ks)
+}
+
+func getRootCmd(ks meta.IKubescape) *cobra.Command {
+
+	rootCmd := &cobra.Command{
+		Use:     "kubescape",
+		Version: cautils.BuildNumber,
+		Short:   "Kubescape is a tool for testing Kubernetes security posture. Docs: https://hub.armo.cloud/docs",
+		Example: ksExamples,
+	}
+
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLsDep, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLs, "env", "", envFlagUsage)
+	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
+	rootCmd.PersistentFlags().MarkHidden("environment")
+	rootCmd.PersistentFlags().MarkHidden("env")
+
+	rootCmd.PersistentFlags().StringVar(&rootInfo.LoggerName, "logger-name", "", fmt.Sprintf("Logger name. Supported: %s [$KS_LOGGER_NAME]", strings.Join(logger.ListLoggersNames(), "/")))
+	rootCmd.PersistentFlags().MarkHidden("logger-name")
+
+	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
+	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
+
+	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
+
+	// Supported commands
+	rootCmd.AddCommand(scan.GetScanCommand(ks))
+	rootCmd.AddCommand(download.GeDownloadCmd(ks))
+	rootCmd.AddCommand(delete.GetDeleteCmd(ks))
+	rootCmd.AddCommand(list.GetListCmd(ks))
+	rootCmd.AddCommand(submit.GetSubmitCmd(ks))
+	rootCmd.AddCommand(completion.GetCompletionCmd())
+	rootCmd.AddCommand(version.GetVersionCmd())
+	rootCmd.AddCommand(config.GetConfigCmd(ks))
+
+	return rootCmd
+}
+
+func Execute() error {
+	ks := NewDefaultKubescapeCommand()
+	return ks.Execute()
+}
--- a/cmd/rootutils.go
+++ b/cmd/rootutils.go
@@ -0,0 +1,89 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+
+	"github.com/mattn/go-isatty"
+)
+
+const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
+
+func initLogger() {
+	logger.DisableColor(rootInfo.DisableColor)
+
+	if rootInfo.LoggerName == "" {
+		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+			rootInfo.LoggerName = l
+		} else {
+			if isatty.IsTerminal(os.Stdout.Fd()) {
+				rootInfo.LoggerName = "pretty"
+			} else {
+				rootInfo.LoggerName = "zap"
+			}
+		}
+	}
+
+	logger.InitLogger(rootInfo.LoggerName)
+
+}
+func initLoggerLevel() {
+	if rootInfo.Logger == helpers.InfoLevel.String() {
+	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+		rootInfo.Logger = l
+	}
+
+	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
+	}
+}
+
+func initCacheDir() {
+	if rootInfo.CacheDir != getter.DefaultLocalStore {
+		getter.DefaultLocalStore = rootInfo.CacheDir
+	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+		getter.DefaultLocalStore = cacheDir
+	} else {
+		return // using default cache dir location
+	}
+
+	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+}
+func initEnvironment() {
+	if rootInfo.ArmoBEURLs == "" {
+		rootInfo.ArmoBEURLs = rootInfo.ArmoBEURLsDep
+	}
+	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
+	}
+	switch len(urlSlices) {
+	case 1:
+		switch urlSlices[0] {
+		case "dev", "development":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+		case "stage", "staging":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+		case "":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+		default:
+			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+		}
+	case 2:
+		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+	case 3, 4:
+		var armoAUTHURL string
+		armoERURL := urlSlices[0] // mandatory
+		armoBEURL := urlSlices[1] // mandatory
+		armoFEURL := urlSlices[2] // mandatory
+		if len(urlSlices) >= 4 {
+			armoAUTHURL = urlSlices[3]
+		}
+		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+	}
+}
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -0,0 +1,106 @@
+package scan
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/enescakir/emoji"
+	"github.com/spf13/cobra"
+)
+
+var (
+	controlExample = `
+  # Scan the 'privileged container' control
+  kubescape scan control "privileged container"
+	
+  # Scan list of controls separated with a comma
+  kubescape scan control "privileged container","allowed hostpath"
+  
+  # Scan list of controls using the control ID separated with a comma
+  kubescape scan control C-0058,C-0057
+  
+  Run 'kubescape list controls' for the list of supported controls
+  
+  Control documentation:
+  https://hub.armo.cloud/docs/controls
+`
+)
+
+// controlCmd represents the control command
+func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
+	return &cobra.Command{
+		Use:     "control <control names list>/<control ids list>",
+		Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
+		Example: controlExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				controls := strings.Split(args[0], ",")
+				if len(controls) > 1 {
+					for _, control := range controls {
+						if control == "" {
+							return fmt.Errorf("usage: <control-0>,<control-1>")
+						}
+					}
+				}
+			} else {
+				return fmt.Errorf("requires at least one control name")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			// flagValidationControl(scanInfo)
+			scanInfo.PolicyIdentifier = []cautils.PolicyIdentifier{}
+
+			if len(args) == 0 {
+				scanInfo.ScanAll = true
+			} else { // expected control or list of control sepparated by ","
+
+				// Read controls from input args
+				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), apisv1.KindControl)
+
+				if len(args) > 1 {
+					if len(args[1:]) == 0 || args[1] != "-" {
+						scanInfo.InputPatterns = []string{args[1]}
+					} else { // store stdin to file - do NOT move to separate function !!
+						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
+						if err != nil {
+							return err
+						}
+						defer os.Remove(tempFile.Name())
+
+						if _, err := io.Copy(tempFile, os.Stdin); err != nil {
+							return err
+						}
+						scanInfo.InputPatterns = []string{tempFile.Name()}
+					}
+				}
+			}
+
+			scanInfo.FrameworkScan = false
+
+			results, err := ks.Scan(scanInfo)
+			if err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if err := results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+			}
+			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
+			}
+			return nil
+		},
+	}
+}
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -0,0 +1,128 @@
+package scan
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/enescakir/emoji"
+	"github.com/spf13/cobra"
+)
+
+var (
+	frameworkExample = `
+  # Scan all frameworks and submit the results
+  kubescape scan framework all --submit
+  
+  # Scan the NSA framework
+  kubescape scan framework nsa
+  
+  # Scan the NSA and MITRE framework
+  kubescape scan framework nsa,mitre
+  
+  # Scan all frameworks
+  kubescape scan framework all
+
+  # Scan kubernetes YAML manifest files (single file or glob)
+  kubescape scan framework nsa *.yaml
+
+  Run 'kubescape list frameworks' for the list of supported frameworks
+`
+)
+
+func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
+
+	return &cobra.Command{
+		Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
+		Short:   "The framework you wish to use. Run 'kubescape list frameworks' for the list of supported frameworks",
+		Example: frameworkExample,
+		Long:    "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				frameworks := strings.Split(args[0], ",")
+				if len(frameworks) > 1 {
+					for _, framework := range frameworks {
+						if framework == "" {
+							return fmt.Errorf("usage: <framework-0>,<framework-1>")
+						}
+					}
+				}
+			} else {
+				return fmt.Errorf("requires at least one framework name")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if err := flagValidationFramework(scanInfo); err != nil {
+				return err
+			}
+			scanInfo.FrameworkScan = true
+
+			var frameworks []string
+
+			if len(args) == 0 { // scan all frameworks
+				scanInfo.ScanAll = true
+			} else {
+				// Read frameworks from input args
+				frameworks = strings.Split(args[0], ",")
+				if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
+					scanInfo.ScanAll = true
+					frameworks = []string{}
+				}
+				if len(args) > 1 {
+					if len(args[1:]) == 0 || args[1] != "-" {
+						scanInfo.InputPatterns = []string{args[1]}
+					} else { // store stdin to file - do NOT move to separate function !!
+						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
+						if err != nil {
+							return err
+						}
+						defer os.Remove(tempFile.Name())
+
+						if _, err := io.Copy(tempFile, os.Stdin); err != nil {
+							return err
+						}
+						scanInfo.InputPatterns = []string{tempFile.Name()}
+					}
+				}
+			}
+			scanInfo.FrameworkScan = true
+
+			scanInfo.SetPolicyIdentifiers(frameworks, apisv1.KindFramework)
+
+			results, err := ks.Scan(scanInfo)
+			if err != nil {
+				logger.L().Fatal(err.Error())
+			}
+
+			if err = results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+			}
+			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
+			}
+			return nil
+		},
+	}
+}
+
+func flagValidationFramework(scanInfo *cautils.ScanInfo) error {
+	if scanInfo.Submit && scanInfo.Local {
+		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
+	}
+	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
+		return fmt.Errorf("bad argument: out of range threshold")
+	}
+	return nil
+}
--- a/clihandler/cmd/scan.go
+++ b/clihandler/cmd/scan.go
@@ -1,18 +1,19 @@
-package cmd
+package scan

 import (
+	"fmt"
+
 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )

-var scanInfo cautils.ScanInfo
-
 var scanCmdExamples = `
  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defind frameworks 
  
  # Scan current cluster with all frameworks
-  kubescape scan --submit --enable-host-scan
+  kubescape scan --submit --enable-host-scan --verbose

  # Scan kubernetes YAML manifest files
  kubescape scan *.yaml
@@ -28,65 +29,76 @@ var scanCmdExamples = `
  
 `

-// scanCmd represents the scan command
-var scanCmd = &cobra.Command{
-	Use:     "scan",
-	Short:   "Scan the current running cluster or yaml files",
-	Long:    `The action you want to perform`,
-	Example: scanCmdExamples,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			if args[0] != "framework" && args[0] != "control" {
-				scanInfo.ScanAll = true
-				return frameworkCmd.RunE(cmd, append([]string{"all"}, args...))
+func GetScanCommand(ks meta.IKubescape) *cobra.Command {
+	var scanInfo cautils.ScanInfo
+
+	// scanCmd represents the scan command
+	scanCmd := &cobra.Command{
+		Use:     "scan",
+		Short:   "Scan the current running cluster or yaml files",
+		Long:    `The action you want to perform`,
+		Example: scanCmdExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				if args[0] != "framework" && args[0] != "control" {
+					scanInfo.ScanAll = true
+					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{"all"}, args...))
+				}
 			}
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if len(args) == 0 {
-			scanInfo.ScanAll = true
-			return frameworkCmd.RunE(cmd, []string{"all"})
-		}
-		return nil
-	},
-}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {

-func frameworkInitConfig() {
-	k8sinterface.SetClusterContextName(scanInfo.KubeContext)
-}
-func init() {
+			if len(args) == 0 {
+				scanInfo.ScanAll = true
+				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{"all"})
+			}
+			return nil
+		},
+		PreRun: func(cmd *cobra.Command, args []string) {
+			k8sinterface.SetClusterContextName(scanInfo.KubeContext)
+		},
+		PostRun: func(cmd *cobra.Command, args []string) {
+			// TODO - revert context
+		},
+	}

-	cobra.OnInitialize(frameworkInitConfig)
-
-	rootCmd.AddCommand(scanCmd)
-
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")
 	scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer","json","junit","prometheus","pdf"`)
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html"`)
 	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to Armo backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to ARMO backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.VerboseMode, "verbose", false, "Display all of the input resources and not only failed resources")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display all of the input resources and not only failed resources")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.View, "view", string(cautils.ResourceViewType), fmt.Sprintf("View results based on the %s/%s. default is --view=%s", cautils.ResourceViewType, cautils.ControlViewType, cautils.ResourceViewType))
 	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
 	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host sensor DaemonSet. Use this flag cautiously")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to ARMO management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host scanner DaemonSet. Use this flag cautiously")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")

+	// Deprecated flags - remove 1.May.2022
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
+	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")
+
 	// hidden flags
-	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemoSet can not run pods on the nodes
+	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes
 	scanCmd.PersistentFlags().MarkHidden("silent")         // this flag should be deprecated since we added the --logger support
 	// scanCmd.PersistentFlags().MarkHidden("format-version") // meant for testing different output approaches and not for common use

-	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valueable data from cluster nodes for certain controls. Yaml file: https://raw.githubusercontent.com/armosec/kubescape/master/hostsensorutils/hostsensor.yaml")
+	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/armosec/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
 	hostF.NoOptDefVal = "true"
 	hostF.DefValue = "false, for no TTY in stdin"

+	scanCmd.AddCommand(getControlCmd(ks, &scanInfo))
+	scanCmd.AddCommand(getFrameworkCmd(ks, &scanInfo))
+
+	return scanCmd
 }
--- a/cmd/submit/exceptions.go
+++ b/cmd/submit/exceptions.go
@@ -0,0 +1,29 @@
+package submit
+
+import (
+	"fmt"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:   "exceptions <full path to exceptins file>",
+		Short: "Submit exceptions to the Kubescape SaaS version",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing full path to exceptions file")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.SubmitExceptions(&submitInfo.Credentials, args[0]); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/submit/rbac.go
+++ b/cmd/submit/rbac.go
@@ -0,0 +1,68 @@
+package submit
+
+import (
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+
+	reporterv1 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v1"
+
+	"github.com/armosec/rbac-utils/rbacscanner"
+	"github.com/spf13/cobra"
+)
+
+// getRBACCmd represents the RBAC command
+func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:   "rbac \nExample:\n$ kubescape submit rbac",
+		Short: "Submit cluster's Role-Based Access Control(RBAC)",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			k8s := k8sinterface.NewKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			// list RBAC
+			rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetContextName()))
+
+			// submit resources
+			r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: rbacObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+
+}
+
+// getKubernetesApi
+func getKubernetesApi() *k8sinterface.KubernetesApi {
+	if !k8sinterface.IsConnectedToCluster() {
+		return nil
+	}
+	return k8sinterface.NewKubernetesApi()
+}
+func getTenantConfig(credentials *cautils.Credentials, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
+		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), credentials, clusterName)
+	}
+	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), credentials, clusterName)
+}
--- a/cmd/submit/results.go
+++ b/cmd/submit/results.go
@@ -0,0 +1,119 @@
+package submit
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
+	reporterv1 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v1"
+	reporterv2 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v2"
+
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/google/uuid"
+	"github.com/spf13/cobra"
+)
+
+var formatVersion string
+
+type ResultsObject struct {
+	filePath     string
+	customerGUID string
+	clusterName  string
+}
+
+func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
+	return &ResultsObject{
+		filePath:     filePath,
+		customerGUID: customerGUID,
+		clusterName:  clusterName,
+	}
+}
+
+func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandling.PostureReport, error) {
+	// load framework results from json file
+	frameworkReports, err := loadResultsFromFile(resultsObject.filePath)
+	if err != nil {
+		return nil, err
+	}
+	return &reporthandling.PostureReport{
+		FrameworkReports:     frameworkReports,
+		ReportID:             uuid.NewString(),
+		ReportGenerationTime: time.Now().UTC(),
+		CustomerGUID:         resultsObject.customerGUID,
+		ClusterName:          resultsObject.clusterName,
+	}, nil
+}
+
+func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
+	return map[string]workloadinterface.IMetadata{}, nil
+}
+
+func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	var resultsCmd = &cobra.Command{
+		Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json --format-version v2",
+		Short: "Submit a pre scanned results file. The file must be in json format",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				return fmt.Errorf("missing results file")
+			}
+
+			k8s := getKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetContextName(), args[0])
+
+			// submit resources
+			var r reporter.IReport
+			switch formatVersion {
+			case "v2":
+				r = reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj(), "")
+			default:
+				logger.L().Warning("Deprecated results version. run with '--format-version' flag", helpers.String("your version", formatVersion), helpers.String("latest version", "v2"))
+				r = reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+			}
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: resultsObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+
+	return resultsCmd
+}
+func loadResultsFromFile(filePath string) ([]reporthandling.FrameworkReport, error) {
+	frameworkReports := []reporthandling.FrameworkReport{}
+	f, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, err
+	}
+	if err = json.Unmarshal(f, &frameworkReports); err != nil {
+		frameworkReport := reporthandling.FrameworkReport{}
+		if err = json.Unmarshal(f, &frameworkReport); err != nil {
+			return frameworkReports, err
+		}
+		frameworkReports = append(frameworkReports, frameworkReport)
+	}
+	return frameworkReports, nil
+}
--- a/cmd/submit/submit.go
+++ b/cmd/submit/submit.go
@@ -0,0 +1,32 @@
+package submit
+
+import (
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var submitCmdExamples = `
+
+`
+
+func GetSubmitCmd(ks meta.IKubescape) *cobra.Command {
+	var submitInfo metav1.Submit
+
+	submitCmd := &cobra.Command{
+		Use:   "submit <command>",
+		Short: "Submit an object to the Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+
+	submitCmd.AddCommand(getExceptionsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getResultsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getRBACCmd(ks, &submitInfo))
+
+	return submitCmd
+}
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@@ -0,0 +1,24 @@
+package version
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/spf13/cobra"
+)
+
+func GetVersionCmd() *cobra.Command {
+	versionCmd := &cobra.Command{
+		Use:   "version",
+		Short: "Get current version",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			v := cautils.NewIVersionCheckHandler()
+			v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
+			fmt.Fprintln(os.Stdout, "Your current version is: "+cautils.BuildNumber)
+			return nil
+		},
+	}
+	return versionCmd
+}
--- a/core/README.md
+++ b/core/README.md
@@ -0,0 +1,14 @@
+# Kubescape core package
+
+```go
+
+// initialize kubescape
+ks := core.NewKubescape()
+
+// scan cluster
+results, err := ks.Scan(&cautils.ScanInfo{})
+
+// convert scan results to json
+jsonRes, err := results.ToJson()
+
+```
--- a/core/cautils/customerloader.go
+++ b/core/cautils/customerloader.go
@@ -10,7 +10,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	corev1 "k8s.io/api/core/v1"
 )

@@ -66,8 +67,12 @@ type ITenantConfig interface {
 	DeleteCachedConfig() error

 	// getters
-	GetClusterName() string
+	GetContextName() string
 	GetAccountID() string
+	GetTenantEmail() string
+	GetToken() string
+	GetClientID() string
+	GetSecretKey() string
 	GetConfigObj() *ConfigObj
 	// GetBackendAPI() getter.IBackend
 	// GenerateURL()
@@ -84,8 +89,8 @@ type LocalConfig struct {
 	configObj  *ConfigObj
 }

-func NewLocalConfig(backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig {
-	var configObj *ConfigObj
+func NewLocalConfig(
+	backendAPI getter.IBackend, credentials *Credentials, clusterName string) *LocalConfig {

 	lc := &LocalConfig{
 		backendAPI: backendAPI,
@@ -93,20 +98,14 @@ func NewLocalConfig(backendAPI getter.IBackend, customerGUID, clusterName string
 	}
 	// get from configMap
 	if existsConfigFile() { // get from file
-		configObj, _ = loadConfigFromFile()
-	} else {
-		configObj = &ConfigObj{}
-	}
-	if configObj != nil {
-		lc.configObj = configObj
-	}
-	if customerGUID != "" {
-		lc.configObj.AccountID = customerGUID // override config customerGUID
+		loadConfigFromFile(lc.configObj)
 	}
+
+	updateCredentials(lc.configObj, credentials)
+
 	if clusterName != "" {
 		lc.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
 	}
-	getAccountFromEnv(lc.configObj)

 	lc.backendAPI.SetAccountID(lc.configObj.AccountID)
 	lc.backendAPI.SetClientID(lc.configObj.ClientID)
@@ -116,8 +115,12 @@ func NewLocalConfig(backendAPI getter.IBackend, customerGUID, clusterName string
 }

 func (lc *LocalConfig) GetConfigObj() *ConfigObj { return lc.configObj }
+func (lc *LocalConfig) GetTenantEmail() string   { return lc.configObj.CustomerAdminEMail }
 func (lc *LocalConfig) GetAccountID() string     { return lc.configObj.AccountID }
-func (lc *LocalConfig) GetClusterName() string   { return lc.configObj.ClusterName }
+func (lc *LocalConfig) GetClientID() string      { return lc.configObj.ClientID }
+func (lc *LocalConfig) GetSecretKey() string     { return lc.configObj.SecretKey }
+func (lc *LocalConfig) GetContextName() string   { return lc.configObj.ClusterName }
+func (lc *LocalConfig) GetToken() string         { return lc.configObj.Token }
 func (lc *LocalConfig) IsConfigFound() bool      { return existsConfigFile() }
 func (lc *LocalConfig) SetTenant() error {

@@ -134,7 +137,10 @@ func (lc *LocalConfig) UpdateCachedConfig() error {
 }

 func (lc *LocalConfig) DeleteCachedConfig() error {
-	return DeleteConfigFile()
+	if err := DeleteConfigFile(); err != nil {
+		logger.L().Warning(err.Error())
+	}
+	return nil
 }

 func getTenantConfigFromBE(backendAPI getter.IBackend, configObj *ConfigObj) error {
@@ -183,8 +189,8 @@ type ClusterConfig struct {
 	configObj          *ConfigObj
 }

-func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, customerGUID, clusterName string) *ClusterConfig {
-	var configObj *ConfigObj
+func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, credentials *Credentials, clusterName string) *ClusterConfig {
+	// var configObj *ConfigObj
 	c := &ClusterConfig{
 		k8s:                k8s,
 		backendAPI:         backendAPI,
@@ -193,26 +199,23 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 		configMapNamespace: getConfigMapNamespace(),
 	}

-	// get from configMap
+	// first, load from configMap
 	if c.existsConfigMap() {
-		configObj, _ = c.loadConfigFromConfigMap()
+		c.loadConfigFromConfigMap()
 	}
-	if configObj == nil && existsConfigFile() { // get from file
-		configObj, _ = loadConfigFromFile()
-	}
-	if configObj != nil {
-		c.configObj = configObj
-	}
-	if customerGUID != "" {
-		c.configObj.AccountID = customerGUID // override config customerGUID
+
+	// second, load from file
+	if existsConfigFile() { // get from file
+		loadConfigFromFile(c.configObj)
 	}
+	updateCredentials(c.configObj, credentials)
+
 	if clusterName != "" {
 		c.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
 	}
-	getAccountFromEnv(c.configObj)

 	if c.configObj.ClusterName == "" {
-		c.configObj.ClusterName = AdoptClusterName(k8sinterface.GetClusterName())
+		c.configObj.ClusterName = AdoptClusterName(k8sinterface.GetContextName())
 	} else { // override the cluster name if it has unwanted characters
 		c.configObj.ClusterName = AdoptClusterName(c.configObj.ClusterName)
 	}
@@ -227,6 +230,10 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 func (c *ClusterConfig) GetConfigObj() *ConfigObj { return c.configObj }
 func (c *ClusterConfig) GetDefaultNS() string     { return c.configMapNamespace }
 func (c *ClusterConfig) GetAccountID() string     { return c.configObj.AccountID }
+func (c *ClusterConfig) GetClientID() string      { return c.configObj.ClientID }
+func (c *ClusterConfig) GetSecretKey() string     { return c.configObj.SecretKey }
+func (c *ClusterConfig) GetTenantEmail() string   { return c.configObj.CustomerAdminEMail }
+func (c *ClusterConfig) GetToken() string         { return c.configObj.Token }
 func (c *ClusterConfig) IsConfigFound() bool      { return existsConfigFile() || c.existsConfigMap() }

 func (c *ClusterConfig) SetTenant() error {
@@ -256,14 +263,14 @@ func (c *ClusterConfig) UpdateCachedConfig() error {

 func (c *ClusterConfig) DeleteCachedConfig() error {
 	if err := c.deleteConfigMap(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	if err := DeleteConfigFile(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	return nil
 }
-func (c *ClusterConfig) GetClusterName() string {
+func (c *ClusterConfig) GetContextName() string {
 	return c.configObj.ClusterName
 }

@@ -274,18 +281,26 @@ func (c *ClusterConfig) ToMapString() map[string]interface{} {
 	}
 	return m
 }
-func (c *ClusterConfig) loadConfigFromConfigMap() (*ConfigObj, error) {
+func (c *ClusterConfig) loadConfigFromConfigMap() error {
 	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
 	if err != nil {
-		return nil, err
+		return err
 	}

-	if bData, err := json.Marshal(configMap.Data); err == nil {
-		return readConfig(bData)
-	}
-	return nil, nil
+	return loadConfigFromData(c.configObj, configMap.Data)
 }

+func loadConfigFromData(co *ConfigObj, data map[string]string) error {
+	var e error
+	if jsonConf, ok := data["config.json"]; ok {
+		e = readConfig([]byte(jsonConf), co)
+	}
+	if bData, err := json.Marshal(data); err == nil {
+		e = readConfig(bData, co)
+	}
+
+	return e
+}
 func (c *ClusterConfig) existsConfigMap() bool {
 	_, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
 	// TODO - check if has customerGUID
@@ -323,27 +338,6 @@ func GetValueFromConfigJson(key string) (string, error) {

 }

-func SetKeyValueInConfigJson(key string, value string) error {
-	data, err := os.ReadFile(ConfigFileFullPath())
-	if err != nil {
-		return err
-	}
-	var obj map[string]interface{}
-	err = json.Unmarshal(data, &obj)
-
-	if err != nil {
-		return err
-	}
-	obj[key] = value
-	newData, err := json.Marshal(obj)
-	if err != nil {
-		return err
-	}
-
-	return os.WriteFile(ConfigFileFullPath(), newData, 0664)
-
-}
-
 func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error {

 	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
@@ -424,28 +418,27 @@ func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) {
 		}
 	}
 }
-func loadConfigFromFile() (*ConfigObj, error) {
+func loadConfigFromFile(configObj *ConfigObj) error {
 	dat, err := os.ReadFile(ConfigFileFullPath())
 	if err != nil {
-		return nil, err
+		return err
 	}
-
-	return readConfig(dat)
+	return readConfig(dat, configObj)
 }
-func readConfig(dat []byte) (*ConfigObj, error) {
+func readConfig(dat []byte, configObj *ConfigObj) error {

 	if len(dat) == 0 {
-		return nil, nil
+		return nil
 	}
-	configObj := &ConfigObj{}
+
 	if err := json.Unmarshal(dat, configObj); err != nil {
-		return nil, err
+		return err
 	}
 	if configObj.AccountID == "" {
 		configObj.AccountID = configObj.CustomerGUID
 	}
 	configObj.CustomerGUID = ""
-	return configObj, nil
+	return nil
 }

 // Check if the customer is submitted
@@ -492,15 +485,34 @@ func getConfigMapNamespace() string {
 	return "default"
 }

-func getAccountFromEnv(configObj *ConfigObj) {
+func getAccountFromEnv(credentials *Credentials) {
 	// load from env
-	if accountID := os.Getenv("KS_ACCOUNT_ID"); accountID != "" {
-		configObj.AccountID = accountID
+	if accountID := os.Getenv("KS_ACCOUNT_ID"); credentials.Account != "" && accountID != "" {
+		credentials.Account = accountID
 	}
-	if clientID := os.Getenv("KS_CLIENT_ID"); clientID != "" {
-		configObj.ClientID = clientID
+	if clientID := os.Getenv("KS_CLIENT_ID"); credentials.ClientID != "" && clientID != "" {
+		credentials.ClientID = clientID
 	}
-	if secretKey := os.Getenv("KS_SECRET_KEY"); secretKey != "" {
-		configObj.SecretKey = secretKey
+	if secretKey := os.Getenv("KS_SECRET_KEY"); credentials.SecretKey != "" && secretKey != "" {
+		credentials.SecretKey = secretKey
 	}
 }
+
+func updateCredentials(configObj *ConfigObj, credentials *Credentials) {
+
+	if credentials == nil {
+		credentials = &Credentials{}
+	}
+	getAccountFromEnv(credentials)
+
+	if credentials.Account != "" {
+		configObj.AccountID = credentials.Account // override config Account
+	}
+	if credentials.ClientID != "" {
+		configObj.ClientID = credentials.ClientID // override config ClientID
+	}
+	if credentials.SecretKey != "" {
+		configObj.SecretKey = credentials.SecretKey // override config SecretKey
+	}
+
+}
--- a/core/cautils/customerloader_test.go
+++ b/core/cautils/customerloader_test.go
@@ -0,0 +1,193 @@
+package cautils
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+)
+
+func mockConfigObj() *ConfigObj {
+	return &ConfigObj{
+		AccountID:          "aaa",
+		ClientID:           "bbb",
+		SecretKey:          "ccc",
+		ClusterName:        "ddd",
+		CustomerAdminEMail: "ab@cd",
+		Token:              "eee",
+	}
+}
+func mockLocalConfig() *LocalConfig {
+	return &LocalConfig{
+		backendAPI: nil,
+		configObj:  mockConfigObj(),
+	}
+}
+
+func mockClusterConfig() *ClusterConfig {
+	return &ClusterConfig{
+		backendAPI: nil,
+		configObj:  mockConfigObj(),
+	}
+}
+func TestConfig(t *testing.T) {
+	co := mockConfigObj()
+	cop := ConfigObj{}
+
+	assert.NoError(t, json.Unmarshal(co.Config(), &cop))
+	assert.Equal(t, co.AccountID, cop.AccountID)
+	assert.Equal(t, co.ClientID, cop.ClientID)
+	assert.Equal(t, co.SecretKey, cop.SecretKey)
+	assert.Equal(t, "", cop.ClusterName)        // Not copied to bytes
+	assert.Equal(t, "", cop.CustomerAdminEMail) // Not copied to bytes
+	assert.Equal(t, "", cop.Token)              // Not copied to bytes
+
+}
+
+func TestITenantConfig(t *testing.T) {
+	var lc ITenantConfig
+	var c ITenantConfig
+	lc = mockLocalConfig()
+	c = mockClusterConfig()
+
+	co := mockConfigObj()
+
+	// test LocalConfig methods
+	assert.Equal(t, co.AccountID, lc.GetAccountID())
+	assert.Equal(t, co.ClientID, lc.GetClientID())
+	assert.Equal(t, co.SecretKey, lc.GetSecretKey())
+	assert.Equal(t, co.ClusterName, lc.GetContextName())
+	assert.Equal(t, co.CustomerAdminEMail, lc.GetTenantEmail())
+	assert.Equal(t, co.Token, lc.GetToken())
+
+	// test ClusterConfig methods
+	assert.Equal(t, co.AccountID, c.GetAccountID())
+	assert.Equal(t, co.ClientID, c.GetClientID())
+	assert.Equal(t, co.SecretKey, c.GetSecretKey())
+	assert.Equal(t, co.ClusterName, c.GetContextName())
+	assert.Equal(t, co.CustomerAdminEMail, c.GetTenantEmail())
+	assert.Equal(t, co.Token, c.GetToken())
+}
+
+func TestUpdateConfigData(t *testing.T) {
+	c := mockClusterConfig()
+
+	configMap := &corev1.ConfigMap{}
+
+	c.updateConfigData(configMap)
+
+	assert.Equal(t, c.GetAccountID(), configMap.Data["accountID"])
+	assert.Equal(t, c.GetClientID(), configMap.Data["clientID"])
+	assert.Equal(t, c.GetSecretKey(), configMap.Data["secretKey"])
+}
+
+func TestReadConfig(t *testing.T) {
+	com := mockConfigObj()
+	co := &ConfigObj{}
+
+	b, e := json.Marshal(com)
+	assert.NoError(t, e)
+
+	readConfig(b, co)
+
+	assert.Equal(t, com.AccountID, co.AccountID)
+	assert.Equal(t, com.ClientID, co.ClientID)
+	assert.Equal(t, com.SecretKey, co.SecretKey)
+	assert.Equal(t, com.ClusterName, co.ClusterName)
+	assert.Equal(t, com.CustomerAdminEMail, co.CustomerAdminEMail)
+	assert.Equal(t, com.Token, co.Token)
+}
+
+func TestLoadConfigFromData(t *testing.T) {
+
+	// use case: all data is in base config
+	{
+		c := mockClusterConfig()
+		co := mockConfigObj()
+
+		configMap := &corev1.ConfigMap{}
+
+		c.updateConfigData(configMap)
+
+		c.configObj = &ConfigObj{}
+
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, c.GetAccountID(), co.AccountID)
+		assert.Equal(t, c.GetClientID(), co.ClientID)
+		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
+		assert.Equal(t, c.GetContextName(), co.ClusterName)
+		assert.Equal(t, c.GetTenantEmail(), co.CustomerAdminEMail)
+		assert.Equal(t, c.GetToken(), co.Token)
+	}
+
+	// use case: all data is in config.json
+	{
+		c := mockClusterConfig()
+
+		co := mockConfigObj()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		c.configObj = &ConfigObj{}
+
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, c.GetAccountID(), co.AccountID)
+		assert.Equal(t, c.GetClientID(), co.ClientID)
+		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
+	}
+
+	// use case: some data is in config.json
+	{
+		c := mockClusterConfig()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		// add to map
+		configMap.Data["clientID"] = c.configObj.ClientID
+		configMap.Data["secretKey"] = c.configObj.SecretKey
+
+		// delete the content
+		c.configObj.ClientID = ""
+		c.configObj.SecretKey = ""
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.NotEmpty(t, c.GetAccountID())
+		assert.NotEmpty(t, c.GetClientID())
+		assert.NotEmpty(t, c.GetSecretKey())
+	}
+
+	// use case: some data is in config.json
+	{
+		c := mockClusterConfig()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		c.configObj.AccountID = "tttt"
+
+		// add to map
+		configMap.Data["accountID"] = mockConfigObj().AccountID
+		configMap.Data["clientID"] = c.configObj.ClientID
+		configMap.Data["secretKey"] = c.configObj.SecretKey
+
+		// delete the content
+		c.configObj.ClientID = ""
+		c.configObj.SecretKey = ""
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, mockConfigObj().AccountID, c.GetAccountID())
+		assert.NotEmpty(t, c.GetClientID())
+		assert.NotEmpty(t, c.GetSecretKey())
+	}
+
+}
--- a/core/cautils/datastructures.go
+++ b/core/cautils/datastructures.go
@@ -0,0 +1,88 @@
+package cautils
+
+import (
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/opa-utils/reporthandling"
+	apis "github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+)
+
+// K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
+type K8SResources map[string][]string
+type ArmoResources map[string][]string
+
+type OPASessionObj struct {
+	K8SResources          *K8SResources                          // input k8s objects
+	ArmoResource          *ArmoResources                         // input ARMO objects
+	Policies              []reporthandling.Framework             // list of frameworks to scan
+	AllResources          map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
+	ResourcesResult       map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
+	ResourceSource        map[string]reporthandling.Source       // resources sources, map[<rtesource ID>]<resource result>
+	PostureReport         *reporthandling.PostureReport          // scan results v1 - Remove
+	Report                *reporthandlingv2.PostureReport        // scan results v2 - Remove
+	Exceptions            []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
+	RegoInputData         RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
+	Metadata              *reporthandlingv2.Metadata
+	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
+	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
+	SessionID             string                     // SessionID
+}
+
+func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
+	return &OPASessionObj{
+		Report:                &reporthandlingv2.PostureReport{},
+		Policies:              frameworks,
+		K8SResources:          k8sResources,
+		AllResources:          make(map[string]workloadinterface.IMetadata),
+		ResourcesResult:       make(map[string]resourcesresults.Result),
+		InfoMap:               make(map[string]apis.StatusInfo),
+		ResourceToControlsMap: make(map[string][]string),
+		ResourceSource:        make(map[string]reporthandling.Source),
+		SessionID:             scanInfo.ScanID,
+		PostureReport: &reporthandling.PostureReport{
+			ClusterName:  ClusterName,
+			CustomerGUID: CustomerGUID,
+		},
+		Metadata: scanInfoToScanMetadata(scanInfo),
+	}
+}
+
+func NewOPASessionObjMock() *OPASessionObj {
+	return &OPASessionObj{
+		Policies:        nil,
+		K8SResources:    nil,
+		AllResources:    make(map[string]workloadinterface.IMetadata),
+		ResourcesResult: make(map[string]resourcesresults.Result),
+		Report:          &reporthandlingv2.PostureReport{},
+		PostureReport: &reporthandling.PostureReport{
+			ClusterName:  "",
+			CustomerGUID: "",
+			ReportID:     "",
+			JobID:        "",
+		},
+	}
+}
+
+type ComponentConfig struct {
+	Exceptions Exception `json:"exceptions"`
+}
+
+type Exception struct {
+	Ignore        *bool                      `json:"ignore"`        // ignore test results
+	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
+	Namespaces    []string                   `json:"namespaces"`
+	Regex         string                     `json:"regex"` // not supported
+}
+
+type RegoInputData struct {
+	PostureControlInputs map[string][]string `json:"postureControlInputs"`
+	// ClusterName          string              `json:"clusterName"`
+	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
+}
+
+type Policies struct {
+	Frameworks []string
+	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
+}
--- a/core/cautils/datastructuresmethods.go
+++ b/core/cautils/datastructuresmethods.go
@@ -1,9 +1,10 @@
 package cautils

 import (
-	pkgcautils "github.com/armosec/utils-go/utils"
+	"golang.org/x/mod/semver"

 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/utils-go/boolutils"
 )

 func NewPolicies() *Policies {
@@ -39,7 +40,7 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 		return false
 	}
 	if s, ok := attributes["armoOpa"]; ok { // TODO - make global
-		return pkgcautils.StringToBool(s.(string))
+		return boolutils.StringToBool(s.(string))
 	}
 	return false
 }
@@ -50,17 +51,16 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 func isRuleKubescapeVersionCompatible(attributes map[string]interface{}, version string) bool {
 	if from, ok := attributes["useFromKubescapeVersion"]; ok && from != nil {
 		if version != "" {
-			if from.(string) > BuildNumber {
+			if semver.Compare(version, from.(string)) == -1 {
 				return false
 			}
 		}
 	}
 	if until, ok := attributes["useUntilKubescapeVersion"]; ok && until != nil {
-		if version != "" {
-			if until.(string) <= BuildNumber {
-				return false
-			}
-		} else {
+		if version == "" {
+			return false
+		}
+		if semver.Compare(version, until.(string)) >= 0 {
 			return false
 		}
 	}
--- a/core/cautils/display.go
+++ b/core/cautils/display.go
@@ -4,21 +4,11 @@ import (
 	"os"
 	"time"

-	"github.com/briandowns/spinner"
+	spinnerpkg "github.com/briandowns/spinner"
 	"github.com/fatih/color"
 	"github.com/mattn/go-isatty"
 )

-var silent = false
-
-func SetSilentMode(s bool) {
-	silent = s
-}
-
-func IsSilent() bool {
-	return silent
-}
-
 var FailureDisplay = color.New(color.Bold, color.FgHiRed).FprintfFunc()
 var WarningDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
 var FailureTextDisplay = color.New(color.Faint, color.FgHiRed).FprintfFunc()
@@ -28,18 +18,24 @@ var SimpleDisplay = color.New().FprintfFunc()
 var SuccessDisplay = color.New(color.Bold, color.FgHiGreen).FprintfFunc()
 var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()

-var Spinner *spinner.Spinner
+var spinner *spinnerpkg.Spinner

 func StartSpinner() {
-	if !IsSilent() && isatty.IsTerminal(os.Stdout.Fd()) {
-		Spinner = spinner.New(spinner.CharSets[7], 100*time.Millisecond) // Build our new spinner
-		Spinner.Start()
+	if spinner != nil {
+		if !spinner.Active() {
+			spinner.Start()
+		}
+		return
+	}
+	if isatty.IsTerminal(os.Stdout.Fd()) {
+		spinner = spinnerpkg.New(spinnerpkg.CharSets[7], 100*time.Millisecond) // Build our new spinner
+		spinner.Start()
 	}
 }

 func StopSpinner() {
-	if Spinner == nil {
+	if spinner == nil || !spinner.Active() {
 		return
 	}
-	Spinner.Stop()
+	spinner.Stop()
 }
--- a/core/cautils/environments.go
+++ b/core/cautils/environments.go
@@ -0,0 +1,7 @@
+package cautils
+
+// CA environment vars
+var (
+	CustomerGUID = ""
+	ClusterName  = ""
+)
--- a/core/cautils/fileutils.go
+++ b/core/cautils/fileutils.go
@@ -0,0 +1,338 @@
+package cautils
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/opa-utils/objectsenvelopes"
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"gopkg.in/yaml.v2"
+)
+
+var (
+	YAML_PREFIX = []string{"yaml", "yml"}
+	JSON_PREFIX = []string{"json"}
+)
+
+type FileFormat string
+
+const (
+	YAML_FILE_FORMAT FileFormat = "yaml"
+	JSON_FILE_FORMAT FileFormat = "json"
+)
+
+// LoadResourcesFromHelmCharts scans a given path (recuresively) for helm charts, renders the templates and returns a list of workloads
+func LoadResourcesFromHelmCharts(basePath string) map[string][]workloadinterface.IMetadata {
+	directories, _ := listDirs(basePath)
+	helmDirectories := make([]string, 0)
+	for _, dir := range directories {
+		if ok, _ := IsHelmDirectory(dir); ok {
+			helmDirectories = append(helmDirectories, dir)
+		}
+	}
+
+	result := map[string][]workloadinterface.IMetadata{}
+	for _, helmDir := range helmDirectories {
+		chart, err := NewHelmChart(helmDir)
+		if err == nil {
+			wls, errs := chart.GetWorkloadsWithDefaultValues()
+			if len(errs) > 0 {
+				logger.L().Error(fmt.Sprintf("Rendering of Helm chart template failed: %v", errs))
+				continue
+			}
+
+			for k, v := range wls {
+				result[k] = v
+			}
+		}
+	}
+	return result
+}
+
+func LoadResourcesFromFiles(input, rootPath string) map[string][]workloadinterface.IMetadata {
+	files, errs := listFiles(input)
+	if len(errs) > 0 {
+		logger.L().Error(fmt.Sprintf("%v", errs))
+	}
+	if len(files) == 0 {
+		return nil
+	}
+
+	workloads, errs := loadFiles(rootPath, files)
+	if len(errs) > 0 {
+		logger.L().Error(fmt.Sprintf("%v", errs))
+	}
+
+	return workloads
+}
+
+func loadFiles(rootPath string, filePaths []string) (map[string][]workloadinterface.IMetadata, []error) {
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
+	errs := []error{}
+	for i := range filePaths {
+		f, err := loadFile(filePaths[i])
+		if err != nil {
+			errs = append(errs, err)
+			continue
+		}
+		if len(f) == 0 {
+			continue // empty file
+		}
+
+		w, e := ReadFile(f, GetFileFormat(filePaths[i]))
+		if e != nil {
+			logger.L().Debug("failed to read file", helpers.String("file", filePaths[i]), helpers.Error(e))
+		}
+		if len(w) != 0 {
+			path := filePaths[i]
+			if _, ok := workloads[path]; !ok {
+				workloads[path] = []workloadinterface.IMetadata{}
+			}
+			wSlice := workloads[path]
+			for j := range w {
+				lw := localworkload.NewLocalWorkload(w[j].GetObject())
+				if relPath, err := filepath.Rel(rootPath, path); err == nil {
+					lw.SetPath(relPath)
+				} else {
+					lw.SetPath(path)
+				}
+				wSlice = append(wSlice, lw)
+			}
+			workloads[path] = wSlice
+		}
+	}
+	return workloads, errs
+}
+
+func loadFile(filePath string) ([]byte, error) {
+	return os.ReadFile(filePath)
+}
+func ReadFile(fileContent []byte, fileFormat FileFormat) ([]workloadinterface.IMetadata, error) {
+
+	switch fileFormat {
+	case YAML_FILE_FORMAT:
+		return readYamlFile(fileContent)
+	case JSON_FILE_FORMAT:
+		return readJsonFile(fileContent)
+	default:
+		return nil, nil
+	}
+}
+
+// listFiles returns the list of absolute paths, full file path and list of errors. The list of abs paths and full path have the same length
+func listFiles(pattern string) ([]string, []error) {
+	return listFilesOrDirectories(pattern, false)
+}
+
+// listDirs returns the list of absolute paths, full directories path and list of errors. The list of abs paths and full path have the same length
+func listDirs(pattern string) ([]string, []error) {
+	return listFilesOrDirectories(pattern, true)
+}
+
+func listFilesOrDirectories(pattern string, onlyDirectories bool) ([]string, []error) {
+	var paths []string
+	errs := []error{}
+
+	if !filepath.IsAbs(pattern) {
+		o, _ := os.Getwd()
+		pattern = filepath.Join(o, pattern)
+	}
+
+	if !onlyDirectories && IsFile(pattern) {
+		paths = append(paths, pattern)
+		return paths, errs
+	}
+
+	root, shouldMatch := filepath.Split(pattern)
+
+	if IsDir(pattern) {
+		root = pattern
+		shouldMatch = "*"
+	}
+	if shouldMatch == "" {
+		shouldMatch = "*"
+	}
+
+	f, err := glob(root, shouldMatch, onlyDirectories)
+	if err != nil {
+		errs = append(errs, err)
+	} else {
+		paths = append(paths, f...)
+	}
+
+	return paths, errs
+}
+
+func readYamlFile(yamlFile []byte) ([]workloadinterface.IMetadata, error) {
+	defer recover()
+
+	r := bytes.NewReader(yamlFile)
+	dec := yaml.NewDecoder(r)
+	yamlObjs := []workloadinterface.IMetadata{}
+
+	var t interface{}
+	for dec.Decode(&t) == nil {
+		j := convertYamlToJson(t)
+		if j == nil {
+			continue
+		}
+		if obj, ok := j.(map[string]interface{}); ok {
+			if o := objectsenvelopes.NewObject(obj); o != nil {
+				if o.GetKind() == "List" {
+					yamlObjs = append(yamlObjs, handleListObject(o)...)
+				} else {
+					yamlObjs = append(yamlObjs, o)
+				}
+			}
+		}
+	}
+
+	return yamlObjs, nil
+}
+
+func readJsonFile(jsonFile []byte) ([]workloadinterface.IMetadata, error) {
+	workloads := []workloadinterface.IMetadata{}
+	var jsonObj interface{}
+	if err := json.Unmarshal(jsonFile, &jsonObj); err != nil {
+		return workloads, err
+	}
+
+	convertJsonToWorkload(jsonObj, &workloads)
+
+	return workloads, nil
+}
+func convertJsonToWorkload(jsonObj interface{}, workloads *[]workloadinterface.IMetadata) {
+
+	switch x := jsonObj.(type) {
+	case map[string]interface{}:
+		if o := objectsenvelopes.NewObject(x); o != nil {
+			(*workloads) = append(*workloads, o)
+		}
+	case []interface{}:
+		for i := range x {
+			convertJsonToWorkload(x[i], workloads)
+		}
+	}
+}
+func convertYamlToJson(i interface{}) interface{} {
+	switch x := i.(type) {
+	case map[interface{}]interface{}:
+		m2 := map[string]interface{}{}
+		for k, v := range x {
+			if s, ok := k.(string); ok {
+				m2[s] = convertYamlToJson(v)
+			}
+		}
+		return m2
+	case []interface{}:
+		for i, v := range x {
+			x[i] = convertYamlToJson(v)
+		}
+	}
+	return i
+}
+
+func IsYaml(filePath string) bool {
+	return StringInSlice(YAML_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
+}
+
+func IsJson(filePath string) bool {
+	return StringInSlice(JSON_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
+}
+
+func glob(root, pattern string, onlyDirectories bool) ([]string, error) {
+	var matches []string
+
+	err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// listing only directotries
+		if onlyDirectories {
+			if info.IsDir() {
+				if matched, err := filepath.Match(pattern, filepath.Base(path)); err != nil {
+					return err
+				} else if matched {
+					matches = append(matches, path)
+				}
+			}
+			return nil
+		}
+
+		// listing only files
+		if info.IsDir() {
+			return nil
+		}
+		fileFormat := GetFileFormat(path)
+		if !(fileFormat == JSON_FILE_FORMAT || fileFormat == YAML_FILE_FORMAT) {
+			return nil
+		}
+		if matched, err := filepath.Match(pattern, filepath.Base(path)); err != nil {
+			return err
+		} else if matched {
+			matches = append(matches, path)
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return matches, nil
+}
+
+// IsFile checks if a given path is a file
+func IsFile(name string) bool {
+	if fi, err := os.Stat(name); err == nil {
+		if fi.Mode().IsRegular() {
+			return true
+		}
+	}
+	return false
+}
+
+// IsDir checks if a given path is a directory
+func IsDir(name string) bool {
+	if info, err := os.Stat(name); err == nil {
+		if info.IsDir() {
+			return true
+		}
+	}
+	return false
+}
+
+func GetFileFormat(filePath string) FileFormat {
+	if IsYaml(filePath) {
+		return YAML_FILE_FORMAT
+	} else if IsJson(filePath) {
+		return JSON_FILE_FORMAT
+	} else {
+		return FileFormat(filePath)
+	}
+}
+
+// handleListObject handle a List manifest
+func handleListObject(obj workloadinterface.IMetadata) []workloadinterface.IMetadata {
+	yamlObjs := []workloadinterface.IMetadata{}
+	if i, ok := workloadinterface.InspectMap(obj.GetObject(), "items"); ok && i != nil {
+		if items, ok := i.([]interface{}); ok && items != nil {
+			for item := range items {
+				if m, ok := items[item].(map[string]interface{}); ok && m != nil {
+					if o := objectsenvelopes.NewObject(m); o != nil {
+						yamlObjs = append(yamlObjs, o)
+					}
+				}
+			}
+		}
+	}
+	return yamlObjs
+}
--- a/core/cautils/fileutils_test.go
+++ b/core/cautils/fileutils_test.go
@@ -0,0 +1,104 @@
+package cautils
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"github.com/stretchr/testify/assert"
+)
+
+func onlineBoutiquePath() string {
+	o, _ := os.Getwd()
+	return filepath.Join(filepath.Dir(o), "../examples/online-boutique/*")
+}
+
+func helmChartPath() string {
+	o, _ := os.Getwd()
+	return filepath.Join(filepath.Dir(o), "../examples/helm_chart/*")
+}
+
+func TestListFiles(t *testing.T) {
+
+	filesPath := onlineBoutiquePath()
+
+	files, errs := listFiles(filesPath)
+	assert.Equal(t, 0, len(errs))
+	assert.Equal(t, 12, len(files))
+}
+
+func TestLoadResourcesFromFiles(t *testing.T) {
+	workloads := LoadResourcesFromFiles(onlineBoutiquePath(), "")
+	assert.Equal(t, 12, len(workloads))
+
+	for i, w := range workloads {
+		switch filepath.Base(i) {
+		case "adservice.yaml":
+			assert.Equal(t, 2, len(w))
+			assert.Equal(t, "apps/v1//Deployment/adservice", getRelativePath(w[0].GetID()))
+			assert.Equal(t, "/v1//Service/adservice", getRelativePath(w[1].GetID()))
+		}
+	}
+}
+
+func TestLoadResourcesFromHelmCharts(t *testing.T) {
+	sourceToWorkloads := LoadResourcesFromHelmCharts(helmChartPath())
+	assert.Equal(t, 6, len(sourceToWorkloads))
+
+	for file, workloads := range sourceToWorkloads {
+		assert.Equalf(t, 1, len(workloads), "expected 1 workload in file %s", file)
+
+		w := workloads[0]
+		assert.True(t, localworkload.IsTypeLocalWorkload(w.GetObject()), "Expected localworkload as object type")
+
+		switch filepath.Base(file) {
+		case "serviceaccount.yaml":
+			assert.Equal(t, "/v1//ServiceAccount/kubescape-discovery", getRelativePath(w.GetID()))
+		case "clusterrole.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//ClusterRole/-kubescape", getRelativePath(w.GetID()))
+		case "cronjob.yaml":
+			assert.Equal(t, "batch/v1//CronJob/-kubescape", getRelativePath(w.GetID()))
+		case "role.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//Role/-kubescape", getRelativePath(w.GetID()))
+		case "rolebinding.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//RoleBinding/-kubescape", getRelativePath(w.GetID()))
+		case "clusterrolebinding.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//ClusterRoleBinding/-kubescape", getRelativePath(w.GetID()))
+		default:
+			assert.Failf(t, "missing case for file: %s", filepath.Base(file))
+		}
+	}
+}
+
+func TestLoadFiles(t *testing.T) {
+	files, _ := listFiles(onlineBoutiquePath())
+	_, err := loadFiles("", files)
+	assert.Equal(t, 0, len(err))
+}
+
+func TestListDirs(t *testing.T) {
+	dirs, _ := listDirs(strings.Replace(onlineBoutiquePath(), "*", "adservice.yaml", 1))
+	assert.Equal(t, 0, len(dirs))
+
+	expectedDirs := []string{"examples/helm_chart", "examples/helm_chart/templates"}
+	dirs, _ = listDirs(helmChartPath())
+	assert.Equal(t, len(expectedDirs), len(dirs))
+	for i := range expectedDirs {
+		assert.Contains(t, dirs[i], expectedDirs[i])
+	}
+}
+
+func TestLoadFile(t *testing.T) {
+	files, _ := listFiles(strings.Replace(onlineBoutiquePath(), "*", "adservice.yaml", 1))
+	assert.Equal(t, 1, len(files))
+
+	_, err := loadFile(files[0])
+	assert.NoError(t, err)
+}
+
+func getRelativePath(p string) string {
+	pp := strings.SplitAfter(p, "api=")
+	return pp[1]
+}
--- a/core/cautils/floatutils.go
+++ b/core/cautils/floatutils.go
@@ -0,0 +1,18 @@
+package cautils
+
+import "math"
+
+// Float64ToInt convert float64 to int
+func Float64ToInt(x float64) int {
+	return int(math.Round(x))
+}
+
+// Float32ToInt convert float32 to int
+func Float32ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}
+
+// Float16ToInt convert float16 to int
+func Float16ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}
--- a/core/cautils/floatutils_test.go
+++ b/core/cautils/floatutils_test.go
@@ -0,0 +1,24 @@
+package cautils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFloat64ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float64ToInt(3.49))
+	assert.Equal(t, 4, Float64ToInt(3.5))
+	assert.Equal(t, 4, Float64ToInt(3.51))
+}
+
+func TestFloat32ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float32ToInt(3.49))
+	assert.Equal(t, 4, Float32ToInt(3.5))
+	assert.Equal(t, 4, Float32ToInt(3.51))
+}
+func TestFloat16ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float16ToInt(3.49))
+	assert.Equal(t, 4, Float16ToInt(3.5))
+	assert.Equal(t, 4, Float16ToInt(3.51))
+}
--- a/core/cautils/getter/armoapi.go
+++ b/core/cautils/getter/armoapi.go
@@ -10,8 +10,8 @@ import (
 	"time"

 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/armosec/opa-utils/reporthandling"
 )

@@ -21,7 +21,7 @@ import (

 var (
 	// ATTENTION!!!
-	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFULL
+	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFUL
 	armoERURL   = "report.armo.cloud"
 	armoBEURL   = "api.armo.cloud"
 	armoFEURL   = "portal.armo.cloud"
@@ -34,7 +34,7 @@ var (

 	armoDevERURL   = "report.eudev3.cyberarmorsoft.com"
 	armoDevBEURL   = "api-dev.armo.cloud"
-	armoDevFEURL   = "armoui-dev.eudev3.cyberarmorsoft.com"
+	armoDevFEURL   = "cloud-dev.armosec.io"
 	armoDevAUTHURL = "eggauth.eudev3.cyberarmorsoft.com"
 )

@@ -62,7 +62,8 @@ func SetARMOAPIConnector(armoAPI *ArmoAPI) {

 func GetArmoAPIConnector() *ArmoAPI {
 	if globalArmoAPIConnector == nil {
-		logger.L().Error("returning nil API connector")
+		// logger.L().Error("returning nil API connector")
+		SetARMOAPIConnector(NewARMOAPIProd())
 	}
 	return globalArmoAPIConnector
 }
@@ -146,7 +147,8 @@ func (armoAPI *ArmoAPI) IsLoggedIn() bool              { return armoAPI.loggedIn
 func (armoAPI *ArmoAPI) GetClientID() string           { return armoAPI.clientID }
 func (armoAPI *ArmoAPI) GetSecretKey() string          { return armoAPI.secretKey }
 func (armoAPI *ArmoAPI) GetFrontendURL() string        { return armoAPI.feURL }
-func (armoAPI *ArmoAPI) GetAPIURL() string             { return armoAPI.apiURL }
+func (armoAPI *ArmoAPI) GetApiURL() string             { return armoAPI.apiURL }
+func (armoAPI *ArmoAPI) GetAuthURL() string            { return armoAPI.authURL }
 func (armoAPI *ArmoAPI) GetReportReceiverURL() string  { return armoAPI.erURL }
 func (armoAPI *ArmoAPI) SetAccountID(accountID string) { armoAPI.accountID = accountID }
 func (armoAPI *ArmoAPI) SetClientID(clientID string)   { armoAPI.clientID = clientID }
@@ -162,7 +164,6 @@ func (armoAPI *ArmoAPI) GetFramework(name string) (*reporthandling.Framework, er
 	if err = JSONDecoder(respStr).Decode(framework); err != nil {
 		return nil, err
 	}
-	SaveInFile(framework, GetDefaultPath(name+".json"))

 	return framework, err
 }
@@ -232,7 +233,14 @@ func (armoAPI *ArmoAPI) GetAccountConfig(clusterName string) (*armotypes.Custome
 	}

 	if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
-		return nil, err
+		// try with default scope
+		respStr, err = armoAPI.Get(armoAPI.getAccountConfigDefault(clusterName), nil)
+		if err != nil {
+			return nil, err
+		}
+		if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
+			return nil, err
+		}
 	}

 	return accountConfig, nil
--- a/core/cautils/getter/armoapiutils.go
+++ b/core/cautils/getter/armoapiutils.go
@@ -13,8 +13,7 @@ var NativeFrameworks = []string{"nsa", "mitre", "armobest", "devopsbest"}

 func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
 	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
@@ -31,8 +30,7 @@ func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {

 func (armoAPI *ArmoAPI) getListFrameworkURL() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
 	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
@@ -42,8 +40,7 @@ func (armoAPI *ArmoAPI) getListFrameworkURL() string {
 }
 func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoPostureExceptions"

 	q := u.Query()
@@ -58,8 +55,7 @@ func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {

 func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/postureExceptionPolicy"

 	q := u.Query()
@@ -73,10 +69,15 @@ func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	return u.String()
 }

+func (armoAPI *ArmoAPI) getAccountConfigDefault(clusterName string) string {
+	config := armoAPI.getAccountConfig(clusterName)
+	url := config + "&scope=customer"
+	return url
+}
+
 func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoCustomerConfiguration"

 	q := u.Query()
@@ -91,24 +92,21 @@ func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {

 func (armoAPI *ArmoAPI) getAccountURL() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/createTenant"
 	return u.String()
 }

 func (armoAPI *ArmoAPI) getApiToken() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.authURL
-	u.Path = "frontegg/identity/resources/auth/v1/api-token"
+	u.Scheme, u.Host = parseHost(armoAPI.GetAuthURL())
+	u.Path = "identity/resources/auth/v1/api-token"
 	return u.String()
 }

 func (armoAPI *ArmoAPI) getOpenidCustomers() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/openid_customers"
 	return u.String()
 }
@@ -167,3 +165,12 @@ func (armoAPI *ArmoAPI) getCustomerGUIDFallBack() string {
 	}
 	return "11111111-1111-1111-1111-111111111111"
 }
+
+func parseHost(host string) (string, string) {
+	if strings.HasPrefix(host, "http://") {
+		return "http", strings.Replace(host, "http://", "", 1)
+	}
+
+	// default scheme
+	return "https", strings.Replace(host, "https://", "", 1)
+}
--- a/core/cautils/getter/datastructures.go
+++ b/core/cautils/getter/datastructures.go
--- a/core/cautils/getter/downloadreleasedpolicy.go
+++ b/core/cautils/getter/downloadreleasedpolicy.go
--- a/core/cautils/getter/getpolicies.go
+++ b/core/cautils/getter/getpolicies.go
--- a/core/cautils/getter/getpoliciesutils.go
+++ b/core/cautils/getter/getpoliciesutils.go
--- a/core/cautils/getter/loadpolicy.go
+++ b/core/cautils/getter/loadpolicy.go
--- a/core/cautils/getter/loadpolicy_test.go
+++ b/core/cautils/getter/loadpolicy_test.go
--- a/core/cautils/helmchart.go
+++ b/core/cautils/helmchart.go
@@ -0,0 +1,91 @@
+package cautils
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	helmchart "helm.sh/helm/v3/pkg/chart"
+	helmloader "helm.sh/helm/v3/pkg/chart/loader"
+	helmchartutil "helm.sh/helm/v3/pkg/chartutil"
+	helmengine "helm.sh/helm/v3/pkg/engine"
+)
+
+type HelmChart struct {
+	chart *helmchart.Chart
+	path  string
+}
+
+func IsHelmDirectory(path string) (bool, error) {
+	return helmchartutil.IsChartDir(path)
+}
+
+func NewHelmChart(path string) (*HelmChart, error) {
+	chart, err := helmloader.Load(path)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HelmChart{
+		chart: chart,
+		path:  path,
+	}, nil
+}
+
+func (hc *HelmChart) GetName() string {
+	return hc.chart.Name()
+}
+
+func (hc *HelmChart) GetDefaultValues() map[string]interface{} {
+	return hc.chart.Values
+}
+
+// GetWorkloads renders chart template using the default values and returns a map of source file to its workloads
+func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, []error) {
+	return hc.GetWorkloads(hc.GetDefaultValues())
+}
+
+// GetWorkloads renders chart template using the provided values and returns a map of source (absolute) file path to its workloads
+func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, []error) {
+	vals, err := helmchartutil.ToRenderValues(hc.chart, values, helmchartutil.ReleaseOptions{}, nil)
+	if err != nil {
+		return nil, []error{err}
+	}
+
+	sourceToFile, err := helmengine.Render(hc.chart, vals)
+	if err != nil {
+		return nil, []error{err}
+	}
+
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
+	errs := []error{}
+
+	for path, renderedYaml := range sourceToFile {
+		if !IsYaml(strings.ToLower(path)) {
+			continue
+		}
+
+		wls, e := ReadFile([]byte(renderedYaml), YAML_FILE_FORMAT)
+		if e != nil {
+			logger.L().Debug("failed to read rendered yaml file", helpers.String("file", path), helpers.Error(e))
+		}
+		if len(wls) == 0 {
+			continue
+		}
+		if firstPathSeparatorIndex := strings.Index(path, string(os.PathSeparator)); firstPathSeparatorIndex != -1 {
+			absPath := filepath.Join(hc.path, path[firstPathSeparatorIndex:])
+
+			workloads[absPath] = []workloadinterface.IMetadata{}
+			for i := range wls {
+				lw := localworkload.NewLocalWorkload(wls[i].GetObject())
+				lw.SetPath(absPath)
+				workloads[absPath] = append(workloads[absPath], lw)
+			}
+		}
+	}
+	return workloads, errs
+}
--- a/core/cautils/helmchart_test.go
+++ b/core/cautils/helmchart_test.go
@@ -0,0 +1,133 @@
+package cautils
+
+import (
+	_ "embed"
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"github.com/stretchr/testify/suite"
+)
+
+type HelmChartTestSuite struct {
+	suite.Suite
+	helmChartPath         string
+	expectedFiles         []string
+	expectedDefaultValues map[string]interface{}
+}
+
+func TestHelmChartTestSuite(t *testing.T) {
+	suite.Run(t, new(HelmChartTestSuite))
+}
+
+func (s *HelmChartTestSuite) SetupSuite() {
+	o, _ := os.Getwd()
+
+	s.helmChartPath = filepath.Join(filepath.Dir(o), "../examples/helm_chart")
+
+	s.expectedFiles = []string{
+		filepath.Join(s.helmChartPath, "templates/clusterrolebinding.yaml"),
+		filepath.Join(s.helmChartPath, "templates/clusterrole.yaml"),
+		filepath.Join(s.helmChartPath, "templates/serviceaccount.yaml"),
+		filepath.Join(s.helmChartPath, "templates/rolebinding.yaml"),
+		filepath.Join(s.helmChartPath, "templates/role.yaml"),
+		filepath.Join(s.helmChartPath, "templates/cronjob.yaml"),
+	}
+
+	var obj interface{}
+	file, _ := ioutil.ReadFile("testdata/helm_expected_default_values.json")
+	_ = json.Unmarshal([]byte(file), &obj)
+	s.expectedDefaultValues = obj.(map[string]interface{})
+}
+
+func (s *HelmChartTestSuite) TestInvalidHelmDirectory() {
+	_, err := NewHelmChart("/invalid_path")
+	s.Error(err)
+}
+
+func (s *HelmChartTestSuite) TestValidHelmDirectory() {
+	chart, err := NewHelmChart(s.helmChartPath)
+	s.NoError(err)
+	s.NotNil(chart)
+}
+
+func (s *HelmChartTestSuite) TestGetName() {
+	chart, _ := NewHelmChart(s.helmChartPath)
+	s.Equal("kubescape", chart.GetName())
+}
+
+func (s *HelmChartTestSuite) TestGetDefaultValues() {
+	chart, _ := NewHelmChart(s.helmChartPath)
+
+	values := chart.GetDefaultValues()
+
+	valuesJson, _ := json.Marshal(values)
+	expectedValuesJson, _ := json.Marshal(s.expectedDefaultValues)
+
+	s.JSONEq(string(valuesJson), string(expectedValuesJson))
+}
+
+func (s *HelmChartTestSuite) TestGetWorkloadsWithOverride() {
+	chart, err := NewHelmChart(s.helmChartPath)
+	s.NoError(err, "Expected a valid helm chart")
+
+	values := chart.GetDefaultValues()
+
+	// Default pullPolicy value = Always
+	pullPolicyValue := values["image"].(map[string]interface{})["pullPolicy"].(string)
+	s.Equal(pullPolicyValue, "Always")
+
+	// Override default value
+	values["image"].(map[string]interface{})["pullPolicy"] = "Never"
+
+	fileToWorkloads, errs := chart.GetWorkloads(values)
+	s.Len(errs, 0)
+
+	s.Lenf(fileToWorkloads, len(s.expectedFiles), "Expected %d files", len(s.expectedFiles))
+
+	for _, expectedFile := range s.expectedFiles {
+		s.Contains(fileToWorkloads, expectedFile)
+		s.FileExists(expectedFile)
+		s.GreaterOrEqualf(len(fileToWorkloads[expectedFile]), 1, "Expected at least one workload in %q", expectedFile)
+
+		for i := range fileToWorkloads[expectedFile] {
+			pathInWorkload := fileToWorkloads[expectedFile][i].(*localworkload.LocalWorkload).GetPath()
+			s.Equal(pathInWorkload, expectedFile, "Expected GetPath() to return a valid path on workload")
+		}
+
+		if strings.Contains(expectedFile, "cronjob.yaml") {
+			jsonBytes, _ := json.Marshal(fileToWorkloads[expectedFile][0].GetObject())
+			s.Contains(string(jsonBytes), "\"imagePullPolicy\":\"Never\"", "Expected to overriden value of imagePullPolicy to be 'Never'")
+		}
+	}
+}
+
+func (s *HelmChartTestSuite) TestGetWorkloadsMissingValue() {
+	chart, _ := NewHelmChart(s.helmChartPath)
+
+	values := chart.GetDefaultValues()
+	delete(values, "image")
+
+	fileToWorkloads, errs := chart.GetWorkloads(values)
+	s.Nil(fileToWorkloads)
+	s.Len(errs, 1, "Expected an error due to missing value")
+
+	expectedErrMsg := "<.Values.image.repository>: nil pointer"
+	s.Containsf(errs[0].Error(), expectedErrMsg, "expected error containing %q, got %q", expectedErrMsg, errs[0])
+}
+
+func (s *HelmChartTestSuite) TestIsHelmDirectory() {
+	ok, err := IsHelmDirectory(s.helmChartPath)
+	s.True(ok)
+	s.NoError(err)
+
+	o, _ := os.Getwd()
+	nonHelmDir := filepath.Join(filepath.Dir(o), "../examples/online-boutique")
+	ok, err = IsHelmDirectory(nonHelmDir)
+	s.False(ok)
+	s.Contains(err.Error(), "no Chart.yaml exists in directory")
+}
--- a/core/cautils/jsonutils.go
+++ b/core/cautils/jsonutils.go
--- a/core/cautils/localgitrepository.go
+++ b/core/cautils/localgitrepository.go
@@ -0,0 +1,127 @@
+package cautils
+
+import (
+	"fmt"
+	"path"
+	"strings"
+
+	"github.com/armosec/go-git-url/apis"
+	gitv5 "github.com/go-git/go-git/v5"
+	configv5 "github.com/go-git/go-git/v5/config"
+	plumbingv5 "github.com/go-git/go-git/v5/plumbing"
+)
+
+type LocalGitRepository struct {
+	repo   *gitv5.Repository
+	head   *plumbingv5.Reference
+	config *configv5.Config
+}
+
+func NewLocalGitRepository(path string) (*LocalGitRepository, error) {
+	gitRepo, err := gitv5.PlainOpenWithOptions(path, &gitv5.PlainOpenOptions{DetectDotGit: true})
+	if err != nil {
+		return nil, err
+	}
+
+	head, err := gitRepo.Head()
+	if err != nil {
+		return nil, err
+	}
+
+	if !head.Name().IsBranch() {
+		return nil, fmt.Errorf("current HEAD reference is not a branch")
+	}
+
+	config, err := gitRepo.Config()
+	if err != nil {
+		return nil, err
+	}
+
+	return &LocalGitRepository{
+		repo:   gitRepo,
+		head:   head,
+		config: config,
+	}, nil
+}
+
+// GetBranchName get current branch name
+func (g *LocalGitRepository) GetBranchName() string {
+	return g.head.Name().Short()
+}
+
+// GetRemoteUrl get default remote URL
+func (g *LocalGitRepository) GetRemoteUrl() (string, error) {
+	branchName := g.GetBranchName()
+	if branchRef, branchFound := g.config.Branches[branchName]; branchFound {
+		remoteName := branchRef.Remote
+		if len(g.config.Remotes[remoteName].URLs) == 0 {
+			return "", fmt.Errorf("expected to find URLs for remote '%s', branch '%s'", remoteName, branchName)
+		}
+		return g.config.Remotes[remoteName].URLs[0], nil
+	}
+
+	const defaultRemoteName string = "origin"
+	if len(g.config.Remotes[defaultRemoteName].URLs) == 0 {
+		return "", fmt.Errorf("expected to find URLs for remote '%s'", defaultRemoteName)
+	}
+	return g.config.Remotes[defaultRemoteName].URLs[0], nil
+}
+
+// GetName get origin name without the .git suffix
+func (g *LocalGitRepository) GetName() (string, error) {
+	originUrl, err := g.GetRemoteUrl()
+	if err != nil {
+		return "", err
+	}
+	baseName := path.Base(originUrl)
+	// remove .git
+	return strings.TrimSuffix(baseName, ".git"), nil
+}
+
+// GetLastCommit get latest commit object
+func (g *LocalGitRepository) GetLastCommit() (*apis.Commit, error) {
+	return g.GetFileLastCommit("")
+}
+
+// GetFileLastCommit get file latest commit object, if empty will return latest commit
+func (g *LocalGitRepository) GetFileLastCommit(filePath string) (*apis.Commit, error) {
+	// By default, returns commit information from current HEAD
+	logOptions := &gitv5.LogOptions{}
+
+	if filePath != "" {
+		logOptions.FileName = &filePath
+		logOptions.Order = gitv5.LogOrderCommitterTime // faster -> LogOrderDFSPost
+	}
+
+	cIter, err := g.repo.Log(logOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	commit, err := cIter.Next()
+	defer cIter.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	return &apis.Commit{
+		SHA: commit.Hash.String(),
+		Author: apis.Committer{
+			Name:  commit.Author.Name,
+			Email: commit.Author.Email,
+			Date:  commit.Author.When,
+		},
+		Message:   commit.Message,
+		Committer: apis.Committer{},
+		Files:     []apis.Files{},
+	}, nil
+}
+
+func (g *LocalGitRepository) GetRootDir() (string, error) {
+	wt, err := g.repo.Worktree()
+	if err != nil {
+		return "", fmt.Errorf("failed to get repo root")
+	}
+
+	return wt.Filesystem.Root(), nil
+}
--- a/core/cautils/localgitrepository_test.go
+++ b/core/cautils/localgitrepository_test.go
@@ -0,0 +1,155 @@
+package cautils
+
+import (
+	"archive/zip"
+	"fmt"
+	"io"
+	"os"
+	"path"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+)
+
+type LocalGitRepositoryTestSuite struct {
+	suite.Suite
+	archive           *zip.ReadCloser
+	gitRepositoryPath string
+	destinationPath   string
+}
+
+func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) {
+	archive, err := zip.OpenReader(zipPath)
+	if err != nil {
+		return nil, err
+	}
+	for _, f := range archive.File {
+		filePath := filepath.Join(destinationFolder, f.Name)
+		if !strings.HasPrefix(filePath, filepath.Clean(destinationFolder)+string(os.PathSeparator)) {
+			return nil, fmt.Errorf("invalid file path")
+		}
+		if f.FileInfo().IsDir() {
+			os.MkdirAll(filePath, os.ModePerm)
+			continue
+		}
+
+		if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil {
+			return nil, err
+		}
+
+		dstFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
+		if err != nil {
+			return nil, err
+		}
+
+		fileInArchive, err := f.Open()
+		if err != nil {
+			return nil, err
+		}
+
+		if _, err := io.Copy(dstFile, fileInArchive); err != nil {
+			return nil, err
+		}
+
+		dstFile.Close()
+		fileInArchive.Close()
+	}
+
+	return archive, err
+
+}
+
+func (s *LocalGitRepositoryTestSuite) SetupSuite() {
+	zippedFixturePath := path.Join(".", "testdata", "localrepo.git")
+	destinationPath := path.Join(".", "testdata", "temp")
+	gitRepositoryPath := path.Join(destinationPath, "localrepo")
+
+	os.RemoveAll(destinationPath)
+	archive, err := unzipFile(zippedFixturePath, destinationPath)
+
+	if err == nil {
+		s.archive = archive
+		s.gitRepositoryPath = gitRepositoryPath
+		s.destinationPath = destinationPath
+	}
+}
+
+func TestLocalGitRepositoryTestSuite(t *testing.T) {
+	suite.Run(t, new(LocalGitRepositoryTestSuite))
+}
+
+func (s *LocalGitRepositoryTestSuite) TearDownSuite() {
+	if s.archive != nil {
+		s.archive.Close()
+	}
+	os.RemoveAll(s.destinationPath)
+}
+
+func (s *LocalGitRepositoryTestSuite) TestInvalidRepositoryPath() {
+	if _, err := NewLocalGitRepository("/invalidpath"); s.Error(err) {
+		s.Equal("repository does not exist", err.Error())
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetBranchName() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		s.Equal("master", localRepo.GetBranchName())
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetName() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		if name, err := localRepo.GetName(); s.NoError(err) {
+			s.Equal("localrepo", name)
+		}
+
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetOriginUrl() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		if url, err := localRepo.GetRemoteUrl(); s.NoError(err) {
+			s.Equal("git@github.com:testuser/localrepo", url)
+		}
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetLastCommit() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		if commit, err := localRepo.GetLastCommit(); s.NoError(err) {
+			s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.SHA)
+			s.Equal("Amir Malka", commit.Author.Name)
+			s.Equal("amirm@armosec.io", commit.Author.Email)
+			s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.Author.Date.String())
+			s.Equal("added file B\n", commit.Message)
+		}
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetFileLastCommit() {
+	s.Run("fileA", func() {
+		if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+			if commit, err := localRepo.GetFileLastCommit("fileA"); s.NoError(err) {
+				s.Equal("9fae4be19624297947d2b605cefbff516628612d", commit.SHA)
+				s.Equal("Amir Malka", commit.Author.Name)
+				s.Equal("amirm@armosec.io", commit.Author.Email)
+				s.Equal("2022-05-22 18:55:48 +0300 +0300", commit.Author.Date.String())
+				s.Equal("added file A\n", commit.Message)
+			}
+		}
+	})
+
+	s.Run("fileB", func() {
+		if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+			if commit, err := localRepo.GetFileLastCommit("dirA/fileB"); s.NoError(err) {
+				s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.SHA)
+				s.Equal("Amir Malka", commit.Author.Name)
+				s.Equal("amirm@armosec.io", commit.Author.Email)
+				s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.Author.Date.String())
+				s.Equal("added file B\n", commit.Message)
+			}
+		}
+	})
+}
--- a/core/cautils/logger/helpers/datastructures.go
+++ b/core/cautils/logger/helpers/datastructures.go
@@ -1,5 +1,7 @@
 package helpers

+import "time"
+
 type StringObj struct {
 	key   string
 	value string
@@ -24,3 +26,6 @@ func Error(e error) *ErrorObj                         { return &ErrorObj{key: "e
 func Int(k string, v int) *IntObj                     { return &IntObj{key: k, value: v} }
 func String(k, v string) *StringObj                   { return &StringObj{key: k, value: v} }
 func Interface(k string, v interface{}) *InterfaceObj { return &InterfaceObj{key: k, value: v} }
+func Time() *StringObj {
+	return &StringObj{key: "time", value: time.Now().Format("2006-01-02 15:04:05")}
+}
--- a/core/cautils/logger/helpers/level.go
+++ b/core/cautils/logger/helpers/level.go
--- a/core/cautils/logger/helpers/methods.go
+++ b/core/cautils/logger/helpers/methods.go
--- a/core/cautils/logger/methods.go
+++ b/core/cautils/logger/methods.go
@@ -0,0 +1,81 @@
+package logger
+
+import (
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/nonelogger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/prettylogger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/zaplogger"
+)
+
+type ILogger interface {
+	Fatal(msg string, details ...helpers.IDetails) // print log and exit 1
+	Error(msg string, details ...helpers.IDetails)
+	Success(msg string, details ...helpers.IDetails)
+	Warning(msg string, details ...helpers.IDetails)
+	Info(msg string, details ...helpers.IDetails)
+	Debug(msg string, details ...helpers.IDetails)
+
+	SetLevel(level string) error
+	GetLevel() string
+
+	SetWriter(w *os.File)
+	GetWriter() *os.File
+
+	LoggerName() string
+}
+
+var l ILogger
+
+// Return initialized logger. If logger not initialized, will call InitializeLogger() with the default value
+func L() ILogger {
+	if l == nil {
+		InitDefaultLogger()
+	}
+	return l
+}
+
+/* InitLogger initialize desired logger
+
+Use:
+InitLogger("<logger name>")
+
+Supported logger names (call ListLoggersNames() for listing supported loggers)
+- "zap": Logger from package "go.uber.org/zap"
+- "pretty", "colorful": Human friendly colorful logger
+- "none", "mock", "empty", "ignore": Logger will not print anything
+
+Default:
+- "pretty"
+
+e.g.
+InitLogger("none") -> will initialize the mock logger
+
+*/
+func InitLogger(loggerName string) {
+
+	switch strings.ToLower(loggerName) {
+	case zaplogger.LoggerName:
+		l = zaplogger.NewZapLogger()
+	case prettylogger.LoggerName, "colorful":
+		l = prettylogger.NewPrettyLogger()
+	case nonelogger.LoggerName, "mock", "empty", "ignore":
+		l = nonelogger.NewNoneLogger()
+	default:
+		InitDefaultLogger()
+	}
+}
+
+func InitDefaultLogger() {
+	l = prettylogger.NewPrettyLogger()
+}
+
+func DisableColor(flag bool) {
+	prettylogger.DisableColor(flag)
+}
+
+func ListLoggersNames() []string {
+	return []string{prettylogger.LoggerName, zaplogger.LoggerName, nonelogger.LoggerName}
+}
--- a/core/cautils/logger/nonelogger/logger.go
+++ b/core/cautils/logger/nonelogger/logger.go
@@ -0,0 +1,28 @@
+package nonelogger
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+)
+
+const LoggerName string = "none"
+
+type NoneLogger struct {
+}
+
+func NewNoneLogger() *NoneLogger {
+	return &NoneLogger{}
+}
+
+func (nl *NoneLogger) GetLevel() string                                { return "" }
+func (nl *NoneLogger) LoggerName() string                              { return LoggerName }
+func (nl *NoneLogger) SetWriter(w *os.File)                            {}
+func (nl *NoneLogger) GetWriter() *os.File                             { return nil }
+func (nl *NoneLogger) SetLevel(level string) error                     { return nil }
+func (nl *NoneLogger) Fatal(msg string, details ...helpers.IDetails)   {}
+func (nl *NoneLogger) Error(msg string, details ...helpers.IDetails)   {}
+func (nl *NoneLogger) Warning(msg string, details ...helpers.IDetails) {}
+func (nl *NoneLogger) Success(msg string, details ...helpers.IDetails) {}
+func (nl *NoneLogger) Info(msg string, details ...helpers.IDetails)    {}
+func (nl *NoneLogger) Debug(msg string, details ...helpers.IDetails)   {}
--- a/core/cautils/logger/prettylogger/colors.go
+++ b/core/cautils/logger/prettylogger/colors.go
@@ -3,7 +3,7 @@ package prettylogger
 import (
 	"io"

-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/fatih/color"
 )

@@ -29,3 +29,9 @@ func prefix(l helpers.Level) func(w io.Writer, format string, a ...interface{})
 	}
 	return message
 }
+
+func DisableColor(flag bool) {
+	if flag {
+		color.NoColor = true
+	}
+}
--- a/core/cautils/logger/prettylogger/logger.go
+++ b/core/cautils/logger/prettylogger/logger.go
@@ -5,9 +5,11 @@ import (
 	"os"
 	"sync"

-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 )

+const LoggerName string = "pretty"
+
 type PrettyLogger struct {
 	writer *os.File
 	level  helpers.Level
@@ -15,6 +17,7 @@ type PrettyLogger struct {
 }

 func NewPrettyLogger() *PrettyLogger {
+
 	return &PrettyLogger{
 		writer: os.Stderr, // default to stderr
 		level:  helpers.InfoLevel,
@@ -25,6 +28,7 @@ func NewPrettyLogger() *PrettyLogger {
 func (pl *PrettyLogger) GetLevel() string     { return pl.level.String() }
 func (pl *PrettyLogger) SetWriter(w *os.File) { pl.writer = w }
 func (pl *PrettyLogger) GetWriter() *os.File  { return pl.writer }
+func (pl *PrettyLogger) LoggerName() string   { return LoggerName }

 func (pl *PrettyLogger) SetLevel(level string) error {
 	pl.level = helpers.ToLevel(level)
@@ -69,7 +73,7 @@ func (pl *PrettyLogger) print(level helpers.Level, msg string, details ...helper
 func detailsToString(details []helpers.IDetails) string {
 	s := ""
 	for i := range details {
-		s += fmt.Sprintf("%s: %s", details[i].Key(), details[i].Value())
+		s += fmt.Sprintf("%s: %v", details[i].Key(), details[i].Value())
 		if i < len(details)-1 {
 			s += "; "
 		}
--- a/core/cautils/logger/zaplogger/logger.go
+++ b/core/cautils/logger/zaplogger/logger.go
@@ -3,11 +3,13 @@ package zaplogger
 import (
 	"os"

-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 )

+const LoggerName string = "zap"
+
 type ZapLogger struct {
 	zapL *zap.Logger
 	cfg  zap.Config
@@ -35,8 +37,7 @@ func NewZapLogger() *ZapLogger {
 func (zl *ZapLogger) GetLevel() string     { return zl.cfg.Level.Level().String() }
 func (zl *ZapLogger) SetWriter(w *os.File) {}
 func (zl *ZapLogger) GetWriter() *os.File  { return nil }
-func GetWriter() *os.File                  { return nil }
-
+func (zl *ZapLogger) LoggerName() string   { return LoggerName }
 func (zl *ZapLogger) SetLevel(level string) error {
 	l := zapcore.Level(1)
 	err := l.Set(level)
--- a/core/cautils/rbac.go
+++ b/core/cautils/rbac.go
--- a/core/cautils/reportv2tov1.go
+++ b/core/cautils/reportv2tov1.go
@@ -11,8 +11,7 @@ func ReportV2ToV1(opaSessionObj *OPASessionObj) {
 	if len(opaSessionObj.PostureReport.FrameworkReports) > 0 {
 		return // report already converted
 	}
-
-	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider
+	//	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider

 	frameworks := []reporthandling.FrameworkReport{}

--- a/core/cautils/rootinfo.go
+++ b/core/cautils/rootinfo.go
@@ -0,0 +1,96 @@
+package cautils
+
+type RootInfo struct {
+	Logger       string // logger level
+	LoggerName   string // logger name ("pretty"/"zap"/"none")
+	CacheDir     string // cached dir
+	DisableColor bool   // Disable Color
+
+	ArmoBEURLs    string // armo url
+	ArmoBEURLsDep string // armo url
+
+}
+
+type Credentials struct {
+	Account   string
+	ClientID  string
+	SecretKey string
+}
+
+// func (rootInfo *RootInfo) InitLogger() {
+// 	logger.DisableColor(rootInfo.DisableColor)
+
+// 	if rootInfo.LoggerName == "" {
+// 		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+// 			rootInfo.LoggerName = l
+// 		} else {
+// 			if isatty.IsTerminal(os.Stdout.Fd()) {
+// 				rootInfo.LoggerName = "pretty"
+// 			} else {
+// 				rootInfo.LoggerName = "zap"
+// 			}
+// 		}
+// 	}
+
+// 	logger.InitLogger(rootInfo.LoggerName)
+
+// }
+// func (rootInfo *RootInfo) InitLoggerLevel() error {
+// 	if rootInfo.Logger == helpers.InfoLevel.String() {
+// 	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+// 		rootInfo.Logger = l
+// 	}
+
+// 	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+// 		return fmt.Errorf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/"))
+// 	}
+// 	return nil
+// }
+
+// func (rootInfo *RootInfo) InitCacheDir() error {
+// 	if rootInfo.CacheDir == getter.DefaultLocalStore {
+// 		getter.DefaultLocalStore = rootInfo.CacheDir
+// 	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+// 		getter.DefaultLocalStore = cacheDir
+// 	} else {
+// 		return nil // using default cache dir location
+// 	}
+
+// 	// TODO create dir if not found exist
+// 	// logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+// 	return nil
+// }
+// func (rootInfo *RootInfo) InitEnvironment() error {
+
+// 	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+// 	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+// 		return fmt.Errorf("expected at least 2 URLs (report,api,frontend,auth)")
+// 	}
+// 	switch len(urlSlices) {
+// 	case 1:
+// 		switch urlSlices[0] {
+// 		case "dev", "development":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+// 		case "stage", "staging":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+// 		case "":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+// 		default:
+// 			return fmt.Errorf("unknown environment")
+// 		}
+// 	case 2:
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, "", ""))
+// 	case 3, 4:
+// 		var armoAUTHURL string
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		armoFEURL := urlSlices[2] // mandatory
+// 		if len(urlSlices) <= 4 {
+// 			armoAUTHURL = urlSlices[3]
+// 		}
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+// 	}
+// 	return nil
+// }
--- a/core/cautils/scaninfo.go
+++ b/core/cautils/scaninfo.go
@@ -0,0 +1,437 @@
+package cautils
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/armoapi-go/armotypes"
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	giturl "github.com/armosec/go-git-url"
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/opa-utils/reporthandling"
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/google/uuid"
+)
+
+type ScanningContext string
+
+const (
+	ContextCluster  ScanningContext = "cluster"
+	ContextFile     ScanningContext = "single-file"
+	ContextDir      ScanningContext = "local-dir"
+	ContextGitURL   ScanningContext = "git-url"
+	ContextGitLocal ScanningContext = "git-local"
+)
+
+const ( // deprecated
+	ScopeCluster = "cluster"
+	ScopeYAML    = "yaml"
+)
+const (
+	// ScanCluster                string = "cluster"
+	// ScanLocalFiles             string = "yaml"
+	localControlInputsFilename string = "controls-inputs.json"
+	localExceptionsFilename    string = "exceptions.json"
+)
+
+type BoolPtrFlag struct {
+	valPtr *bool
+}
+
+func NewBoolPtr(b *bool) BoolPtrFlag {
+	return BoolPtrFlag{valPtr: b}
+}
+
+func (bpf *BoolPtrFlag) Type() string {
+	return "bool"
+}
+
+func (bpf *BoolPtrFlag) String() string {
+	if bpf.valPtr != nil {
+		return fmt.Sprintf("%v", *bpf.valPtr)
+	}
+	return ""
+}
+func (bpf *BoolPtrFlag) Get() *bool {
+	return bpf.valPtr
+}
+func (bpf *BoolPtrFlag) GetBool() bool {
+	if bpf.valPtr == nil {
+		return false
+	}
+	return *bpf.valPtr
+}
+
+func (bpf *BoolPtrFlag) SetBool(val bool) {
+	bpf.valPtr = &val
+}
+
+func (bpf *BoolPtrFlag) Set(val string) error {
+	switch val {
+	case "true":
+		bpf.SetBool(true)
+	case "false":
+		bpf.SetBool(false)
+	}
+	return nil
+}
+
+// TODO - UPDATE
+type ViewTypes string
+
+const (
+	ResourceViewType ViewTypes = "resource"
+	ControlViewType  ViewTypes = "control"
+)
+
+type PolicyIdentifier struct {
+	Name        string                        // policy name e.g. nsa,mitre,c-0012
+	Kind        apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule
+	Designators armotypes.PortalDesignator
+}
+
+type ScanInfo struct {
+	Getters                               // TODO - remove from object
+	PolicyIdentifier   []PolicyIdentifier // TODO - remove from object
+	UseExceptions      string             // Load file with exceptions configuration
+	ControlsInputs     string             // Load file with inputs for controls
+	UseFrom            []string           // Load framework from local file (instead of download). Use when running offline
+	UseDefault         bool               // Load framework from cached file (instead of download). Use when running offline
+	UseArtifactsFrom   string             // Load artifacts from local path. Use when running offline
+	VerboseMode        bool               // Display all of the input resources and not only failed resources
+	View               string             // Display all of the input resources and not only failed resources
+	Format             string             // Format results (table, json, junit ...)
+	Output             string             // Store results in an output file, Output file name
+	FormatVersion      string             // Output object can be differnet between versions, this is for testing and backward compatibility
+	ExcludedNamespaces string             // used for host scanner namespace
+	IncludeNamespaces  string             //
+	InputPatterns      []string           // Yaml files input patterns
+	Silent             bool               // Silent mode - Do not print progress logs
+	FailThreshold      float32            // Failure score threshold
+	Submit             bool               // Submit results to Armo BE
+	ScanID             string             // Report id of the current scan
+	HostSensorEnabled  BoolPtrFlag        // Deploy ARMO K8s host scanner to collect data from certain controls
+	HostSensorYamlPath string             // Path to hostsensor file
+	Local              bool               // Do not submit results
+	Credentials        Credentials        // account ID
+	KubeContext        string             // context name
+	FrameworkScan      bool               // false if scanning control
+	ScanAll            bool               // true if scan all frameworks
+}
+
+type Getters struct {
+	ExceptionsGetter     getter.IExceptionsGetter
+	ControlsInputsGetter getter.IControlsInputsGetter
+	PolicyGetter         getter.IPolicyGetter
+}
+
+func (scanInfo *ScanInfo) Init() {
+	scanInfo.setUseFrom()
+	scanInfo.setOutputFile()
+	scanInfo.setUseArtifactsFrom()
+	if scanInfo.ScanID == "" {
+		scanInfo.ScanID = uuid.NewString()
+	}
+
+}
+
+func (scanInfo *ScanInfo) setUseArtifactsFrom() {
+	if scanInfo.UseArtifactsFrom == "" {
+		return
+	}
+	// UseArtifactsFrom must be a path without a filename
+	dir, file := filepath.Split(scanInfo.UseArtifactsFrom)
+	if dir == "" {
+		scanInfo.UseArtifactsFrom = file
+	} else if strings.Contains(file, ".json") {
+		scanInfo.UseArtifactsFrom = dir
+	}
+	// set frameworks files
+	files, err := ioutil.ReadDir(scanInfo.UseArtifactsFrom)
+	if err != nil {
+		logger.L().Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
+	}
+	framework := &reporthandling.Framework{}
+	for _, f := range files {
+		filePath := filepath.Join(scanInfo.UseArtifactsFrom, f.Name())
+		file, err := os.ReadFile(filePath)
+		if err == nil {
+			if err := json.Unmarshal(file, framework); err == nil {
+				scanInfo.UseFrom = append(scanInfo.UseFrom, filepath.Join(scanInfo.UseArtifactsFrom, f.Name()))
+			}
+		}
+	}
+	// set config-inputs file
+	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
+	// set exceptions
+	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
+}
+
+func (scanInfo *ScanInfo) setUseFrom() {
+	if scanInfo.UseDefault {
+		for _, policy := range scanInfo.PolicyIdentifier {
+			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
+		}
+	}
+}
+
+func (scanInfo *ScanInfo) setOutputFile() {
+	if scanInfo.Output == "" {
+		return
+	}
+	if scanInfo.Format == "json" {
+		if filepath.Ext(scanInfo.Output) != ".json" {
+			scanInfo.Output += ".json"
+		}
+	}
+	if scanInfo.Format == "junit" {
+		if filepath.Ext(scanInfo.Output) != ".xml" {
+			scanInfo.Output += ".xml"
+		}
+	}
+	if scanInfo.Format == "pdf" {
+		if filepath.Ext(scanInfo.Output) != ".pdf" {
+			scanInfo.Output += ".pdf"
+		}
+	}
+}
+
+// func (scanInfo *ScanInfo) GetScanningEnvironment() string {
+// 	if len(scanInfo.InputPatterns) != 0 {
+// 		return ScanLocalFiles
+// 	}
+// 	return ScanCluster
+// }
+
+func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind) {
+	for _, policy := range policies {
+		if !scanInfo.contains(policy) {
+			newPolicy := PolicyIdentifier{}
+			newPolicy.Kind = kind
+			newPolicy.Name = policy
+			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+		}
+	}
+}
+
+func (scanInfo *ScanInfo) contains(policyName string) bool {
+	for _, policy := range scanInfo.PolicyIdentifier {
+		if policy.Name == policyName {
+			return true
+		}
+	}
+	return false
+}
+
+func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata {
+	metadata := &reporthandlingv2.Metadata{}
+
+	metadata.ScanMetadata.Format = scanInfo.Format
+	metadata.ScanMetadata.FormatVersion = scanInfo.FormatVersion
+	metadata.ScanMetadata.Submit = scanInfo.Submit
+
+	// TODO - Add excluded and included namespaces
+	// if len(scanInfo.ExcludedNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.ExcludedNamespaces = strings.Split(scanInfo.ExcludedNamespaces[1:], ",")
+	// }
+	// if len(scanInfo.IncludeNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.IncludeNamespaces = strings.Split(scanInfo.IncludeNamespaces[1:], ",")
+	// }
+
+	// scan type
+	if len(scanInfo.PolicyIdentifier) > 0 {
+		metadata.ScanMetadata.TargetType = string(scanInfo.PolicyIdentifier[0].Kind)
+	}
+	// append frameworks
+	for _, policy := range scanInfo.PolicyIdentifier {
+		metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Name)
+	}
+
+	metadata.ScanMetadata.KubescapeVersion = BuildNumber
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.FailThreshold = scanInfo.FailThreshold
+	metadata.ScanMetadata.HostScanner = scanInfo.HostSensorEnabled.GetBool()
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.ControlsInputs = scanInfo.ControlsInputs
+
+	inputFiles := ""
+	if len(scanInfo.InputPatterns) > 0 {
+		inputFiles = scanInfo.InputPatterns[0]
+	}
+
+	metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Cluster
+	if GetScanningContext(inputFiles) != ContextCluster {
+		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File
+	}
+
+	setContextMetadata(&metadata.ContextMetadata, inputFiles)
+
+	return metadata
+}
+
+func (scanInfo *ScanInfo) GetScanningContext() ScanningContext {
+	input := ""
+	if len(scanInfo.InputPatterns) > 0 {
+		input = scanInfo.InputPatterns[0]
+	}
+	return GetScanningContext(input)
+}
+
+// GetScanningContext get scanning context from the input param
+func GetScanningContext(input string) ScanningContext {
+	//  cluster
+	if input == "" {
+		return ContextCluster
+	}
+
+	// url
+	if _, err := giturl.NewGitURL(input); err == nil {
+		return ContextGitURL
+	}
+
+	if !filepath.IsAbs(input) { // parse path
+		if o, err := os.Getwd(); err == nil {
+			input = filepath.Join(o, input)
+		}
+	}
+
+	// local git repo
+	if _, err := NewLocalGitRepository(input); err == nil {
+		return ContextGitLocal
+	}
+
+	//  single file
+	if IsFile(input) {
+		return ContextFile
+	}
+
+	//  dir/glob
+	return ContextDir
+}
+func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) {
+	switch GetScanningContext(input) {
+	case ContextCluster:
+		contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{
+			ContextName: k8sinterface.GetContextName(),
+		}
+	case ContextGitURL:
+		// url
+		context, err := metadataGitURL(input)
+		if err != nil {
+			logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
+		}
+		contextMetadata.RepoContextMetadata = context
+	case ContextDir:
+		contextMetadata.DirectoryContextMetadata = &reporthandlingv2.DirectoryContextMetadata{
+			BasePath: getAbsPath(input),
+			HostName: getHostname(),
+		}
+	case ContextFile:
+		contextMetadata.FileContextMetadata = &reporthandlingv2.FileContextMetadata{
+			FilePath: getAbsPath(input),
+			HostName: getHostname(),
+		}
+	case ContextGitLocal:
+		// local
+		context, err := metadataGitLocal(input)
+		if err != nil {
+			logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
+		}
+		contextMetadata.RepoContextMetadata = context
+	}
+}
+
+func metadataGitURL(input string) (*reporthandlingv2.RepoContextMetadata, error) {
+	context := &reporthandlingv2.RepoContextMetadata{}
+	gitParser, err := giturl.NewGitAPI(input)
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+	if gitParser.GetBranchName() == "" {
+		gitParser.SetDefaultBranchName()
+	}
+	context.Provider = gitParser.GetProvider()
+	context.Repo = gitParser.GetRepoName()
+	context.Owner = gitParser.GetOwnerName()
+	context.Branch = gitParser.GetBranchName()
+	context.RemoteURL = gitParser.GetURL().String()
+
+	commit, err := gitParser.GetLatestCommit()
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+
+	context.LastCommit = reporthandling.LastCommit{
+		Hash:          commit.SHA,
+		Date:          commit.Committer.Date,
+		CommitterName: commit.Committer.Name,
+	}
+
+	return context, nil
+}
+
+func metadataGitLocal(input string) (*reporthandlingv2.RepoContextMetadata, error) {
+	gitParser, err := NewLocalGitRepository(input)
+	if err != nil {
+		return nil, fmt.Errorf("%w", err)
+	}
+	remoteURL, err := gitParser.GetRemoteUrl()
+	if err != nil {
+		return nil, fmt.Errorf("%w", err)
+	}
+	context := &reporthandlingv2.RepoContextMetadata{}
+	gitParserURL, err := giturl.NewGitURL(remoteURL)
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+	gitParserURL.SetBranchName(gitParser.GetBranchName())
+
+	context.Provider = gitParserURL.GetProvider()
+	context.Repo = gitParserURL.GetRepoName()
+	context.Owner = gitParserURL.GetOwnerName()
+	context.Branch = gitParserURL.GetBranchName()
+	context.RemoteURL = gitParserURL.GetURL().String()
+
+	commit, err := gitParser.GetLastCommit()
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+	context.LastCommit = reporthandling.LastCommit{
+		Hash:          commit.SHA,
+		Date:          commit.Committer.Date,
+		CommitterName: commit.Committer.Name,
+	}
+
+	return context, nil
+}
+func getHostname() string {
+	if h, e := os.Hostname(); e == nil {
+		return h
+	}
+	return ""
+}
+
+func getAbsPath(p string) string {
+	if !filepath.IsAbs(p) { // parse path
+		if o, err := os.Getwd(); err == nil {
+			return filepath.Join(o, p)
+		}
+	}
+	return p
+}
+
+// ScanningContextToScanningScope convert the context to the deprecated scope
+func ScanningContextToScanningScope(scanningContext ScanningContext) string {
+	if scanningContext == ContextCluster {
+		return ScopeCluster
+	}
+	return ScopeYAML
+}
--- a/core/cautils/scaninfo_test.go
+++ b/core/cautils/scaninfo_test.go
@@ -0,0 +1,47 @@
+package cautils
+
+import (
+	"testing"
+
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSetContextMetadata(t *testing.T) {
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "")
+
+		assert.NotNil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "https://github.com/armosec/kubescape")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.NotNil(t, ctx.RepoContextMetadata)
+
+		assert.Equal(t, "kubescape", ctx.RepoContextMetadata.Repo)
+		assert.Equal(t, "armosec", ctx.RepoContextMetadata.Owner)
+		assert.Equal(t, "master", ctx.RepoContextMetadata.Branch)
+	}
+}
+
+func TestGetHostname(t *testing.T) {
+	assert.NotEqual(t, "", getHostname())
+}
+
+func TestGetScanningContext(t *testing.T) {
+	assert.Equal(t, ContextCluster, GetScanningContext(""))
+	// assert.Equal(t, ContextDir, GetScanningContext("/"))
+	assert.Equal(t, ContextGitURL, GetScanningContext("https://github.com/armosec/kubescape"))
+	// assert.Equal(t, ContextFile, GetScanningContext(path.Join(".", "testdata", "localrepo.git")))
+	// assert.Equal(t, ContextGitLocal, GetScanningContext(path.Join(".", "testdata")))
+}
--- a/core/cautils/strutils.go
+++ b/core/cautils/strutils.go
--- a/core/cautils/strutils_test.go
+++ b/core/cautils/strutils_test.go
--- a/core/cautils/testdata/helm_expected_default_values.json
+++ b/core/cautils/testdata/helm_expected_default_values.json
@@ -0,0 +1,40 @@
+{
+    "affinity": {},
+    "configMap": {
+      "create": false,
+      "params": {
+        "clusterName": "<MyK8sClusterName>",
+        "customerGUID": "<MyGUID>"
+      }
+    },
+    "fullnameOverride": "",
+    "image": {
+      "imageName": "kubescape",
+      "pullPolicy": "Always",
+      "repository": "quay.io/armosec",
+      "tag": "latest"
+    },
+    "imagePullSecrets": [],
+    "nameOverride": "",
+    "nodeSelector": {},
+    "podAnnotations": {},
+    "podSecurityContext": {},
+    "resources": {
+      "limits": {
+        "cpu": "500m",
+        "memory": "512Mi"
+      },
+      "requests": {
+        "cpu": "200m",
+        "memory": "256Mi"
+      }
+    },
+    "schedule": "* * 1 * *",
+    "securityContext": {},
+    "serviceAccount": {
+      "annotations": {},
+      "create": true,
+      "name": "kubescape-discovery"
+    },
+    "tolerations": []
+}
--- a/core/cautils/testdata/localrepo.git
+++ b/core/cautils/testdata/localrepo.git
--- a/core/cautils/versioncheck.go
+++ b/core/cautils/versioncheck.go
@@ -6,15 +6,18 @@ import (
 	"net/http"
 	"os"

-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	pkgutils "github.com/armosec/utils-go/utils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/utils-go/boolutils"
+	"golang.org/x/mod/semver"
 )

-const SKIP_VERSION_CHECK = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"

 var BuildNumber string
+var Client string

 const UnknownBuildNumber = "unknown"

@@ -26,7 +29,9 @@ func NewIVersionCheckHandler() IVersionCheckHandler {
 	if BuildNumber == "" {
 		logger.L().Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
 	}
-	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && pkgutils.StringToBool(v) {
+	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && boolutils.StringToBool(v) {
+		return NewVersionCheckHandlerMock()
+	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
 	}
 	return NewVersionCheckHandler()
@@ -44,10 +49,12 @@ type VersionCheckHandler struct {
 }
 type VersionCheckRequest struct {
 	Client           string `json:"client"`           // kubescape
+	ClientBuild      string `json:"clientBuild"`      // client build environment
 	ClientVersion    string `json:"clientVersion"`    // kubescape version
 	Framework        string `json:"framework"`        // framework name
 	FrameworkVersion string `json:"frameworkVersion"` // framework version
-	ScanningTarget   string `json:"target"`           // scanning target- cluster/yaml
+	ScanningTarget   string `json:"target"`           // Deprecated
+	ScanningContext  string `json:"context"`          // scanning context- cluster/file/gitURL/localGit/dir
 }

 type VersionCheckResponse struct {
@@ -70,8 +77,12 @@ func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanni
 	if scanningTarget == "" {
 		scanningTarget = "unknown"
 	}
+	if Client == "" {
+		Client = "local-build"
+	}
 	return &VersionCheckRequest{
 		Client:           "kubescape",
+		ClientBuild:      Client,
 		ClientVersion:    buildNumber,
 		Framework:        frameworkName,
 		FrameworkVersion: frameworkVersion,
@@ -97,7 +108,7 @@ func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckReques
 	}

 	if latestVersion.ClientUpdate != "" {
-		if BuildNumber != "" && BuildNumber < latestVersion.ClientUpdate {
+		if BuildNumber != "" && semver.Compare(BuildNumber, latestVersion.ClientUpdate) == -1 {
 			logger.L().Warning(warningMessage(latestVersion.ClientUpdate))
 		}
 	}
--- a/Show More
+++ b/Show More