Release (#844)

* Fix issue for scanning list obj

* Fix go mod in httphandler pkg

* Broken links fix in roadmap.md 

Planning, backlog, and wishlist links were not taking to the required section.

* override infoMap only if it's not nil

* improved icon of kubescape in readme

* Support scanning several files

* gramatical improvements

* docs(readme): Star → star

* Fix issues according to review

* Handle with issues  caused by updating opa-utils

* Fix scanning ListObj following reviews

* Update core/pkg/resourcehandler/filesloader.go

Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>

* Update completion.go

* Added fixed control input

* update go.mod

* Print chart name log when fail to generate

* Change formatting to %s

* Added resource prioritization information, raw resource will be sent on the result object

* Merging typo fixes from master (#772)

* greetings

* Update aws.sh

simplified the comment

* typo: In the title and h1 element

Their was a typo in index.html file.

* punctuation changes

* docs : added gitpod badge in readme.md

* fixed typos

* ƒ some grammar mistake is corrected inPULL_REQUEST_TEMPLATE.md file

* Updated README.md file

Added link to CONTRIBUTING.md file in a line in README.

* Added link to code of conduct file

I have added link to the code of conduct file and fixed some problems in the Readme file.

* Fixed readme

* Added alpine tag

Adding alpine tag instead of latest and removing repeating commands

* roadmap.md file is modified

* Automatically Close "Typo" labelled Issue

* build.py is modified

* modified PR template

* Fixed some typos in feature_request.md

"." at the end of the headings were missing and all the text were in same line.
Now this gives a clear and concise view of the texts.

* fixed the typo in docs/index.html

Found and fixed typo in the 'alt' attribute of img tag

* Update PULL_REQUEST_TEMPLATE.md

Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com>
Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com>
Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com>
Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com>
Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com>
Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com>
Co-authored-by: pwnb0y <vickykr07@yahoo.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com>
Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com>
Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com>
Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com>
Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com>
Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com>

* update logger version

* update logger version (#773)

* Fixed: Kubescape fails to authenticate remote private Github repo (#721)

* grammar error fixer in CONTRIBUTING.md

* scanning private git repository is available

* giturl to gitapi

* NO TOKEN error functionality added

* Used GetToken method of giturl.IGitAPPI for auth

Co-authored-by: satyam kale <satyamkale271@gmail.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>

* bump opa-utils to 181

* Option to force enable color output (closes #560) (#767)

* Option to force enable color output (closes #560)

(cherry picked from commit 4f951781ee8dd6bb451ac7d159787f47e4b07379)

* Update go.mod

* update scanner image

* Update host scanner image  (#774)

* update logger version

* update scanner image

* remove windows exe extension

* Remove windows extension build (#775)

* update logger version

* update scanner image

* remove windows exe extension

* commened out prioritization logic

* Edit Junit output (#802)

* Edit Junit output

* Update go sum

* Following review

* update AdoptClusterName

* Print line separator only if some controls failed (#813)

* removed the extra 'download' word from the example (#810)

it was confusing to understand the download command because there was an extra 'download' mentioned

* Prioritization (#815)

* removed commented out code

* Added attack tracks information to prioritization algorithm

* bump opa-utils

* go mod tidy

* go mod tidy

* CR changes

* Issue 613 cluster name (#783)

* added --clusterName flag (#613)

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>

* update flag name to --cluster-name

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>

* Per 307 fail on severity counters (#831)

* feat: fail on exceeding severity thresholds (#830)

- Add support for severity counters
- Add support for CLI flags that set severity thresholds
- Terminate Kubescape with an exit code 1 if scan results exceed the
  severity thresholds

* Update opa-utils pkg version

Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>

* Fix merge conflict

* typo in .gitignore file (#833)

* remove unsupported installation method

* fixed welcome message

* fixed merge

* fixed attack tracks loading logic

* add flag validation for --account-id (#605) (#793)

* add flag validation for --account-id (#605)

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>

* add flag validation for --client-id & --secret-key

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>

* Validation method should be a member function

* Adding unit tests for credentials validate

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
Co-authored-by: David Wertenteil <dwertent@armosec.io>

* Scan Kustomize Directory (#795)

* Scan Kustomize Files

* update 'scam Kustomize Directory' documentation in  Readme.md

* go get

* go get inside httphandler

* SourceTypeKustomizeDirectory

* Added Scan for Kustomization File

Co-authored-by: David Wertenteil <dwertent@armosec.io>

* feat: unify severity threshold into one CLI flag (#838)

* feat: unify severity threshold into one CLI flag

Before this commit, severity threshold flags were separated by severity.
This commit unifies these thresholds into one flag that forces Kubescape
to terminate with an exit code 1 if there was at least one failed
control at the specified severity threshold or above.

* chore: update opa utils version

* chore: update opa-utils in httphandler

* feat: dont enforce severity by default

Previous iteration of supporting the severity threshold enforced it even
if the severity threshold was not explicitly specified.
This change enforces the severity threshold only if it has been
explicitly set.

* refactor: clarify flagValidationFramework func name

This change clarifies the meaning of the function that validates the
scan info for the `scan framework` command.
It achieves this by renaming the `flagValidationFramework` function to
`validateFrameworkScanInfo`.

* Merge branch 'master' into dev

Signed-off-by: Anubhav Gupta <mail.anubhav06@gmail.com>
Co-authored-by: Moshe-Rappaport-CA <moshep@armosec.io>
Co-authored-by: Moshe Rappaport <89577611+Moshe-Rappaport-CA@users.noreply.github.com>
Co-authored-by: Om Raut <33827410+om2137@users.noreply.github.com>
Co-authored-by: Kamal Nayan <95926324+legendarykamal@users.noreply.github.com>
Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>
Co-authored-by: Chirag Arora <84070677+Chirag8023@users.noreply.github.com>
Co-authored-by: shm12 <shmuelb@armosec.io>
Co-authored-by: Amir Malka <amirm@armosec.io>
Co-authored-by: Krishna Agarwal <dmkrishna.agarwal@gmail.com>
Co-authored-by: Saswata Senapati <74651639+saswat16@users.noreply.github.com>
Co-authored-by: Rahul Singh <110548934+rahuldhirendersingh@users.noreply.github.com>
Co-authored-by: deepuyadav004 <deepuyadavze@gmail.com>
Co-authored-by: kartik <97971066+kartikgajjar7@users.noreply.github.com>
Co-authored-by: Rounak-28 <95576871+Rounak-28@users.noreply.github.com>
Co-authored-by: pwnb0y <vickykr07@yahoo.com>
Co-authored-by: Ben Hirschberg <59160382+slashben@users.noreply.github.com>
Co-authored-by: Saptarshi Sarkar <saptarshi.programmer@gmail.com>
Co-authored-by: Rahul Surwade <93492791+RahulSurwade08@users.noreply.github.com>
Co-authored-by: Suhas Gumma <43647369+suhasgumma@users.noreply.github.com>
Co-authored-by: TarangVerma <90996971+TarangVerma@users.noreply.github.com>
Co-authored-by: avikittu <65793296+avikittu@users.noreply.github.com>
Co-authored-by: satyam kale <satyamkale271@gmail.com>
Co-authored-by: Aditya Pratap Singh <adityapratapsingh51@gmail.com>
Co-authored-by: Ashray Shetty <ashrayshetty1999@gmail.com>
Co-authored-by: Anubhav Gupta <mail.anubhav06@gmail.com>
Co-authored-by: Meyazhagan <meyazhagan.ofcl@gmail.com>

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,34 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: ''
+assignees: ''
+
+---
+
+# Describe the bug
+A clear and concise description of what the bug is.
+
+# Environment
+OS: the OS + version you’re running Kubescape on, e.g Ubuntu 22.04 LTS
+Version: the version that Kubescape reports when you run `kubescape version`
+```
+Your current version is:
+```
+
+# Steps To Reproduce
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+# Expected behavior
+A clear and concise description of what you expected to happen.
+
+# Actual Behavior
+A clear and concise description of what happened. If applicable, add screenshots to help explain your problem.
+
+# Additional context
+Add any other context about the problem here.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,19 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: ''
+assignees: ''
+
+---
+**Is your feature request related to a problem? Please describe.**</br>
+ > A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
+
+**Describe the solution you'd like.**</br>
+ > A clear and concise description of what you want to happen.
+
+**Describe alternatives you've considered.**</br>
+ > A clear and concise description of any alternative solutions or features you've considered.
+
+**Additional context.**</br>
+ > Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,18 @@
+## Describe your changes
+
+## Screenshots - If Any (Optional)
+
+## This PR fixes:
+
+* Resolved #
+
+## Checklist before requesting a review
+<!-- put an [x] in the box to get it checked -->
+
+- [ ] My code follows the style guidelines of this project
+- [ ] I have commented on my code, particularly in hard-to-understand areas
+- [ ] I have performed a self-review of my code
+- [ ] If it is a core feature, I have added thorough tests.
+- [ ] New and existing unit tests pass locally with my changes
+
+**Please open the PR against the `dev` branch (Unless the PR contains only documentation changes)**

.github/workflows/build.yaml

@@ -96,10 +96,6 @@ jobs:
         env:
           RELEASE: v2.0.${{ github.run_number }} 
           CLIENT: release
-          ArmoBEServer: api.armo.cloud
-          ArmoAuthServer: auth.armo.cloud
-          ArmoERServer: report.armo.cloud
-          ArmoWebsite: portal.armo.cloud
           CGO_ENABLED: 1
         run: python3 --version && python3 build.py
       
@@ -134,7 +130,7 @@ jobs:
     name: Build docker container, tag and upload to registry
     needs: build
     runs-on: ubuntu-latest
-    if: ${{ github.repository == 'armosec/kubescape' }} # TODO
+    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
     permissions:
       id-token: write
       packages: write

.github/workflows/build_dev.yaml

@@ -88,10 +88,6 @@ jobs:
         env:
           RELEASE: v2.0.${{ github.run_number }} 
           CLIENT: release-dev
-          ArmoBEServer: api.armo.cloud
-          ArmoAuthServer: auth.armo.cloud
-          ArmoERServer: report.armo.cloud
-          ArmoWebsite: portal.armo.cloud
           CGO_ENABLED: 1
         run: python3 --version && python3 build.py
       
@@ -110,7 +106,7 @@ jobs:
   build-docker:
     name: Build docker container, tag and upload to registry
     needs: build
-    if: ${{ github.repository == 'armosec/kubescape' }} # TODO
+    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
     runs-on: ubuntu-latest
     permissions:
       id-token: write

.github/workflows/close-typos-issues.yaml

@@ -0,0 +1,23 @@
+on:
+  issues:
+    types: [opened, labeled]
+
+jobs:
+  open_PR_message:
+    if: github.event.label.name == 'typo'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ben-z/actions-comment-on-issue@1.0.2
+        with:
+          message: "Hello! :wave:\n\nThis issue is being automatically closed, Please open a PR with a relevant fix."
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          
+          
+  auto_close_issues:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: lee-dohm/close-matching-issues@v2
+        with:
+          query: 'label:typo'
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/community.yml

@@ -0,0 +1,22 @@
+on:
+  fork:
+  issues:
+    types: [opened]
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  welcome:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: EddieHubCommunity/gh-action-community/src/welcome@main
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          issue-message: '<h3>Hi! Welcome to Kubescape. Thank you for taking the time and reporting an issue</h3>'
+          pr-message: '<h3>Hi! Welcome to Kubescape. Thank you for taking the time and contributing to the open source community</h3>'
+          footer: '<h4>We will try to review as soon as possible!</h4>'

.github/workflows/pr_checks.yaml

@@ -81,10 +81,6 @@ jobs:
         env:
           RELEASE: v2.0.${{ github.run_number }} 
           CLIENT: test
-          ArmoBEServer: api.armo.cloud
-          ArmoAuthServer: auth.armo.cloud
-          ArmoERServer: report.armo.cloud
-          ArmoWebsite: portal.armo.cloud
           CGO_ENABLED: 1
         run: python3 --version && python3 build.py
 

.gitignore

@@ -1,7 +1,7 @@
 *.vs*
 *kubescape*
 *debug*
-*vender*
+*vendor*
 *.pyc*
 .idea
 .history

CONTRIBUTING.md

@@ -3,13 +3,13 @@
 First, it is awesome that you are considering contributing to Kubescape! Contributing is important and fun and we welcome your efforts.
 
 When contributing, we categorize contributions into two:
-* Small code changes or fixes, whose scope are limited to a single or two files
-* Complex features and improvements, whose are not limited
+* Small code changes or fixes, whose scope is limited to a single or two files
+* Complex features and improvements, that are not limited
 
 If you have a small change, feel free to fire up a Pull Request.
 
 When planning a bigger change, please first discuss the change you wish to make via issue,
-email, or any other method with the owners of this repository before making a change. Most likely your changes or features are great, but sometimes we might already going to this direction (or the exact opposite ;-) ) and we don't want to waste your time.
+email, or any other method with the owners of this repository before making a change. Most likely your changes or features are great, but sometimes we might be already going in this direction (or the exact opposite ;-) ) and we don't want to waste your time.
 
 Please note we have a code of conduct, please follow it in all your interactions with the project.
 
@@ -20,14 +20,14 @@ Please note we have a code of conduct, please follow it in all your interactions
 2. Update the README.md with details of changes to the interface, this includes new environment 
    variables, exposed ports, useful file locations and container parameters.
 3. Open Pull Request to `dev` branch - we test the component before merging into the `master` branch
-4. We will merge the Pull Request in once you have the sign-off.
+4. We will merge the Pull Request once you have the sign-off.
 
 ## Code of Conduct
 
 ### Our Pledge
 
 In the interest of fostering an open and welcoming environment, we as
-contributors and maintainers pledge to making participation in our project and
+contributors and maintainers pledge to make participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, gender identity and expression, level of experience,
 nationality, personal appearance, race, religion, or sexual identity and
@@ -55,12 +55,12 @@ advances
 * Other conduct which could reasonably be considered inappropriate in a
   professional setting
 
-We will distance those who are constantly adhere to unacceptable behavior.
+We will distance those who constantly adhere to unacceptable behavior.
 
 ### Our Responsibilities
 
 Project maintainers are responsible for clarifying the standards of acceptable
-behavior and are expected to take appropriate and fair corrective action in
+behavior and are expected to take appropriate and fair corrective actions in
 response to any instances of unacceptable behavior.
 
 Project maintainers have the right and responsibility to remove, edit, or
@@ -97,4 +97,4 @@ This Code of Conduct is adapted from the [Contributor Covenant][homepage], versi
 available at [http://contributor-covenant.org/version/1/4][version]
 
 [homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+[version]: http://contributor-covenant.org/version/1/4/

README.md

@@ -1,45 +1,43 @@
-<img src="docs/kubescape.png" width="300" alt="logo" align="center">
+<div align="center">
+    <img src="docs/kubescape.png" width="300" alt="logo">
+</div>
 
-[![build](https://github.com/armosec/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/armosec/kubescape/actions/workflows/build.yaml)
-[![Go Report Card](https://goreportcard.com/badge/github.com/armosec/kubescape)](https://goreportcard.com/report/github.com/armosec/kubescape)
+---
+
+[![build](https://github.com/kubescape/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/kubescape/kubescape/actions/workflows/build.yaml)
+[![Go Report Card](https://goreportcard.com/badge/github.com/kubescape/kubescape)](https://goreportcard.com/report/github.com/kubescape/kubescape)
+[![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-Ready--to--Code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/kubescape/kubescape)
+
+:sunglasses: [Want to contribute?](#being-a-part-of-the-team) :innocent: 
 
 
-
-Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning. 
+Kubescape is a K8s open-source tool providing a Kubernetes single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning. 
 Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/)), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time.
-It became one of the fastest-growing Kubernetes tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins’ precious time, effort, and resources.
+
+It has become one of the fastest-growing Kubernetes tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins precious time, effort, and resources.
 Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, Prometheus, and Slack, and supports multi-cloud K8s deployments like EKS, GKE, and AKS.
 
 </br>
 
-<!-- # Kubescape Coverage
-<img src="docs/ksfromcodetodeploy.png">
-
-</br> -->
-
-
 # Kubescape CLI:
 <img src="docs/demo.gif">
 
 </br>
 
-<!-- # Kubescape overview:
-<img src="docs/ARMO-header-2022.gif"> -->
-
 # TL;DR
 ## Install:
 ```sh
-curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
+curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
 ```
 
+*OR:*
+
 [Install on windows](#install-on-windows)
 
 [Install on macOS](#install-on-macos)
 
 [Install on NixOS or Linux/macOS via nix](#install-on-nixos-or-with-nix-community)
 
-[Install using Go](#install-using-go)
-
 ## Run:
 ```sh
 kubescape scan --submit --enable-host-scan --verbose
@@ -49,26 +47,29 @@ kubescape scan --submit --enable-host-scan --verbose
 
 </br>
 
-> Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests themselves more robust and complete as Kubernetes develops.
+> Kubescape is an open source project. We welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests more robust and complete as Kubernetes develops.
 
 </br>
 
-### Click [👍](https://github.com/armosec/kubescape/stargazers) if you want us to continue to develop and improve Kubescape 😀
+### Please [star ⭐](https://github.com/kubescape/kubescape/stargazers) the repo if you want us to continue developing and improving Kubescape 😀
 
 </br>
 
+# Being a part of the team
 
-# Being part of the team
+## Community
+We invite you to our community! We are excited about this project and want to return the love we get.
 
-We invite you to our team! We are excited about this project and want to return the love we get.
+We hold community meetings in [Zoom](https://us02web.zoom.us/j/84020231442) on the first Tuesday of every month at 14:00 GMT! :sunglasses:
 
-Want to contribute? Want to discuss something? Have an issue?
+## Contributions 
+[Want to contribute?](https://github.com/kubescape/kubescape/blob/master/CONTRIBUTING.md) Want to discuss something? Have an issue? Please make sure that you follow our [Code Of Conduct](https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md) . 
 
-* Feel free to pick a task from the [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) 
-* Open a issue, we are trying to respond within 48 hours
-* [Join us](https://armosec.github.io/kubescape) in a discussion on our discord server!
+* Feel free to pick a task from the [issues](https://github.com/kubescape/kubescape/issues?q=is%3Aissue+is%3Aopen+label%3A%22open+for+contribution%22), [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) 
+* [Open an issue](https://github.com/kubescape/kubescape/issues/new/choose) , we are trying to respond within 48 hours
+* [Join us](https://discord.com/invite/WKZRaCtBxN) in the discussion on our discord server!
 
-[<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://armosec.github.io/kubescape/)
+[<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://discord.com/invite/WKZRaCtBxN)
 ![discord](https://img.shields.io/discord/893048809884643379)
 
 
@@ -87,16 +88,18 @@ Want to contribute? Want to discuss something? Have an issue?
 * [Scan Kubescape on an air-gapped environment (offline support)](https://youtu.be/IGXL9s37smM)
 * [Managing exceptions in the Kubescape SaaS version](https://youtu.be/OzpvxGmCR80)
 * [Configure and run customized frameworks](https://youtu.be/12Sanq_rEhs)
-* Customize controls configurations. [Kubescape CLI](https://youtu.be/955psg6TVu4), [Kubescape SaaS](https://youtu.be/lIMVSVhH33o)
-
-<details><summary>Windows</summary>
+* Customize control configurations: 
+  - [Kubescape CLI](https://youtu.be/955psg6TVu4) 
+  - [Kubescape SaaS](https://youtu.be/lIMVSVhH33o)
 
 ## Install on Windows
 
+<details><summary>Windows</summary>
+
 **Requires powershell v5.0+**
 
 ``` powershell
-iwr -useb https://raw.githubusercontent.com/armosec/kubescape/master/install.ps1 | iex
+iwr -useb https://raw.githubusercontent.com/kubescape/kubescape/master/install.ps1 | iex
 ```
 
 Note: if you get an error you might need to change the execution policy (i.e. enable Powershell) with
@@ -106,10 +109,11 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser
 ```
 </details>
 
-<details><summary>MacOS</summary>
 
 ## Install on macOS
 
+<details><summary>MacOS</summary>
+
 1. ```sh
     brew tap kubescape/tap
     ```
@@ -118,10 +122,10 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser
     ```
 </details>
 
-<details><summary>Nix/NixOS</summary>
-
 ## Install on NixOS or with nix (Community)
 
+<details><summary>Nix/NixOS</summary>
+
 Direct issues installing `kubescape` via `nix` through the channels mentioned [here](https://nixos.wiki/wiki/Support)
 
 You can use `nix` on Linux or macOS and on other platforms unofficially.
@@ -193,17 +197,17 @@ kubescape scan --include-namespaces development,staging,production
 kubescape scan --exclude-namespaces kube-system,kube-public
 ```
 
-#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI) Submit the results in case the directory is a git repo. [docs](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository)
+#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI). Submit the results in case the directory is a git repo. [docs](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository)
 ```
 kubescape scan *.yaml --submit
 ```
 
-#### Scan kubernetes manifest files from a git repository [and submit the results](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository)
+#### Scan Kubernetes manifest files from a git repository [and submit the results](https://hub.armosec.io/docs/repository-scanning?utm_source=github&utm_medium=repository)
 ```
-kubescape scan https://github.com/armosec/kubescape --submit
+kubescape scan https://github.com/kubescape/kubescape --submit
 ```
 
-#### Display all scanned resources (including the resources who passed) 
+#### Display all scanned resources (including the resources which passed) 
 ```
 kubescape scan --verbose
 ```
@@ -233,6 +237,12 @@ kubescape scan --format pdf --output results.pdf
 kubescape scan --format prometheus
 ```
 
+#### Output in `html` format
+
+```
+kubescape scan --format html --output results.html
+```
+
 #### Scan with exceptions, objects with exceptions will be presented as `exclude` and not `fail`
 [Full documentation](examples/exceptions/README.md)
 ```
@@ -243,7 +253,13 @@ kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json
 ```
 kubescape scan </path/to/directory> --submit
 ```
-> Kubescape will load the default values file
+> Kubescape will load the default value file
+
+#### Scan Kustomize Directory 
+```
+kubescape scan </path/to/directory> --submit
+```
+> Kubescape will generate Kubernetes Yaml Objects using 'Kustomize' file and scans them for security.
 
 ### Offline/Air-gaped Environment Support
 
@@ -263,11 +279,11 @@ kubescape download artifacts --output path/to/local/dir
 kubescape scan --use-artifacts-from path/to/local/dir
 ```
 
-#### Download a single artifacts
+#### Download a single artifact
 
-You can also download a single artifacts and scan with the `--use-from` flag
+You can also download a single artifact and scan with the `--use-from` flag
 
-1. Download and save in file, if file name not specified, will save in `~/.kubescape/<framework name>.json`
+1. Download and save in a file, if the file name is not specified, will save in `~/.kubescape/<framework name>.json`
 ```
 kubescape download framework nsa --output /path/nsa.json
 ```
@@ -298,9 +314,9 @@ View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using k
 
 # Building Kubescape
 
-<details><summary>Windows</summary>
+## Build on Windows
 
-## Windows
+<details><summary>Windows</summary>
 
 1. Install MSYS2 & build libgit _(needed only for the first time)_
 
@@ -323,9 +339,9 @@ View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using k
     ```
 </details>
 
-<details><summary>Linux / MacOS</summary>
+## Build on Linux/MacOS
 
-## Linux / MacOS
+<details><summary>Linux / MacOS</summary>
 
 1. Install libgit2 dependency _(needed only for the first time)_
    
@@ -355,9 +371,31 @@ View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using k
 
 </details>
 
+## Build on pre-configured killercoda's ubuntu playground
+
+* [Pre-configured Killercoda's Ubuntu Playground](https://killercoda.com/suhas-gumma/scenario/kubescape-build-for-development)
+
+<details><summary> Pre-programmed actions executed by the playground </summary>
+
+
+* Clone the official GitHub repository of `Kubescape`.
+* [Automate the build process on Linux](https://github.com/kubescape/kubescape#build-on-linuxmacos)
+* The entire process involves executing multiple commands in order and it takes around 5-6 minutes to execute them all.
+
+</details>
+
+<details>
+<summary>Instructions to use the playground</summary>
+
+* Apply changes you wish to make to the kubescape directory using text editors like `Vim`.
+* [Build on Linux](https://github.com/kubescape/kubescape#build-on-linuxmacos)
+* Now, you can use Kubescape just like a normal user. Instead of using `kubescape`, use `./kubescape`. (Make sure you are inside kubescape directory because the command will execute the binary named `kubescape` in `kubescape directory`.
+
+</details>
+
 ## VS code configuration samples
 
-You can use the samples files below to setup your VS code environment for building and debugging purposes.
+You can use the sample files below to setup your VS code environment for building and debugging purposes.
 
 
 <details><summary>.vscode/settings.json</summary>
@@ -402,16 +440,16 @@ You can use the samples files below to setup your VS code environment for buildi
 # Under the hood
 
 ## Technology
-Kubescape based on [OPA engine](https://github.com/open-policy-agent/opa) and ARMO's posture controls.
+Kubescape is based on the [OPA engine](https://github.com/open-policy-agent/opa) and ARMO's posture controls.
 
-The tools retrieves Kubernetes objects from the API server and runs a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).
+The tools retrieve Kubernetes objects from the API server and run a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).
 
-The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.
+The results by default are printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.
 
-Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests themselves more robust and complete as Kubernetes develops.
+Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests more robust and complete as Kubernetes develops.
 
 ## Thanks to all the contributors ❤️
-<a href = "https://github.com/armosec/kubescape/graphs/contributors">
-  <img src = "https://contrib.rocks/image?repo=armosec/kubescape"/>
+<a href = "https://github.com/kubescape/kubescape/graphs/contributors">
+  <img src = "https://contrib.rocks/image?repo=kubescape/kubescape"/>
 </a>
 

build.py

@@ -4,7 +4,7 @@ import hashlib
 import platform
 import subprocess
 
-BASE_GETTER_CONST = "github.com/armosec/kubescape/v2/core/cautils/getter"
+BASE_GETTER_CONST = "github.com/kubescape/kubescape/v2/core/cautils/getter"
 
 def check_status(status, msg):
     if status != 0:
@@ -25,7 +25,6 @@ def get_build_dir():
 
 def get_package_name():
     package_name = "kubescape"
-    # if platform.system() == "Windows": package_name += ".exe"
 
     return package_name
 
@@ -35,10 +34,10 @@ def main():
 
     # Set some variables
     package_name = get_package_name()
-    build_url = "github.com/armosec/kubescape/v2/core/cautils.BuildNumber"
+    build_url = "github.com/kubescape/kubescape/v2/core/cautils.BuildNumber"
     release_version = os.getenv("RELEASE")
 
-    client_var = "github.com/armosec/kubescape/v2/core/cautils.Client"
+    client_var = "github.com/kubescape/kubescape/v2/core/cautils.Client"
     client_name = os.getenv("CLIENT")
     
     # Create build directory

build/Dockerfile

@@ -20,7 +20,6 @@ WORKDIR /work
 ADD . .
 
 # install libgit2
-WORKDIR /work
 RUN rm -rf git2go && make libgit2
 
 # build kubescape server
@@ -34,16 +33,16 @@ RUN python build.py
 
 RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts
 
-FROM alpine
+FROM alpine:3.16.2
 
 RUN addgroup -S armo && adduser -S armo -G armo
 
-RUN mkdir /home/armo/.kubescape
 COPY --from=builder /work/artifacts/ /home/armo/.kubescape
 
 RUN chown -R armo:armo /home/armo/.kubescape
 
 USER armo
+
 WORKDIR /home/armo
 
 COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver

build/README.md

@@ -4,7 +4,7 @@
 
 1. Clone Project
 ```
-git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
+git clone https://github.com/kubescape/kubescape.git kubescape && cd "$_"
 ```
 
 2. Build

cmd/completion/completion.go

@@ -43,7 +43,3 @@ func GetCompletionCmd() *cobra.Command {
 	}
 	return completionCmd
 }
-
-// func init() {
-// 	rootCmd.AddCommand(completionCmd)
-// }

cmd/config/config.go

@@ -1,7 +1,7 @@
 package config
 
 import (
-	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )
 

cmd/config/delete.go

@@ -1,9 +1,9 @@
 package config
 
 import (
-	"github.com/armosec/kubescape/v2/core/meta"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 

cmd/config/set.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/kubescape/v2/core/meta"
-	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 

cmd/config/view.go

@@ -3,9 +3,9 @@ package config
 import (
 	"os"
 
-	"github.com/armosec/kubescape/v2/core/meta"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 

cmd/delete/delete.go

@@ -1,8 +1,8 @@
 package delete
 
 import (
-	"github.com/armosec/kubescape/v2/core/meta"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 

cmd/delete/exceptions.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/kubescape/v2/core/meta"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
@@ -22,6 +22,11 @@ func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command
 			return nil
 		},
 		Run: func(cmd *cobra.Command, args []string) {
+
+			if err := flagValidationDelete(deleteInfo); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+
 			exceptionsNames := strings.Split(args[0], ";")
 			if len(exceptionsNames) == 0 {
 				logger.L().Fatal("missing exceptions names")
@@ -32,3 +37,10 @@ func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command
 		},
 	}
 }
+
+// Check if the flag entered are valid
+func flagValidationDelete(deleteInfo *v1.Delete) error {
+
+	// Validate the user's credentials
+	return deleteInfo.Credentials.Validate()
+}

cmd/download/download.go

@@ -5,11 +5,11 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/core"
-	"github.com/armosec/kubescape/v2/core/meta"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/core"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
@@ -17,7 +17,7 @@ var (
 	downloadExample = `
   # Download all artifacts and save them in the default path (~/.kubescape)
   kubescape download artifacts
-  download
+  
   # Download all artifacts and save them in /tmp path
   kubescape download artifacts --output /tmp
   
@@ -59,6 +59,10 @@ func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 
+			if err := flagValidationDownload(&downloadInfo); err != nil {
+				return err
+			}
+
 			if filepath.Ext(downloadInfo.Path) == ".json" {
 				downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
 			}
@@ -80,3 +84,10 @@ func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
 
 	return downloadCmd
 }
+
+// Check if the flag entered are valid
+func flagValidationDownload(downloadInfo *v1.DownloadInfo) error {
+
+	// Validate the user's credentials
+	return downloadInfo.Credentials.Validate()
+}

cmd/list/list.go

@@ -4,11 +4,11 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/core"
-	"github.com/armosec/kubescape/v2/core/meta"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/core"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
@@ -51,6 +51,11 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 			return nil
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if err := flagValidationList(&listPolicies); err != nil {
+				return err
+			}
+
 			listPolicies.Target = args[0]
 
 			if err := ks.List(&listPolicies); err != nil {
@@ -67,3 +72,10 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 
 	return listCmd
 }
+
+// Check if the flag entered are valid
+func flagValidationList(listPolicies *v1.ListPolicies) error {
+
+	// Validate the user's credentials
+	return listPolicies.Credentials.Validate()
+}

cmd/root.go

@@ -4,20 +4,20 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/kubescape/v2/cmd/completion"
-	"github.com/armosec/kubescape/v2/cmd/config"
-	"github.com/armosec/kubescape/v2/cmd/delete"
-	"github.com/armosec/kubescape/v2/cmd/download"
-	"github.com/armosec/kubescape/v2/cmd/list"
-	"github.com/armosec/kubescape/v2/cmd/scan"
-	"github.com/armosec/kubescape/v2/cmd/submit"
-	"github.com/armosec/kubescape/v2/cmd/version"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/kubescape/v2/core/core"
-	"github.com/armosec/kubescape/v2/core/meta"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/cmd/completion"
+	"github.com/kubescape/kubescape/v2/cmd/config"
+	"github.com/kubescape/kubescape/v2/cmd/delete"
+	"github.com/kubescape/kubescape/v2/cmd/download"
+	"github.com/kubescape/kubescape/v2/cmd/list"
+	"github.com/kubescape/kubescape/v2/cmd/scan"
+	"github.com/kubescape/kubescape/v2/cmd/submit"
+	"github.com/kubescape/kubescape/v2/cmd/version"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/core"
+	"github.com/kubescape/kubescape/v2/core/meta"
 
 	"github.com/spf13/cobra"
 )
@@ -51,8 +51,8 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 		Example: ksExamples,
 	}
 
-	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLsDep, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLs, "env", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.KSCloudBEURLsDep, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.KSCloudBEURLs, "env", "", envFlagUsage)
 	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
 	rootCmd.PersistentFlags().MarkHidden("environment")
 	rootCmd.PersistentFlags().MarkHidden("env")
@@ -63,6 +63,7 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
 	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
 	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.EnableColor, "enable-color", "", false, "Force enable Color output for logging")
 
 	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
 

cmd/rootutils.go

@@ -5,9 +5,9 @@ import (
 	"os"
 	"strings"
 
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 
 	"github.com/mattn/go-isatty"
 )
@@ -16,6 +16,7 @@ const envFlagUsage = "Send report results to specific URL. Format:<ReportReceive
 
 func initLogger() {
 	logger.DisableColor(rootInfo.DisableColor)
+	logger.EnableColor(rootInfo.EnableColor)
 
 	if rootInfo.LoggerName == "" {
 		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
@@ -55,10 +56,10 @@ func initCacheDir() {
 	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
 }
 func initEnvironment() {
-	if rootInfo.ArmoBEURLs == "" {
-		rootInfo.ArmoBEURLs = rootInfo.ArmoBEURLsDep
+	if rootInfo.KSCloudBEURLs == "" {
+		rootInfo.KSCloudBEURLs = rootInfo.KSCloudBEURLsDep
 	}
-	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+	urlSlices := strings.Split(rootInfo.KSCloudBEURLs, ",")
 	if len(urlSlices) != 1 && len(urlSlices) < 3 {
 		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
 	}
@@ -66,24 +67,24 @@ func initEnvironment() {
 	case 1:
 		switch urlSlices[0] {
 		case "dev", "development":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIDev())
 		case "stage", "staging":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIStaging())
 		case "":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIProd())
 		default:
 			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
 		}
 	case 2:
 		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
 	case 3, 4:
-		var armoAUTHURL string
-		armoERURL := urlSlices[0] // mandatory
-		armoBEURL := urlSlices[1] // mandatory
-		armoFEURL := urlSlices[2] // mandatory
+		var ksAuthURL string
+		ksEventReceiverURL := urlSlices[0] // mandatory
+		ksBackendURL := urlSlices[1]       // mandatory
+		ksFrontendURL := urlSlices[2]      // mandatory
 		if len(urlSlices) >= 4 {
-			armoAUTHURL = urlSlices[3]
+			ksAuthURL = urlSlices[3]
 		}
-		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+		getter.SetKSCloudAPIConnector(getter.NewKSCloudAPICustomized(ksEventReceiverURL, ksBackendURL, ksFrontendURL, ksAuthURL))
 	}
 }

cmd/scan/control.go

@@ -6,12 +6,12 @@ import (
 	"os"
 	"strings"
 
-	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/meta"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/meta"
 
 	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
@@ -58,6 +58,10 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 
+			if err := validateFrameworkScanInfo(scanInfo); err != nil {
+				return err
+			}
+			
 			// flagValidationControl(scanInfo)
 			scanInfo.PolicyIdentifier = []cautils.PolicyIdentifier{}
 
@@ -70,7 +74,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 
 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {
-						scanInfo.InputPatterns = []string{args[1]}
+						scanInfo.InputPatterns = args[1:]
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -88,6 +92,10 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 
 			scanInfo.FrameworkScan = false
 
+			if err := validateControlScanInfo(scanInfo); err != nil {
+				return err
+			}
+
 			results, err := ks.Scan(scanInfo)
 			if err != nil {
 				logger.L().Fatal(err.Error())
@@ -101,7 +109,19 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
+			enforceSeverityThresholds(&results.GetResults().SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)
+
 			return nil
 		},
 	}
 }
+
+// validateControlScanInfo validates the ScanInfo struct for the `control` command
+func validateControlScanInfo(scanInfo *cautils.ScanInfo) error {
+	severity := scanInfo.FailThresholdSeverity
+
+	if err := validateSeverity(severity); severity != "" && err != nil {
+		return err
+	}
+	return nil
+}

cmd/scan/framework.go

@@ -1,17 +1,20 @@
 package scan
 
 import (
+	"errors"
 	"fmt"
 	"io"
 	"os"
 	"strings"
 
-	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
+	reporthandlingapis "github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/meta"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/meta"
 
 	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
@@ -36,6 +39,8 @@ var (
 
   Run 'kubescape list frameworks' for the list of supported frameworks
 `
+
+	ErrUnknownSeverity = errors.New("unknown severity")
 )
 
 func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
@@ -62,7 +67,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 
-			if err := flagValidationFramework(scanInfo); err != nil {
+			if err := validateFrameworkScanInfo(scanInfo); err != nil {
 				return err
 			}
 			scanInfo.FrameworkScan = true
@@ -80,7 +85,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				}
 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {
-						scanInfo.InputPatterns = []string{args[1]}
+						scanInfo.InputPatterns = args[1:]
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -113,17 +118,95 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
+
+			enforceSeverityThresholds(&results.GetData().Report.SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)
 			return nil
 		},
 	}
 }
 
-func flagValidationFramework(scanInfo *cautils.ScanInfo) error {
+// countersExceedSeverityThreshold returns true if severity of failed controls exceed the set severity threshold, else returns false
+func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo) (bool, error) {
+	targetSeverity := scanInfo.FailThresholdSeverity
+	if err := validateSeverity(targetSeverity); err != nil {
+		return false, err
+	}
+
+	getFailedResourcesFuncsBySeverity := []struct {
+		SeverityName       string
+		GetFailedResources func() int
+	}{
+		{reporthandlingapis.SeverityLowString, severityCounters.NumberOfResourcesWithLowSeverity},
+		{reporthandlingapis.SeverityMediumString, severityCounters.NumberOfResourcesWithMediumSeverity},
+		{reporthandlingapis.SeverityHighString, severityCounters.NumberOfResourcesWithHighSeverity},
+		{reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfResourcesWithCriticalSeverity},
+	}
+
+	targetSeverityIdx := 0
+	for idx, description := range getFailedResourcesFuncsBySeverity {
+		if strings.EqualFold(description.SeverityName, targetSeverity) {
+			targetSeverityIdx = idx
+			break
+		}
+	}
+
+	for _, description := range getFailedResourcesFuncsBySeverity[targetSeverityIdx:] {
+		failedResourcesCount := description.GetFailedResources()
+		if failedResourcesCount > 0 {
+			return true, nil
+		}
+	}
+
+	return false, nil
+
+}
+
+// terminateOnExceedingSeverity terminates the application on exceeding severity
+func terminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l logger.ILogger) {
+	l.Fatal("result exceeds severity threshold", helpers.String("set severity threshold", scanInfo.FailThresholdSeverity))
+}
+
+// enforceSeverityThresholds ensures that the scan results are below the defined severity threshold
+//
+// The function forces the application to terminate with an exit code 1 if at least one control failed control that exceeds the set severity threshold
+func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo, onExceed func(*cautils.ScanInfo, logger.ILogger)) {
+	// If a severity threshold is not set, we don’t need to enforce it
+	if scanInfo.FailThresholdSeverity == "" {
+		return
+	}
+
+	if val, err := countersExceedSeverityThreshold(severityCounters, scanInfo); val && err == nil {
+		onExceed(scanInfo, logger.L())
+	} else if err != nil {
+		logger.L().Fatal(err.Error())
+	}
+}
+
+// validateSeverity returns an error if a given severity is not known, nil otherwise
+func validateSeverity(severity string) error {
+	for _, val := range reporthandlingapis.GetSupportedSeverities() {
+		if strings.EqualFold(severity, val) {
+			return nil
+		}
+	}
+	return ErrUnknownSeverity
+
+}
+
+// validateFrameworkScanInfo validates the scan info struct for the `scan framework` command
+func validateFrameworkScanInfo(scanInfo *cautils.ScanInfo) error {
 	if scanInfo.Submit && scanInfo.Local {
 		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
 	}
 	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
 		return fmt.Errorf("bad argument: out of range threshold")
 	}
-	return nil
+
+	severity := scanInfo.FailThresholdSeverity
+	if err := validateSeverity(severity); severity != "" && err != nil {
+		return err
+	}
+
+	// Validate the user's credentials
+	return scanInfo.Credentials.Validate()
 }

cmd/scan/scan.go

@@ -3,14 +3,14 @@ package scan
 import (
 	"fmt"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )
 
 var scanCmdExamples = `
-  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defind frameworks 
+  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defined frameworks 
   
   # Scan current cluster with all frameworks
   kubescape scan --submit --enable-host-scan --verbose
@@ -71,7 +71,10 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")
+
 	scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
+
+	scanCmd.PersistentFlags().StringVar(&scanInfo.FailThresholdSeverity, "severity-threshold", "", "Severity threshold is the severity of failed controls at which the command fails and returns exit code 1")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html"`)
 	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to ARMO backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
@@ -82,7 +85,8 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to ARMO management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host scanner DaemonSet. Use this flag cautiously")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.CustomClusterName, "cluster-name", "", "Set the custom name of the cluster. Not same as the kube-context flag")
 
 	// Deprecated flags - remove 1.May.2022
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
@@ -93,7 +97,7 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().MarkHidden("silent")         // this flag should be deprecated since we added the --logger support
 	// scanCmd.PersistentFlags().MarkHidden("format-version") // meant for testing different output approaches and not for common use
 
-	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/armosec/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
+	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/kubescape/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
 	hostF.NoOptDefVal = "true"
 	hostF.DefValue = "false, for no TTY in stdin"
 

cmd/scan/scan_test.go

@@ -0,0 +1,254 @@
+package scan
+
+import (
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
+
+	"os"
+	"reflect"
+	"testing"
+)
+
+func TestExceedsSeverity(t *testing.T) {
+	testCases := []struct {
+		Description      string
+		ScanInfo         *cautils.ScanInfo
+		SeverityCounters reportsummary.ISeverityCounters
+		Want             bool
+		Error            error
+	}{
+		{
+			Description:      "Critical failed resource should exceed Critical threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "Critical failed resource should exceed Critical threshold set as constant",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "High failed resource should not exceed Critical threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			Want:             false,
+		},
+		{
+			Description:      "Critical failed resource exceeds High threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "High failed resource exceeds High threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "Medium failed resource does not exceed High threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			Want:             false,
+		},
+		{
+			Description:      "Critical failed resource exceeds Medium threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "High failed resource exceeds Medium threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "Medium failed resource exceeds Medium threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "Low failed resource does not exceed Medium threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			Want:             false,
+		},
+		{
+			Description:      "Critical failed resource exceeds Low threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "High failed resource exceeds Low threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "Medium failed resource exceeds Low threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "Low failed resource exceeds Low threshold",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			Want:             true,
+		},
+		{
+			Description:      "Unknown severity returns an error",
+			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "unknown"},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
+			Want:             false,
+			Error:            ErrUnknownSeverity,
+		},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.Description, func(t *testing.T) {
+			got, err := countersExceedSeverityThreshold(testCase.SeverityCounters, testCase.ScanInfo)
+			want := testCase.Want
+
+			if got != want {
+				t.Errorf("got: %v, want: %v", got, want)
+			}
+
+			if err != testCase.Error {
+				t.Errorf(`got error "%v", want "%v"`, err, testCase.Error)
+			}
+		})
+	}
+}
+
+func Test_enforceSeverityThresholds(t *testing.T) {
+	testCases := []struct {
+		Description      string
+		SeverityCounters *reportsummary.SeverityCounters
+		ScanInfo         *cautils.ScanInfo
+		Want             bool
+	}{
+		{
+			"Exceeding Critical severity counter should call the terminating function",
+			&reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
+			&cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
+			true,
+		},
+		{
+			"Non-exceeding severity counter should call not the terminating function",
+			&reportsummary.SeverityCounters{},
+			&cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
+			false,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(
+			tc.Description,
+			func(t *testing.T) {
+				severityCounters := tc.SeverityCounters
+				scanInfo := tc.ScanInfo
+				want := tc.Want
+
+				got := false
+				onExceed := func(*cautils.ScanInfo, logger.ILogger) {
+					got = true
+				}
+
+				enforceSeverityThresholds(severityCounters, scanInfo, onExceed)
+
+				if got != want {
+					t.Errorf("got: %v, want %v", got, want)
+				}
+			},
+		)
+	}
+}
+
+type spyLogMessage struct {
+	Message string
+	Details map[string]string
+}
+
+type spyLogger struct {
+	setItems []spyLogMessage
+}
+
+func (l *spyLogger) Error(msg string, details ...helpers.IDetails)   {}
+func (l *spyLogger) Success(msg string, details ...helpers.IDetails) {}
+func (l *spyLogger) Warning(msg string, details ...helpers.IDetails) {}
+func (l *spyLogger) Info(msg string, details ...helpers.IDetails)    {}
+func (l *spyLogger) Debug(msg string, details ...helpers.IDetails)   {}
+func (l *spyLogger) SetLevel(level string) error                     { return nil }
+func (l *spyLogger) GetLevel() string                                { return "" }
+func (l *spyLogger) SetWriter(w *os.File)                            {}
+func (l *spyLogger) GetWriter() *os.File                             { return &os.File{} }
+func (l *spyLogger) LoggerName() string                              { return "" }
+
+func (l *spyLogger) Fatal(msg string, details ...helpers.IDetails) {
+	firstDetail := details[0]
+	detailsMap := map[string]string{firstDetail.Key(): firstDetail.Value().(string)}
+
+	newMsg := spyLogMessage{msg, detailsMap}
+	l.setItems = append(l.setItems, newMsg)
+}
+
+func (l *spyLogger) GetSpiedItems() []spyLogMessage {
+	return l.setItems
+}
+
+func Test_terminateOnExceedingSeverity(t *testing.T) {
+	expectedMessage := "result exceeds severity threshold"
+	expectedKey := "set severity threshold"
+
+	testCases := []struct {
+		Description     string
+		ExpectedMessage string
+		ExpectedKey     string
+		ExpectedValue   string
+		Logger          *spyLogger
+	}{
+		{
+			"Should log the Critical threshold that was set in scan info",
+			expectedMessage,
+			expectedKey,
+			apis.SeverityCriticalString,
+			&spyLogger{},
+		},
+		{
+			"Should log the High threshold that was set in scan info",
+			expectedMessage,
+			expectedKey,
+			apis.SeverityHighString,
+			&spyLogger{},
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(
+			tc.Description,
+			func(t *testing.T) {
+				want := []spyLogMessage{
+					{tc.ExpectedMessage, map[string]string{tc.ExpectedKey: tc.ExpectedValue}},
+				}
+				scanInfo := &cautils.ScanInfo{FailThresholdSeverity: tc.ExpectedValue}
+
+				terminateOnExceedingSeverity(scanInfo, tc.Logger)
+
+				got := tc.Logger.GetSpiedItems()
+				if !reflect.DeepEqual(got, want) {
+					t.Errorf("got: %v, want: %v", got, want)
+				}
+			},
+		)
+	}
+}

cmd/scan/validators_test.go

@@ -0,0 +1,115 @@
+package scan
+
+import (
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"testing"
+)
+
+// Test_validateControlScanInfo tests how scan info is validated for the `scan control` command
+func Test_validateControlScanInfo(t *testing.T) {
+	testCases := []struct {
+		Description string
+		ScanInfo    *cautils.ScanInfo
+		Want        error
+	}{
+		{
+			"Empty severity should be valid for scan info",
+			&cautils.ScanInfo{FailThresholdSeverity: ""},
+			nil,
+		},
+		{
+			"High severity should be valid for scan info",
+			&cautils.ScanInfo{FailThresholdSeverity: "High"},
+			nil,
+		},
+		{
+			"Unknown severity should be invalid for scan info",
+			&cautils.ScanInfo{FailThresholdSeverity: "Unknown"},
+			ErrUnknownSeverity,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(
+			tc.Description,
+			func(t *testing.T) {
+				var want error = tc.Want
+
+				got := validateControlScanInfo(tc.ScanInfo)
+
+				if got != want {
+					t.Errorf("got: %v, want: %v", got, want)
+				}
+			},
+		)
+	}
+}
+
+// Test_validateFrameworkScanInfo tests how scan info is validated for the `scan framework` command
+func Test_validateFrameworkScanInfo(t *testing.T) {
+	testCases := []struct {
+		Description string
+		ScanInfo    *cautils.ScanInfo
+		Want        error
+	}{
+		{
+			"Empty severity should be valid for scan info",
+			&cautils.ScanInfo{FailThresholdSeverity: ""},
+			nil,
+		},
+		{
+			"High severity should be valid for scan info",
+			&cautils.ScanInfo{FailThresholdSeverity: "High"},
+			nil,
+		},
+		{
+			"Unknown severity should be invalid for scan info",
+			&cautils.ScanInfo{FailThresholdSeverity: "Unknown"},
+			ErrUnknownSeverity,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(
+			tc.Description,
+			func(t *testing.T) {
+				var want error = tc.Want
+
+				got := validateFrameworkScanInfo(tc.ScanInfo)
+
+				if got != want {
+					t.Errorf("got: %v, want: %v", got, want)
+				}
+			},
+		)
+	}
+}
+
+func Test_validateSeverity(t *testing.T) {
+	testCases := []struct {
+		Description string
+		Input       string
+		Want        error
+	}{
+		{"low should be a valid severity", "low", nil},
+		{"Low should be a valid severity", "Low", nil},
+		{"medium should be a valid severity", "medium", nil},
+		{"Medium should be a valid severity", "Medium", nil},
+		{"high should be a valid severity", "high", nil},
+		{"Critical should be a valid severity", "Critical", nil},
+		{"critical should be a valid severity", "critical", nil},
+		{"Unknown should be an invalid severity", "Unknown", ErrUnknownSeverity},
+	}
+
+	for _, testCase := range testCases {
+		t.Run(testCase.Description, func(t *testing.T) {
+			input := testCase.Input
+			want := testCase.Want
+			got := validateSeverity(input)
+
+			if got != want {
+				t.Errorf("got: %v, want: %v", got, want)
+			}
+		})
+	}
+}

cmd/submit/exceptions.go

@@ -3,9 +3,9 @@ package submit
 import (
 	"fmt"
 
-	"github.com/armosec/kubescape/v2/core/meta"
-	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 
 	"github.com/spf13/cobra"
 )
@@ -21,6 +21,11 @@ func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Comm
 			return nil
 		},
 		Run: func(cmd *cobra.Command, args []string) {
+
+			if err := flagValidationSubmit(submitInfo); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+
 			if err := ks.SubmitExceptions(&submitInfo.Credentials, args[0]); err != nil {
 				logger.L().Fatal(err.Error())
 			}

cmd/submit/rbac.go

@@ -3,18 +3,18 @@ package submit
 import (
 	"fmt"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/kubescape/v2/core/meta"
-	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	reporterv2 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v2"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
 	"github.com/google/uuid"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
 
-	"github.com/armosec/rbac-utils/rbacscanner"
+	"github.com/kubescape/rbac-utils/rbacscanner"
 	"github.com/spf13/cobra"
 )
 
@@ -37,10 +37,14 @@ func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 		Long:    ``,
 		RunE: func(cmd *cobra.Command, args []string) error {
 
+			if err := flagValidationSubmit(submitInfo); err != nil {
+				return err
+			}
+
 			k8s := k8sinterface.NewKubernetesApi()
 
 			// get config
-			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", k8s)
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", "", k8s)
 			if err := clusterConfig.SetTenant(); err != nil {
 				logger.L().Error("failed setting account ID", helpers.Error(err))
 			}
@@ -77,9 +81,16 @@ func getKubernetesApi() *k8sinterface.KubernetesApi {
 	}
 	return k8sinterface.NewKubernetesApi()
 }
-func getTenantConfig(credentials *cautils.Credentials, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
+func getTenantConfig(credentials *cautils.Credentials, clusterName string, customClusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
 	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
-		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), credentials, clusterName)
+		return cautils.NewLocalConfig(getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
 	}
-	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), credentials, clusterName)
+	return cautils.NewClusterConfig(k8s, getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
+}
+
+// Check if the flag entered are valid
+func flagValidationSubmit(submitInfo *v1.Submit) error {
+
+	// Validate the user's credentials
+	return submitInfo.Credentials.Validate()
 }

cmd/submit/results.go

@@ -5,16 +5,16 @@ import (
 	"fmt"
 	"os"
 
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 	"github.com/google/uuid"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/v2/core/meta"
-	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	reporterv2 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v2"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
 
 	"github.com/spf13/cobra"
 )
@@ -54,6 +54,11 @@ func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 		Short: "Submit a pre scanned results file. The file must be in json format",
 		Long:  ``,
 		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if err := flagValidationSubmit(submitInfo); err != nil {
+				return err
+			}
+
 			if len(args) == 0 {
 				return fmt.Errorf("missing results file")
 			}
@@ -61,7 +66,7 @@ func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 			k8s := getKubernetesApi()
 
 			// get config
-			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", k8s)
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", "", k8s)
 			if err := clusterConfig.SetTenant(); err != nil {
 				logger.L().Error("failed setting account ID", helpers.Error(err))
 			}

cmd/submit/submit.go

@@ -1,8 +1,8 @@
 package submit
 
 import (
-	"github.com/armosec/kubescape/v2/core/meta"
-	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 

cmd/version/version.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/spf13/cobra"
 )
 

core/cautils/customerloader.go

@@ -5,13 +5,14 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"regexp"
 	"strings"
 
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	corev1 "k8s.io/api/core/v1"
 )
 
@@ -90,7 +91,7 @@ type LocalConfig struct {
 }
 
 func NewLocalConfig(
-	backendAPI getter.IBackend, credentials *Credentials, clusterName string) *LocalConfig {
+	backendAPI getter.IBackend, credentials *Credentials, clusterName string, customClusterName string) *LocalConfig {
 
 	lc := &LocalConfig{
 		backendAPI: backendAPI,
@@ -103,7 +104,10 @@ func NewLocalConfig(
 
 	updateCredentials(lc.configObj, credentials)
 
-	if clusterName != "" {
+	// If a custom cluster name is provided then set that name, else use the cluster's original name
+	if customClusterName != "" {
+		lc.configObj.ClusterName = AdoptCustomClusterName(customClusterName)
+	} else if clusterName != "" {
 		lc.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
 	}
 
@@ -124,7 +128,7 @@ func (lc *LocalConfig) GetToken() string         { return lc.configObj.Token }
 func (lc *LocalConfig) IsConfigFound() bool      { return existsConfigFile() }
 func (lc *LocalConfig) SetTenant() error {
 
-	// ARMO tenant GUID
+	// Kubescape Cloud tenant GUID
 	if err := getTenantConfigFromBE(lc.backendAPI, lc.configObj); err != nil {
 		return err
 	}
@@ -145,7 +149,7 @@ func (lc *LocalConfig) DeleteCachedConfig() error {
 
 func getTenantConfigFromBE(backendAPI getter.IBackend, configObj *ConfigObj) error {
 
-	// get from armoBE
+	// get from Kubescape Cloud API
 	tenantResponse, err := backendAPI.GetTenant()
 	if err == nil && tenantResponse != nil {
 		if tenantResponse.AdminMail != "" { // registered tenant
@@ -178,18 +182,18 @@ KS_ACCOUNT_ID
 KS_CLIENT_ID
 KS_SECRET_KEY
 
-TODO - supprot:
+TODO - support:
 KS_CACHE // path to cached files
 */
 type ClusterConfig struct {
+	backendAPI         getter.IBackend
 	k8s                *k8sinterface.KubernetesApi
+	configObj          *ConfigObj
 	configMapName      string
 	configMapNamespace string
-	backendAPI         getter.IBackend
-	configObj          *ConfigObj
 }
 
-func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, credentials *Credentials, clusterName string) *ClusterConfig {
+func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, credentials *Credentials, clusterName string, customClusterName string) *ClusterConfig {
 	// var configObj *ConfigObj
 	c := &ClusterConfig{
 		k8s:                k8s,
@@ -210,7 +214,10 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 	}
 	updateCredentials(c.configObj, credentials)
 
-	if clusterName != "" {
+	// If a custom cluster name is provided then set that name, else use the cluster's original name
+	if customClusterName != "" {
+		c.configObj.ClusterName = AdoptCustomClusterName(customClusterName)
+	} else if clusterName != "" {
 		c.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
 	}
 
@@ -467,8 +474,25 @@ func DeleteConfigFile() error {
 	return os.Remove(ConfigFileFullPath())
 }
 
+// To check if the custom cluster name is valid:
+func AdoptCustomClusterName(customClusterName string) string {
+	is_alphanumeric := regexp.MustCompile(`^[a-zA-Z0-9]*$`).MatchString(customClusterName)
+
+	// Check it does not contain special-characters
+	if is_alphanumeric == false {
+		logger.L().Fatal("custom cluster name cannot contain special characters")
+	} else if len(customClusterName) >= 256 { // Check it contains less than 256 characters
+		logger.L().Fatal("custom cluster name cannot contain more than 255 characters")
+	}
+	return customClusterName
+}
+
 func AdoptClusterName(clusterName string) string {
-	return strings.ReplaceAll(clusterName, "/", "-")
+	re, err := regexp.Compile(`[^\w]+`)
+	if err != nil {
+		return clusterName
+	}
+	return re.ReplaceAllString(clusterName, "-")
 }
 
 func getConfigMapName() string {

core/cautils/customerloader_test.go

@@ -191,3 +191,34 @@ func TestLoadConfigFromData(t *testing.T) {
 	}
 
 }
+
+func TestAdoptClusterName(t *testing.T) {
+	tests := []struct {
+		name        string
+		clusterName string
+		want        string
+	}{
+		{
+			name:        "replace 1",
+			clusterName: "my-name__is--ks",
+			want:        "my-name__is-ks",
+		},
+		{
+			name:        "replace 2",
+			clusterName: "my-name1",
+			want:        "my-name1",
+		},
+		{
+			name:        "replace 3",
+			clusterName: "my:name",
+			want:        "my-name",
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			if got := AdoptClusterName(tt.clusterName); got != tt.want {
+				t.Errorf("AdoptClusterName() = %v, want %v", got, tt.want)
+			}
+		})
+	}
+}

core/cautils/datastructures.go

@@ -2,27 +2,30 @@ package cautils
 
 import (
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/reporthandling"
-	apis "github.com/armosec/opa-utils/reporthandling/apis"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/opa-utils/reporthandling"
+	apis "github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/prioritization"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/resourcesresults"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 )
 
 // K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
 type K8SResources map[string][]string
-type ArmoResources map[string][]string
+type KSResources map[string][]string
 
 type OPASessionObj struct {
-	K8SResources          *K8SResources                          // input k8s objects
-	ArmoResource          *ArmoResources                         // input ARMO objects
-	Policies              []reporthandling.Framework             // list of frameworks to scan
-	AllResources          map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
-	ResourcesResult       map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
-	ResourceSource        map[string]reporthandling.Source       // resources sources, map[<rtesource ID>]<resource result>
-	Report                *reporthandlingv2.PostureReport        // scan results v2 - Remove
-	Exceptions            []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
-	RegoInputData         RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
+	K8SResources          *K8SResources                                 // input k8s objects
+	ArmoResource          *KSResources                                  // input ARMO objects
+	AllPolicies           *Policies                                     // list of all frameworks
+	Policies              []reporthandling.Framework                    // list of frameworks to scan
+	AllResources          map[string]workloadinterface.IMetadata        // all scanned resources, map[<resource ID>]<resource>
+	ResourcesResult       map[string]resourcesresults.Result            // resources scan results, map[<resource ID>]<resource result>
+	ResourceSource        map[string]reporthandling.Source              // resources sources, map[<resource ID>]<resource result>
+	ResourcesPrioritized  map[string]prioritization.PrioritizedResource // resources prioritization information, map[<resource ID>]<prioritized resource>
+	Report                *reporthandlingv2.PostureReport               // scan results v2 - Remove
+	Exceptions            []armotypes.PostureExceptionPolicy            // list of exceptions to apply on scan results
+	RegoInputData         RegoInputData                                 // input passed to rego for scanning. map[<control name>][<input arguments>]
 	Metadata              *reporthandlingv2.Metadata
 	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
 	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
@@ -36,6 +39,7 @@ func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SRe
 		K8SResources:          k8sResources,
 		AllResources:          make(map[string]workloadinterface.IMetadata),
 		ResourcesResult:       make(map[string]resourcesresults.Result),
+		ResourcesPrioritized:  make(map[string]prioritization.PrioritizedResource),
 		InfoMap:               make(map[string]apis.StatusInfo),
 		ResourceToControlsMap: make(map[string][]string),
 		ResourceSource:        make(map[string]reporthandling.Source),
@@ -44,13 +48,31 @@ func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SRe
 	}
 }
 
+func (sessionObj *OPASessionObj) SetMapNamespaceToNumberOfResources(mapNamespaceToNumberOfResources map[string]int) {
+	if sessionObj.Metadata.ContextMetadata.ClusterContextMetadata == nil {
+		sessionObj.Metadata.ContextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{}
+	}
+	if sessionObj.Metadata.ContextMetadata.ClusterContextMetadata.MapNamespaceToNumberOfResources == nil {
+		sessionObj.Metadata.ContextMetadata.ClusterContextMetadata.MapNamespaceToNumberOfResources = make(map[string]int)
+	}
+	sessionObj.Metadata.ContextMetadata.ClusterContextMetadata.MapNamespaceToNumberOfResources = mapNamespaceToNumberOfResources
+}
+
+func (sessionObj *OPASessionObj) SetNumberOfWorkerNodes(n int) {
+	if sessionObj.Metadata.ContextMetadata.ClusterContextMetadata == nil {
+		sessionObj.Metadata.ContextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{}
+	}
+	sessionObj.Metadata.ContextMetadata.ClusterContextMetadata.NumberOfWorkerNodes = n
+}
+
 func NewOPASessionObjMock() *OPASessionObj {
 	return &OPASessionObj{
-		Policies:        nil,
-		K8SResources:    nil,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
-		Report:          &reporthandlingv2.PostureReport{},
+		Policies:             nil,
+		K8SResources:         nil,
+		AllResources:         make(map[string]workloadinterface.IMetadata),
+		ResourcesResult:      make(map[string]resourcesresults.Result),
+		ResourcesPrioritized: make(map[string]prioritization.PrioritizedResource),
+		Report:               &reporthandlingv2.PostureReport{},
 		Metadata: &reporthandlingv2.Metadata{
 			ScanMetadata: reporthandlingv2.ScanMetadata{
 				ScanningTarget: 0,
@@ -77,6 +99,6 @@ type RegoInputData struct {
 }
 
 type Policies struct {
-	Frameworks []string
 	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
+	Frameworks []string
 }

core/cautils/datastructuresmethods.go

@@ -3,8 +3,8 @@ package cautils
 import (
 	"golang.org/x/mod/semver"
 
-	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/utils-go/boolutils"
+	"github.com/kubescape/opa-utils/reporthandling"
 )
 
 func NewPolicies() *Policies {
@@ -22,7 +22,7 @@ func (policies *Policies) Set(frameworks []reporthandling.Framework, version str
 		for j := range frameworks[i].Controls {
 			compatibleRules := []reporthandling.PolicyRule{}
 			for r := range frameworks[i].Controls[j].Rules {
-				if !ruleWithArmoOpaDependency(frameworks[i].Controls[j].Rules[r].Attributes) && isRuleKubescapeVersionCompatible(frameworks[i].Controls[j].Rules[r].Attributes, version) {
+				if !ruleWithKSOpaDependency(frameworks[i].Controls[j].Rules[r].Attributes) && isRuleKubescapeVersionCompatible(frameworks[i].Controls[j].Rules[r].Attributes, version) {
 					compatibleRules = append(compatibleRules, frameworks[i].Controls[j].Rules[r])
 				}
 			}
@@ -35,7 +35,7 @@ func (policies *Policies) Set(frameworks []reporthandling.Framework, version str
 	}
 }
 
-func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
+func ruleWithKSOpaDependency(attributes map[string]interface{}) bool {
 	if attributes == nil {
 		return false
 	}

core/cautils/environments.go

@@ -1,6 +1,6 @@
 package cautils
 
-// CA environment vars
+// Kubescape Cloud environment vars
 var (
 	CustomerGUID = ""
 	ClusterName  = ""

core/cautils/fileutils.go

@@ -8,12 +8,12 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/dwertent/go-logger/helpers"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/workloadinterface"
 
-	"github.com/armosec/opa-utils/objectsenvelopes"
-	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/opa-utils/objectsenvelopes"
+	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
 
 	"gopkg.in/yaml.v2"
 )
@@ -30,7 +30,7 @@ const (
 	JSON_FILE_FORMAT FileFormat = "json"
 )
 
-// LoadResourcesFromHelmCharts scans a given path (recuresively) for helm charts, renders the templates and returns a map of workloads and a map of chart names
+// LoadResourcesFromHelmCharts scans a given path (recursively) for helm charts, renders the templates and returns a map of workloads and a map of chart names
 func LoadResourcesFromHelmCharts(basePath string) (map[string][]workloadinterface.IMetadata, map[string]string) {
 	directories, _ := listDirs(basePath)
 	helmDirectories := make([]string, 0)
@@ -47,7 +47,7 @@ func LoadResourcesFromHelmCharts(basePath string) (map[string][]workloadinterfac
 		if err == nil {
 			wls, errs := chart.GetWorkloadsWithDefaultValues()
 			if len(errs) > 0 {
-				logger.L().Error(fmt.Sprintf("Rendering of Helm chart template failed: %v", errs))
+				logger.L().Error(fmt.Sprintf("Rendering of Helm chart template '%s', failed: %v", chart.GetName(), errs))
 				continue
 			}
 
@@ -61,6 +61,41 @@ func LoadResourcesFromHelmCharts(basePath string) (map[string][]workloadinterfac
 	return sourceToWorkloads, sourceToChartName
 }
 
+// If the contents at given path is a Kustomize Directory, LoadResourcesFromKustomizeDirectory will
+// generate yaml files using "Kustomize" & renders a map of workloads from those yaml files
+func LoadResourcesFromKustomizeDirectory(basePath string) (map[string][]workloadinterface.IMetadata, string) {
+	isKustomizeDirectory := IsKustomizeDirectory(basePath)
+	isKustomizeFile := IsKustomizeFile(basePath)
+	if ok := isKustomizeDirectory || isKustomizeFile; !ok {
+		return nil, ""
+	}
+
+	sourceToWorkloads := map[string][]workloadinterface.IMetadata{}
+	kustomizeDirectory := NewKustomizeDirectory(basePath)
+
+	var newBasePath string
+
+	if isKustomizeFile {
+		newBasePath = filepath.Dir(basePath)
+		logger.L().Info("Kustomize File Detected, Scanning the rendered Kubernetes Objects...")
+	} else {
+		newBasePath = basePath
+		logger.L().Info("Kustomize Directory Detected, Scanning the rendered Kubernetes Objects...")
+	}
+
+	wls, errs := kustomizeDirectory.GetWorkloads(newBasePath)
+	kustomizeDirectoryName := GetKustomizeDirectoryName(newBasePath)
+
+	if len(errs) > 0 {
+		logger.L().Error(fmt.Sprintf("Rendering yaml from Kustomize failed: %v", errs))
+	}
+
+	for k, v := range wls {
+		sourceToWorkloads[k] = v
+	}
+	return sourceToWorkloads, kustomizeDirectoryName
+}
+
 func LoadResourcesFromFiles(input, rootPath string) map[string][]workloadinterface.IMetadata {
 	files, errs := listFiles(input)
 	if len(errs) > 0 {
@@ -190,8 +225,10 @@ func readYamlFile(yamlFile []byte) ([]workloadinterface.IMetadata, error) {
 		}
 		if obj, ok := j.(map[string]interface{}); ok {
 			if o := objectsenvelopes.NewObject(obj); o != nil {
-				if o.GetKind() == "List" {
-					yamlObjs = append(yamlObjs, handleListObject(o)...)
+				if o.GetObjectType() == workloadinterface.TypeListWorkloads {
+					if list := workloadinterface.NewListWorkloadsObj(o.GetObject()); list != nil {
+						yamlObjs = append(yamlObjs, list.GetItems()...)
+					}
 				} else {
 					yamlObjs = append(yamlObjs, o)
 				}
@@ -260,7 +297,7 @@ func glob(root, pattern string, onlyDirectories bool) ([]string, error) {
 			return err
 		}
 
-		// listing only directotries
+		// listing only directories
 		if onlyDirectories {
 			if info.IsDir() {
 				if matched, err := filepath.Match(pattern, filepath.Base(path)); err != nil {
@@ -323,20 +360,3 @@ func GetFileFormat(filePath string) FileFormat {
 		return FileFormat(filePath)
 	}
 }
-
-// handleListObject handle a List manifest
-func handleListObject(obj workloadinterface.IMetadata) []workloadinterface.IMetadata {
-	yamlObjs := []workloadinterface.IMetadata{}
-	if i, ok := workloadinterface.InspectMap(obj.GetObject(), "items"); ok && i != nil {
-		if items, ok := i.([]interface{}); ok && items != nil {
-			for item := range items {
-				if m, ok := items[item].(map[string]interface{}); ok && m != nil {
-					if o := objectsenvelopes.NewObject(m); o != nil {
-						yamlObjs = append(yamlObjs, o)
-					}
-				}
-			}
-		}
-	}
-	return yamlObjs
-}

core/cautils/fileutils_test.go

@@ -6,7 +6,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
 	"github.com/stretchr/testify/assert"
 )
 

core/cautils/getter/armoapi.go

@@ -1,371 +0,0 @@
-package getter
-
-import (
-	"bytes"
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"strings"
-	"time"
-
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/opa-utils/reporthandling"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
-)
-
-// =======================================================================================================================
-// =============================================== ArmoAPI ===============================================================
-// =======================================================================================================================
-
-var (
-	// ATTENTION!!!
-	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFUL
-	armoERURL   = "report.armo.cloud"
-	armoBEURL   = "api.armosec.io"
-	armoFEURL   = "cloud.armosec.io"
-	armoAUTHURL = "auth.armosec.io"
-
-	armoStageERURL   = "report-ks.eustage2.cyberarmorsoft.com"
-	armoStageBEURL   = "api-stage.armosec.io"
-	armoStageFEURL   = "armoui-stage.armosec.io"
-	armoStageAUTHURL = "eggauth-stage.armosec.io"
-
-	armoDevERURL   = "report.eudev3.cyberarmorsoft.com"
-	armoDevBEURL   = "api-dev.armosec.io"
-	armoDevFEURL   = "cloud-dev.armosec.io"
-	armoDevAUTHURL = "eggauth-dev.armosec.io"
-)
-
-// Armo API for downloading policies
-type ArmoAPI struct {
-	httpClient *http.Client
-	apiURL     string
-	authURL    string
-	erURL      string
-	feURL      string
-	accountID  string
-	clientID   string
-	secretKey  string
-	feToken    FeLoginResponse
-	authCookie string
-	loggedIn   bool
-}
-
-var globalArmoAPIConnector *ArmoAPI
-
-func SetARMOAPIConnector(armoAPI *ArmoAPI) {
-	logger.L().Debug("Armo URLs", helpers.String("api", armoAPI.apiURL), helpers.String("auth", armoAPI.authURL), helpers.String("report", armoAPI.erURL), helpers.String("UI", armoAPI.feURL))
-	globalArmoAPIConnector = armoAPI
-}
-
-func GetArmoAPIConnector() *ArmoAPI {
-	if globalArmoAPIConnector == nil {
-		// logger.L().Error("returning nil API connector")
-		SetARMOAPIConnector(NewARMOAPIProd())
-	}
-	return globalArmoAPIConnector
-}
-
-func NewARMOAPIDev() *ArmoAPI {
-	apiObj := newArmoAPI()
-
-	apiObj.apiURL = armoDevBEURL
-	apiObj.authURL = armoDevAUTHURL
-	apiObj.erURL = armoDevERURL
-	apiObj.feURL = armoDevFEURL
-
-	return apiObj
-}
-
-func NewARMOAPIProd() *ArmoAPI {
-	apiObj := newArmoAPI()
-
-	apiObj.apiURL = armoBEURL
-	apiObj.erURL = armoERURL
-	apiObj.feURL = armoFEURL
-	apiObj.authURL = armoAUTHURL
-
-	return apiObj
-}
-
-func NewARMOAPIStaging() *ArmoAPI {
-	apiObj := newArmoAPI()
-
-	apiObj.apiURL = armoStageBEURL
-	apiObj.erURL = armoStageERURL
-	apiObj.feURL = armoStageFEURL
-	apiObj.authURL = armoStageAUTHURL
-
-	return apiObj
-}
-
-func NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL string) *ArmoAPI {
-	apiObj := newArmoAPI()
-
-	apiObj.erURL = armoERURL
-	apiObj.apiURL = armoBEURL
-	apiObj.feURL = armoFEURL
-	apiObj.authURL = armoAUTHURL
-
-	return apiObj
-}
-
-func newArmoAPI() *ArmoAPI {
-	return &ArmoAPI{
-		httpClient: &http.Client{Timeout: time.Duration(61) * time.Second},
-		loggedIn:   false,
-	}
-}
-
-func (armoAPI *ArmoAPI) Post(fullURL string, headers map[string]string, body []byte) (string, error) {
-	if headers == nil {
-		headers = make(map[string]string)
-	}
-	armoAPI.appendAuthHeaders(headers)
-	return HttpPost(armoAPI.httpClient, fullURL, headers, body)
-}
-
-func (armoAPI *ArmoAPI) Delete(fullURL string, headers map[string]string) (string, error) {
-	if headers == nil {
-		headers = make(map[string]string)
-	}
-	armoAPI.appendAuthHeaders(headers)
-	return HttpDelete(armoAPI.httpClient, fullURL, headers)
-}
-func (armoAPI *ArmoAPI) Get(fullURL string, headers map[string]string) (string, error) {
-	if headers == nil {
-		headers = make(map[string]string)
-	}
-	armoAPI.appendAuthHeaders(headers)
-	return HttpGetter(armoAPI.httpClient, fullURL, headers)
-}
-
-func (armoAPI *ArmoAPI) GetAccountID() string          { return armoAPI.accountID }
-func (armoAPI *ArmoAPI) IsLoggedIn() bool              { return armoAPI.loggedIn }
-func (armoAPI *ArmoAPI) GetClientID() string           { return armoAPI.clientID }
-func (armoAPI *ArmoAPI) GetSecretKey() string          { return armoAPI.secretKey }
-func (armoAPI *ArmoAPI) GetFrontendURL() string        { return armoAPI.feURL }
-func (armoAPI *ArmoAPI) GetApiURL() string             { return armoAPI.apiURL }
-func (armoAPI *ArmoAPI) GetAuthURL() string            { return armoAPI.authURL }
-func (armoAPI *ArmoAPI) GetReportReceiverURL() string  { return armoAPI.erURL }
-func (armoAPI *ArmoAPI) SetAccountID(accountID string) { armoAPI.accountID = accountID }
-func (armoAPI *ArmoAPI) SetClientID(clientID string)   { armoAPI.clientID = clientID }
-func (armoAPI *ArmoAPI) SetSecretKey(secretKey string) { armoAPI.secretKey = secretKey }
-
-func (armoAPI *ArmoAPI) GetFramework(name string) (*reporthandling.Framework, error) {
-	respStr, err := armoAPI.Get(armoAPI.getFrameworkURL(name), nil)
-	if err != nil {
-		return nil, nil
-	}
-
-	framework := &reporthandling.Framework{}
-	if err = JSONDecoder(respStr).Decode(framework); err != nil {
-		return nil, err
-	}
-
-	return framework, err
-}
-
-func (armoAPI *ArmoAPI) GetFrameworks() ([]reporthandling.Framework, error) {
-	respStr, err := armoAPI.Get(armoAPI.getListFrameworkURL(), nil)
-	if err != nil {
-		return nil, nil
-	}
-
-	frameworks := []reporthandling.Framework{}
-	if err = JSONDecoder(respStr).Decode(&frameworks); err != nil {
-		return nil, err
-	}
-	// SaveInFile(framework, GetDefaultPath(name+".json"))
-
-	return frameworks, err
-}
-
-func (armoAPI *ArmoAPI) GetControl(policyName string) (*reporthandling.Control, error) {
-	return nil, fmt.Errorf("control api is not public")
-}
-
-func (armoAPI *ArmoAPI) GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error) {
-	exceptions := []armotypes.PostureExceptionPolicy{}
-
-	respStr, err := armoAPI.Get(armoAPI.getExceptionsURL(clusterName), nil)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = JSONDecoder(respStr).Decode(&exceptions); err != nil {
-		return nil, err
-	}
-
-	return exceptions, nil
-}
-
-func (armoAPI *ArmoAPI) GetTenant() (*TenantResponse, error) {
-	url := armoAPI.getAccountURL()
-	if armoAPI.accountID != "" {
-		url = fmt.Sprintf("%s?customerGUID=%s", url, armoAPI.accountID)
-	}
-	respStr, err := armoAPI.Get(url, nil)
-	if err != nil {
-		return nil, err
-	}
-	tenant := &TenantResponse{}
-	if err = JSONDecoder(respStr).Decode(tenant); err != nil {
-		return nil, err
-	}
-	if tenant.TenantID != "" {
-		armoAPI.accountID = tenant.TenantID
-	}
-	return tenant, nil
-}
-
-// ControlsInputs  // map[<control name>][<input arguments>]
-func (armoAPI *ArmoAPI) GetAccountConfig(clusterName string) (*armotypes.CustomerConfig, error) {
-	accountConfig := &armotypes.CustomerConfig{}
-	if armoAPI.accountID == "" {
-		return accountConfig, nil
-	}
-	respStr, err := armoAPI.Get(armoAPI.getAccountConfig(clusterName), nil)
-	if err != nil {
-		return nil, err
-	}
-
-	if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
-		// try with default scope
-		respStr, err = armoAPI.Get(armoAPI.getAccountConfigDefault(clusterName), nil)
-		if err != nil {
-			return nil, err
-		}
-		if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
-			return nil, err
-		}
-	}
-
-	return accountConfig, nil
-}
-
-// ControlsInputs  // map[<control name>][<input arguments>]
-func (armoAPI *ArmoAPI) GetControlsInputs(clusterName string) (map[string][]string, error) {
-	accountConfig, err := armoAPI.GetAccountConfig(clusterName)
-	if err == nil {
-		return accountConfig.Settings.PostureControlInputs, nil
-	}
-	return nil, err
-}
-
-func (armoAPI *ArmoAPI) ListCustomFrameworks() ([]string, error) {
-	respStr, err := armoAPI.Get(armoAPI.getListFrameworkURL(), nil)
-	if err != nil {
-		return nil, err
-	}
-	frs := []reporthandling.Framework{}
-	if err = json.Unmarshal([]byte(respStr), &frs); err != nil {
-		return nil, err
-	}
-
-	frameworkList := []string{}
-	for _, fr := range frs {
-		if !isNativeFramework(fr.Name) {
-			frameworkList = append(frameworkList, fr.Name)
-		}
-	}
-
-	return frameworkList, nil
-}
-
-func (armoAPI *ArmoAPI) ListFrameworks() ([]string, error) {
-	respStr, err := armoAPI.Get(armoAPI.getListFrameworkURL(), nil)
-	if err != nil {
-		return nil, err
-	}
-	frs := []reporthandling.Framework{}
-	if err = json.Unmarshal([]byte(respStr), &frs); err != nil {
-		return nil, err
-	}
-
-	frameworkList := []string{}
-	for _, fr := range frs {
-		if isNativeFramework(fr.Name) {
-			frameworkList = append(frameworkList, strings.ToLower(fr.Name))
-		} else {
-			frameworkList = append(frameworkList, fr.Name)
-		}
-	}
-
-	return frameworkList, nil
-}
-
-func (armoAPI *ArmoAPI) ListControls(l ListType) ([]string, error) {
-	return nil, fmt.Errorf("control api is not public")
-}
-
-func (armoAPI *ArmoAPI) PostExceptions(exceptions []armotypes.PostureExceptionPolicy) error {
-
-	for i := range exceptions {
-		ex, err := json.Marshal(exceptions[i])
-		if err != nil {
-			return err
-		}
-		_, err = armoAPI.Post(armoAPI.exceptionsURL(""), map[string]string{"Content-Type": "application/json"}, ex)
-		if err != nil {
-			return err
-		}
-	}
-	return nil
-}
-
-func (armoAPI *ArmoAPI) DeleteException(exceptionName string) error {
-
-	_, err := armoAPI.Delete(armoAPI.exceptionsURL(exceptionName), nil)
-	if err != nil {
-		return err
-	}
-	return nil
-}
-func (armoAPI *ArmoAPI) Login() error {
-	if armoAPI.accountID == "" {
-		return fmt.Errorf("failed to login, missing accountID")
-	}
-	if armoAPI.clientID == "" {
-		return fmt.Errorf("failed to login, missing clientID")
-	}
-	if armoAPI.secretKey == "" {
-		return fmt.Errorf("failed to login, missing secretKey")
-	}
-
-	// init URLs
-	feLoginData := FeLoginData{ClientId: armoAPI.clientID, Secret: armoAPI.secretKey}
-	body, _ := json.Marshal(feLoginData)
-
-	resp, err := http.Post(armoAPI.getApiToken(), "application/json", bytes.NewBuffer(body))
-	if err != nil {
-		return err
-	}
-	defer resp.Body.Close()
-
-	if resp.StatusCode != http.StatusOK {
-		return fmt.Errorf("error authenticating: %d", resp.StatusCode)
-	}
-
-	responseBody, err := ioutil.ReadAll(resp.Body)
-	if err != nil {
-		return err
-	}
-	var feLoginResponse FeLoginResponse
-
-	if err = json.Unmarshal(responseBody, &feLoginResponse); err != nil {
-		return err
-	}
-	armoAPI.feToken = feLoginResponse
-
-	/* Now we have JWT */
-
-	armoAPI.authCookie, err = armoAPI.getAuthCookie()
-	if err != nil {
-		return err
-	}
-	armoAPI.loggedIn = true
-	return nil
-}

core/cautils/getter/datastructures.go

@@ -8,11 +8,11 @@ type FeLoginData struct {
 type FeLoginResponse struct {
 	Token        string `json:"accessToken"`
 	RefreshToken string `json:"refreshToken"`
-	ExpiresIn    int32  `json:"expiresIn"`
 	Expires      string `json:"expires"`
+	ExpiresIn    int32  `json:"expiresIn"`
 }
 
-type ArmoSelectCustomer struct {
+type KSCloudSelectCustomer struct {
 	SelectedCustomerGuid string `json:"selectedCustomer"`
 }
 

core/cautils/getter/downloadreleasedpolicy.go

@@ -3,8 +3,9 @@ package getter
 import (
 	"strings"
 
-	"github.com/armosec/opa-utils/gitregostore"
-	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/gitregostore"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 )
 
 // =======================================================================================================================
@@ -70,6 +71,14 @@ func (drp *DownloadReleasedPolicy) GetControlsInputs(clusterName string) (map[st
 	return defaultConfigInputs.Settings.PostureControlInputs, err
 }
 
+func (drp *DownloadReleasedPolicy) GetAttackTracks() ([]v1alpha1.AttackTrack, error) {
+	attackTracks, err := drp.gs.GetAttackTracks()
+	if err != nil {
+		return nil, err
+	}
+	return attackTracks, err
+}
+
 func (drp *DownloadReleasedPolicy) SetRegoObjects() error {
 	fwNames, err := drp.gs.GetOPAFrameworksNamesList()
 	if len(fwNames) != 0 && err == nil {

core/cautils/getter/getpolicies.go

@@ -2,7 +2,8 @@ package getter
 
 import (
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 )
 
 // supported listing
@@ -38,3 +39,7 @@ type IBackend interface {
 type IControlsInputsGetter interface {
 	GetControlsInputs(clusterName string) (map[string][]string, error)
 }
+
+type IAttackTracksGetter interface {
+	GetAttackTracks() ([]v1alpha1.AttackTrack, error)
+}

core/cautils/getter/kscloudapi.go

@@ -0,0 +1,378 @@
+package getter
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/armosec/armoapi-go/armotypes"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
+)
+
+var (
+	ksCloudERURL   = "report.armo.cloud"
+	ksCloudBEURL   = "api.armosec.io"
+	ksCloudFEURL   = "cloud.armosec.io"
+	ksCloudAUTHURL = "auth.armosec.io"
+
+	ksCloudStageERURL   = "report-ks.eustage2.cyberarmorsoft.com"
+	ksCloudStageBEURL   = "api-stage.armosec.io"
+	ksCloudStageFEURL   = "armoui-stage.armosec.io"
+	ksCloudStageAUTHURL = "eggauth-stage.armosec.io"
+
+	ksCloudDevERURL   = "report.eudev3.cyberarmorsoft.com"
+	ksCloudDevBEURL   = "api-dev.armosec.io"
+	ksCloudDevFEURL   = "cloud-dev.armosec.io"
+	ksCloudDevAUTHURL = "eggauth-dev.armosec.io"
+)
+
+// KSCloudAPI allows accessing the API of the Kubescape Cloud offering
+type KSCloudAPI struct {
+	httpClient *http.Client
+	apiURL     string
+	authURL    string
+	erURL      string
+	feURL      string
+	accountID  string
+	clientID   string
+	secretKey  string
+	authCookie string
+	feToken    FeLoginResponse
+	loggedIn   bool
+}
+
+var globalKSCloudAPIConnector *KSCloudAPI
+
+func SetKSCloudAPIConnector(ksCloudAPI *KSCloudAPI) {
+	logger.L().Debug("Kubescape Cloud URLs", helpers.String("api", ksCloudAPI.apiURL), helpers.String("auth", ksCloudAPI.authURL), helpers.String("report", ksCloudAPI.erURL), helpers.String("UI", ksCloudAPI.feURL))
+	globalKSCloudAPIConnector = ksCloudAPI
+}
+
+func GetKSCloudAPIConnector() *KSCloudAPI {
+	if globalKSCloudAPIConnector == nil {
+		SetKSCloudAPIConnector(NewKSCloudAPIProd())
+	}
+	return globalKSCloudAPIConnector
+}
+
+func NewKSCloudAPIDev() *KSCloudAPI {
+	apiObj := newKSCloudAPI()
+
+	apiObj.apiURL = ksCloudDevBEURL
+	apiObj.authURL = ksCloudDevAUTHURL
+	apiObj.erURL = ksCloudDevERURL
+	apiObj.feURL = ksCloudDevFEURL
+
+	return apiObj
+}
+
+func NewKSCloudAPIProd() *KSCloudAPI {
+	apiObj := newKSCloudAPI()
+
+	apiObj.apiURL = ksCloudBEURL
+	apiObj.erURL = ksCloudERURL
+	apiObj.feURL = ksCloudFEURL
+	apiObj.authURL = ksCloudAUTHURL
+
+	return apiObj
+}
+
+func NewKSCloudAPIStaging() *KSCloudAPI {
+	apiObj := newKSCloudAPI()
+
+	apiObj.apiURL = ksCloudStageBEURL
+	apiObj.erURL = ksCloudStageERURL
+	apiObj.feURL = ksCloudStageFEURL
+	apiObj.authURL = ksCloudStageAUTHURL
+
+	return apiObj
+}
+
+func NewKSCloudAPICustomized(ksCloudERURL, ksCloudBEURL, ksCloudFEURL, ksCloudAUTHURL string) *KSCloudAPI {
+	apiObj := newKSCloudAPI()
+
+	apiObj.erURL = ksCloudERURL
+	apiObj.apiURL = ksCloudBEURL
+	apiObj.feURL = ksCloudFEURL
+	apiObj.authURL = ksCloudAUTHURL
+
+	return apiObj
+}
+
+func newKSCloudAPI() *KSCloudAPI {
+	return &KSCloudAPI{
+		httpClient: &http.Client{Timeout: time.Duration(61) * time.Second},
+		loggedIn:   false,
+	}
+}
+
+func (api *KSCloudAPI) Post(fullURL string, headers map[string]string, body []byte) (string, error) {
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+	api.appendAuthHeaders(headers)
+	return HttpPost(api.httpClient, fullURL, headers, body)
+}
+
+func (api *KSCloudAPI) Delete(fullURL string, headers map[string]string) (string, error) {
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+	api.appendAuthHeaders(headers)
+	return HttpDelete(api.httpClient, fullURL, headers)
+}
+func (api *KSCloudAPI) Get(fullURL string, headers map[string]string) (string, error) {
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+	api.appendAuthHeaders(headers)
+	return HttpGetter(api.httpClient, fullURL, headers)
+}
+
+func (api *KSCloudAPI) GetAccountID() string          { return api.accountID }
+func (api *KSCloudAPI) IsLoggedIn() bool              { return api.loggedIn }
+func (api *KSCloudAPI) GetClientID() string           { return api.clientID }
+func (api *KSCloudAPI) GetSecretKey() string          { return api.secretKey }
+func (api *KSCloudAPI) GetFrontendURL() string        { return api.feURL }
+func (api *KSCloudAPI) GetApiURL() string             { return api.apiURL }
+func (api *KSCloudAPI) GetAuthURL() string            { return api.authURL }
+func (api *KSCloudAPI) GetReportReceiverURL() string  { return api.erURL }
+func (api *KSCloudAPI) SetAccountID(accountID string) { api.accountID = accountID }
+func (api *KSCloudAPI) SetClientID(clientID string)   { api.clientID = clientID }
+func (api *KSCloudAPI) SetSecretKey(secretKey string) { api.secretKey = secretKey }
+
+func (api *KSCloudAPI) GetAttackTracks() ([]v1alpha1.AttackTrack, error) {
+	respStr, err := api.Get(api.getAttackTracksURL(), nil)
+	if err != nil {
+		return nil, nil
+	}
+
+	attackTracks := []v1alpha1.AttackTrack{}
+	if err = JSONDecoder(respStr).Decode(&attackTracks); err != nil {
+		return nil, err
+	}
+
+	return attackTracks, err
+}
+
+func (api *KSCloudAPI) GetFramework(name string) (*reporthandling.Framework, error) {
+	respStr, err := api.Get(api.getFrameworkURL(name), nil)
+	if err != nil {
+		return nil, nil
+	}
+
+	framework := &reporthandling.Framework{}
+	if err = JSONDecoder(respStr).Decode(framework); err != nil {
+		return nil, err
+	}
+
+	return framework, err
+}
+
+func (api *KSCloudAPI) GetFrameworks() ([]reporthandling.Framework, error) {
+	respStr, err := api.Get(api.getListFrameworkURL(), nil)
+	if err != nil {
+		return nil, nil
+	}
+
+	frameworks := []reporthandling.Framework{}
+	if err = JSONDecoder(respStr).Decode(&frameworks); err != nil {
+		return nil, err
+	}
+
+	return frameworks, err
+}
+
+func (api *KSCloudAPI) GetControl(policyName string) (*reporthandling.Control, error) {
+	return nil, fmt.Errorf("control api is not public")
+}
+
+func (api *KSCloudAPI) GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error) {
+	exceptions := []armotypes.PostureExceptionPolicy{}
+
+	respStr, err := api.Get(api.getExceptionsURL(clusterName), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = JSONDecoder(respStr).Decode(&exceptions); err != nil {
+		return nil, err
+	}
+
+	return exceptions, nil
+}
+
+func (api *KSCloudAPI) GetTenant() (*TenantResponse, error) {
+	url := api.getAccountURL()
+	if api.accountID != "" {
+		url = fmt.Sprintf("%s?customerGUID=%s", url, api.accountID)
+	}
+	respStr, err := api.Get(url, nil)
+	if err != nil {
+		return nil, err
+	}
+	tenant := &TenantResponse{}
+	if err = JSONDecoder(respStr).Decode(tenant); err != nil {
+		return nil, err
+	}
+	if tenant.TenantID != "" {
+		api.accountID = tenant.TenantID
+	}
+	return tenant, nil
+}
+
+// ControlsInputs  // map[<control name>][<input arguments>]
+func (api *KSCloudAPI) GetAccountConfig(clusterName string) (*armotypes.CustomerConfig, error) {
+	accountConfig := &armotypes.CustomerConfig{}
+	if api.accountID == "" {
+		return accountConfig, nil
+	}
+	respStr, err := api.Get(api.getAccountConfig(clusterName), nil)
+	if err != nil {
+		return nil, err
+	}
+
+	if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
+		// try with default scope
+		respStr, err = api.Get(api.getAccountConfigDefault(clusterName), nil)
+		if err != nil {
+			return nil, err
+		}
+		if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
+			return nil, err
+		}
+	}
+
+	return accountConfig, nil
+}
+
+// ControlsInputs  // map[<control name>][<input arguments>]
+func (api *KSCloudAPI) GetControlsInputs(clusterName string) (map[string][]string, error) {
+	accountConfig, err := api.GetAccountConfig(clusterName)
+	if err == nil {
+		return accountConfig.Settings.PostureControlInputs, nil
+	}
+	return nil, err
+}
+
+func (api *KSCloudAPI) ListCustomFrameworks() ([]string, error) {
+	respStr, err := api.Get(api.getListFrameworkURL(), nil)
+	if err != nil {
+		return nil, err
+	}
+	frs := []reporthandling.Framework{}
+	if err = json.Unmarshal([]byte(respStr), &frs); err != nil {
+		return nil, err
+	}
+
+	frameworkList := []string{}
+	for _, fr := range frs {
+		if !isNativeFramework(fr.Name) {
+			frameworkList = append(frameworkList, fr.Name)
+		}
+	}
+
+	return frameworkList, nil
+}
+
+func (api *KSCloudAPI) ListFrameworks() ([]string, error) {
+	respStr, err := api.Get(api.getListFrameworkURL(), nil)
+	if err != nil {
+		return nil, err
+	}
+	frs := []reporthandling.Framework{}
+	if err = json.Unmarshal([]byte(respStr), &frs); err != nil {
+		return nil, err
+	}
+
+	frameworkList := []string{}
+	for _, fr := range frs {
+		if isNativeFramework(fr.Name) {
+			frameworkList = append(frameworkList, strings.ToLower(fr.Name))
+		} else {
+			frameworkList = append(frameworkList, fr.Name)
+		}
+	}
+
+	return frameworkList, nil
+}
+
+func (api *KSCloudAPI) ListControls(l ListType) ([]string, error) {
+	return nil, fmt.Errorf("control api is not public")
+}
+
+func (api *KSCloudAPI) PostExceptions(exceptions []armotypes.PostureExceptionPolicy) error {
+
+	for i := range exceptions {
+		ex, err := json.Marshal(exceptions[i])
+		if err != nil {
+			return err
+		}
+		_, err = api.Post(api.exceptionsURL(""), map[string]string{"Content-Type": "application/json"}, ex)
+		if err != nil {
+			return err
+		}
+	}
+	return nil
+}
+
+func (api *KSCloudAPI) DeleteException(exceptionName string) error {
+
+	_, err := api.Delete(api.exceptionsURL(exceptionName), nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+func (api *KSCloudAPI) Login() error {
+	if api.accountID == "" {
+		return fmt.Errorf("failed to login, missing accountID")
+	}
+	if api.clientID == "" {
+		return fmt.Errorf("failed to login, missing clientID")
+	}
+	if api.secretKey == "" {
+		return fmt.Errorf("failed to login, missing secretKey")
+	}
+
+	// init URLs
+	feLoginData := FeLoginData{ClientId: api.clientID, Secret: api.secretKey}
+	body, _ := json.Marshal(feLoginData)
+
+	resp, err := http.Post(api.getApiToken(), "application/json", bytes.NewBuffer(body))
+	if err != nil {
+		return err
+	}
+	defer resp.Body.Close()
+
+	if resp.StatusCode != http.StatusOK {
+		return fmt.Errorf("error authenticating: %d", resp.StatusCode)
+	}
+
+	responseBody, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return err
+	}
+	var feLoginResponse FeLoginResponse
+
+	if err = json.Unmarshal(responseBody, &feLoginResponse); err != nil {
+		return err
+	}
+	api.feToken = feLoginResponse
+
+	/* Now we have JWT */
+
+	api.authCookie, err = api.getAuthCookie()
+	if err != nil {
+		return err
+	}
+	api.loggedIn = true
+	return nil
+}

core/cautils/getter/kscloudapiutils.go

@@ -11,12 +11,12 @@ import (
 
 var NativeFrameworks = []string{"nsa", "mitre", "armobest", "devopsbest"}
 
-func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
+func (api *KSCloudAPI) getFrameworkURL(frameworkName string) string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
-	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
 	if isNativeFramework(frameworkName) {
 		q.Add("frameworkName", strings.ToUpper(frameworkName))
 	} else {
@@ -28,23 +28,34 @@ func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 	return u.String()
 }
 
-func (armoAPI *ArmoAPI) getListFrameworkURL() string {
+func (api *KSCloudAPI) getAttackTracksURL() string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
-	u.Path = "api/v1/armoFrameworks"
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
+	u.Path = "api/v1/attackTracks"
 	q := u.Query()
-	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
 	u.RawQuery = q.Encode()
 
 	return u.String()
 }
-func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
+
+func (api *KSCloudAPI) getListFrameworkURL() string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
+	u.Path = "api/v1/armoFrameworks"
+	q := u.Query()
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+func (api *KSCloudAPI) getExceptionsURL(clusterName string) string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
 	u.Path = "api/v1/armoPostureExceptions"
 
 	q := u.Query()
-	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
 	// if clusterName != "" { // TODO - fix customer name support in Armo BE
 	// 	q.Add("clusterName", clusterName)
 	// }
@@ -53,13 +64,13 @@ func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 	return u.String()
 }
 
-func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
+func (api *KSCloudAPI) exceptionsURL(exceptionsPolicyName string) string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
 	u.Path = "api/v1/postureExceptionPolicy"
 
 	q := u.Query()
-	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
 	if exceptionsPolicyName != "" { // for delete
 		q.Add("policyName", exceptionsPolicyName)
 	}
@@ -69,19 +80,19 @@ func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	return u.String()
 }
 
-func (armoAPI *ArmoAPI) getAccountConfigDefault(clusterName string) string {
-	config := armoAPI.getAccountConfig(clusterName)
+func (api *KSCloudAPI) getAccountConfigDefault(clusterName string) string {
+	config := api.getAccountConfig(clusterName)
 	url := config + "&scope=customer"
 	return url
 }
 
-func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
+func (api *KSCloudAPI) getAccountConfig(clusterName string) string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
 	u.Path = "api/v1/armoCustomerConfiguration"
 
 	q := u.Query()
-	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
 	if clusterName != "" { // TODO - fix customer name support in Armo BE
 		q.Add("clusterName", clusterName)
 	}
@@ -90,49 +101,49 @@ func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 	return u.String()
 }
 
-func (armoAPI *ArmoAPI) getAccountURL() string {
+func (api *KSCloudAPI) getAccountURL() string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
 	u.Path = "api/v1/createTenant"
 	return u.String()
 }
 
-func (armoAPI *ArmoAPI) getApiToken() string {
+func (api *KSCloudAPI) getApiToken() string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetAuthURL())
+	u.Scheme, u.Host = parseHost(api.GetAuthURL())
 	u.Path = "identity/resources/auth/v1/api-token"
 	return u.String()
 }
 
-func (armoAPI *ArmoAPI) getOpenidCustomers() string {
+func (api *KSCloudAPI) getOpenidCustomers() string {
 	u := url.URL{}
-	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
+	u.Scheme, u.Host = parseHost(api.GetApiURL())
 	u.Path = "api/v1/openid_customers"
 	return u.String()
 }
 
-func (armoAPI *ArmoAPI) getAuthCookie() (string, error) {
-	selectCustomer := ArmoSelectCustomer{SelectedCustomerGuid: armoAPI.accountID}
+func (api *KSCloudAPI) getAuthCookie() (string, error) {
+	selectCustomer := KSCloudSelectCustomer{SelectedCustomerGuid: api.accountID}
 	requestBody, _ := json.Marshal(selectCustomer)
 	client := &http.Client{}
-	httpRequest, err := http.NewRequest(http.MethodPost, armoAPI.getOpenidCustomers(), bytes.NewBuffer(requestBody))
+	httpRequest, err := http.NewRequest(http.MethodPost, api.getOpenidCustomers(), bytes.NewBuffer(requestBody))
 	if err != nil {
 		return "", err
 	}
 	httpRequest.Header.Set("Content-Type", "application/json")
-	httpRequest.Header.Set("Authorization", fmt.Sprintf("Bearer %s", armoAPI.feToken.Token))
+	httpRequest.Header.Set("Authorization", fmt.Sprintf("Bearer %s", api.feToken.Token))
 	httpResponse, err := client.Do(httpRequest)
 	if err != nil {
 		return "", err
 	}
 	defer httpResponse.Body.Close()
 	if httpResponse.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("failed to get cookie from %s: status %d", armoAPI.getOpenidCustomers(), httpResponse.StatusCode)
+		return "", fmt.Errorf("failed to get cookie from %s: status %d", api.getOpenidCustomers(), httpResponse.StatusCode)
 	}
 
 	cookies := httpResponse.Header.Get("set-cookie")
 	if len(cookies) == 0 {
-		return "", fmt.Errorf("no cookie field in response from %s", armoAPI.getOpenidCustomers())
+		return "", fmt.Errorf("no cookie field in response from %s", api.getOpenidCustomers())
 	}
 
 	authCookie := ""
@@ -144,24 +155,24 @@ func (armoAPI *ArmoAPI) getAuthCookie() (string, error) {
 	}
 
 	if len(authCookie) == 0 {
-		return "", fmt.Errorf("no auth cookie field in response from %s", armoAPI.getOpenidCustomers())
+		return "", fmt.Errorf("no auth cookie field in response from %s", api.getOpenidCustomers())
 	}
 
 	return authCookie, nil
 }
-func (armoAPI *ArmoAPI) appendAuthHeaders(headers map[string]string) {
+func (api *KSCloudAPI) appendAuthHeaders(headers map[string]string) {
 
-	if armoAPI.feToken.Token != "" {
-		headers["Authorization"] = fmt.Sprintf("Bearer %s", armoAPI.feToken.Token)
+	if api.feToken.Token != "" {
+		headers["Authorization"] = fmt.Sprintf("Bearer %s", api.feToken.Token)
 	}
-	if armoAPI.authCookie != "" {
-		headers["Cookie"] = fmt.Sprintf("auth=%s", armoAPI.authCookie)
+	if api.authCookie != "" {
+		headers["Cookie"] = fmt.Sprintf("auth=%s", api.authCookie)
 	}
 }
 
-func (armoAPI *ArmoAPI) getCustomerGUIDFallBack() string {
-	if armoAPI.accountID != "" {
-		return armoAPI.accountID
+func (api *KSCloudAPI) getCustomerGUIDFallBack() string {
+	if api.accountID != "" {
+		return api.accountID
 	}
 	return "11111111-1111-1111-1111-111111111111"
 }

core/cautils/getter/loadpolicy.go

@@ -8,7 +8,7 @@ import (
 	"strings"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling"
 )
 
 // =======================================================================================================================

core/cautils/helmchart.go

@@ -4,10 +4,10 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
 
 	helmchart "helm.sh/helm/v3/pkg/chart"
 	helmloader "helm.sh/helm/v3/pkg/chart/loader"

core/cautils/helmchart_test.go

@@ -9,7 +9,7 @@ import (
 	"strings"
 	"testing"
 
-	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
 	"github.com/stretchr/testify/suite"
 )
 

core/cautils/kustomizedirectory.go

@@ -0,0 +1,115 @@
+package cautils
+
+import (
+	"os"
+	"path/filepath"
+
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
+
+	"sigs.k8s.io/kustomize/api/krusty"
+	"sigs.k8s.io/kustomize/kyaml/filesys"
+)
+
+type KustomizeDirectory struct {
+	path string
+}
+
+// Used for checking if there is "Kustomization" file in the given Directory
+var kustomizationFileMatchers = [3]string{"kustomization.yml", "kustomization.yaml", "Kustomization"}
+
+func IsKustomizeDirectory(path string) bool {
+	if isDir := IsDir(path); !isDir {
+		return false
+	}
+
+	if lastChar := path[len(path)-1:]; lastChar != "/" {
+		path += "/"
+	}
+
+	matches := 0
+	for _, kustomizationFileMatcher := range kustomizationFileMatchers {
+		checkPath := path + kustomizationFileMatcher
+		if _, err := os.Stat(checkPath); err == nil {
+			matches++
+		}
+	}
+
+	switch matches {
+	case 0:
+		return false
+	case 1:
+		return true
+	default:
+		logger.L().Info("Multiple kustomize files found while checking Kustomize Directory")
+		return false
+	}
+}
+
+// Used for checking if the path is Kustomization file.
+func IsKustomizeFile(path string) bool {
+	fileName := filepath.Base(path)
+
+	for _, kustomizationFileMatcher := range kustomizationFileMatchers {
+		if fileName == kustomizationFileMatcher {
+			return true
+		}
+	}
+
+	return false
+}
+
+func NewKustomizeDirectory(path string) *KustomizeDirectory {
+	return &KustomizeDirectory{
+		path: path,
+	}
+}
+
+func GetKustomizeDirectoryName(path string) string {
+	if isKustomizeDirectory := IsKustomizeDirectory(path); !isKustomizeDirectory {
+		return ""
+	}
+	return filepath.Dir(path)
+}
+
+// Get Workloads, creates the yaml files(K8s resources) using Kustomize and
+// renders the workloads from the yaml files (k8s resources)
+func (kd *KustomizeDirectory) GetWorkloads(kustomizeDirectoryPath string) (map[string][]workloadinterface.IMetadata, []error) {
+
+	fSys := filesys.MakeFsOnDisk()
+	kustomizer := krusty.MakeKustomizer(krusty.MakeDefaultOptions())
+	resmap, err := kustomizer.Run(fSys, kustomizeDirectoryPath)
+
+	if err != nil {
+		return nil, []error{err}
+	}
+
+	yml, err := resmap.AsYaml()
+
+	if err != nil {
+		return nil, []error{err}
+	}
+
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
+	errs := []error{}
+
+	wls, e := ReadFile(yml, YAML_FILE_FORMAT)
+
+	if e != nil {
+		logger.L().Debug("failed to read rendered yaml file", helpers.String("file", kustomizeDirectoryPath), helpers.Error(e))
+	}
+
+	if len(wls) != 0 {
+		workloads[kustomizeDirectoryPath] = []workloadinterface.IMetadata{}
+		for i := range wls {
+			lw := localworkload.NewLocalWorkload(wls[i].GetObject())
+			lw.SetPath(kustomizeDirectoryPath)
+			workloads[kustomizeDirectoryPath] = append(workloads[kustomizeDirectoryPath], lw)
+		}
+	}
+
+	return workloads, errs
+
+}

core/cautils/rbac.go

@@ -4,12 +4,12 @@ import (
 	"encoding/json"
 	"time"
 
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/rbac-utils/rbacscanner"
-	"github.com/armosec/rbac-utils/rbacutils"
 	"github.com/google/uuid"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/rbac-utils/rbacscanner"
+	"github.com/kubescape/rbac-utils/rbacutils"
 )
 
 type RBACObjects struct {
@@ -54,8 +54,8 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 	/*
 		************************************************************************************************************************
 			This code is adding a non valid ID ->
-				(github.com/armosec/rbac-utils v0.0.11): "//SA2WLIDmap/SA2WLIDmap"
-				(github.com/armosec/rbac-utils v0.0.12): "armo.rbac.com/v0beta1//SAID2WLIDmap/SAID2WLIDmap"
+				(github.com/kubescape/opa-utils v0.0.11): "//SA2WLIDmap/SA2WLIDmap"
+				(github.com/kubescape/opa-utils v0.0.12): "armo.rbac.com/v0beta1//SAID2WLIDmap/SAID2WLIDmap"
 
 			Should be investigated
 		************************************************************************************************************************
@@ -63,17 +63,21 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 
 	// wrap rbac aggregated objects in IMetadata and add to AllResources
 	// TODO - DEPRECATE SA2WLIDmap
-	SA2WLIDmapIMeta, err := rbacutils.SA2WLIDmapIMetadataWrapper(resources.SA2WLIDmap)
+	m, err := rbacutils.SA2WLIDmapIMetadataWrapper(resources.SA2WLIDmap)
 	if err != nil {
 		return nil, err
 	}
-	allresources[SA2WLIDmapIMeta.GetID()] = SA2WLIDmapIMeta
 
-	SAID2WLIDmapIMeta, err := rbacutils.SAID2WLIDmapIMetadataWrapper(resources.SAID2WLIDmap)
+	sa2WLIDmapIMeta := workloadinterface.NewBaseObject(m)
+	allresources[sa2WLIDmapIMeta.GetID()] = sa2WLIDmapIMeta
+
+	m2, err := rbacutils.SAID2WLIDmapIMetadataWrapper(resources.SAID2WLIDmap)
 	if err != nil {
 		return nil, err
 	}
-	allresources[SAID2WLIDmapIMeta.GetID()] = SAID2WLIDmapIMeta
+
+	saID2WLIDmapIMeta := workloadinterface.NewBaseObject(m2)
+	allresources[saID2WLIDmapIMeta.GetID()] = saID2WLIDmapIMeta
 
 	// convert rbac k8s resources to IMetadata and add to allresources
 	for _, cr := range resources.ClusterRoles.Items {

core/cautils/reportv2tov1.go

@@ -1,15 +1,14 @@
 package cautils
 
 import (
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/reporthandling"
-	helpersv1 "github.com/armosec/opa-utils/reporthandling/helpers/v1"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/opa-utils/reporthandling"
+	helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 )
 
 func ReportV2ToV1(opaSessionObj *OPASessionObj) *reporthandling.PostureReport {
 	report := &reporthandling.PostureReport{}
-	//	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider
 
 	frameworks := []reporthandling.FrameworkReport{}
 
@@ -31,26 +30,12 @@ func ReportV2ToV1(opaSessionObj *OPASessionObj) *reporthandling.PostureReport {
 		fwv1.Score = opaSessionObj.Report.SummaryDetails.Score
 	}
 
-	// // remove unused data
-	// opaSessionObj.Report = nil
-	// opaSessionObj.ResourcesResult = nil
-
 	// setup counters and score
 	for f := range frameworks {
-		// // set exceptions
-		// exceptions.SetFrameworkExceptions(frameworks, opap.Exceptions, cautils.ClusterName)
-
 		// set counters
 		reporthandling.SetUniqueResourcesCounter(&frameworks[f])
-
-		// set default score
-		// reporthandling.SetDefaultScore(&frameworks[f])
 	}
 
-	// // update score
-	// scoreutil := score.NewScore(opaSessionObj.AllResources)
-	// scoreutil.Calculate(frameworks)
-
 	report.FrameworkReports = frameworks
 	return report
 }
@@ -64,7 +49,6 @@ func controlReportV2ToV1(opaSessionObj *OPASessionObj, frameworkName string, con
 		crv1.Name = crv2.GetName()
 		crv1.Score = crv2.GetScore()
 		crv1.Control_ID = controlID
-		// crv1.Attributes = crv2.
 
 		// TODO - add fields
 		crv1.Description = crv2.Description
@@ -72,7 +56,9 @@ func controlReportV2ToV1(opaSessionObj *OPASessionObj, frameworkName string, con
 
 		rulesv1 := map[string]reporthandling.RuleReport{}
 
-		for _, resourceID := range crv2.ListResourcesIDs().All() {
+		iter := crv2.ListResourcesIDs().All()
+		for iter.HasNext() {
+			resourceID := iter.Next()
 			if result, ok := opaSessionObj.ResourcesResult[resourceID]; ok {
 				for _, rulev2 := range result.ListRulesOfControl(crv2.GetID(), "") {
 

core/cautils/rootinfo.go

@@ -1,13 +1,20 @@
 package cautils
 
+import (
+	"fmt"
+
+	"github.com/google/uuid"
+)
+
 type RootInfo struct {
 	Logger       string // logger level
 	LoggerName   string // logger name ("pretty"/"zap"/"none")
 	CacheDir     string // cached dir
 	DisableColor bool   // Disable Color
+	EnableColor  bool   // Force enable Color
 
-	ArmoBEURLs    string // armo url
-	ArmoBEURLsDep string // armo url
+	KSCloudBEURLs    string // Kubescape Cloud URL
+	KSCloudBEURLsDep string // Kubescape Cloud URL
 
 }
 
@@ -17,80 +24,22 @@ type Credentials struct {
 	SecretKey string
 }
 
-// func (rootInfo *RootInfo) InitLogger() {
-// 	logger.DisableColor(rootInfo.DisableColor)
+// To check if the user's credentials: accountID / clientID / secretKey are valid.
+func (credentials *Credentials) Validate() error {
 
-// 	if rootInfo.LoggerName == "" {
-// 		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
-// 			rootInfo.LoggerName = l
-// 		} else {
-// 			if isatty.IsTerminal(os.Stdout.Fd()) {
-// 				rootInfo.LoggerName = "pretty"
-// 			} else {
-// 				rootInfo.LoggerName = "zap"
-// 			}
-// 		}
-// 	}
+	// Check if the Account-ID is valid
+	if _, err := uuid.Parse(credentials.Account); credentials.Account != "" && err != nil {
+		return fmt.Errorf("bad argument: account must be a valid UUID")
+	}
+	// Check if the Client-ID is valid
+	if _, err := uuid.Parse(credentials.ClientID); credentials.ClientID != "" && err != nil {
+		return fmt.Errorf("bad argument: account must be a valid UUID")
+	}
 
-// 	logger.InitLogger(rootInfo.LoggerName)
+	// Check if the Secret-Key is valid
+	if _, err := uuid.Parse(credentials.SecretKey); credentials.SecretKey != "" && err != nil {
+		return fmt.Errorf("bad argument: account must be a valid UUID")
+	}
 
-// }
-// func (rootInfo *RootInfo) InitLoggerLevel() error {
-// 	if rootInfo.Logger == helpers.InfoLevel.String() {
-// 	} else if l := os.Getenv("KS_LOGGER"); l != "" {
-// 		rootInfo.Logger = l
-// 	}
-
-// 	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
-// 		return fmt.Errorf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/"))
-// 	}
-// 	return nil
-// }
-
-// func (rootInfo *RootInfo) InitCacheDir() error {
-// 	if rootInfo.CacheDir == getter.DefaultLocalStore {
-// 		getter.DefaultLocalStore = rootInfo.CacheDir
-// 	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
-// 		getter.DefaultLocalStore = cacheDir
-// 	} else {
-// 		return nil // using default cache dir location
-// 	}
-
-// 	// TODO create dir if not found exist
-// 	// logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
-// 	return nil
-// }
-// func (rootInfo *RootInfo) InitEnvironment() error {
-
-// 	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
-// 	if len(urlSlices) != 1 && len(urlSlices) < 3 {
-// 		return fmt.Errorf("expected at least 2 URLs (report,api,frontend,auth)")
-// 	}
-// 	switch len(urlSlices) {
-// 	case 1:
-// 		switch urlSlices[0] {
-// 		case "dev", "development":
-// 			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
-// 		case "stage", "staging":
-// 			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
-// 		case "":
-// 			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
-// 		default:
-// 			return fmt.Errorf("unknown environment")
-// 		}
-// 	case 2:
-// 		armoERURL := urlSlices[0] // mandatory
-// 		armoBEURL := urlSlices[1] // mandatory
-// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, "", ""))
-// 	case 3, 4:
-// 		var armoAUTHURL string
-// 		armoERURL := urlSlices[0] // mandatory
-// 		armoBEURL := urlSlices[1] // mandatory
-// 		armoFEURL := urlSlices[2] // mandatory
-// 		if len(urlSlices) <= 4 {
-// 			armoAUTHURL = urlSlices[3]
-// 		}
-// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
-// 	}
-// 	return nil
-// }
+	return nil
+}

core/cautils/rootinfo_test.go

@@ -0,0 +1,71 @@
+package cautils
+
+import "testing"
+
+func TestCredentials_Validate(t *testing.T) {
+	type fields struct {
+		Account   string
+		ClientID  string
+		SecretKey string
+	}
+	tests := []struct {
+		name    string
+		fields  fields
+		wantErr bool
+	}{
+		{
+			name: "valid account ID",
+			fields: fields{
+				Account: "22019933-feac-4012-a8eb-e81461ba6655",
+			},
+			wantErr: false,
+		},
+		{
+			name: "invalid account ID",
+			fields: fields{
+				Account: "22019933-feac-4012-a8eb-e81461ba665",
+			},
+			wantErr: true,
+		},
+		{
+			name: "valid client ID",
+			fields: fields{
+				ClientID: "22019933-feac-4012-a8eb-e81461ba6655",
+			},
+			wantErr: false,
+		},
+		{
+			name: "invalid client ID",
+			fields: fields{
+				ClientID: "22019933-feac-4012-a8eb-e81461ba665",
+			},
+			wantErr: true,
+		},
+		{
+			name: "valid secret key",
+			fields: fields{
+				SecretKey: "22019933-feac-4012-a8eb-e81461ba6655",
+			},
+			wantErr: false,
+		},
+		{
+			name: "invalid secret key",
+			fields: fields{
+				SecretKey: "22019933-feac-4012-a8eb-e81461ba665",
+			},
+			wantErr: true,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			credentials := &Credentials{
+				Account:   tt.fields.Account,
+				ClientID:  tt.fields.ClientID,
+				SecretKey: tt.fields.SecretKey,
+			}
+			if err := credentials.Validate(); (err != nil) != tt.wantErr {
+				t.Errorf("Credentials.Validate() error = %v, wantErr %v", err, tt.wantErr)
+			}
+		})
+	}
+}

core/cautils/scaninfo.go

@@ -9,15 +9,15 @@ import (
 	"strings"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 
 	giturl "github.com/armosec/go-git-url"
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/opa-utils/reporthandling"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/opa-utils/reporthandling"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 
 	"github.com/google/uuid"
 )
@@ -100,38 +100,41 @@ type PolicyIdentifier struct {
 }
 
 type ScanInfo struct {
-	Getters                               // TODO - remove from object
-	PolicyIdentifier   []PolicyIdentifier // TODO - remove from object
-	UseExceptions      string             // Load file with exceptions configuration
-	ControlsInputs     string             // Load file with inputs for controls
-	UseFrom            []string           // Load framework from local file (instead of download). Use when running offline
-	UseDefault         bool               // Load framework from cached file (instead of download). Use when running offline
-	UseArtifactsFrom   string             // Load artifacts from local path. Use when running offline
-	VerboseMode        bool               // Display all of the input resources and not only failed resources
-	View               string             // Display all of the input resources and not only failed resources
-	Format             string             // Format results (table, json, junit ...)
-	Output             string             // Store results in an output file, Output file name
-	FormatVersion      string             // Output object can be differnet between versions, this is for testing and backward compatibility
-	ExcludedNamespaces string             // used for host scanner namespace
-	IncludeNamespaces  string             //
-	InputPatterns      []string           // Yaml files input patterns
-	Silent             bool               // Silent mode - Do not print progress logs
-	FailThreshold      float32            // Failure score threshold
-	Submit             bool               // Submit results to Armo BE
-	ScanID             string             // Report id of the current scan
-	HostSensorEnabled  BoolPtrFlag        // Deploy ARMO K8s host scanner to collect data from certain controls
-	HostSensorYamlPath string             // Path to hostsensor file
-	Local              bool               // Do not submit results
-	Credentials        Credentials        // account ID
-	KubeContext        string             // context name
-	FrameworkScan      bool               // false if scanning control
-	ScanAll            bool               // true if scan all frameworks
+	Getters                                  // TODO - remove from object
+	PolicyIdentifier      []PolicyIdentifier // TODO - remove from object
+	UseExceptions         string             // Load file with exceptions configuration
+	ControlsInputs        string             // Load file with inputs for controls
+	UseFrom               []string           // Load framework from local file (instead of download). Use when running offline
+	UseDefault            bool               // Load framework from cached file (instead of download). Use when running offline
+	UseArtifactsFrom      string             // Load artifacts from local path. Use when running offline
+	VerboseMode           bool               // Display all of the input resources and not only failed resources
+	View                  string             // Display all of the input resources and not only failed resources
+	Format                string             // Format results (table, json, junit ...)
+	Output                string             // Store results in an output file, Output file name
+	FormatVersion         string             // Output object can be differnet between versions, this is for testing and backward compatibility
+	CustomClusterName     string             // Set the custom name of the cluster
+	ExcludedNamespaces    string             // used for host scanner namespace
+	IncludeNamespaces     string             //
+	InputPatterns         []string           // Yaml files input patterns
+	Silent                bool               // Silent mode - Do not print progress logs
+	FailThreshold         float32            // Failure score threshold
+	FailThresholdSeverity string             // Severity at and above which the command should fail
+	Submit                bool               // Submit results to Kubescape Cloud BE
+	ScanID                string             // Report id of the current scan
+	HostSensorEnabled     BoolPtrFlag        // Deploy Kubescape K8s host scanner to collect data from certain controls
+	HostSensorYamlPath    string             // Path to hostsensor file
+	Local                 bool               // Do not submit results
+	Credentials           Credentials        // account ID
+	KubeContext           string             // context name
+	FrameworkScan         bool               // false if scanning control
+	ScanAll               bool               // true if scan all frameworks
 }
 
 type Getters struct {
 	ExceptionsGetter     getter.IExceptionsGetter
 	ControlsInputsGetter getter.IControlsInputsGetter
 	PolicyGetter         getter.IPolicyGetter
+	AttackTracksGetter   getter.IAttackTracksGetter
 }
 
 func (scanInfo *ScanInfo) Init() {
@@ -205,13 +208,6 @@ func (scanInfo *ScanInfo) setOutputFile() {
 	}
 }
 
-// func (scanInfo *ScanInfo) GetScanningEnvironment() string {
-// 	if len(scanInfo.InputPatterns) != 0 {
-// 		return ScanLocalFiles
-// 	}
-// 	return ScanCluster
-// }
-
 func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind) {
 	for _, policy := range policies {
 		if !scanInfo.contains(policy) {

core/cautils/scaninfo_test.go

@@ -3,7 +3,7 @@ package cautils
 import (
 	"testing"
 
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -20,7 +20,7 @@ func TestSetContextMetadata(t *testing.T) {
 	}
 	{
 		ctx := reporthandlingv2.ContextMetadata{}
-		setContextMetadata(&ctx, "https://github.com/armosec/kubescape")
+		setContextMetadata(&ctx, "https://github.com/kubescape/kubescape")
 
 		assert.Nil(t, ctx.ClusterContextMetadata)
 		assert.Nil(t, ctx.DirectoryContextMetadata)
@@ -29,7 +29,7 @@ func TestSetContextMetadata(t *testing.T) {
 		assert.NotNil(t, ctx.RepoContextMetadata)
 
 		assert.Equal(t, "kubescape", ctx.RepoContextMetadata.Repo)
-		assert.Equal(t, "armosec", ctx.RepoContextMetadata.Owner)
+		assert.Equal(t, "kubescape", ctx.RepoContextMetadata.Owner)
 		assert.Equal(t, "master", ctx.RepoContextMetadata.Branch)
 	}
 }
@@ -40,8 +40,5 @@ func TestGetHostname(t *testing.T) {
 
 func TestGetScanningContext(t *testing.T) {
 	assert.Equal(t, ContextCluster, GetScanningContext(""))
-	// assert.Equal(t, ContextDir, GetScanningContext("/"))
-	assert.Equal(t, ContextGitURL, GetScanningContext("https://github.com/armosec/kubescape"))
-	// assert.Equal(t, ContextFile, GetScanningContext(path.Join(".", "testdata", "localrepo.git")))
-	// assert.Equal(t, ContextGitLocal, GetScanningContext(path.Join(".", "testdata")))
+	assert.Equal(t, ContextGitURL, GetScanningContext("https://github.com/kubescape/kubescape"))
 }

core/cautils/versioncheck.go

@@ -6,10 +6,10 @@ import (
 	"net/http"
 	"os"
 
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
 	"github.com/armosec/utils-go/boolutils"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 
 	"golang.org/x/mod/semver"
 )

core/cautils/versioncheck_test.go

@@ -4,7 +4,7 @@ import (
 	"testing"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/mod/semver"
 )

core/cautils/workloadmappingutils.go

@@ -3,7 +3,7 @@ package cautils
 import (
 	"strings"
 
-	"github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
 var (
@@ -21,9 +21,9 @@ var (
 	CloudResources = []string{"ClusterDescribe"}
 )
 
-func MapArmoResource(armoResourceMap *ArmoResources, resources []string) []string {
+func MapKSResource(ksResourceMap *KSResources, resources []string) []string {
 	var hostResources []string
-	for k := range *armoResourceMap {
+	for k := range *ksResourceMap {
 		for _, resource := range resources {
 			if strings.Contains(k, resource) {
 				hostResources = append(hostResources, k)
@@ -33,16 +33,16 @@ func MapArmoResource(armoResourceMap *ArmoResources, resources []string) []strin
 	return hostResources
 }
 
-func MapHostResources(armoResourceMap *ArmoResources) []string {
-	return MapArmoResource(armoResourceMap, HostSensorResources)
+func MapHostResources(ksResourceMap *KSResources) []string {
+	return MapKSResource(ksResourceMap, HostSensorResources)
 }
 
-func MapImageVulnResources(armoResourceMap *ArmoResources) []string {
-	return MapArmoResource(armoResourceMap, ImageVulnResources)
+func MapImageVulnResources(ksResourceMap *KSResources) []string {
+	return MapKSResource(ksResourceMap, ImageVulnResources)
 }
 
-func MapCloudResources(armoResourceMap *ArmoResources) []string {
-	return MapArmoResource(armoResourceMap, CloudResources)
+func MapCloudResources(ksResourceMap *KSResources) []string {
+	return MapKSResource(ksResourceMap, CloudResources)
 }
 
 func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo) {

core/core/cachedconfig.go

@@ -3,12 +3,12 @@ package core
 import (
 	"fmt"
 
-	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 )
 
 func (ks *Kubescape) SetCachedConfig(setConfig *metav1.SetConfig) error {
 
-	tenant := getTenantConfig(nil, "", getKubernetesApi())
+	tenant := getTenantConfig(nil, "", "", getKubernetesApi())
 
 	if setConfig.Account != "" {
 		tenant.GetConfigObj().AccountID = setConfig.Account
@@ -25,13 +25,13 @@ func (ks *Kubescape) SetCachedConfig(setConfig *metav1.SetConfig) error {
 
 // View cached configurations
 func (ks *Kubescape) ViewCachedConfig(viewConfig *metav1.ViewConfig) error {
-	tenant := getTenantConfig(nil, "", getKubernetesApi()) // change k8sinterface
+	tenant := getTenantConfig(nil, "", "", getKubernetesApi()) // change k8sinterface
 	fmt.Fprintf(viewConfig.Writer, "%s\n", tenant.GetConfigObj().Config())
 	return nil
 }
 
 func (ks *Kubescape) DeleteCachedConfig(deleteConfig *metav1.DeleteConfig) error {
 
-	tenant := getTenantConfig(nil, "", getKubernetesApi()) // change k8sinterface
+	tenant := getTenantConfig(nil, "", "", getKubernetesApi()) // change k8sinterface
 	return tenant.DeleteCachedConfig()
 }

core/core/delete.go

@@ -3,20 +3,20 @@ package core
 import (
 	"fmt"
 
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 )
 
 func (ks *Kubescape) DeleteExceptions(delExceptions *v1.DeleteExceptions) error {
 
 	// load cached config
-	getTenantConfig(&delExceptions.Credentials, "", getKubernetesApi())
+	getTenantConfig(&delExceptions.Credentials, "", "", getKubernetesApi())
 
 	// login kubescape SaaS
-	armoAPI := getter.GetArmoAPIConnector()
-	if err := armoAPI.Login(); err != nil {
+	ksCloudAPI := getter.GetKSCloudAPIConnector()
+	if err := ksCloudAPI.Login(); err != nil {
 		return err
 	}
 
@@ -26,7 +26,7 @@ func (ks *Kubescape) DeleteExceptions(delExceptions *v1.DeleteExceptions) error
 			continue
 		}
 		logger.L().Info("Deleting exception", helpers.String("name", exceptionName))
-		if err := armoAPI.DeleteException(exceptionName); err != nil {
+		if err := ksCloudAPI.DeleteException(exceptionName); err != nil {
 			return fmt.Errorf("failed to delete exception '%s', reason: %s", exceptionName, err.Error())
 		}
 		logger.L().Success("Exception deleted successfully")

core/core/download.go

@@ -7,10 +7,10 @@ import (
 	"strings"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 )
 
 var downloadFunc = map[string]func(*metav1.DownloadInfo) error{
@@ -80,7 +80,7 @@ func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error {
 }
 
 func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
-	tenant := getTenantConfig(&downloadInfo.Credentials, "", getKubernetesApi())
+	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
 	controlsInputsGetter := getConfigInputsGetter(downloadInfo.Name, tenant.GetAccountID(), nil)
 	controlInputs, err := controlsInputsGetter.GetControlsInputs(tenant.GetContextName())
@@ -104,7 +104,7 @@ func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
 
 func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 	var err error
-	tenant := getTenantConfig(&downloadInfo.Credentials, "", getKubernetesApi())
+	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
 	exceptionsGetter := getExceptionsGetter("")
 	exceptions := []armotypes.PostureExceptionPolicy{}
@@ -128,7 +128,7 @@ func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 
 func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 
-	tenant := getTenantConfig(&downloadInfo.Credentials, "", getKubernetesApi())
+	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
 	g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)
 
@@ -170,7 +170,7 @@ func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 
 func downloadControl(downloadInfo *metav1.DownloadInfo) error {
 
-	tenant := getTenantConfig(&downloadInfo.Credentials, "", getKubernetesApi())
+	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
 	g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
 

core/core/initutils.go

@@ -3,19 +3,19 @@ package core
 import (
 	"fmt"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/kubescape/v2/core/pkg/hostsensorutils"
-	"github.com/armosec/kubescape/v2/core/pkg/resourcehandler"
-	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
-	reporterv2 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v2"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/pkg/hostsensorutils"
+	"github.com/kubescape/kubescape/v2/core/pkg/resourcehandler"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter"
+	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
 
 	"github.com/google/uuid"
 
-	"github.com/armosec/rbac-utils/rbacscanner"
+	"github.com/kubescape/rbac-utils/rbacscanner"
 )
 
 // getKubernetesApi
@@ -25,11 +25,11 @@ func getKubernetesApi() *k8sinterface.KubernetesApi {
 	}
 	return k8sinterface.NewKubernetesApi()
 }
-func getTenantConfig(credentials *cautils.Credentials, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
+func getTenantConfig(credentials *cautils.Credentials, clusterName string, customClusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
 	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
-		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), credentials, clusterName)
+		return cautils.NewLocalConfig(getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
 	}
-	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), credentials, clusterName)
+	return cautils.NewClusterConfig(k8s, getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
 }
 
 func getExceptionsGetter(useExceptions string) getter.IExceptionsGetter {
@@ -37,7 +37,7 @@ func getExceptionsGetter(useExceptions string) getter.IExceptionsGetter {
 		// load exceptions from file
 		return getter.NewLoadPolicy([]string{useExceptions})
 	} else {
-		return getter.GetArmoAPIConnector()
+		return getter.GetKSCloudAPIConnector()
 	}
 }
 
@@ -73,7 +73,7 @@ func getResourceHandler(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenant
 		// scanInfo.HostSensor.SetBool(false)
 		return resourcehandler.NewFileResourceHandler(scanInfo.InputPatterns, registryAdaptors)
 	}
-	getter.GetArmoAPIConnector()
+	getter.GetKSCloudAPIConnector()
 	rbacObjects := getRBACHandler(tenantConfig, k8s, scanInfo.Submit)
 	return resourcehandler.NewK8sResourceHandler(k8s, getFieldSelector(scanInfo), hostSensorHandler, rbacObjects, registryAdaptors)
 }
@@ -124,7 +124,7 @@ func policyIdentifierNames(pi []cautils.PolicyIdentifier) string {
 	return policiesNames
 }
 
-// setSubmitBehavior - Setup the desired cluster behavior regarding submitting to the Armo BE
+// setSubmitBehavior - Setup the desired cluster behavior regarding submitting to the Kubescape Cloud BE
 func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig) {
 
 	/*
@@ -165,13 +165,13 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC
 
 }
 
-// setPolicyGetter set the policy getter - local file/github release/ArmoAPI
+// setPolicyGetter set the policy getter - local file/github release/Kubescape Cloud API
 func getPolicyGetter(loadPoliciesFromFile []string, tennatEmail string, frameworkScope bool, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
 	if len(loadPoliciesFromFile) > 0 {
 		return getter.NewLoadPolicy(loadPoliciesFromFile)
 	}
 	if tennatEmail != "" && frameworkScope {
-		g := getter.GetArmoAPIConnector() // download policy from ARMO backend
+		g := getter.GetKSCloudAPIConnector() // download policy from Kubescape Cloud backend
 		return g
 	}
 	if downloadReleasedPolicy == nil {
@@ -181,13 +181,13 @@ func getPolicyGetter(loadPoliciesFromFile []string, tennatEmail string, framewor
 
 }
 
-// setConfigInputsGetter sets the config input getter - local file/github release/ArmoAPI
+// setConfigInputsGetter sets the config input getter - local file/github release/Kubescape Cloud API
 func getConfigInputsGetter(ControlsInputs string, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IControlsInputsGetter {
 	if len(ControlsInputs) > 0 {
 		return getter.NewLoadPolicy([]string{ControlsInputs})
 	}
 	if accountID != "" {
-		g := getter.GetArmoAPIConnector() // download config from ARMO backend
+		g := getter.GetKSCloudAPIConnector() // download config from Kubescape Cloud backend
 		return g
 	}
 	if downloadReleasedPolicy == nil {
@@ -223,3 +223,17 @@ func listFrameworksNames(policyGetter getter.IPolicyGetter) []string {
 	}
 	return getter.NativeFrameworks
 }
+
+func getAttackTracksGetter(accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IAttackTracksGetter {
+	if accountID != "" {
+		g := getter.GetKSCloudAPIConnector() // download attack tracks from Kubescape Cloud backend
+		return g
+	}
+	if downloadReleasedPolicy == nil {
+		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
+	}
+	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil {
+		logger.L().Warning("failed to get attack tracks from github release, this may affect the scanning results", helpers.Error(err))
+	}
+	return downloadReleasedPolicy
+}

core/core/list.go

@@ -6,8 +6,8 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 )
 
 var listFunc = map[string]func(*metav1.ListPolicies) ([]string, error){
@@ -44,14 +44,14 @@ func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {
 }
 
 func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
-	tenant := getTenantConfig(&listPolicies.Credentials, "", getKubernetesApi()) // change k8sinterface
+	tenant := getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi()) // change k8sinterface
 	g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)
 
 	return listFrameworksNames(g), nil
 }
 
 func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
-	tenant := getTenantConfig(&listPolicies.Credentials, "", getKubernetesApi()) // change k8sinterface
+	tenant := getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi()) // change k8sinterface
 
 	g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
 	l := getter.ListName
@@ -63,11 +63,11 @@ func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
 
 func listExceptions(listPolicies *metav1.ListPolicies) ([]string, error) {
 	// load tenant metav1
-	getTenantConfig(&listPolicies.Credentials, "", getKubernetesApi())
+	getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi())
 
 	var exceptionsNames []string
-	armoAPI := getExceptionsGetter("")
-	exceptions, err := armoAPI.GetExceptions("")
+	ksCloudAPI := getExceptionsGetter("")
+	exceptions, err := ksCloudAPI.GetExceptions("")
 	if err != nil {
 		return exceptionsNames, err
 	}

core/core/scan.go

@@ -3,23 +3,24 @@ package core
 import (
 	"fmt"
 
-	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/kubescape/k8s-interface/k8sinterface"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/kubescape/v2/core/pkg/hostsensorutils"
-	"github.com/armosec/kubescape/v2/core/pkg/opaprocessor"
-	"github.com/armosec/kubescape/v2/core/pkg/policyhandler"
-	"github.com/armosec/kubescape/v2/core/pkg/resourcehandler"
-	"github.com/armosec/kubescape/v2/core/pkg/resultshandling"
-	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/printer"
-	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/pkg/hostsensorutils"
+	"github.com/kubescape/kubescape/v2/core/pkg/opaprocessor"
+	"github.com/kubescape/kubescape/v2/core/pkg/policyhandler"
+	"github.com/kubescape/kubescape/v2/core/pkg/resourcehandler"
+	"github.com/kubescape/kubescape/v2/core/pkg/resourcesprioritization"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter"
 
-	"github.com/armosec/opa-utils/resources"
+	"github.com/kubescape/opa-utils/resources"
 )
 
 type componentInterfaces struct {
@@ -43,7 +44,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 
 	// ================== setup tenant object ======================================
 
-	tenantConfig := getTenantConfig(&scanInfo.Credentials, scanInfo.KubeContext, k8s)
+	tenantConfig := getTenantConfig(&scanInfo.Credentials, scanInfo.KubeContext, scanInfo.CustomClusterName, k8s)
 
 	// Set submit behavior AFTER loading tenant config
 	setSubmitBehavior(scanInfo, tenantConfig)
@@ -104,7 +105,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 }
 
 func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
-	logger.L().Info("ARMO security scanner starting")
+	logger.L().Info("Kubescape scanner starting")
 
 	// ===================== Initialization =====================
 	scanInfo.Init() // initialize scan info
@@ -122,6 +123,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH
 	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetTenantEmail(), scanInfo.FrameworkScan, downloadReleasedPolicy)
 	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
 	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(scanInfo.UseExceptions)
+	scanInfo.Getters.AttackTracksGetter = getAttackTracksGetter(interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
 
 	// TODO - list supported frameworks/controls
 	if scanInfo.ScanAll {
@@ -152,6 +154,14 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH
 		return resultsHandling, fmt.Errorf("%w", err)
 	}
 
+	// ======================== prioritization ===================
+
+	if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(scanInfo.Getters.AttackTracksGetter); err != nil {
+		logger.L().Warning("failed to get attack tracks, this may affect the scanning results", helpers.Error(err))
+	} else if err := priotizationHandler.PrioritizeResources(scanData); err != nil {
+		return resultsHandling, fmt.Errorf("%w", err)
+	}
+
 	// ========================= results handling =====================
 	resultsHandling.SetData(scanData)
 

core/core/submit.go

@@ -1,12 +1,12 @@
 package core
 
 import (
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
 
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 )
 
 func (ks *Kubescape) Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
@@ -39,7 +39,7 @@ func (ks *Kubescape) SubmitExceptions(credentials *cautils.Credentials, excPath
 	logger.L().Info("submitting exceptions", helpers.String("path", excPath))
 
 	// load cached config
-	tenantConfig := getTenantConfig(credentials, "", getKubernetesApi())
+	tenantConfig := getTenantConfig(credentials, "", "", getKubernetesApi())
 	if err := tenantConfig.SetTenant(); err != nil {
 		logger.L().Error("failed setting account ID", helpers.Error(err))
 	}
@@ -52,12 +52,12 @@ func (ks *Kubescape) SubmitExceptions(credentials *cautils.Credentials, excPath
 	}
 
 	// login kubescape SaaS
-	armoAPI := getter.GetArmoAPIConnector()
-	if err := armoAPI.Login(); err != nil {
+	ksCloudAPI := getter.GetKSCloudAPIConnector()
+	if err := ksCloudAPI.Login(); err != nil {
 		return err
 	}
 
-	if err := armoAPI.PostExceptions(exceptions); err != nil {
+	if err := ksCloudAPI.PostExceptions(exceptions); err != nil {
 		return err
 	}
 	logger.L().Success("Exceptions submitted successfully")

core/meta/cliinterfaces/submit.go

@@ -1,10 +1,10 @@
 package cliinterfaces
 
 import (
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 )
 
 type ISubmitObjects interface {

core/meta/datastructures/v1/delete.go

@@ -1,6 +1,6 @@
 package v1
 
-import "github.com/armosec/kubescape/v2/core/cautils"
+import "github.com/kubescape/kubescape/v2/core/cautils"
 
 type DeleteExceptions struct {
 	Credentials cautils.Credentials

core/meta/datastructures/v1/download.go

@@ -1,6 +1,6 @@
 package v1
 
-import "github.com/armosec/kubescape/v2/core/cautils"
+import "github.com/kubescape/kubescape/v2/core/cautils"
 
 type DownloadInfo struct {
 	Path        string // directory to save artifact. Default is "~/.kubescape/"

core/meta/datastructures/v1/listpolicies.go

@@ -1,6 +1,6 @@
 package v1
 
-import "github.com/armosec/kubescape/v2/core/cautils"
+import "github.com/kubescape/kubescape/v2/core/cautils"
 
 type ListPolicies struct {
 	Target      string

core/meta/datastructures/v1/submit.go

@@ -1,6 +1,6 @@
 package v1
 
-import "github.com/armosec/kubescape/v2/core/cautils"
+import "github.com/kubescape/kubescape/v2/core/cautils"
 
 type Submit struct {
 	Credentials cautils.Credentials

core/meta/ksinterface.go

@@ -1,10 +1,10 @@
 package meta
 
 import (
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
-	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
-	"github.com/armosec/kubescape/v2/core/pkg/resultshandling"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling"
 )
 
 type IKubescape interface {

core/mocks/loadmocks.go

@@ -4,8 +4,8 @@ import (
 	"encoding/json"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/opa-utils/reporthandling"
 )
 
 var mockControl_0006 = `{"guid":"","name":"Allowed hostPath","attributes":{"armoBuiltin":true},"id":"C-0006","controlID":"C-0006","creationTime":"","description":"Mounting host directory to the container can be abused to get access to sensitive data and gain persistence on the host machine.","remediation":"Refrain from using host path mount.","rules":[{"guid":"","name":"alert-rw-hostpath","attributes":{"armoBuiltin":true,"m$K8sThreatMatrix":"Persistence::Writable hostPath mount, Lateral Movement::Writable volume mounts on the host"},"creationTime":"","rule":"package armo_builtins\n\n# input: pod\n# apiversion: v1\n# does: returns hostPath volumes\n\ndeny[msga] {\n    pod := input[_]\n    pod.kind == \"Pod\"\n    volumes := pod.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\tcontainer := pod.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n    podname := pod.metadata.name\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"pod: %v has: %v as hostPath volume\", [podname, volume.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": [result],\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [pod]\n\t\t}\n\t}\n}\n\n#handles majority of workload resources\ndeny[msga] {\n\twl := input[_]\n\tspec_template_spec_patterns := {\"Deployment\",\"ReplicaSet\",\"DaemonSet\",\"StatefulSet\",\"Job\"}\n\tspec_template_spec_patterns[wl.kind]\n    volumes := wl.spec.template.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\tcontainer := wl.spec.template.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.template.spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n\tmsga := {\n\t\t\"alertMessage\": sprintf(\"%v: %v has: %v as hostPath volume\", [wl.kind, wl.metadata.name, volume.name]),\n\t\t\"packagename\": \"armo_builtins\",\n\t\t\"alertScore\": 7,\n\t\t\"failedPaths\": [result],\n\t\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t\n\t}\n}\n\n#handles CronJobs\ndeny[msga] {\n\twl := input[_]\n\twl.kind == \"CronJob\"\n    volumes := wl.spec.jobTemplate.spec.template.spec.volumes\n    volume := volumes[_]\n    volume.hostPath\n\n\tcontainer = wl.spec.jobTemplate.spec.template.spec.containers[i]\n\tvolumeMount := container.volumeMounts[k]\n\tvolumeMount.name == volume.name\n\tbegginingOfPath := \"spec.jobTemplate.spec.template.spec.\"\n\tresult := isRWMount(volumeMount, begginingOfPath,  i, k)\n\n\tmsga := {\n\t\"alertMessage\": sprintf(\"%v: %v has: %v as hostPath volume\", [wl.kind, wl.metadata.name, volume.name]),\n\t\"packagename\": \"armo_builtins\",\n\t\"alertScore\": 7,\n\t\"failedPaths\": [result],\n\t\"alertObject\": {\n\t\t\t\"k8sApiObjects\": [wl]\n\t\t}\n\t}\n}\n\nisRWMount(mount, begginingOfPath,  i, k) = path {\n not mount.readOnly == true\n not mount.readOnly == false\n path = \"\"\n}\nisRWMount(mount, begginingOfPath,  i, k) = path {\n  mount.readOnly == false\n  path = sprintf(\"%vcontainers[%v].volumeMounts[%v].readOnly\", [begginingOfPath, format_int(i, 10), format_int(k, 10)])\n} ","resourceEnumerator":"","ruleLanguage":"Rego","match":[{"apiGroups":["*"],"apiVersions":["*"],"resources":["Deployment","ReplicaSet","DaemonSet","StatefulSet","Job","CronJob","Pod"]}],"ruleDependencies":[{"packageName":"cautils"},{"packageName":"kubernetes.api.client"}],"configInputs":null,"controlConfigInputs":null,"description":"determines if any workload contains a hostPath volume with rw permissions","remediation":"Set the readOnly field of the mount to true","ruleQuery":""}],"rulesIDs":[""],"baseScore":6}`

core/pkg/containerscan/elasticdatastructures.go

@@ -12,7 +12,7 @@ type ElasticContainerVulnerabilityResult struct {
 	Timestamp         int64     `json:"timestamp"`
 	IsFixed           int       `json:"isFixed"`
 	IntroducedInLayer string    `json:"layerHash"`
-	RelevantLinks     []string  `json:"links"` // shitty SE practice
+	RelevantLinks     []string  `json:"links"` // Bad SE practice
 
 	Vulnerability `json:",inline"`
 }

core/pkg/hostsensorutils/hostsensor.yaml

@@ -33,7 +33,7 @@ spec:
         effect: NoSchedule
       containers:
       - name: host-sensor
-        image: quay.io/armosec/kube-host-sensor:latest
+        image: quay.io/kubescape/host-scanner:latest
         securityContext:
           privileged: true
           readOnlyRootFilesystem: true

core/pkg/hostsensorutils/hostsensordeploy.go

@@ -8,11 +8,11 @@ import (
 	"sync"
 	"time"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils"
 
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"

core/pkg/hostsensorutils/hostsensorgetfrompod.go

@@ -5,11 +5,11 @@ import (
 	"fmt"
 	"sync"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
-	"github.com/armosec/opa-utils/reporthandling/apis"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
 
 	"sigs.k8s.io/yaml"
 )

core/pkg/hostsensorutils/hostsensorinterface.go

@@ -1,8 +1,8 @@
 package hostsensorutils
 
 import (
-	"github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
-	"github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
 type IHostSensor interface {

core/pkg/hostsensorutils/hostsensormock.go

@@ -1,8 +1,8 @@
 package hostsensorutils
 
 import (
-	"github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
-	"github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
 type HostSensorHandlerMock struct {

core/pkg/hostsensorutils/hostsensorworkerpool.go

@@ -3,9 +3,9 @@ package hostsensorutils
 import (
 	"sync"
 
-	"github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
 )
 
 const noOfWorkers int = 10

core/pkg/hostsensorutils/utils.go

@@ -1,8 +1,8 @@
 package hostsensorutils
 
 import (
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
 var (

core/pkg/opaprocessor/processorhandler.go

@@ -6,21 +6,21 @@ import (
 	"time"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/pkg/score"
-	"github.com/armosec/opa-utils/objectsenvelopes"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/apis"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/pkg/score"
+	"github.com/kubescape/opa-utils/objectsenvelopes"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/resourcesresults"
 
 	"github.com/open-policy-agent/opa/storage"
 
-	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/kubescape/k8s-interface/workloadinterface"
 
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
-	"github.com/armosec/opa-utils/resources"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
+	"github.com/kubescape/opa-utils/resources"
 	"github.com/open-policy-agent/opa/ast"
 	"github.com/open-policy-agent/opa/rego"
 )
@@ -43,12 +43,12 @@ func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *re
 }
 func (opap *OPAProcessor) ProcessRulesListenner() error {
 
-	policies := ConvertFrameworksToPolicies(opap.Policies, cautils.BuildNumber)
+	opap.OPASessionObj.AllPolicies = ConvertFrameworksToPolicies(opap.Policies, cautils.BuildNumber)
 
-	ConvertFrameworksToSummaryDetails(&opap.Report.SummaryDetails, opap.Policies, policies)
+	ConvertFrameworksToSummaryDetails(&opap.Report.SummaryDetails, opap.Policies, opap.OPASessionObj.AllPolicies)
 
 	// process
-	if err := opap.Process(policies); err != nil {
+	if err := opap.Process(opap.OPASessionObj.AllPolicies); err != nil {
 		logger.L().Error(err.Error())
 		// Return error?
 	}
@@ -122,7 +122,7 @@ func (opap *OPAProcessor) processControl(control *reporthandling.Control) (map[s
 
 	// ruleResults := make(map[string][]resourcesresults.ResourceAssociatedRule)
 	for i := range control.Rules {
-		resourceAssociatedRule, err := opap.processRule(&control.Rules[i])
+		resourceAssociatedRule, err := opap.processRule(&control.Rules[i], control.FixedInput)
 		if err != nil {
 			logger.L().Error(err.Error())
 			continue
@@ -150,10 +150,15 @@ func (opap *OPAProcessor) processControl(control *reporthandling.Control) (map[s
 	return resourcesAssociatedControl, errs
 }
 
-func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule) (map[string]*resourcesresults.ResourceAssociatedRule, error) {
+func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule, fixedControlInputs map[string][]string) (map[string]*resourcesresults.ResourceAssociatedRule, error) {
 
 	postureControlInputs := opap.regoDependenciesData.GetFilteredPostureControlInputs(rule.ConfigInputs) // get store
 
+	// Merge configurable control input and fixed control input
+	for k, v := range fixedControlInputs {
+		postureControlInputs[k] = v
+	}
+
 	inputResources, err := reporthandling.RegoResourcesAggregator(rule, getAllSupportedObjects(opap.K8SResources, opap.ArmoResource, opap.AllResources, rule))
 	if err != nil {
 		return nil, fmt.Errorf("error getting aggregated k8sObjects: %s", err.Error())

core/pkg/opaprocessor/processorhandler_test.go

@@ -4,13 +4,13 @@ import (
 	"testing"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/mocks"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/resources"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/mocks"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/resources"
 	"github.com/stretchr/testify/assert"
 
-	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/kubescape/k8s-interface/workloadinterface"
 	// _ "k8s.io/client-go/plugin/pkg/client/auth"
 )
 
@@ -42,7 +42,7 @@ func TestProcessResourcesResult(t *testing.T) {
 
 	assert.Equal(t, 1, len(opaSessionObj.ResourcesResult))
 	res := opaSessionObj.ResourcesResult[deployment.GetID()]
-	assert.Equal(t, 2, len(res.ListControlsIDs(nil).All()))
+	assert.Equal(t, 2, res.ListControlsIDs(nil).All().Len())
 	assert.Equal(t, 1, len(res.ListControlsIDs(nil).Failed()))
 	assert.Equal(t, 1, len(res.ListControlsIDs(nil).Passed()))
 	assert.True(t, res.GetStatus(nil).IsFailed())
@@ -51,8 +51,8 @@ func TestProcessResourcesResult(t *testing.T) {
 
 	opap.updateResults()
 	res = opaSessionObj.ResourcesResult[deployment.GetID()]
-	assert.Equal(t, 2, len(res.ListControlsIDs(nil).All()))
-	assert.Equal(t, 2, len(res.ListControlsIDs(nil).All()))
+	assert.Equal(t, 2, res.ListControlsIDs(nil).All().Len())
+	assert.Equal(t, 2, res.ListControlsIDs(nil).All().Len())
 	assert.Equal(t, 1, len(res.ListControlsIDs(nil).Failed()))
 	assert.Equal(t, 1, len(res.ListControlsIDs(nil).Passed()))
 	assert.True(t, res.GetStatus(nil).IsFailed())
@@ -67,13 +67,13 @@ func TestProcessResourcesResult(t *testing.T) {
 	assert.Equal(t, 0, summaryDetails.NumberOfResources().Passed())
 
 	// test resource listing
-	assert.Equal(t, 1, len(summaryDetails.ListResourcesIDs().All()))
+	assert.Equal(t, 1, summaryDetails.ListResourcesIDs().All().Len())
 	assert.Equal(t, 1, len(summaryDetails.ListResourcesIDs().Failed()))
 	assert.Equal(t, 0, len(summaryDetails.ListResourcesIDs().Excluded()))
 	assert.Equal(t, 0, len(summaryDetails.ListResourcesIDs().Passed()))
 
 	// test control listing
-	assert.Equal(t, len(res.ListControlsIDs(nil).All()), summaryDetails.NumberOfControls().All())
+	assert.Equal(t, res.ListControlsIDs(nil).All().Len(), summaryDetails.NumberOfControls().All())
 	assert.Equal(t, len(res.ListControlsIDs(nil).Passed()), summaryDetails.NumberOfControls().Passed())
 	assert.Equal(t, len(res.ListControlsIDs(nil).Failed()), summaryDetails.NumberOfControls().Failed())
 	assert.Equal(t, len(res.ListControlsIDs(nil).Excluded()), summaryDetails.NumberOfControls().Excluded())
@@ -83,7 +83,7 @@ func TestProcessResourcesResult(t *testing.T) {
 	opap.updateResults()
 
 	res = opaSessionObj.ResourcesResult[deployment.GetID()]
-	assert.Equal(t, 2, len(res.ListControlsIDs(nil).All()))
+	assert.Equal(t, 2, res.ListControlsIDs(nil).All().Len())
 	assert.Equal(t, 1, len(res.ListControlsIDs(nil).Excluded()))
 	assert.Equal(t, 1, len(res.ListControlsIDs(nil).Passed()))
 	assert.True(t, res.GetStatus(nil).IsExcluded())
@@ -93,7 +93,7 @@ func TestProcessResourcesResult(t *testing.T) {
 
 	// test resource listing
 	summaryDetails = opaSessionObj.Report.SummaryDetails
-	assert.Equal(t, 1, len(summaryDetails.ListResourcesIDs().All()))
+	assert.Equal(t, 1, summaryDetails.ListResourcesIDs().All().Len())
 	assert.Equal(t, 1, len(summaryDetails.ListResourcesIDs().Failed()))
 	assert.Equal(t, 0, len(summaryDetails.ListResourcesIDs().Excluded()))
 	assert.Equal(t, 0, len(summaryDetails.ListResourcesIDs().Passed()))

core/pkg/opaprocessor/processorhandlerutils.go

@@ -1,23 +1,23 @@
 package opaprocessor
 
 import (
-	"github.com/armosec/kubescape/v2/core/cautils"
-	logger "github.com/dwertent/go-logger"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/cautils"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/apis"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
-	resources "github.com/armosec/opa-utils/resources"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
+	resources "github.com/kubescape/opa-utils/resources"
 )
 
-// updateResults update the results objects and report objects. This is a critical function - DO NOT CHANGE
-/*
-	- remove sensible data
-	- adding exceptions
-	- summarize results
-*/
+// updateResults updates the results objects and report objects. This is a critical function - DO NOT CHANGE
+//
+// The function:
+//  - removes sensible data
+//  - adds exceptions
+//  - summarizes results
 func (opap *OPAProcessor) updateResults() {
 
 	// remove data from all objects
@@ -49,16 +49,6 @@ func (opap *OPAProcessor) updateResults() {
 	// map control to error
 	controlToInfoMap := mapControlToInfo(opap.ResourceToControlsMap, opap.InfoMap, opap.Report.SummaryDetails.Controls)
 	opap.Report.SummaryDetails.InitResourcesSummary(controlToInfoMap)
-	// for f := range opap.PostureReport.FrameworkReports {
-	// 	// set exceptions
-	// 	exceptions.SetFrameworkExceptions(&opap.PostureReport.FrameworkReports[f], opap.Exceptions, cautils.ClusterName)
-
-	// 	// set counters
-	// 	reporthandling.SetUniqueResourcesCounter(&opap.PostureReport.FrameworkReports[f])
-
-	// 	// set default score
-	// 	// reporthandling.SetDefaultScore(&opap.PostureReport.FrameworkReports[f])
-	// }
 }
 
 func mapControlToInfo(mapResourceToControls map[string][]string, infoMap map[string]apis.StatusInfo, controlSummary reportsummary.ControlSummaries) map[string]apis.StatusInfo {
@@ -84,14 +74,14 @@ func isEmptyResources(counters reportsummary.ICounters) bool {
 	return counters.Failed() == 0 && counters.Excluded() == 0 && counters.Passed() == 0
 }
 
-func getAllSupportedObjects(k8sResources *cautils.K8SResources, armoResources *cautils.ArmoResources, allResources map[string]workloadinterface.IMetadata, rule *reporthandling.PolicyRule) []workloadinterface.IMetadata {
+func getAllSupportedObjects(k8sResources *cautils.K8SResources, ksResources *cautils.KSResources, allResources map[string]workloadinterface.IMetadata, rule *reporthandling.PolicyRule) []workloadinterface.IMetadata {
 	k8sObjects := []workloadinterface.IMetadata{}
 	k8sObjects = append(k8sObjects, getKubernetesObjects(k8sResources, allResources, rule.Match)...)
-	k8sObjects = append(k8sObjects, getArmoObjects(armoResources, allResources, rule.DynamicMatch)...)
+	k8sObjects = append(k8sObjects, getKSObjects(ksResources, allResources, rule.DynamicMatch)...)
 	return k8sObjects
 }
 
-func getArmoObjects(k8sResources *cautils.ArmoResources, allResources map[string]workloadinterface.IMetadata, match []reporthandling.RuleMatchObjects) []workloadinterface.IMetadata {
+func getKSObjects(k8sResources *cautils.KSResources, allResources map[string]workloadinterface.IMetadata, match []reporthandling.RuleMatchObjects) []workloadinterface.IMetadata {
 	k8sObjects := []workloadinterface.IMetadata{}
 
 	for m := range match {

core/pkg/opaprocessor/processorhandlerutils_test.go

@@ -5,7 +5,7 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/kubescape/k8s-interface/workloadinterface"
 )
 
 func TestRemoveData(t *testing.T) {

core/pkg/opaprocessor/utils.go

@@ -1,9 +1,9 @@
 package opaprocessor
 
 import (
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 )
 
 // ConvertFrameworksToPolicies convert list of frameworks to list of policies

core/pkg/opaprocessor/utils_test.go

@@ -5,9 +5,9 @@ import (
 
 	"github.com/stretchr/testify/assert"
 
-	"github.com/armosec/kubescape/v2/core/mocks"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+	"github.com/kubescape/kubescape/v2/core/mocks"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 )
 
 func TestConvertFrameworksToPolicies(t *testing.T) {

core/pkg/policyhandler/handlenotification.go

@@ -4,8 +4,8 @@ import (
 	"fmt"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/pkg/resourcehandler"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/pkg/resourcehandler"
 )
 
 // PolicyHandler -
@@ -49,14 +49,14 @@ func (policyHandler *PolicyHandler) CollectResources(policyIdentifier []cautils.
 func (policyHandler *PolicyHandler) getResources(policyIdentifier []cautils.PolicyIdentifier, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) error {
 	opaSessionObj.Report.ClusterAPIServerInfo = policyHandler.resourceHandler.GetClusterAPIServerInfo()
 
-	resourcesMap, allResources, armoResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj, &policyIdentifier[0].Designators)
+	resourcesMap, allResources, ksResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj, &policyIdentifier[0].Designators)
 	if err != nil {
 		return err
 	}
 
 	opaSessionObj.K8SResources = resourcesMap
 	opaSessionObj.AllResources = allResources
-	opaSessionObj.ArmoResource = armoResources
+	opaSessionObj.ArmoResource = ksResources
 
 	return nil
 }

core/pkg/policyhandler/handlepullpolicies.go

@@ -4,13 +4,13 @@ import (
 	"fmt"
 	"strings"
 
-	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/opa-utils/reporthandling"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/opa-utils/reporthandling"
 )
 
 func (policyHandler *PolicyHandler) getPolicies(policyIdentifier []cautils.PolicyIdentifier, policiesAndResources *cautils.OPASessionObj) error {

core/pkg/policyhandler/handlepullpoliciesutils.go

@@ -4,9 +4,9 @@ import (
 	"fmt"
 	"strings"
 
-	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 
-	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils"
 )
 
 func getScanKind(policyIdentifier []cautils.PolicyIdentifier) apisv1.NotificationPolicyKind {

core/pkg/registryadaptors/armosec/v1/civksadaptor.go

@@ -4,29 +4,29 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
-	"github.com/armosec/kubescape/v2/core/pkg/containerscan"
-	"github.com/armosec/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
-	logger "github.com/dwertent/go-logger"
-	"github.com/dwertent/go-logger/helpers"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/pkg/containerscan"
+	"github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
 )
 
-func NewArmoAdaptor(armoAPI *getter.ArmoAPI) *ArmoCivAdaptor {
-	return &ArmoCivAdaptor{
-		armoAPI: armoAPI,
+func NewKSAdaptor(api *getter.KSCloudAPI) *KSCivAdaptor {
+	return &KSCivAdaptor{
+		ksCloudAPI: api,
 	}
 }
 
-func (armoCivAdaptor *ArmoCivAdaptor) Login() error {
-	if armoCivAdaptor.armoAPI.IsLoggedIn() {
+func (ksCivAdaptor *KSCivAdaptor) Login() error {
+	if ksCivAdaptor.ksCloudAPI.IsLoggedIn() {
 		return nil
 	}
-	return armoCivAdaptor.armoAPI.Login()
+	return ksCivAdaptor.ksCloudAPI.Login()
 }
-func (armoCivAdaptor *ArmoCivAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) {
+func (ksCivAdaptor *KSCivAdaptor) GetImagesVulnerabilities(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageVulnerabilityReport, error) {
 	resultList := make([]registryvulnerabilities.ContainerImageVulnerabilityReport, 0)
 	for _, imageID := range imageIDs {
-		result, err := armoCivAdaptor.GetImageVulnerability(&imageID)
+		result, err := ksCivAdaptor.GetImageVulnerability(&imageID)
 		if err == nil {
 			resultList = append(resultList, *result)
 		} else {
@@ -36,9 +36,9 @@ func (armoCivAdaptor *ArmoCivAdaptor) GetImagesVulnerabilities(imageIDs []regist
 	return resultList, nil
 }
 
-func (armoCivAdaptor *ArmoCivAdaptor) GetImageVulnerability(imageID *registryvulnerabilities.ContainerImageIdentifier) (*registryvulnerabilities.ContainerImageVulnerabilityReport, error) {
+func (ksCivAdaptor *KSCivAdaptor) GetImageVulnerability(imageID *registryvulnerabilities.ContainerImageIdentifier) (*registryvulnerabilities.ContainerImageVulnerabilityReport, error) {
 	// First
-	containerScanId, err := armoCivAdaptor.getImageLastScanId(imageID)
+	containerScanId, err := ksCivAdaptor.getImageLastScanId(imageID)
 	if err != nil {
 		return nil, err
 	}
@@ -51,9 +51,9 @@ func (armoCivAdaptor *ArmoCivAdaptor) GetImageVulnerability(imageID *registryvul
 	pageNumber := 1
 	request := V2ListRequest{PageSize: &pageSize, PageNum: &pageNumber, InnerFilters: filter, OrderBy: "timestamp:desc"}
 	requestBody, _ := json.Marshal(request)
-	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsDetails?customerGUID=%s", armoCivAdaptor.armoAPI.GetApiURL(), armoCivAdaptor.armoAPI.GetAccountID())
+	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsDetails?customerGUID=%s", ksCivAdaptor.ksCloudAPI.GetApiURL(), ksCivAdaptor.ksCloudAPI.GetAccountID())
 
-	resp, err := armoCivAdaptor.armoAPI.Post(requestUrl, map[string]string{"Content-Type": "application/json"}, requestBody)
+	resp, err := ksCivAdaptor.ksCloudAPI.Post(requestUrl, map[string]string{"Content-Type": "application/json"}, requestBody)
 	if err != nil {
 		return nil, err
 	}
@@ -82,16 +82,16 @@ func (armoCivAdaptor *ArmoCivAdaptor) GetImageVulnerability(imageID *registryvul
 	return &resultImageVulnerabilityReport, nil
 }
 
-func (armoCivAdaptor *ArmoCivAdaptor) DescribeAdaptor() string {
+func (ksCivAdaptor *KSCivAdaptor) DescribeAdaptor() string {
 	return "armo image vulnerabilities scanner, docs: https://hub.armosec.io/docs/configuration-of-image-vulnerabilities"
 }
 
-func (armoCivAdaptor *ArmoCivAdaptor) GetImagesInformation(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageInformation, error) {
+func (ksCivAdaptor *KSCivAdaptor) GetImagesInformation(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageInformation, error) {
 	// TODO
 	return []registryvulnerabilities.ContainerImageInformation{}, nil
 }
 
-func (armoCivAdaptor *ArmoCivAdaptor) GetImagesScanStatus(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageScanStatus, error) {
+func (ksCivAdaptor *KSCivAdaptor) GetImagesScanStatus(imageIDs []registryvulnerabilities.ContainerImageIdentifier) ([]registryvulnerabilities.ContainerImageScanStatus, error) {
 	// TODO
 	return []registryvulnerabilities.ContainerImageScanStatus{}, nil
 }

core/pkg/registryadaptors/armosec/v1/civksadaptor_test.go

@@ -3,7 +3,7 @@ package v1
 import (
 	"testing"
 
-	"github.com/armosec/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
+	"github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
 	"github.com/stretchr/testify/assert"
 )
 

core/pkg/registryadaptors/armosec/v1/civksadaptormock.go

@@ -3,8 +3,8 @@ package v1
 import (
 	"encoding/json"
 
-	"github.com/armosec/kubescape/v2/core/pkg/containerscan"
-	"github.com/armosec/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
+	"github.com/kubescape/kubescape/v2/core/pkg/containerscan"
+	"github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
 )
 
 type ArmoCivAdaptorMock struct {

core/pkg/registryadaptors/armosec/v1/civksadaptorutils.go

@@ -4,19 +4,19 @@ import (
 	"encoding/json"
 	"fmt"
 
-	"github.com/armosec/kubescape/v2/core/pkg/containerscan"
-	"github.com/armosec/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
+	"github.com/kubescape/kubescape/v2/core/pkg/containerscan"
+	"github.com/kubescape/kubescape/v2/core/pkg/registryadaptors/registryvulnerabilities"
 )
 
-func (armoCivAdaptor *ArmoCivAdaptor) getImageLastScanId(imageID *registryvulnerabilities.ContainerImageIdentifier) (string, error) {
+func (armoCivAdaptor *KSCivAdaptor) getImageLastScanId(imageID *registryvulnerabilities.ContainerImageIdentifier) (string, error) {
 	filter := []map[string]string{{"imageTag": imageID.Tag, "status": "Success"}}
 	pageSize := 1
 	pageNumber := 1
 	request := V2ListRequest{PageSize: &pageSize, PageNum: &pageNumber, InnerFilters: filter, OrderBy: "timestamp:desc"}
 	requestBody, _ := json.Marshal(request)
-	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsSumSummary?customerGUID=%s", armoCivAdaptor.armoAPI.GetApiURL(), armoCivAdaptor.armoAPI.GetAccountID())
+	requestUrl := fmt.Sprintf("https://%s/api/v1/vulnerability/scanResultsSumSummary?customerGUID=%s", armoCivAdaptor.ksCloudAPI.GetApiURL(), armoCivAdaptor.ksCloudAPI.GetAccountID())
 
-	resp, err := armoCivAdaptor.armoAPI.Post(requestUrl, map[string]string{"Content-Type": "application/json"}, requestBody)
+	resp, err := armoCivAdaptor.ksCloudAPI.Post(requestUrl, map[string]string{"Content-Type": "application/json"}, requestBody)
 	if err != nil {
 		return "", err
 	}

core/pkg/registryadaptors/armosec/v1/datastructures.go

@@ -3,7 +3,7 @@ package v1
 import (
 	"time"
 
-	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 )
 
 type V2ListRequest struct {
@@ -22,7 +22,7 @@ type V2ListRequest struct {
 	// How to order (sort) the list, field name + sort order (asc/desc), like https://www.w3schools.com/sql/sql_orderby.asp
 	// Example: "timestamp:asc,severity:desc"
 	OrderBy string `json:"orderBy,omitempty"`
-	// Cursor to the next page of former requset. Not supported yet
+	// Cursor to the next page of former request. Not supported yet
 	// Cursor cannot be used with another parameters of this struct
 	Cursor string `json:"cursor,omitempty"`
 	// FieldsList allow us to return only subset of the source document fields
@@ -30,6 +30,7 @@ type V2ListRequest struct {
 	FieldsList              []string          `json:"includeFields,omitempty"`
 	FieldsReverseKeywordMap map[string]string `json:"-,omitempty"`
 }
-type ArmoCivAdaptor struct {
-	armoAPI *getter.ArmoAPI
+
+type KSCivAdaptor struct {
+	ksCloudAPI *getter.KSCloudAPI
 }

core/pkg/registryadaptors/contribute.md

@@ -4,12 +4,12 @@
 
 ### Layers
 
-* Controls and Rules: that actual control logic implementation, the "tests" themselves. Implemented in rego
-* OPA engine: the [OPA](https://github.com/open-policy-agent/opa) rego interpreter 
-* Rules processor: Kubescape component, it enumerates and runs the controls while also preparing the all the input data that the controls need for running
-* Data sources: set of different modules providing data to the Rules processor so it can run the controls with them. Examples: Kubernetes objects, cloud vendor API objects and adding in this proposal the vulnerability infomration
+* Controls and Rules: that actual control logic implementation, the "tests" themselves. Implemented in rego.
+* OPA engine: the [OPA](https://github.com/open-policy-agent/opa) rego interpreter.
+* Rules processor: Kubescape component, it enumerates and runs the controls while preparing all of the input data that the controls need for running.
+* Data sources: set of different modules providing data to the Rules processor so it can run the controls with them. Examples: Kubernetes objects, cloud vendor API objects and adding in this proposal the vulnerability information.
 * Cloud Image Vulnerability adaption interface: the subject of this proposal, it gives a common interface for different registry/vulnerability vendors to adapt to.
-* CIV adaptors: specific implementation of the CIV interface, example Harbor adaption
+* CIV adaptors: specific implementation of the CIV interface, example Harbor adaption.
 ```
  -----------------------
 | Controls/Rules (rego) |
@@ -88,7 +88,7 @@ type ContainerImageInformation struct {
 
 type IContainerImageVulnerabilityAdaptor interface {
 	// Credentials are coming from user input (CLI or configuration file) and they are abstracted at string to string map level
-	// so and example use would be like registry: "simpledockerregistry:80" and credentials like {"username":"joedoe","password":"abcd1234"}
+	// so an example use would be like registry: "simpledockerregistry:80" and credentials like {"username":"joedoe","password":"abcd1234"}
 	Login(registry string, credentials map[string]string) error
 
 	// For "help" purposes
@@ -161,4 +161,4 @@ The rego results will be a combination of the k8s artifact and the list of relev
         }
     ]
 }
-```
+```

core/pkg/resourcehandler/fieldselector.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/kubescape/k8s-interface/k8sinterface"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )
 

core/pkg/resourcehandler/fieldselector_test.go

@@ -3,7 +3,7 @@ package resourcehandler
 import (
 	"testing"
 
-	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/stretchr/testify/assert"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 )