Merge pull request #558 from armosec/dev

Support helm chart scanning and reporting
Merge pull request #557 from dwertent/master
2026-02-19 20:39:56 +00:00 · 2022-07-06 10:37:14 +03:00 · 2022-07-05 16:27:18 +03:00 · 2022-07-05 15:13:02 +03:00 · 2022-07-05 12:16:18 +03:00 · 2022-07-05 11:44:07 +03:00
269 changed files with 14830 additions and 5798 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -28,18 +28,25 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v3
      - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
-          go-version: 1.17
-
-      - name: Test
+          go-version: 1.18
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: go test -v ./...

+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
      - name: Build
        env:
          RELEASE: v2.0.${{ github.run_number }} 
+          CLIENT: release
          ArmoBEServer: api.armo.cloud
          ArmoAuthServer: auth.armo.cloud
          ArmoERServer: report.armo.cloud
@@ -74,9 +81,6 @@ jobs:
          asset_path: build/${{ matrix.os }}/kubescape.sha256
          asset_name: kubescape-${{ matrix.os }}-sha256
          asset_content_type: application/octet-stream
-
-
-
  build-docker:
    name: Build docker container, tag and upload to registry
    needs: build
@@ -98,28 +102,28 @@ jobs:
        id: image-name
        run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/kubescape'

-      - name: Build the Docker image
-        run: docker build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
-      - name: Re-Tag Image to latest
-        run: docker tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} ${{ steps.image-name.outputs.IMAGE_NAME }}:latest
-      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
      - name: Login to Quay.io
-        env: # Or as an environment variable
+        env:
          QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
          QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
        run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
+
+      - name: Build the Docker image
+        run: docker buildx build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:latest --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg client=image-release --push --platform linux/amd64,linux/arm64
+
      # - name: Login to GitHub Container Registry
      #   uses: docker/login-action@v1
      #   with:
      #     registry: ghcr.io
      #     username: ${{ github.actor }}
      #     password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push Docker image
-        run: |
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }}
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:latest
-      
+    
      # TODO - Wait for casign to support fixed tags -> https://github.com/sigstore/cosign/issues/1424
      # - name: Install cosign
      #   uses: sigstore/cosign-installer@main
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -11,19 +11,35 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
-      - uses: actions/checkout@v1
-
+      - uses: actions/checkout@v3
      - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
-          go-version: 1.17
+          go-version: 1.18
          
-      - name: Test
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      
+      # - name: Test core pkg
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   run: cd core && go test -v ./...
+
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: go test -v ./...

+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
      - name: Build
        env:
          RELEASE: v2.0.${{ github.run_number }} 
+          CLIENT: release-dev
          ArmoBEServer: api.armo.cloud
          ArmoAuthServer: auth.armo.cloud
          ArmoERServer: report.armo.cloud
@@ -64,21 +80,17 @@ jobs:
        id: image-name
        run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/kubescape'

-      - name: Build the Docker image
-        run: docker build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
      - name: Login to Quay.io
        env:
          QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
          QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
        run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
-      # - name: Login to GitHub Container Registry
-      #   uses: docker/login-action@v1
-      #   with:
-      #     registry: ghcr.io
-      #     username: ${{ github.actor }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push Docker image
-        run: |
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
+
+      - name: Build the Docker image
+        run: docker buildx build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg client=image-dev --push --platform linux/amd64,linux/arm64
--- a/.github/workflows/master_pr_checks.yaml
+++ b/.github/workflows/master_pr_checks.yaml
@@ -12,19 +12,27 @@ jobs:
      matrix:
        os: [ubuntu-latest, macos-latest, windows-latest]
    steps:
-      - uses: actions/checkout@v1
-
+      - uses: actions/checkout@v3
      - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
        with:
-          go-version: 1.17
+          go-version: 1.18

-      - name: Test
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: go test -v ./...

+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
      - name: Build
        env:
          RELEASE: v2.0.${{ github.run_number }} 
+          CLIENT: test
          ArmoBEServer: api.armo.cloud
          ArmoAuthServer: auth.armo.cloud
          ArmoERServer: report.armo.cloud
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,5 @@
 *vender*
 *.pyc*
 .idea
+.history
 ca.srl
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -2,8 +2,9 @@

 The following table lists Kubescape project maintainers 

-| Name | GitHub | Email | Organization | Repositories/Area of Expertise | Added/Renewed On |
+| Name | GitHub | Email | Organization | Role | Added/Renewed On |
 | --- | --- | --- | --- | --- | --- |
-| Ben Hirschberg | @slashben | ben@armosec.io | ARMO | Kubescape CLI | 2021-09-01 |
-| Rotem Refael | @rotemamsa | rrefael@armosec.io | ARMO | Kubescape CLI | 2021-10-11 |
-| David Wertenteil | @dwertent | dwertent@armosec.io | ARMO | Kubescape CLI | 2021-09-01 |
+| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | ben@armosec.io | [ARMO](https://www.armosec.io/) | VP R&D | 2021-09-01 |
+| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | rrefael@armosec.io | [ARMO](https://www.armosec.io/) | Team Leader | 2021-10-11 |
+| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | dwertent@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape CLI Developer | 2021-09-01 |
+| [Bezalel Brandwine](https://www.linkedin.com/in/bezalel-brandwine) | [@Bezbran](https://github.com/Bezbran) | bbrandwine@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape SaaS Developer | 2021-09-01 |
--- a/README.md
+++ b/README.md
@@ -3,6 +3,8 @@
 [![build](https://github.com/armosec/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/armosec/kubescape/actions/workflows/build.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/armosec/kubescape)](https://goreportcard.com/report/github.com/armosec/kubescape)

+
+
 Kubescape is a K8s open-source tool providing a multi-cloud K8s single pane of glass, including risk analysis, security compliance, RBAC visualizer and image vulnerabilities scanning. 
 Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo) , [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/)), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time.
 It became one of the fastest-growing Kubernetes tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins’ precious time, effort, and resources.
@@ -10,11 +12,23 @@ Kubescape integrates natively with other DevOps tools, including Jenkins, Circle

 </br>

+<!-- # Kubescape Coverage
+<img src="docs/ksfromcodetodeploy.png">
+
+</br> -->
+
+
+# Kubescape CLI:
 <img src="docs/demo.gif">

+</br>
+
+<!-- # Kubescape overview:
+<img src="docs/ARMO-header-2022.gif"> -->
+
 # TL;DR
 ## Install:
-```
+```sh
 curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh | /bin/bash
 ```

@@ -22,9 +36,13 @@ curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh |

 [Install on macOS](#install-on-macos)

+[Install on NixOS or Linux/macOS via nix](#install-on-nixos-or-with-nix-community)
+
+[Install using Go](#install-using-go)
+
 ## Run:
-```
-kubescape scan --submit --enable-host-scan
+```sh
+kubescape scan --submit --enable-host-scan --verbose
 ```

 <img src="docs/summary.png">
@@ -46,14 +64,18 @@ We invite you to our team! We are excited about this project and want to return

 Want to contribute? Want to discuss something? Have an issue?

+* Feel free to pick a task from the [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) 
 * Open a issue, we are trying to respond within 48 hours
 * [Join us](https://armosec.github.io/kubescape/) in a discussion on our discord server!

 [<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://armosec.github.io/kubescape/)
+![discord](https://img.shields.io/discord/893048809884643379)


 # Options and examples

+[Kubescape docs](https://hub.armo.cloud/docs)
+
 ## Playground
 * [Kubescape playground](https://www.katacoda.com/pathaksaiyam/scenarios/kubescape)

@@ -61,9 +83,11 @@ Want to contribute? Want to discuss something? Have an issue?

 * [Overview](https://youtu.be/wdBkt_0Qhbg)
 * [How To Secure Kubernetes Clusters With Kubescape And Armo](https://youtu.be/ZATGiDIDBQk)
-* [Scanning Kubernetes YAML files](https://youtu.be/Ox6DaR7_4ZI)
+* [Scan Kubernetes YAML files](https://youtu.be/Ox6DaR7_4ZI)
 * [Scan Kubescape on an air-gapped environment (offline support)](https://youtu.be/IGXL9s37smM)
 * [Managing exceptions in the Kubescape SaaS version](https://youtu.be/OzpvxGmCR80)
+* [Configure and run customized frameworks](https://youtu.be/12Sanq_rEhs)
+* Customize controls configurations. [Kubescape CLI](https://youtu.be/955psg6TVu4), [Kubescape SaaS](https://youtu.be/lIMVSVhH33o)

 ## Install on Windows

@@ -81,35 +105,48 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser

 ## Install on macOS

-1. ```
+1. ```sh
    brew tap armosec/kubescape
    ```
-2. ```
+2. ```sh
    brew install kubescape
    ```

-## Flags
+## Install on NixOS or with nix (Community)

-| flag                        | default                   | description                                                                                                                                                                                                                                                                                                          | options                          |
-|-----------------------------|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------|
-| `-e`/`--exclude-namespaces` | Scan all namespaces       | Namespaces to exclude from scanning. Recommended to exclude `kube-system` and `kube-public` namespaces                                                                                                                                                                                                               |                                              |
-| `--include-namespaces`      | Scan all namespaces       | Scan specific namespaces                                                                                                                            |                                              |
-| `-s`/`--silent`             | Display progress messages | Silent progress messages                                                                                                                                                                                                                                                                                             |                                              |
-| `-t`/`--fail-threshold`     | `100` (do not fail)         | fail command (return exit code 1) if result is above threshold                                                                                                                                                                                                                                                       | `0` -> `100`                                 |
-| `-f`/`--format`             | `pretty-printer`          | Output format                                                                                                                                                                                                                                                                                                        | `pretty-printer`/`json`/`junit`/`prometheus` |
-| `-o`/`--output`             | print to stdout           | Save scan result in file                                                                                                                                                                                                                                                                                             |                                              |
-| `--use-from`                |                           | Load local framework object from specified path. If not used will download latest                                                                                                                                                                                                                                    | 
-| `--use-artifacts-from`                |                           | Load artifacts (frameworks, control-config, exceptions) from local directory. If not used will download them                                                                                                                                                                                                                                    |                                              |
-| `--use-default`             | `false`                   | Load local framework object from default path. If not used will download latest                                                                                                                                                                                                                                      | `true`/`false`                               |
-| `--exceptions`              |                           | Path to an exceptions obj, [examples](examples/exceptions/README.md). Default will download exceptions from Kubescape SaaS                                                                                                                                                                                               |  
-| `--controls-config`              |                           | Path to a controls-config obj. If not set will download controls-config from ARMO management portal                                                                                                                                                                                               |                                            |
-| `--submit`                  | `false`                   | If set, Kubescape will send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not sent | `true`/`false`                               |
-| `--keep-local`              | `false`                   | Kubescape will not send scan results to Armo management portal. Use this flag if you ran with the `--submit` flag in the past and you do not want to submit your current scan results                                                                                                                                | `true`/`false`                               |
-| `--account`                 |                           | Armo portal account ID. Default will load account ID from configMap or config file                                                                                                                                                                                                                                   |                                              |
-| `--kube-context`                 |        current-context               |  Cluster context to scan                                                                                                                                                                                                                              |                                              |
-| `--verbose`                 | `false`                   | Display all of the input resources and not only failed resources                                                                                                                                                                                                                                                     | `true`/`false`                               |
-| `--logger`                 | `info`                   | Set the logger level                                                                                                                                                                                                                                                 | `debug`/`info`/`success`/`warning`/`error`/`fatal`                               |
+Direct issues installing `kubescape` via `nix` through the channels mentioned [here](https://nixos.wiki/wiki/Support)

+You can use `nix` on Linux or macOS and on other platforms unofficially.
+
+Try it out in an ephemeral shell: `nix-shell -p kubescape`
+
+Install declarative as usual
+
+NixOS:
+
+```nix
+  # your other config ...
+  environment.systemPackages = with pkgs; [
+    # your other packages ...
+    kubescape
+  ];
+```
+
+home-manager:
+
+```nix
+  # your other config ...
+  home.packages = with pkgs; [
+    # your other packages ...
+    kubescape
+  ];
+```
+
+Or to your profile (not preferred): `nix-env --install -A nixpkgs.kubescape`
+
+## Install using Go
+
+With a sufficient version of `go` you can install and build with `go install github.com/armosec/kubescape/v2@latest`

 ## Usage & Examples

@@ -118,9 +155,11 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser

 #### Scan a running Kubernetes cluster and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan --submit
+kubescape scan --submit --enable-host-scan  --verbose
 ```

+> Read [here](https://hub.armo.cloud/docs/host-sensor) more about the `enable-host-scan` flag
+
 #### Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
 kubescape scan framework nsa --submit
@@ -148,14 +187,14 @@ kubescape scan --include-namespaces development,staging,production
 kubescape scan --exclude-namespaces kube-system,kube-public
 ```

-#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI)
+#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI) Submit the results in case the directory is a git repo. [docs](https://hub.armo.cloud/docs/repository-scanning)
 ```
-kubescape scan *.yaml
+kubescape scan *.yaml --submit
 ```

-#### Scan kubernetes manifest files from a public github repository 
+#### Scan kubernetes manifest files from a git repository [and submit the results](https://hub.armo.cloud/docs/repository-scanning)
 ```
-kubescape scan https://github.com/armosec/kubescape
+kubescape scan https://github.com/armosec/kubescape --submit
 ```

 #### Display all scanned resources (including the resources who passed) 
@@ -164,8 +203,11 @@ kubescape scan --verbose
 ```

 #### Output in `json` format
+
+> Add the `--format-version v2` flag 
+
 ```
-kubescape scan --format json --output results.json
+kubescape scan --format json --format-version v2 --output results.json
 ```

 #### Output in `junit xml` format
@@ -173,7 +215,14 @@ kubescape scan --format json --output results.json
 kubescape scan --format junit --output results.xml
 ```

+#### Output in `pdf` format - Contributed by [@alegrey91](https://github.com/alegrey91)
+
+```
+kubescape scan --format pdf --output results.pdf
+```
+
 #### Output in `prometheus` metrics format - Contributed by [@Joibel](https://github.com/Joibel)
+
 ```
 kubescape scan --format prometheus
 ```
@@ -184,16 +233,11 @@ kubescape scan --format prometheus
 kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json
 ```

-#### Scan Helm charts - Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout
+#### Scan Helm charts 
 ```
-helm template [NAME] [CHART] [flags] --dry-run | kubescape scan -
+kubescape scan </path/to/directory> --submit
 ```
-
-e.g.
-```
-helm template bitnami/mysql --generate-name --dry-run | kubescape scan -
-```
-
+> Kubescape will load the default values file

 ### Offline/Air-gaped Environment Support

@@ -241,106 +285,42 @@ Official Docker image `quay.io/armosec/kubescape`
 docker run -v "$(pwd)/example.yaml:/app/example.yaml  quay.io/armosec/kubescape scan /app/example.yaml
 ```

+If you wish, you can [build the docker image on your own](build/README.md)
+
 # Submit data manually

 Use the `submit` command if you wish to submit data manually

 ## Submit scan results manually

-First, scan your cluster using the `json` format flag: `kubescape scan framework <name> --format json --output path/to/results.json`.
+> Support forward compatibility by using the `--format-version v2` flag

-Now you can submit the results to the Kubaescape SaaS version -
+First, scan your cluster using the `json` format flag: `kubescape scan framework <name> --format json --format-version v2 --output path/to/results.json`.
+
+Now you can submit the results to the Kubescape SaaS version -
 ```
 kubescape submit results path/to/results.json
 ```
-# How to build
-
-## Build using python (3.7^) script
-
-Kubescape can be built using:
-
-``` sh
-python build.py
-```
-
-Note: In order to built using the above script, one must set the environment
-variables in this script:
-
-+ RELEASE
-+ ArmoBEServer
-+ ArmoERServer
-+ ArmoWebsite
-+ ArmoAuthServer


-## Build using go
+# Integrations

-Note: development (and the release process) is done with Go `1.17`
+## VS Code Extension 

-1. Clone Project
-```
-git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
-```
+![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/kubescape.kubescape?label=VScode) ![Open VSX](https://img.shields.io/open-vsx/dt/kubescape/kubescape?label=openVSX&color=yellowgreen)

-2. Build
-```
-go build -o kubescape .
-```
+Scan the YAML files while writing them using the [vs code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) 

-3. Run
-```
-./kubescape scan --submit --enable-host-scan
-```
-
-4. Enjoy :zany_face:
-
-## Docker Build
-
-### Build your own Docker image
-
-1. Clone Project
-```
-git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
-```
-
-2. Build
-```
-docker build -t kubescape -f build/Dockerfile .
-```
+## Lens Extension

+View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using kubescape [Lens extension](https://github.com/armosec/lens-kubescape/blob/master/README.md)

 # Under the hood

-## Tests
-Kubescape is running the following tests according to what is defined by [Kubernetes Hardening Guidance by NSA and CISA](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
-* Non-root containers
-* Immutable container filesystem
-* Privileged containers
-* hostPID, hostIPC privileges
-* hostNetwork access
-* allowedHostPaths field
-* Protecting pod service account tokens
-* Resource policies
-* Control plane hardening
-* Exposed dashboard
-* Allow privilege escalation
-* Applications credentials in configuration files
-* Cluster-admin binding
-* Exec into container
-* Dangerous capabilities
-* Insecure capabilities
-* Linux hardening
-* Ingress and Egress blocked
-* Container hostPort
-* Network policies
-* Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)
-
-
-
 ## Technology
 Kubescape based on OPA engine: https://github.com/open-policy-agent/opa and ARMO's posture controls.

-The tools retrieves Kubernetes objects from the API server and runs a set of [regos snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/).
+The tools retrieves Kubernetes objects from the API server and runs a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/).

 The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.

--- a/build.py
+++ b/build.py
@@ -4,69 +4,82 @@ import hashlib
 import platform
 import subprocess

-BASE_GETTER_CONST = "github.com/armosec/kubescape/cautils/getter"
+BASE_GETTER_CONST = "github.com/armosec/kubescape/v2/core/cautils/getter"
 BE_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoBEURL"
 ER_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoERURL"
 WEBSITE_CONST     = BASE_GETTER_CONST + ".ArmoFEURL"
 AUTH_SERVER_CONST = BASE_GETTER_CONST + ".armoAUTHURL"

-def checkStatus(status, msg):
+def check_status(status, msg):
    if status != 0:
        sys.stderr.write(msg)
        exit(status)


-def getBuildDir():
-    currentPlatform = platform.system()
-    buildDir = "build/"
+def get_build_dir():
+    current_platform = platform.system()
+    build_dir = "./build/"

-    if currentPlatform == "Windows": buildDir += "windows-latest"
-    elif currentPlatform == "Linux": buildDir += "ubuntu-latest"
-    elif currentPlatform == "Darwin": buildDir += "macos-latest"
-    else: raise OSError("Platform %s is not supported!" % (currentPlatform))
+    if current_platform == "Windows": build_dir += "windows-latest"
+    elif current_platform == "Linux": build_dir += "ubuntu-latest"
+    elif current_platform == "Darwin": build_dir += "macos-latest"
+    else: raise OSError("Platform %s is not supported!" % (current_platform))

-    return buildDir
+    return build_dir

-def getPackageName():
-    packageName = "kubescape"
-    # if platform.system() == "Windows": packageName += ".exe"
+def get_package_name():
+    package_name = "kubescape"
+    # if platform.system() == "Windows": package_name += ".exe"

-    return packageName
+    return package_name


 def main():
    print("Building Kubescape")

-    # print environment variables
-    # print(os.environ)
-
    # Set some variables
-    packageName = getPackageName()
-    buildUrl = "github.com/armosec/kubescape/cautils.BuildNumber"
-    releaseVersion = os.getenv("RELEASE")
-    ArmoBEServer = os.getenv("ArmoBEServer")
-    ArmoERServer = os.getenv("ArmoERServer")
-    ArmoWebsite = os.getenv("ArmoWebsite")
-    ArmoAuthServer = os.getenv("ArmoAuthServer")
-
-    ks_file = os.path.join(buildDir, packageName)
-    hash_file = os.path.join(buildDir, packageName + ".sha256")
+    package_name = get_package_name()
+    build_url = "github.com/armosec/kubescape/v2/core/cautils.BuildNumber"
+    release_version = os.getenv("RELEASE")
+    armo_be_server = os.getenv("ArmoBEServer")
+    armo_er_server = os.getenv("ArmoERServer")
+    armo_website = os.getenv("ArmoWebsite")
+    armo_auth_server = os.getenv("ArmoAuthServer")

+    client_var = "github.com/armosec/kubescape/v2/core/cautils.Client"
+    client_name = os.getenv("CLIENT")
+    
    # Create build directory
-    buildDir = getBuildDir()
+    build_dir = get_build_dir()

-    if not os.path.isdir(buildDir):
-        os.makedirs(buildDir)
+    ks_file = os.path.join(build_dir, package_name)
+    hash_file = ks_file + ".sha256"
+
+    if not os.path.isdir(build_dir):
+        os.makedirs(build_dir)

    # Build kubescape
-    ldflags = "-w -s -X %s=%s -X %s=%s -X %s=%s -X %s=%s -X %s=%s" \
-        % (buildUrl, releaseVersion, BE_SERVER_CONST, ArmoBEServer,
-           ER_SERVER_CONST, ArmoERServer, WEBSITE_CONST, ArmoWebsite,
-           AUTH_SERVER_CONST, ArmoAuthServer)
+    ldflags = "-w -s"
+    if release_version:
+        ldflags += " -X {}={}".format(build_url, release_version)
+    if client_name:
+        ldflags += " -X {}={}".format(client_var, client_name)
+    if armo_be_server:
+        ldflags += " -X {}={}".format(BE_SERVER_CONST, armo_be_server)
+    if armo_er_server:
+        ldflags += " -X {}={}".format(ER_SERVER_CONST, armo_er_server)
+    if armo_website:
+        ldflags += " -X {}={}".format(WEBSITE_CONST, armo_website)
+    if armo_auth_server:
+        ldflags += " -X {}={}".format(AUTH_SERVER_CONST, armo_auth_server)
+ 
+    build_command = ["go", "build", "-o", ks_file, "-ldflags" ,ldflags]

    print("Building kubescape and saving here: {}".format(ks_file))
-    status = subprocess.call(["go", "build", "-o", ks_file, "-ldflags" ,ldflags])
-    checkStatus(status, "Failed to build kubescape")
+    print("Build command: {}".format(" ".join(build_command)))
+
+    status = subprocess.call(build_command)
+    check_status(status, "Failed to build kubescape")
    
    sha256 = hashlib.sha256()
    with open(ks_file, "rb") as kube:
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,9 +1,10 @@
-FROM golang:1.17-alpine as builder
-#ENV GOPROXY=https://goproxy.io,direct
+FROM golang:1.18-alpine as builder

 ARG image_version
+ARG client

-ENV RELEASE=image_version
+ENV RELEASE=$image_version
+ENV CLIENT=$client

 ENV GO111MODULE=

@@ -18,15 +19,30 @@ RUN pip3 install --no-cache --upgrade pip setuptools
 WORKDIR /work
 ADD . .

+# build kubescape server
+WORKDIR /work/httphandler
+RUN python build.py
+RUN ls -ltr build/ubuntu-latest
+
+# build kubescape cmd
+WORKDIR /work
 RUN python build.py

-RUN ls -ltr build/ubuntu-latest
-RUN cat /work/build/ubuntu-latest/kubescape.sha1
+RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts

 FROM alpine
+
+RUN addgroup -S armo && adduser -S armo -G armo
+
+RUN mkdir /home/armo/.kubescape
+COPY --from=builder /work/artifacts/ /home/armo/.kubescape
+
+RUN chown -R armo:armo /home/armo/.kubescape
+
+USER armo
+WORKDIR /home/armo
+
+COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver
 COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape

-# # Download the frameworks. Use the "--use-default" flag when running kubescape
-# RUN kubescape download framework nsa && kubescape download framework mitre
-
-ENTRYPOINT ["kubescape"]
+ENTRYPOINT ["ksserver"]
--- a/build/README.md
+++ b/build/README.md
@@ -0,0 +1,13 @@
+## Docker Build
+
+### Build your own Docker image
+
+1. Clone Project
+```
+git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
+```
+
+2. Build
+```
+docker build -t kubescape -f build/Dockerfile .
+```
--- a/cautils/datastructures.go
+++ b/cautils/datastructures.go
@@ -1,75 +0,0 @@
-package cautils
-
-import (
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
-)
-
-// K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
-type K8SResources map[string][]string
-
-type OPASessionObj struct {
-	K8SResources    *K8SResources                          // input k8s objects
-	Frameworks      []reporthandling.Framework             // list of frameworks to scan
-	AllResources    map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
-	ResourcesResult map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
-	PostureReport   *reporthandling.PostureReport          // scan results v1
-	Report          *reporthandlingv2.PostureReport        // scan results v2
-	Exceptions      []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
-	RegoInputData   RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
-}
-
-func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources) *OPASessionObj {
-	return &OPASessionObj{
-		Report:          &reporthandlingv2.PostureReport{},
-		Frameworks:      frameworks,
-		K8SResources:    k8sResources,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
-		PostureReport: &reporthandling.PostureReport{
-			ClusterName:  ClusterName,
-			CustomerGUID: CustomerGUID,
-		},
-	}
-}
-
-func NewOPASessionObjMock() *OPASessionObj {
-	return &OPASessionObj{
-		Frameworks:      nil,
-		K8SResources:    nil,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
-		Report:          &reporthandlingv2.PostureReport{},
-		PostureReport: &reporthandling.PostureReport{
-			ClusterName:  "",
-			CustomerGUID: "",
-			ReportID:     "",
-			JobID:        "",
-		},
-	}
-}
-
-type ComponentConfig struct {
-	Exceptions Exception `json:"exceptions"`
-}
-
-type Exception struct {
-	Ignore        *bool                      `json:"ignore"`        // ignore test results
-	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
-	Namespaces    []string                   `json:"namespaces"`
-	Regex         string                     `json:"regex"` // not supported
-}
-
-type RegoInputData struct {
-	PostureControlInputs map[string][]string `json:"postureControlInputs"`
-	// ClusterName          string              `json:"clusterName"`
-	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
-}
-
-type Policies struct {
-	Frameworks []string
-	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
-}
--- a/cautils/downloadinfo.go
+++ b/cautils/downloadinfo.go
@@ -1,9 +0,0 @@
-package cautils
-
-type DownloadInfo struct {
-	Path     string // directory to save artifact. Default is "~/.kubescape/"
-	FileName string // can be empty
-	Target   string // type of artifact to download
-	Name     string // name of artifact to download
-	Account  string // customerGUID
-}
--- a/cautils/environments.go
+++ b/cautils/environments.go
@@ -1,11 +0,0 @@
-package cautils
-
-// CA environment vars
-var (
-	CustomerGUID          = ""
-	ClusterName           = ""
-	EventReceiverURL      = ""
-	NotificationServerURL = ""
-	DashboardBackendURL   = ""
-	RestAPIPort           = "4001"
-)
--- a/cautils/logger/methods.go
+++ b/cautils/logger/methods.go
@@ -1,41 +0,0 @@
-package logger
-
-import (
-	"os"
-
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/cautils/logger/prettylogger"
-)
-
-type ILogger interface {
-	Fatal(msg string, details ...helpers.IDetails) // print log and exit 1
-	Error(msg string, details ...helpers.IDetails)
-	Success(msg string, details ...helpers.IDetails)
-	Warning(msg string, details ...helpers.IDetails)
-	Info(msg string, details ...helpers.IDetails)
-	Debug(msg string, details ...helpers.IDetails)
-
-	SetLevel(level string) error
-	GetLevel() string
-
-	SetWriter(w *os.File)
-	GetWriter() *os.File
-}
-
-var l ILogger
-
-func L() ILogger {
-	if l == nil {
-		InitializeLogger()
-	}
-	return l
-}
-
-func InitializeLogger() {
-	initializeLogger()
-}
-
-func initializeLogger() {
-	// TODO - support zap logger
-	l = prettylogger.NewPrettyLogger()
-}
--- a/cautils/scaninfo.go
+++ b/cautils/scaninfo.go
@@ -1,183 +0,0 @@
-package cautils
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"log"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/opa-utils/reporthandling"
-)
-
-const (
-	ScanCluster                string = "cluster"
-	ScanLocalFiles             string = "yaml"
-	localControlInputsFilename string = "controls-inputs.json"
-	localExceptionsFilename    string = "exceptions.json"
-)
-
-type BoolPtrFlag struct {
-	valPtr *bool
-}
-
-func (bpf *BoolPtrFlag) Type() string {
-	return "bool"
-}
-
-func (bpf *BoolPtrFlag) String() string {
-	if bpf.valPtr != nil {
-		return fmt.Sprintf("%v", *bpf.valPtr)
-	}
-	return ""
-}
-func (bpf *BoolPtrFlag) Get() *bool {
-	return bpf.valPtr
-}
-
-func (bpf *BoolPtrFlag) SetBool(val bool) {
-	bpf.valPtr = &val
-}
-
-func (bpf *BoolPtrFlag) Set(val string) error {
-	switch val {
-	case "true":
-		bpf.SetBool(true)
-	case "false":
-		bpf.SetBool(false)
-	}
-	return nil
-}
-
-type ScanInfo struct {
-	Getters
-	PolicyIdentifier   []reporthandling.PolicyIdentifier
-	UseExceptions      string      // Load file with exceptions configuration
-	ControlsInputs     string      // Load file with inputs for controls
-	UseFrom            []string    // Load framework from local file (instead of download). Use when running offline
-	UseDefault         bool        // Load framework from cached file (instead of download). Use when running offline
-	UseArtifactsFrom   string      // Load artifacts from local path. Use when running offline
-	VerboseMode        bool        // Display all of the input resources and not only failed resources
-	Format             string      // Format results (table, json, junit ...)
-	Output             string      // Store results in an output file, Output file name
-	ExcludedNamespaces string      // used for host sensor namespace
-	IncludeNamespaces  string      // DEPRECATED?
-	InputPatterns      []string    // Yaml files input patterns
-	Silent             bool        // Silent mode - Do not print progress logs
-	FailThreshold      uint16      // Failure score threshold
-	Submit             bool        // Submit results to Armo BE
-	HostSensor         BoolPtrFlag // Deploy ARMO K8s host sensor to collect data from certain controls
-	Local              bool        // Do not submit results
-	Account            string      // account ID
-	Logger             string      // logger level
-	KubeContext        string      // context name
-	FrameworkScan      bool        // false if scanning control
-	ScanAll            bool        // true if scan all frameworks
-}
-
-type Getters struct {
-	ExceptionsGetter     getter.IExceptionsGetter
-	ControlsInputsGetter getter.IControlsInputsGetter
-	PolicyGetter         getter.IPolicyGetter
-}
-
-func (scanInfo *ScanInfo) Init() {
-	scanInfo.setUseFrom()
-	scanInfo.setOutputFile()
-	scanInfo.setUseArtifactsFrom()
-}
-
-func (scanInfo *ScanInfo) setUseArtifactsFrom() {
-	if scanInfo.UseArtifactsFrom == "" {
-		return
-	}
-	// UseArtifactsFrom must be a path without a filename
-	dir, file := filepath.Split(scanInfo.UseArtifactsFrom)
-	if dir == "" {
-		scanInfo.UseArtifactsFrom = file
-	} else if strings.Contains(file, ".json") {
-		scanInfo.UseArtifactsFrom = dir
-	}
-	// set frameworks files
-	files, err := ioutil.ReadDir(scanInfo.UseArtifactsFrom)
-	if err != nil {
-		log.Fatal(err)
-	}
-	framework := &reporthandling.Framework{}
-	for _, f := range files {
-		filePath := filepath.Join(scanInfo.UseArtifactsFrom, f.Name())
-		file, err := os.ReadFile(filePath)
-		if err == nil {
-			if err := json.Unmarshal(file, framework); err == nil {
-				scanInfo.UseFrom = append(scanInfo.UseFrom, filepath.Join(scanInfo.UseArtifactsFrom, f.Name()))
-			}
-		}
-	}
-	// set config-inputs file
-	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
-	// set exceptions
-	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
-}
-
-func (scanInfo *ScanInfo) setUseExceptions() {
-	if scanInfo.UseExceptions != "" {
-		// load exceptions from file
-		scanInfo.ExceptionsGetter = getter.NewLoadPolicy([]string{scanInfo.UseExceptions})
-	} else {
-		scanInfo.ExceptionsGetter = getter.GetArmoAPIConnector()
-	}
-}
-
-func (scanInfo *ScanInfo) setUseFrom() {
-	if scanInfo.UseDefault {
-		for _, policy := range scanInfo.PolicyIdentifier {
-			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) setOutputFile() {
-	if scanInfo.Output == "" {
-		return
-	}
-	if scanInfo.Format == "json" {
-		if filepath.Ext(scanInfo.Output) != ".json" {
-			scanInfo.Output += ".json"
-		}
-	}
-	if scanInfo.Format == "junit" {
-		if filepath.Ext(scanInfo.Output) != ".xml" {
-			scanInfo.Output += ".xml"
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) GetScanningEnvironment() string {
-	if len(scanInfo.InputPatterns) != 0 {
-		return ScanLocalFiles
-	}
-	return ScanCluster
-}
-
-func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind reporthandling.NotificationPolicyKind) {
-	for _, policy := range policies {
-		if !scanInfo.contains(policy) {
-			newPolicy := reporthandling.PolicyIdentifier{}
-			newPolicy.Kind = kind // reporthandling.KindFramework
-			newPolicy.Name = policy
-			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) contains(policyName string) bool {
-	for _, policy := range scanInfo.PolicyIdentifier {
-		if policy.Name == policyName {
-			return true
-		}
-	}
-	return false
-}
--- a/clihandler/clidelete.go
+++ b/clihandler/clidelete.go
@@ -1,7 +0,0 @@
-package clihandler
-
-func CliDelete() error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	return tenant.DeleteCachedConfig()
-}
--- a/clihandler/clilist.go
+++ b/clihandler/clilist.go
@@ -1,58 +0,0 @@
-package clihandler
-
-import (
-	"fmt"
-	"sort"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-)
-
-var listFunc = map[string]func(*cliobjects.ListPolicies) ([]string, error){
-	"controls":   listControls,
-	"frameworks": listFrameworks,
-}
-
-func ListSupportCommands() []string {
-	commands := []string{}
-	for k := range listFunc {
-		commands = append(commands, k)
-	}
-	return commands
-}
-func CliList(listPolicies *cliobjects.ListPolicies) error {
-	if f, ok := listFunc[listPolicies.Target]; ok {
-		policies, err := f(listPolicies)
-		if err != nil {
-			return err
-		}
-		sort.Strings(policies)
-
-		sep := "\n  * "
-		usageCmd := strings.TrimSuffix(listPolicies.Target, "s")
-		fmt.Printf("Supported %s:%s%s\n", listPolicies.Target, sep, strings.Join(policies, sep))
-		fmt.Printf("\nUseage:\n")
-		fmt.Printf("$ kubescape scan %s \"name\"\n", usageCmd)
-		fmt.Printf("$ kubescape scan %s \"name-0\",\"name-1\"\n\n", usageCmd)
-		return nil
-	}
-	return fmt.Errorf("unknown command to download")
-}
-
-func listFrameworks(listPolicies *cliobjects.ListPolicies) ([]string, error) {
-	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
-	g := getPolicyGetter(nil, tenant.GetAccountID(), true, nil)
-
-	return listFrameworksNames(g), nil
-}
-
-func listControls(listPolicies *cliobjects.ListPolicies) ([]string, error) {
-	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
-	g := getPolicyGetter(nil, tenant.GetAccountID(), false, nil)
-	l := getter.ListName
-	if listPolicies.ListIDs {
-		l = getter.ListID
-	}
-	return g.ListControls(l)
-}
--- a/clihandler/cliobjects/listpolicies.go
+++ b/clihandler/cliobjects/listpolicies.go
@@ -1,7 +0,0 @@
-package cliobjects
-
-type ListPolicies struct {
-	Target  string
-	ListIDs bool
-	Account string
-}
--- a/clihandler/cliobjects/set.go
+++ b/clihandler/cliobjects/set.go
@@ -1,7 +0,0 @@
-package cliobjects
-
-type SetConfig struct {
-	Account   string
-	ClientID  string
-	SecretKey string
-}
--- a/clihandler/cliobjects/submit.go
+++ b/clihandler/cliobjects/submit.go
@@ -1,5 +0,0 @@
-package cliobjects
-
-type Submit struct {
-	Account string
-}
--- a/clihandler/cliset.go
+++ b/clihandler/cliset.go
@@ -1,22 +0,0 @@
-package clihandler
-
-import (
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-)
-
-func CliSetConfig(setConfig *cliobjects.SetConfig) error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi())
-
-	if setConfig.Account != "" {
-		tenant.GetConfigObj().AccountID = setConfig.Account
-	}
-	if setConfig.SecretKey != "" {
-		tenant.GetConfigObj().SecretKey = setConfig.SecretKey
-	}
-	if setConfig.ClientID != "" {
-		tenant.GetConfigObj().ClientID = setConfig.ClientID
-	}
-
-	return tenant.UpdateCachedConfig()
-}
--- a/clihandler/cliview.go
+++ b/clihandler/cliview.go
@@ -1,12 +0,0 @@
-package clihandler
-
-import (
-	"fmt"
-	"os"
-)
-
-func CliView() error {
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	fmt.Fprintf(os.Stderr, "%s\n", tenant.GetConfigObj().Config())
-	return nil
-}
--- a/clihandler/cmd/cluster.go
+++ b/clihandler/cmd/cluster.go
@@ -1,19 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-// clusterCmd represents the cluster command
-var clusterCmd = &cobra.Command{
-	Use:        "cluster",
-	Short:      "Set configuration for cluster",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-func init() {
-	configCmd.AddCommand(clusterCmd)
-}
--- a/clihandler/cmd/cluster_get.go
+++ b/clihandler/cmd/cluster_get.go
@@ -1,50 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/spf13/cobra"
-)
-
-var getCmd = &cobra.Command{
-	Use:        "get <key>",
-	Short:      "Get configuration in cluster",
-	Long:       ``,
-	Deprecated: "use the 'view' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-
-		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
-		val, err := clusterConfig.GetValueByKeyFromConfigMap(key)
-		if err != nil {
-			if err.Error() == "value does not exist." {
-				return fmt.Errorf("failed to get value from configmap, reason: %s", err.Error())
-			}
-			return err
-		}
-		logger.L().Info(key + "=" + val)
-		return nil
-	},
-}
-
-func init() {
-	clusterCmd.AddCommand(getCmd)
-}
--- a/clihandler/cmd/cluster_set.go
+++ b/clihandler/cmd/cluster_set.go
@@ -1,46 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/spf13/cobra"
-)
-
-var setClusterCmd = &cobra.Command{
-	Use:        "set <key>=<value>",
-	Short:      "Set configuration in cluster",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 2 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-		data := keyValue[1]
-
-		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
-		if err := clusterConfig.SetKeyValueInConfigmap(key, data); err != nil {
-			return err
-		}
-		logger.L().Info("value added successfully.")
-		return nil
-	},
-}
-
-func init() {
-	clusterCmd.AddCommand(setClusterCmd)
-}
--- a/clihandler/cmd/config.go
+++ b/clihandler/cmd/config.go
@@ -1,127 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var (
-	configExample = `
-  # View cached configurations 
-  kubescape config view
-
-  # Delete cached configurations
-  kubescape config delete
-
-  # Set cached configurations
-  kubescape config set --help
-`
-	setConfigExample = `
-  # Set account id
-  kubescape config set accountID <account id>
-
-  # Set client id
-  kubescape config set clientID <client id> 
-
-  # Set access key
-  kubescape config set secretKey <access key>
-`
-)
-
-// configCmd represents the config command
-var configCmd = &cobra.Command{
-	Use:     "config",
-	Short:   "handle cached configurations",
-	Example: configExample,
-}
-
-var setConfig = cliobjects.SetConfig{}
-
-// configCmd represents the config command
-var configSetCmd = &cobra.Command{
-	Use:       "set",
-	Short:     fmt.Sprintf("Set configurations, supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/")),
-	Example:   setConfigExample,
-	ValidArgs: stringKeysToSlice(supportConfigSet),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if err := parseSetArgs(args); err != nil {
-			return err
-		}
-		if err := clihandler.CliSetConfig(&setConfig); err != nil {
-			fmt.Fprintf(os.Stderr, "error: %v\n", err)
-			os.Exit(1)
-		}
-		return nil
-	},
-}
-
-var supportConfigSet = map[string]func(*cliobjects.SetConfig, string){
-	"accountID": func(s *cliobjects.SetConfig, account string) { s.Account = account },
-	"clientID":  func(s *cliobjects.SetConfig, clientID string) { s.ClientID = clientID },
-	"secretKey": func(s *cliobjects.SetConfig, secretKey string) { s.SecretKey = secretKey },
-}
-
-func stringKeysToSlice(m map[string]func(*cliobjects.SetConfig, string)) []string {
-	l := []string{}
-	for i := range m {
-		l = append(l, i)
-	}
-	return l
-}
-
-func parseSetArgs(args []string) error {
-	var key string
-	var value string
-	if len(args) == 1 {
-		if keyValue := strings.Split(args[0], "="); len(keyValue) == 2 {
-			key = keyValue[0]
-			value = keyValue[1]
-		}
-	} else if len(args) == 2 {
-		key = args[0]
-		value = args[1]
-	}
-	if setConfigFunc, ok := supportConfigSet[key]; ok {
-		setConfigFunc(&setConfig, value)
-	} else {
-		return fmt.Errorf("key '%s' unknown . supported: %s", key, strings.Join(stringKeysToSlice(supportConfigSet), "/"))
-	}
-	return nil
-}
-
-var configDeleteCmd = &cobra.Command{
-	Use:   "delete",
-	Short: "Delete cached configurations",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.CliDelete(); err != nil {
-			fmt.Fprintf(os.Stderr, "error: %v\n", err)
-			os.Exit(1)
-		}
-	},
-}
-
-// configCmd represents the config command
-var configViewCmd = &cobra.Command{
-	Use:   "view",
-	Short: "View cached configurations",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.CliView(); err != nil {
-			fmt.Fprintf(os.Stderr, "error: %v\n", err)
-			os.Exit(1)
-		}
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(configCmd)
-	configCmd.AddCommand(configSetCmd)
-	configCmd.AddCommand(configDeleteCmd)
-	configCmd.AddCommand(configViewCmd)
-}
--- a/clihandler/cmd/control.go
+++ b/clihandler/cmd/control.go
@@ -1,120 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/spf13/cobra"
-)
-
-var (
-	controlExample = `
-  # Scan the 'privileged container' control
-  kubescape scan control "privileged container"
-	
-  # Scan list of controls separated with a comma
-  kubescape scan control "privileged container","allowed hostpath"
-  
-  # Scan list of controls using the control ID separated with a comma
-  kubescape scan control C-0058,C-0057
-  
-  Run 'kubescape list controls' for the list of supported controls
-  
-  Control documentation:
-  https://hub.armo.cloud/docs/controls
-`
-)
-
-// controlCmd represents the control command
-var controlCmd = &cobra.Command{
-	Use:     "control <control names list>/<control ids list>",
-	Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
-	Example: controlExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			controls := strings.Split(args[0], ",")
-			if len(controls) > 1 {
-				if controls[1] == "" {
-					return fmt.Errorf("usage: <control-0>,<control-1>")
-				}
-			}
-		} else {
-			return fmt.Errorf("requires at least one control name")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		flagValidationControl()
-		scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
-
-		if len(args) == 0 {
-			scanInfo.ScanAll = true
-		} else { // expected control or list of control sepparated by ","
-
-			// Read controls from input args
-			scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), reporthandling.KindControl)
-
-			if len(args) > 1 {
-				if len(args[1:]) == 0 || args[1] != "-" {
-					scanInfo.InputPatterns = args[1:]
-				} else { // store stdin to file - do NOT move to separate function !!
-					tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
-					if err != nil {
-						return err
-					}
-					defer os.Remove(tempFile.Name())
-
-					if _, err := io.Copy(tempFile, os.Stdin); err != nil {
-						return err
-					}
-					scanInfo.InputPatterns = []string{tempFile.Name()}
-				}
-			}
-		}
-
-		scanInfo.FrameworkScan = false
-		scanInfo.Init()
-		cautils.SetSilentMode(scanInfo.Silent)
-		err := clihandler.ScanCliSetup(&scanInfo)
-		if err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	scanInfo = cautils.ScanInfo{}
-	scanCmd.AddCommand(controlCmd)
-}
-
-func flagValidationControl() {
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
-	}
-}
-
-func setScanForFirstControl(controls []string) []reporthandling.PolicyIdentifier {
-	newPolicy := reporthandling.PolicyIdentifier{}
-	newPolicy.Kind = reporthandling.KindControl
-	newPolicy.Name = controls[0]
-	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-	return scanInfo.PolicyIdentifier
-}
-
-func SetScanForGivenControls(controls []string) []reporthandling.PolicyIdentifier {
-	for _, control := range controls {
-		control := strings.TrimLeft(control, " ")
-		newPolicy := reporthandling.PolicyIdentifier{}
-		newPolicy.Kind = reporthandling.KindControl
-		newPolicy.Name = control
-		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-	}
-	return scanInfo.PolicyIdentifier
-}
--- a/clihandler/cmd/download.go
+++ b/clihandler/cmd/download.go
@@ -1,81 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/spf13/cobra"
-)
-
-var downloadInfo = cautils.DownloadInfo{}
-
-var (
-	downloadExample = `
-  # Download all artifacts and save them in the default path (~/.kubescape)
-  kubescape download artifacts
-  
-  # Download all artifacts and save them in /tmp path
-  kubescape download artifacts --output /tmp
-  
-  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
-  kubescape download framework nsa
-
-  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
-  kubescape download control "Allowed hostPath"
-
-  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
-  kubescape download control C-0001
-
-  # Download the configured exceptions
-  kubescape download exceptions 
-
-  # Download the configured controls-inputs 
-  kubescape download controls-inputs 
-
-`
-)
-var downloadCmd = &cobra.Command{
-	Use:     "download <policy> <policy name>",
-	Short:   fmt.Sprintf("Download %s", strings.Join(clihandler.DownloadSupportCommands(), ",")),
-	Long:    ``,
-	Example: downloadExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		supported := strings.Join(clihandler.DownloadSupportCommands(), ",")
-		if len(args) < 1 {
-			return fmt.Errorf("policy type required, supported: %v", supported)
-		}
-		if cautils.StringInSlice(clihandler.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
-			return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		downloadInfo.Target = args[0]
-		if len(args) >= 2 {
-			downloadInfo.Name = args[1]
-		}
-		if err := clihandler.CliDownload(&downloadInfo); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	cobra.OnInitialize(initDownload)
-
-	rootCmd.AddCommand(downloadCmd)
-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")
-
-}
-
-func initDownload() {
-	if filepath.Ext(downloadInfo.Path) == ".json" {
-		downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
-	}
-}
--- a/clihandler/cmd/framework.go
+++ b/clihandler/cmd/framework.go
@@ -1,128 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/spf13/cobra"
-)
-
-var (
-	frameworkExample = `
-  # Scan all frameworks and submit the results
-  kubescape scan --submit
-  
-  # Scan the NSA framework
-  kubescape scan framework nsa
-  
-  # Scan the NSA and MITRE framework
-  kubescape scan framework nsa,mitre
-  
-  # Scan all frameworks
-  kubescape scan framework all
-
-  # Scan kubernetes YAML manifest files
-  kubescape scan framework nsa *.yaml
-
-  # Scan and save the results in the JSON format
-  kubescape scan --format json --output results.json
-
-  # Save scan results in JSON format
-  kubescape scan --format json --output results.json
-
-  # Display all resources
-  kubescape scan --verbose
-
-  Run 'kubescape list frameworks' for the list of supported frameworks
-`
-)
-var frameworkCmd = &cobra.Command{
-	Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
-	Short:   "The framework you wish to use. Run 'kubescape list frameworks' for the list of supported frameworks",
-	Example: frameworkExample,
-	Long:    "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			frameworks := strings.Split(args[0], ",")
-			if len(frameworks) > 1 {
-				if frameworks[1] == "" {
-					return fmt.Errorf("usage: <framework-0>,<framework-1>")
-				}
-			}
-		} else {
-			return fmt.Errorf("requires at least one framework name")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		flagValidationFramework()
-		var frameworks []string
-
-		if len(args) == 0 { // scan all frameworks
-			scanInfo.ScanAll = true
-		} else {
-			// Read frameworks from input args
-			frameworks = strings.Split(args[0], ",")
-			if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
-				scanInfo.ScanAll = true
-				frameworks = []string{}
-			}
-			if len(args) > 1 {
-				if len(args[1:]) == 0 || args[1] != "-" {
-					scanInfo.InputPatterns = args[1:]
-				} else { // store stdin to file - do NOT move to separate function !!
-					tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
-					if err != nil {
-						return err
-					}
-					defer os.Remove(tempFile.Name())
-
-					if _, err := io.Copy(tempFile, os.Stdin); err != nil {
-						return err
-					}
-					scanInfo.InputPatterns = []string{tempFile.Name()}
-				}
-			}
-		}
-		scanInfo.FrameworkScan = true
-
-		scanInfo.SetPolicyIdentifiers(frameworks, reporthandling.KindFramework)
-
-		scanInfo.Init()
-		cautils.SetSilentMode(scanInfo.Silent)
-		err := clihandler.ScanCliSetup(&scanInfo)
-		if err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	scanCmd.AddCommand(frameworkCmd)
-	scanInfo = cautils.ScanInfo{}
-	scanInfo.FrameworkScan = true
-}
-
-// func SetScanForFirstFramework(frameworks []string) []reporthandling.PolicyIdentifier {
-// 	newPolicy := reporthandling.PolicyIdentifier{}
-// 	newPolicy.Kind = reporthandling.KindFramework
-// 	newPolicy.Name = frameworks[0]
-// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	return scanInfo.PolicyIdentifier
-// }
-
-func flagValidationFramework() {
-	if scanInfo.Submit && scanInfo.Local {
-		logger.L().Fatal("you can use `keep-local` or `submit`, but not both")
-	}
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
-	}
-}
--- a/clihandler/cmd/list.go
+++ b/clihandler/cmd/list.go
@@ -1,67 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var (
-	listExample = `
-  # List default supported frameworks names
-  kubescape list frameworks
-  
-  # List all supported frameworks names
-  kubescape list frameworks --account <account id>
-	
-  # List all supported controls names
-  kubescape list controls
-
-  # List all supported controls ids
-  kubescape list controls --id 
-  
-  Control documentation:
-  https://hub.armo.cloud/docs/controls
-`
-)
-var listPolicies = cliobjects.ListPolicies{}
-
-var listCmd = &cobra.Command{
-	Use:     "list <policy> [flags]",
-	Short:   "List frameworks/controls will list the supported frameworks and controls",
-	Long:    ``,
-	Example: listExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		supported := strings.Join(clihandler.ListSupportCommands(), ",")
-
-		if len(args) < 1 {
-			return fmt.Errorf("policy type requeued, supported: %s", supported)
-		}
-		if cautils.StringInSlice(clihandler.ListSupportCommands(), args[0]) == cautils.ValueNotFound {
-			return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		listPolicies.Target = args[0]
-
-		if err := clihandler.CliList(&listPolicies); err != nil {
-			fmt.Fprintf(os.Stderr, "error: %v\n", err)
-			os.Exit(1)
-		}
-		return nil
-	},
-}
-
-func init() {
-	// cobra.OnInitialize(initConfig)
-
-	rootCmd.AddCommand(listCmd)
-	listCmd.PersistentFlags().StringVarP(&listPolicies.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")
-}
--- a/clihandler/cmd/local.go
+++ b/clihandler/cmd/local.go
@@ -1,18 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-var localCmd = &cobra.Command{
-	Use:        "local",
-	Short:      "Set configuration locally (for config.json)",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-func init() {
-	configCmd.AddCommand(localCmd)
-}
--- a/clihandler/cmd/local_get.go
+++ b/clihandler/cmd/local_get.go
@@ -1,45 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var localGetCmd = &cobra.Command{
-	Use:        "get <key>",
-	Short:      "Get configuration locally",
-	Long:       ``,
-	Deprecated: "use the 'view' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-
-		val, err := cautils.GetValueFromConfigJson(key)
-		if err != nil {
-			if err.Error() == "value does not exist." {
-				return fmt.Errorf("failed to get value from: %s, reason: %s", cautils.ConfigFileFullPath(), err.Error())
-			}
-			return err
-		}
-		fmt.Println(key + "=" + val)
-		return nil
-	},
-}
-
-func init() {
-	localCmd.AddCommand(localGetCmd)
-}
--- a/clihandler/cmd/local_set.go
+++ b/clihandler/cmd/local_set.go
@@ -1,41 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var localSetCmd = &cobra.Command{
-	Use:        "set <key>=<value>",
-	Short:      "Set configuration locally",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 2 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-		data := keyValue[1]
-
-		if err := cautils.SetKeyValueInConfigJson(key, data); err != nil {
-			return err
-		}
-		fmt.Println("Value added successfully.")
-		return nil
-	},
-}
-
-func init() {
-	localCmd.AddCommand(localSetCmd)
-}
--- a/clihandler/cmd/rbac.go
+++ b/clihandler/cmd/rbac.go
@@ -1,62 +0,0 @@
-package cmd
-
-import (
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	"github.com/armosec/rbac-utils/rbacscanner"
-	"github.com/spf13/cobra"
-)
-
-// rabcCmd represents the RBAC command
-var rabcCmd = &cobra.Command{
-	Use:   "rbac \nExample:\n$ kubescape submit rbac",
-	Short: "Submit cluster's Role-Based Access Control(RBAC)",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		k8s := k8sinterface.NewKubernetesApi()
-
-		// get config
-		clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
-
-		// list RBAC
-		rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetClusterName()))
-
-		// submit resources
-		r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
-
-		submitInterfaces := cliinterfaces.SubmitInterfaces{
-			ClusterConfig: clusterConfig,
-			SubmitObjects: rbacObjects,
-			Reporter:      r,
-		}
-
-		if err := clihandler.Submit(submitInterfaces); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	submitCmd.AddCommand(rabcCmd)
-}
-
-// getKubernetesApi
-func getKubernetesApi() *k8sinterface.KubernetesApi {
-	if !k8sinterface.IsConnectedToCluster() {
-		return nil
-	}
-	return k8sinterface.NewKubernetesApi()
-}
-func getTenantConfig(Account, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
-	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
-		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), Account, clusterName)
-	}
-	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), Account, clusterName)
-}
--- a/clihandler/cmd/results.go
+++ b/clihandler/cmd/results.go
@@ -1,103 +0,0 @@
-package cmd
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	"github.com/armosec/opa-utils/reporthandling"
-	uuid "github.com/satori/go.uuid"
-	"github.com/spf13/cobra"
-)
-
-type ResultsObject struct {
-	filePath     string
-	customerGUID string
-	clusterName  string
-}
-
-func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
-	return &ResultsObject{
-		filePath:     filePath,
-		customerGUID: customerGUID,
-		clusterName:  clusterName,
-	}
-}
-
-func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandling.PostureReport, error) {
-	// load framework results from json file
-	frameworkReports, err := loadResultsFromFile(resultsObject.filePath)
-	if err != nil {
-		return nil, err
-	}
-
-	return &reporthandling.PostureReport{
-		FrameworkReports:     frameworkReports,
-		ReportID:             uuid.NewV4().String(),
-		ReportGenerationTime: time.Now().UTC(),
-		CustomerGUID:         resultsObject.customerGUID,
-		ClusterName:          resultsObject.clusterName,
-	}, nil
-}
-
-func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
-	return map[string]workloadinterface.IMetadata{}, nil
-}
-
-var resultsCmd = &cobra.Command{
-	Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json",
-	Short: "Submit a pre scanned results file. The file must be in json format",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if len(args) == 0 {
-			return fmt.Errorf("missing results file")
-		}
-
-		k8s := getKubernetesApi()
-
-		// get config
-		clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
-
-		resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetClusterName(), args[0])
-
-		// submit resources
-		r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
-
-		submitInterfaces := cliinterfaces.SubmitInterfaces{
-			ClusterConfig: clusterConfig,
-			SubmitObjects: resultsObjects,
-			Reporter:      r,
-		}
-
-		if err := clihandler.Submit(submitInterfaces); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	submitCmd.AddCommand(resultsCmd)
-}
-
-func loadResultsFromFile(filePath string) ([]reporthandling.FrameworkReport, error) {
-	frameworkReports := []reporthandling.FrameworkReport{}
-	f, err := os.ReadFile(filePath)
-	if err != nil {
-		return nil, err
-	}
-	if err = json.Unmarshal(f, &frameworkReports); err != nil {
-		frameworkReport := reporthandling.FrameworkReport{}
-		if err = json.Unmarshal(f, &frameworkReport); err != nil {
-			return frameworkReports, err
-		}
-		frameworkReports = append(frameworkReports, frameworkReport)
-	}
-	return frameworkReports, nil
-}
--- a/clihandler/cmd/root.go
+++ b/clihandler/cmd/root.go
@@ -1,84 +0,0 @@
-package cmd
-
-import (
-	"flag"
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/spf13/cobra"
-)
-
-var armoBEURLs = ""
-
-const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
-
-var ksExamples = `
-  # Scan command
-  kubescape scan --submit
-
-  # List supported frameworks
-  kubescape list frameworks
-
-  # Download artifacts (air-gapped environment support)
-  kubescape download artifacts
-
-  # View cached configurations
-  kubescape config view
-`
-
-var rootCmd = &cobra.Command{
-	Use:     "kubescape",
-	Short:   "Kubescape is a tool for testing Kubernetes security posture",
-	Long:    `Kubescape is a tool for testing Kubernetes security posture based on NSA \ MITRE ATT&CK® and other frameworks specifications`,
-	Example: ksExamples,
-}
-
-func Execute() {
-	rootCmd.Execute()
-}
-func init() {
-	cobra.OnInitialize(initLogger, initEnvironment)
-
-	flag.CommandLine.StringVar(&armoBEURLs, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().StringVar(&armoBEURLs, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().MarkHidden("environment")
-	rootCmd.PersistentFlags().StringVar(&scanInfo.Logger, "logger", "info", fmt.Sprintf("Logger level. Supported: %s", strings.Join(helpers.SupportedLevels(), "/")))
-	flag.Parse()
-}
-
-func initLogger() {
-	if err := logger.L().SetLevel(scanInfo.Logger); err != nil {
-		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
-	}
-}
-func initEnvironment() {
-	urlSlices := strings.Split(armoBEURLs, ",")
-	if len(urlSlices) != 1 && len(urlSlices) < 3 {
-		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
-	}
-	switch len(urlSlices) {
-	case 1:
-		switch urlSlices[0] {
-		case "dev":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
-		case "":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
-		default:
-			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-		}
-	case 2:
-		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-	case 3, 4:
-		var armoAUTHURL string
-		armoERURL := urlSlices[0] // mandatory
-		armoBEURL := urlSlices[1] // mandatory
-		armoFEURL := urlSlices[2] // mandatory
-		if len(urlSlices) <= 4 {
-			armoAUTHURL = urlSlices[3]
-		}
-		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
-	}
-}
--- a/clihandler/cmd/scan.go
+++ b/clihandler/cmd/scan.go
@@ -1,65 +0,0 @@
-package cmd
-
-import (
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var scanInfo cautils.ScanInfo
-
-// scanCmd represents the scan command
-var scanCmd = &cobra.Command{
-	Use:   "scan [command]",
-	Short: "Scan the current running cluster or yaml files",
-	Long:  `The action you want to perform`,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			if args[0] != "framework" && args[0] != "control" {
-				scanInfo.ScanAll = true
-				return frameworkCmd.RunE(cmd, append([]string{"all"}, args...))
-			}
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if len(args) == 0 {
-			scanInfo.ScanAll = true
-			return frameworkCmd.RunE(cmd, []string{"all"})
-		}
-		return nil
-	},
-}
-
-func frameworkInitConfig() {
-	k8sinterface.SetClusterContextName(scanInfo.KubeContext)
-}
-
-func init() {
-
-	cobra.OnInitialize(frameworkInitConfig)
-
-	rootCmd.AddCommand(scanCmd)
-
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")
-	scanCmd.PersistentFlags().Uint16VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer"/"json"/"junit"/"prometheus"`)
-	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to Armo backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.VerboseMode, "verbose", false, "Display all of the input resources and not only failed resources")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
-	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
-
-	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensor, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valueable data from cluster nodes for certain controls")
-	hostF.NoOptDefVal = "true"
-	hostF.DefValue = "false, for no TTY in stdin"
-
-}
--- a/clihandler/cmd/submit.go
+++ b/clihandler/cmd/submit.go
@@ -1,46 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var submitInfo cliobjects.Submit
-
-var submitCmdExamples = `
-
-`
-var submitCmd = &cobra.Command{
-	Use:   "submit <command>",
-	Short: "Submit an object to the Kubescape SaaS version",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var submitExceptionsCmd = &cobra.Command{
-	Use:   "exceptions <full path to exceptins file>",
-	Short: "Submit exceptions to the Kubescape SaaS version",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) != 1 {
-			return fmt.Errorf("missing full path to exceptions file")
-		}
-		return nil
-	},
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.SubmitExceptions(submitInfo.Account, args[0]); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-func init() {
-	submitCmd.PersistentFlags().StringVarP(&submitInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	rootCmd.AddCommand(submitCmd)
-
-	submitCmd.AddCommand(submitExceptionsCmd)
-}
--- a/clihandler/cmd/version.go
+++ b/clihandler/cmd/version.go
@@ -1,25 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var versionCmd = &cobra.Command{
-	Use:   "version",
-	Short: "Get current version",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		v := cautils.NewIVersionCheckHandler()
-		v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
-		fmt.Fprintln(os.Stdout, "Your current version is: "+cautils.BuildNumber)
-		return nil
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(versionCmd)
-}
--- a/clihandler/initcli.go
+++ b/clihandler/initcli.go
@@ -1,206 +0,0 @@
-package clihandler
-
-import (
-	"fmt"
-	"io/fs"
-	"os"
-
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/resultshandling/printer"
-	printerv1 "github.com/armosec/kubescape/resultshandling/printer/v1"
-
-	// printerv2 "github.com/armosec/kubescape/resultshandling/printer/v2"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/hostsensorutils"
-	"github.com/armosec/kubescape/opaprocessor"
-	"github.com/armosec/kubescape/policyhandler"
-	"github.com/armosec/kubescape/resourcehandler"
-	"github.com/armosec/kubescape/resultshandling"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/mattn/go-isatty"
-)
-
-type componentInterfaces struct {
-	tenantConfig      cautils.ITenantConfig
-	resourceHandler   resourcehandler.IResourceHandler
-	report            reporter.IReport
-	printerHandler    printer.IPrinter
-	hostSensorHandler hostsensorutils.IHostSensor
-}
-
-func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
-
-	// ================== setup k8s interface object ======================================
-	var k8s *k8sinterface.KubernetesApi
-	if scanInfo.GetScanningEnvironment() == cautils.ScanCluster {
-		k8s = getKubernetesApi()
-		if k8s == nil {
-			logger.L().Fatal("failed connecting to Kubernetes cluster")
-		}
-	}
-
-	// ================== setup tenant object ======================================
-
-	tenantConfig := getTenantConfig(scanInfo.Account, scanInfo.KubeContext, k8s)
-
-	// Set submit behavior AFTER loading tenant config
-	setSubmitBehavior(scanInfo, tenantConfig)
-
-	// ================== version testing ======================================
-
-	v := cautils.NewIVersionCheckHandler()
-	v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierNames(scanInfo.PolicyIdentifier), "", scanInfo.GetScanningEnvironment()))
-
-	// ================== setup host sensor object ======================================
-
-	hostSensorHandler := getHostSensorHandler(scanInfo, k8s)
-	if err := hostSensorHandler.Init(); err != nil {
-		logger.L().Error("failed to init host sensor", helpers.Error(err))
-		hostSensorHandler = &hostsensorutils.HostSensorHandlerMock{}
-	}
-	// excluding hostsensor namespace
-	if len(scanInfo.IncludeNamespaces) == 0 && hostSensorHandler.GetNamespace() != "" {
-		scanInfo.ExcludedNamespaces = fmt.Sprintf("%s,%s", scanInfo.ExcludedNamespaces, hostSensorHandler.GetNamespace())
-	}
-
-	// ================== setup registry adaptors ======================================
-
-	registryAdaptors, err := resourcehandler.NewRegistryAdaptors()
-	if err != nil {
-		logger.L().Error("failed to initialize registry adaptors", helpers.Error(err))
-	}
-
-	// ================== setup resource collector object ======================================
-
-	resourceHandler := getResourceHandler(scanInfo, tenantConfig, k8s, hostSensorHandler, registryAdaptors)
-
-	// ================== setup reporter & printer objects ======================================
-
-	// reporting behavior - setup reporter
-	reportHandler := getReporter(tenantConfig, scanInfo.Submit)
-
-	// setup printer
-	printerHandler := printerv1.GetPrinter(scanInfo.Format, scanInfo.VerboseMode)
-	// printerHandler = printerv2.GetPrinter(scanInfo.Format, scanInfo.VerboseMode)
-	printerHandler.SetWriter(scanInfo.Output)
-
-	// ================== return interface ======================================
-
-	return componentInterfaces{
-		tenantConfig:      tenantConfig,
-		resourceHandler:   resourceHandler,
-		report:            reportHandler,
-		printerHandler:    printerHandler,
-		hostSensorHandler: hostSensorHandler,
-	}
-}
-
-func ScanCliSetup(scanInfo *cautils.ScanInfo) error {
-	logger.L().Info("ARMO security scanner starting")
-
-	interfaces := getInterfaces(scanInfo)
-	// setPolicyGetter(scanInfo, interfaces.clusterConfig.GetCustomerGUID())
-
-	processNotification := make(chan *cautils.OPASessionObj)
-	reportResults := make(chan *cautils.OPASessionObj)
-
-	cautils.ClusterName = interfaces.tenantConfig.GetClusterName() // TODO - Deprecated
-	cautils.CustomerGUID = interfaces.tenantConfig.GetAccountID()  // TODO - Deprecated
-	interfaces.report.SetClusterName(interfaces.tenantConfig.GetClusterName())
-	interfaces.report.SetCustomerGUID(interfaces.tenantConfig.GetAccountID())
-
-	downloadReleasedPolicy := getter.NewDownloadReleasedPolicy() // download config inputs from github release
-
-	// set policy getter only after setting the customerGUID
-	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetAccountID(), scanInfo.FrameworkScan, downloadReleasedPolicy)
-	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
-	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(scanInfo.UseExceptions)
-
-	// TODO - list supported frameworks/controls
-	if scanInfo.ScanAll {
-		scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), reporthandling.KindFramework)
-	}
-
-	//
-	defer func() {
-		if err := interfaces.hostSensorHandler.TearDown(); err != nil {
-			logger.L().Error("failed to tear down host sensor", helpers.Error(err))
-		}
-	}()
-
-	// cli handler setup
-	go func() {
-		// policy handler setup
-		policyHandler := policyhandler.NewPolicyHandler(&processNotification, interfaces.resourceHandler)
-
-		if err := Scan(policyHandler, scanInfo); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	}()
-
-	// processor setup - rego run
-	go func() {
-		opaprocessorObj := opaprocessor.NewOPAProcessorHandler(&processNotification, &reportResults)
-		opaprocessorObj.ProcessRulesListenner()
-	}()
-
-	resultsHandling := resultshandling.NewResultsHandler(&reportResults, interfaces.report, interfaces.printerHandler)
-	score := resultsHandling.HandleResults(scanInfo)
-
-	// print report url
-	interfaces.report.DisplayReportURL()
-
-	if score > float32(scanInfo.FailThreshold) {
-		return fmt.Errorf("scan risk-score %.2f is above permitted threshold %d", score, scanInfo.FailThreshold)
-	}
-
-	return nil
-}
-
-func Scan(policyHandler *policyhandler.PolicyHandler, scanInfo *cautils.ScanInfo) error {
-	policyNotification := &reporthandling.PolicyNotification{
-		Rules: scanInfo.PolicyIdentifier,
-		KubescapeNotification: reporthandling.KubescapeNotification{
-			Designators:      armotypes.PortalDesignator{},
-			NotificationType: reporthandling.TypeExecPostureScan,
-		},
-	}
-	switch policyNotification.KubescapeNotification.NotificationType {
-	case reporthandling.TypeExecPostureScan:
-		if err := policyHandler.HandleNotificationRequest(policyNotification, scanInfo); err != nil {
-			return err
-		}
-
-	default:
-		return fmt.Errorf("notification type '%s' Unknown", policyNotification.KubescapeNotification.NotificationType)
-	}
-	return nil
-}
-
-func askUserForHostSensor() bool {
-	return false
-
-	if !isatty.IsTerminal(os.Stdin.Fd()) {
-		return false
-	}
-	if ssss, err := os.Stdin.Stat(); err == nil {
-		// fmt.Printf("Found stdin type: %s\n", ssss.Mode().Type())
-		if ssss.Mode().Type()&(fs.ModeDevice|fs.ModeCharDevice) > 0 { //has TTY
-			fmt.Fprintf(os.Stderr, "Would you like to scan K8s nodes? [y/N]. This is required to collect valuable data for certain controls\n")
-			fmt.Fprintf(os.Stderr, "Use --enable-host-scan flag to suppress this message\n")
-			var b []byte = make([]byte, 1)
-			if n, err := os.Stdin.Read(b); err == nil {
-				if n > 0 && len(b) > 0 && (b[0] == 'y' || b[0] == 'Y') {
-					return true
-				}
-			}
-		}
-	}
-	return false
-}
--- a/cmd/completion/completion.go
+++ b/cmd/completion/completion.go
@@ -0,0 +1,49 @@
+package completion
+
+import (
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+var completionCmdExamples = `
+
+  # Enable BASH shell autocompletion 
+  $ source <(kubescape completion bash) 
+  $ echo 'source <(kubescape completion bash)' >> ~/.bashrc
+
+  # Enable ZSH shell autocompletion 
+  $ source <(kubectl completion zsh)
+  $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl"
+
+`
+
+func GetCompletionCmd() *cobra.Command {
+	completionCmd := &cobra.Command{
+		Use:                   "completion [bash|zsh|fish|powershell]",
+		Short:                 "Generate autocompletion script",
+		Long:                  "To load completions",
+		Example:               completionCmdExamples,
+		DisableFlagsInUseLine: true,
+		ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
+		Args:                  cobra.ExactValidArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			switch strings.ToLower(args[0]) {
+			case "bash":
+				cmd.Root().GenBashCompletion(os.Stdout)
+			case "zsh":
+				cmd.Root().GenZshCompletion(os.Stdout)
+			case "fish":
+				cmd.Root().GenFishCompletion(os.Stdout, true)
+			case "powershell":
+				cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
+			}
+		},
+	}
+	return completionCmd
+}
+
+// func init() {
+// 	rootCmd.AddCommand(completionCmd)
+// }
--- a/cmd/config/config.go
+++ b/cmd/config/config.go
@@ -0,0 +1,45 @@
+package config
+
+import (
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/spf13/cobra"
+)
+
+var (
+	configExample = `
+  # View cached configurations 
+  kubescape config view
+
+  # Delete cached configurations
+  kubescape config delete
+
+  # Set cached configurations
+  kubescape config set --help
+`
+	setConfigExample = `
+  # Set account id
+  kubescape config set accountID <account id>
+
+  # Set client id
+  kubescape config set clientID <client id> 
+
+  # Set access key
+  kubescape config set secretKey <access key>
+`
+)
+
+func GetConfigCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	configCmd := &cobra.Command{
+		Use:     "config",
+		Short:   "Handle cached configurations",
+		Example: configExample,
+	}
+
+	configCmd.AddCommand(getDeleteCmd(ks))
+	configCmd.AddCommand(getSetCmd(ks))
+	configCmd.AddCommand(getViewCmd(ks))
+
+	return configCmd
+}
--- a/cmd/config/delete.go
+++ b/cmd/config/delete.go
@@ -0,0 +1,21 @@
+package config
+
+import (
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	return &cobra.Command{
+		Use:   "delete",
+		Short: "Delete cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.DeleteCachedConfig(&v1.DeleteConfig{}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/config/set.go
+++ b/cmd/config/set.go
@@ -0,0 +1,69 @@
+package config
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getSetCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	configSetCmd := &cobra.Command{
+		Use:       "set",
+		Short:     fmt.Sprintf("Set configurations, supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/")),
+		Example:   setConfigExample,
+		ValidArgs: stringKeysToSlice(supportConfigSet),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			setConfig, err := parseSetArgs(args)
+			if err != nil {
+				return err
+			}
+			if err := ks.SetCachedConfig(setConfig); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	return configSetCmd
+}
+
+var supportConfigSet = map[string]func(*metav1.SetConfig, string){
+	"accountID": func(s *metav1.SetConfig, account string) { s.Account = account },
+	"clientID":  func(s *metav1.SetConfig, clientID string) { s.ClientID = clientID },
+	"secretKey": func(s *metav1.SetConfig, secretKey string) { s.SecretKey = secretKey },
+}
+
+func stringKeysToSlice(m map[string]func(*metav1.SetConfig, string)) []string {
+	l := []string{}
+	for i := range m {
+		l = append(l, i)
+	}
+	return l
+}
+
+func parseSetArgs(args []string) (*metav1.SetConfig, error) {
+	var key string
+	var value string
+	if len(args) == 1 {
+		if keyValue := strings.Split(args[0], "="); len(keyValue) == 2 {
+			key = keyValue[0]
+			value = keyValue[1]
+		}
+	} else if len(args) == 2 {
+		key = args[0]
+		value = args[1]
+	}
+	setConfig := &metav1.SetConfig{}
+
+	if setConfigFunc, ok := supportConfigSet[key]; ok {
+		setConfigFunc(setConfig, value)
+	} else {
+		return setConfig, fmt.Errorf("key '%s' unknown . supported: %s", key, strings.Join(stringKeysToSlice(supportConfigSet), "/"))
+	}
+	return setConfig, nil
+}
--- a/cmd/config/view.go
+++ b/cmd/config/view.go
@@ -0,0 +1,25 @@
+package config
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getViewCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	return &cobra.Command{
+		Use:   "view",
+		Short: "View cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.ViewCachedConfig(&v1.ViewConfig{Writer: os.Stdout}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/delete/delete.go
+++ b/cmd/delete/delete.go
@@ -0,0 +1,34 @@
+package delete
+
+import (
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var deleteExceptionsExamples = `
+  # Delete single exception
+  kubescape delete exceptions "exception name"
+
+  # Delete multiple exceptions
+  kubescape delete exceptions "first exception;second exception;third exception"
+`
+
+func GetDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	var deleteInfo v1.Delete
+
+	var deleteCmd = &cobra.Command{
+		Use:   "delete <command>",
+		Short: "Delete configurations in Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+
+	deleteCmd.AddCommand(getExceptionsCmd(ks, &deleteInfo))
+
+	return deleteCmd
+}
--- a/cmd/delete/exceptions.go
+++ b/cmd/delete/exceptions.go
@@ -0,0 +1,34 @@
+package delete
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command {
+	return &cobra.Command{
+		Use:     "exceptions <exception name>",
+		Short:   "Delete exceptions from Kubescape SaaS version. Run 'kubescape list exceptions' for all exceptions names",
+		Example: deleteExceptionsExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing exceptions names")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			exceptionsNames := strings.Split(args[0], ";")
+			if len(exceptionsNames) == 0 {
+				logger.L().Fatal("missing exceptions names")
+			}
+			if err := ks.DeleteExceptions(&v1.DeleteExceptions{Credentials: deleteInfo.Credentials, Exceptions: exceptionsNames}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -0,0 +1,82 @@
+package download
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var (
+	downloadExample = `
+  # Download all artifacts and save them in the default path (~/.kubescape)
+  kubescape download artifacts
+  download
+  # Download all artifacts and save them in /tmp path
+  kubescape download artifacts --output /tmp
+  
+  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
+  kubescape download framework nsa
+
+  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
+  kubescape download control "Allowed hostPath"
+
+  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
+  kubescape download control C-0001
+
+  # Download the configured exceptions
+  kubescape download exceptions 
+
+  # Download the configured controls-inputs 
+  kubescape download controls-inputs 
+
+`
+)
+
+func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
+	var downloadInfo = v1.DownloadInfo{}
+
+	downloadCmd := &cobra.Command{
+		Use:     "download <policy> <policy name>",
+		Short:   fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")),
+		Long:    ``,
+		Example: downloadExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			supported := strings.Join(core.DownloadSupportCommands(), ",")
+			if len(args) < 1 {
+				return fmt.Errorf("policy type required, supported: %v", supported)
+			}
+			if cautils.StringInSlice(core.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
+				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if filepath.Ext(downloadInfo.Path) == ".json" {
+				downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
+			}
+			downloadInfo.Target = args[0]
+			if len(args) >= 2 {
+				downloadInfo.Name = args[1]
+			}
+			if err := ks.Download(&downloadInfo); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")
+
+	return downloadCmd
+}
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -0,0 +1,69 @@
+package list
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var (
+	listExample = `
+  # List default supported frameworks names
+  kubescape list frameworks
+  
+  # List all supported frameworks names
+  kubescape list frameworks --account <account id>
+	
+  # List all supported controls names
+  kubescape list controls
+
+  # List all supported controls ids
+  kubescape list controls --id 
+  
+  Control documentation:
+  https://hub.armo.cloud/docs/controls
+`
+)
+
+func GetListCmd(ks meta.IKubescape) *cobra.Command {
+	var listPolicies = v1.ListPolicies{}
+
+	listCmd := &cobra.Command{
+		Use:     "list <policy> [flags]",
+		Short:   "List frameworks/controls will list the supported frameworks and controls",
+		Long:    ``,
+		Example: listExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			supported := strings.Join(core.ListSupportActions(), ",")
+
+			if len(args) < 1 {
+				return fmt.Errorf("policy type requeued, supported: %s", supported)
+			}
+			if cautils.StringInSlice(core.ListSupportActions(), args[0]) == cautils.ValueNotFound {
+				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			listPolicies.Target = args[0]
+
+			if err := ks.List(&listPolicies); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-printer'/'json'")
+	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")
+
+	return listCmd
+}
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -0,0 +1,86 @@
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/cmd/completion"
+	"github.com/armosec/kubescape/v2/cmd/config"
+	"github.com/armosec/kubescape/v2/cmd/delete"
+	"github.com/armosec/kubescape/v2/cmd/download"
+	"github.com/armosec/kubescape/v2/cmd/list"
+	"github.com/armosec/kubescape/v2/cmd/scan"
+	"github.com/armosec/kubescape/v2/cmd/submit"
+	"github.com/armosec/kubescape/v2/cmd/version"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+
+	"github.com/spf13/cobra"
+)
+
+var rootInfo cautils.RootInfo
+
+var ksExamples = `
+  # Scan command
+  kubescape scan --submit
+
+  # List supported frameworks
+  kubescape list frameworks
+
+  # Download artifacts (air-gapped environment support)
+  kubescape download artifacts
+
+  # View cached configurations
+  kubescape config view
+`
+
+func NewDefaultKubescapeCommand() *cobra.Command {
+	ks := core.NewKubescape()
+	return getRootCmd(ks)
+}
+
+func getRootCmd(ks meta.IKubescape) *cobra.Command {
+
+	rootCmd := &cobra.Command{
+		Use:     "kubescape",
+		Version: cautils.BuildNumber,
+		Short:   "Kubescape is a tool for testing Kubernetes security posture. Docs: https://hub.armo.cloud/docs",
+		Example: ksExamples,
+	}
+
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLsDep, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLs, "env", "", envFlagUsage)
+	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
+	rootCmd.PersistentFlags().MarkHidden("environment")
+	rootCmd.PersistentFlags().MarkHidden("env")
+
+	rootCmd.PersistentFlags().StringVar(&rootInfo.LoggerName, "logger-name", "", fmt.Sprintf("Logger name. Supported: %s [$KS_LOGGER_NAME]", strings.Join(logger.ListLoggersNames(), "/")))
+	rootCmd.PersistentFlags().MarkHidden("logger-name")
+
+	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
+	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
+
+	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
+
+	// Supported commands
+	rootCmd.AddCommand(scan.GetScanCommand(ks))
+	rootCmd.AddCommand(download.GeDownloadCmd(ks))
+	rootCmd.AddCommand(delete.GetDeleteCmd(ks))
+	rootCmd.AddCommand(list.GetListCmd(ks))
+	rootCmd.AddCommand(submit.GetSubmitCmd(ks))
+	rootCmd.AddCommand(completion.GetCompletionCmd())
+	rootCmd.AddCommand(version.GetVersionCmd())
+	rootCmd.AddCommand(config.GetConfigCmd(ks))
+
+	return rootCmd
+}
+
+func Execute() error {
+	ks := NewDefaultKubescapeCommand()
+	return ks.Execute()
+}
--- a/cmd/rootutils.go
+++ b/cmd/rootutils.go
@@ -0,0 +1,89 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+
+	"github.com/mattn/go-isatty"
+)
+
+const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
+
+func initLogger() {
+	logger.DisableColor(rootInfo.DisableColor)
+
+	if rootInfo.LoggerName == "" {
+		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+			rootInfo.LoggerName = l
+		} else {
+			if isatty.IsTerminal(os.Stdout.Fd()) {
+				rootInfo.LoggerName = "pretty"
+			} else {
+				rootInfo.LoggerName = "zap"
+			}
+		}
+	}
+
+	logger.InitLogger(rootInfo.LoggerName)
+
+}
+func initLoggerLevel() {
+	if rootInfo.Logger == helpers.InfoLevel.String() {
+	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+		rootInfo.Logger = l
+	}
+
+	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
+	}
+}
+
+func initCacheDir() {
+	if rootInfo.CacheDir != getter.DefaultLocalStore {
+		getter.DefaultLocalStore = rootInfo.CacheDir
+	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+		getter.DefaultLocalStore = cacheDir
+	} else {
+		return // using default cache dir location
+	}
+
+	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+}
+func initEnvironment() {
+	if rootInfo.ArmoBEURLs == "" {
+		rootInfo.ArmoBEURLs = rootInfo.ArmoBEURLsDep
+	}
+	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
+	}
+	switch len(urlSlices) {
+	case 1:
+		switch urlSlices[0] {
+		case "dev", "development":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+		case "stage", "staging":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+		case "":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+		default:
+			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+		}
+	case 2:
+		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+	case 3, 4:
+		var armoAUTHURL string
+		armoERURL := urlSlices[0] // mandatory
+		armoBEURL := urlSlices[1] // mandatory
+		armoFEURL := urlSlices[2] // mandatory
+		if len(urlSlices) >= 4 {
+			armoAUTHURL = urlSlices[3]
+		}
+		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+	}
+}
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -0,0 +1,106 @@
+package scan
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/enescakir/emoji"
+	"github.com/spf13/cobra"
+)
+
+var (
+	controlExample = `
+  # Scan the 'privileged container' control
+  kubescape scan control "privileged container"
+	
+  # Scan list of controls separated with a comma
+  kubescape scan control "privileged container","allowed hostpath"
+  
+  # Scan list of controls using the control ID separated with a comma
+  kubescape scan control C-0058,C-0057
+  
+  Run 'kubescape list controls' for the list of supported controls
+  
+  Control documentation:
+  https://hub.armo.cloud/docs/controls
+`
+)
+
+// controlCmd represents the control command
+func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
+	return &cobra.Command{
+		Use:     "control <control names list>/<control ids list>",
+		Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
+		Example: controlExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				controls := strings.Split(args[0], ",")
+				if len(controls) > 1 {
+					for _, control := range controls {
+						if control == "" {
+							return fmt.Errorf("usage: <control-0>,<control-1>")
+						}
+					}
+				}
+			} else {
+				return fmt.Errorf("requires at least one control name")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			// flagValidationControl(scanInfo)
+			scanInfo.PolicyIdentifier = []cautils.PolicyIdentifier{}
+
+			if len(args) == 0 {
+				scanInfo.ScanAll = true
+			} else { // expected control or list of control sepparated by ","
+
+				// Read controls from input args
+				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), apisv1.KindControl)
+
+				if len(args) > 1 {
+					if len(args[1:]) == 0 || args[1] != "-" {
+						scanInfo.InputPatterns = []string{args[1]}
+					} else { // store stdin to file - do NOT move to separate function !!
+						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
+						if err != nil {
+							return err
+						}
+						defer os.Remove(tempFile.Name())
+
+						if _, err := io.Copy(tempFile, os.Stdin); err != nil {
+							return err
+						}
+						scanInfo.InputPatterns = []string{tempFile.Name()}
+					}
+				}
+			}
+
+			scanInfo.FrameworkScan = false
+
+			results, err := ks.Scan(scanInfo)
+			if err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if err := results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+			}
+			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
+			}
+			return nil
+		},
+	}
+}
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -0,0 +1,128 @@
+package scan
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/enescakir/emoji"
+	"github.com/spf13/cobra"
+)
+
+var (
+	frameworkExample = `
+  # Scan all frameworks and submit the results
+  kubescape scan framework all --submit
+  
+  # Scan the NSA framework
+  kubescape scan framework nsa
+  
+  # Scan the NSA and MITRE framework
+  kubescape scan framework nsa,mitre
+  
+  # Scan all frameworks
+  kubescape scan framework all
+
+  # Scan kubernetes YAML manifest files (single file or glob)
+  kubescape scan framework nsa *.yaml
+
+  Run 'kubescape list frameworks' for the list of supported frameworks
+`
+)
+
+func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
+
+	return &cobra.Command{
+		Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
+		Short:   "The framework you wish to use. Run 'kubescape list frameworks' for the list of supported frameworks",
+		Example: frameworkExample,
+		Long:    "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				frameworks := strings.Split(args[0], ",")
+				if len(frameworks) > 1 {
+					for _, framework := range frameworks {
+						if framework == "" {
+							return fmt.Errorf("usage: <framework-0>,<framework-1>")
+						}
+					}
+				}
+			} else {
+				return fmt.Errorf("requires at least one framework name")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if err := flagValidationFramework(scanInfo); err != nil {
+				return err
+			}
+			scanInfo.FrameworkScan = true
+
+			var frameworks []string
+
+			if len(args) == 0 { // scan all frameworks
+				scanInfo.ScanAll = true
+			} else {
+				// Read frameworks from input args
+				frameworks = strings.Split(args[0], ",")
+				if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
+					scanInfo.ScanAll = true
+					frameworks = []string{}
+				}
+				if len(args) > 1 {
+					if len(args[1:]) == 0 || args[1] != "-" {
+						scanInfo.InputPatterns = []string{args[1]}
+					} else { // store stdin to file - do NOT move to separate function !!
+						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
+						if err != nil {
+							return err
+						}
+						defer os.Remove(tempFile.Name())
+
+						if _, err := io.Copy(tempFile, os.Stdin); err != nil {
+							return err
+						}
+						scanInfo.InputPatterns = []string{tempFile.Name()}
+					}
+				}
+			}
+			scanInfo.FrameworkScan = true
+
+			scanInfo.SetPolicyIdentifiers(frameworks, apisv1.KindFramework)
+
+			results, err := ks.Scan(scanInfo)
+			if err != nil {
+				logger.L().Fatal(err.Error())
+			}
+
+			if err = results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+			}
+			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
+			}
+			return nil
+		},
+	}
+}
+
+func flagValidationFramework(scanInfo *cautils.ScanInfo) error {
+	if scanInfo.Submit && scanInfo.Local {
+		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
+	}
+	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
+		return fmt.Errorf("bad argument: out of range threshold")
+	}
+	return nil
+}
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -0,0 +1,104 @@
+package scan
+
+import (
+	"fmt"
+
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/spf13/cobra"
+)
+
+var scanCmdExamples = `
+  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defind frameworks 
+  
+  # Scan current cluster with all frameworks
+  kubescape scan --submit --enable-host-scan --verbose
+
+  # Scan kubernetes YAML manifest files
+  kubescape scan *.yaml
+
+  # Scan and save the results in the JSON format
+  kubescape scan --format json --output results.json
+
+  # Display all resources
+  kubescape scan --verbose
+
+  # Scan different clusters from the kubectl context 
+  kubescape scan --kube-context <kubernetes context>
+  
+`
+
+func GetScanCommand(ks meta.IKubescape) *cobra.Command {
+	var scanInfo cautils.ScanInfo
+
+	// scanCmd represents the scan command
+	scanCmd := &cobra.Command{
+		Use:     "scan",
+		Short:   "Scan the current running cluster or yaml files",
+		Long:    `The action you want to perform`,
+		Example: scanCmdExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				if args[0] != "framework" && args[0] != "control" {
+					scanInfo.ScanAll = true
+					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{"all"}, args...))
+				}
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if len(args) == 0 {
+				scanInfo.ScanAll = true
+				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{"all"})
+			}
+			return nil
+		},
+		PreRun: func(cmd *cobra.Command, args []string) {
+			k8sinterface.SetClusterContextName(scanInfo.KubeContext)
+		},
+		PostRun: func(cmd *cobra.Command, args []string) {
+			// TODO - revert context
+		},
+	}
+
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")
+	scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html"`)
+	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to ARMO backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display all of the input resources and not only failed resources")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.View, "view", string(cautils.ResourceViewType), fmt.Sprintf("View results based on the %s/%s. default is --view=%s", cautils.ResourceViewType, cautils.ControlViewType, cautils.ResourceViewType))
+	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
+	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to ARMO management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host scanner DaemonSet. Use this flag cautiously")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+
+	// Deprecated flags - remove 1.May.2022
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
+	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")
+
+	// hidden flags
+	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes
+	scanCmd.PersistentFlags().MarkHidden("silent")         // this flag should be deprecated since we added the --logger support
+	// scanCmd.PersistentFlags().MarkHidden("format-version") // meant for testing different output approaches and not for common use
+
+	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/armosec/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
+	hostF.NoOptDefVal = "true"
+	hostF.DefValue = "false, for no TTY in stdin"
+
+	scanCmd.AddCommand(getControlCmd(ks, &scanInfo))
+	scanCmd.AddCommand(getFrameworkCmd(ks, &scanInfo))
+
+	return scanCmd
+}
--- a/cmd/submit/exceptions.go
+++ b/cmd/submit/exceptions.go
@@ -0,0 +1,29 @@
+package submit
+
+import (
+	"fmt"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:   "exceptions <full path to exceptins file>",
+		Short: "Submit exceptions to the Kubescape SaaS version",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing full path to exceptions file")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.SubmitExceptions(&submitInfo.Credentials, args[0]); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/submit/rbac.go
+++ b/cmd/submit/rbac.go
@@ -0,0 +1,68 @@
+package submit
+
+import (
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+
+	reporterv1 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v1"
+
+	"github.com/armosec/rbac-utils/rbacscanner"
+	"github.com/spf13/cobra"
+)
+
+// getRBACCmd represents the RBAC command
+func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:   "rbac \nExample:\n$ kubescape submit rbac",
+		Short: "Submit cluster's Role-Based Access Control(RBAC)",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			k8s := k8sinterface.NewKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			// list RBAC
+			rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetContextName()))
+
+			// submit resources
+			r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: rbacObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+
+}
+
+// getKubernetesApi
+func getKubernetesApi() *k8sinterface.KubernetesApi {
+	if !k8sinterface.IsConnectedToCluster() {
+		return nil
+	}
+	return k8sinterface.NewKubernetesApi()
+}
+func getTenantConfig(credentials *cautils.Credentials, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
+		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), credentials, clusterName)
+	}
+	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), credentials, clusterName)
+}
--- a/cmd/submit/results.go
+++ b/cmd/submit/results.go
@@ -0,0 +1,119 @@
+package submit
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
+	reporterv1 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v1"
+	reporterv2 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v2"
+
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/google/uuid"
+	"github.com/spf13/cobra"
+)
+
+var formatVersion string
+
+type ResultsObject struct {
+	filePath     string
+	customerGUID string
+	clusterName  string
+}
+
+func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
+	return &ResultsObject{
+		filePath:     filePath,
+		customerGUID: customerGUID,
+		clusterName:  clusterName,
+	}
+}
+
+func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandling.PostureReport, error) {
+	// load framework results from json file
+	frameworkReports, err := loadResultsFromFile(resultsObject.filePath)
+	if err != nil {
+		return nil, err
+	}
+	return &reporthandling.PostureReport{
+		FrameworkReports:     frameworkReports,
+		ReportID:             uuid.NewString(),
+		ReportGenerationTime: time.Now().UTC(),
+		CustomerGUID:         resultsObject.customerGUID,
+		ClusterName:          resultsObject.clusterName,
+	}, nil
+}
+
+func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
+	return map[string]workloadinterface.IMetadata{}, nil
+}
+
+func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	var resultsCmd = &cobra.Command{
+		Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json --format-version v2",
+		Short: "Submit a pre scanned results file. The file must be in json format",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				return fmt.Errorf("missing results file")
+			}
+
+			k8s := getKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetContextName(), args[0])
+
+			// submit resources
+			var r reporter.IReport
+			switch formatVersion {
+			case "v2":
+				r = reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj(), "")
+			default:
+				logger.L().Warning("Deprecated results version. run with '--format-version' flag", helpers.String("your version", formatVersion), helpers.String("latest version", "v2"))
+				r = reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+			}
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: resultsObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+
+	return resultsCmd
+}
+func loadResultsFromFile(filePath string) ([]reporthandling.FrameworkReport, error) {
+	frameworkReports := []reporthandling.FrameworkReport{}
+	f, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, err
+	}
+	if err = json.Unmarshal(f, &frameworkReports); err != nil {
+		frameworkReport := reporthandling.FrameworkReport{}
+		if err = json.Unmarshal(f, &frameworkReport); err != nil {
+			return frameworkReports, err
+		}
+		frameworkReports = append(frameworkReports, frameworkReport)
+	}
+	return frameworkReports, nil
+}
--- a/cmd/submit/submit.go
+++ b/cmd/submit/submit.go
@@ -0,0 +1,32 @@
+package submit
+
+import (
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var submitCmdExamples = `
+
+`
+
+func GetSubmitCmd(ks meta.IKubescape) *cobra.Command {
+	var submitInfo metav1.Submit
+
+	submitCmd := &cobra.Command{
+		Use:   "submit <command>",
+		Short: "Submit an object to the Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armo.cloud/docs/authentication")
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armo.cloud/docs/authentication")
+
+	submitCmd.AddCommand(getExceptionsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getResultsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getRBACCmd(ks, &submitInfo))
+
+	return submitCmd
+}
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@@ -0,0 +1,24 @@
+package version
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/spf13/cobra"
+)
+
+func GetVersionCmd() *cobra.Command {
+	versionCmd := &cobra.Command{
+		Use:   "version",
+		Short: "Get current version",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			v := cautils.NewIVersionCheckHandler()
+			v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
+			fmt.Fprintln(os.Stdout, "Your current version is: "+cautils.BuildNumber)
+			return nil
+		},
+	}
+	return versionCmd
+}
--- a/core/README.md
+++ b/core/README.md
@@ -0,0 +1,14 @@
+# Kubescape core package
+
+```go
+
+// initialize kubescape
+ks := core.NewKubescape()
+
+// scan cluster
+results, err := ks.Scan(&cautils.ScanInfo{})
+
+// convert scan results to json
+jsonRes, err := results.ToJson()
+
+```
--- a/core/cautils/customerloader.go
+++ b/core/cautils/customerloader.go
@@ -10,8 +10,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	corev1 "k8s.io/api/core/v1"
 )

@@ -67,8 +67,12 @@ type ITenantConfig interface {
 	DeleteCachedConfig() error

 	// getters
-	GetClusterName() string
+	GetContextName() string
 	GetAccountID() string
+	GetTenantEmail() string
+	GetToken() string
+	GetClientID() string
+	GetSecretKey() string
 	GetConfigObj() *ConfigObj
 	// GetBackendAPI() getter.IBackend
 	// GenerateURL()
@@ -85,8 +89,8 @@ type LocalConfig struct {
 	configObj  *ConfigObj
 }

-func NewLocalConfig(backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig {
-	var configObj *ConfigObj
+func NewLocalConfig(
+	backendAPI getter.IBackend, credentials *Credentials, clusterName string) *LocalConfig {

 	lc := &LocalConfig{
 		backendAPI: backendAPI,
@@ -94,37 +98,29 @@ func NewLocalConfig(backendAPI getter.IBackend, customerGUID, clusterName string
 	}
 	// get from configMap
 	if existsConfigFile() { // get from file
-		configObj, _ = loadConfigFromFile()
-	} else {
-		configObj = &ConfigObj{}
-	}
-	if configObj != nil {
-		lc.configObj = configObj
-	}
-	if customerGUID != "" {
-		lc.configObj.AccountID = customerGUID // override config customerGUID
+		loadConfigFromFile(lc.configObj)
 	}
+
+	updateCredentials(lc.configObj, credentials)
+
 	if clusterName != "" {
 		lc.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
 	}
-	getAccountFromEnv(lc.configObj)

 	lc.backendAPI.SetAccountID(lc.configObj.AccountID)
 	lc.backendAPI.SetClientID(lc.configObj.ClientID)
 	lc.backendAPI.SetSecretKey(lc.configObj.SecretKey)

-	if lc.configObj.AccountID != "" {
-		if err := lc.SetTenant(); err != nil {
-			logger.L().Error(err.Error())
-		}
-	}
-
 	return lc
 }

 func (lc *LocalConfig) GetConfigObj() *ConfigObj { return lc.configObj }
+func (lc *LocalConfig) GetTenantEmail() string   { return lc.configObj.CustomerAdminEMail }
 func (lc *LocalConfig) GetAccountID() string     { return lc.configObj.AccountID }
-func (lc *LocalConfig) GetClusterName() string   { return lc.configObj.ClusterName }
+func (lc *LocalConfig) GetClientID() string      { return lc.configObj.ClientID }
+func (lc *LocalConfig) GetSecretKey() string     { return lc.configObj.SecretKey }
+func (lc *LocalConfig) GetContextName() string   { return lc.configObj.ClusterName }
+func (lc *LocalConfig) GetToken() string         { return lc.configObj.Token }
 func (lc *LocalConfig) IsConfigFound() bool      { return existsConfigFile() }
 func (lc *LocalConfig) SetTenant() error {

@@ -141,7 +137,10 @@ func (lc *LocalConfig) UpdateCachedConfig() error {
 }

 func (lc *LocalConfig) DeleteCachedConfig() error {
-	return DeleteConfigFile()
+	if err := DeleteConfigFile(); err != nil {
+		logger.L().Warning(err.Error())
+	}
+	return nil
 }

 func getTenantConfigFromBE(backendAPI getter.IBackend, configObj *ConfigObj) error {
@@ -190,8 +189,8 @@ type ClusterConfig struct {
 	configObj          *ConfigObj
 }

-func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, customerGUID, clusterName string) *ClusterConfig {
-	var configObj *ConfigObj
+func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBackend, credentials *Credentials, clusterName string) *ClusterConfig {
+	// var configObj *ConfigObj
 	c := &ClusterConfig{
 		k8s:                k8s,
 		backendAPI:         backendAPI,
@@ -200,26 +199,23 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 		configMapNamespace: getConfigMapNamespace(),
 	}

-	// get from configMap
+	// first, load from configMap
 	if c.existsConfigMap() {
-		configObj, _ = c.loadConfigFromConfigMap()
+		c.loadConfigFromConfigMap()
 	}
-	if configObj == nil && existsConfigFile() { // get from file
-		configObj, _ = loadConfigFromFile()
-	}
-	if configObj != nil {
-		c.configObj = configObj
-	}
-	if customerGUID != "" {
-		c.configObj.AccountID = customerGUID // override config customerGUID
+
+	// second, load from file
+	if existsConfigFile() { // get from file
+		loadConfigFromFile(c.configObj)
 	}
+	updateCredentials(c.configObj, credentials)
+
 	if clusterName != "" {
 		c.configObj.ClusterName = AdoptClusterName(clusterName) // override config clusterName
 	}
-	getAccountFromEnv(c.configObj)

 	if c.configObj.ClusterName == "" {
-		c.configObj.ClusterName = AdoptClusterName(k8sinterface.GetClusterName())
+		c.configObj.ClusterName = AdoptClusterName(k8sinterface.GetContextName())
 	} else { // override the cluster name if it has unwanted characters
 		c.configObj.ClusterName = AdoptClusterName(c.configObj.ClusterName)
 	}
@@ -228,18 +224,16 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 	c.backendAPI.SetClientID(c.configObj.ClientID)
 	c.backendAPI.SetSecretKey(c.configObj.SecretKey)

-	if c.configObj.AccountID != "" {
-		if err := c.SetTenant(); err != nil {
-			logger.L().Error(err.Error())
-		}
-	}
-
 	return c
 }

 func (c *ClusterConfig) GetConfigObj() *ConfigObj { return c.configObj }
 func (c *ClusterConfig) GetDefaultNS() string     { return c.configMapNamespace }
 func (c *ClusterConfig) GetAccountID() string     { return c.configObj.AccountID }
+func (c *ClusterConfig) GetClientID() string      { return c.configObj.ClientID }
+func (c *ClusterConfig) GetSecretKey() string     { return c.configObj.SecretKey }
+func (c *ClusterConfig) GetTenantEmail() string   { return c.configObj.CustomerAdminEMail }
+func (c *ClusterConfig) GetToken() string         { return c.configObj.Token }
 func (c *ClusterConfig) IsConfigFound() bool      { return existsConfigFile() || c.existsConfigMap() }

 func (c *ClusterConfig) SetTenant() error {
@@ -269,14 +263,14 @@ func (c *ClusterConfig) UpdateCachedConfig() error {

 func (c *ClusterConfig) DeleteCachedConfig() error {
 	if err := c.deleteConfigMap(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	if err := DeleteConfigFile(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	return nil
 }
-func (c *ClusterConfig) GetClusterName() string {
+func (c *ClusterConfig) GetContextName() string {
 	return c.configObj.ClusterName
 }

@@ -287,18 +281,26 @@ func (c *ClusterConfig) ToMapString() map[string]interface{} {
 	}
 	return m
 }
-func (c *ClusterConfig) loadConfigFromConfigMap() (*ConfigObj, error) {
+func (c *ClusterConfig) loadConfigFromConfigMap() error {
 	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
 	if err != nil {
-		return nil, err
+		return err
 	}

-	if bData, err := json.Marshal(configMap.Data); err == nil {
-		return readConfig(bData)
-	}
-	return nil, nil
+	return loadConfigFromData(c.configObj, configMap.Data)
 }

+func loadConfigFromData(co *ConfigObj, data map[string]string) error {
+	var e error
+	if jsonConf, ok := data["config.json"]; ok {
+		e = readConfig([]byte(jsonConf), co)
+	}
+	if bData, err := json.Marshal(data); err == nil {
+		e = readConfig(bData, co)
+	}
+
+	return e
+}
 func (c *ClusterConfig) existsConfigMap() bool {
 	_, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
 	// TODO - check if has customerGUID
@@ -336,27 +338,6 @@ func GetValueFromConfigJson(key string) (string, error) {

 }

-func SetKeyValueInConfigJson(key string, value string) error {
-	data, err := os.ReadFile(ConfigFileFullPath())
-	if err != nil {
-		return err
-	}
-	var obj map[string]interface{}
-	err = json.Unmarshal(data, &obj)
-
-	if err != nil {
-		return err
-	}
-	obj[key] = value
-	newData, err := json.Marshal(obj)
-	if err != nil {
-		return err
-	}
-
-	return os.WriteFile(ConfigFileFullPath(), newData, 0664)
-
-}
-
 func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error {

 	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
@@ -437,28 +418,27 @@ func (c *ClusterConfig) updateConfigData(configMap *corev1.ConfigMap) {
 		}
 	}
 }
-func loadConfigFromFile() (*ConfigObj, error) {
+func loadConfigFromFile(configObj *ConfigObj) error {
 	dat, err := os.ReadFile(ConfigFileFullPath())
 	if err != nil {
-		return nil, err
+		return err
 	}
-
-	return readConfig(dat)
+	return readConfig(dat, configObj)
 }
-func readConfig(dat []byte) (*ConfigObj, error) {
+func readConfig(dat []byte, configObj *ConfigObj) error {

 	if len(dat) == 0 {
-		return nil, nil
+		return nil
 	}
-	configObj := &ConfigObj{}
+
 	if err := json.Unmarshal(dat, configObj); err != nil {
-		return nil, err
+		return err
 	}
 	if configObj.AccountID == "" {
 		configObj.AccountID = configObj.CustomerGUID
 	}
 	configObj.CustomerGUID = ""
-	return configObj, nil
+	return nil
 }

 // Check if the customer is submitted
@@ -505,15 +485,34 @@ func getConfigMapNamespace() string {
 	return "default"
 }

-func getAccountFromEnv(configObj *ConfigObj) {
+func getAccountFromEnv(credentials *Credentials) {
 	// load from env
-	if accountID := os.Getenv("KS_ACCOUNT_ID"); accountID != "" {
-		configObj.AccountID = accountID
+	if accountID := os.Getenv("KS_ACCOUNT_ID"); credentials.Account != "" && accountID != "" {
+		credentials.Account = accountID
 	}
-	if clientID := os.Getenv("KS_CLIENT_ID"); clientID != "" {
-		configObj.ClientID = clientID
+	if clientID := os.Getenv("KS_CLIENT_ID"); credentials.ClientID != "" && clientID != "" {
+		credentials.ClientID = clientID
 	}
-	if secretKey := os.Getenv("KS_SECRET_KEY"); secretKey != "" {
-		configObj.SecretKey = secretKey
+	if secretKey := os.Getenv("KS_SECRET_KEY"); credentials.SecretKey != "" && secretKey != "" {
+		credentials.SecretKey = secretKey
 	}
 }
+
+func updateCredentials(configObj *ConfigObj, credentials *Credentials) {
+
+	if credentials == nil {
+		credentials = &Credentials{}
+	}
+	getAccountFromEnv(credentials)
+
+	if credentials.Account != "" {
+		configObj.AccountID = credentials.Account // override config Account
+	}
+	if credentials.ClientID != "" {
+		configObj.ClientID = credentials.ClientID // override config ClientID
+	}
+	if credentials.SecretKey != "" {
+		configObj.SecretKey = credentials.SecretKey // override config SecretKey
+	}
+
+}
--- a/core/cautils/customerloader_test.go
+++ b/core/cautils/customerloader_test.go
@@ -0,0 +1,193 @@
+package cautils
+
+import (
+	"encoding/json"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+)
+
+func mockConfigObj() *ConfigObj {
+	return &ConfigObj{
+		AccountID:          "aaa",
+		ClientID:           "bbb",
+		SecretKey:          "ccc",
+		ClusterName:        "ddd",
+		CustomerAdminEMail: "ab@cd",
+		Token:              "eee",
+	}
+}
+func mockLocalConfig() *LocalConfig {
+	return &LocalConfig{
+		backendAPI: nil,
+		configObj:  mockConfigObj(),
+	}
+}
+
+func mockClusterConfig() *ClusterConfig {
+	return &ClusterConfig{
+		backendAPI: nil,
+		configObj:  mockConfigObj(),
+	}
+}
+func TestConfig(t *testing.T) {
+	co := mockConfigObj()
+	cop := ConfigObj{}
+
+	assert.NoError(t, json.Unmarshal(co.Config(), &cop))
+	assert.Equal(t, co.AccountID, cop.AccountID)
+	assert.Equal(t, co.ClientID, cop.ClientID)
+	assert.Equal(t, co.SecretKey, cop.SecretKey)
+	assert.Equal(t, "", cop.ClusterName)        // Not copied to bytes
+	assert.Equal(t, "", cop.CustomerAdminEMail) // Not copied to bytes
+	assert.Equal(t, "", cop.Token)              // Not copied to bytes
+
+}
+
+func TestITenantConfig(t *testing.T) {
+	var lc ITenantConfig
+	var c ITenantConfig
+	lc = mockLocalConfig()
+	c = mockClusterConfig()
+
+	co := mockConfigObj()
+
+	// test LocalConfig methods
+	assert.Equal(t, co.AccountID, lc.GetAccountID())
+	assert.Equal(t, co.ClientID, lc.GetClientID())
+	assert.Equal(t, co.SecretKey, lc.GetSecretKey())
+	assert.Equal(t, co.ClusterName, lc.GetContextName())
+	assert.Equal(t, co.CustomerAdminEMail, lc.GetTenantEmail())
+	assert.Equal(t, co.Token, lc.GetToken())
+
+	// test ClusterConfig methods
+	assert.Equal(t, co.AccountID, c.GetAccountID())
+	assert.Equal(t, co.ClientID, c.GetClientID())
+	assert.Equal(t, co.SecretKey, c.GetSecretKey())
+	assert.Equal(t, co.ClusterName, c.GetContextName())
+	assert.Equal(t, co.CustomerAdminEMail, c.GetTenantEmail())
+	assert.Equal(t, co.Token, c.GetToken())
+}
+
+func TestUpdateConfigData(t *testing.T) {
+	c := mockClusterConfig()
+
+	configMap := &corev1.ConfigMap{}
+
+	c.updateConfigData(configMap)
+
+	assert.Equal(t, c.GetAccountID(), configMap.Data["accountID"])
+	assert.Equal(t, c.GetClientID(), configMap.Data["clientID"])
+	assert.Equal(t, c.GetSecretKey(), configMap.Data["secretKey"])
+}
+
+func TestReadConfig(t *testing.T) {
+	com := mockConfigObj()
+	co := &ConfigObj{}
+
+	b, e := json.Marshal(com)
+	assert.NoError(t, e)
+
+	readConfig(b, co)
+
+	assert.Equal(t, com.AccountID, co.AccountID)
+	assert.Equal(t, com.ClientID, co.ClientID)
+	assert.Equal(t, com.SecretKey, co.SecretKey)
+	assert.Equal(t, com.ClusterName, co.ClusterName)
+	assert.Equal(t, com.CustomerAdminEMail, co.CustomerAdminEMail)
+	assert.Equal(t, com.Token, co.Token)
+}
+
+func TestLoadConfigFromData(t *testing.T) {
+
+	// use case: all data is in base config
+	{
+		c := mockClusterConfig()
+		co := mockConfigObj()
+
+		configMap := &corev1.ConfigMap{}
+
+		c.updateConfigData(configMap)
+
+		c.configObj = &ConfigObj{}
+
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, c.GetAccountID(), co.AccountID)
+		assert.Equal(t, c.GetClientID(), co.ClientID)
+		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
+		assert.Equal(t, c.GetContextName(), co.ClusterName)
+		assert.Equal(t, c.GetTenantEmail(), co.CustomerAdminEMail)
+		assert.Equal(t, c.GetToken(), co.Token)
+	}
+
+	// use case: all data is in config.json
+	{
+		c := mockClusterConfig()
+
+		co := mockConfigObj()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		c.configObj = &ConfigObj{}
+
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, c.GetAccountID(), co.AccountID)
+		assert.Equal(t, c.GetClientID(), co.ClientID)
+		assert.Equal(t, c.GetSecretKey(), co.SecretKey)
+	}
+
+	// use case: some data is in config.json
+	{
+		c := mockClusterConfig()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		// add to map
+		configMap.Data["clientID"] = c.configObj.ClientID
+		configMap.Data["secretKey"] = c.configObj.SecretKey
+
+		// delete the content
+		c.configObj.ClientID = ""
+		c.configObj.SecretKey = ""
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.NotEmpty(t, c.GetAccountID())
+		assert.NotEmpty(t, c.GetClientID())
+		assert.NotEmpty(t, c.GetSecretKey())
+	}
+
+	// use case: some data is in config.json
+	{
+		c := mockClusterConfig()
+		configMap := &corev1.ConfigMap{
+			Data: make(map[string]string),
+		}
+
+		c.configObj.AccountID = "tttt"
+
+		// add to map
+		configMap.Data["accountID"] = mockConfigObj().AccountID
+		configMap.Data["clientID"] = c.configObj.ClientID
+		configMap.Data["secretKey"] = c.configObj.SecretKey
+
+		// delete the content
+		c.configObj.ClientID = ""
+		c.configObj.SecretKey = ""
+
+		configMap.Data["config.json"] = string(c.GetConfigObj().Config())
+		loadConfigFromData(c.configObj, configMap.Data)
+
+		assert.Equal(t, mockConfigObj().AccountID, c.GetAccountID())
+		assert.NotEmpty(t, c.GetClientID())
+		assert.NotEmpty(t, c.GetSecretKey())
+	}
+
+}
--- a/core/cautils/datastructures.go
+++ b/core/cautils/datastructures.go
@@ -0,0 +1,88 @@
+package cautils
+
+import (
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/opa-utils/reporthandling"
+	apis "github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+)
+
+// K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
+type K8SResources map[string][]string
+type ArmoResources map[string][]string
+
+type OPASessionObj struct {
+	K8SResources          *K8SResources                          // input k8s objects
+	ArmoResource          *ArmoResources                         // input ARMO objects
+	Policies              []reporthandling.Framework             // list of frameworks to scan
+	AllResources          map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
+	ResourcesResult       map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
+	ResourceSource        map[string]reporthandling.Source       // resources sources, map[<rtesource ID>]<resource result>
+	PostureReport         *reporthandling.PostureReport          // scan results v1 - Remove
+	Report                *reporthandlingv2.PostureReport        // scan results v2 - Remove
+	Exceptions            []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
+	RegoInputData         RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
+	Metadata              *reporthandlingv2.Metadata
+	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
+	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
+	SessionID             string                     // SessionID
+}
+
+func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
+	return &OPASessionObj{
+		Report:                &reporthandlingv2.PostureReport{},
+		Policies:              frameworks,
+		K8SResources:          k8sResources,
+		AllResources:          make(map[string]workloadinterface.IMetadata),
+		ResourcesResult:       make(map[string]resourcesresults.Result),
+		InfoMap:               make(map[string]apis.StatusInfo),
+		ResourceToControlsMap: make(map[string][]string),
+		ResourceSource:        make(map[string]reporthandling.Source),
+		SessionID:             scanInfo.ScanID,
+		PostureReport: &reporthandling.PostureReport{
+			ClusterName:  ClusterName,
+			CustomerGUID: CustomerGUID,
+		},
+		Metadata: scanInfoToScanMetadata(scanInfo),
+	}
+}
+
+func NewOPASessionObjMock() *OPASessionObj {
+	return &OPASessionObj{
+		Policies:        nil,
+		K8SResources:    nil,
+		AllResources:    make(map[string]workloadinterface.IMetadata),
+		ResourcesResult: make(map[string]resourcesresults.Result),
+		Report:          &reporthandlingv2.PostureReport{},
+		PostureReport: &reporthandling.PostureReport{
+			ClusterName:  "",
+			CustomerGUID: "",
+			ReportID:     "",
+			JobID:        "",
+		},
+	}
+}
+
+type ComponentConfig struct {
+	Exceptions Exception `json:"exceptions"`
+}
+
+type Exception struct {
+	Ignore        *bool                      `json:"ignore"`        // ignore test results
+	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
+	Namespaces    []string                   `json:"namespaces"`
+	Regex         string                     `json:"regex"` // not supported
+}
+
+type RegoInputData struct {
+	PostureControlInputs map[string][]string `json:"postureControlInputs"`
+	// ClusterName          string              `json:"clusterName"`
+	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
+}
+
+type Policies struct {
+	Frameworks []string
+	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
+}
--- a/core/cautils/datastructuresmethods.go
+++ b/core/cautils/datastructuresmethods.go
@@ -1,9 +1,10 @@
 package cautils

 import (
-	pkgcautils "github.com/armosec/utils-go/utils"
+	"golang.org/x/mod/semver"

 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/utils-go/boolutils"
 )

 func NewPolicies() *Policies {
@@ -15,7 +16,7 @@ func NewPolicies() *Policies {

 func (policies *Policies) Set(frameworks []reporthandling.Framework, version string) {
 	for i := range frameworks {
-		if frameworks[i].Name != "" {
+		if frameworks[i].Name != "" && len(frameworks[i].Controls) > 0 {
 			policies.Frameworks = append(policies.Frameworks, frameworks[i].Name)
 		}
 		for j := range frameworks[i].Controls {
@@ -30,6 +31,7 @@ func (policies *Policies) Set(frameworks []reporthandling.Framework, version str
 				policies.Controls[frameworks[i].Controls[j].ControlID] = frameworks[i].Controls[j]
 			}
 		}
+
 	}
 }

@@ -38,7 +40,7 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 		return false
 	}
 	if s, ok := attributes["armoOpa"]; ok { // TODO - make global
-		return pkgcautils.StringToBool(s.(string))
+		return boolutils.StringToBool(s.(string))
 	}
 	return false
 }
@@ -49,17 +51,16 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 func isRuleKubescapeVersionCompatible(attributes map[string]interface{}, version string) bool {
 	if from, ok := attributes["useFromKubescapeVersion"]; ok && from != nil {
 		if version != "" {
-			if from.(string) > BuildNumber {
+			if semver.Compare(version, from.(string)) == -1 {
 				return false
 			}
 		}
 	}
 	if until, ok := attributes["useUntilKubescapeVersion"]; ok && until != nil {
-		if version != "" {
-			if until.(string) <= BuildNumber {
-				return false
-			}
-		} else {
+		if version == "" {
+			return false
+		}
+		if semver.Compare(version, until.(string)) >= 0 {
 			return false
 		}
 	}
--- a/core/cautils/display.go
+++ b/core/cautils/display.go
@@ -4,21 +4,11 @@ import (
 	"os"
 	"time"

-	"github.com/briandowns/spinner"
+	spinnerpkg "github.com/briandowns/spinner"
 	"github.com/fatih/color"
 	"github.com/mattn/go-isatty"
 )

-var silent = false
-
-func SetSilentMode(s bool) {
-	silent = s
-}
-
-func IsSilent() bool {
-	return silent
-}
-
 var FailureDisplay = color.New(color.Bold, color.FgHiRed).FprintfFunc()
 var WarningDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
 var FailureTextDisplay = color.New(color.Faint, color.FgHiRed).FprintfFunc()
@@ -28,18 +18,24 @@ var SimpleDisplay = color.New().FprintfFunc()
 var SuccessDisplay = color.New(color.Bold, color.FgHiGreen).FprintfFunc()
 var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()

-var Spinner *spinner.Spinner
+var spinner *spinnerpkg.Spinner

 func StartSpinner() {
-	if !IsSilent() && isatty.IsTerminal(os.Stdout.Fd()) {
-		Spinner = spinner.New(spinner.CharSets[7], 100*time.Millisecond) // Build our new spinner
-		Spinner.Start()
+	if spinner != nil {
+		if !spinner.Active() {
+			spinner.Start()
+		}
+		return
+	}
+	if isatty.IsTerminal(os.Stdout.Fd()) {
+		spinner = spinnerpkg.New(spinnerpkg.CharSets[7], 100*time.Millisecond) // Build our new spinner
+		spinner.Start()
 	}
 }

 func StopSpinner() {
-	if Spinner == nil {
+	if spinner == nil || !spinner.Active() {
 		return
 	}
-	Spinner.Stop()
+	spinner.Stop()
 }
--- a/core/cautils/environments.go
+++ b/core/cautils/environments.go
@@ -0,0 +1,7 @@
+package cautils
+
+// CA environment vars
+var (
+	CustomerGUID = ""
+	ClusterName  = ""
+)
--- a/core/cautils/fileutils.go
+++ b/core/cautils/fileutils.go
@@ -0,0 +1,338 @@
+package cautils
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/opa-utils/objectsenvelopes"
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"gopkg.in/yaml.v2"
+)
+
+var (
+	YAML_PREFIX = []string{"yaml", "yml"}
+	JSON_PREFIX = []string{"json"}
+)
+
+type FileFormat string
+
+const (
+	YAML_FILE_FORMAT FileFormat = "yaml"
+	JSON_FILE_FORMAT FileFormat = "json"
+)
+
+// LoadResourcesFromHelmCharts scans a given path (recuresively) for helm charts, renders the templates and returns a list of workloads
+func LoadResourcesFromHelmCharts(basePath string) map[string][]workloadinterface.IMetadata {
+	directories, _ := listDirs(basePath)
+	helmDirectories := make([]string, 0)
+	for _, dir := range directories {
+		if ok, _ := IsHelmDirectory(dir); ok {
+			helmDirectories = append(helmDirectories, dir)
+		}
+	}
+
+	result := map[string][]workloadinterface.IMetadata{}
+	for _, helmDir := range helmDirectories {
+		chart, err := NewHelmChart(helmDir)
+		if err == nil {
+			wls, errs := chart.GetWorkloadsWithDefaultValues()
+			if len(errs) > 0 {
+				logger.L().Error(fmt.Sprintf("Rendering of Helm chart template failed: %v", errs))
+				continue
+			}
+
+			for k, v := range wls {
+				result[k] = v
+			}
+		}
+	}
+	return result
+}
+
+func LoadResourcesFromFiles(input, rootPath string) map[string][]workloadinterface.IMetadata {
+	files, errs := listFiles(input)
+	if len(errs) > 0 {
+		logger.L().Error(fmt.Sprintf("%v", errs))
+	}
+	if len(files) == 0 {
+		return nil
+	}
+
+	workloads, errs := loadFiles(rootPath, files)
+	if len(errs) > 0 {
+		logger.L().Error(fmt.Sprintf("%v", errs))
+	}
+
+	return workloads
+}
+
+func loadFiles(rootPath string, filePaths []string) (map[string][]workloadinterface.IMetadata, []error) {
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
+	errs := []error{}
+	for i := range filePaths {
+		f, err := loadFile(filePaths[i])
+		if err != nil {
+			errs = append(errs, err)
+			continue
+		}
+		if len(f) == 0 {
+			continue // empty file
+		}
+
+		w, e := ReadFile(f, GetFileFormat(filePaths[i]))
+		if e != nil {
+			logger.L().Debug("failed to read file", helpers.String("file", filePaths[i]), helpers.Error(e))
+		}
+		if len(w) != 0 {
+			path := filePaths[i]
+			if _, ok := workloads[path]; !ok {
+				workloads[path] = []workloadinterface.IMetadata{}
+			}
+			wSlice := workloads[path]
+			for j := range w {
+				lw := localworkload.NewLocalWorkload(w[j].GetObject())
+				if relPath, err := filepath.Rel(rootPath, path); err == nil {
+					lw.SetPath(relPath)
+				} else {
+					lw.SetPath(path)
+				}
+				wSlice = append(wSlice, lw)
+			}
+			workloads[path] = wSlice
+		}
+	}
+	return workloads, errs
+}
+
+func loadFile(filePath string) ([]byte, error) {
+	return os.ReadFile(filePath)
+}
+func ReadFile(fileContent []byte, fileFormat FileFormat) ([]workloadinterface.IMetadata, error) {
+
+	switch fileFormat {
+	case YAML_FILE_FORMAT:
+		return readYamlFile(fileContent)
+	case JSON_FILE_FORMAT:
+		return readJsonFile(fileContent)
+	default:
+		return nil, nil
+	}
+}
+
+// listFiles returns the list of absolute paths, full file path and list of errors. The list of abs paths and full path have the same length
+func listFiles(pattern string) ([]string, []error) {
+	return listFilesOrDirectories(pattern, false)
+}
+
+// listDirs returns the list of absolute paths, full directories path and list of errors. The list of abs paths and full path have the same length
+func listDirs(pattern string) ([]string, []error) {
+	return listFilesOrDirectories(pattern, true)
+}
+
+func listFilesOrDirectories(pattern string, onlyDirectories bool) ([]string, []error) {
+	var paths []string
+	errs := []error{}
+
+	if !filepath.IsAbs(pattern) {
+		o, _ := os.Getwd()
+		pattern = filepath.Join(o, pattern)
+	}
+
+	if !onlyDirectories && IsFile(pattern) {
+		paths = append(paths, pattern)
+		return paths, errs
+	}
+
+	root, shouldMatch := filepath.Split(pattern)
+
+	if IsDir(pattern) {
+		root = pattern
+		shouldMatch = "*"
+	}
+	if shouldMatch == "" {
+		shouldMatch = "*"
+	}
+
+	f, err := glob(root, shouldMatch, onlyDirectories)
+	if err != nil {
+		errs = append(errs, err)
+	} else {
+		paths = append(paths, f...)
+	}
+
+	return paths, errs
+}
+
+func readYamlFile(yamlFile []byte) ([]workloadinterface.IMetadata, error) {
+	defer recover()
+
+	r := bytes.NewReader(yamlFile)
+	dec := yaml.NewDecoder(r)
+	yamlObjs := []workloadinterface.IMetadata{}
+
+	var t interface{}
+	for dec.Decode(&t) == nil {
+		j := convertYamlToJson(t)
+		if j == nil {
+			continue
+		}
+		if obj, ok := j.(map[string]interface{}); ok {
+			if o := objectsenvelopes.NewObject(obj); o != nil {
+				if o.GetKind() == "List" {
+					yamlObjs = append(yamlObjs, handleListObject(o)...)
+				} else {
+					yamlObjs = append(yamlObjs, o)
+				}
+			}
+		}
+	}
+
+	return yamlObjs, nil
+}
+
+func readJsonFile(jsonFile []byte) ([]workloadinterface.IMetadata, error) {
+	workloads := []workloadinterface.IMetadata{}
+	var jsonObj interface{}
+	if err := json.Unmarshal(jsonFile, &jsonObj); err != nil {
+		return workloads, err
+	}
+
+	convertJsonToWorkload(jsonObj, &workloads)
+
+	return workloads, nil
+}
+func convertJsonToWorkload(jsonObj interface{}, workloads *[]workloadinterface.IMetadata) {
+
+	switch x := jsonObj.(type) {
+	case map[string]interface{}:
+		if o := objectsenvelopes.NewObject(x); o != nil {
+			(*workloads) = append(*workloads, o)
+		}
+	case []interface{}:
+		for i := range x {
+			convertJsonToWorkload(x[i], workloads)
+		}
+	}
+}
+func convertYamlToJson(i interface{}) interface{} {
+	switch x := i.(type) {
+	case map[interface{}]interface{}:
+		m2 := map[string]interface{}{}
+		for k, v := range x {
+			if s, ok := k.(string); ok {
+				m2[s] = convertYamlToJson(v)
+			}
+		}
+		return m2
+	case []interface{}:
+		for i, v := range x {
+			x[i] = convertYamlToJson(v)
+		}
+	}
+	return i
+}
+
+func IsYaml(filePath string) bool {
+	return StringInSlice(YAML_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
+}
+
+func IsJson(filePath string) bool {
+	return StringInSlice(JSON_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
+}
+
+func glob(root, pattern string, onlyDirectories bool) ([]string, error) {
+	var matches []string
+
+	err := filepath.Walk(root, func(path string, info os.FileInfo, err error) error {
+		if err != nil {
+			return err
+		}
+
+		// listing only directotries
+		if onlyDirectories {
+			if info.IsDir() {
+				if matched, err := filepath.Match(pattern, filepath.Base(path)); err != nil {
+					return err
+				} else if matched {
+					matches = append(matches, path)
+				}
+			}
+			return nil
+		}
+
+		// listing only files
+		if info.IsDir() {
+			return nil
+		}
+		fileFormat := GetFileFormat(path)
+		if !(fileFormat == JSON_FILE_FORMAT || fileFormat == YAML_FILE_FORMAT) {
+			return nil
+		}
+		if matched, err := filepath.Match(pattern, filepath.Base(path)); err != nil {
+			return err
+		} else if matched {
+			matches = append(matches, path)
+		}
+
+		return nil
+	})
+	if err != nil {
+		return nil, err
+	}
+	return matches, nil
+}
+
+// IsFile checks if a given path is a file
+func IsFile(name string) bool {
+	if fi, err := os.Stat(name); err == nil {
+		if fi.Mode().IsRegular() {
+			return true
+		}
+	}
+	return false
+}
+
+// IsDir checks if a given path is a directory
+func IsDir(name string) bool {
+	if info, err := os.Stat(name); err == nil {
+		if info.IsDir() {
+			return true
+		}
+	}
+	return false
+}
+
+func GetFileFormat(filePath string) FileFormat {
+	if IsYaml(filePath) {
+		return YAML_FILE_FORMAT
+	} else if IsJson(filePath) {
+		return JSON_FILE_FORMAT
+	} else {
+		return FileFormat(filePath)
+	}
+}
+
+// handleListObject handle a List manifest
+func handleListObject(obj workloadinterface.IMetadata) []workloadinterface.IMetadata {
+	yamlObjs := []workloadinterface.IMetadata{}
+	if i, ok := workloadinterface.InspectMap(obj.GetObject(), "items"); ok && i != nil {
+		if items, ok := i.([]interface{}); ok && items != nil {
+			for item := range items {
+				if m, ok := items[item].(map[string]interface{}); ok && m != nil {
+					if o := objectsenvelopes.NewObject(m); o != nil {
+						yamlObjs = append(yamlObjs, o)
+					}
+				}
+			}
+		}
+	}
+	return yamlObjs
+}
--- a/core/cautils/fileutils_test.go
+++ b/core/cautils/fileutils_test.go
@@ -0,0 +1,104 @@
+package cautils
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"github.com/stretchr/testify/assert"
+)
+
+func onlineBoutiquePath() string {
+	o, _ := os.Getwd()
+	return filepath.Join(filepath.Dir(o), "..", "examples", "online-boutique")
+}
+
+func helmChartPath() string {
+	o, _ := os.Getwd()
+	return filepath.Join(filepath.Dir(o), "..", "examples", "helm_chart")
+}
+
+func TestListFiles(t *testing.T) {
+
+	filesPath := onlineBoutiquePath()
+
+	files, errs := listFiles(filesPath)
+	assert.Equal(t, 0, len(errs))
+	assert.Equal(t, 12, len(files))
+}
+
+func TestLoadResourcesFromFiles(t *testing.T) {
+	workloads := LoadResourcesFromFiles(onlineBoutiquePath(), "")
+	assert.Equal(t, 12, len(workloads))
+
+	for i, w := range workloads {
+		switch filepath.Base(i) {
+		case "adservice.yaml":
+			assert.Equal(t, 2, len(w))
+			assert.Equal(t, "apps/v1//Deployment/adservice", getRelativePath(w[0].GetID()))
+			assert.Equal(t, "/v1//Service/adservice", getRelativePath(w[1].GetID()))
+		}
+	}
+}
+
+func TestLoadResourcesFromHelmCharts(t *testing.T) {
+	sourceToWorkloads := LoadResourcesFromHelmCharts(helmChartPath())
+	assert.Equal(t, 6, len(sourceToWorkloads))
+
+	for file, workloads := range sourceToWorkloads {
+		assert.Equalf(t, 1, len(workloads), "expected 1 workload in file %s", file)
+
+		w := workloads[0]
+		assert.True(t, localworkload.IsTypeLocalWorkload(w.GetObject()), "Expected localworkload as object type")
+
+		switch filepath.Base(file) {
+		case "serviceaccount.yaml":
+			assert.Equal(t, "/v1//ServiceAccount/kubescape-discovery", getRelativePath(w.GetID()))
+		case "clusterrole.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//ClusterRole/-kubescape", getRelativePath(w.GetID()))
+		case "cronjob.yaml":
+			assert.Equal(t, "batch/v1//CronJob/-kubescape", getRelativePath(w.GetID()))
+		case "role.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//Role/-kubescape", getRelativePath(w.GetID()))
+		case "rolebinding.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//RoleBinding/-kubescape", getRelativePath(w.GetID()))
+		case "clusterrolebinding.yaml":
+			assert.Equal(t, "rbac.authorization.k8s.io/v1//ClusterRoleBinding/-kubescape", getRelativePath(w.GetID()))
+		default:
+			assert.Failf(t, "missing case for file: %s", filepath.Base(file))
+		}
+	}
+}
+
+func TestLoadFiles(t *testing.T) {
+	files, _ := listFiles(onlineBoutiquePath())
+	_, err := loadFiles("", files)
+	assert.Equal(t, 0, len(err))
+}
+
+func TestListDirs(t *testing.T) {
+	dirs, _ := listDirs(filepath.Join(onlineBoutiquePath(), "adservice.yaml"))
+	assert.Equal(t, 0, len(dirs))
+
+	expectedDirs := []string{filepath.Join("examples", "helm_chart"), filepath.Join("examples", "helm_chart", "templates")}
+	dirs, _ = listDirs(helmChartPath())
+	assert.Equal(t, len(expectedDirs), len(dirs))
+	for i := range expectedDirs {
+		assert.Contains(t, dirs[i], expectedDirs[i])
+	}
+}
+
+func TestLoadFile(t *testing.T) {
+	files, _ := listFiles(filepath.Join(onlineBoutiquePath(), "adservice.yaml"))
+	assert.Equal(t, 1, len(files))
+
+	_, err := loadFile(files[0])
+	assert.NoError(t, err)
+}
+
+func getRelativePath(p string) string {
+	pp := strings.SplitAfter(p, "api=")
+	return pp[1]
+}
--- a/core/cautils/floatutils.go
+++ b/core/cautils/floatutils.go
@@ -0,0 +1,18 @@
+package cautils
+
+import "math"
+
+// Float64ToInt convert float64 to int
+func Float64ToInt(x float64) int {
+	return int(math.Round(x))
+}
+
+// Float32ToInt convert float32 to int
+func Float32ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}
+
+// Float16ToInt convert float16 to int
+func Float16ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}
--- a/core/cautils/floatutils_test.go
+++ b/core/cautils/floatutils_test.go
@@ -0,0 +1,24 @@
+package cautils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFloat64ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float64ToInt(3.49))
+	assert.Equal(t, 4, Float64ToInt(3.5))
+	assert.Equal(t, 4, Float64ToInt(3.51))
+}
+
+func TestFloat32ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float32ToInt(3.49))
+	assert.Equal(t, 4, Float32ToInt(3.5))
+	assert.Equal(t, 4, Float32ToInt(3.51))
+}
+func TestFloat16ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float16ToInt(3.49))
+	assert.Equal(t, 4, Float16ToInt(3.5))
+	assert.Equal(t, 4, Float16ToInt(3.51))
+}
--- a/core/cautils/getter/armoapi.go
+++ b/core/cautils/getter/armoapi.go
@@ -10,8 +10,8 @@ import (
 	"time"

 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/armosec/opa-utils/reporthandling"
 )

@@ -21,15 +21,20 @@ import (

 var (
 	// ATTENTION!!!
-	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFULL
+	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFUL
 	armoERURL   = "report.armo.cloud"
 	armoBEURL   = "api.armo.cloud"
 	armoFEURL   = "portal.armo.cloud"
 	armoAUTHURL = "auth.armo.cloud"

+	armoStageERURL   = "report-ks.eustage2.cyberarmorsoft.com"
+	armoStageBEURL   = "api-stage.armo.cloud"
+	armoStageFEURL   = "armoui.eustage2.cyberarmorsoft.com"
+	armoStageAUTHURL = "eggauth.eustage2.cyberarmorsoft.com"
+
 	armoDevERURL   = "report.eudev3.cyberarmorsoft.com"
 	armoDevBEURL   = "api-dev.armo.cloud"
-	armoDevFEURL   = "armoui-dev.eudev3.cyberarmorsoft.com"
+	armoDevFEURL   = "cloud-dev.armosec.io"
 	armoDevAUTHURL = "eggauth.eudev3.cyberarmorsoft.com"
 )

@@ -57,7 +62,8 @@ func SetARMOAPIConnector(armoAPI *ArmoAPI) {

 func GetArmoAPIConnector() *ArmoAPI {
 	if globalArmoAPIConnector == nil {
-		logger.L().Error("returning nil API connector")
+		// logger.L().Error("returning nil API connector")
+		SetARMOAPIConnector(NewARMOAPIProd())
 	}
 	return globalArmoAPIConnector
 }
@@ -84,6 +90,17 @@ func NewARMOAPIProd() *ArmoAPI {
 	return apiObj
 }

+func NewARMOAPIStaging() *ArmoAPI {
+	apiObj := newArmoAPI()
+
+	apiObj.apiURL = armoStageBEURL
+	apiObj.erURL = armoStageERURL
+	apiObj.feURL = armoStageFEURL
+	apiObj.authURL = armoStageAUTHURL
+
+	return apiObj
+}
+
 func NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL string) *ArmoAPI {
 	apiObj := newArmoAPI()

@@ -110,6 +127,13 @@ func (armoAPI *ArmoAPI) Post(fullURL string, headers map[string]string, body []b
 	return HttpPost(armoAPI.httpClient, fullURL, headers, body)
 }

+func (armoAPI *ArmoAPI) Delete(fullURL string, headers map[string]string) (string, error) {
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+	armoAPI.appendAuthHeaders(headers)
+	return HttpDelete(armoAPI.httpClient, fullURL, headers)
+}
 func (armoAPI *ArmoAPI) Get(fullURL string, headers map[string]string) (string, error) {
 	if headers == nil {
 		headers = make(map[string]string)
@@ -123,7 +147,8 @@ func (armoAPI *ArmoAPI) IsLoggedIn() bool              { return armoAPI.loggedIn
 func (armoAPI *ArmoAPI) GetClientID() string           { return armoAPI.clientID }
 func (armoAPI *ArmoAPI) GetSecretKey() string          { return armoAPI.secretKey }
 func (armoAPI *ArmoAPI) GetFrontendURL() string        { return armoAPI.feURL }
-func (armoAPI *ArmoAPI) GetAPIURL() string             { return armoAPI.apiURL }
+func (armoAPI *ArmoAPI) GetApiURL() string             { return armoAPI.apiURL }
+func (armoAPI *ArmoAPI) GetAuthURL() string            { return armoAPI.authURL }
 func (armoAPI *ArmoAPI) GetReportReceiverURL() string  { return armoAPI.erURL }
 func (armoAPI *ArmoAPI) SetAccountID(accountID string) { armoAPI.accountID = accountID }
 func (armoAPI *ArmoAPI) SetClientID(clientID string)   { armoAPI.clientID = clientID }
@@ -139,7 +164,6 @@ func (armoAPI *ArmoAPI) GetFramework(name string) (*reporthandling.Framework, er
 	if err = JSONDecoder(respStr).Decode(framework); err != nil {
 		return nil, err
 	}
-	SaveInFile(framework, GetDefaultPath(name+".json"))

 	return framework, err
 }
@@ -209,7 +233,14 @@ func (armoAPI *ArmoAPI) GetAccountConfig(clusterName string) (*armotypes.Custome
 	}

 	if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
-		return nil, err
+		// try with default scope
+		respStr, err = armoAPI.Get(armoAPI.getAccountConfigDefault(clusterName), nil)
+		if err != nil {
+			return nil, err
+		}
+		if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
+			return nil, err
+		}
 	}

 	return accountConfig, nil
@@ -277,7 +308,7 @@ func (armoAPI *ArmoAPI) PostExceptions(exceptions []armotypes.PostureExceptionPo
 		if err != nil {
 			return err
 		}
-		_, err = armoAPI.Post(armoAPI.postExceptionsURL(), map[string]string{"Content-Type": "application/json"}, ex)
+		_, err = armoAPI.Post(armoAPI.exceptionsURL(""), map[string]string{"Content-Type": "application/json"}, ex)
 		if err != nil {
 			return err
 		}
@@ -285,6 +316,14 @@ func (armoAPI *ArmoAPI) PostExceptions(exceptions []armotypes.PostureExceptionPo
 	return nil
 }

+func (armoAPI *ArmoAPI) DeleteException(exceptionName string) error {
+
+	_, err := armoAPI.Delete(armoAPI.exceptionsURL(exceptionName), nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
 func (armoAPI *ArmoAPI) Login() error {
 	if armoAPI.accountID == "" {
 		return fmt.Errorf("failed to login, missing accountID")
--- a/core/cautils/getter/armoapiutils.go
+++ b/core/cautils/getter/armoapiutils.go
@@ -13,11 +13,10 @@ var NativeFrameworks = []string{"nsa", "mitre", "armobest", "devopsbest"}

 func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
-	q.Add("customerGUID", armoAPI.accountID)
+	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
 	if isNativeFramework(frameworkName) {
 		q.Add("frameworkName", strings.ToUpper(frameworkName))
 	} else {
@@ -31,23 +30,21 @@ func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {

 func (armoAPI *ArmoAPI) getListFrameworkURL() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
-	q.Add("customerGUID", armoAPI.accountID)
+	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
 	u.RawQuery = q.Encode()

 	return u.String()
 }
 func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoPostureExceptions"

 	q := u.Query()
-	q.Add("customerGUID", armoAPI.accountID)
+	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
 	// if clusterName != "" { // TODO - fix customer name support in Armo BE
 	// 	q.Add("clusterName", clusterName)
 	// }
@@ -56,27 +53,35 @@ func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 	return u.String()
 }

-func (armoAPI *ArmoAPI) postExceptionsURL() string {
+func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/postureExceptionPolicy"

 	q := u.Query()
-	q.Add("customerGUID", armoAPI.accountID)
+	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
+	if exceptionsPolicyName != "" { // for delete
+		q.Add("policyName", exceptionsPolicyName)
+	}
+
 	u.RawQuery = q.Encode()

 	return u.String()
 }

+func (armoAPI *ArmoAPI) getAccountConfigDefault(clusterName string) string {
+	config := armoAPI.getAccountConfig(clusterName)
+	url := config + "&scope=customer"
+	return url
+}
+
 func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/armoCustomerConfiguration"

 	q := u.Query()
-	q.Add("customerGUID", armoAPI.accountID)
+	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
 	if clusterName != "" { // TODO - fix customer name support in Armo BE
 		q.Add("clusterName", clusterName)
 	}
@@ -87,24 +92,21 @@ func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {

 func (armoAPI *ArmoAPI) getAccountURL() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/createTenant"
 	return u.String()
 }

 func (armoAPI *ArmoAPI) getApiToken() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.authURL
-	u.Path = "frontegg/identity/resources/auth/v1/api-token"
+	u.Scheme, u.Host = parseHost(armoAPI.GetAuthURL())
+	u.Path = "identity/resources/auth/v1/api-token"
 	return u.String()
 }

 func (armoAPI *ArmoAPI) getOpenidCustomers() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Scheme, u.Host = parseHost(armoAPI.GetApiURL())
 	u.Path = "api/v1/openid_customers"
 	return u.String()
 }
@@ -156,3 +158,19 @@ func (armoAPI *ArmoAPI) appendAuthHeaders(headers map[string]string) {
 		headers["Cookie"] = fmt.Sprintf("auth=%s", armoAPI.authCookie)
 	}
 }
+
+func (armoAPI *ArmoAPI) getCustomerGUIDFallBack() string {
+	if armoAPI.accountID != "" {
+		return armoAPI.accountID
+	}
+	return "11111111-1111-1111-1111-111111111111"
+}
+
+func parseHost(host string) (string, string) {
+	if strings.HasPrefix(host, "http://") {
+		return "http", strings.Replace(host, "http://", "", 1)
+	}
+
+	// default scheme
+	return "https", strings.Replace(host, "https://", "", 1)
+}
--- a/core/cautils/getter/datastructures.go
+++ b/core/cautils/getter/datastructures.go
--- a/core/cautils/getter/downloadreleasedpolicy.go
+++ b/core/cautils/getter/downloadreleasedpolicy.go
--- a/core/cautils/getter/getpolicies.go
+++ b/core/cautils/getter/getpolicies.go
--- a/core/cautils/getter/getpoliciesutils.go
+++ b/core/cautils/getter/getpoliciesutils.go
@@ -13,11 +13,7 @@ import (
 )

 func GetDefaultPath(name string) string {
-	defaultfilePath := filepath.Join(DefaultLocalStore, name)
-	if homeDir, err := os.UserHomeDir(); err == nil {
-		defaultfilePath = filepath.Join(homeDir, defaultfilePath)
-	}
-	return defaultfilePath
+	return filepath.Join(DefaultLocalStore, name)
 }

 func SaveInFile(policy interface{}, pathStr string) error {
@@ -51,6 +47,24 @@ func JSONDecoder(origin string) *json.Decoder {
 	return dec
 }

+func HttpDelete(httpClient *http.Client, fullURL string, headers map[string]string) (string, error) {
+
+	req, err := http.NewRequest("DELETE", fullURL, nil)
+	if err != nil {
+		return "", err
+	}
+	setHeaders(req, headers)
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		return "", err
+	}
+	respStr, err := httpRespToString(resp)
+	if err != nil {
+		return "", err
+	}
+	return respStr, nil
+}
 func HttpGetter(httpClient *http.Client, fullURL string, headers map[string]string) (string, error) {

 	req, err := http.NewRequest("GET", fullURL, nil)
--- a/core/cautils/getter/loadpolicy.go
+++ b/core/cautils/getter/loadpolicy.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"

 	"github.com/armosec/armoapi-go/armotypes"
@@ -13,7 +14,15 @@ import (
 // =======================================================================================================================
 // ============================================== LoadPolicy =============================================================
 // =======================================================================================================================
-const DefaultLocalStore = ".kubescape"
+var DefaultLocalStore = getCacheDir()
+
+func getCacheDir() string {
+	defaultDirPath := ".kubescape"
+	if homeDir, err := os.UserHomeDir(); err == nil {
+		defaultDirPath = filepath.Join(homeDir, defaultDirPath)
+	}
+	return defaultDirPath
+}

 // Load policies from a local repository
 type LoadPolicy struct {
--- a/core/cautils/getter/loadpolicy_test.go
+++ b/core/cautils/getter/loadpolicy_test.go
--- a/core/cautils/helmchart.go
+++ b/core/cautils/helmchart.go
@@ -0,0 +1,91 @@
+package cautils
+
+import (
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	helmchart "helm.sh/helm/v3/pkg/chart"
+	helmloader "helm.sh/helm/v3/pkg/chart/loader"
+	helmchartutil "helm.sh/helm/v3/pkg/chartutil"
+	helmengine "helm.sh/helm/v3/pkg/engine"
+)
+
+type HelmChart struct {
+	chart *helmchart.Chart
+	path  string
+}
+
+func IsHelmDirectory(path string) (bool, error) {
+	return helmchartutil.IsChartDir(path)
+}
+
+func NewHelmChart(path string) (*HelmChart, error) {
+	chart, err := helmloader.Load(path)
+	if err != nil {
+		return nil, err
+	}
+
+	return &HelmChart{
+		chart: chart,
+		path:  path,
+	}, nil
+}
+
+func (hc *HelmChart) GetName() string {
+	return hc.chart.Name()
+}
+
+func (hc *HelmChart) GetDefaultValues() map[string]interface{} {
+	return hc.chart.Values
+}
+
+// GetWorkloads renders chart template using the default values and returns a map of source file to its workloads
+func (hc *HelmChart) GetWorkloadsWithDefaultValues() (map[string][]workloadinterface.IMetadata, []error) {
+	return hc.GetWorkloads(hc.GetDefaultValues())
+}
+
+// GetWorkloads renders chart template using the provided values and returns a map of source (absolute) file path to its workloads
+func (hc *HelmChart) GetWorkloads(values map[string]interface{}) (map[string][]workloadinterface.IMetadata, []error) {
+	vals, err := helmchartutil.ToRenderValues(hc.chart, values, helmchartutil.ReleaseOptions{}, nil)
+	if err != nil {
+		return nil, []error{err}
+	}
+
+	sourceToFile, err := helmengine.Render(hc.chart, vals)
+	if err != nil {
+		return nil, []error{err}
+	}
+
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
+	errs := []error{}
+
+	for path, renderedYaml := range sourceToFile {
+		if !IsYaml(strings.ToLower(path)) {
+			continue
+		}
+
+		wls, e := ReadFile([]byte(renderedYaml), YAML_FILE_FORMAT)
+		if e != nil {
+			logger.L().Debug("failed to read rendered yaml file", helpers.String("file", path), helpers.Error(e))
+		}
+		if len(wls) == 0 {
+			continue
+		}
+		// separate base path and file name. We do not use the os.Separator because the paths returned from the helm engine are not OS specific (e.g. mychart/templates/myfile.yaml)
+		if firstPathSeparatorIndex := strings.Index(path, string("/")); firstPathSeparatorIndex != -1 {
+			absPath := filepath.Join(hc.path, path[firstPathSeparatorIndex:])
+
+			workloads[absPath] = []workloadinterface.IMetadata{}
+			for i := range wls {
+				lw := localworkload.NewLocalWorkload(wls[i].GetObject())
+				lw.SetPath(absPath)
+				workloads[absPath] = append(workloads[absPath], lw)
+			}
+		}
+	}
+	return workloads, errs
+}
--- a/core/cautils/helmchart_test.go
+++ b/core/cautils/helmchart_test.go
@@ -0,0 +1,133 @@
+package cautils
+
+import (
+	_ "embed"
+	"encoding/json"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/armosec/opa-utils/objectsenvelopes/localworkload"
+	"github.com/stretchr/testify/suite"
+)
+
+type HelmChartTestSuite struct {
+	suite.Suite
+	helmChartPath         string
+	expectedFiles         []string
+	expectedDefaultValues map[string]interface{}
+}
+
+func TestHelmChartTestSuite(t *testing.T) {
+	suite.Run(t, new(HelmChartTestSuite))
+}
+
+func (s *HelmChartTestSuite) SetupSuite() {
+	o, _ := os.Getwd()
+
+	s.helmChartPath = filepath.Join(filepath.Dir(o), "..", "examples", "helm_chart")
+
+	s.expectedFiles = []string{
+		filepath.Join(s.helmChartPath, "templates", "clusterrolebinding.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "clusterrole.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "serviceaccount.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "rolebinding.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "role.yaml"),
+		filepath.Join(s.helmChartPath, "templates", "cronjob.yaml"),
+	}
+
+	var obj interface{}
+	file, _ := ioutil.ReadFile(filepath.Join("testdata", "helm_expected_default_values.json"))
+	_ = json.Unmarshal([]byte(file), &obj)
+	s.expectedDefaultValues = obj.(map[string]interface{})
+}
+
+func (s *HelmChartTestSuite) TestInvalidHelmDirectory() {
+	_, err := NewHelmChart("/invalid_path")
+	s.Error(err)
+}
+
+func (s *HelmChartTestSuite) TestValidHelmDirectory() {
+	chart, err := NewHelmChart(s.helmChartPath)
+	s.NoError(err)
+	s.NotNil(chart)
+}
+
+func (s *HelmChartTestSuite) TestGetName() {
+	chart, _ := NewHelmChart(s.helmChartPath)
+	s.Equal("kubescape", chart.GetName())
+}
+
+func (s *HelmChartTestSuite) TestGetDefaultValues() {
+	chart, _ := NewHelmChart(s.helmChartPath)
+
+	values := chart.GetDefaultValues()
+
+	valuesJson, _ := json.Marshal(values)
+	expectedValuesJson, _ := json.Marshal(s.expectedDefaultValues)
+
+	s.JSONEq(string(valuesJson), string(expectedValuesJson))
+}
+
+func (s *HelmChartTestSuite) TestGetWorkloadsWithOverride() {
+	chart, err := NewHelmChart(s.helmChartPath)
+	s.NoError(err, "Expected a valid helm chart")
+
+	values := chart.GetDefaultValues()
+
+	// Default pullPolicy value = Always
+	pullPolicyValue := values["image"].(map[string]interface{})["pullPolicy"].(string)
+	s.Equal(pullPolicyValue, "Always")
+
+	// Override default value
+	values["image"].(map[string]interface{})["pullPolicy"] = "Never"
+
+	fileToWorkloads, errs := chart.GetWorkloads(values)
+	s.Len(errs, 0)
+
+	s.Lenf(fileToWorkloads, len(s.expectedFiles), "Expected %d files", len(s.expectedFiles))
+
+	for _, expectedFile := range s.expectedFiles {
+		s.Contains(fileToWorkloads, expectedFile)
+		s.FileExists(expectedFile)
+		s.GreaterOrEqualf(len(fileToWorkloads[expectedFile]), 1, "Expected at least one workload in %q", expectedFile)
+
+		for i := range fileToWorkloads[expectedFile] {
+			pathInWorkload := fileToWorkloads[expectedFile][i].(*localworkload.LocalWorkload).GetPath()
+			s.Equal(pathInWorkload, expectedFile, "Expected GetPath() to return a valid path on workload")
+		}
+
+		if strings.Contains(expectedFile, "cronjob.yaml") {
+			jsonBytes, _ := json.Marshal(fileToWorkloads[expectedFile][0].GetObject())
+			s.Contains(string(jsonBytes), "\"imagePullPolicy\":\"Never\"", "Expected to overriden value of imagePullPolicy to be 'Never'")
+		}
+	}
+}
+
+func (s *HelmChartTestSuite) TestGetWorkloadsMissingValue() {
+	chart, _ := NewHelmChart(s.helmChartPath)
+
+	values := chart.GetDefaultValues()
+	delete(values, "image")
+
+	fileToWorkloads, errs := chart.GetWorkloads(values)
+	s.Nil(fileToWorkloads)
+	s.Len(errs, 1, "Expected an error due to missing value")
+
+	expectedErrMsg := "<.Values.image.repository>: nil pointer"
+	s.Containsf(errs[0].Error(), expectedErrMsg, "expected error containing %q, got %q", expectedErrMsg, errs[0])
+}
+
+func (s *HelmChartTestSuite) TestIsHelmDirectory() {
+	ok, err := IsHelmDirectory(s.helmChartPath)
+	s.True(ok)
+	s.NoError(err)
+
+	o, _ := os.Getwd()
+	nonHelmDir := filepath.Join(filepath.Dir(o), "../examples/online-boutique")
+	ok, err = IsHelmDirectory(nonHelmDir)
+	s.False(ok)
+	s.Contains(err.Error(), "no Chart.yaml exists in directory")
+}
--- a/core/cautils/jsonutils.go
+++ b/core/cautils/jsonutils.go
--- a/core/cautils/localgitrepository.go
+++ b/core/cautils/localgitrepository.go
@@ -0,0 +1,127 @@
+package cautils
+
+import (
+	"fmt"
+	"path"
+	"strings"
+
+	"github.com/armosec/go-git-url/apis"
+	gitv5 "github.com/go-git/go-git/v5"
+	configv5 "github.com/go-git/go-git/v5/config"
+	plumbingv5 "github.com/go-git/go-git/v5/plumbing"
+)
+
+type LocalGitRepository struct {
+	repo   *gitv5.Repository
+	head   *plumbingv5.Reference
+	config *configv5.Config
+}
+
+func NewLocalGitRepository(path string) (*LocalGitRepository, error) {
+	gitRepo, err := gitv5.PlainOpenWithOptions(path, &gitv5.PlainOpenOptions{DetectDotGit: true})
+	if err != nil {
+		return nil, err
+	}
+
+	head, err := gitRepo.Head()
+	if err != nil {
+		return nil, err
+	}
+
+	if !head.Name().IsBranch() {
+		return nil, fmt.Errorf("current HEAD reference is not a branch")
+	}
+
+	config, err := gitRepo.Config()
+	if err != nil {
+		return nil, err
+	}
+
+	return &LocalGitRepository{
+		repo:   gitRepo,
+		head:   head,
+		config: config,
+	}, nil
+}
+
+// GetBranchName get current branch name
+func (g *LocalGitRepository) GetBranchName() string {
+	return g.head.Name().Short()
+}
+
+// GetRemoteUrl get default remote URL
+func (g *LocalGitRepository) GetRemoteUrl() (string, error) {
+	branchName := g.GetBranchName()
+	if branchRef, branchFound := g.config.Branches[branchName]; branchFound {
+		remoteName := branchRef.Remote
+		if len(g.config.Remotes[remoteName].URLs) == 0 {
+			return "", fmt.Errorf("expected to find URLs for remote '%s', branch '%s'", remoteName, branchName)
+		}
+		return g.config.Remotes[remoteName].URLs[0], nil
+	}
+
+	const defaultRemoteName string = "origin"
+	if len(g.config.Remotes[defaultRemoteName].URLs) == 0 {
+		return "", fmt.Errorf("expected to find URLs for remote '%s'", defaultRemoteName)
+	}
+	return g.config.Remotes[defaultRemoteName].URLs[0], nil
+}
+
+// GetName get origin name without the .git suffix
+func (g *LocalGitRepository) GetName() (string, error) {
+	originUrl, err := g.GetRemoteUrl()
+	if err != nil {
+		return "", err
+	}
+	baseName := path.Base(originUrl)
+	// remove .git
+	return strings.TrimSuffix(baseName, ".git"), nil
+}
+
+// GetLastCommit get latest commit object
+func (g *LocalGitRepository) GetLastCommit() (*apis.Commit, error) {
+	return g.GetFileLastCommit("")
+}
+
+// GetFileLastCommit get file latest commit object, if empty will return latest commit
+func (g *LocalGitRepository) GetFileLastCommit(filePath string) (*apis.Commit, error) {
+	// By default, returns commit information from current HEAD
+	logOptions := &gitv5.LogOptions{}
+
+	if filePath != "" {
+		logOptions.FileName = &filePath
+		logOptions.Order = gitv5.LogOrderCommitterTime // faster -> LogOrderDFSPost
+	}
+
+	cIter, err := g.repo.Log(logOptions)
+	if err != nil {
+		return nil, err
+	}
+
+	commit, err := cIter.Next()
+	defer cIter.Close()
+	if err != nil {
+		return nil, err
+	}
+
+	return &apis.Commit{
+		SHA: commit.Hash.String(),
+		Author: apis.Committer{
+			Name:  commit.Author.Name,
+			Email: commit.Author.Email,
+			Date:  commit.Author.When,
+		},
+		Message:   commit.Message,
+		Committer: apis.Committer{},
+		Files:     []apis.Files{},
+	}, nil
+}
+
+func (g *LocalGitRepository) GetRootDir() (string, error) {
+	wt, err := g.repo.Worktree()
+	if err != nil {
+		return "", fmt.Errorf("failed to get repo root")
+	}
+
+	return wt.Filesystem.Root(), nil
+}
--- a/core/cautils/localgitrepository_test.go
+++ b/core/cautils/localgitrepository_test.go
@@ -0,0 +1,154 @@
+package cautils
+
+import (
+	"archive/zip"
+	"fmt"
+	"io"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/suite"
+)
+
+type LocalGitRepositoryTestSuite struct {
+	suite.Suite
+	archive           *zip.ReadCloser
+	gitRepositoryPath string
+	destinationPath   string
+}
+
+func unzipFile(zipPath, destinationFolder string) (*zip.ReadCloser, error) {
+	archive, err := zip.OpenReader(zipPath)
+	if err != nil {
+		return nil, err
+	}
+	for _, f := range archive.File {
+		filePath := filepath.Join(destinationFolder, f.Name)
+		if !strings.HasPrefix(filePath, filepath.Clean(destinationFolder)+string(os.PathSeparator)) {
+			return nil, fmt.Errorf("invalid file path")
+		}
+		if f.FileInfo().IsDir() {
+			os.MkdirAll(filePath, os.ModePerm)
+			continue
+		}
+
+		if err := os.MkdirAll(filepath.Dir(filePath), os.ModePerm); err != nil {
+			return nil, err
+		}
+
+		dstFile, err := os.OpenFile(filePath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, f.Mode())
+		if err != nil {
+			return nil, err
+		}
+
+		fileInArchive, err := f.Open()
+		if err != nil {
+			return nil, err
+		}
+
+		if _, err := io.Copy(dstFile, fileInArchive); err != nil {
+			return nil, err
+		}
+
+		dstFile.Close()
+		fileInArchive.Close()
+	}
+
+	return archive, err
+
+}
+
+func (s *LocalGitRepositoryTestSuite) SetupSuite() {
+	zippedFixturePath := filepath.Join(".", "testdata", "localrepo.git")
+	destinationPath := filepath.Join(".", "testdata", "temp")
+	gitRepositoryPath := filepath.Join(destinationPath, "localrepo")
+
+	os.RemoveAll(destinationPath)
+	archive, err := unzipFile(zippedFixturePath, destinationPath)
+
+	if err == nil {
+		s.archive = archive
+		s.gitRepositoryPath = gitRepositoryPath
+		s.destinationPath = destinationPath
+	}
+}
+
+func TestLocalGitRepositoryTestSuite(t *testing.T) {
+	suite.Run(t, new(LocalGitRepositoryTestSuite))
+}
+
+func (s *LocalGitRepositoryTestSuite) TearDownSuite() {
+	if s.archive != nil {
+		s.archive.Close()
+	}
+	os.RemoveAll(s.destinationPath)
+}
+
+func (s *LocalGitRepositoryTestSuite) TestInvalidRepositoryPath() {
+	if _, err := NewLocalGitRepository("/invalidpath"); s.Error(err) {
+		s.Equal("repository does not exist", err.Error())
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetBranchName() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		s.Equal("master", localRepo.GetBranchName())
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetName() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		if name, err := localRepo.GetName(); s.NoError(err) {
+			s.Equal("localrepo", name)
+		}
+
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetOriginUrl() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		if url, err := localRepo.GetRemoteUrl(); s.NoError(err) {
+			s.Equal("git@github.com:testuser/localrepo", url)
+		}
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetLastCommit() {
+	if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+		if commit, err := localRepo.GetLastCommit(); s.NoError(err) {
+			s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.SHA)
+			s.Equal("Amir Malka", commit.Author.Name)
+			s.Equal("amirm@armosec.io", commit.Author.Email)
+			s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.Author.Date.String())
+			s.Equal("added file B\n", commit.Message)
+		}
+	}
+}
+
+func (s *LocalGitRepositoryTestSuite) TestGetFileLastCommit() {
+	s.Run("fileA", func() {
+		if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+			if commit, err := localRepo.GetFileLastCommit("fileA"); s.NoError(err) {
+				s.Equal("9fae4be19624297947d2b605cefbff516628612d", commit.SHA)
+				s.Equal("Amir Malka", commit.Author.Name)
+				s.Equal("amirm@armosec.io", commit.Author.Email)
+				s.Equal("2022-05-22 18:55:48 +0300 +0300", commit.Author.Date.String())
+				s.Equal("added file A\n", commit.Message)
+			}
+		}
+	})
+
+	s.Run("fileB", func() {
+		if localRepo, err := NewLocalGitRepository(s.gitRepositoryPath); s.NoError(err) {
+			if commit, err := localRepo.GetFileLastCommit("dirA/fileB"); s.NoError(err) {
+				s.Equal("7e09312b8017695fadcd606882e3779f10a5c832", commit.SHA)
+				s.Equal("Amir Malka", commit.Author.Name)
+				s.Equal("amirm@armosec.io", commit.Author.Email)
+				s.Equal("2022-05-22 19:11:57 +0300 +0300", commit.Author.Date.String())
+				s.Equal("added file B\n", commit.Message)
+			}
+		}
+	})
+}
--- a/core/cautils/logger/helpers/datastructures.go
+++ b/core/cautils/logger/helpers/datastructures.go
@@ -1,5 +1,7 @@
 package helpers

+import "time"
+
 type StringObj struct {
 	key   string
 	value string
@@ -24,3 +26,6 @@ func Error(e error) *ErrorObj                         { return &ErrorObj{key: "e
 func Int(k string, v int) *IntObj                     { return &IntObj{key: k, value: v} }
 func String(k, v string) *StringObj                   { return &StringObj{key: k, value: v} }
 func Interface(k string, v interface{}) *InterfaceObj { return &InterfaceObj{key: k, value: v} }
+func Time() *StringObj {
+	return &StringObj{key: "time", value: time.Now().Format("2006-01-02 15:04:05")}
+}
--- a/core/cautils/logger/helpers/level.go
+++ b/core/cautils/logger/helpers/level.go
--- a/core/cautils/logger/helpers/methods.go
+++ b/core/cautils/logger/helpers/methods.go
--- a/core/cautils/logger/methods.go
+++ b/core/cautils/logger/methods.go
@@ -0,0 +1,81 @@
+package logger
+
+import (
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/nonelogger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/prettylogger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/zaplogger"
+)
+
+type ILogger interface {
+	Fatal(msg string, details ...helpers.IDetails) // print log and exit 1
+	Error(msg string, details ...helpers.IDetails)
+	Success(msg string, details ...helpers.IDetails)
+	Warning(msg string, details ...helpers.IDetails)
+	Info(msg string, details ...helpers.IDetails)
+	Debug(msg string, details ...helpers.IDetails)
+
+	SetLevel(level string) error
+	GetLevel() string
+
+	SetWriter(w *os.File)
+	GetWriter() *os.File
+
+	LoggerName() string
+}
+
+var l ILogger
+
+// Return initialized logger. If logger not initialized, will call InitializeLogger() with the default value
+func L() ILogger {
+	if l == nil {
+		InitDefaultLogger()
+	}
+	return l
+}
+
+/* InitLogger initialize desired logger
+
+Use:
+InitLogger("<logger name>")
+
+Supported logger names (call ListLoggersNames() for listing supported loggers)
+- "zap": Logger from package "go.uber.org/zap"
+- "pretty", "colorful": Human friendly colorful logger
+- "none", "mock", "empty", "ignore": Logger will not print anything
+
+Default:
+- "pretty"
+
+e.g.
+InitLogger("none") -> will initialize the mock logger
+
+*/
+func InitLogger(loggerName string) {
+
+	switch strings.ToLower(loggerName) {
+	case zaplogger.LoggerName:
+		l = zaplogger.NewZapLogger()
+	case prettylogger.LoggerName, "colorful":
+		l = prettylogger.NewPrettyLogger()
+	case nonelogger.LoggerName, "mock", "empty", "ignore":
+		l = nonelogger.NewNoneLogger()
+	default:
+		InitDefaultLogger()
+	}
+}
+
+func InitDefaultLogger() {
+	l = prettylogger.NewPrettyLogger()
+}
+
+func DisableColor(flag bool) {
+	prettylogger.DisableColor(flag)
+}
+
+func ListLoggersNames() []string {
+	return []string{prettylogger.LoggerName, zaplogger.LoggerName, nonelogger.LoggerName}
+}
--- a/core/cautils/logger/nonelogger/logger.go
+++ b/core/cautils/logger/nonelogger/logger.go
@@ -0,0 +1,28 @@
+package nonelogger
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+)
+
+const LoggerName string = "none"
+
+type NoneLogger struct {
+}
+
+func NewNoneLogger() *NoneLogger {
+	return &NoneLogger{}
+}
+
+func (nl *NoneLogger) GetLevel() string                                { return "" }
+func (nl *NoneLogger) LoggerName() string                              { return LoggerName }
+func (nl *NoneLogger) SetWriter(w *os.File)                            {}
+func (nl *NoneLogger) GetWriter() *os.File                             { return nil }
+func (nl *NoneLogger) SetLevel(level string) error                     { return nil }
+func (nl *NoneLogger) Fatal(msg string, details ...helpers.IDetails)   {}
+func (nl *NoneLogger) Error(msg string, details ...helpers.IDetails)   {}
+func (nl *NoneLogger) Warning(msg string, details ...helpers.IDetails) {}
+func (nl *NoneLogger) Success(msg string, details ...helpers.IDetails) {}
+func (nl *NoneLogger) Info(msg string, details ...helpers.IDetails)    {}
+func (nl *NoneLogger) Debug(msg string, details ...helpers.IDetails)   {}
--- a/core/cautils/logger/prettylogger/colors.go
+++ b/core/cautils/logger/prettylogger/colors.go
@@ -3,7 +3,7 @@ package prettylogger
 import (
 	"io"

-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/fatih/color"
 )

@@ -29,3 +29,9 @@ func prefix(l helpers.Level) func(w io.Writer, format string, a ...interface{})
 	}
 	return message
 }
+
+func DisableColor(flag bool) {
+	if flag {
+		color.NoColor = true
+	}
+}
--- a/core/cautils/logger/prettylogger/logger.go
+++ b/core/cautils/logger/prettylogger/logger.go
@@ -5,9 +5,11 @@ import (
 	"os"
 	"sync"

-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 )

+const LoggerName string = "pretty"
+
 type PrettyLogger struct {
 	writer *os.File
 	level  helpers.Level
@@ -15,6 +17,7 @@ type PrettyLogger struct {
 }

 func NewPrettyLogger() *PrettyLogger {
+
 	return &PrettyLogger{
 		writer: os.Stderr, // default to stderr
 		level:  helpers.InfoLevel,
@@ -25,6 +28,7 @@ func NewPrettyLogger() *PrettyLogger {
 func (pl *PrettyLogger) GetLevel() string     { return pl.level.String() }
 func (pl *PrettyLogger) SetWriter(w *os.File) { pl.writer = w }
 func (pl *PrettyLogger) GetWriter() *os.File  { return pl.writer }
+func (pl *PrettyLogger) LoggerName() string   { return LoggerName }

 func (pl *PrettyLogger) SetLevel(level string) error {
 	pl.level = helpers.ToLevel(level)
@@ -69,7 +73,7 @@ func (pl *PrettyLogger) print(level helpers.Level, msg string, details ...helper
 func detailsToString(details []helpers.IDetails) string {
 	s := ""
 	for i := range details {
-		s += fmt.Sprintf("%s: %s", details[i].Key(), details[i].Value())
+		s += fmt.Sprintf("%s: %v", details[i].Key(), details[i].Value())
 		if i < len(details)-1 {
 			s += "; "
 		}
--- a/core/cautils/logger/zaplogger/logger.go
+++ b/core/cautils/logger/zaplogger/logger.go
@@ -3,27 +3,48 @@ package zaplogger
 import (
 	"os"

-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 )

+const LoggerName string = "zap"
+
 type ZapLogger struct {
 	zapL *zap.Logger
+	cfg  zap.Config
 }

 func NewZapLogger() *ZapLogger {
+	ec := zap.NewProductionEncoderConfig()
+	ec.EncodeTime = zapcore.RFC3339TimeEncoder
+	cfg := zap.NewProductionConfig()
+	cfg.DisableCaller = true
+	cfg.DisableStacktrace = true
+	cfg.Encoding = "json"
+	cfg.EncoderConfig = ec
+
+	zapLogger, err := cfg.Build()
+	if err != nil {
+		panic(err)
+	}
 	return &ZapLogger{
-		zapL: zap.L(),
+		zapL: zapLogger,
+		cfg:  cfg,
 	}
 }

-func (zl *ZapLogger) GetLevel() string     { return "" }
+func (zl *ZapLogger) GetLevel() string     { return zl.cfg.Level.Level().String() }
 func (zl *ZapLogger) SetWriter(w *os.File) {}
-func GetWriter() *os.File                  { return nil }
-
+func (zl *ZapLogger) GetWriter() *os.File  { return nil }
+func (zl *ZapLogger) LoggerName() string   { return LoggerName }
 func (zl *ZapLogger) SetLevel(level string) error {
-	return nil
+	l := zapcore.Level(1)
+	err := l.Set(level)
+	if err == nil {
+		zl.cfg.Level.SetLevel(l)
+	}
+	return err
 }
 func (zl *ZapLogger) Fatal(msg string, details ...helpers.IDetails) {
 	zl.zapL.Fatal(msg, detailsToZapFields(details)...)
--- a/core/cautils/rbac.go
+++ b/core/cautils/rbac.go
@@ -8,7 +8,7 @@ import (
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/rbac-utils/rbacscanner"
 	"github.com/armosec/rbac-utils/rbacutils"
-	uuid "github.com/satori/go.uuid"
+	"github.com/google/uuid"
 )

 type RBACObjects struct {
@@ -21,7 +21,7 @@ func NewRBACObjects(scanner *rbacscanner.RbacScannerFromK8sAPI) *RBACObjects {

 func (rbacObjects *RBACObjects) SetResourcesReport() (*reporthandling.PostureReport, error) {
 	return &reporthandling.PostureReport{
-		ReportID:             uuid.NewV4().String(),
+		ReportID:             uuid.NewString(),
 		ReportGenerationTime: time.Now().UTC(),
 		CustomerGUID:         rbacObjects.scanner.CustomerGUID,
 		ClusterName:          rbacObjects.scanner.ClusterName,
--- a/core/cautils/reportv2tov1.go
+++ b/core/cautils/reportv2tov1.go
@@ -5,15 +5,13 @@ import (
 	"github.com/armosec/opa-utils/reporthandling"
 	helpersv1 "github.com/armosec/opa-utils/reporthandling/helpers/v1"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
-	"github.com/armosec/opa-utils/score"
 )

 func ReportV2ToV1(opaSessionObj *OPASessionObj) {
 	if len(opaSessionObj.PostureReport.FrameworkReports) > 0 {
 		return // report already converted
 	}
-
-	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider
+	//	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider

 	frameworks := []reporthandling.FrameworkReport{}

@@ -22,7 +20,6 @@ func ReportV2ToV1(opaSessionObj *OPASessionObj) {
 			fwv1 := reporthandling.FrameworkReport{}
 			fwv1.Name = fwv2.GetName()
 			fwv1.Score = fwv2.GetScore()
-
 			fwv1.ControlReports = append(fwv1.ControlReports, controlReportV2ToV1(opaSessionObj, fwv2.GetName(), fwv2.Controls)...)
 			frameworks = append(frameworks, fwv1)

@@ -30,10 +27,10 @@ func ReportV2ToV1(opaSessionObj *OPASessionObj) {
 	} else {
 		fwv1 := reporthandling.FrameworkReport{}
 		fwv1.Name = ""
-		fwv1.Score = 0

 		fwv1.ControlReports = append(fwv1.ControlReports, controlReportV2ToV1(opaSessionObj, "", opaSessionObj.Report.SummaryDetails.Controls)...)
 		frameworks = append(frameworks, fwv1)
+		fwv1.Score = opaSessionObj.Report.SummaryDetails.Score
 	}

 	// // remove unused data
@@ -49,36 +46,14 @@ func ReportV2ToV1(opaSessionObj *OPASessionObj) {
 		reporthandling.SetUniqueResourcesCounter(&frameworks[f])

 		// set default score
-		reporthandling.SetDefaultScore(&frameworks[f])
+		// reporthandling.SetDefaultScore(&frameworks[f])
 	}

-	// update score
-	scoreutil := score.NewScore(opaSessionObj.AllResources)
-	scoreutil.Calculate(frameworks)
+	// // update score
+	// scoreutil := score.NewScore(opaSessionObj.AllResources)
+	// scoreutil.Calculate(frameworks)

 	opaSessionObj.PostureReport.FrameworkReports = frameworks
-
-	// opaSessionObj.Report.SummaryDetails.Score = 0
-	// for i := range frameworks {
-	// 	for j := range frameworks[i].ControlReports {
-	// 		// frameworks[i].ControlReports[j].Score
-	// 		for w := range opaSessionObj.Report.SummaryDetails.Frameworks {
-	// 			if opaSessionObj.Report.SummaryDetails.Frameworks[w].Name == frameworks[i].Name {
-	// 				opaSessionObj.Report.SummaryDetails.Frameworks[w].Score = frameworks[i].Score
-	// 			}
-	// 			if c, ok := opaSessionObj.Report.SummaryDetails.Frameworks[w].Controls[frameworks[i].ControlReports[j].ControlID]; ok {
-	// 				c.Score = frameworks[i].ControlReports[j].Score
-	// 				opaSessionObj.Report.SummaryDetails.Frameworks[w].Controls[frameworks[i].ControlReports[j].ControlID] = c
-	// 			}
-	// 		}
-	// 		if c, ok := opaSessionObj.Report.SummaryDetails.Controls[frameworks[i].ControlReports[j].ControlID]; ok {
-	// 			c.Score = frameworks[i].ControlReports[j].Score
-	// 			opaSessionObj.Report.SummaryDetails.Controls[frameworks[i].ControlReports[j].ControlID] = c
-	// 		}
-	// 	}
-	// 	opaSessionObj.Report.SummaryDetails.Score += opaSessionObj.PostureReport.FrameworkReports[i].Score
-	// }
-	// opaSessionObj.Report.SummaryDetails.Score /= float32(len(opaSessionObj.Report.SummaryDetails.Frameworks))
 }

 func controlReportV2ToV1(opaSessionObj *OPASessionObj, frameworkName string, controls map[string]reportsummary.ControlSummary) []reporthandling.ControlReport {
@@ -88,9 +63,9 @@ func controlReportV2ToV1(opaSessionObj *OPASessionObj, frameworkName string, con
 		crv1.ControlID = controlID
 		crv1.BaseScore = crv2.ScoreFactor
 		crv1.Name = crv2.GetName()
+		crv1.Score = crv2.GetScore()
 		crv1.Control_ID = controlID
 		// crv1.Attributes = crv2.
-		crv1.Score = crv2.GetScore()

 		// TODO - add fields
 		crv1.Description = crv2.Description
--- a/core/cautils/rootinfo.go
+++ b/core/cautils/rootinfo.go
@@ -0,0 +1,96 @@
+package cautils
+
+type RootInfo struct {
+	Logger       string // logger level
+	LoggerName   string // logger name ("pretty"/"zap"/"none")
+	CacheDir     string // cached dir
+	DisableColor bool   // Disable Color
+
+	ArmoBEURLs    string // armo url
+	ArmoBEURLsDep string // armo url
+
+}
+
+type Credentials struct {
+	Account   string
+	ClientID  string
+	SecretKey string
+}
+
+// func (rootInfo *RootInfo) InitLogger() {
+// 	logger.DisableColor(rootInfo.DisableColor)
+
+// 	if rootInfo.LoggerName == "" {
+// 		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+// 			rootInfo.LoggerName = l
+// 		} else {
+// 			if isatty.IsTerminal(os.Stdout.Fd()) {
+// 				rootInfo.LoggerName = "pretty"
+// 			} else {
+// 				rootInfo.LoggerName = "zap"
+// 			}
+// 		}
+// 	}
+
+// 	logger.InitLogger(rootInfo.LoggerName)
+
+// }
+// func (rootInfo *RootInfo) InitLoggerLevel() error {
+// 	if rootInfo.Logger == helpers.InfoLevel.String() {
+// 	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+// 		rootInfo.Logger = l
+// 	}
+
+// 	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+// 		return fmt.Errorf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/"))
+// 	}
+// 	return nil
+// }
+
+// func (rootInfo *RootInfo) InitCacheDir() error {
+// 	if rootInfo.CacheDir == getter.DefaultLocalStore {
+// 		getter.DefaultLocalStore = rootInfo.CacheDir
+// 	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+// 		getter.DefaultLocalStore = cacheDir
+// 	} else {
+// 		return nil // using default cache dir location
+// 	}
+
+// 	// TODO create dir if not found exist
+// 	// logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+// 	return nil
+// }
+// func (rootInfo *RootInfo) InitEnvironment() error {
+
+// 	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+// 	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+// 		return fmt.Errorf("expected at least 2 URLs (report,api,frontend,auth)")
+// 	}
+// 	switch len(urlSlices) {
+// 	case 1:
+// 		switch urlSlices[0] {
+// 		case "dev", "development":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+// 		case "stage", "staging":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+// 		case "":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+// 		default:
+// 			return fmt.Errorf("unknown environment")
+// 		}
+// 	case 2:
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, "", ""))
+// 	case 3, 4:
+// 		var armoAUTHURL string
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		armoFEURL := urlSlices[2] // mandatory
+// 		if len(urlSlices) <= 4 {
+// 			armoAUTHURL = urlSlices[3]
+// 		}
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+// 	}
+// 	return nil
+// }
--- a/core/cautils/scaninfo.go
+++ b/core/cautils/scaninfo.go
@@ -0,0 +1,437 @@
+package cautils
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/armoapi-go/armotypes"
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	giturl "github.com/armosec/go-git-url"
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/opa-utils/reporthandling"
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/google/uuid"
+)
+
+type ScanningContext string
+
+const (
+	ContextCluster  ScanningContext = "cluster"
+	ContextFile     ScanningContext = "single-file"
+	ContextDir      ScanningContext = "local-dir"
+	ContextGitURL   ScanningContext = "git-url"
+	ContextGitLocal ScanningContext = "git-local"
+)
+
+const ( // deprecated
+	ScopeCluster = "cluster"
+	ScopeYAML    = "yaml"
+)
+const (
+	// ScanCluster                string = "cluster"
+	// ScanLocalFiles             string = "yaml"
+	localControlInputsFilename string = "controls-inputs.json"
+	localExceptionsFilename    string = "exceptions.json"
+)
+
+type BoolPtrFlag struct {
+	valPtr *bool
+}
+
+func NewBoolPtr(b *bool) BoolPtrFlag {
+	return BoolPtrFlag{valPtr: b}
+}
+
+func (bpf *BoolPtrFlag) Type() string {
+	return "bool"
+}
+
+func (bpf *BoolPtrFlag) String() string {
+	if bpf.valPtr != nil {
+		return fmt.Sprintf("%v", *bpf.valPtr)
+	}
+	return ""
+}
+func (bpf *BoolPtrFlag) Get() *bool {
+	return bpf.valPtr
+}
+func (bpf *BoolPtrFlag) GetBool() bool {
+	if bpf.valPtr == nil {
+		return false
+	}
+	return *bpf.valPtr
+}
+
+func (bpf *BoolPtrFlag) SetBool(val bool) {
+	bpf.valPtr = &val
+}
+
+func (bpf *BoolPtrFlag) Set(val string) error {
+	switch val {
+	case "true":
+		bpf.SetBool(true)
+	case "false":
+		bpf.SetBool(false)
+	}
+	return nil
+}
+
+// TODO - UPDATE
+type ViewTypes string
+
+const (
+	ResourceViewType ViewTypes = "resource"
+	ControlViewType  ViewTypes = "control"
+)
+
+type PolicyIdentifier struct {
+	Name        string                        // policy name e.g. nsa,mitre,c-0012
+	Kind        apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule
+	Designators armotypes.PortalDesignator
+}
+
+type ScanInfo struct {
+	Getters                               // TODO - remove from object
+	PolicyIdentifier   []PolicyIdentifier // TODO - remove from object
+	UseExceptions      string             // Load file with exceptions configuration
+	ControlsInputs     string             // Load file with inputs for controls
+	UseFrom            []string           // Load framework from local file (instead of download). Use when running offline
+	UseDefault         bool               // Load framework from cached file (instead of download). Use when running offline
+	UseArtifactsFrom   string             // Load artifacts from local path. Use when running offline
+	VerboseMode        bool               // Display all of the input resources and not only failed resources
+	View               string             // Display all of the input resources and not only failed resources
+	Format             string             // Format results (table, json, junit ...)
+	Output             string             // Store results in an output file, Output file name
+	FormatVersion      string             // Output object can be differnet between versions, this is for testing and backward compatibility
+	ExcludedNamespaces string             // used for host scanner namespace
+	IncludeNamespaces  string             //
+	InputPatterns      []string           // Yaml files input patterns
+	Silent             bool               // Silent mode - Do not print progress logs
+	FailThreshold      float32            // Failure score threshold
+	Submit             bool               // Submit results to Armo BE
+	ScanID             string             // Report id of the current scan
+	HostSensorEnabled  BoolPtrFlag        // Deploy ARMO K8s host scanner to collect data from certain controls
+	HostSensorYamlPath string             // Path to hostsensor file
+	Local              bool               // Do not submit results
+	Credentials        Credentials        // account ID
+	KubeContext        string             // context name
+	FrameworkScan      bool               // false if scanning control
+	ScanAll            bool               // true if scan all frameworks
+}
+
+type Getters struct {
+	ExceptionsGetter     getter.IExceptionsGetter
+	ControlsInputsGetter getter.IControlsInputsGetter
+	PolicyGetter         getter.IPolicyGetter
+}
+
+func (scanInfo *ScanInfo) Init() {
+	scanInfo.setUseFrom()
+	scanInfo.setOutputFile()
+	scanInfo.setUseArtifactsFrom()
+	if scanInfo.ScanID == "" {
+		scanInfo.ScanID = uuid.NewString()
+	}
+
+}
+
+func (scanInfo *ScanInfo) setUseArtifactsFrom() {
+	if scanInfo.UseArtifactsFrom == "" {
+		return
+	}
+	// UseArtifactsFrom must be a path without a filename
+	dir, file := filepath.Split(scanInfo.UseArtifactsFrom)
+	if dir == "" {
+		scanInfo.UseArtifactsFrom = file
+	} else if strings.Contains(file, ".json") {
+		scanInfo.UseArtifactsFrom = dir
+	}
+	// set frameworks files
+	files, err := ioutil.ReadDir(scanInfo.UseArtifactsFrom)
+	if err != nil {
+		logger.L().Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
+	}
+	framework := &reporthandling.Framework{}
+	for _, f := range files {
+		filePath := filepath.Join(scanInfo.UseArtifactsFrom, f.Name())
+		file, err := os.ReadFile(filePath)
+		if err == nil {
+			if err := json.Unmarshal(file, framework); err == nil {
+				scanInfo.UseFrom = append(scanInfo.UseFrom, filepath.Join(scanInfo.UseArtifactsFrom, f.Name()))
+			}
+		}
+	}
+	// set config-inputs file
+	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
+	// set exceptions
+	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
+}
+
+func (scanInfo *ScanInfo) setUseFrom() {
+	if scanInfo.UseDefault {
+		for _, policy := range scanInfo.PolicyIdentifier {
+			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
+		}
+	}
+}
+
+func (scanInfo *ScanInfo) setOutputFile() {
+	if scanInfo.Output == "" {
+		return
+	}
+	if scanInfo.Format == "json" {
+		if filepath.Ext(scanInfo.Output) != ".json" {
+			scanInfo.Output += ".json"
+		}
+	}
+	if scanInfo.Format == "junit" {
+		if filepath.Ext(scanInfo.Output) != ".xml" {
+			scanInfo.Output += ".xml"
+		}
+	}
+	if scanInfo.Format == "pdf" {
+		if filepath.Ext(scanInfo.Output) != ".pdf" {
+			scanInfo.Output += ".pdf"
+		}
+	}
+}
+
+// func (scanInfo *ScanInfo) GetScanningEnvironment() string {
+// 	if len(scanInfo.InputPatterns) != 0 {
+// 		return ScanLocalFiles
+// 	}
+// 	return ScanCluster
+// }
+
+func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind) {
+	for _, policy := range policies {
+		if !scanInfo.contains(policy) {
+			newPolicy := PolicyIdentifier{}
+			newPolicy.Kind = kind
+			newPolicy.Name = policy
+			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+		}
+	}
+}
+
+func (scanInfo *ScanInfo) contains(policyName string) bool {
+	for _, policy := range scanInfo.PolicyIdentifier {
+		if policy.Name == policyName {
+			return true
+		}
+	}
+	return false
+}
+
+func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata {
+	metadata := &reporthandlingv2.Metadata{}
+
+	metadata.ScanMetadata.Format = scanInfo.Format
+	metadata.ScanMetadata.FormatVersion = scanInfo.FormatVersion
+	metadata.ScanMetadata.Submit = scanInfo.Submit
+
+	// TODO - Add excluded and included namespaces
+	// if len(scanInfo.ExcludedNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.ExcludedNamespaces = strings.Split(scanInfo.ExcludedNamespaces[1:], ",")
+	// }
+	// if len(scanInfo.IncludeNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.IncludeNamespaces = strings.Split(scanInfo.IncludeNamespaces[1:], ",")
+	// }
+
+	// scan type
+	if len(scanInfo.PolicyIdentifier) > 0 {
+		metadata.ScanMetadata.TargetType = string(scanInfo.PolicyIdentifier[0].Kind)
+	}
+	// append frameworks
+	for _, policy := range scanInfo.PolicyIdentifier {
+		metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Name)
+	}
+
+	metadata.ScanMetadata.KubescapeVersion = BuildNumber
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.FailThreshold = scanInfo.FailThreshold
+	metadata.ScanMetadata.HostScanner = scanInfo.HostSensorEnabled.GetBool()
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.ControlsInputs = scanInfo.ControlsInputs
+
+	inputFiles := ""
+	if len(scanInfo.InputPatterns) > 0 {
+		inputFiles = scanInfo.InputPatterns[0]
+	}
+
+	metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Cluster
+	if GetScanningContext(inputFiles) != ContextCluster {
+		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File
+	}
+
+	setContextMetadata(&metadata.ContextMetadata, inputFiles)
+
+	return metadata
+}
+
+func (scanInfo *ScanInfo) GetScanningContext() ScanningContext {
+	input := ""
+	if len(scanInfo.InputPatterns) > 0 {
+		input = scanInfo.InputPatterns[0]
+	}
+	return GetScanningContext(input)
+}
+
+// GetScanningContext get scanning context from the input param
+func GetScanningContext(input string) ScanningContext {
+	//  cluster
+	if input == "" {
+		return ContextCluster
+	}
+
+	// url
+	if _, err := giturl.NewGitURL(input); err == nil {
+		return ContextGitURL
+	}
+
+	if !filepath.IsAbs(input) { // parse path
+		if o, err := os.Getwd(); err == nil {
+			input = filepath.Join(o, input)
+		}
+	}
+
+	// local git repo
+	if _, err := NewLocalGitRepository(input); err == nil {
+		return ContextGitLocal
+	}
+
+	//  single file
+	if IsFile(input) {
+		return ContextFile
+	}
+
+	//  dir/glob
+	return ContextDir
+}
+func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) {
+	switch GetScanningContext(input) {
+	case ContextCluster:
+		contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{
+			ContextName: k8sinterface.GetContextName(),
+		}
+	case ContextGitURL:
+		// url
+		context, err := metadataGitURL(input)
+		if err != nil {
+			logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
+		}
+		contextMetadata.RepoContextMetadata = context
+	case ContextDir:
+		contextMetadata.DirectoryContextMetadata = &reporthandlingv2.DirectoryContextMetadata{
+			BasePath: getAbsPath(input),
+			HostName: getHostname(),
+		}
+	case ContextFile:
+		contextMetadata.FileContextMetadata = &reporthandlingv2.FileContextMetadata{
+			FilePath: getAbsPath(input),
+			HostName: getHostname(),
+		}
+	case ContextGitLocal:
+		// local
+		context, err := metadataGitLocal(input)
+		if err != nil {
+			logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
+		}
+		contextMetadata.RepoContextMetadata = context
+	}
+}
+
+func metadataGitURL(input string) (*reporthandlingv2.RepoContextMetadata, error) {
+	context := &reporthandlingv2.RepoContextMetadata{}
+	gitParser, err := giturl.NewGitAPI(input)
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+	if gitParser.GetBranchName() == "" {
+		gitParser.SetDefaultBranchName()
+	}
+	context.Provider = gitParser.GetProvider()
+	context.Repo = gitParser.GetRepoName()
+	context.Owner = gitParser.GetOwnerName()
+	context.Branch = gitParser.GetBranchName()
+	context.RemoteURL = gitParser.GetURL().String()
+
+	commit, err := gitParser.GetLatestCommit()
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+
+	context.LastCommit = reporthandling.LastCommit{
+		Hash:          commit.SHA,
+		Date:          commit.Committer.Date,
+		CommitterName: commit.Committer.Name,
+	}
+
+	return context, nil
+}
+
+func metadataGitLocal(input string) (*reporthandlingv2.RepoContextMetadata, error) {
+	gitParser, err := NewLocalGitRepository(input)
+	if err != nil {
+		return nil, fmt.Errorf("%w", err)
+	}
+	remoteURL, err := gitParser.GetRemoteUrl()
+	if err != nil {
+		return nil, fmt.Errorf("%w", err)
+	}
+	context := &reporthandlingv2.RepoContextMetadata{}
+	gitParserURL, err := giturl.NewGitURL(remoteURL)
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+	gitParserURL.SetBranchName(gitParser.GetBranchName())
+
+	context.Provider = gitParserURL.GetProvider()
+	context.Repo = gitParserURL.GetRepoName()
+	context.Owner = gitParserURL.GetOwnerName()
+	context.Branch = gitParserURL.GetBranchName()
+	context.RemoteURL = gitParserURL.GetURL().String()
+
+	commit, err := gitParser.GetLastCommit()
+	if err != nil {
+		return context, fmt.Errorf("%w", err)
+	}
+	context.LastCommit = reporthandling.LastCommit{
+		Hash:          commit.SHA,
+		Date:          commit.Committer.Date,
+		CommitterName: commit.Committer.Name,
+	}
+
+	return context, nil
+}
+func getHostname() string {
+	if h, e := os.Hostname(); e == nil {
+		return h
+	}
+	return ""
+}
+
+func getAbsPath(p string) string {
+	if !filepath.IsAbs(p) { // parse path
+		if o, err := os.Getwd(); err == nil {
+			return filepath.Join(o, p)
+		}
+	}
+	return p
+}
+
+// ScanningContextToScanningScope convert the context to the deprecated scope
+func ScanningContextToScanningScope(scanningContext ScanningContext) string {
+	if scanningContext == ContextCluster {
+		return ScopeCluster
+	}
+	return ScopeYAML
+}
--- a/core/cautils/scaninfo_test.go
+++ b/core/cautils/scaninfo_test.go
@@ -0,0 +1,47 @@
+package cautils
+
+import (
+	"testing"
+
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSetContextMetadata(t *testing.T) {
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "")
+
+		assert.NotNil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "https://github.com/armosec/kubescape")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.NotNil(t, ctx.RepoContextMetadata)
+
+		assert.Equal(t, "kubescape", ctx.RepoContextMetadata.Repo)
+		assert.Equal(t, "armosec", ctx.RepoContextMetadata.Owner)
+		assert.Equal(t, "master", ctx.RepoContextMetadata.Branch)
+	}
+}
+
+func TestGetHostname(t *testing.T) {
+	assert.NotEqual(t, "", getHostname())
+}
+
+func TestGetScanningContext(t *testing.T) {
+	assert.Equal(t, ContextCluster, GetScanningContext(""))
+	// assert.Equal(t, ContextDir, GetScanningContext("/"))
+	assert.Equal(t, ContextGitURL, GetScanningContext("https://github.com/armosec/kubescape"))
+	// assert.Equal(t, ContextFile, GetScanningContext(path.Join(".", "testdata", "localrepo.git")))
+	// assert.Equal(t, ContextGitLocal, GetScanningContext(path.Join(".", "testdata")))
+}
--- a/core/cautils/strutils.go
+++ b/core/cautils/strutils.go
--- a/core/cautils/strutils_test.go
+++ b/core/cautils/strutils_test.go
--- a/core/cautils/testdata/helm_expected_default_values.json
+++ b/core/cautils/testdata/helm_expected_default_values.json
@@ -0,0 +1,40 @@
+{
+    "affinity": {},
+    "configMap": {
+      "create": false,
+      "params": {
+        "clusterName": "<MyK8sClusterName>",
+        "customerGUID": "<MyGUID>"
+      }
+    },
+    "fullnameOverride": "",
+    "image": {
+      "imageName": "kubescape",
+      "pullPolicy": "Always",
+      "repository": "quay.io/armosec",
+      "tag": "latest"
+    },
+    "imagePullSecrets": [],
+    "nameOverride": "",
+    "nodeSelector": {},
+    "podAnnotations": {},
+    "podSecurityContext": {},
+    "resources": {
+      "limits": {
+        "cpu": "500m",
+        "memory": "512Mi"
+      },
+      "requests": {
+        "cpu": "200m",
+        "memory": "256Mi"
+      }
+    },
+    "schedule": "* * 1 * *",
+    "securityContext": {},
+    "serviceAccount": {
+      "annotations": {},
+      "create": true,
+      "name": "kubescape-discovery"
+    },
+    "tolerations": []
+}
--- a/core/cautils/testdata/localrepo.git
+++ b/core/cautils/testdata/localrepo.git
--- a/core/cautils/versioncheck.go
+++ b/core/cautils/versioncheck.go
@@ -6,15 +6,18 @@ import (
 	"net/http"
 	"os"

-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	pkgutils "github.com/armosec/utils-go/utils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/utils-go/boolutils"
+	"golang.org/x/mod/semver"
 )

-const SKIP_VERSION_CHECK = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"

 var BuildNumber string
+var Client string

 const UnknownBuildNumber = "unknown"

@@ -26,7 +29,9 @@ func NewIVersionCheckHandler() IVersionCheckHandler {
 	if BuildNumber == "" {
 		logger.L().Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
 	}
-	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && pkgutils.StringToBool(v) {
+	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && boolutils.StringToBool(v) {
+		return NewVersionCheckHandlerMock()
+	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
 	}
 	return NewVersionCheckHandler()
@@ -44,10 +49,12 @@ type VersionCheckHandler struct {
 }
 type VersionCheckRequest struct {
 	Client           string `json:"client"`           // kubescape
+	ClientBuild      string `json:"clientBuild"`      // client build environment
 	ClientVersion    string `json:"clientVersion"`    // kubescape version
 	Framework        string `json:"framework"`        // framework name
 	FrameworkVersion string `json:"frameworkVersion"` // framework version
-	ScanningTarget   string `json:"target"`           // scanning target- cluster/yaml
+	ScanningTarget   string `json:"target"`           // Deprecated
+	ScanningContext  string `json:"context"`          // scanning context- cluster/file/gitURL/localGit/dir
 }

 type VersionCheckResponse struct {
@@ -70,8 +77,12 @@ func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanni
 	if scanningTarget == "" {
 		scanningTarget = "unknown"
 	}
+	if Client == "" {
+		Client = "local-build"
+	}
 	return &VersionCheckRequest{
 		Client:           "kubescape",
+		ClientBuild:      Client,
 		ClientVersion:    buildNumber,
 		Framework:        frameworkName,
 		FrameworkVersion: frameworkVersion,
@@ -97,8 +108,8 @@ func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckReques
 	}

 	if latestVersion.ClientUpdate != "" {
-		if BuildNumber != "" && BuildNumber < latestVersion.ClientUpdate {
-			logger.L().Warning(warningMessage(latestVersion.Client, latestVersion.ClientUpdate))
+		if BuildNumber != "" && semver.Compare(BuildNumber, latestVersion.ClientUpdate) == -1 {
+			logger.L().Warning(warningMessage(latestVersion.ClientUpdate))
 		}
 	}

@@ -133,6 +144,6 @@ func (v *VersionCheckHandler) getLatestVersion(versionData *VersionCheckRequest)
 	return vResp, nil
 }

-func warningMessage(kind, release string) string {
-	return fmt.Sprintf("'%s' is not updated to the latest release: '%s'", kind, release)
+func warningMessage(release string) string {
+	return fmt.Sprintf("current version '%s' is not updated to the latest release: '%s'", BuildNumber, release)
 }
--- a/Show More
+++ b/Show More