adding ks interface

split pkg
pass info in call
2026-04-15 06:58:11 +00:00 · 2022-03-13 10:59:38 +02:00 · 2022-03-13 09:59:57 +02:00 · 2022-03-10 17:13:51 +02:00 · 2022-03-10 17:02:09 +02:00 · 2022-03-10 11:19:05 +02:00
186 changed files with 3547 additions and 3355 deletions
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -2,8 +2,9 @@

 The following table lists Kubescape project maintainers 

-| Name | GitHub | Email | Organization | Repositories/Area of Expertise | Added/Renewed On |
+| Name | GitHub | Email | Organization | Role | Added/Renewed On |
 | --- | --- | --- | --- | --- | --- |
-| Ben Hirschberg | @slashben | ben@armosec.io | ARMO | Kubescape CLI | 2021-09-01 |
-| Rotem Refael | @rotemamsa | rrefael@armosec.io | ARMO | Kubescape CLI | 2021-10-11 |
-| David Wertenteil | @dwertent | dwertent@armosec.io | ARMO | Kubescape CLI | 2021-09-01 |
+| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | ben@armosec.io | [ARMO](https://www.armosec.io/) | VP R&D | 2021-09-01 |
+| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | rrefael@armosec.io | [ARMO](https://www.armosec.io/) | Team Leader | 2021-10-11 |
+| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | dwertent@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape CLI Developer | 2021-09-01 |
+| [Bezalel Brandwine](https://www.linkedin.com/in/bezalel-brandwine) | [@Bezbran](https://github.com/Bezbran) | bbrandwine@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape SaaS Developer | 2021-09-01 |
--- a/README.md
+++ b/README.md
@@ -48,9 +48,9 @@ We invite you to our team! We are excited about this project and want to return

 Want to contribute? Want to discuss something? Have an issue?

+* Feel free to pick a task from the [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) 
 * Open a issue, we are trying to respond within 48 hours
-* [Join us](https://armosec.github.io/kubescape/) in a discussion on our discord server! 
-
+* [Join us](https://armosec.github.io/kubescape/) in a discussion on our discord server!

 [<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://armosec.github.io/kubescape/)
 ![discord](https://img.shields.io/discord/893048809884643379)
@@ -58,6 +58,8 @@ Want to contribute? Want to discuss something? Have an issue?

 # Options and examples

+[Kubescape docs](https://hub.armo.cloud/docs)
+
 ## Playground
 * [Kubescape playground](https://www.katacoda.com/pathaksaiyam/scenarios/kubescape)

@@ -65,9 +67,11 @@ Want to contribute? Want to discuss something? Have an issue?

 * [Overview](https://youtu.be/wdBkt_0Qhbg)
 * [How To Secure Kubernetes Clusters With Kubescape And Armo](https://youtu.be/ZATGiDIDBQk)
-* [Scanning Kubernetes YAML files](https://youtu.be/Ox6DaR7_4ZI)
+* [Scan Kubernetes YAML files](https://youtu.be/Ox6DaR7_4ZI)
 * [Scan Kubescape on an air-gapped environment (offline support)](https://youtu.be/IGXL9s37smM)
 * [Managing exceptions in the Kubescape SaaS version](https://youtu.be/OzpvxGmCR80)
+* [Configure and run customized frameworks](https://youtu.be/12Sanq_rEhs)
+* Customize controls configurations. [Kubescape CLI](https://youtu.be/955psg6TVu4), [Kubescape SaaS](https://youtu.be/lIMVSVhH33o)

 ## Install on Windows

@@ -92,29 +96,6 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser
    brew install kubescape
    ```

-## Flags
-
-| flag                        | default                   | description                                                                                                                                                                                                                                                                                                          | options                          |
-|-----------------------------|---------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------------|
-| `-e`/`--exclude-namespaces` | Scan all namespaces       | Namespaces to exclude from scanning. Recommended to exclude `kube-system` and `kube-public` namespaces                                                                                                                                                                                                               |                                              |
-| `--include-namespaces`      | Scan all namespaces       | Scan specific namespaces                                                                                                                            |                                              |
-| `-s`/`--silent`             | Display progress messages | Silent progress messages                                                                                                                                                                                                                                                                                             |                                              |
-| `-t`/`--fail-threshold`     | `100` (do not fail)         | fail command (return exit code 1) if result is above threshold                                                                                                                                                                                                                                                       | `0` -> `100`                                 |
-| `-f`/`--format`             | `pretty-printer`          | Output format                                                                                                                                                                                                                                                                                                        | `pretty-printer`/`json`/`junit`/`prometheus`/`pdf` |
-| `-o`/`--output`             | print to stdout           | Save scan result in file                                                                                                                                                                                                                                                                                             |                                              |
-| `--use-from`                |                           | Load local framework object from specified path. If not used will download latest                                                                                                                                                                                                                                    ||
-| `--use-artifacts-from`                |                           | Load artifacts (frameworks, control-config, exceptions) from local directory. If not used will download them                                                                                                                                                                                                                                    |                                              |
-| `--use-default`             | `false`                   | Load local framework object from default path. If not used will download latest                                                                                                                                                                                                                                      | `true`/`false`                               |
-| `--exceptions`              |                           | Path to an exceptions obj, [examples](examples/exceptions/README.md). Default will download exceptions from Kubescape SaaS                                                                                                                                                                                               ||
-| `--controls-config`              |                           | Path to a controls-config obj. If not set will download controls-config from ARMO management portal                                                                                                                                                                                               |                                            |
-| `--submit`                  | `false`                   | If set, Kubescape will send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not sent | `true`/`false`                               |
-| `--keep-local`              | `false`                   | Kubescape will not send scan results to Armo management portal. Use this flag if you ran with the `--submit` flag in the past and you do not want to submit your current scan results                                                                                                                                | `true`/`false`                               |
-| `--account`                 |                           | Armo portal account ID. Default will load account ID from configMap or config file                                                                                                                                                                                                                                   |                                              |
-| `--kube-context`                 |        current-context               |  Cluster context to scan                                                                                                                                                                                                                              |                                              |
-| `--verbose`                 | `false`                   | Display all of the input resources and not only failed resources                                                                                                                                                                                                                                                     | `true`/`false`                               |
-| `--logger`                 | `info`                   | Set the logger level                                                                                                                                                                                                                                                 | `debug`/`info`/`success`/`warning`/`error`/`fatal`                               |
-
-
 ## Usage & Examples

 ### Examples
@@ -122,9 +103,11 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser

 #### Scan a running Kubernetes cluster and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan --submit
+kubescape scan --submit --enable-host-scan
 ```

+> Read [here](https://hub.armo.cloud/docs/host-sensor) more about the `enable-host-scan` flag
+
 #### Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
 kubescape scan framework nsa --submit
@@ -168,8 +151,11 @@ kubescape scan --verbose
 ```

 #### Output in `json` format
+
+> Add the `--format-version v2` flag 
+
 ```
-kubescape scan --format json --output results.json
+kubescape scan --format json --format-version v2 --output results.json
 ```

 #### Output in `junit xml` format
@@ -252,106 +238,29 @@ Official Docker image `quay.io/armosec/kubescape`
 docker run -v "$(pwd)/example.yaml:/app/example.yaml  quay.io/armosec/kubescape scan /app/example.yaml
 ```

+If you wish, you can [build the docker image on your own](build/README.md)
+
 # Submit data manually

 Use the `submit` command if you wish to submit data manually

 ## Submit scan results manually

-First, scan your cluster using the `json` format flag: `kubescape scan framework <name> --format json --output path/to/results.json`.
+> Support forward compatibility by using the `--format-version v2` flag

-Now you can submit the results to the Kubaescape SaaS version -
+First, scan your cluster using the `json` format flag: `kubescape scan framework <name> --format json --format-version v2 --output path/to/results.json`.
+
+Now you can submit the results to the Kubescape SaaS version -
 ```
 kubescape submit results path/to/results.json
 ```
-# How to build
-
-## Build using python (3.7^) script
-
-Kubescape can be built using:
-
-``` sh
-python build.py
-```
-
-Note: In order to built using the above script, one must set the environment
-variables in this script:
-
-+ RELEASE
-+ ArmoBEServer
-+ ArmoERServer
-+ ArmoWebsite
-+ ArmoAuthServer
-
-
-## Build using go
-
-Note: development (and the release process) is done with Go `1.17`
-
-1. Clone Project
-```
-git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
-```
-
-2. Build
-```
-go build -o kubescape .
-```
-
-3. Run
-```
-./kubescape scan --submit --enable-host-scan
-```
-
-4. Enjoy :zany_face:
-
-## Docker Build
-
-### Build your own Docker image
-
-1. Clone Project
-```
-git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
-```
-
-2. Build
-```
-docker build -t kubescape -f build/Dockerfile .
-```
-

 # Under the hood

-## Tests
-Kubescape is running the following tests according to what is defined by [Kubernetes Hardening Guidance by NSA and CISA](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
-* Non-root containers
-* Immutable container filesystem
-* Privileged containers
-* hostPID, hostIPC privileges
-* hostNetwork access
-* allowedHostPaths field
-* Protecting pod service account tokens
-* Resource policies
-* Control plane hardening
-* Exposed dashboard
-* Allow privilege escalation
-* Applications credentials in configuration files
-* Cluster-admin binding
-* Exec into container
-* Dangerous capabilities
-* Insecure capabilities
-* Linux hardening
-* Ingress and Egress blocked
-* Container hostPort
-* Network policies
-* Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)
-
-
-
 ## Technology
 Kubescape based on OPA engine: https://github.com/open-policy-agent/opa and ARMO's posture controls.

-The tools retrieves Kubernetes objects from the API server and runs a set of [regos snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/).
+The tools retrieves Kubernetes objects from the API server and runs a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/).

 The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.

--- a/build/README.md
+++ b/build/README.md
@@ -0,0 +1,13 @@
+## Docker Build
+
+### Build your own Docker image
+
+1. Clone Project
+```
+git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
+```
+
+2. Build
+```
+docker build -t kubescape -f build/Dockerfile .
+```
--- a/cautils/customerloader.go
+++ b/cautils/customerloader.go
@@ -84,7 +84,8 @@ type LocalConfig struct {
 	configObj  *ConfigObj
 }

-func NewLocalConfig(backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig {
+func NewLocalConfig(
+	backendAPI getter.IBackend, customerGUID, clusterName string) *LocalConfig {
 	var configObj *ConfigObj

 	lc := &LocalConfig{
@@ -323,27 +324,6 @@ func GetValueFromConfigJson(key string) (string, error) {

 }

-func SetKeyValueInConfigJson(key string, value string) error {
-	data, err := os.ReadFile(ConfigFileFullPath())
-	if err != nil {
-		return err
-	}
-	var obj map[string]interface{}
-	err = json.Unmarshal(data, &obj)
-
-	if err != nil {
-		return err
-	}
-	obj[key] = value
-	newData, err := json.Marshal(obj)
-	if err != nil {
-		return err
-	}
-
-	return os.WriteFile(ConfigFileFullPath(), newData, 0664)
-
-}
-
 func (c *ClusterConfig) SetKeyValueInConfigmap(key string, value string) error {

 	configMap, err := c.k8s.KubernetesClient.CoreV1().ConfigMaps(c.configMapNamespace).Get(context.Background(), c.configMapName, metav1.GetOptions{})
--- a/cautils/datastructures.go
+++ b/cautils/datastructures.go
@@ -13,11 +13,11 @@ type K8SResources map[string][]string

 type OPASessionObj struct {
 	K8SResources    *K8SResources                          // input k8s objects
-	Frameworks      []reporthandling.Framework             // list of frameworks to scan
+	Policies        []reporthandling.Framework             // list of frameworks to scan
 	AllResources    map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
 	ResourcesResult map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
-	PostureReport   *reporthandling.PostureReport          // scan results v1
-	Report          *reporthandlingv2.PostureReport        // scan results v2
+	PostureReport   *reporthandling.PostureReport          // scan results v1 - Remove
+	Report          *reporthandlingv2.PostureReport        // scan results v2 - Remove
 	Exceptions      []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
 	RegoInputData   RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
 }
@@ -25,7 +25,7 @@ type OPASessionObj struct {
 func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources) *OPASessionObj {
 	return &OPASessionObj{
 		Report:          &reporthandlingv2.PostureReport{},
-		Frameworks:      frameworks,
+		Policies:        frameworks,
 		K8SResources:    k8sResources,
 		AllResources:    make(map[string]workloadinterface.IMetadata),
 		ResourcesResult: make(map[string]resourcesresults.Result),
@@ -38,7 +38,7 @@ func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SRe

 func NewOPASessionObjMock() *OPASessionObj {
 	return &OPASessionObj{
-		Frameworks:      nil,
+		Policies:        nil,
 		K8SResources:    nil,
 		AllResources:    make(map[string]workloadinterface.IMetadata),
 		ResourcesResult: make(map[string]resourcesresults.Result),
--- a/cautils/datastructuresmethods.go
+++ b/cautils/datastructuresmethods.go
@@ -2,6 +2,7 @@ package cautils

 import (
 	pkgcautils "github.com/armosec/utils-go/utils"
+	"golang.org/x/mod/semver"

 	"github.com/armosec/opa-utils/reporthandling"
 )
@@ -50,14 +51,15 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 func isRuleKubescapeVersionCompatible(attributes map[string]interface{}, version string) bool {
 	if from, ok := attributes["useFromKubescapeVersion"]; ok && from != nil {
 		if version != "" {
-			if from.(string) > BuildNumber {
+
+			if semver.Compare(from.(string), BuildNumber) > 0 {
 				return false
 			}
 		}
 	}
 	if until, ok := attributes["useUntilKubescapeVersion"]; ok && until != nil {
 		if version != "" {
-			if until.(string) <= BuildNumber {
+			if semver.Compare(BuildNumber, until.(string)) >= 0 {
 				return false
 			}
 		} else {
--- a/cautils/display.go
+++ b/cautils/display.go
@@ -9,16 +9,6 @@ import (
 	"github.com/mattn/go-isatty"
 )

-var silent = false
-
-func SetSilentMode(s bool) {
-	silent = s
-}
-
-func IsSilent() bool {
-	return silent
-}
-
 var FailureDisplay = color.New(color.Bold, color.FgHiRed).FprintfFunc()
 var WarningDisplay = color.New(color.Bold, color.FgHiYellow).FprintfFunc()
 var FailureTextDisplay = color.New(color.Faint, color.FgHiRed).FprintfFunc()
@@ -31,7 +21,7 @@ var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()
 var Spinner *spinner.Spinner

 func StartSpinner() {
-	if !IsSilent() && isatty.IsTerminal(os.Stdout.Fd()) {
+	if isatty.IsTerminal(os.Stdout.Fd()) {
 		Spinner = spinner.New(spinner.CharSets[7], 100*time.Millisecond) // Build our new spinner
 		Spinner.Start()
 	}
--- a/resourcehandler/filesloader.go
+++ b/resourcehandler/filesloader.go
@@ -1,4 +1,4 @@
-package resourcehandler
+package cautils

 import (
 	"bytes"
@@ -8,16 +8,9 @@ import (
 	"path/filepath"
 	"strings"

-	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/k8s-interface/workloadinterface"
-	"k8s.io/apimachinery/pkg/version"
-
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/logger"
 	"github.com/armosec/opa-utils/objectsenvelopes"
-	"github.com/armosec/opa-utils/reporthandling"
-
 	"gopkg.in/yaml.v2"
 )

@@ -33,79 +26,7 @@ const (
 	JSON_FILE_FORMAT FileFormat = "json"
 )

-// FileResourceHandler handle resources from files and URLs
-type FileResourceHandler struct {
-	inputPatterns    []string
-	registryAdaptors *RegistryAdaptors
-}
-
-func NewFileResourceHandler(inputPatterns []string, registryAdaptors *RegistryAdaptors) *FileResourceHandler {
-	k8sinterface.InitializeMapResourcesMock() // initialize the resource map
-	return &FileResourceHandler{
-		inputPatterns:    inputPatterns,
-		registryAdaptors: registryAdaptors,
-	}
-}
-
-func (fileHandler *FileResourceHandler) GetResources(frameworks []reporthandling.Framework, designator *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, error) {
-
-	// build resources map
-	// map resources based on framework required resources: map["/group/version/kind"][]<k8s workloads ids>
-	k8sResources := setResourceMap(frameworks)
-	allResources := map[string]workloadinterface.IMetadata{}
-
-	workloads := []workloadinterface.IMetadata{}
-
-	// load resource from local file system
-	w, err := loadResourcesFromFiles(fileHandler.inputPatterns)
-	if err != nil {
-		return nil, allResources, err
-	}
-	if w != nil {
-		workloads = append(workloads, w...)
-	}
-
-	// load resources from url
-	w, err = loadResourcesFromUrl(fileHandler.inputPatterns)
-	if err != nil {
-		return nil, allResources, err
-	}
-	if w != nil {
-		workloads = append(workloads, w...)
-	}
-
-	if len(workloads) == 0 {
-		return nil, allResources, fmt.Errorf("empty list of workloads - no workloads found")
-	}
-
-	// map all resources: map["/group/version/kind"][]<k8s workloads>
-	mappedResources := mapResources(workloads)
-
-	// save only relevant resources
-	for i := range mappedResources {
-		if _, ok := (*k8sResources)[i]; ok {
-			ids := []string{}
-			for j := range mappedResources[i] {
-				ids = append(ids, mappedResources[i][j].GetID())
-				allResources[mappedResources[i][j].GetID()] = mappedResources[i][j]
-			}
-			(*k8sResources)[i] = ids
-		}
-	}
-
-	if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources); err != nil {
-		cautils.WarningDisplay(os.Stderr, "Warning: failed to collect images vulnerabilities: %s\n", err.Error())
-	}
-
-	return k8sResources, allResources, nil
-
-}
-
-func (fileHandler *FileResourceHandler) GetClusterAPIServerInfo() *version.Info {
-	return nil
-}
-
-func loadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetadata, error) {
+func LoadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetadata, error) {
 	files, errs := listFiles(inputPatterns)
 	if len(errs) > 0 {
 		logger.L().Error(fmt.Sprintf("%v", errs))
@@ -121,35 +42,6 @@ func loadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetada
 	return workloads, nil
 }

-// build resources map
-func mapResources(workloads []workloadinterface.IMetadata) map[string][]workloadinterface.IMetadata {
-
-	allResources := map[string][]workloadinterface.IMetadata{}
-	for i := range workloads {
-		groupVersionResource, err := k8sinterface.GetGroupVersionResource(workloads[i].GetKind())
-		if err != nil {
-			// TODO - print warning
-			continue
-		}
-
-		if k8sinterface.IsTypeWorkload(workloads[i].GetObject()) {
-			w := workloadinterface.NewWorkloadObj(workloads[i].GetObject())
-			if groupVersionResource.Group != w.GetGroup() || groupVersionResource.Version != w.GetVersion() {
-				// TODO - print warning
-				continue
-			}
-		}
-		resourceTriplets := k8sinterface.JoinResourceTriplets(groupVersionResource.Group, groupVersionResource.Version, groupVersionResource.Resource)
-		if r, ok := allResources[resourceTriplets]; ok {
-			allResources[resourceTriplets] = append(r, workloads[i])
-		} else {
-			allResources[resourceTriplets] = []workloadinterface.IMetadata{workloads[i]}
-		}
-	}
-	return allResources
-
-}
-
 func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
 	workloads := []workloadinterface.IMetadata{}
 	errs := []error{}
@@ -159,7 +51,7 @@ func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
 			errs = append(errs, err)
 			continue
 		}
-		w, e := readFile(f, getFileFormat(filePaths[i]))
+		w, e := ReadFile(f, GetFileFormat(filePaths[i]))
 		errs = append(errs, e...)
 		if w != nil {
 			workloads = append(workloads, w...)
@@ -171,7 +63,7 @@ func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
 func loadFile(filePath string) ([]byte, error) {
 	return os.ReadFile(filePath)
 }
-func readFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IMetadata, []error) {
+func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IMetadata, []error) {

 	switch fileFromat {
 	case YAML_FILE_FORMAT:
@@ -195,7 +87,7 @@ func listFiles(patterns []string) ([]string, []error) {
 			o, _ := os.Getwd()
 			patterns[i] = filepath.Join(o, patterns[i])
 		}
-		if isFile(patterns[i]) {
+		if IsFile(patterns[i]) {
 			files = append(files, patterns[i])
 		} else {
 			f, err := glob(filepath.Split(patterns[i])) //filepath.Glob(patterns[i])
@@ -280,12 +172,12 @@ func convertYamlToJson(i interface{}) interface{} {
 	return i
 }

-func isYaml(filePath string) bool {
-	return cautils.StringInSlice(YAML_PREFIX, filepath.Ext(filePath)) != cautils.ValueNotFound
+func IsYaml(filePath string) bool {
+	return StringInSlice(YAML_PREFIX, filepath.Ext(filePath)) != ValueNotFound
 }

-func isJson(filePath string) bool {
-	return cautils.StringInSlice(JSON_PREFIX, filepath.Ext(filePath)) != cautils.ValueNotFound
+func IsJson(filePath string) bool {
+	return StringInSlice(JSON_PREFIX, filepath.Ext(filePath)) != ValueNotFound
 }

 func glob(root, pattern string) ([]string, error) {
@@ -310,7 +202,7 @@ func glob(root, pattern string) ([]string, error) {
 	}
 	return matches, nil
 }
-func isFile(name string) bool {
+func IsFile(name string) bool {
 	if fi, err := os.Stat(name); err == nil {
 		if fi.Mode().IsRegular() {
 			return true
@@ -319,10 +211,10 @@ func isFile(name string) bool {
 	return false
 }

-func getFileFormat(filePath string) FileFormat {
-	if isYaml(filePath) {
+func GetFileFormat(filePath string) FileFormat {
+	if IsYaml(filePath) {
 		return YAML_FILE_FORMAT
-	} else if isJson(filePath) {
+	} else if IsJson(filePath) {
 		return JSON_FILE_FORMAT
 	} else {
 		return FileFormat(filePath)
--- a/resourcehandler/filesloader_test.go
+++ b/resourcehandler/filesloader_test.go
@@ -1,4 +1,4 @@
-package resourcehandler
+package cautils

 import (
 	"os"
--- a/cautils/getter/armoapi.go
+++ b/cautils/getter/armoapi.go
@@ -21,7 +21,7 @@ import (

 var (
 	// ATTENTION!!!
-	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFULL
+	// Changes in this URLs variable names, or in the usage is affecting the build process! BE CAREFUL
 	armoERURL   = "report.armo.cloud"
 	armoBEURL   = "api.armo.cloud"
 	armoFEURL   = "portal.armo.cloud"
@@ -62,7 +62,8 @@ func SetARMOAPIConnector(armoAPI *ArmoAPI) {

 func GetArmoAPIConnector() *ArmoAPI {
 	if globalArmoAPIConnector == nil {
-		logger.L().Error("returning nil API connector")
+		// logger.L().Error("returning nil API connector")
+		SetARMOAPIConnector(NewARMOAPIProd())
 	}
 	return globalArmoAPIConnector
 }
@@ -126,6 +127,13 @@ func (armoAPI *ArmoAPI) Post(fullURL string, headers map[string]string, body []b
 	return HttpPost(armoAPI.httpClient, fullURL, headers, body)
 }

+func (armoAPI *ArmoAPI) Delete(fullURL string, headers map[string]string) (string, error) {
+	if headers == nil {
+		headers = make(map[string]string)
+	}
+	armoAPI.appendAuthHeaders(headers)
+	return HttpDelete(armoAPI.httpClient, fullURL, headers)
+}
 func (armoAPI *ArmoAPI) Get(fullURL string, headers map[string]string) (string, error) {
 	if headers == nil {
 		headers = make(map[string]string)
@@ -293,7 +301,7 @@ func (armoAPI *ArmoAPI) PostExceptions(exceptions []armotypes.PostureExceptionPo
 		if err != nil {
 			return err
 		}
-		_, err = armoAPI.Post(armoAPI.postExceptionsURL(), map[string]string{"Content-Type": "application/json"}, ex)
+		_, err = armoAPI.Post(armoAPI.exceptionsURL(""), map[string]string{"Content-Type": "application/json"}, ex)
 		if err != nil {
 			return err
 		}
@@ -301,6 +309,14 @@ func (armoAPI *ArmoAPI) PostExceptions(exceptions []armotypes.PostureExceptionPo
 	return nil
 }

+func (armoAPI *ArmoAPI) DeleteException(exceptionName string) error {
+
+	_, err := armoAPI.Delete(armoAPI.exceptionsURL(exceptionName), nil)
+	if err != nil {
+		return err
+	}
+	return nil
+}
 func (armoAPI *ArmoAPI) Login() error {
 	if armoAPI.accountID == "" {
 		return fmt.Errorf("failed to login, missing accountID")
--- a/cautils/getter/armoapiutils.go
+++ b/cautils/getter/armoapiutils.go
@@ -56,7 +56,7 @@ func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 	return u.String()
 }

-func (armoAPI *ArmoAPI) postExceptionsURL() string {
+func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	u := url.URL{}
 	u.Scheme = "https"
 	u.Host = armoAPI.apiURL
@@ -64,6 +64,10 @@ func (armoAPI *ArmoAPI) postExceptionsURL() string {

 	q := u.Query()
 	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
+	if exceptionsPolicyName != "" { // for delete
+		q.Add("policyName", exceptionsPolicyName)
+	}
+
 	u.RawQuery = q.Encode()

 	return u.String()
--- a/cautils/getter/getpoliciesutils.go
+++ b/cautils/getter/getpoliciesutils.go
@@ -47,6 +47,24 @@ func JSONDecoder(origin string) *json.Decoder {
 	return dec
 }

+func HttpDelete(httpClient *http.Client, fullURL string, headers map[string]string) (string, error) {
+
+	req, err := http.NewRequest("DELETE", fullURL, nil)
+	if err != nil {
+		return "", err
+	}
+	setHeaders(req, headers)
+
+	resp, err := httpClient.Do(req)
+	if err != nil {
+		return "", err
+	}
+	respStr, err := httpRespToString(resp)
+	if err != nil {
+		return "", err
+	}
+	return respStr, nil
+}
 func HttpGetter(httpClient *http.Client, fullURL string, headers map[string]string) (string, error) {

 	req, err := http.NewRequest("GET", fullURL, nil)
--- a/cautils/logger/helpers/datastructures.go
+++ b/cautils/logger/helpers/datastructures.go
@@ -1,5 +1,7 @@
 package helpers

+import "time"
+
 type StringObj struct {
 	key   string
 	value string
@@ -24,3 +26,6 @@ func Error(e error) *ErrorObj                         { return &ErrorObj{key: "e
 func Int(k string, v int) *IntObj                     { return &IntObj{key: k, value: v} }
 func String(k, v string) *StringObj                   { return &StringObj{key: k, value: v} }
 func Interface(k string, v interface{}) *InterfaceObj { return &InterfaceObj{key: k, value: v} }
+func Time() *StringObj {
+	return &StringObj{key: "time", value: time.Now().Format("2006-01-02 15:04:05")}
+}
--- a/cautils/logger/methods.go
+++ b/cautils/logger/methods.go
@@ -5,9 +5,9 @@ import (
 	"strings"

 	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/cautils/logger/nonelogger"
 	"github.com/armosec/kubescape/cautils/logger/prettylogger"
 	"github.com/armosec/kubescape/cautils/logger/zaplogger"
-	"github.com/mattn/go-isatty"
 )

 type ILogger interface {
@@ -23,29 +23,59 @@ type ILogger interface {

 	SetWriter(w *os.File)
 	GetWriter() *os.File
+
+	LoggerName() string
 }

 var l ILogger

+// Return initialized logger. If logger not initialized, will call InitializeLogger() with the default value
 func L() ILogger {
 	if l == nil {
-		InitializeLogger("")
+		InitDefaultLogger()
 	}
 	return l
 }

-func InitializeLogger(loggerName string) {
+/* InitLogger initialize desired logger
+
+Use:
+InitLogger("<logger name>")
+
+Supported logger names (call ListLoggersNames() for listing supported loggers)
+- "zap": Logger from package "go.uber.org/zap"
+- "pretty", "colorful": Human friendly colorful logger
+- "none", "mock", "empty", "ignore": Logger will not print anything
+
+Default:
+- "pretty"
+
+e.g.
+InitLogger("none") -> will initialize the mock logger
+
+*/
+func InitLogger(loggerName string) {

 	switch strings.ToLower(loggerName) {
-	case "zap":
+	case zaplogger.LoggerName:
 		l = zaplogger.NewZapLogger()
-	case "pretty":
+	case prettylogger.LoggerName, "colorful":
 		l = prettylogger.NewPrettyLogger()
+	case nonelogger.LoggerName, "mock", "empty", "ignore":
+		l = nonelogger.NewNoneLogger()
 	default:
-		if isatty.IsTerminal(os.Stdout.Fd()) {
-			l = prettylogger.NewPrettyLogger()
-		} else {
-			l = zaplogger.NewZapLogger()
-		}
+		InitDefaultLogger()
 	}
 }
+
+func InitDefaultLogger() {
+	l = prettylogger.NewPrettyLogger()
+}
+
+func DisableColor(flag bool) {
+	prettylogger.DisableColor(flag)
+}
+
+func ListLoggersNames() []string {
+	return []string{prettylogger.LoggerName, zaplogger.LoggerName, nonelogger.LoggerName}
+}
--- a/cautils/logger/nonelogger/logger.go
+++ b/cautils/logger/nonelogger/logger.go
@@ -0,0 +1,28 @@
+package nonelogger
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/cautils/logger/helpers"
+)
+
+const LoggerName string = "none"
+
+type NoneLogger struct {
+}
+
+func NewNoneLogger() *NoneLogger {
+	return &NoneLogger{}
+}
+
+func (nl *NoneLogger) GetLevel() string                                { return "" }
+func (nl *NoneLogger) LoggerName() string                              { return LoggerName }
+func (nl *NoneLogger) SetWriter(w *os.File)                            {}
+func (nl *NoneLogger) GetWriter() *os.File                             { return nil }
+func (nl *NoneLogger) SetLevel(level string) error                     { return nil }
+func (nl *NoneLogger) Fatal(msg string, details ...helpers.IDetails)   {}
+func (nl *NoneLogger) Error(msg string, details ...helpers.IDetails)   {}
+func (nl *NoneLogger) Warning(msg string, details ...helpers.IDetails) {}
+func (nl *NoneLogger) Success(msg string, details ...helpers.IDetails) {}
+func (nl *NoneLogger) Info(msg string, details ...helpers.IDetails)    {}
+func (nl *NoneLogger) Debug(msg string, details ...helpers.IDetails)   {}
--- a/cautils/logger/prettylogger/colors.go
+++ b/cautils/logger/prettylogger/colors.go
@@ -29,3 +29,9 @@ func prefix(l helpers.Level) func(w io.Writer, format string, a ...interface{})
 	}
 	return message
 }
+
+func DisableColor(flag bool) {
+	if flag {
+		color.NoColor = true
+	}
+}
--- a/cautils/logger/prettylogger/logger.go
+++ b/cautils/logger/prettylogger/logger.go
@@ -8,6 +8,8 @@ import (
 	"github.com/armosec/kubescape/cautils/logger/helpers"
 )

+const LoggerName string = "pretty"
+
 type PrettyLogger struct {
 	writer *os.File
 	level  helpers.Level
@@ -15,6 +17,7 @@ type PrettyLogger struct {
 }

 func NewPrettyLogger() *PrettyLogger {
+
 	return &PrettyLogger{
 		writer: os.Stderr, // default to stderr
 		level:  helpers.InfoLevel,
@@ -25,6 +28,7 @@ func NewPrettyLogger() *PrettyLogger {
 func (pl *PrettyLogger) GetLevel() string     { return pl.level.String() }
 func (pl *PrettyLogger) SetWriter(w *os.File) { pl.writer = w }
 func (pl *PrettyLogger) GetWriter() *os.File  { return pl.writer }
+func (pl *PrettyLogger) LoggerName() string   { return LoggerName }

 func (pl *PrettyLogger) SetLevel(level string) error {
 	pl.level = helpers.ToLevel(level)
@@ -69,7 +73,7 @@ func (pl *PrettyLogger) print(level helpers.Level, msg string, details ...helper
 func detailsToString(details []helpers.IDetails) string {
 	s := ""
 	for i := range details {
-		s += fmt.Sprintf("%s: %s", details[i].Key(), details[i].Value())
+		s += fmt.Sprintf("%s: %v", details[i].Key(), details[i].Value())
 		if i < len(details)-1 {
 			s += "; "
 		}
--- a/cautils/logger/zaplogger/logger.go
+++ b/cautils/logger/zaplogger/logger.go
@@ -8,6 +8,8 @@ import (
 	"go.uber.org/zap/zapcore"
 )

+const LoggerName string = "zap"
+
 type ZapLogger struct {
 	zapL *zap.Logger
 	cfg  zap.Config
@@ -35,8 +37,7 @@ func NewZapLogger() *ZapLogger {
 func (zl *ZapLogger) GetLevel() string     { return zl.cfg.Level.Level().String() }
 func (zl *ZapLogger) SetWriter(w *os.File) {}
 func (zl *ZapLogger) GetWriter() *os.File  { return nil }
-func GetWriter() *os.File                  { return nil }
-
+func (zl *ZapLogger) LoggerName() string   { return LoggerName }
 func (zl *ZapLogger) SetLevel(level string) error {
 	l := zapcore.Level(1)
 	err := l.Set(level)
--- a/cautils/scaninfo.go
+++ b/cautils/scaninfo.go
@@ -53,31 +53,40 @@ func (bpf *BoolPtrFlag) Set(val string) error {
 	return nil
 }

+type RootInfo struct {
+	Logger       string // logger level
+	LoggerName   string // logger name ("pretty"/"zap"/"none")
+	CacheDir     string // cached dir
+	DisableColor bool   // Disable Color
+}
+
+// TODO - UPDATE
 type ScanInfo struct {
-	Getters
-	PolicyIdentifier   []reporthandling.PolicyIdentifier
-	UseExceptions      string      // Load file with exceptions configuration
-	ControlsInputs     string      // Load file with inputs for controls
-	UseFrom            []string    // Load framework from local file (instead of download). Use when running offline
-	UseDefault         bool        // Load framework from cached file (instead of download). Use when running offline
-	UseArtifactsFrom   string      // Load artifacts from local path. Use when running offline
-	VerboseMode        bool        // Display all of the input resources and not only failed resources
-	Format             string      // Format results (table, json, junit ...)
-	Output             string      // Store results in an output file, Output file name
-	ExcludedNamespaces string      // used for host sensor namespace
-	IncludeNamespaces  string      // DEPRECATED?
-	InputPatterns      []string    // Yaml files input patterns
-	Silent             bool        // Silent mode - Do not print progress logs
-	FailThreshold      uint16      // Failure score threshold
-	Submit             bool        // Submit results to Armo BE
-	HostSensor         BoolPtrFlag // Deploy ARMO K8s host sensor to collect data from certain controls
-	Local              bool        // Do not submit results
-	Account            string      // account ID
-	Logger             string      // logger level
-	CacheDir           string      // cached dir
-	KubeContext        string      // context name
-	FrameworkScan      bool        // false if scanning control
-	ScanAll            bool        // true if scan all frameworks
+	Getters                                              // TODO - remove from object
+	PolicyIdentifier   []reporthandling.PolicyIdentifier // TODO - remove from object
+	UseExceptions      string                            // Load file with exceptions configuration
+	ControlsInputs     string                            // Load file with inputs for controls
+	UseFrom            []string                          // Load framework from local file (instead of download). Use when running offline
+	UseDefault         bool                              // Load framework from cached file (instead of download). Use when running offline
+	UseArtifactsFrom   string                            // Load artifacts from local path. Use when running offline
+	VerboseMode        bool                              // Display all of the input resources and not only failed resources
+	Format             string                            // Format results (table, json, junit ...)
+	Output             string                            // Store results in an output file, Output file name
+	FormatVersion      string                            // Output object can be differnet between versions, this is for testing and backward compatibility
+	ExcludedNamespaces string                            // used for host sensor namespace
+	IncludeNamespaces  string                            // DEPRECATED?
+	InputPatterns      []string                          // Yaml files input patterns
+	Silent             bool                              // Silent mode - Do not print progress logs
+	FailThreshold      float32                           // Failure score threshold
+	Submit             bool                              // Submit results to Armo BE
+	ReportID           string                            // Report id of the current scan
+	HostSensorEnabled  BoolPtrFlag                       // Deploy ARMO K8s host sensor to collect data from certain controls
+	HostSensorYamlPath string                            // Path to hostsensor file
+	Local              bool                              // Do not submit results
+	Account            string                            // account ID
+	KubeContext        string                            // context name
+	FrameworkScan      bool                              // false if scanning control
+	ScanAll            bool                              // true if scan all frameworks
 }

 type Getters struct {
--- a/cautils/versioncheck.go
+++ b/cautils/versioncheck.go
@@ -10,6 +10,7 @@ import (
 	"github.com/armosec/kubescape/cautils/logger"
 	"github.com/armosec/kubescape/cautils/logger/helpers"
 	pkgutils "github.com/armosec/utils-go/utils"
+	"golang.org/x/mod/semver"
 )

 const SKIP_VERSION_CHECK = "KUBESCAPE_SKIP_UPDATE_CHECK"
@@ -97,8 +98,8 @@ func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckReques
 	}

 	if latestVersion.ClientUpdate != "" {
-		if BuildNumber != "" && BuildNumber < latestVersion.ClientUpdate {
-			logger.L().Warning(warningMessage(latestVersion.Client, latestVersion.ClientUpdate))
+		if BuildNumber != "" && semver.Compare(BuildNumber, latestVersion.ClientUpdate) >= 0 {
+			logger.L().Warning(warningMessage(latestVersion.ClientUpdate))
 		}
 	}

@@ -133,6 +134,6 @@ func (v *VersionCheckHandler) getLatestVersion(versionData *VersionCheckRequest)
 	return vResp, nil
 }

-func warningMessage(kind, release string) string {
-	return fmt.Sprintf("'%s' is not updated to the latest release: '%s'", kind, release)
+func warningMessage(release string) string {
+	return fmt.Sprintf("current version '%s' is not updated to the latest release: '%s'", BuildNumber, release)
 }
--- a/cautils/versioncheck_test.go
+++ b/cautils/versioncheck_test.go
@@ -0,0 +1,38 @@
+package cautils
+
+import (
+	"testing"
+
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetKubernetesObjects(t *testing.T) {
+}
+
+var rule_v1_0_131 = &reporthandling.PolicyRule{PortalBase: armotypes.PortalBase{
+	Attributes: map[string]interface{}{"useUntilKubescapeVersion": "v1.0.132"}}}
+var rule_v1_0_132 = &reporthandling.PolicyRule{PortalBase: armotypes.PortalBase{
+	Attributes: map[string]interface{}{"useFromKubescapeVersion": "v1.0.132", "useUntilKubescapeVersion": "v1.0.133"}}}
+var rule_v1_0_133 = &reporthandling.PolicyRule{PortalBase: armotypes.PortalBase{
+	Attributes: map[string]interface{}{"useFromKubescapeVersion": "v1.0.133", "useUntilKubescapeVersion": "v1.0.134"}}}
+var rule_v1_0_134 = &reporthandling.PolicyRule{PortalBase: armotypes.PortalBase{
+	Attributes: map[string]interface{}{"useFromKubescapeVersion": "v1.0.134"}}}
+
+func TestIsRuleKubescapeVersionCompatible(t *testing.T) {
+	// local build- no build number
+	// should use only rules that don't have "until"
+	buildNumberMock := ""
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_131.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_132.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_133.Attributes, buildNumberMock))
+	assert.True(t, isRuleKubescapeVersionCompatible(rule_v1_0_134.Attributes, buildNumberMock))
+
+	// should only use rules that version is in range of use
+	buildNumberMock = "v1.0.133"
+	assert.True(t, isRuleKubescapeVersionCompatible(rule_v1_0_131.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_132.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_133.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_134.Attributes, buildNumberMock))
+}
--- a/clihandler/clidelete.go
+++ b/clihandler/clidelete.go
@@ -1,7 +0,0 @@
-package clihandler
-
-func CliDelete() error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	return tenant.DeleteCachedConfig()
-}
--- a/clihandler/cliobjects/set.go
+++ b/clihandler/cliobjects/set.go
@@ -1,7 +0,0 @@
-package cliobjects
-
-type SetConfig struct {
-	Account   string
-	ClientID  string
-	SecretKey string
-}
--- a/clihandler/cliobjects/submit.go
+++ b/clihandler/cliobjects/submit.go
@@ -1,5 +0,0 @@
-package cliobjects
-
-type Submit struct {
-	Account string
-}
--- a/clihandler/cliset.go
+++ b/clihandler/cliset.go
@@ -1,22 +0,0 @@
-package clihandler
-
-import (
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-)
-
-func CliSetConfig(setConfig *cliobjects.SetConfig) error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi())
-
-	if setConfig.Account != "" {
-		tenant.GetConfigObj().AccountID = setConfig.Account
-	}
-	if setConfig.SecretKey != "" {
-		tenant.GetConfigObj().SecretKey = setConfig.SecretKey
-	}
-	if setConfig.ClientID != "" {
-		tenant.GetConfigObj().ClientID = setConfig.ClientID
-	}
-
-	return tenant.UpdateCachedConfig()
-}
--- a/clihandler/cliview.go
+++ b/clihandler/cliview.go
@@ -1,12 +0,0 @@
-package clihandler
-
-import (
-	"fmt"
-	"os"
-)
-
-func CliView() error {
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	fmt.Fprintf(os.Stderr, "%s\n", tenant.GetConfigObj().Config())
-	return nil
-}
--- a/clihandler/cmd/cluster.go
+++ b/clihandler/cmd/cluster.go
@@ -1,19 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-// clusterCmd represents the cluster command
-var clusterCmd = &cobra.Command{
-	Use:        "cluster",
-	Short:      "Set configuration for cluster",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-func init() {
-	configCmd.AddCommand(clusterCmd)
-}
--- a/clihandler/cmd/cluster_get.go
+++ b/clihandler/cmd/cluster_get.go
@@ -1,50 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/spf13/cobra"
-)
-
-var getCmd = &cobra.Command{
-	Use:        "get <key>",
-	Short:      "Get configuration in cluster",
-	Long:       ``,
-	Deprecated: "use the 'view' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-
-		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
-		val, err := clusterConfig.GetValueByKeyFromConfigMap(key)
-		if err != nil {
-			if err.Error() == "value does not exist." {
-				return fmt.Errorf("failed to get value from configmap, reason: %s", err.Error())
-			}
-			return err
-		}
-		logger.L().Info(key + "=" + val)
-		return nil
-	},
-}
-
-func init() {
-	clusterCmd.AddCommand(getCmd)
-}
--- a/clihandler/cmd/cluster_set.go
+++ b/clihandler/cmd/cluster_set.go
@@ -1,46 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/spf13/cobra"
-)
-
-var setClusterCmd = &cobra.Command{
-	Use:        "set <key>=<value>",
-	Short:      "Set configuration in cluster",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 2 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-		data := keyValue[1]
-
-		k8s := k8sinterface.NewKubernetesApi()
-		clusterConfig := cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), scanInfo.Account, "")
-		if err := clusterConfig.SetKeyValueInConfigmap(key, data); err != nil {
-			return err
-		}
-		logger.L().Info("value added successfully.")
-		return nil
-	},
-}
-
-func init() {
-	clusterCmd.AddCommand(setClusterCmd)
-}
--- a/clihandler/cmd/config.go
+++ b/clihandler/cmd/config.go
@@ -1,124 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var (
-	configExample = `
-  # View cached configurations 
-  kubescape config view
-
-  # Delete cached configurations
-  kubescape config delete
-
-  # Set cached configurations
-  kubescape config set --help
-`
-	setConfigExample = `
-  # Set account id
-  kubescape config set accountID <account id>
-
-  # Set client id
-  kubescape config set clientID <client id> 
-
-  # Set access key
-  kubescape config set secretKey <access key>
-`
-)
-
-// configCmd represents the config command
-var configCmd = &cobra.Command{
-	Use:     "config",
-	Short:   "handle cached configurations",
-	Example: configExample,
-}
-
-var setConfig = cliobjects.SetConfig{}
-
-// configCmd represents the config command
-var configSetCmd = &cobra.Command{
-	Use:       "set",
-	Short:     fmt.Sprintf("Set configurations, supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/")),
-	Example:   setConfigExample,
-	ValidArgs: stringKeysToSlice(supportConfigSet),
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if err := parseSetArgs(args); err != nil {
-			return err
-		}
-		if err := clihandler.CliSetConfig(&setConfig); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-var supportConfigSet = map[string]func(*cliobjects.SetConfig, string){
-	"accountID": func(s *cliobjects.SetConfig, account string) { s.Account = account },
-	"clientID":  func(s *cliobjects.SetConfig, clientID string) { s.ClientID = clientID },
-	"secretKey": func(s *cliobjects.SetConfig, secretKey string) { s.SecretKey = secretKey },
-}
-
-func stringKeysToSlice(m map[string]func(*cliobjects.SetConfig, string)) []string {
-	l := []string{}
-	for i := range m {
-		l = append(l, i)
-	}
-	return l
-}
-
-func parseSetArgs(args []string) error {
-	var key string
-	var value string
-	if len(args) == 1 {
-		if keyValue := strings.Split(args[0], "="); len(keyValue) == 2 {
-			key = keyValue[0]
-			value = keyValue[1]
-		}
-	} else if len(args) == 2 {
-		key = args[0]
-		value = args[1]
-	}
-	if setConfigFunc, ok := supportConfigSet[key]; ok {
-		setConfigFunc(&setConfig, value)
-	} else {
-		return fmt.Errorf("key '%s' unknown . supported: %s", key, strings.Join(stringKeysToSlice(supportConfigSet), "/"))
-	}
-	return nil
-}
-
-var configDeleteCmd = &cobra.Command{
-	Use:   "delete",
-	Short: "Delete cached configurations",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.CliDelete(); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-// configCmd represents the config command
-var configViewCmd = &cobra.Command{
-	Use:   "view",
-	Short: "View cached configurations",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.CliView(); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(configCmd)
-	configCmd.AddCommand(configSetCmd)
-	configCmd.AddCommand(configDeleteCmd)
-	configCmd.AddCommand(configViewCmd)
-}
--- a/clihandler/cmd/control.go
+++ b/clihandler/cmd/control.go
@@ -1,120 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/spf13/cobra"
-)
-
-var (
-	controlExample = `
-  # Scan the 'privileged container' control
-  kubescape scan control "privileged container"
-	
-  # Scan list of controls separated with a comma
-  kubescape scan control "privileged container","allowed hostpath"
-  
-  # Scan list of controls using the control ID separated with a comma
-  kubescape scan control C-0058,C-0057
-  
-  Run 'kubescape list controls' for the list of supported controls
-  
-  Control documentation:
-  https://hub.armo.cloud/docs/controls
-`
-)
-
-// controlCmd represents the control command
-var controlCmd = &cobra.Command{
-	Use:     "control <control names list>/<control ids list>",
-	Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
-	Example: controlExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			controls := strings.Split(args[0], ",")
-			if len(controls) > 1 {
-				if controls[1] == "" {
-					return fmt.Errorf("usage: <control-0>,<control-1>")
-				}
-			}
-		} else {
-			return fmt.Errorf("requires at least one control name")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		flagValidationControl()
-		scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
-
-		if len(args) == 0 {
-			scanInfo.ScanAll = true
-		} else { // expected control or list of control sepparated by ","
-
-			// Read controls from input args
-			scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), reporthandling.KindControl)
-
-			if len(args) > 1 {
-				if len(args[1:]) == 0 || args[1] != "-" {
-					scanInfo.InputPatterns = args[1:]
-				} else { // store stdin to file - do NOT move to separate function !!
-					tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
-					if err != nil {
-						return err
-					}
-					defer os.Remove(tempFile.Name())
-
-					if _, err := io.Copy(tempFile, os.Stdin); err != nil {
-						return err
-					}
-					scanInfo.InputPatterns = []string{tempFile.Name()}
-				}
-			}
-		}
-
-		scanInfo.FrameworkScan = false
-		scanInfo.Init()
-		cautils.SetSilentMode(scanInfo.Silent)
-		err := clihandler.ScanCliSetup(&scanInfo)
-		if err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	scanInfo = cautils.ScanInfo{}
-	scanCmd.AddCommand(controlCmd)
-}
-
-func flagValidationControl() {
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
-	}
-}
-
-func setScanForFirstControl(controls []string) []reporthandling.PolicyIdentifier {
-	newPolicy := reporthandling.PolicyIdentifier{}
-	newPolicy.Kind = reporthandling.KindControl
-	newPolicy.Name = controls[0]
-	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-	return scanInfo.PolicyIdentifier
-}
-
-func SetScanForGivenControls(controls []string) []reporthandling.PolicyIdentifier {
-	for _, control := range controls {
-		control := strings.TrimLeft(control, " ")
-		newPolicy := reporthandling.PolicyIdentifier{}
-		newPolicy.Kind = reporthandling.KindControl
-		newPolicy.Name = control
-		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-	}
-	return scanInfo.PolicyIdentifier
-}
--- a/clihandler/cmd/download.go
+++ b/clihandler/cmd/download.go
@@ -1,81 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"path/filepath"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/spf13/cobra"
-)
-
-var downloadInfo = cautils.DownloadInfo{}
-
-var (
-	downloadExample = `
-  # Download all artifacts and save them in the default path (~/.kubescape)
-  kubescape download artifacts
-  
-  # Download all artifacts and save them in /tmp path
-  kubescape download artifacts --output /tmp
-  
-  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
-  kubescape download framework nsa
-
-  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
-  kubescape download control "Allowed hostPath"
-
-  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
-  kubescape download control C-0001
-
-  # Download the configured exceptions
-  kubescape download exceptions 
-
-  # Download the configured controls-inputs 
-  kubescape download controls-inputs 
-
-`
-)
-var downloadCmd = &cobra.Command{
-	Use:     "download <policy> <policy name>",
-	Short:   fmt.Sprintf("Download %s", strings.Join(clihandler.DownloadSupportCommands(), ",")),
-	Long:    ``,
-	Example: downloadExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		supported := strings.Join(clihandler.DownloadSupportCommands(), ",")
-		if len(args) < 1 {
-			return fmt.Errorf("policy type required, supported: %v", supported)
-		}
-		if cautils.StringInSlice(clihandler.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
-			return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		downloadInfo.Target = args[0]
-		if len(args) >= 2 {
-			downloadInfo.Name = args[1]
-		}
-		if err := clihandler.CliDownload(&downloadInfo); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	cobra.OnInitialize(initDownload)
-
-	rootCmd.AddCommand(downloadCmd)
-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")
-
-}
-
-func initDownload() {
-	if filepath.Ext(downloadInfo.Path) == ".json" {
-		downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
-	}
-}
--- a/clihandler/cmd/framework.go
+++ b/clihandler/cmd/framework.go
@@ -1,128 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/spf13/cobra"
-)
-
-var (
-	frameworkExample = `
-  # Scan all frameworks and submit the results
-  kubescape scan --submit
-  
-  # Scan the NSA framework
-  kubescape scan framework nsa
-  
-  # Scan the NSA and MITRE framework
-  kubescape scan framework nsa,mitre
-  
-  # Scan all frameworks
-  kubescape scan framework all
-
-  # Scan kubernetes YAML manifest files
-  kubescape scan framework nsa *.yaml
-
-  # Scan and save the results in the JSON format
-  kubescape scan --format json --output results.json
-
-  # Save scan results in JSON format
-  kubescape scan --format json --output results.json
-
-  # Display all resources
-  kubescape scan --verbose
-
-  Run 'kubescape list frameworks' for the list of supported frameworks
-`
-)
-var frameworkCmd = &cobra.Command{
-	Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
-	Short:   "The framework you wish to use. Run 'kubescape list frameworks' for the list of supported frameworks",
-	Example: frameworkExample,
-	Long:    "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			frameworks := strings.Split(args[0], ",")
-			if len(frameworks) > 1 {
-				if frameworks[1] == "" {
-					return fmt.Errorf("usage: <framework-0>,<framework-1>")
-				}
-			}
-		} else {
-			return fmt.Errorf("requires at least one framework name")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		flagValidationFramework()
-		var frameworks []string
-
-		if len(args) == 0 { // scan all frameworks
-			scanInfo.ScanAll = true
-		} else {
-			// Read frameworks from input args
-			frameworks = strings.Split(args[0], ",")
-			if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
-				scanInfo.ScanAll = true
-				frameworks = []string{}
-			}
-			if len(args) > 1 {
-				if len(args[1:]) == 0 || args[1] != "-" {
-					scanInfo.InputPatterns = args[1:]
-				} else { // store stdin to file - do NOT move to separate function !!
-					tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
-					if err != nil {
-						return err
-					}
-					defer os.Remove(tempFile.Name())
-
-					if _, err := io.Copy(tempFile, os.Stdin); err != nil {
-						return err
-					}
-					scanInfo.InputPatterns = []string{tempFile.Name()}
-				}
-			}
-		}
-		scanInfo.FrameworkScan = true
-
-		scanInfo.SetPolicyIdentifiers(frameworks, reporthandling.KindFramework)
-
-		scanInfo.Init()
-		cautils.SetSilentMode(scanInfo.Silent)
-		err := clihandler.ScanCliSetup(&scanInfo)
-		if err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	scanCmd.AddCommand(frameworkCmd)
-	scanInfo = cautils.ScanInfo{}
-	scanInfo.FrameworkScan = true
-}
-
-// func SetScanForFirstFramework(frameworks []string) []reporthandling.PolicyIdentifier {
-// 	newPolicy := reporthandling.PolicyIdentifier{}
-// 	newPolicy.Kind = reporthandling.KindFramework
-// 	newPolicy.Name = frameworks[0]
-// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	return scanInfo.PolicyIdentifier
-// }
-
-func flagValidationFramework() {
-	if scanInfo.Submit && scanInfo.Local {
-		logger.L().Fatal("you can use `keep-local` or `submit`, but not both")
-	}
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
-	}
-}
--- a/clihandler/cmd/list.go
+++ b/clihandler/cmd/list.go
@@ -1,67 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var (
-	listExample = `
-  # List default supported frameworks names
-  kubescape list frameworks
-  
-  # List all supported frameworks names
-  kubescape list frameworks --account <account id>
-	
-  # List all supported controls names
-  kubescape list controls
-
-  # List all supported controls ids
-  kubescape list controls --id 
-  
-  Control documentation:
-  https://hub.armo.cloud/docs/controls
-`
-)
-var listPolicies = cliobjects.ListPolicies{}
-
-var listCmd = &cobra.Command{
-	Use:     "list <policy> [flags]",
-	Short:   "List frameworks/controls will list the supported frameworks and controls",
-	Long:    ``,
-	Example: listExample,
-	Args: func(cmd *cobra.Command, args []string) error {
-		supported := strings.Join(clihandler.ListSupportCommands(), ",")
-
-		if len(args) < 1 {
-			return fmt.Errorf("policy type requeued, supported: %s", supported)
-		}
-		if cautils.StringInSlice(clihandler.ListSupportCommands(), args[0]) == cautils.ValueNotFound {
-			return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		listPolicies.Target = args[0]
-
-		if err := clihandler.CliList(&listPolicies); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	// cobra.OnInitialize(initConfig)
-
-	rootCmd.AddCommand(listCmd)
-	listCmd.PersistentFlags().StringVar(&listPolicies.Account, "account", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-printer'/'json'")
-	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")
-}
--- a/clihandler/cmd/local.go
+++ b/clihandler/cmd/local.go
@@ -1,18 +0,0 @@
-package cmd
-
-import (
-	"github.com/spf13/cobra"
-)
-
-var localCmd = &cobra.Command{
-	Use:        "local",
-	Short:      "Set configuration locally (for config.json)",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-func init() {
-	configCmd.AddCommand(localCmd)
-}
--- a/clihandler/cmd/local_get.go
+++ b/clihandler/cmd/local_get.go
@@ -1,45 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var localGetCmd = &cobra.Command{
-	Use:        "get <key>",
-	Short:      "Get configuration locally",
-	Long:       ``,
-	Deprecated: "use the 'view' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 1 {
-			return fmt.Errorf("requires  one argument")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-
-		val, err := cautils.GetValueFromConfigJson(key)
-		if err != nil {
-			if err.Error() == "value does not exist." {
-				return fmt.Errorf("failed to get value from: %s, reason: %s", cautils.ConfigFileFullPath(), err.Error())
-			}
-			return err
-		}
-		fmt.Println(key + "=" + val)
-		return nil
-	},
-}
-
-func init() {
-	localCmd.AddCommand(localGetCmd)
-}
--- a/clihandler/cmd/local_set.go
+++ b/clihandler/cmd/local_set.go
@@ -1,41 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var localSetCmd = &cobra.Command{
-	Use:        "set <key>=<value>",
-	Short:      "Set configuration locally",
-	Long:       ``,
-	Deprecated: "use the 'set' command instead",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) < 1 || len(args) > 1 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		keyValue := strings.Split(args[0], "=")
-		if len(keyValue) != 2 {
-			return fmt.Errorf("requires  one argument: <key>=<value>")
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		keyValue := strings.Split(args[0], "=")
-		key := keyValue[0]
-		data := keyValue[1]
-
-		if err := cautils.SetKeyValueInConfigJson(key, data); err != nil {
-			return err
-		}
-		fmt.Println("Value added successfully.")
-		return nil
-	},
-}
-
-func init() {
-	localCmd.AddCommand(localSetCmd)
-}
--- a/clihandler/cmd/rbac.go
+++ b/clihandler/cmd/rbac.go
@@ -1,66 +0,0 @@
-package cmd
-
-import (
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	"github.com/armosec/rbac-utils/rbacscanner"
-	"github.com/spf13/cobra"
-)
-
-// rabcCmd represents the RBAC command
-var rabcCmd = &cobra.Command{
-	Use:   "rbac \nExample:\n$ kubescape submit rbac",
-	Short: "Submit cluster's Role-Based Access Control(RBAC)",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-
-		k8s := k8sinterface.NewKubernetesApi()
-
-		// get config
-		clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
-		if err := clusterConfig.SetTenant(); err != nil {
-			logger.L().Error("failed setting account ID", helpers.Error(err))
-		}
-
-		// list RBAC
-		rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetClusterName()))
-
-		// submit resources
-		r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
-
-		submitInterfaces := cliinterfaces.SubmitInterfaces{
-			ClusterConfig: clusterConfig,
-			SubmitObjects: rbacObjects,
-			Reporter:      r,
-		}
-
-		if err := clihandler.Submit(submitInterfaces); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	submitCmd.AddCommand(rabcCmd)
-}
-
-// getKubernetesApi
-func getKubernetesApi() *k8sinterface.KubernetesApi {
-	if !k8sinterface.IsConnectedToCluster() {
-		return nil
-	}
-	return k8sinterface.NewKubernetesApi()
-}
-func getTenantConfig(Account, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
-	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
-		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), Account, clusterName)
-	}
-	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), Account, clusterName)
-}
--- a/clihandler/cmd/results.go
+++ b/clihandler/cmd/results.go
@@ -1,106 +0,0 @@
-package cmd
-
-import (
-	"encoding/json"
-	"fmt"
-	"os"
-	"time"
-
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/google/uuid"
-	"github.com/spf13/cobra"
-)
-
-type ResultsObject struct {
-	filePath     string
-	customerGUID string
-	clusterName  string
-}
-
-func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
-	return &ResultsObject{
-		filePath:     filePath,
-		customerGUID: customerGUID,
-		clusterName:  clusterName,
-	}
-}
-
-func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandling.PostureReport, error) {
-	// load framework results from json file
-	frameworkReports, err := loadResultsFromFile(resultsObject.filePath)
-	if err != nil {
-		return nil, err
-	}
-	return &reporthandling.PostureReport{
-		FrameworkReports:     frameworkReports,
-		ReportID:             uuid.NewString(),
-		ReportGenerationTime: time.Now().UTC(),
-		CustomerGUID:         resultsObject.customerGUID,
-		ClusterName:          resultsObject.clusterName,
-	}, nil
-}
-
-func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
-	return map[string]workloadinterface.IMetadata{}, nil
-}
-
-var resultsCmd = &cobra.Command{
-	Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json",
-	Short: "Submit a pre scanned results file. The file must be in json format",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if len(args) == 0 {
-			return fmt.Errorf("missing results file")
-		}
-
-		k8s := getKubernetesApi()
-
-		// get config
-		clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
-		if err := clusterConfig.SetTenant(); err != nil {
-			logger.L().Error("failed setting account ID", helpers.Error(err))
-		}
-
-		resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetClusterName(), args[0])
-
-		// submit resources
-		r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
-
-		submitInterfaces := cliinterfaces.SubmitInterfaces{
-			ClusterConfig: clusterConfig,
-			SubmitObjects: resultsObjects,
-			Reporter:      r,
-		}
-
-		if err := clihandler.Submit(submitInterfaces); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-		return nil
-	},
-}
-
-func init() {
-	submitCmd.AddCommand(resultsCmd)
-}
-
-func loadResultsFromFile(filePath string) ([]reporthandling.FrameworkReport, error) {
-	frameworkReports := []reporthandling.FrameworkReport{}
-	f, err := os.ReadFile(filePath)
-	if err != nil {
-		return nil, err
-	}
-	if err = json.Unmarshal(f, &frameworkReports); err != nil {
-		frameworkReport := reporthandling.FrameworkReport{}
-		if err = json.Unmarshal(f, &frameworkReport); err != nil {
-			return frameworkReports, err
-		}
-		frameworkReports = append(frameworkReports, frameworkReport)
-	}
-	return frameworkReports, nil
-}
--- a/clihandler/cmd/root.go
+++ b/clihandler/cmd/root.go
@@ -1,111 +0,0 @@
-package cmd
-
-import (
-	"flag"
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/spf13/cobra"
-)
-
-var armoBEURLs = ""
-
-const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
-
-var ksExamples = `
-  # Scan command
-  kubescape scan --submit
-
-  # List supported frameworks
-  kubescape list frameworks
-
-  # Download artifacts (air-gapped environment support)
-  kubescape download artifacts
-
-  # View cached configurations
-  kubescape config view
-`
-
-var rootCmd = &cobra.Command{
-	Use:     "kubescape",
-	Version: cautils.BuildNumber,
-	Short:   "Kubescape is a tool for testing Kubernetes security posture",
-	Long:    `Kubescape is a tool for testing Kubernetes security posture based on NSA \ MITRE ATT&CK® and other frameworks specifications`,
-	Example: ksExamples,
-}
-
-func Execute() {
-	rootCmd.Execute()
-}
-func init() {
-	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
-
-	flag.CommandLine.StringVar(&armoBEURLs, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().StringVar(&armoBEURLs, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().MarkHidden("environment")
-	rootCmd.PersistentFlags().StringVarP(&scanInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
-	rootCmd.PersistentFlags().StringVar(&scanInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
-	flag.Parse()
-}
-
-func initLogger() {
-	if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
-		logger.InitializeLogger(l)
-	}
-}
-func initLoggerLevel() {
-	if scanInfo.Logger != helpers.InfoLevel.String() {
-	} else if l := os.Getenv("KS_LOGGER"); l != "" {
-		scanInfo.Logger = l
-	}
-	if err := logger.L().SetLevel(scanInfo.Logger); err != nil {
-		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
-	}
-}
-
-func initCacheDir() {
-	if scanInfo.CacheDir != getter.DefaultLocalStore {
-		getter.DefaultLocalStore = scanInfo.CacheDir
-	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
-		getter.DefaultLocalStore = cacheDir
-	} else {
-		return // using default cache di location
-	}
-
-	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
-}
-func initEnvironment() {
-	urlSlices := strings.Split(armoBEURLs, ",")
-	if len(urlSlices) != 1 && len(urlSlices) < 3 {
-		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
-	}
-	switch len(urlSlices) {
-	case 1:
-		switch urlSlices[0] {
-		case "dev", "development":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
-		case "stage", "staging":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
-		case "":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
-		default:
-			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-		}
-	case 2:
-		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-	case 3, 4:
-		var armoAUTHURL string
-		armoERURL := urlSlices[0] // mandatory
-		armoBEURL := urlSlices[1] // mandatory
-		armoFEURL := urlSlices[2] // mandatory
-		if len(urlSlices) <= 4 {
-			armoAUTHURL = urlSlices[3]
-		}
-		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
-	}
-}
--- a/clihandler/cmd/scan.go
+++ b/clihandler/cmd/scan.go
@@ -1,65 +0,0 @@
-package cmd
-
-import (
-	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var scanInfo cautils.ScanInfo
-
-// scanCmd represents the scan command
-var scanCmd = &cobra.Command{
-	Use:   "scan [command]",
-	Short: "Scan the current running cluster or yaml files",
-	Long:  `The action you want to perform`,
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) > 0 {
-			if args[0] != "framework" && args[0] != "control" {
-				scanInfo.ScanAll = true
-				return frameworkCmd.RunE(cmd, append([]string{"all"}, args...))
-			}
-		}
-		return nil
-	},
-	RunE: func(cmd *cobra.Command, args []string) error {
-		if len(args) == 0 {
-			scanInfo.ScanAll = true
-			return frameworkCmd.RunE(cmd, []string{"all"})
-		}
-		return nil
-	},
-}
-
-func frameworkInitConfig() {
-	k8sinterface.SetClusterContextName(scanInfo.KubeContext)
-}
-
-func init() {
-
-	cobra.OnInitialize(frameworkInitConfig)
-
-	rootCmd.AddCommand(scanCmd)
-
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")
-	scanCmd.PersistentFlags().Uint16VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer","json","junit","prometheus","pdf"`)
-	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to Armo backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.VerboseMode, "verbose", false, "Display all of the input resources and not only failed resources")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
-	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
-
-	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensor, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valueable data from cluster nodes for certain controls")
-	hostF.NoOptDefVal = "true"
-	hostF.DefValue = "false, for no TTY in stdin"
-
-}
--- a/clihandler/cmd/submit.go
+++ b/clihandler/cmd/submit.go
@@ -1,46 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/spf13/cobra"
-)
-
-var submitInfo cliobjects.Submit
-
-var submitCmdExamples = `
-
-`
-var submitCmd = &cobra.Command{
-	Use:   "submit <command>",
-	Short: "Submit an object to the Kubescape SaaS version",
-	Long:  ``,
-	Run: func(cmd *cobra.Command, args []string) {
-	},
-}
-
-var submitExceptionsCmd = &cobra.Command{
-	Use:   "exceptions <full path to exceptins file>",
-	Short: "Submit exceptions to the Kubescape SaaS version",
-	Args: func(cmd *cobra.Command, args []string) error {
-		if len(args) != 1 {
-			return fmt.Errorf("missing full path to exceptions file")
-		}
-		return nil
-	},
-	Run: func(cmd *cobra.Command, args []string) {
-		if err := clihandler.SubmitExceptions(submitInfo.Account, args[0]); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	},
-}
-
-func init() {
-	submitCmd.PersistentFlags().StringVarP(&submitInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
-	rootCmd.AddCommand(submitCmd)
-
-	submitCmd.AddCommand(submitExceptionsCmd)
-}
--- a/clihandler/cmd/version.go
+++ b/clihandler/cmd/version.go
@@ -1,25 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/spf13/cobra"
-)
-
-var versionCmd = &cobra.Command{
-	Use:   "version",
-	Short: "Get current version",
-	Long:  ``,
-	RunE: func(cmd *cobra.Command, args []string) error {
-		v := cautils.NewIVersionCheckHandler()
-		v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
-		fmt.Fprintln(os.Stdout, "Your current version is: "+cautils.BuildNumber)
-		return nil
-	},
-}
-
-func init() {
-	rootCmd.AddCommand(versionCmd)
-}
--- a/cmd/README.md
+++ b/cmd/README.md
@@ -0,0 +1 @@
+# Kubescape CLI Package
--- a/cmd/completion/completion.go
+++ b/cmd/completion/completion.go
@@ -0,0 +1,49 @@
+package completion
+
+import (
+	"os"
+	"strings"
+
+	"github.com/spf13/cobra"
+)
+
+var completionCmdExamples = `
+
+  # Enable BASH shell autocompletion 
+  $ source <(kubescape completion bash) 
+  $ echo 'source <(kubescape completion bash)' >> ~/.bashrc
+
+  # Enable ZSH shell autocompletion 
+  $ source <(kubectl completion zsh)
+  $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl"
+
+`
+
+func GetCompletionCmd() *cobra.Command {
+	completionCmd := &cobra.Command{
+		Use:                   "completion [bash|zsh|fish|powershell]",
+		Short:                 "Generate autocompletion script",
+		Long:                  "To load completions",
+		Example:               completionCmdExamples,
+		DisableFlagsInUseLine: true,
+		ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
+		Args:                  cobra.ExactValidArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			switch strings.ToLower(args[0]) {
+			case "bash":
+				cmd.Root().GenBashCompletion(os.Stdout)
+			case "zsh":
+				cmd.Root().GenZshCompletion(os.Stdout)
+			case "fish":
+				cmd.Root().GenFishCompletion(os.Stdout, true)
+			case "powershell":
+				cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
+			}
+		},
+	}
+	return completionCmd
+}
+
+// func init() {
+// 	rootCmd.AddCommand(completionCmd)
+// }
--- a/cmd/config/config.go
+++ b/cmd/config/config.go
@@ -0,0 +1,45 @@
+package config
+
+import (
+	"github.com/armosec/kubescape/core/meta"
+	"github.com/spf13/cobra"
+)
+
+var (
+	configExample = `
+  # View cached configurations 
+  kubescape config view
+
+  # Delete cached configurations
+  kubescape config delete
+
+  # Set cached configurations
+  kubescape config set --help
+`
+	setConfigExample = `
+  # Set account id
+  kubescape config set accountID <account id>
+
+  # Set client id
+  kubescape config set clientID <client id> 
+
+  # Set access key
+  kubescape config set secretKey <access key>
+`
+)
+
+func GetConfigCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	configCmd := &cobra.Command{
+		Use:     "config",
+		Short:   "handle cached configurations",
+		Example: configExample,
+	}
+
+	configCmd.AddCommand(getDeleteCmd(ks))
+	configCmd.AddCommand(getSetCmd(ks))
+	configCmd.AddCommand(getViewCmd(ks))
+
+	return configCmd
+}
--- a/cmd/config/delete.go
+++ b/cmd/config/delete.go
@@ -0,0 +1,21 @@
+package config
+
+import (
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/meta"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	return &cobra.Command{
+		Use:   "delete",
+		Short: "Delete cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.DeleteCachedConfig(&v1.DeleteConfig{}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/config/set.go
+++ b/cmd/config/set.go
@@ -0,0 +1,69 @@
+package config
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/meta"
+	metav1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getSetCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	configSetCmd := &cobra.Command{
+		Use:       "set",
+		Short:     fmt.Sprintf("Set configurations, supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/")),
+		Example:   setConfigExample,
+		ValidArgs: stringKeysToSlice(supportConfigSet),
+		RunE: func(cmd *cobra.Command, args []string) error {
+			setConfig, err := parseSetArgs(args)
+			if err != nil {
+				return err
+			}
+			if err := ks.SetCachedConfig(setConfig); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	return configSetCmd
+}
+
+var supportConfigSet = map[string]func(*metav1.SetConfig, string){
+	"accountID": func(s *metav1.SetConfig, account string) { s.Account = account },
+	"clientID":  func(s *metav1.SetConfig, clientID string) { s.ClientID = clientID },
+	"secretKey": func(s *metav1.SetConfig, secretKey string) { s.SecretKey = secretKey },
+}
+
+func stringKeysToSlice(m map[string]func(*metav1.SetConfig, string)) []string {
+	l := []string{}
+	for i := range m {
+		l = append(l, i)
+	}
+	return l
+}
+
+func parseSetArgs(args []string) (*metav1.SetConfig, error) {
+	var key string
+	var value string
+	if len(args) == 1 {
+		if keyValue := strings.Split(args[0], "="); len(keyValue) == 2 {
+			key = keyValue[0]
+			value = keyValue[1]
+		}
+	} else if len(args) == 2 {
+		key = args[0]
+		value = args[1]
+	}
+	setConfig := &metav1.SetConfig{}
+
+	if setConfigFunc, ok := supportConfigSet[key]; ok {
+		setConfigFunc(setConfig, value)
+	} else {
+		return setConfig, fmt.Errorf("key '%s' unknown . supported: %s", key, strings.Join(stringKeysToSlice(supportConfigSet), "/"))
+	}
+	return setConfig, nil
+}
--- a/cmd/config/view.go
+++ b/cmd/config/view.go
@@ -0,0 +1,25 @@
+package config
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/meta"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getViewCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	return &cobra.Command{
+		Use:   "view",
+		Short: "View cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.ViewCachedConfig(&v1.ViewConfig{Writer: os.Stdout}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/delete/delete.go
+++ b/cmd/delete/delete.go
@@ -0,0 +1,32 @@
+package delete
+
+import (
+	"github.com/armosec/kubescape/core/meta"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var deleteExceptionsExamples = `
+  # Delete single exception
+  kubescape delete exceptions "exception name"
+
+  # Delete multiple exceptions
+  kubescape delete exceptions "first exception;second exception;third exception"
+`
+
+func GetDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	var deleteInfo v1.Delete
+
+	var deleteCmd = &cobra.Command{
+		Use:   "delete <command>",
+		Short: "Delete configurations in Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
+
+	deleteCmd.AddCommand(getExceptionsCmd(ks, &deleteInfo))
+
+	return deleteCmd
+}
--- a/cmd/delete/exceptions.go
+++ b/cmd/delete/exceptions.go
@@ -0,0 +1,34 @@
+package delete
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/meta"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command {
+	return &cobra.Command{
+		Use:     "exceptions <exception name>",
+		Short:   "Delete exceptions from Kubescape SaaS version. Run 'kubescape list exceptions' for all exceptions names",
+		Example: deleteExceptionsExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing exceptions names")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			exceptionsNames := strings.Split(args[0], ";")
+			if len(exceptionsNames) == 0 {
+				logger.L().Fatal("missing exceptions names")
+			}
+			if err := ks.DeleteExceptions(&v1.DeleteExceptions{Account: deleteInfo.Account, Exceptions: exceptionsNames}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -0,0 +1,79 @@
+package download
+
+import (
+	"fmt"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/core"
+	"github.com/armosec/kubescape/core/meta"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var (
+	downloadExample = `
+  # Download all artifacts and save them in the default path (~/.kubescape)
+  kubescape download artifacts
+  download
+  # Download all artifacts and save them in /tmp path
+  kubescape download artifacts --output /tmp
+  
+  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
+  kubescape download framework nsa
+
+  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
+  kubescape download control "Allowed hostPath"
+
+  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
+  kubescape download control C-0001
+
+  # Download the configured exceptions
+  kubescape download exceptions 
+
+  # Download the configured controls-inputs 
+  kubescape download controls-inputs 
+
+`
+)
+
+func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
+	var downloadInfo = v1.DownloadInfo{}
+
+	downloadCmd := &cobra.Command{
+		Use:     "download <policy> <policy name>",
+		Short:   fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")),
+		Long:    ``,
+		Example: downloadExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			supported := strings.Join(core.DownloadSupportCommands(), ",")
+			if len(args) < 1 {
+				return fmt.Errorf("policy type required, supported: %v", supported)
+			}
+			if cautils.StringInSlice(core.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
+				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if filepath.Ext(downloadInfo.Path) == ".json" {
+				downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
+			}
+			downloadInfo.Target = args[0]
+			if len(args) >= 2 {
+				downloadInfo.Name = args[1]
+			}
+			if err := ks.Download(&downloadInfo); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
+	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")
+
+	return downloadCmd
+}
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -0,0 +1,67 @@
+package list
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/core"
+	"github.com/armosec/kubescape/core/meta"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var (
+	listExample = `
+  # List default supported frameworks names
+  kubescape list frameworks
+  
+  # List all supported frameworks names
+  kubescape list frameworks --account <account id>
+	
+  # List all supported controls names
+  kubescape list controls
+
+  # List all supported controls ids
+  kubescape list controls --id 
+  
+  Control documentation:
+  https://hub.armo.cloud/docs/controls
+`
+)
+
+func GetListCmd(ks meta.IKubescape) *cobra.Command {
+	var listPolicies = v1.ListPolicies{}
+
+	listCmd := &cobra.Command{
+		Use:     "list <policy> [flags]",
+		Short:   "List frameworks/controls will list the supported frameworks and controls",
+		Long:    ``,
+		Example: listExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			supported := strings.Join(core.ListSupportActions(), ",")
+
+			if len(args) < 1 {
+				return fmt.Errorf("policy type requeued, supported: %s", supported)
+			}
+			if cautils.StringInSlice(core.ListSupportActions(), args[0]) == cautils.ValueNotFound {
+				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			listPolicies.Target = args[0]
+
+			if err := ks.List(&listPolicies); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	listCmd.PersistentFlags().StringVar(&listPolicies.Account, "account", "", "Armo portal account ID. Default will load account ID from configMap or config file")
+	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-printer'/'json'")
+	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")
+
+	return listCmd
+}
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -0,0 +1,167 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/cmd/completion"
+	"github.com/armosec/kubescape/cmd/config"
+	"github.com/armosec/kubescape/cmd/delete"
+	"github.com/armosec/kubescape/cmd/download"
+	"github.com/armosec/kubescape/cmd/list"
+	"github.com/armosec/kubescape/cmd/scan"
+	"github.com/armosec/kubescape/cmd/submit"
+	"github.com/armosec/kubescape/cmd/version"
+	"github.com/armosec/kubescape/core/core"
+
+	"github.com/mattn/go-isatty"
+	"github.com/spf13/cobra"
+)
+
+var armoBEURLs = ""
+var armoBEURLsDep = ""
+
+const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
+
+var ksExamples = `
+  # Scan command
+  kubescape scan --submit
+
+  # List supported frameworks
+  kubescape list frameworks
+
+  # Download artifacts (air-gapped environment support)
+  kubescape download artifacts
+
+  # View cached configurations
+  kubescape config view
+`
+
+func getRootCmd() *cobra.Command {
+	var rootInfo cautils.RootInfo
+
+	rootCmd := &cobra.Command{
+		Use:     "kubescape",
+		Version: cautils.BuildNumber,
+		Short:   "Kubescape is a tool for testing Kubernetes security posture",
+		Long:    `Based on NSA \ MITRE ATT&CK® and other frameworks specifications`,
+		Example: ksExamples,
+	}
+
+	rootCmd.PersistentFlags().StringVar(&armoBEURLsDep, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&armoBEURLs, "env", "", envFlagUsage)
+	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
+	rootCmd.PersistentFlags().MarkHidden("environment")
+	rootCmd.PersistentFlags().MarkHidden("env")
+
+	rootCmd.PersistentFlags().StringVar(&rootInfo.LoggerName, "logger-name", "", fmt.Sprintf("Logger name. Supported: %s [$KS_LOGGER_NAME]", strings.Join(logger.ListLoggersNames(), "/")))
+	rootCmd.PersistentFlags().MarkHidden("logger-name")
+
+	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
+	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
+
+	// Initialize
+	initLogger(&rootInfo)
+	initLoggerLevel(&rootInfo)
+	initEnvironment(&rootInfo)
+	initCacheDir(&rootInfo)
+
+	ks := core.NewKubescape()
+
+	// Supported commands
+	rootCmd.AddCommand(scan.GetScanCommand(ks))
+	rootCmd.AddCommand(download.GeDownloadCmd(ks))
+	rootCmd.AddCommand(delete.GetDeleteCmd(ks))
+	rootCmd.AddCommand(list.GetListCmd(ks))
+	rootCmd.AddCommand(submit.GetSubmitCmd(ks))
+	rootCmd.AddCommand(completion.GetCompletionCmd())
+	rootCmd.AddCommand(version.GetVersionCmd())
+	rootCmd.AddCommand(config.GetConfigCmd(ks))
+
+	return rootCmd
+}
+
+func Execute() {
+	rootCmd := getRootCmd()
+	rootCmd.Execute()
+}
+
+func initLogger(rootInfo *cautils.RootInfo) {
+	logger.DisableColor(rootInfo.DisableColor)
+
+	if rootInfo.LoggerName == "" {
+		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+			rootInfo.LoggerName = l
+		} else {
+			if isatty.IsTerminal(os.Stdout.Fd()) {
+				rootInfo.LoggerName = "pretty"
+			} else {
+				rootInfo.LoggerName = "zap"
+			}
+		}
+	}
+
+	logger.InitLogger(rootInfo.LoggerName)
+
+}
+func initLoggerLevel(rootInfo *cautils.RootInfo) {
+	if rootInfo.Logger != helpers.InfoLevel.String() {
+	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+		rootInfo.Logger = l
+	}
+
+	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
+	}
+}
+
+func initCacheDir(rootInfo *cautils.RootInfo) {
+	if rootInfo.CacheDir == getter.DefaultLocalStore {
+		getter.DefaultLocalStore = rootInfo.CacheDir
+	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+		getter.DefaultLocalStore = cacheDir
+	} else {
+		return // using default cache dir location
+	}
+
+	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+}
+func initEnvironment(rootInfo *cautils.RootInfo) {
+	if armoBEURLsDep != "" {
+		armoBEURLs = armoBEURLsDep
+	}
+	urlSlices := strings.Split(armoBEURLs, ",")
+	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
+	}
+	switch len(urlSlices) {
+	case 1:
+		switch urlSlices[0] {
+		case "dev", "development":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+		case "stage", "staging":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+		case "":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+		default:
+			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+		}
+	case 2:
+		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+	case 3, 4:
+		var armoAUTHURL string
+		armoERURL := urlSlices[0] // mandatory
+		armoBEURL := urlSlices[1] // mandatory
+		armoFEURL := urlSlices[2] // mandatory
+		if len(urlSlices) <= 4 {
+			armoAUTHURL = urlSlices[3]
+		}
+		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+	}
+}
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -0,0 +1,123 @@
+package scan
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/meta"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/spf13/cobra"
+)
+
+var (
+	controlExample = `
+  # Scan the 'privileged container' control
+  kubescape scan control "privileged container"
+	
+  # Scan list of controls separated with a comma
+  kubescape scan control "privileged container","allowed hostpath"
+  
+  # Scan list of controls using the control ID separated with a comma
+  kubescape scan control C-0058,C-0057
+  
+  Run 'kubescape list controls' for the list of supported controls
+  
+  Control documentation:
+  https://hub.armo.cloud/docs/controls
+`
+)
+
+// controlCmd represents the control command
+func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
+	return &cobra.Command{
+		Use:     "control <control names list>/<control ids list>",
+		Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
+		Example: controlExample,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				controls := strings.Split(args[0], ",")
+				if len(controls) > 1 {
+					for _, control := range controls {
+						if control == "" {
+							return fmt.Errorf("usage: <control-0>,<control-1>")
+						}
+					}
+				}
+			} else {
+				return fmt.Errorf("requires at least one control name")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			// flagValidationControl(scanInfo)
+			scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
+
+			if len(args) == 0 {
+				scanInfo.ScanAll = true
+			} else { // expected control or list of control sepparated by ","
+
+				// Read controls from input args
+				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), reporthandling.KindControl)
+
+				if len(args) > 1 {
+					if len(args[1:]) == 0 || args[1] != "-" {
+						scanInfo.InputPatterns = args[1:]
+					} else { // store stdin to file - do NOT move to separate function !!
+						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
+						if err != nil {
+							return err
+						}
+						defer os.Remove(tempFile.Name())
+
+						if _, err := io.Copy(tempFile, os.Stdin); err != nil {
+							return err
+						}
+						scanInfo.InputPatterns = []string{tempFile.Name()}
+					}
+				}
+			}
+
+			scanInfo.FrameworkScan = false
+
+			results, err := ks.Scan(scanInfo)
+			if err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			results.HandleResults()
+			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
+				return fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", results.GetRiskScore(), scanInfo.FailThreshold)
+			}
+			return nil
+		},
+	}
+}
+
+// func flagValidationControl() {
+// 	if 100 < scanInfo.FailThreshold {
+// 		logger.L().Fatal("bad argument: out of range threshold")
+// 	}
+// }
+
+// func setScanForFirstControl(scanInfo, controls []string) []reporthandling.PolicyIdentifier {
+// 	newPolicy := reporthandling.PolicyIdentifier{}
+// 	newPolicy.Kind = reporthandling.KindControl
+// 	newPolicy.Name = controls[0]
+// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+// 	return scanInfo.PolicyIdentifier
+// }
+
+// func SetScanForGivenControls(scanInfo, controls []string) []reporthandling.PolicyIdentifier {
+// 	for _, control := range controls {
+// 		control := strings.TrimLeft(control, " ")
+// 		newPolicy := reporthandling.PolicyIdentifier{}
+// 		newPolicy.Kind = reporthandling.KindControl
+// 		newPolicy.Name = control
+// 		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+// 	}
+// 	return scanInfo.PolicyIdentifier
+// }
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -0,0 +1,130 @@
+package scan
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/meta"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/spf13/cobra"
+)
+
+var (
+	frameworkExample = `
+  # Scan all frameworks and submit the results
+  kubescape scan framework all --submit
+  
+  # Scan the NSA framework
+  kubescape scan framework nsa
+  
+  # Scan the NSA and MITRE framework
+  kubescape scan framework nsa,mitre
+  
+  # Scan all frameworks
+  kubescape scan framework all
+
+  # Scan kubernetes YAML manifest files
+  kubescape scan framework nsa *.yaml
+
+  Run 'kubescape list frameworks' for the list of supported frameworks
+`
+)
+
+func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
+
+	return &cobra.Command{
+		Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
+		Short:   "The framework you wish to use. Run 'kubescape list frameworks' for the list of supported frameworks",
+		Example: frameworkExample,
+		Long:    "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				frameworks := strings.Split(args[0], ",")
+				if len(frameworks) > 1 {
+					for _, framework := range frameworks {
+						if framework == "" {
+							return fmt.Errorf("usage: <framework-0>,<framework-1>")
+						}
+					}
+				}
+			} else {
+				return fmt.Errorf("requires at least one framework name")
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			flagValidationFramework(scanInfo)
+			scanInfo.FrameworkScan = true
+
+			var frameworks []string
+
+			if len(args) == 0 { // scan all frameworks
+				scanInfo.ScanAll = true
+			} else {
+				// Read frameworks from input args
+				frameworks = strings.Split(args[0], ",")
+				if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
+					scanInfo.ScanAll = true
+					frameworks = []string{}
+				}
+				if len(args) > 1 {
+					if len(args[1:]) == 0 || args[1] != "-" {
+						scanInfo.InputPatterns = args[1:]
+					} else { // store stdin to file - do NOT move to separate function !!
+						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
+						if err != nil {
+							return err
+						}
+						defer os.Remove(tempFile.Name())
+
+						if _, err := io.Copy(tempFile, os.Stdin); err != nil {
+							return err
+						}
+						scanInfo.InputPatterns = []string{tempFile.Name()}
+					}
+				}
+			}
+			scanInfo.FrameworkScan = true
+
+			scanInfo.SetPolicyIdentifiers(frameworks, reporthandling.KindFramework)
+
+			results, err := ks.Scan(scanInfo)
+			if err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			results.HandleResults()
+			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
+				return fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", results.GetRiskScore(), scanInfo.FailThreshold)
+			}
+			return nil
+		},
+	}
+}
+
+// func init() {
+// 	scanCmd.AddCommand(frameworkCmd)
+// 	scanInfo = cautils.ScanInfo{}
+
+// }
+
+// func SetScanForFirstFramework(frameworks []string) []reporthandling.PolicyIdentifier {
+// 	newPolicy := reporthandling.PolicyIdentifier{}
+// 	newPolicy.Kind = reporthandling.KindFramework
+// 	newPolicy.Name = frameworks[0]
+// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+// 	return scanInfo.PolicyIdentifier
+// }
+
+func flagValidationFramework(scanInfo *cautils.ScanInfo) {
+	if scanInfo.Submit && scanInfo.Local {
+		logger.L().Fatal("you can use `keep-local` or `submit`, but not both")
+	}
+	if 100 < scanInfo.FailThreshold {
+		logger.L().Fatal("bad argument: out of range threshold")
+	}
+}
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -0,0 +1,99 @@
+package scan
+
+import (
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/core/meta"
+	"github.com/spf13/cobra"
+)
+
+var scanCmdExamples = `
+  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defind frameworks 
+  
+  # Scan current cluster with all frameworks
+  kubescape scan --submit --enable-host-scan
+
+  # Scan kubernetes YAML manifest files
+  kubescape scan *.yaml
+
+  # Scan and save the results in the JSON format
+  kubescape scan --format json --output results.json
+
+  # Display all resources
+  kubescape scan --verbose
+
+  # Scan different clusters from the kubectl context 
+  kubescape scan --kube-context <kubernetes context>
+  
+`
+
+func GetScanCommand(ks meta.IKubescape) *cobra.Command {
+	var scanInfo cautils.ScanInfo
+
+	// scanCmd represents the scan command
+	scanCmd := &cobra.Command{
+		Use:     "scan",
+		Short:   "Scan the current running cluster or yaml files",
+		Long:    `The action you want to perform`,
+		Example: scanCmdExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				if args[0] != "framework" && args[0] != "control" {
+					scanInfo.ScanAll = true
+					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{"all"}, args...))
+				}
+			}
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if len(args) == 0 {
+				scanInfo.ScanAll = true
+				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{"all"})
+			}
+			return nil
+		},
+		PreRun: func(cmd *cobra.Command, args []string) {
+			k8sinterface.SetClusterContextName(scanInfo.KubeContext)
+		},
+		PostRun: func(cmd *cobra.Command, args []string) {
+			// TODO - revert context
+		},
+	}
+
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Account, "account", "", "", "ARMO portal account ID. Default will load account ID from configMap or config file")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Recommended: kube-system,kube-public")
+	scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer","json","junit","prometheus","pdf"`)
+	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to ARMO backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
+	scanCmd.PersistentFlags().BoolVar(&scanInfo.VerboseMode, "verbose", false, "Display all of the input resources and not only failed resources")
+	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
+	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to ARMO management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host sensor DaemonSet. Use this flag cautiously")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+
+	// Deprecated flags - remove 1.May.2022
+	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")
+
+	// hidden flags
+	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes
+	scanCmd.PersistentFlags().MarkHidden("silent")         // this flag should be deprecated since we added the --logger support
+	// scanCmd.PersistentFlags().MarkHidden("format-version") // meant for testing different output approaches and not for common use
+
+	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://raw.githubusercontent.com/armosec/kubescape/master/hostsensorutils/hostsensor.yaml")
+	hostF.NoOptDefVal = "true"
+	hostF.DefValue = "false, for no TTY in stdin"
+
+	scanCmd.AddCommand(getControlCmd(ks, &scanInfo))
+	scanCmd.AddCommand(getFrameworkCmd(ks, &scanInfo))
+
+	return scanCmd
+}
--- a/cmd/submit/exceptions.go
+++ b/cmd/submit/exceptions.go
@@ -0,0 +1,29 @@
+package submit
+
+import (
+	"fmt"
+
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/core/meta"
+	metav1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:   "exceptions <full path to exceptins file>",
+		Short: "Submit exceptions to the Kubescape SaaS version",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing full path to exceptions file")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.SubmitExceptions(submitInfo.Account, args[0]); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/submit/rbac.go
+++ b/cmd/submit/rbac.go
@@ -0,0 +1,68 @@
+package submit
+
+import (
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/core/meta"
+	"github.com/armosec/kubescape/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+
+	reporterv1 "github.com/armosec/kubescape/core/pkg/resultshandling/reporter/v1"
+
+	"github.com/armosec/rbac-utils/rbacscanner"
+	"github.com/spf13/cobra"
+)
+
+// getRBACCmd represents the RBAC command
+func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:   "rbac \nExample:\n$ kubescape submit rbac",
+		Short: "Submit cluster's Role-Based Access Control(RBAC)",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			k8s := k8sinterface.NewKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			// list RBAC
+			rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetClusterName()))
+
+			// submit resources
+			r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: rbacObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+
+}
+
+// getKubernetesApi
+func getKubernetesApi() *k8sinterface.KubernetesApi {
+	if !k8sinterface.IsConnectedToCluster() {
+		return nil
+	}
+	return k8sinterface.NewKubernetesApi()
+}
+func getTenantConfig(Account, clusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
+		return cautils.NewLocalConfig(getter.GetArmoAPIConnector(), Account, clusterName)
+	}
+	return cautils.NewClusterConfig(k8s, getter.GetArmoAPIConnector(), Account, clusterName)
+}
--- a/cmd/submit/results.go
+++ b/cmd/submit/results.go
@@ -0,0 +1,119 @@
+package submit
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/core/meta"
+	"github.com/armosec/kubescape/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/armosec/kubescape/core/pkg/resultshandling/reporter"
+	reporterv1 "github.com/armosec/kubescape/core/pkg/resultshandling/reporter/v1"
+	reporterv2 "github.com/armosec/kubescape/core/pkg/resultshandling/reporter/v2"
+
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/google/uuid"
+	"github.com/spf13/cobra"
+)
+
+var formatVersion string
+
+type ResultsObject struct {
+	filePath     string
+	customerGUID string
+	clusterName  string
+}
+
+func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
+	return &ResultsObject{
+		filePath:     filePath,
+		customerGUID: customerGUID,
+		clusterName:  clusterName,
+	}
+}
+
+func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandling.PostureReport, error) {
+	// load framework results from json file
+	frameworkReports, err := loadResultsFromFile(resultsObject.filePath)
+	if err != nil {
+		return nil, err
+	}
+	return &reporthandling.PostureReport{
+		FrameworkReports:     frameworkReports,
+		ReportID:             uuid.NewString(),
+		ReportGenerationTime: time.Now().UTC(),
+		CustomerGUID:         resultsObject.customerGUID,
+		ClusterName:          resultsObject.clusterName,
+	}, nil
+}
+
+func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
+	return map[string]workloadinterface.IMetadata{}, nil
+}
+
+func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	var resultsCmd = &cobra.Command{
+		Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json --format-version v2",
+		Short: "Submit a pre scanned results file. The file must be in json format",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				return fmt.Errorf("missing results file")
+			}
+
+			k8s := getKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(submitInfo.Account, "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetClusterName(), args[0])
+
+			// submit resources
+			var r reporter.IReport
+			switch formatVersion {
+			case "v2":
+				r = reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj(), "")
+			default:
+				logger.L().Warning("Deprecated results version. run with '--format-version' flag", helpers.String("your version", formatVersion), helpers.String("latest version", "v2"))
+				r = reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+			}
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: resultsObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+
+	return resultsCmd
+}
+func loadResultsFromFile(filePath string) ([]reporthandling.FrameworkReport, error) {
+	frameworkReports := []reporthandling.FrameworkReport{}
+	f, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, err
+	}
+	if err = json.Unmarshal(f, &frameworkReports); err != nil {
+		frameworkReport := reporthandling.FrameworkReport{}
+		if err = json.Unmarshal(f, &frameworkReport); err != nil {
+			return frameworkReports, err
+		}
+		frameworkReports = append(frameworkReports, frameworkReport)
+	}
+	return frameworkReports, nil
+}
--- a/cmd/submit/submit.go
+++ b/cmd/submit/submit.go
@@ -0,0 +1,30 @@
+package submit
+
+import (
+	"github.com/armosec/kubescape/core/meta"
+	metav1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var submitCmdExamples = `
+
+`
+
+func GetSubmitCmd(ks meta.IKubescape) *cobra.Command {
+	var submitInfo metav1.Submit
+
+	submitCmd := &cobra.Command{
+		Use:   "submit <command>",
+		Short: "Submit an object to the Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
+
+	submitCmd.AddCommand(getExceptionsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getResultsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getRBACCmd(ks, &submitInfo))
+
+	return submitCmd
+}
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@@ -0,0 +1,24 @@
+package version
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/armosec/kubescape/cautils"
+	"github.com/spf13/cobra"
+)
+
+func GetVersionCmd() *cobra.Command {
+	versionCmd := &cobra.Command{
+		Use:   "version",
+		Short: "Get current version",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+			v := cautils.NewIVersionCheckHandler()
+			v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
+			fmt.Fprintln(os.Stdout, "Your current version is: "+cautils.BuildNumber)
+			return nil
+		},
+	}
+	return versionCmd
+}
--- a/core/README.md
+++ b/core/README.md
@@ -0,0 +1 @@
+# Kubescape core package
--- a/core/core/cachedconfig.go
+++ b/core/core/cachedconfig.go
@@ -0,0 +1,37 @@
+package core
+
+import (
+	"fmt"
+
+	metav1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+)
+
+func (ks *Kubescape) SetCachedConfig(setConfig *metav1.SetConfig) error {
+
+	tenant := getTenantConfig("", "", getKubernetesApi())
+
+	if setConfig.Account != "" {
+		tenant.GetConfigObj().AccountID = setConfig.Account
+	}
+	if setConfig.SecretKey != "" {
+		tenant.GetConfigObj().SecretKey = setConfig.SecretKey
+	}
+	if setConfig.ClientID != "" {
+		tenant.GetConfigObj().ClientID = setConfig.ClientID
+	}
+
+	return tenant.UpdateCachedConfig()
+}
+
+// View cached configurations
+func (ks *Kubescape) ViewCachedConfig(viewConfig *metav1.ViewConfig) error {
+	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
+	fmt.Fprintf(viewConfig.Writer, "%s\n", tenant.GetConfigObj().Config())
+	return nil
+}
+
+func (ks *Kubescape) DeleteCachedConfig(deleteConfig *metav1.DeleteConfig) error {
+
+	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
+	return tenant.DeleteCachedConfig()
+}
--- a/core/core/delete.go
+++ b/core/core/delete.go
@@ -0,0 +1,36 @@
+package core
+
+import (
+	"fmt"
+
+	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/cautils/logger/helpers"
+	v1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+)
+
+func (ks *Kubescape) DeleteExceptions(delExceptions *v1.DeleteExceptions) error {
+
+	// load cached config
+	getTenantConfig(delExceptions.Account, "", getKubernetesApi())
+
+	// login kubescape SaaS
+	armoAPI := getter.GetArmoAPIConnector()
+	if err := armoAPI.Login(); err != nil {
+		return err
+	}
+
+	for i := range delExceptions.Exceptions {
+		exceptionName := delExceptions.Exceptions[i]
+		if exceptionName == "" {
+			continue
+		}
+		logger.L().Info("Deleting exception", helpers.String("name", exceptionName))
+		if err := armoAPI.DeleteException(exceptionName); err != nil {
+			return fmt.Errorf("failed to delete exception '%s', reason: %s", exceptionName, err.Error())
+		}
+		logger.L().Success("Exception deleted successfully")
+	}
+
+	return nil
+}
--- a/clihandler/clidownload.go
+++ b/clihandler/clidownload.go
@@ -1,4 +1,4 @@
-package clihandler
+package core

 import (
 	"fmt"
@@ -6,13 +6,13 @@ import (
 	"strings"

 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/getter"
 	"github.com/armosec/kubescape/cautils/logger"
 	"github.com/armosec/kubescape/cautils/logger/helpers"
+	metav1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
 )

-var downloadFunc = map[string]func(*cautils.DownloadInfo) error{
+var downloadFunc = map[string]func(*metav1.DownloadInfo) error{
 	"controls-inputs": downloadConfigInputs,
 	"exceptions":      downloadExceptions,
 	"control":         downloadControl,
@@ -28,7 +28,7 @@ func DownloadSupportCommands() []string {
 	return commands
 }

-func CliDownload(downloadInfo *cautils.DownloadInfo) error {
+func (ks *Kubescape) Download(downloadInfo *metav1.DownloadInfo) error {
 	setPathandFilename(downloadInfo)
 	if err := downloadArtifact(downloadInfo, downloadFunc); err != nil {
 		return err
@@ -36,7 +36,7 @@ func CliDownload(downloadInfo *cautils.DownloadInfo) error {
 	return nil
 }

-func downloadArtifact(downloadInfo *cautils.DownloadInfo, downloadArtifactFunc map[string]func(*cautils.DownloadInfo) error) error {
+func downloadArtifact(downloadInfo *metav1.DownloadInfo, downloadArtifactFunc map[string]func(*metav1.DownloadInfo) error) error {
 	if f, ok := downloadArtifactFunc[downloadInfo.Target]; ok {
 		if err := f(downloadInfo); err != nil {
 			return err
@@ -46,7 +46,7 @@ func downloadArtifact(downloadInfo *cautils.DownloadInfo, downloadArtifactFunc m
 	return fmt.Errorf("unknown command to download")
 }

-func setPathandFilename(downloadInfo *cautils.DownloadInfo) {
+func setPathandFilename(downloadInfo *metav1.DownloadInfo) {
 	if downloadInfo.Path == "" {
 		downloadInfo.Path = getter.GetDefaultPath("")
 	} else {
@@ -60,22 +60,22 @@ func setPathandFilename(downloadInfo *cautils.DownloadInfo) {
 	}
 }

-func downloadArtifacts(downloadInfo *cautils.DownloadInfo) error {
+func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error {
 	downloadInfo.FileName = ""
-	var artifacts = map[string]func(*cautils.DownloadInfo) error{
+	var artifacts = map[string]func(*metav1.DownloadInfo) error{
 		"controls-inputs": downloadConfigInputs,
 		"exceptions":      downloadExceptions,
 		"framework":       downloadFramework,
 	}
 	for artifact := range artifacts {
-		if err := downloadArtifact(&cautils.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
+		if err := downloadArtifact(&metav1.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
 			logger.L().Error("error downloading", helpers.String("artifact", artifact), helpers.Error(err))
 		}
 	}
 	return nil
 }

-func downloadConfigInputs(downloadInfo *cautils.DownloadInfo) error {
+func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())

 	controlsInputsGetter := getConfigInputsGetter(downloadInfo.Name, tenant.GetAccountID(), nil)
@@ -95,7 +95,7 @@ func downloadConfigInputs(downloadInfo *cautils.DownloadInfo) error {
 	return nil
 }

-func downloadExceptions(downloadInfo *cautils.DownloadInfo) error {
+func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 	var err error
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())

@@ -119,7 +119,7 @@ func downloadExceptions(downloadInfo *cautils.DownloadInfo) error {
 	return nil
 }

-func downloadFramework(downloadInfo *cautils.DownloadInfo) error {
+func downloadFramework(downloadInfo *metav1.DownloadInfo) error {

 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())

@@ -158,7 +158,7 @@ func downloadFramework(downloadInfo *cautils.DownloadInfo) error {
 	return nil
 }

-func downloadControl(downloadInfo *cautils.DownloadInfo) error {
+func downloadControl(downloadInfo *metav1.DownloadInfo) error {

 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())

--- a/clihandler/initcliutils.go
+++ b/clihandler/initcliutils.go
@@ -1,4 +1,4 @@
-package clihandler
+package core

 import (
 	"fmt"
@@ -9,11 +9,10 @@ import (
 	"github.com/armosec/kubescape/cautils/getter"
 	"github.com/armosec/kubescape/cautils/logger"
 	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/hostsensorutils"
-	"github.com/armosec/kubescape/resourcehandler"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
+	"github.com/armosec/kubescape/core/pkg/hostsensorutils"
+	"github.com/armosec/kubescape/core/pkg/resourcehandler"
+	"github.com/armosec/kubescape/core/pkg/resultshandling/reporter"
+	reporterv2 "github.com/armosec/kubescape/core/pkg/resultshandling/reporter/v2"

 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/rbac-utils/rbacscanner"
@@ -49,12 +48,22 @@ func getRBACHandler(tenantConfig cautils.ITenantConfig, k8s *k8sinterface.Kubern
 	return nil
 }

-func getReporter(tenantConfig cautils.ITenantConfig, submit bool) reporter.IReport {
-	if submit {
-		// return reporterv1.NewReportEventReceiver(tenantConfig.GetConfigObj())
-		return reporterv2.NewReportEventReceiver(tenantConfig.GetConfigObj())
+func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fwScan, clusterScan bool) reporter.IReport {
+	if submit && clusterScan {
+		return reporterv2.NewReportEventReceiver(tenantConfig.GetConfigObj(), reportID)
 	}
-	return reporterv1.NewReportMock()
+	if tenantConfig.GetAccountID() == "" && fwScan && clusterScan {
+		// Add link only when scanning a cluster using a framework
+		return reporterv2.NewReportMock(reporterv2.NO_SUBMIT_QUERY, "run kubescape with the '--submit' flag")
+	}
+	var message string
+	if !fwScan {
+		message = "Kubescape does not submit scan results when scanning controls"
+	}
+	if !clusterScan {
+		message = "Kubescape will submit scan results only when scanning a cluster (not YAML files)"
+	}
+	return reporterv2.NewReportMock("", message)
 }

 func getResourceHandler(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig, k8s *k8sinterface.KubernetesApi, hostSensorHandler hostsensorutils.IHostSensor, registryAdaptors *resourcehandler.RegistryAdaptors) resourcehandler.IResourceHandler {
@@ -74,12 +83,12 @@ func getHostSensorHandler(scanInfo *cautils.ScanInfo, k8s *k8sinterface.Kubernet

 	hasHostSensorControls := true
 	// we need to determined which controls needs host sensor
-	if scanInfo.HostSensor.Get() == nil && hasHostSensorControls {
-		scanInfo.HostSensor.SetBool(askUserForHostSensor())
+	if scanInfo.HostSensorEnabled.Get() == nil && hasHostSensorControls {
+		scanInfo.HostSensorEnabled.SetBool(false) // default - do not run host scanner
 		logger.L().Warning("Kubernetes cluster nodes scanning is disabled. This is required to collect valuable data for certain controls. You can enable it using  the --enable-host-scan flag")
 	}
-	if hostSensorVal := scanInfo.HostSensor.Get(); hostSensorVal != nil && *hostSensorVal {
-		hostSensorHandler, err := hostsensorutils.NewHostSensorHandler(k8s)
+	if hostSensorVal := scanInfo.HostSensorEnabled.Get(); hostSensorVal != nil && *hostSensorVal {
+		hostSensorHandler, err := hostsensorutils.NewHostSensorHandler(k8s, scanInfo.HostSensorYamlPath)
 		if err != nil {
 			logger.L().Warning(fmt.Sprintf("failed to create host sensor: %s", err.Error()))
 			return &hostsensorutils.HostSensorHandlerMock{}
@@ -113,7 +122,7 @@ func policyIdentifierNames(pi []reporthandling.PolicyIdentifier) string {
 	return policiesNames
 }

-// setSubmitBehavior - Setup the desired cluster behavior regarding submittion to the Armo BE
+// setSubmitBehavior - Setup the desired cluster behavior regarding submitting to the Armo BE
 func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig) {

 	/*
@@ -139,14 +148,8 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC
 			// Submit report
 			scanInfo.Submit = true
 		}
-	} else { // config not found in cache (not submitted)
-		if scanInfo.Submit {
-			// submit - Create tenant & Submit report
-			if err := tenantConfig.SetTenant(); err != nil {
-				logger.L().Error(err.Error())
-			}
-		}
 	}
+
 }

 // setPolicyGetter set the policy getter - local file/github release/ArmoAPI
--- a/core/core/kscore.go
+++ b/core/core/kscore.go
@@ -0,0 +1,7 @@
+package core
+
+type Kubescape struct{}
+
+func NewKubescape() *Kubescape {
+	return &Kubescape{}
+}
--- a/clihandler/clilist.go
+++ b/clihandler/clilist.go
@@ -1,4 +1,4 @@
-package clihandler
+package core

 import (
 	"encoding/json"
@@ -7,27 +7,28 @@ import (
 	"strings"

 	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
+	metav1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
 )

-var listFunc = map[string]func(*cliobjects.ListPolicies) ([]string, error){
+var listFunc = map[string]func(*metav1.ListPolicies) ([]string, error){
 	"controls":   listControls,
 	"frameworks": listFrameworks,
+	"exceptions": listExceptions,
 }

-var listFormatFunc = map[string]func(*cliobjects.ListPolicies, []string){
+var listFormatFunc = map[string]func(*metav1.ListPolicies, []string){
 	"pretty-print": prettyPrintListFormat,
 	"json":         jsonListFormat,
 }

-func ListSupportCommands() []string {
+func ListSupportActions() []string {
 	commands := []string{}
 	for k := range listFunc {
 		commands = append(commands, k)
 	}
 	return commands
 }
-func CliList(listPolicies *cliobjects.ListPolicies) error {
+func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {
 	if f, ok := listFunc[listPolicies.Target]; ok {
 		policies, err := f(listPolicies)
 		if err != nil {
@@ -42,14 +43,14 @@ func CliList(listPolicies *cliobjects.ListPolicies) error {
 	return fmt.Errorf("unknown command to download")
 }

-func listFrameworks(listPolicies *cliobjects.ListPolicies) ([]string, error) {
+func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
 	g := getPolicyGetter(nil, tenant.GetAccountID(), true, nil)

 	return listFrameworksNames(g), nil
 }

-func listControls(listPolicies *cliobjects.ListPolicies) ([]string, error) {
+func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface

 	g := getPolicyGetter(nil, tenant.GetAccountID(), false, nil)
@@ -60,16 +61,28 @@ func listControls(listPolicies *cliobjects.ListPolicies) ([]string, error) {
 	return g.ListControls(l)
 }

-func prettyPrintListFormat(listPolicies *cliobjects.ListPolicies, policies []string) {
-	sep := "\n  * "
-	usageCmd := strings.TrimSuffix(listPolicies.Target, "s")
-	fmt.Printf("Supported %s:%s%s\n", listPolicies.Target, sep, strings.Join(policies, sep))
-	fmt.Printf("\nUsage:\n")
-	fmt.Printf("$ kubescape scan %s \"name\"\n", usageCmd)
-	fmt.Printf("$ kubescape scan %s \"name-0\",\"name-1\"\n\n", usageCmd)
+func listExceptions(listPolicies *metav1.ListPolicies) ([]string, error) {
+	// load tenant metav1
+	getTenantConfig(listPolicies.Account, "", getKubernetesApi())
+
+	var exceptionsNames []string
+	armoAPI := getExceptionsGetter("")
+	exceptions, err := armoAPI.GetExceptions("")
+	if err != nil {
+		return exceptionsNames, err
+	}
+	for i := range exceptions {
+		exceptionsNames = append(exceptionsNames, exceptions[i].Name)
+	}
+	return exceptionsNames, nil
 }

-func jsonListFormat(listPolicies *cliobjects.ListPolicies, policies []string) {
+func prettyPrintListFormat(listPolicies *metav1.ListPolicies, policies []string) {
+	sep := "\n  * "
+	fmt.Printf("Supported %s:%s%s\n", listPolicies.Target, sep, strings.Join(policies, sep))
+}
+
+func jsonListFormat(listPolicies *metav1.ListPolicies, policies []string) {
 	j, _ := json.MarshalIndent(policies, "", "  ")
 	fmt.Printf("%s\n", j)
 }
--- a/clihandler/initcli.go
+++ b/clihandler/initcli.go
@@ -1,26 +1,25 @@
-package clihandler
+package core

 import (
 	"fmt"
-	"io/fs"
-	"os"

 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/resultshandling/printer"

 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/getter"
 	"github.com/armosec/kubescape/cautils/logger"
 	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/hostsensorutils"
-	"github.com/armosec/kubescape/opaprocessor"
-	"github.com/armosec/kubescape/policyhandler"
-	"github.com/armosec/kubescape/resourcehandler"
-	"github.com/armosec/kubescape/resultshandling"
-	"github.com/armosec/kubescape/resultshandling/reporter"
+	"github.com/armosec/kubescape/core/pkg/hostsensorutils"
+	"github.com/armosec/kubescape/core/pkg/opaprocessor"
+	"github.com/armosec/kubescape/core/pkg/policyhandler"
+	"github.com/armosec/kubescape/core/pkg/resourcehandler"
+	"github.com/armosec/kubescape/core/pkg/resultshandling"
+	"github.com/armosec/kubescape/core/pkg/resultshandling/printer"
+	"github.com/armosec/kubescape/core/pkg/resultshandling/reporter"
+
 	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/mattn/go-isatty"
+	"github.com/armosec/opa-utils/resources"
 )

 type componentInterfaces struct {
@@ -49,6 +48,13 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// Set submit behavior AFTER loading tenant config
 	setSubmitBehavior(scanInfo, tenantConfig)

+	if scanInfo.Submit {
+		// submit - Create tenant & Submit report
+		if err := tenantConfig.SetTenant(); err != nil {
+			logger.L().Error(err.Error())
+		}
+	}
+
 	// ================== version testing ======================================

 	v := cautils.NewIVersionCheckHandler()
@@ -80,10 +86,10 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// ================== setup reporter & printer objects ======================================

 	// reporting behavior - setup reporter
-	reportHandler := getReporter(tenantConfig, scanInfo.Submit)
+	reportHandler := getReporter(tenantConfig, scanInfo.ReportID, scanInfo.Submit, scanInfo.FrameworkScan, len(scanInfo.InputPatterns) == 0)

 	// setup printer
-	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.VerboseMode)
+	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.FormatVersion, scanInfo.VerboseMode)
 	printerHandler.SetWriter(scanInfo.Output)

 	// ================== return interface ======================================
@@ -97,14 +103,13 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	}
 }

-func ScanCliSetup(scanInfo *cautils.ScanInfo) error {
+func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
 	logger.L().Info("ARMO security scanner starting")

-	interfaces := getInterfaces(scanInfo)
-	// setPolicyGetter(scanInfo, interfaces.clusterConfig.GetCustomerGUID())
+	// ===================== Initialization =====================
+	scanInfo.Init() // initialize scan info

-	processNotification := make(chan *cautils.OPASessionObj)
-	reportResults := make(chan *cautils.OPASessionObj)
+	interfaces := getInterfaces(scanInfo)

 	cautils.ClusterName = interfaces.tenantConfig.GetClusterName() // TODO - Deprecated
 	cautils.CustomerGUID = interfaces.tenantConfig.GetAccountID()  // TODO - Deprecated
@@ -123,43 +128,42 @@ func ScanCliSetup(scanInfo *cautils.ScanInfo) error {
 		scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), reporthandling.KindFramework)
 	}

-	//
+	// remove host scanner components
 	defer func() {
 		if err := interfaces.hostSensorHandler.TearDown(); err != nil {
 			logger.L().Error("failed to tear down host sensor", helpers.Error(err))
 		}
 	}()

-	// cli handler setup
-	go func() {
-		// policy handler setup
-		policyHandler := policyhandler.NewPolicyHandler(&processNotification, interfaces.resourceHandler)
+	resultsHandling := resultshandling.NewResultsHandler(interfaces.report, interfaces.printerHandler)

-		if err := Scan(policyHandler, scanInfo); err != nil {
-			logger.L().Fatal(err.Error())
-		}
-	}()
-
-	// processor setup - rego run
-	go func() {
-		opaprocessorObj := opaprocessor.NewOPAProcessorHandler(&processNotification, &reportResults)
-		opaprocessorObj.ProcessRulesListenner()
-	}()
-
-	resultsHandling := resultshandling.NewResultsHandler(&reportResults, interfaces.report, interfaces.printerHandler)
-	score := resultsHandling.HandleResults(scanInfo)
-
-	// print report url
-	interfaces.report.DisplayReportURL()
-
-	if score > float32(scanInfo.FailThreshold) {
-		return fmt.Errorf("scan risk-score %.2f is above permitted threshold %d", score, scanInfo.FailThreshold)
+	// ===================== policies & resources =====================
+	policyHandler := policyhandler.NewPolicyHandler(interfaces.resourceHandler)
+	scanData, err := collectResources(policyHandler, scanInfo)
+	if err != nil {
+		return resultsHandling, err
 	}

-	return nil
+	// ========================= opa testing =====================
+	deps := resources.NewRegoDependenciesData(k8sinterface.GetK8sConfig(), interfaces.tenantConfig.GetClusterName())
+	reportResults := opaprocessor.NewOPAProcessor(scanData, deps)
+	if err := reportResults.ProcessRulesListenner(); err != nil {
+		// TODO - do something
+		return resultsHandling, err
+	}
+
+	// ========================= results handling =====================
+	resultsHandling.SetData(scanData)
+
+	// if resultsHandling.GetRiskScore() > float32(scanInfo.FailThreshold) {
+	// 	return resultsHandling, fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", resultsHandling.GetRiskScore(), scanInfo.FailThreshold)
+	// }
+
+	return resultsHandling, nil
 }

-func Scan(policyHandler *policyhandler.PolicyHandler, scanInfo *cautils.ScanInfo) error {
+// TODO - remove function
+func collectResources(policyHandler *policyhandler.PolicyHandler, scanInfo *cautils.ScanInfo) (*cautils.OPASessionObj, error) {
 	policyNotification := &reporthandling.PolicyNotification{
 		Rules: scanInfo.PolicyIdentifier,
 		KubescapeNotification: reporthandling.KubescapeNotification{
@@ -169,34 +173,35 @@ func Scan(policyHandler *policyhandler.PolicyHandler, scanInfo *cautils.ScanInfo
 	}
 	switch policyNotification.KubescapeNotification.NotificationType {
 	case reporthandling.TypeExecPostureScan:
-		if err := policyHandler.HandleNotificationRequest(policyNotification, scanInfo); err != nil {
-			return err
+		collectedResources, err := policyHandler.CollectResources(policyNotification, scanInfo)
+		if err != nil {
+			return nil, err
 		}
+		return collectedResources, nil

 	default:
-		return fmt.Errorf("notification type '%s' Unknown", policyNotification.KubescapeNotification.NotificationType)
+		return nil, fmt.Errorf("notification type '%s' Unknown", policyNotification.KubescapeNotification.NotificationType)
 	}
-	return nil
 }

-func askUserForHostSensor() bool {
-	return false
+// func askUserForHostSensor() bool {
+// 	return false

-	if !isatty.IsTerminal(os.Stdin.Fd()) {
-		return false
-	}
-	if ssss, err := os.Stdin.Stat(); err == nil {
-		// fmt.Printf("Found stdin type: %s\n", ssss.Mode().Type())
-		if ssss.Mode().Type()&(fs.ModeDevice|fs.ModeCharDevice) > 0 { //has TTY
-			fmt.Fprintf(os.Stderr, "Would you like to scan K8s nodes? [y/N]. This is required to collect valuable data for certain controls\n")
-			fmt.Fprintf(os.Stderr, "Use --enable-host-scan flag to suppress this message\n")
-			var b []byte = make([]byte, 1)
-			if n, err := os.Stdin.Read(b); err == nil {
-				if n > 0 && len(b) > 0 && (b[0] == 'y' || b[0] == 'Y') {
-					return true
-				}
-			}
-		}
-	}
-	return false
-}
+// 	if !isatty.IsTerminal(os.Stdin.Fd()) {
+// 		return false
+// 	}
+// 	if ssss, err := os.Stdin.Stat(); err == nil {
+// 		// fmt.Printf("Found stdin type: %s\n", ssss.Mode().Type())
+// 		if ssss.Mode().Type()&(fs.ModeDevice|fs.ModeCharDevice) > 0 { //has TTY
+// 			fmt.Fprintf(os.Stderr, "Would you like to scan K8s nodes? [y/N]. This is required to collect valuable data for certain controls\n")
+// 			fmt.Fprintf(os.Stderr, "Use --enable-host-scan flag to suppress this message\n")
+// 			var b []byte = make([]byte, 1)
+// 			if n, err := os.Stdin.Read(b); err == nil {
+// 				if n > 0 && len(b) > 0 && (b[0] == 'y' || b[0] == 'Y') {
+// 					return true
+// 				}
+// 			}
+// 		}
+// 	}
+// 	return false
+// }
--- a/clihandler/clisubmit.go
+++ b/clihandler/clisubmit.go
@@ -1,14 +1,14 @@
-package clihandler
+package core

 import (
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/getter"
 	"github.com/armosec/kubescape/cautils/logger"
 	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
+	"github.com/armosec/kubescape/core/meta/cliinterfaces"
 )

-func Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
+func (ks *Kubescape) Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {

 	// list resources
 	postureReport, err := submitInterfaces.SubmitObjects.SetResourcesReport()
@@ -29,7 +29,7 @@ func Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
 	return nil
 }

-func SubmitExceptions(accountID, excPath string) error {
+func (ks *Kubescape) SubmitExceptions(accountID, excPath string) error {
 	logger.L().Info("submitting exceptions", helpers.String("path", excPath))

 	// load cached config
--- a/clihandler/cliinterfaces/submit.go
+++ b/clihandler/cliinterfaces/submit.go
@@ -3,7 +3,7 @@ package cliinterfaces
 import (
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/resultshandling/reporter"
+	"github.com/armosec/kubescape/core/pkg/resultshandling/reporter"
 	"github.com/armosec/opa-utils/reporthandling"
 )

--- a/core/meta/datastructures/v1/config.go
+++ b/core/meta/datastructures/v1/config.go
@@ -0,0 +1,16 @@
+package v1
+
+import "io"
+
+type SetConfig struct {
+	Account   string
+	ClientID  string
+	SecretKey string
+}
+
+type ViewConfig struct {
+	Writer io.Writer
+}
+
+type DeleteConfig struct {
+}
--- a/core/meta/datastructures/v1/delete.go
+++ b/core/meta/datastructures/v1/delete.go
@@ -0,0 +1,6 @@
+package v1
+
+type DeleteExceptions struct {
+	Account    string
+	Exceptions []string
+}
--- a/core/meta/datastructures/v1/download.go
+++ b/core/meta/datastructures/v1/download.go
@@ -1,9 +1,9 @@
-package cautils
+package v1

 type DownloadInfo struct {
 	Path     string // directory to save artifact. Default is "~/.kubescape/"
 	FileName string // can be empty
 	Target   string // type of artifact to download
 	Name     string // name of artifact to download
-	Account  string // customerGUID
+	Account  string // AccountID
 }
--- a/core/meta/datastructures/v1/listpolicies.go
+++ b/core/meta/datastructures/v1/listpolicies.go
@@ -1,4 +1,4 @@
-package cliobjects
+package v1

 type ListPolicies struct {
 	Target  string
@@ -6,3 +6,8 @@ type ListPolicies struct {
 	Account string
 	Format  string
 }
+
+type ListResponse struct {
+	Names []string
+	IDs   []string
+}
--- a/core/meta/datastructures/v1/scan.go
+++ b/core/meta/datastructures/v1/scan.go
@@ -0,0 +1,3 @@
+package v1
+
+// Add scanInfo
--- a/core/meta/datastructures/v1/submit.go
+++ b/core/meta/datastructures/v1/submit.go
@@ -0,0 +1,9 @@
+package v1
+
+type Submit struct {
+	Account string
+}
+
+type Delete struct {
+	Account string
+}
--- a/core/meta/ksinterface.go
+++ b/core/meta/ksinterface.go
@@ -0,0 +1,28 @@
+package meta
+
+import (
+	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/core/meta/cliinterfaces"
+	metav1 "github.com/armosec/kubescape/core/meta/datastructures/v1"
+	"github.com/armosec/kubescape/core/pkg/resultshandling"
+)
+
+type IKubescape interface {
+	Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) // TODO - use scanInfo from v1
+
+	// policies
+	List(listPolicies *metav1.ListPolicies) error     // TODO - return list response
+	Download(downloadInfo *metav1.DownloadInfo) error // TODO - return downloaded policies
+
+	// submit
+	Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error // TODO - func should receive object
+	SubmitExceptions(accountID, excPath string) error             // TODO - remove
+
+	// config
+	SetCachedConfig(setConfig *metav1.SetConfig) error
+	ViewCachedConfig(viewConfig *metav1.ViewConfig) error
+	DeleteCachedConfig(deleteConfig *metav1.DeleteConfig) error
+
+	// delete
+	DeleteExceptions(deleteexceptions *metav1.DeleteExceptions) error
+}
--- a/core/pkg/containerscan/containerscan_mock.go
+++ b/core/pkg/containerscan/containerscan_mock.go
--- a/core/pkg/containerscan/containerscan_test.go
+++ b/core/pkg/containerscan/containerscan_test.go
--- a/core/pkg/containerscan/datastructures.go
+++ b/core/pkg/containerscan/datastructures.go
--- a/core/pkg/containerscan/datastructuresmethods.go
+++ b/core/pkg/containerscan/datastructuresmethods.go
--- a/core/pkg/containerscan/elasticadapters.go
+++ b/core/pkg/containerscan/elasticadapters.go
--- a/core/pkg/containerscan/elasticdatastructures.go
+++ b/core/pkg/containerscan/elasticdatastructures.go
--- a/core/pkg/containerscan/gojayunmarshaller.go
+++ b/core/pkg/containerscan/gojayunmarshaller.go
--- a/core/pkg/containerscan/jsonrawscan.go
+++ b/core/pkg/containerscan/jsonrawscan.go
--- a/core/pkg/containerscan/rawdatastrucutres.go
+++ b/core/pkg/containerscan/rawdatastrucutres.go
--- a/core/pkg/hostsensorutils/hostsensor.yaml
+++ b/core/pkg/hostsensorutils/hostsensor.yaml
@@ -2,29 +2,31 @@ apiVersion: v1
 kind: Namespace
 metadata:
  labels:
-    app: host-sensor
-    kubernetes.io/metadata.name: armo-kube-host-sensor
-    tier: armo-kube-host-sensor-control-plane
-  name: armo-kube-host-sensor
+    app: kubescape-host-scanner
+    k8s-app: kubescape-host-scanner
+    kubernetes.io/metadata.name: kubescape-host-scanner
+    tier: kubescape-host-scanner-control-plane
+  name: kubescape-host-scanner
 ---
 apiVersion: apps/v1
 kind: DaemonSet
 metadata:
-  name: host-sensor
-  namespace: armo-kube-host-sensor
+  name: host-scanner
+  namespace: kubescape-host-scanner
  labels:
-    k8s-app: armo-kube-host-sensor
+    app: host-scanner
+    k8s-app: kubescape-host-scanner
 spec:
  selector:
    matchLabels:
-      name: host-sensor
+      name: host-scanner
  template:
    metadata:
      labels:
-        name: host-sensor
+        name: host-scanner
    spec:
      tolerations:
-      # this toleration is to have the daemonset runnable on master nodes
+      # this toleration is to have the DaemonDet runnable on master nodes
      # remove it if your masters can't run pods
      - key: node-role.kubernetes.io/master
        operator: Exists
@@ -37,7 +39,7 @@ spec:
          readOnlyRootFilesystem: true
          procMount: Unmasked
        ports:
-          - name: http
+          - name: scanner # Do not change port name
            hostPort: 7888
            containerPort: 7888
            protocol: TCP
--- a/core/pkg/hostsensorutils/hostsensordeploy.go
+++ b/core/pkg/hostsensorutils/hostsensordeploy.go
@@ -2,23 +2,21 @@ package hostsensorutils

 import (
 	_ "embed"
+	"encoding/json"
 	"fmt"
-	"io"
-	"strings"
+	"os"
 	"sync"
 	"time"

 	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/logger"
 	"github.com/armosec/kubescape/cautils/logger/helpers"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"k8s.io/apimachinery/pkg/util/yaml"
 	"k8s.io/apimachinery/pkg/watch"
-	appsapplyv1 "k8s.io/client-go/applyconfigurations/apps/v1"
-	coreapplyv1 "k8s.io/client-go/applyconfigurations/core/v1"
 )

 var (
@@ -26,27 +24,36 @@ var (
 	hostSensorYAML string
 )

+const PortName string = "scanner"
+
 type HostSensorHandler struct {
-	HostSensorPort              int32
-	HostSensorPodNames          map[string]string //map from pod names to node names
-	HostSensorUnshedulePodNames map[string]string //map from pod names to node names
-	IsReady                     <-chan bool       //readonly chan
-	k8sObj                      *k8sinterface.KubernetesApi
-	DaemonSet                   *appsv1.DaemonSet
-	podListLock                 sync.RWMutex
-	gracePeriod                 int64
+	HostSensorPort                int32
+	HostSensorPodNames            map[string]string //map from pod names to node names
+	HostSensorUnscheduledPodNames map[string]string //map from pod names to node names
+	IsReady                       <-chan bool       //readonly chan
+	k8sObj                        *k8sinterface.KubernetesApi
+	DaemonSet                     *appsv1.DaemonSet
+	podListLock                   sync.RWMutex
+	gracePeriod                   int64
 }

-func NewHostSensorHandler(k8sObj *k8sinterface.KubernetesApi) (*HostSensorHandler, error) {
+func NewHostSensorHandler(k8sObj *k8sinterface.KubernetesApi, hostSensorYAMLFile string) (*HostSensorHandler, error) {

 	if k8sObj == nil {
 		return nil, fmt.Errorf("nil k8s interface received")
 	}
+	if hostSensorYAMLFile != "" {
+		d, err := loadHostSensorFromFile(hostSensorYAMLFile)
+		if err != nil {
+			return nil, fmt.Errorf("failed to load host-scan yaml file, reason: %s", err.Error())
+		}
+		hostSensorYAML = d
+	}
 	hsh := &HostSensorHandler{
-		k8sObj:                      k8sObj,
-		HostSensorPodNames:          map[string]string{},
-		HostSensorUnshedulePodNames: map[string]string{},
-		gracePeriod:                 int64(15),
+		k8sObj:                        k8sObj,
+		HostSensorPodNames:            map[string]string{},
+		HostSensorUnscheduledPodNames: map[string]string{},
+		gracePeriod:                   int64(15),
 	}
 	// Don't deploy on cluster with no nodes. Some cloud providers prevents termination of K8s objects for cluster with no nodes!!!
 	if nodeList, err := k8sObj.KubernetesClient.CoreV1().Nodes().List(k8sObj.Context, metav1.ListOptions{}); err != nil || len(nodeList.Items) == 0 {
@@ -70,7 +77,7 @@ func (hsh *HostSensorHandler) Init() error {
 	defer cautils.StopSpinner()

 	if err := hsh.applyYAML(); err != nil {
-		return fmt.Errorf("in HostSensorHandler init failed to apply YAML: %v", err)
+		return fmt.Errorf("failed to apply host sensor YAML, reason: %v", err)
 	}
 	hsh.populatePodNamesToNodeNames()
 	if err := hsh.checkPodForEachNode(); err != nil {
@@ -80,55 +87,83 @@ func (hsh *HostSensorHandler) Init() error {
 }

 func (hsh *HostSensorHandler) applyYAML() error {
-	dec := yaml.NewDocumentDecoder(io.NopCloser(strings.NewReader(hostSensorYAML)))
-	// apply namespace
-	singleYAMLBytes := make([]byte, 4096)
-	if readLen, err := dec.Read(singleYAMLBytes); err != nil {
-		return fmt.Errorf("failed to read YAML of namespace: %v", err)
-	} else {
-		singleYAMLBytes = singleYAMLBytes[:readLen]
+	workloads, err := cautils.ReadFile([]byte(hostSensorYAML), cautils.YAML_FILE_FORMAT)
+	if len(err) != 0 {
+		return fmt.Errorf("failed to read YAML files, reason: %v", err)
 	}
-	namespaceAC := &coreapplyv1.NamespaceApplyConfiguration{}
-	if err := yaml.Unmarshal(singleYAMLBytes, namespaceAC); err != nil {
-		return fmt.Errorf("failed to Unmarshal YAML of namespace: %v", err)
-	}
-	namespaceName := ""

-	if ns, err := hsh.k8sObj.KubernetesClient.CoreV1().Namespaces().Apply(hsh.k8sObj.Context, namespaceAC, metav1.ApplyOptions{
-		FieldManager: "kubescape",
-	}); err != nil {
-		return fmt.Errorf("failed to apply YAML of namespace: %v", err)
-	} else {
-		namespaceName = ns.Name
-	}
-	// apply DaemonSet
-	daemonAC := &appsapplyv1.DaemonSetApplyConfiguration{}
-	singleYAMLBytes = make([]byte, 4096)
-	if readLen, err := dec.Read(singleYAMLBytes); err != nil {
-		if erra := hsh.tearDownNamesapce(namespaceName); erra != nil {
-			err = fmt.Errorf("%v; In addidtion %v", err, erra)
+	// Get namespace name
+	namespaceName := ""
+	for i := range workloads {
+		if workloads[i].GetKind() == "Namespace" {
+			namespaceName = workloads[i].GetName()
+			break
 		}
-		return fmt.Errorf("failed to read YAML of DaemonSet: %v", err)
-	} else {
-		singleYAMLBytes = singleYAMLBytes[:readLen]
 	}
-	if err := yaml.Unmarshal(singleYAMLBytes, daemonAC); err != nil {
-		if erra := hsh.tearDownNamesapce(namespaceName); erra != nil {
-			err = fmt.Errorf("%v; In addidtion %v", err, erra)
+
+	// Update workload data before applying
+	for i := range workloads {
+		w := workloadinterface.NewWorkloadObj(workloads[i].GetObject())
+		if w == nil {
+			return fmt.Errorf("invalid workload: %v", workloads[i].GetObject())
 		}
-		return fmt.Errorf("failed to Unmarshal YAML of DaemonSet: %v", err)
-	}
-	daemonAC.Namespace = &namespaceName
-	if ds, err := hsh.k8sObj.KubernetesClient.AppsV1().DaemonSets(namespaceName).Apply(hsh.k8sObj.Context, daemonAC, metav1.ApplyOptions{
-		FieldManager: "kubescape",
-	}); err != nil {
-		if erra := hsh.tearDownNamesapce(namespaceName); erra != nil {
-			err = fmt.Errorf("%v; In addidtion %v", err, erra)
+		// set namespace in all objects
+		if w.GetKind() != "Namespace" {
+			w.SetNamespace(namespaceName)
+		}
+		// Get container port
+		if w.GetKind() == "DaemonSet" {
+			containers, err := w.GetContainers()
+			if err != nil {
+				if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
+					logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
+				}
+				return fmt.Errorf("container not found in DaemonSet: %v", err)
+			}
+			for j := range containers {
+				for k := range containers[j].Ports {
+					if containers[j].Ports[k].Name == PortName {
+						hsh.HostSensorPort = containers[j].Ports[k].ContainerPort
+					}
+				}
+			}
+
+		}
+
+		// Apply workload
+		var newWorkload k8sinterface.IWorkload
+		var e error
+
+		if g, err := hsh.k8sObj.GetWorkload(w.GetNamespace(), w.GetKind(), w.GetName()); err == nil && g != nil {
+			newWorkload, e = hsh.k8sObj.UpdateWorkload(w)
+		} else {
+			newWorkload, e = hsh.k8sObj.CreateWorkload(w)
+		}
+		if e != nil {
+			if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
+				logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
+			}
+			return fmt.Errorf("failed to create/update YAML, reason: %v", e)
+		}
+
+		// Save DaemonSet
+		if newWorkload.GetKind() == "DaemonSet" {
+			b, err := json.Marshal(newWorkload.GetObject())
+			if err != nil {
+				if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
+					logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
+				}
+				return fmt.Errorf("failed to Marshal YAML of DaemonSet, reason: %v", err)
+			}
+			var ds appsv1.DaemonSet
+			if err := json.Unmarshal(b, &ds); err != nil {
+				if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
+					logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
+				}
+				return fmt.Errorf("failed to Unmarshal YAML of DaemonSet, reason: %v", err)
+			}
+			hsh.DaemonSet = &ds
 		}
-		return fmt.Errorf("failed to apply YAML of DaemonSet: %v", err)
-	} else {
-		hsh.HostSensorPort = ds.Spec.Template.Spec.Containers[0].Ports[0].ContainerPort
-		hsh.DaemonSet = ds
 	}
 	return nil
 }
@@ -142,7 +177,7 @@ func (hsh *HostSensorHandler) checkPodForEachNode() error {
 		}
 		hsh.podListLock.RLock()
 		podsNum := len(hsh.HostSensorPodNames)
-		unschedPodNum := len(hsh.HostSensorUnshedulePodNames)
+		unschedPodNum := len(hsh.HostSensorUnscheduledPodNames)
 		hsh.podListLock.RUnlock()
 		if len(nodesList.Items) <= podsNum+unschedPodNum {
 			break
@@ -151,7 +186,7 @@ func (hsh *HostSensorHandler) checkPodForEachNode() error {
 			hsh.podListLock.RLock()
 			podsMap := hsh.HostSensorPodNames
 			hsh.podListLock.RUnlock()
-			return fmt.Errorf("host-sensor pods number (%d) differ than nodes number (%d) after deadline exceded. We will take data only from the pods below: %v",
+			return fmt.Errorf("host-sensor pods number (%d) differ than nodes number (%d) after deadline exceeded. Kubescape will take data only from the pods below: %v",
 				podsNum, len(nodesList.Items), podsMap)
 		}
 		time.Sleep(100 * time.Millisecond)
@@ -194,7 +229,7 @@ func (hsh *HostSensorHandler) updatePodInListAtomic(eventType watch.EventType, p
 		if podObj.Status.Phase == corev1.PodRunning && len(podObj.Status.ContainerStatuses) > 0 &&
 			podObj.Status.ContainerStatuses[0].Ready {
 			hsh.HostSensorPodNames[podObj.ObjectMeta.Name] = podObj.Spec.NodeName
-			delete(hsh.HostSensorUnshedulePodNames, podObj.ObjectMeta.Name)
+			delete(hsh.HostSensorUnscheduledPodNames, podObj.ObjectMeta.Name)
 		} else {
 			if podObj.Status.Phase == corev1.PodPending && len(podObj.Status.Conditions) > 0 &&
 				podObj.Status.Conditions[0].Reason == corev1.PodReasonUnschedulable {
@@ -211,7 +246,7 @@ func (hsh *HostSensorHandler) updatePodInListAtomic(eventType watch.EventType, p
 					helpers.String("nodeName", nodeName),
 					helpers.String("podName", podObj.ObjectMeta.Name))
 				if nodeName != "" {
-					hsh.HostSensorUnshedulePodNames[podObj.ObjectMeta.Name] = nodeName
+					hsh.HostSensorUnscheduledPodNames[podObj.ObjectMeta.Name] = nodeName
 				}
 			} else {
 				delete(hsh.HostSensorPodNames, podObj.ObjectMeta.Name)
@@ -222,7 +257,7 @@ func (hsh *HostSensorHandler) updatePodInListAtomic(eventType watch.EventType, p
 	}
 }

-func (hsh *HostSensorHandler) tearDownNamesapce(namespace string) error {
+func (hsh *HostSensorHandler) tearDownNamespace(namespace string) error {

 	if err := hsh.k8sObj.KubernetesClient.CoreV1().Namespaces().Delete(hsh.k8sObj.Context, namespace, metav1.DeleteOptions{GracePeriodSeconds: &hsh.gracePeriod}); err != nil {
 		return fmt.Errorf("failed to delete host-sensor namespace: %v", err)
@@ -235,7 +270,7 @@ func (hsh *HostSensorHandler) TearDown() error {
 	if err := hsh.k8sObj.KubernetesClient.AppsV1().DaemonSets(hsh.GetNamespace()).Delete(hsh.k8sObj.Context, hsh.DaemonSet.Name, metav1.DeleteOptions{GracePeriodSeconds: &hsh.gracePeriod}); err != nil {
 		return fmt.Errorf("failed to delete host-sensor daemonset: %v", err)
 	}
-	if err := hsh.tearDownNamesapce(namespace); err != nil {
+	if err := hsh.tearDownNamespace(namespace); err != nil {
 		return fmt.Errorf("failed to delete host-sensor daemonset: %v", err)
 	}
 	// TODO: wait for termination? may take up to 120 seconds!!!
@@ -249,3 +284,12 @@ func (hsh *HostSensorHandler) GetNamespace() string {
 	}
 	return hsh.DaemonSet.Namespace
 }
+
+func loadHostSensorFromFile(hostSensorYAMLFile string) (string, error) {
+	dat, err := os.ReadFile(hostSensorYAMLFile)
+	if err != nil {
+		return "", err
+	}
+	// TODO - Add file validation
+	return string(dat), err
+}
--- a/core/pkg/hostsensorutils/hostsensorgetfrompod.go
+++ b/core/pkg/hostsensorutils/hostsensorgetfrompod.go
@@ -91,6 +91,12 @@ func (hsh *HostSensorHandler) sendAllPodsHTTPGETRequest(path, requestKind string
 	return res, nil
 }

+// return list of LinuxKernelVariables
+func (hsh *HostSensorHandler) GetKernelVariables() ([]hostsensor.HostSensorDataEnvelope, error) {
+	// loop over pods and port-forward it to each of them
+	return hsh.sendAllPodsHTTPGETRequest("/LinuxKernelVariables", "LinuxKernelVariables")
+}
+
 // return list of OpenPortsList
 func (hsh *HostSensorHandler) GetOpenPortsList() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
@@ -195,6 +201,12 @@ func (hsh *HostSensorHandler) CollectResources() ([]hostsensor.HostSensorDataEnv
 		return kcData, err
 	}
 	res = append(res, kcData...)
+	// GetKernelVariables
+	kcData, err = hsh.GetKernelVariables()
+	if err != nil {
+		return kcData, err
+	}
+	res = append(res, kcData...)
 	// finish

 	logger.L().Debug("Done reading information from host sensor")
--- a/core/pkg/hostsensorutils/hostsensorinterface.go
+++ b/core/pkg/hostsensorutils/hostsensorinterface.go
--- a/core/pkg/hostsensorutils/hostsensormock.go
+++ b/core/pkg/hostsensorutils/hostsensormock.go
--- a/core/pkg/opaprocessor/processorhandler.go
+++ b/core/pkg/opaprocessor/processorhandler.go
@@ -8,14 +8,13 @@ import (
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/logger"
-	ksscore "github.com/armosec/kubescape/score"
+	"github.com/armosec/kubescape/core/pkg/score"
 	"github.com/armosec/opa-utils/objectsenvelopes"
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/opa-utils/reporthandling/apis"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
 	"github.com/open-policy-agent/opa/storage"

-	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/k8s-interface/workloadinterface"

 	"github.com/armosec/opa-utils/resources"
@@ -25,59 +24,37 @@ import (

 const ScoreConfigPath = "/resources/config"

-type OPAProcessorHandler struct {
-	processedPolicy      *chan *cautils.OPASessionObj
-	reportResults        *chan *cautils.OPASessionObj
-	regoDependenciesData *resources.RegoDependenciesData
-}
-
 type OPAProcessor struct {
-	*cautils.OPASessionObj
 	regoDependenciesData *resources.RegoDependenciesData
+	*cautils.OPASessionObj
 }

 func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *resources.RegoDependenciesData) *OPAProcessor {
-	if regoDependenciesData != nil && sessionObj != nil {
-		regoDependenciesData.PostureControlInputs = sessionObj.RegoInputData.PostureControlInputs
-	}
 	return &OPAProcessor{
 		OPASessionObj:        sessionObj,
 		regoDependenciesData: regoDependenciesData,
 	}
 }
+func (opap *OPAProcessor) ProcessRulesListenner() error {

-func NewOPAProcessorHandler(processedPolicy, reportResults *chan *cautils.OPASessionObj) *OPAProcessorHandler {
-	return &OPAProcessorHandler{
-		processedPolicy:      processedPolicy,
-		reportResults:        reportResults,
-		regoDependenciesData: resources.NewRegoDependenciesData(k8sinterface.GetK8sConfig(), cautils.ClusterName),
+	policies := ConvertFrameworksToPolicies(opap.Policies, cautils.BuildNumber)
+
+	ConvertFrameworksToSummaryDetails(&opap.Report.SummaryDetails, opap.Policies, policies)
+
+	// process
+	if err := opap.Process(policies); err != nil {
+		logger.L().Error(err.Error())
+		// Return error?
 	}
-}

-func (opaHandler *OPAProcessorHandler) ProcessRulesListenner() {
+	// edit results
+	opap.updateResults()

-	for {
-		opaSessionObj := <-*opaHandler.processedPolicy
-		opap := NewOPAProcessor(opaSessionObj, opaHandler.regoDependenciesData)
+	//TODO: review this location
+	scorewrapper := score.NewScoreWrapper(opap.OPASessionObj)
+	scorewrapper.Calculate(score.EPostureReportV2)

-		policies := ConvertFrameworksToPolicies(opap.Frameworks, cautils.BuildNumber)
-
-		ConvertFrameworksToSummaryDetails(&opap.Report.SummaryDetails, opap.Frameworks, policies)
-
-		// process
-		if err := opap.Process(policies); err != nil {
-			logger.L().Error(err.Error())
-		}
-
-		// edit results
-		opap.updateResults()
-
-		//TODO: review this location
-		scorewrapper := ksscore.NewScoreWrapper(opaSessionObj)
-		scorewrapper.Calculate(ksscore.EPostureReportV2)
-		// report
-		*opaHandler.reportResults <- opaSessionObj
-	}
+	return nil
 }

 func (opap *OPAProcessor) Process(policies *cautils.Policies) error {
--- a/core/pkg/opaprocessor/processorhandler_test.go
+++ b/core/pkg/opaprocessor/processorhandler_test.go
@@ -32,13 +32,13 @@ func TestProcess(t *testing.T) {

 	// set opaSessionObj
 	opaSessionObj := cautils.NewOPASessionObjMock()
-	opaSessionObj.Frameworks = []reporthandling.Framework{*reporthandling.MockFrameworkA()}
-	policies := ConvertFrameworksToPolicies(opaSessionObj.Frameworks, "")
+	opaSessionObj.Policies = []reporthandling.Framework{*reporthandling.MockFrameworkA()}
+	policies := ConvertFrameworksToPolicies(opaSessionObj.Policies, "")

 	opaSessionObj.K8SResources = &k8sResources
 	opaSessionObj.AllResources = allResources

-	opap := NewOPAProcessor(opaSessionObj, resources.NewRegoDependenciesDataMock())
+	opap := NewOPAProcessor(opaSessionObj, resources.NewRegoDependenciesDataMock()) // ,
 	opap.Process(policies)
 	opap.updateResults()
 	for _, f := range opap.PostureReport.FrameworkReports {
@@ -68,10 +68,10 @@ func TestProcessResourcesResult(t *testing.T) {

 	// set opaSessionObj
 	opaSessionObj := cautils.NewOPASessionObjMock()
-	opaSessionObj.Frameworks = frameworks
+	opaSessionObj.Policies = frameworks

-	policies := ConvertFrameworksToPolicies(opaSessionObj.Frameworks, "")
-	ConvertFrameworksToSummaryDetails(&opaSessionObj.Report.SummaryDetails, opaSessionObj.Frameworks, policies)
+	policies := ConvertFrameworksToPolicies(opaSessionObj.Policies, "")
+	ConvertFrameworksToSummaryDetails(&opaSessionObj.Report.SummaryDetails, opaSessionObj.Policies, policies)

 	opaSessionObj.K8SResources = &k8sResources
 	opaSessionObj.AllResources[deployment.GetID()] = deployment
--- a/core/pkg/opaprocessor/processorhandlerutils.go
+++ b/core/pkg/opaprocessor/processorhandlerutils.go
@@ -3,8 +3,6 @@ package opaprocessor
 import (
 	"fmt"

-	pkgcautils "github.com/armosec/utils-go/utils"
-
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/logger"

@@ -127,39 +125,6 @@ func getRuleDependencies() (map[string]string, error) {
 	return modules, nil
 }

-func ruleWithArmoOpaDependency(annotations map[string]interface{}) bool {
-	if annotations == nil {
-		return false
-	}
-	if s, ok := annotations["armoOpa"]; ok { // TODO - make global
-		return pkgcautils.StringToBool(s.(string))
-	}
-	return false
-}
-
-// Checks that kubescape version is in range of use for this rule
-// In local build (BuildNumber = ""):
-// returns true only if rule doesn't have the "until" attribute
-func isRuleKubescapeVersionCompatible(rule *reporthandling.PolicyRule) bool {
-	if from, ok := rule.Attributes["useFromKubescapeVersion"]; ok {
-		if cautils.BuildNumber != "" {
-			if from.(string) > cautils.BuildNumber {
-				return false
-			}
-		}
-	}
-	if until, ok := rule.Attributes["useUntilKubescapeVersion"]; ok {
-		if cautils.BuildNumber != "" {
-			if until.(string) <= cautils.BuildNumber {
-				return false
-			}
-		} else {
-			return false
-		}
-	}
-	return true
-}
-
 func removeData(obj workloadinterface.IMetadata) {
 	if !k8sinterface.IsTypeWorkload(obj.GetObject()) {
 		return // remove data only from kubernetes objects
--- a/core/pkg/opaprocessor/processorhandlerutils_test.go
+++ b/core/pkg/opaprocessor/processorhandlerutils_test.go
@@ -0,0 +1,24 @@
+package opaprocessor
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+)
+
+func TestRemoveData(t *testing.T) {
+
+	w := `{"apiVersion":"apps/v1","kind":"Deployment","metadata":{"name":"demoservice-server"},"spec":{"replicas":1,"selector":{"matchLabels":{"app":"demoservice-server"}},"template":{"metadata":{"creationTimestamp":null,"labels":{"app":"demoservice-server"}},"spec":{"containers":[{"env":[{"name":"SERVER_PORT","value":"8089"},{"name":"SLEEP_DURATION","value":"1"},{"name":"DEMO_FOLDERS","value":"/app"},{"name":"ARMO_TEST_NAME","value":"auto_attach_deployment"},{"name":"CAA_ENABLE_CRASH_REPORTER","value":"1"}],"image":"quay.io/armosec/demoservice:v25","imagePullPolicy":"IfNotPresent","name":"demoservice","ports":[{"containerPort":8089,"protocol":"TCP"}],"resources":{},"terminationMessagePath":"/dev/termination-log","terminationMessagePolicy":"File"}],"dnsPolicy":"ClusterFirst","restartPolicy":"Always","schedulerName":"default-scheduler","securityContext":{},"terminationGracePeriodSeconds":30}}}}`
+	obj, _ := workloadinterface.NewWorkload([]byte(w))
+	removeData(obj)
+
+	workload := workloadinterface.NewWorkloadObj(obj.GetObject())
+	c, _ := workload.GetContainers()
+	for i := range c {
+		for _, e := range c[i].Env {
+			assert.Equal(t, "XXXXXX", e.Value)
+		}
+	}
+}
--- a/core/pkg/opaprocessor/utils.go
+++ b/core/pkg/opaprocessor/utils.go
--- a/core/pkg/opaprocessor/utils_test.go
+++ b/core/pkg/opaprocessor/utils_test.go
--- a/core/pkg/policyhandler/handlenotification.go
+++ b/core/pkg/policyhandler/handlenotification.go
@@ -4,7 +4,7 @@ import (
 	"fmt"

 	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/resourcehandler"
+	"github.com/armosec/kubescape/core/pkg/resourcehandler"
 	"github.com/armosec/opa-utils/reporthandling"
 )

@@ -12,19 +12,17 @@ import (
 type PolicyHandler struct {
 	resourceHandler resourcehandler.IResourceHandler
 	// we are listening on this chan in opaprocessor/processorhandler.go/ProcessRulesListenner func
-	processPolicy *chan *cautils.OPASessionObj
-	getters       *cautils.Getters
+	getters *cautils.Getters
 }

 // CreatePolicyHandler Create ws-handler obj
-func NewPolicyHandler(processPolicy *chan *cautils.OPASessionObj, resourceHandler resourcehandler.IResourceHandler) *PolicyHandler {
+func NewPolicyHandler(resourceHandler resourcehandler.IResourceHandler) *PolicyHandler {
 	return &PolicyHandler{
 		resourceHandler: resourceHandler,
-		processPolicy:   processPolicy,
 	}
 }

-func (policyHandler *PolicyHandler) HandleNotificationRequest(notification *reporthandling.PolicyNotification, scanInfo *cautils.ScanInfo) error {
+func (policyHandler *PolicyHandler) CollectResources(notification *reporthandling.PolicyNotification, scanInfo *cautils.ScanInfo) (*cautils.OPASessionObj, error) {
 	opaSessionObj := cautils.NewOPASessionObj(nil, nil)
 	// validate notification
 	// TODO
@@ -32,26 +30,25 @@ func (policyHandler *PolicyHandler) HandleNotificationRequest(notification *repo

 	// get policies
 	if err := policyHandler.getPolicies(notification, opaSessionObj); err != nil {
-		return err
+		return opaSessionObj, err
 	}

 	err := policyHandler.getResources(notification, opaSessionObj, scanInfo)
 	if err != nil {
-		return err
+		return opaSessionObj, err
 	}
 	if opaSessionObj.K8SResources == nil || len(*opaSessionObj.K8SResources) == 0 {
-		return fmt.Errorf("empty list of resources")
+		return opaSessionObj, fmt.Errorf("empty list of resources")
 	}

 	// update channel
-	*policyHandler.processPolicy <- opaSessionObj
-	return nil
+	return opaSessionObj, nil
 }

 func (policyHandler *PolicyHandler) getResources(notification *reporthandling.PolicyNotification, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) error {

 	opaSessionObj.Report.ClusterAPIServerInfo = policyHandler.resourceHandler.GetClusterAPIServerInfo()
-	resourcesMap, allResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj.Frameworks, &notification.Designators)
+	resourcesMap, allResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj.Policies, &notification.Designators)
 	if err != nil {
 		return err
 	}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
dwertent	7a01116db5	adding ks interface	2022-03-13 10:59:38 +02:00
dwertent	8f1e4ceff0	split pkg	2022-03-13 09:59:57 +02:00
dwertent	66196c0d56	pass info in call	2022-03-10 17:13:51 +02:00
dwertent	2d59ba0943	update cmd struct	2022-03-10 17:02:09 +02:00
dwertent	33f92d1a5f	update logger support	2022-03-10 11:19:05 +02:00
dwertent	4bd468f03e	Merge remote-tracking branch 'armosec/dev'	2022-03-09 20:54:22 +02:00
dwertent	c6eaecd596	export to json	2022-03-09 20:53:55 +02:00
dwertent	a2a5b06024	adding http handler	2022-03-09 20:51:55 +02:00
David Wertenteil	825732f60f	Merge pull request #444 from Akasurde/misspell_dev Misc typo fixes	2022-03-09 20:12:19 +02:00
David Wertenteil	596ec17106	Merge pull request #445 from Akasurde/no_color_dev cli: added support for no color	2022-03-09 20:01:24 +02:00
Abhijeet Kasurde	fbd0f352c4	cli: added support for no color Using commandline flag users can now disable colored output in logging. Fixes: #434 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>	2022-03-09 21:25:48 +05:30
Abhijeet Kasurde	2600052735	Misc typo fixes Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>	2022-03-09 21:22:41 +05:30
dwertent	a985b2ce09	Add mock logger	2022-03-08 21:39:09 +02:00
dwertent	829c176644	Merge remote-tracking branch 'armosec/dev' into server-support	2022-03-08 14:52:00 +02:00
dwertent	7d7d247bc2	udpate go mod	2022-03-08 14:51:24 +02:00
dwertent	43ae8e2a81	Merge branch 'master' into server-support	2022-03-08 14:49:41 +02:00
David Wertenteil	b0f37e9465	Merge pull request #441 from xdavidel/update_io_apis update vulns input / output api	2022-03-08 14:34:45 +02:00
David Wertenteil	396ef55267	Merge pull request #440 from dwertent/master Use semver.Compare for version check	2022-03-08 10:12:59 +02:00
dwertent	4b07469bb2	use semver.Compare for version check	2022-03-08 10:10:06 +02:00
David Delarosa	260f7b06c1	update vulns input / output api	2022-03-07 17:03:14 +02:00
David Wertenteil	67ba28a3cb	Merge pull request #433 from dwertent/master call `setTenant` when submitting results	2022-03-06 11:29:34 +02:00
dwertent	a768d22a1d	call setTenant when submitting results	2022-03-06 11:25:16 +02:00
David Wertenteil	ede88550da	Merge pull request #432 from dwertent/master Update roadmap	2022-03-06 11:03:54 +02:00
David Wertenteil	ab55a0d134	Merge pull request #431 from Bezbran/dev Read Linux kernel variables from host sensor	2022-03-06 10:59:41 +02:00
Bezalel Brandwine	bfd7060044	read linux kernel variables from host sensor	2022-03-06 10:51:24 +02:00
dwertent	bf215a0f96	update roadmap	2022-03-06 10:50:45 +02:00
dwertent	a2e1fb36df	update maintainers	2022-03-06 10:42:30 +02:00
dwertent	4e9c6f34b3	Update maintainers and roadmap	2022-03-06 10:38:03 +02:00
David Wertenteil	b08c0f2ec6	Merge pull request #429 from dwertent/master Update readme	2022-03-06 09:54:41 +02:00
dwertent	4c0e358afc	support submitting v2	2022-03-06 09:51:05 +02:00
dwertent	9ae21b064a	update readme	2022-03-06 09:32:26 +02:00
dwertent	2df0c12e10	auto complete examples	2022-03-03 17:45:54 +02:00
David Wertenteil	d37025dc6c	json v2 version	2022-03-03 16:17:25 +02:00
dwertent	0b01eb5ee4	swapped print versions	2022-03-03 14:26:34 +02:00
David Wertenteil	d537c56159	Update format output support to v2	2022-03-03 13:24:45 +02:00
dwertent	feb9e3af10	Merge remote-tracking branch 'armosec/dev'	2022-03-03 13:06:36 +02:00
dwertent	ec30ed8439	json v2 support	2022-03-03 13:05:36 +02:00
dwertent	cda9bb0e45	Update junit support	2022-03-03 12:34:03 +02:00
Ben Hirschberg	17f1c6b647	Merge pull request #424 from slashben/dev added updated road-map	2022-03-01 17:27:39 +02:00
Ben Hirschberg	98079ec1ec	added updated roadmap	2022-03-01 17:26:26 +02:00
David Wertenteil	16aaf9b5f8	extend exceptions support	2022-02-28 18:32:49 +02:00
dwertent	ff0264ee15	extend exceptions support	2022-02-28 18:19:17 +02:00
David Wertenteil	bea9bd64a4	Update junit support	2022-02-27 17:33:16 +02:00
dwertent	544a19906e	update junit	2022-02-27 17:29:42 +02:00
dwertent	208bb25118	fixed junit support	2022-02-27 16:33:21 +02:00
David Wertenteil	fdb7e278c1	Merge pull request #419 from hayzer/fail-threshold-support-float Change fail-threshold type to float	2022-02-27 14:56:27 +02:00
David Wertenteil	a132a49d57	extent host-sensor support	2022-02-27 14:45:30 +02:00
dwertent	23e73f5e88	extent host-sensor support	2022-02-27 14:30:32 +02:00
Tomasz Majer	fdcc5e9a66	Support float in fail-threshold	2022-02-27 11:14:05 +01:00
David Wertenteil	77e7b1a2cb	Improvments	2022-02-24 18:58:31 +02:00
dwertent	db95da3742	udpate packages	2022-02-24 18:43:29 +02:00
dwertent	dc172a1476	fixed help message	2022-02-24 18:22:29 +02:00
dwertent	8694a929cf	support output versions	2022-02-24 13:57:33 +02:00
dwertent	36b3840362	support host sensor from local file	2022-02-24 12:09:47 +02:00
dwertent	d5fcbe842f	adding autocompletion	2022-02-24 09:50:12 +02:00
dwertent	155349dac0	adding resource table	2022-02-23 15:54:59 +02:00
David Wertenteil	7956a849d9	Fix argument validation for framework/control	2022-02-23 10:33:49 +02:00
Avinash Upadhyaya	0d1c4cdc02	fix: argument validation for framework/control	2022-02-23 10:24:14 +05:30
David Wertenteil	8c833a5df8	Ignore empty frameworks	2022-02-22 14:48:10 +02:00
dwertent	37644e1f57	update readme	2022-02-10 21:05:08 +02:00
dwertent	8a04934fbd	Adding readme and yaml	2022-02-10 20:41:28 +02:00
dwertent	31e1b3055f	Prometheus support	2022-02-10 20:11:00 +02:00