update roadmap

MAINTAINERS.md

@@ -2,8 +2,9 @@
 
 The following table lists Kubescape project maintainers 
 
-| Name | GitHub | Email | Organization | Repositories/Area of Expertise | Added/Renewed On |
+| Name | GitHub | Email | Organization | Role | Added/Renewed On |
 | --- | --- | --- | --- | --- | --- |
-| Ben Hirschberg | @slashben | ben@armosec.io | ARMO | Kubescape CLI | 2021-09-01 |
-| Rotem Refael | @rotemamsa | rrefael@armosec.io | ARMO | Kubescape CLI | 2021-10-11 |
-| David Wertenteil | @dwertent | dwertent@armosec.io | ARMO | Kubescape CLI | 2021-09-01 |
+| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | ben@armosec.io | [ARMO](https://www.armosec.io/) | VP R&D | 2021-09-01 |
+| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | rrefael@armosec.io | [ARMO](https://www.armosec.io/) | Team Leader | 2021-10-11 |
+| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | dwertent@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape CLI Developer | 2021-09-01 |
+| [Bezalel Brandwine](https://www.linkedin.com/in/bezalel-brandwine) | [@Bezbran](https://github.com/Bezbran) | bbrandwine@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape SaaS Developer | 2021-09-01 |

README.md

@@ -48,9 +48,9 @@ We invite you to our team! We are excited about this project and want to return
 
 Want to contribute? Want to discuss something? Have an issue?
 
+* Feel free to pick a task from the [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) 
 * Open a issue, we are trying to respond within 48 hours
-* [Join us](https://armosec.github.io/kubescape/) in a discussion on our discord server! 
-
+* [Join us](https://armosec.github.io/kubescape/) in a discussion on our discord server!
 
 [<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://armosec.github.io/kubescape/)
 ![discord](https://img.shields.io/discord/893048809884643379)
@@ -103,9 +103,11 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser
 
 #### Scan a running Kubernetes cluster and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan --submit
+kubescape scan --submit --enable-host-scan
 ```
 
+> Read [here](https://hub.armo.cloud/docs/host-sensor) more about the `enable-host-scan` flag
+
 #### Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
 kubescape scan framework nsa --submit
@@ -149,8 +151,11 @@ kubescape scan --verbose
 ```
 
 #### Output in `json` format
+
+> Add the `--format-version v2` flag 
+
 ```
-kubescape scan --format json  --format-version v2 --output results.json
+kubescape scan --format json --format-version v2 --output results.json
 ```
 
 #### Output in `junit xml` format
@@ -233,106 +238,29 @@ Official Docker image `quay.io/armosec/kubescape`
 docker run -v "$(pwd)/example.yaml:/app/example.yaml  quay.io/armosec/kubescape scan /app/example.yaml
 ```
 
+If you wish, you can [build the docker image on your own](build/README.md)
+
 # Submit data manually
 
 Use the `submit` command if you wish to submit data manually
 
 ## Submit scan results manually
 
-First, scan your cluster using the `json` format flag: `kubescape scan framework <name> --format json --output path/to/results.json`.
+> Support forward compatibility by using the `--format-version v2` flag
 
-Now you can submit the results to the Kubaescape SaaS version -
+First, scan your cluster using the `json` format flag: `kubescape scan framework <name> --format json --format-version v2 --output path/to/results.json`.
+
+Now you can submit the results to the Kubescape SaaS version -
 ```
 kubescape submit results path/to/results.json
 ```
-# How to build
-
-## Build using python (3.7^) script
-
-Kubescape can be built using:
-
-``` sh
-python build.py
-```
-
-Note: In order to built using the above script, one must set the environment
-variables in this script:
-
-+ RELEASE
-+ ArmoBEServer
-+ ArmoERServer
-+ ArmoWebsite
-+ ArmoAuthServer
-
-
-## Build using go
-
-Note: development (and the release process) is done with Go `1.17`
-
-1. Clone Project
-```
-git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
-```
-
-2. Build
-```
-go build -o kubescape .
-```
-
-3. Run
-```
-./kubescape scan --submit --enable-host-scan
-```
-
-4. Enjoy :zany_face:
-
-## Docker Build
-
-### Build your own Docker image
-
-1. Clone Project
-```
-git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
-```
-
-2. Build
-```
-docker build -t kubescape -f build/Dockerfile .
-```
-
 
 # Under the hood
 
-## Tests
-Kubescape is running the following tests according to what is defined by [Kubernetes Hardening Guidance by NSA and CISA](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/)
-* Non-root containers
-* Immutable container filesystem
-* Privileged containers
-* hostPID, hostIPC privileges
-* hostNetwork access
-* allowedHostPaths field
-* Protecting pod service account tokens
-* Resource policies
-* Control plane hardening
-* Exposed dashboard
-* Allow privilege escalation
-* Applications credentials in configuration files
-* Cluster-admin binding
-* Exec into container
-* Dangerous capabilities
-* Insecure capabilities
-* Linux hardening
-* Ingress and Egress blocked
-* Container hostPort
-* Network policies
-* Symlink Exchange Can Allow Host Filesystem Access (CVE-2021-25741)
-
-
-
 ## Technology
 Kubescape based on OPA engine: https://github.com/open-policy-agent/opa and ARMO's posture controls.
 
-The tools retrieves Kubernetes objects from the API server and runs a set of [regos snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/).
+The tools retrieves Kubernetes objects from the API server and runs a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io/).
 
 The results by default printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.
 

build/README.md

@@ -0,0 +1,13 @@
+## Docker Build
+
+### Build your own Docker image
+
+1. Clone Project
+```
+git clone https://github.com/armosec/kubescape.git kubescape && cd "$_"
+```
+
+2. Build
+```
+docker build -t kubescape -f build/Dockerfile .
+```

clihandler/cmd/results.go

@@ -11,12 +11,16 @@ import (
 	"github.com/armosec/kubescape/cautils/logger/helpers"
 	"github.com/armosec/kubescape/clihandler"
 	"github.com/armosec/kubescape/clihandler/cliinterfaces"
+	"github.com/armosec/kubescape/resultshandling/reporter"
 	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
+	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/google/uuid"
 	"github.com/spf13/cobra"
 )
 
+var formatVersion string
+
 type ResultsObject struct {
 	filePath     string
 	customerGUID string
@@ -51,7 +55,7 @@ func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinter
 }
 
 var resultsCmd = &cobra.Command{
-	Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json",
+	Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json --format-version v2",
 	Short: "Submit a pre scanned results file. The file must be in json format",
 	Long:  ``,
 	RunE: func(cmd *cobra.Command, args []string) error {
@@ -70,7 +74,14 @@ var resultsCmd = &cobra.Command{
 		resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetClusterName(), args[0])
 
 		// submit resources
-		r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+		var r reporter.IReport
+		switch formatVersion {
+		case "v2":
+			r = reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj())
+		default:
+			logger.L().Warning("Deprecated results version. run with '--format-version' flag", helpers.String("your version", formatVersion), helpers.String("latest version", "v2"))
+			r = reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
+		}
 
 		submitInterfaces := cliinterfaces.SubmitInterfaces{
 			ClusterConfig: clusterConfig,
@@ -87,6 +98,7 @@ var resultsCmd = &cobra.Command{
 
 func init() {
 	submitCmd.AddCommand(resultsCmd)
+	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 }
 
 func loadResultsFromFile(filePath string) ([]reporthandling.FrameworkReport, error) {

clihandler/cmd/scan.go

@@ -55,7 +55,6 @@ var scanCmd = &cobra.Command{
 func frameworkInitConfig() {
 	k8sinterface.SetClusterContextName(scanInfo.KubeContext)
 }
-
 func init() {
 
 	cobra.OnInitialize(frameworkInitConfig)
@@ -79,12 +78,12 @@ func init() {
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to Armo management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host sensor DaemonSet. Use this flag cautiously")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for testing and backward compatibility")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 
 	// hidden flags
 	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemoSet can not run pods on the nodes
 	scanCmd.PersistentFlags().MarkHidden("silent")         // this flag should be deprecated since we added the --logger support
-	scanCmd.PersistentFlags().MarkHidden("format-version") // meant for testing different output approaches and not for common use
+	// scanCmd.PersistentFlags().MarkHidden("format-version") // meant for testing different output approaches and not for common use
 
 	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valueable data from cluster nodes for certain controls. Yaml file: https://raw.githubusercontent.com/armosec/kubescape/master/hostsensorutils/hostsensor.yaml")
 	hostF.NoOptDefVal = "true"

clihandler/initcli.go

@@ -80,7 +80,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// ================== setup reporter & printer objects ======================================
 
 	// reporting behavior - setup reporter
-	reportHandler := getReporter(tenantConfig, scanInfo.Submit)
+	reportHandler := getReporter(tenantConfig, scanInfo.Submit, scanInfo.FrameworkScan, len(scanInfo.InputPatterns) == 0)
 
 	// setup printer
 	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.FormatVersion, scanInfo.VerboseMode)

clihandler/initcliutils.go

@@ -48,14 +48,22 @@ func getRBACHandler(tenantConfig cautils.ITenantConfig, k8s *k8sinterface.Kubern
 	return nil
 }
 
-func getReporter(tenantConfig cautils.ITenantConfig, submit bool) reporter.IReport {
-	if submit {
+func getReporter(tenantConfig cautils.ITenantConfig, submit, fwScan, clusterScan bool) reporter.IReport {
+	if submit && clusterScan {
 		return reporterv2.NewReportEventReceiver(tenantConfig.GetConfigObj())
 	}
-	if tenantConfig.GetAccountID() == "" {
-		return reporterv2.NewReportMock(reporterv2.NO_SUBMIT_QUERY)
+	if tenantConfig.GetAccountID() == "" && fwScan && clusterScan {
+		// Add link only when scanning a cluster using a framework
+		return reporterv2.NewReportMock(reporterv2.NO_SUBMIT_QUERY, "run kubescape with the '--submit' flag")
 	}
-	return reporterv2.NewReportMock("")
+	var message string
+	if !fwScan {
+		message = "Kubescape does not submit scan results when scanning controls"
+	}
+	if !clusterScan {
+		message = "Kubescape will submit scan results only when scanning a cluster (not YAML files)"
+	}
+	return reporterv2.NewReportMock("", message)
 }
 
 func getResourceHandler(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig, k8s *k8sinterface.KubernetesApi, hostSensorHandler hostsensorutils.IHostSensor, registryAdaptors *resourcehandler.RegistryAdaptors) resourcehandler.IResourceHandler {

docs/release.md

@@ -1,91 +0,0 @@
-# Kubescape Release 
-
-
-## Input
-
-### Scan a running Kubernetes cluster
-
-* Scan your Kubernetes cluster. Ignore `kube-system` and `kube-public` namespaces
-```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
-```
-
-* Scan your Kubernetes cluster
-```
-kubescape scan framework nsa 
-```
-
-### Scan a local Kubernetes manifest
- 
-* Scan single Kubernetes manifest file <img src="new-feature.svg">
-```
-kubescape scan framework nsa <my-workload.yaml>
-```
-
-* Scan many Kubernetes manifest files <img src="new-feature.svg">
-```
-kubescape scan framework nsa <my-workload-1.yaml> <my-workload-2.yaml>
-```
-
-* Scan all Kubernetes manifest files in directory  <img src="new-feature.svg">
-```
-kubescape scan framework nsa *.yaml
-```
-
-* Scan Kubernetes manifest from stdout  <img src="new-feature.svg">
-```
-cat <my-workload.yaml> | kubescape scan framework nsa -
-```
-
-
-* Scan Kubernetes manifest url  <img src="new-feature.svg">
-```
-kubescape scan framework nsa https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
-```
-
-### Scan HELM chart
-
-* Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout <img src="new-feature.svg">
-```
-helm template [CHART] [flags] --generate-name --dry-run | kubescape scan framework nsa -
-```
-
-### Scan on-prem (offline)
-
-* Scan using a framework from the local file system 
-```
-kubescape scan framework --use-from <path> 
-```
-
-* Scan using the framework from the default location in file system  
-```
-kubescape scan framework  --use-default 
-```
-
-## Output formats
-
-By default, the output is user friendly.
-
-For the sake of automation, it is possible to receive the result in a `json` or `junit xml` format.
-
-* Output in `json` format <img src="new-feature.svg">
-```
-kubescape scan framework nsa --format json --output results.json
-```
-
-* Output in `junit xml` format <img src="new-feature.svg">
-```
-kubescape scan framework nsa --format junit --output results.xml
-```
-
-## Download
-
-* Download and save in file <img src="new-feature.svg">
-```
-kubescape download framework nsa --output nsa.json
-```
-
-* Download and save in default file (`~/.kubescape/<framework name>.json`)
-```
-kubescape download framework nsa 
-```

docs/roadmap.md

@@ -5,38 +5,52 @@
 Kubescape roadmap items are labeled based on where the feature is used and by their maturity.
 
 The features serve different stages of the workflow of the users:
-* development phase (writing Kubernetes manifests) - example: VS Code extension is used while editing YAMLs
-* CI phase (integrating manifests to GIT repo) - example: GitHub action validating HELM charts on PRs
-* delivery phase (deploying applications in Kubernetes) - example: running cluster scan after a new deployment
-* monitoring phase (scanning application in Kubernetes) - example: Prometheus scraping the cluster security risk 
+* **Development phase** (writing Kubernetes manifests) - example: VS Code extension is used while editing YAMLs
+* **CI phase** (integrating manifests to GIT repo) - example: GitHub action validating HELM charts on PRs
+* **CD phase** (deploying applications in Kubernetes) - example: running cluster scan after a new deployment
+* **Monitoring phase** (scanning application in Kubernetes) - example: Prometheus scraping the cluster security risk 
 
-Items in Kubescape roadmap are split to 3 major groups based on the feature planning maturity:
+The items in Kubescape roadmap are split to 3 major groups based on the feature planning maturity:
 
-* Planning - we have tickets open for these issues with more or less clear vision of design
-* Backlog  - feature which were discussed at a high level but are not ready for development 
-* Wishlist -  features we are dreaming of 😀 and want to push them gradually forward 
+* [Planning](#planning) - we have tickets open for these issues with more or less clear vision of design
+* [Backlog](#backlog)  - feature which were discussed at a high level but are not ready for development 
+* [Wishlist](#wishlist) -  features we are dreaming of 😀 and want to push them gradually forward 
 
 
 ## Planning 👷
-* **Integration with image registries**: we want to expand Kubescape to integrate with differnet image registries and read image vulnerability information from there. This will allow Kubescape to give contextual security information about vulnerabilities [Container registry integration](/docs/proposals/container-image-vulnerability-adaptor.md)
-* **Kubescape as a microservice**: create a REST API for Kubescape so it can run constantly in a cluster and other components like Prometheus can scrape results
-* **Kubescape CLI control over cluster operations**: add functionality to Kubescape CLI to trigger operations in Kubescape cluster components (example: trigger images scans and etc.)
-* **Produce md/HTML reports**: create scan reports for different output formats
-* **Git integration for pull requests**: create insightful GitHub actions for Kubescape
+* ##### Integration with image registries 
+  We want to expand Kubescape to integrate with differnet image registries and read image vulnerability information from there. This will allow Kubescape to give contextual security information about vulnerabilities [Container registry integration](/docs/proposals/container-image-vulnerability-adaptor.md)
+* ##### Kubescape as a microservice 
+  Create a REST API for Kubescape so it can run constantly in a cluster and other components like Prometheus can scrape results
+* ##### Kubescape CLI control over cluster operations 
+  Add functionality to Kubescape CLI to trigger operations in Kubescape cluster components (example: trigger images scans and etc.)
+* ##### Produce md/HTML reports 
+  Create scan reports for different output formats
+* ##### Git integration for pull requests 
+  Create insightful GitHub actions for Kubescape
 
 ## Backlog 📅
-* **JSON path for HELM charts**: today Kubescape can point to issues in the Kubernetes object, we want to develop this feature so Kubescape will be able to point to the misconfigured source file (HELM)
-* **Create Kubescape HELM plugin**
-* **Kubescape based admission controller**: Implement admission controller API for Kubescape microservice to enable users to use Kubescape rules as policies
+* ##### JSON path for HELM charts 
+  Today Kubescape can point to issues in the Kubernetes object, we want to develop this feature so Kubescape will be able to point to the misconfigured source file (HELM)
+* ##### Create Kubescape HELM plugin
+* ##### Kubescape based admission controller 
+  Implement admission controller API for Kubescape microservice to enable users to use Kubescape rules as policies
 
 ## Wishlist 💭
-* **Integrate with other Kubernetes CLI tools** use Kubescape as a YAML validator for `kubectl` and others.
-* **Kubernetes audit log integration**: connect Kubescape to audit log stream to enable it to produce more contextual security information based on how the API service is used.
-* **TUI for Kubescape**: interactive terminal based user interface which helps to analyze and fix issues
-* **Scanning images with GO for vulnerabilities**: Images scanners cannot determine which packages were used to build Go executables and we want to scan them for vulnerabilities
-* **Scanning Dockerfile-s for security best practices**: Scan image or Dockerfile to determine whether it is using security best practices (like root containers)
-* **Custom controls and rules**: enable users to define their own Rego base rules
-* **More CI/CD tool integration**: Jenkins and etc. 😀
+* ##### Integrate with other Kubernetes CLI tools
+  Use Kubescape as a YAML validator for `kubectl` and others.
+* ##### Kubernetes audit log integration 
+  Connect Kubescape to audit log stream to enable it to produce more contextual security information based on how the API service is used.
+* ##### TUI for Kubescape 
+  Interactive terminal based user interface which helps to analyze and fix issues
+* ##### Scanning images with GO for vulnerabilities
+  Images scanners cannot determine which packages were used to build Go executables and we want to scan them for vulnerabilities
+* ##### Scanning Dockerfile-s for security best practices
+  Scan image or Dockerfile to determine whether it is using security best practices (like root containers)
+* ##### Custom controls and rules
+  Enable users to define their own Rego base rules
+* ##### More CI/CD tool integration
+  Jenkins and etc. 😀
 
 
 ## Completed features 🎓

docs/run-options.md

@@ -1,87 +0,0 @@
-<img src="kubescape.png" width="300" alt="logo" align="center">
-
-# More detailed look on command line arguments and options
-
-## Simple run:
-```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
-```
-
-## Flags
-
-| flag |  default | description | options |
-| --- | --- | --- | --- |
-| `-e`/`--exclude-namespaces` | Scan all namespaces | Namespaces to exclude from scanning. Recommended to exclude `kube-system` and `kube-public` namespaces |
-| `-s`/`--silent` | Display progress messages | Silent progress messages |
-| `-t`/`--fail-threshold` | `0` (do not fail) | fail command (return exit code 1) if result is below threshold| `0` -> `100` |
-| `-f`/`--format` | `pretty-printer` | Output format | `pretty-printer`/`json`/`junit` | 
-| `-o`/`--output` | print to stdout | Save scan result in file |
-| `--use-from` | | Load local framework object from specified path. If not used will download latest |
-| `--use-default` | `false` | Load local framework object from default path. If not used will download latest | `true`/`false` |
-| `--exceptions` | | Path to an [exceptions obj](examples/exceptions.json). If not set will download exceptions from Armo management portal |
-| `--results-locally` | `false` | Kubescape sends scan results to Armo management portal to allow users to control exceptions and maintain chronological scan results. Use this flag if you do not wish to use these features | `true`/`false`|
-
-## Usage & Examples
- 
-### Examples
-
-* Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework
-```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public
-```
-
-* Scan local `yaml`/`json` files before deploying
-```
-kubescape scan framework nsa *.yaml
-```
-
-
-* Scan `yaml`/`json` files from url 
-```
-kubescape scan framework nsa https://raw.githubusercontent.com/GoogleCloudPlatform/microservices-demo/master/release/kubernetes-manifests.yaml
-```
-
-* Output in `json` format 
-```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format json --output results.json
-```
-
-* Output in `junit xml` format 
-```
-kubescape scan framework nsa --exclude-namespaces kube-system,kube-public --format junit --output results.xml
-```
-
-* Scan with exceptions, objects with exceptions will be presented as `warning` and not `fail`
-```
-kubescape scan framework nsa --exceptions examples/exceptions.json
-```
-
-### Helm Support
-
-* Render the helm chart using [`helm template`](https://helm.sh/docs/helm/helm_template/) and pass to stdout 
-```
-helm template [NAME] [CHART] [flags] --dry-run | kubescape scan framework nsa -
-```
-
-for example:
-```
-helm template bitnami/mysql --generate-name --dry-run | kubescape scan framework nsa -
-```
-
-### Offline Support <img src="docs/new-feature.svg">
-
-It is possible to run Kubescape offline!
-
-First download the framework and then scan with `--use-from` flag
-
-* Download and save in file, if file name not specified, will store save to `~/.kubescape/<framework name>.json`
-```
-kubescape download framework nsa --output nsa.json
-```
-
-* Scan using the downloaded framework 
-```
-kubescape scan framework nsa --use-from nsa.json
-```
-
-Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests themselves more robust and complete as Kubernetes develops.

examples/example.md

@@ -1,5 +0,0 @@
-#! /bin/bash
-
-echo "Testing Online Boutique yamls (https://github.com/GoogleCloudPlatform/microservices-demo)"
-
-kubescape scan framework nsa online-boutique/*  

resultshandling/printer/v2/prettyprinter.go

@@ -34,9 +34,9 @@ func (prettyPrinter *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessio
 	prettyPrinter.sortedControlNames = getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls) // ListControls().All())
 
 	if prettyPrinter.formatVersion == "v1" {
-		prettyPrinter.resourceTable(opaSessionObj.ResourcesResult, opaSessionObj.AllResources)
-	} else if prettyPrinter.formatVersion == "v2" {
 		prettyPrinter.printResults(&opaSessionObj.Report.SummaryDetails.Controls, opaSessionObj.AllResources)
+	} else if prettyPrinter.formatVersion == "v2" {
+		prettyPrinter.resourceTable(opaSessionObj.ResourcesResult, opaSessionObj.AllResources)
 	}
 	prettyPrinter.printSummaryTable(&opaSessionObj.Report.SummaryDetails)
 

resultshandling/reporter/v2/mockreporter.go

@@ -11,12 +11,14 @@ import (
 const NO_SUBMIT_QUERY = "utm_source=GitHub&utm_medium=CLI&utm_campaign=no_submit"
 
 type ReportMock struct {
-	query string
+	query   string
+	message string
 }
 
-func NewReportMock(query string) *ReportMock {
+func NewReportMock(query, message string) *ReportMock {
 	return &ReportMock{
-		query: query,
+		query:   query,
+		message: message,
 	}
 }
 func (reportMock *ReportMock) ActionSendReport(opaSessionObj *cautils.OPASessionObj) error {
@@ -36,7 +38,7 @@ func (reportMock *ReportMock) DisplayReportURL() {
 	}
 	sep := "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
 	message := sep + "\n"
-	message += "Scan results have not been submitted." + "\n"
+	message += "Scan results have not been submitted: " + reportMock.message + "\n"
 	message += "Sign up for free: "
 	message += u + "\n"
 	message += sep + "\n"

resultshandling/results.go

@@ -3,6 +3,7 @@ package resultshandling
 import (
 	"github.com/armosec/kubescape/cautils"
 	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/cautils/logger/helpers"
 	"github.com/armosec/kubescape/resultshandling/printer"
 	printerv1 "github.com/armosec/kubescape/resultshandling/printer/v1"
 	printerv2 "github.com/armosec/kubescape/resultshandling/printer/v2"
@@ -61,6 +62,7 @@ func NewPrinter(printFormat, formatVersion string, verboseMode bool) printer.IPr
 		case "v2":
 			return printerv2.NewJsonPrinter()
 		default:
+			logger.L().Warning("Deprecated format version. run with '--format-version' flag", helpers.String("your version", formatVersion), helpers.String("latest version", "v2"))
 			return printerv1.NewJsonPrinter()
 		}
 	case printer.JunitResultFormat: