using Buildx in githubactions

Set number of worker nodes based on scheduable nodes (based on taints) & set status to 'skipped' when there are no image vulns

.github/workflows/build.yaml

@@ -33,10 +33,16 @@ jobs:
         uses: actions/setup-go@v2
         with:
           go-version: 1.17
-
-      - name: Test
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: go test -v ./...
 
+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
       - name: Build
         env:
           RELEASE: v2.0.${{ github.run_number }} 
@@ -74,9 +80,6 @@ jobs:
           asset_path: build/${{ matrix.os }}/kubescape.sha256
           asset_name: kubescape-${{ matrix.os }}-sha256
           asset_content_type: application/octet-stream
-
-
-
   build-docker:
     name: Build docker container, tag and upload to registry
     needs: build
@@ -98,28 +101,28 @@ jobs:
         id: image-name
         run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/kubescape'
 
-      - name: Build the Docker image
-        run: docker build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
-      - name: Re-Tag Image to latest
-        run: docker tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} ${{ steps.image-name.outputs.IMAGE_NAME }}:latest
-      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
       - name: Login to Quay.io
-        env: # Or as an environment variable
+        env:
           QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
           QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
         run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
+
+      - name: Build the Docker image
+        run: docker buildx build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:latest --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --push --platform linux/amd64,linux/arm64
+
       # - name: Login to GitHub Container Registry
       #   uses: docker/login-action@v1
       #   with:
       #     registry: ghcr.io
       #     username: ${{ github.actor }}
       #     password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push Docker image
-        run: |
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }}
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:latest
-      
+    
       # TODO - Wait for casign to support fixed tags -> https://github.com/sigstore/cosign/issues/1424
       # - name: Install cosign
       #   uses: sigstore/cosign-installer@main

.github/workflows/build_dev.yaml

@@ -18,9 +18,25 @@ jobs:
         with:
           go-version: 1.17
           
-      - name: Test
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      
+      # - name: Test core pkg
+      #   env:
+      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      #   run: cd core && go test -v ./...
+
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: go test -v ./...
 
+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
       - name: Build
         env:
           RELEASE: v2.0.${{ github.run_number }} 
@@ -64,21 +80,17 @@ jobs:
         id: image-name
         run: echo '::set-output name=IMAGE_NAME::quay.io/${{ github.repository_owner }}/kubescape'
 
-      - name: Build the Docker image
-        run: docker build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
       - name: Login to Quay.io
         env:
           QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
           QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
         run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
-      # - name: Login to GitHub Container Registry
-      #   uses: docker/login-action@v1
-      #   with:
-      #     registry: ghcr.io
-      #     username: ${{ github.actor }}
-      #     password: ${{ secrets.GITHUB_TOKEN }}
-      - name: Push Docker image
-        run: |
-          docker push ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }}
-      
+
+      - name: Build the Docker image
+        run: docker buildx build . --file build/Dockerfile --tag ${{ steps.image-name.outputs.IMAGE_NAME }}:${{ steps.image-version.outputs.IMAGE_VERSION }} --build-arg image_version=${{ steps.image-version.outputs.IMAGE_VERSION }} --push --platform linux/amd64,linux/arm64

.github/workflows/master_pr_checks.yaml

@@ -19,9 +19,17 @@ jobs:
         with:
           go-version: 1.17
 
-      - name: Test
+      # - name: Test cmd pkg
+      #   run: cd cmd && go test -v ./...
+      
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: go test -v ./...
 
+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...
+
       - name: Build
         env:
           RELEASE: v2.0.${{ github.run_number }} 

README.md

@@ -12,8 +12,20 @@ Kubescape integrates natively with other DevOps tools, including Jenkins, Circle
 
 </br>
 
+<!-- # Kubescape Coverage
+<img src="docs/ksfromcodetodeploy.png">
+
+</br> -->
+
+
+# Kubescape CLI:
 <img src="docs/demo.gif">
 
+</br>
+
+<!-- # Kubescape overview:
+<img src="docs/ARMO-header-2022.gif"> -->
+
 # TL;DR
 ## Install:
 ```
@@ -26,7 +38,7 @@ curl -s https://raw.githubusercontent.com/armosec/kubescape/master/install.sh |
 
 ## Run:
 ```
-kubescape scan --submit --enable-host-scan
+kubescape scan --submit --enable-host-scan --verbose
 ```
 
 <img src="docs/summary.png">
@@ -103,7 +115,7 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser
 
 #### Scan a running Kubernetes cluster and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan --submit --enable-host-scan
+kubescape scan --submit --enable-host-scan  --verbose
 ```
 
 > Read [here](https://hub.armo.cloud/docs/host-sensor) more about the `enable-host-scan` flag
@@ -255,6 +267,19 @@ Now you can submit the results to the Kubescape SaaS version -
 kubescape submit results path/to/results.json
 ```
 
+
+# Integrations
+
+## VS Code Extension 
+
+![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/kubescape.kubescape?label=VScode) ![Open VSX](https://img.shields.io/open-vsx/dt/kubescape/kubescape?label=openVSX&color=yellowgreen)
+
+Scan the YAML files while writing them using the [vs code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) 
+
+## Lens Extension
+
+View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using kubescape [Lens extension](https://github.com/armosec/lens-kubescape/blob/master/README.md)
+
 # Under the hood
 
 ## Technology

build.py

@@ -4,7 +4,7 @@ import hashlib
 import platform
 import subprocess
 
-BASE_GETTER_CONST = "github.com/armosec/kubescape/cautils/getter"
+BASE_GETTER_CONST = "github.com/armosec/kubescape/v2/core/cautils/getter"
 BE_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoBEURL"
 ER_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoERURL"
 WEBSITE_CONST     = BASE_GETTER_CONST + ".ArmoFEURL"
@@ -18,7 +18,7 @@ def checkStatus(status, msg):
 
 def getBuildDir():
     currentPlatform = platform.system()
-    buildDir = "build/"
+    buildDir = "./build/"
 
     if currentPlatform == "Windows": buildDir += "windows-latest"
     elif currentPlatform == "Linux": buildDir += "ubuntu-latest"
@@ -42,7 +42,7 @@ def main():
 
     # Set some variables
     packageName = getPackageName()
-    buildUrl = "github.com/armosec/kubescape/cautils.BuildNumber"
+    buildUrl = "github.com/armosec/kubescape/v2/core/cautils.BuildNumber"
     releaseVersion = os.getenv("RELEASE")
     ArmoBEServer = os.getenv("ArmoBEServer")
     ArmoERServer = os.getenv("ArmoERServer")
@@ -70,7 +70,7 @@ def main():
         ldflags += " -X {}={}".format(WEBSITE_CONST, ArmoWebsite)
     if ArmoAuthServer:
         ldflags += " -X {}={}".format(AUTH_SERVER_CONST, ArmoAuthServer)
-
+ 
     build_command = ["go", "build", "-o", ks_file, "-ldflags" ,ldflags]
 
     print("Building kubescape and saving here: {}".format(ks_file))

build/Dockerfile

@@ -18,14 +18,30 @@ RUN pip3 install --no-cache --upgrade pip setuptools
 WORKDIR /work
 ADD . .
 
+# build kubescape server
+WORKDIR /work/httphandler
 RUN python build.py
-
 RUN ls -ltr build/ubuntu-latest
 
+# build kubescape cmd
+WORKDIR /work
+RUN python build.py
+
+RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts
+
 FROM alpine
+
+RUN addgroup -S armo && adduser -S armo -G armo
+
+RUN mkdir /home/armo/.kubescape
+COPY --from=builder /work/artifacts/ /home/armo/.kubescape
+
+RUN chown -R armo:armo /home/armo/.kubescape
+
+USER armo
+WORKDIR /home/armo
+
+COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver
 COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape
 
-# # Download the frameworks. Use the "--use-default" flag when running kubescape
-# RUN kubescape download framework nsa && kubescape download framework mitre
-
-ENTRYPOINT ["kubescape"]
+ENTRYPOINT ["ksserver"]

cautils/datastructures.go

@@ -1,75 +0,0 @@
-package cautils
-
-import (
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
-	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
-)
-
-// K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
-type K8SResources map[string][]string
-
-type OPASessionObj struct {
-	K8SResources    *K8SResources                          // input k8s objects
-	Policies        []reporthandling.Framework             // list of frameworks to scan
-	AllResources    map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
-	ResourcesResult map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
-	PostureReport   *reporthandling.PostureReport          // scan results v1 - Remove
-	Report          *reporthandlingv2.PostureReport        // scan results v2 - Remove
-	Exceptions      []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
-	RegoInputData   RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
-}
-
-func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources) *OPASessionObj {
-	return &OPASessionObj{
-		Report:          &reporthandlingv2.PostureReport{},
-		Policies:        frameworks,
-		K8SResources:    k8sResources,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
-		PostureReport: &reporthandling.PostureReport{
-			ClusterName:  ClusterName,
-			CustomerGUID: CustomerGUID,
-		},
-	}
-}
-
-func NewOPASessionObjMock() *OPASessionObj {
-	return &OPASessionObj{
-		Policies:        nil,
-		K8SResources:    nil,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
-		Report:          &reporthandlingv2.PostureReport{},
-		PostureReport: &reporthandling.PostureReport{
-			ClusterName:  "",
-			CustomerGUID: "",
-			ReportID:     "",
-			JobID:        "",
-		},
-	}
-}
-
-type ComponentConfig struct {
-	Exceptions Exception `json:"exceptions"`
-}
-
-type Exception struct {
-	Ignore        *bool                      `json:"ignore"`        // ignore test results
-	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
-	Namespaces    []string                   `json:"namespaces"`
-	Regex         string                     `json:"regex"` // not supported
-}
-
-type RegoInputData struct {
-	PostureControlInputs map[string][]string `json:"postureControlInputs"`
-	// ClusterName          string              `json:"clusterName"`
-	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
-}
-
-type Policies struct {
-	Frameworks []string
-	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
-}

cautils/environments.go

@@ -1,11 +0,0 @@
-package cautils
-
-// CA environment vars
-var (
-	CustomerGUID          = ""
-	ClusterName           = ""
-	EventReceiverURL      = ""
-	NotificationServerURL = ""
-	DashboardBackendURL   = ""
-	RestAPIPort           = "4001"
-)

cautils/scaninfo.go

@@ -1,198 +0,0 @@
-package cautils
-
-import (
-	"encoding/json"
-	"fmt"
-	"io/ioutil"
-	"os"
-	"path/filepath"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/opa-utils/reporthandling"
-)
-
-const (
-	ScanCluster                string = "cluster"
-	ScanLocalFiles             string = "yaml"
-	localControlInputsFilename string = "controls-inputs.json"
-	localExceptionsFilename    string = "exceptions.json"
-)
-
-type BoolPtrFlag struct {
-	valPtr *bool
-}
-
-func (bpf *BoolPtrFlag) Type() string {
-	return "bool"
-}
-
-func (bpf *BoolPtrFlag) String() string {
-	if bpf.valPtr != nil {
-		return fmt.Sprintf("%v", *bpf.valPtr)
-	}
-	return ""
-}
-func (bpf *BoolPtrFlag) Get() *bool {
-	return bpf.valPtr
-}
-
-func (bpf *BoolPtrFlag) SetBool(val bool) {
-	bpf.valPtr = &val
-}
-
-func (bpf *BoolPtrFlag) Set(val string) error {
-	switch val {
-	case "true":
-		bpf.SetBool(true)
-	case "false":
-		bpf.SetBool(false)
-	}
-	return nil
-}
-
-type RootInfo struct {
-	Logger       string // logger level
-	LoggerName   string // logger name ("pretty"/"zap"/"none")
-	CacheDir     string // cached dir
-	DisableColor bool   // Disable Color
-}
-
-type ScanInfo struct {
-	Getters
-	PolicyIdentifier   []reporthandling.PolicyIdentifier
-	UseExceptions      string      // Load file with exceptions configuration
-	ControlsInputs     string      // Load file with inputs for controls
-	UseFrom            []string    // Load framework from local file (instead of download). Use when running offline
-	UseDefault         bool        // Load framework from cached file (instead of download). Use when running offline
-	UseArtifactsFrom   string      // Load artifacts from local path. Use when running offline
-	VerboseMode        bool        // Display all of the input resources and not only failed resources
-	Format             string      // Format results (table, json, junit ...)
-	Output             string      // Store results in an output file, Output file name
-	FormatVersion      string      // Output object can be differnet between versions, this is for testing and backward compatibility
-	ExcludedNamespaces string      // used for host sensor namespace
-	IncludeNamespaces  string      // DEPRECATED?
-	InputPatterns      []string    // Yaml files input patterns
-	Silent             bool        // Silent mode - Do not print progress logs
-	FailThreshold      float32     // Failure score threshold
-	Submit             bool        // Submit results to Armo BE
-	ReportID           string      // Report id of the current scan
-	HostSensorEnabled  BoolPtrFlag // Deploy ARMO K8s host sensor to collect data from certain controls
-	HostSensorYamlPath string      // Path to hostsensor file
-	Local              bool        // Do not submit results
-	Account            string      // account ID
-	KubeContext        string      // context name
-	FrameworkScan      bool        // false if scanning control
-	ScanAll            bool        // true if scan all frameworks
-}
-
-type Getters struct {
-	ExceptionsGetter     getter.IExceptionsGetter
-	ControlsInputsGetter getter.IControlsInputsGetter
-	PolicyGetter         getter.IPolicyGetter
-}
-
-func (scanInfo *ScanInfo) Init() {
-	scanInfo.setUseFrom()
-	scanInfo.setOutputFile()
-	scanInfo.setUseArtifactsFrom()
-}
-
-func (scanInfo *ScanInfo) setUseArtifactsFrom() {
-	if scanInfo.UseArtifactsFrom == "" {
-		return
-	}
-	// UseArtifactsFrom must be a path without a filename
-	dir, file := filepath.Split(scanInfo.UseArtifactsFrom)
-	if dir == "" {
-		scanInfo.UseArtifactsFrom = file
-	} else if strings.Contains(file, ".json") {
-		scanInfo.UseArtifactsFrom = dir
-	}
-	// set frameworks files
-	files, err := ioutil.ReadDir(scanInfo.UseArtifactsFrom)
-	if err != nil {
-		logger.L().Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
-	}
-	framework := &reporthandling.Framework{}
-	for _, f := range files {
-		filePath := filepath.Join(scanInfo.UseArtifactsFrom, f.Name())
-		file, err := os.ReadFile(filePath)
-		if err == nil {
-			if err := json.Unmarshal(file, framework); err == nil {
-				scanInfo.UseFrom = append(scanInfo.UseFrom, filepath.Join(scanInfo.UseArtifactsFrom, f.Name()))
-			}
-		}
-	}
-	// set config-inputs file
-	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
-	// set exceptions
-	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
-}
-
-func (scanInfo *ScanInfo) setUseExceptions() {
-	if scanInfo.UseExceptions != "" {
-		// load exceptions from file
-		scanInfo.ExceptionsGetter = getter.NewLoadPolicy([]string{scanInfo.UseExceptions})
-	} else {
-		scanInfo.ExceptionsGetter = getter.GetArmoAPIConnector()
-	}
-}
-
-func (scanInfo *ScanInfo) setUseFrom() {
-	if scanInfo.UseDefault {
-		for _, policy := range scanInfo.PolicyIdentifier {
-			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) setOutputFile() {
-	if scanInfo.Output == "" {
-		return
-	}
-	if scanInfo.Format == "json" {
-		if filepath.Ext(scanInfo.Output) != ".json" {
-			scanInfo.Output += ".json"
-		}
-	}
-	if scanInfo.Format == "junit" {
-		if filepath.Ext(scanInfo.Output) != ".xml" {
-			scanInfo.Output += ".xml"
-		}
-	}
-	if scanInfo.Format == "pdf" {
-		if filepath.Ext(scanInfo.Output) != ".pdf" {
-			scanInfo.Output += ".pdf"
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) GetScanningEnvironment() string {
-	if len(scanInfo.InputPatterns) != 0 {
-		return ScanLocalFiles
-	}
-	return ScanCluster
-}
-
-func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind reporthandling.NotificationPolicyKind) {
-	for _, policy := range policies {
-		if !scanInfo.contains(policy) {
-			newPolicy := reporthandling.PolicyIdentifier{}
-			newPolicy.Kind = kind // reporthandling.KindFramework
-			newPolicy.Name = policy
-			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-		}
-	}
-}
-
-func (scanInfo *ScanInfo) contains(policyName string) bool {
-	for _, policy := range scanInfo.PolicyIdentifier {
-		if policy.Name == policyName {
-			return true
-		}
-	}
-	return false
-}

clihandler/cliconfigdelete.go

@@ -1,7 +0,0 @@
-package clihandler
-
-func CliDelete() error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	return tenant.DeleteCachedConfig()
-}

clihandler/cliobjects/set.go

@@ -1,7 +0,0 @@
-package cliobjects
-
-type SetConfig struct {
-	Account   string
-	ClientID  string
-	SecretKey string
-}

clihandler/cliset.go

@@ -1,22 +0,0 @@
-package clihandler
-
-import (
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-)
-
-func CliSetConfig(setConfig *cliobjects.SetConfig) error {
-
-	tenant := getTenantConfig("", "", getKubernetesApi())
-
-	if setConfig.Account != "" {
-		tenant.GetConfigObj().AccountID = setConfig.Account
-	}
-	if setConfig.SecretKey != "" {
-		tenant.GetConfigObj().SecretKey = setConfig.SecretKey
-	}
-	if setConfig.ClientID != "" {
-		tenant.GetConfigObj().ClientID = setConfig.ClientID
-	}
-
-	return tenant.UpdateCachedConfig()
-}

clihandler/cliview.go

@@ -1,12 +0,0 @@
-package clihandler
-
-import (
-	"fmt"
-	"os"
-)
-
-func CliView() error {
-	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
-	fmt.Fprintf(os.Stderr, "%s\n", tenant.GetConfigObj().Config())
-	return nil
-}

clihandler/cmd/config/delete.go

@@ -1,20 +0,0 @@
-package config
-
-import (
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/spf13/cobra"
-)
-
-func getDeleteCmd() *cobra.Command {
-	return &cobra.Command{
-		Use:   "delete",
-		Short: "Delete cached configurations",
-		Long:  ``,
-		Run: func(cmd *cobra.Command, args []string) {
-			if err := clihandler.CliDelete(); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-		},
-	}
-}

clihandler/cmd/config/view.go

@@ -1,22 +0,0 @@
-package config
-
-import (
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/spf13/cobra"
-)
-
-func getViewCmd() *cobra.Command {
-
-	// configCmd represents the config command
-	return &cobra.Command{
-		Use:   "view",
-		Short: "View cached configurations",
-		Long:  ``,
-		Run: func(cmd *cobra.Command, args []string) {
-			if err := clihandler.CliView(); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-		},
-	}
-}

clihandler/cmd/root.go

@@ -1,154 +0,0 @@
-package cmd
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler/cmd/completion"
-	"github.com/armosec/kubescape/clihandler/cmd/config"
-	"github.com/armosec/kubescape/clihandler/cmd/delete"
-	"github.com/armosec/kubescape/clihandler/cmd/download"
-	"github.com/armosec/kubescape/clihandler/cmd/list"
-	"github.com/armosec/kubescape/clihandler/cmd/scan"
-	"github.com/armosec/kubescape/clihandler/cmd/submit"
-	"github.com/armosec/kubescape/clihandler/cmd/version"
-	"github.com/mattn/go-isatty"
-	"github.com/spf13/cobra"
-)
-
-var armoBEURLs = ""
-var armoBEURLsDep = ""
-var rootInfo cautils.RootInfo
-
-const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
-
-var ksExamples = `
-  # Scan command
-  kubescape scan --submit
-
-  # List supported frameworks
-  kubescape list frameworks
-
-  # Download artifacts (air-gapped environment support)
-  kubescape download artifacts
-
-  # View cached configurations
-  kubescape config view
-`
-
-var rootCmd = &cobra.Command{
-	Use:     "kubescape",
-	Version: cautils.BuildNumber,
-	Short:   "Kubescape is a tool for testing Kubernetes security posture",
-	Long:    `Based on NSA \ MITRE ATT&CK® and other frameworks specifications`,
-	Example: ksExamples,
-}
-
-func Execute() {
-	rootCmd.Execute()
-}
-
-func init() {
-	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
-
-	rootCmd.PersistentFlags().StringVar(&armoBEURLsDep, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().StringVar(&armoBEURLs, "env", "", envFlagUsage)
-	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
-	rootCmd.PersistentFlags().MarkHidden("environment")
-	rootCmd.PersistentFlags().MarkHidden("env")
-
-	rootCmd.PersistentFlags().StringVar(&rootInfo.LoggerName, "logger-name", "", fmt.Sprintf("Logger name. Supported: %s [$KS_LOGGER_NAME]", strings.Join(logger.ListLoggersNames(), "/")))
-	rootCmd.PersistentFlags().MarkHidden("logger-name")
-
-	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
-	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
-	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
-
-	rootCmd.AddCommand(scan.GetScanCommand())
-	rootCmd.AddCommand(download.GeDownloadCmd())
-	rootCmd.AddCommand(delete.GetDeleteCmd())
-	rootCmd.AddCommand(list.GetListCmd())
-	rootCmd.AddCommand(submit.GetSubmitCmd())
-	rootCmd.AddCommand(completion.GetCompletionCmd())
-	rootCmd.AddCommand(version.GetVersionCmd())
-	rootCmd.AddCommand(config.GetConfigCmd())
-}
-
-func initLogger() {
-	logger.DisableColor(rootInfo.DisableColor)
-
-	if rootInfo.LoggerName == "" {
-		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
-			rootInfo.LoggerName = l
-		} else {
-			if isatty.IsTerminal(os.Stdout.Fd()) {
-				rootInfo.LoggerName = "pretty"
-			} else {
-				rootInfo.LoggerName = "zap"
-			}
-		}
-	}
-
-	logger.InitLogger(rootInfo.LoggerName)
-
-}
-func initLoggerLevel() {
-	if rootInfo.Logger != helpers.InfoLevel.String() {
-	} else if l := os.Getenv("KS_LOGGER"); l != "" {
-		rootInfo.Logger = l
-	}
-
-	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
-		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
-	}
-}
-
-func initCacheDir() {
-	if rootInfo.CacheDir == getter.DefaultLocalStore {
-		getter.DefaultLocalStore = rootInfo.CacheDir
-	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
-		getter.DefaultLocalStore = cacheDir
-	} else {
-		return // using default cache dir location
-	}
-
-	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
-}
-func initEnvironment() {
-	if armoBEURLsDep != "" {
-		armoBEURLs = armoBEURLsDep
-	}
-	urlSlices := strings.Split(armoBEURLs, ",")
-	if len(urlSlices) != 1 && len(urlSlices) < 3 {
-		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
-	}
-	switch len(urlSlices) {
-	case 1:
-		switch urlSlices[0] {
-		case "dev", "development":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
-		case "stage", "staging":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
-		case "":
-			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
-		default:
-			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-		}
-	case 2:
-		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
-	case 3, 4:
-		var armoAUTHURL string
-		armoERURL := urlSlices[0] // mandatory
-		armoBEURL := urlSlices[1] // mandatory
-		armoFEURL := urlSlices[2] // mandatory
-		if len(urlSlices) <= 4 {
-			armoAUTHURL = urlSlices[3]
-		}
-		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
-	}
-}

cmd/config/config.go

@@ -1,6 +1,7 @@
 package config
 
 import (
+	"github.com/armosec/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )
 
@@ -27,18 +28,18 @@ var (
 `
 )
 
-func GetConfigCmd() *cobra.Command {
+func GetConfigCmd(ks meta.IKubescape) *cobra.Command {
 
 	// configCmd represents the config command
 	configCmd := &cobra.Command{
 		Use:     "config",
-		Short:   "handle cached configurations",
+		Short:   "Handle cached configurations",
 		Example: configExample,
 	}
 
-	configCmd.AddCommand(getDeleteCmd())
-	configCmd.AddCommand(getSetCmd())
-	configCmd.AddCommand(getViewCmd())
+	configCmd.AddCommand(getDeleteCmd(ks))
+	configCmd.AddCommand(getSetCmd(ks))
+	configCmd.AddCommand(getViewCmd(ks))
 
 	return configCmd
 }

cmd/config/delete.go

@@ -0,0 +1,21 @@
+package config
+
+import (
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	return &cobra.Command{
+		Use:   "delete",
+		Short: "Delete cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.DeleteCachedConfig(&v1.DeleteConfig{}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}

cmd/config/set.go

@@ -4,13 +4,13 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
-func getSetCmd() *cobra.Command {
+func getSetCmd(ks meta.IKubescape) *cobra.Command {
 
 	// configCmd represents the config command
 	configSetCmd := &cobra.Command{
@@ -23,7 +23,7 @@ func getSetCmd() *cobra.Command {
 			if err != nil {
 				return err
 			}
-			if err := clihandler.CliSetConfig(setConfig); err != nil {
+			if err := ks.SetCachedConfig(setConfig); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil
@@ -32,13 +32,13 @@ func getSetCmd() *cobra.Command {
 	return configSetCmd
 }
 
-var supportConfigSet = map[string]func(*cliobjects.SetConfig, string){
-	"accountID": func(s *cliobjects.SetConfig, account string) { s.Account = account },
-	"clientID":  func(s *cliobjects.SetConfig, clientID string) { s.ClientID = clientID },
-	"secretKey": func(s *cliobjects.SetConfig, secretKey string) { s.SecretKey = secretKey },
+var supportConfigSet = map[string]func(*metav1.SetConfig, string){
+	"accountID": func(s *metav1.SetConfig, account string) { s.Account = account },
+	"clientID":  func(s *metav1.SetConfig, clientID string) { s.ClientID = clientID },
+	"secretKey": func(s *metav1.SetConfig, secretKey string) { s.SecretKey = secretKey },
 }
 
-func stringKeysToSlice(m map[string]func(*cliobjects.SetConfig, string)) []string {
+func stringKeysToSlice(m map[string]func(*metav1.SetConfig, string)) []string {
 	l := []string{}
 	for i := range m {
 		l = append(l, i)
@@ -46,7 +46,7 @@ func stringKeysToSlice(m map[string]func(*cliobjects.SetConfig, string)) []strin
 	return l
 }
 
-func parseSetArgs(args []string) (*cliobjects.SetConfig, error) {
+func parseSetArgs(args []string) (*metav1.SetConfig, error) {
 	var key string
 	var value string
 	if len(args) == 1 {
@@ -58,7 +58,7 @@ func parseSetArgs(args []string) (*cliobjects.SetConfig, error) {
 		key = args[0]
 		value = args[1]
 	}
-	setConfig := &cliobjects.SetConfig{}
+	setConfig := &metav1.SetConfig{}
 
 	if setConfigFunc, ok := supportConfigSet[key]; ok {
 		setConfigFunc(setConfig, value)

cmd/config/view.go

@@ -0,0 +1,25 @@
+package config
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getViewCmd(ks meta.IKubescape) *cobra.Command {
+
+	// configCmd represents the config command
+	return &cobra.Command{
+		Use:   "view",
+		Short: "View cached configurations",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+			if err := ks.ViewCachedConfig(&v1.ViewConfig{Writer: os.Stdout}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}

cmd/delete/delete.go

@@ -1,12 +1,11 @@
 package delete
 
 import (
-	"github.com/armosec/kubescape/clihandler/cliobjects"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
-var deleteInfo cliobjects.Delete
-
 var deleteExceptionsExamples = `
   # Delete single exception
   kubescape delete exceptions "exception name"
@@ -15,7 +14,9 @@ var deleteExceptionsExamples = `
   kubescape delete exceptions "first exception;second exception;third exception"
 `
 
-func GetDeleteCmd() *cobra.Command {
+func GetDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	var deleteInfo v1.Delete
+
 	var deleteCmd = &cobra.Command{
 		Use:   "delete <command>",
 		Short: "Delete configurations in Kubescape SaaS version",
@@ -25,7 +26,7 @@ func GetDeleteCmd() *cobra.Command {
 	}
 	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
 
-	deleteCmd.AddCommand(getExceptionsCmd())
+	deleteCmd.AddCommand(getExceptionsCmd(ks, &deleteInfo))
 
 	return deleteCmd
 }

cmd/delete/exceptions.go

@@ -4,12 +4,13 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
-func getExceptionsCmd() *cobra.Command {
+func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command {
 	return &cobra.Command{
 		Use:     "exceptions <exception name>",
 		Short:   "Delete exceptions from Kubescape SaaS version. Run 'kubescape list exceptions' for all exceptions names",
@@ -25,7 +26,7 @@ func getExceptionsCmd() *cobra.Command {
 			if len(exceptionsNames) == 0 {
 				logger.L().Fatal("missing exceptions names")
 			}
-			if err := clihandler.DeleteExceptions(deleteInfo.Account, exceptionsNames); err != nil {
+			if err := ks.DeleteExceptions(&v1.DeleteExceptions{Account: deleteInfo.Account, Exceptions: exceptionsNames}); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 		},

cmd/download/download.go

@@ -5,14 +5,14 @@ import (
 	"path/filepath"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
-var downloadInfo = cautils.DownloadInfo{}
-
 var (
 	downloadExample = `
   # Download all artifacts and save them in the default path (~/.kubescape)
@@ -39,18 +39,20 @@ var (
 `
 )
 
-func GeDownloadCmd() *cobra.Command {
+func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
+	var downloadInfo = v1.DownloadInfo{}
+
 	downloadCmd := &cobra.Command{
 		Use:     "download <policy> <policy name>",
-		Short:   fmt.Sprintf("Download %s", strings.Join(clihandler.DownloadSupportCommands(), ",")),
+		Short:   fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")),
 		Long:    ``,
 		Example: downloadExample,
 		Args: func(cmd *cobra.Command, args []string) error {
-			supported := strings.Join(clihandler.DownloadSupportCommands(), ",")
+			supported := strings.Join(core.DownloadSupportCommands(), ",")
 			if len(args) < 1 {
 				return fmt.Errorf("policy type required, supported: %v", supported)
 			}
-			if cautils.StringInSlice(clihandler.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
+			if cautils.StringInSlice(core.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
 				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
 			}
 			return nil
@@ -64,7 +66,7 @@ func GeDownloadCmd() *cobra.Command {
 			if len(args) >= 2 {
 				downloadInfo.Name = args[1]
 			}
-			if err := clihandler.CliDownload(&downloadInfo); err != nil {
+			if err := ks.Download(&downloadInfo); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil

cmd/list/list.go

@@ -4,10 +4,11 @@ import (
 	"fmt"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
@@ -30,8 +31,8 @@ var (
 `
 )
 
-func GetListCmd() *cobra.Command {
-	var listPolicies = cliobjects.ListPolicies{}
+func GetListCmd(ks meta.IKubescape) *cobra.Command {
+	var listPolicies = v1.ListPolicies{}
 
 	listCmd := &cobra.Command{
 		Use:     "list <policy> [flags]",
@@ -39,12 +40,12 @@ func GetListCmd() *cobra.Command {
 		Long:    ``,
 		Example: listExample,
 		Args: func(cmd *cobra.Command, args []string) error {
-			supported := strings.Join(clihandler.ListSupportCommands(), ",")
+			supported := strings.Join(core.ListSupportActions(), ",")
 
 			if len(args) < 1 {
 				return fmt.Errorf("policy type requeued, supported: %s", supported)
 			}
-			if cautils.StringInSlice(clihandler.ListSupportCommands(), args[0]) == cautils.ValueNotFound {
+			if cautils.StringInSlice(core.ListSupportActions(), args[0]) == cautils.ValueNotFound {
 				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
 			}
 			return nil
@@ -52,7 +53,7 @@ func GetListCmd() *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 			listPolicies.Target = args[0]
 
-			if err := clihandler.CliList(&listPolicies); err != nil {
+			if err := ks.List(&listPolicies); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil

cmd/root.go

@@ -0,0 +1,87 @@
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/cmd/completion"
+	"github.com/armosec/kubescape/v2/cmd/config"
+	"github.com/armosec/kubescape/v2/cmd/delete"
+	"github.com/armosec/kubescape/v2/cmd/download"
+	"github.com/armosec/kubescape/v2/cmd/list"
+	"github.com/armosec/kubescape/v2/cmd/scan"
+	"github.com/armosec/kubescape/v2/cmd/submit"
+	"github.com/armosec/kubescape/v2/cmd/version"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/core"
+	"github.com/armosec/kubescape/v2/core/meta"
+
+	"github.com/spf13/cobra"
+)
+
+var rootInfo cautils.RootInfo
+
+var ksExamples = `
+  # Scan command
+  kubescape scan --submit
+
+  # List supported frameworks
+  kubescape list frameworks
+
+  # Download artifacts (air-gapped environment support)
+  kubescape download artifacts
+
+  # View cached configurations
+  kubescape config view
+`
+
+func NewDefaultKubescapeCommand() *cobra.Command {
+	ks := core.NewKubescape()
+	return getRootCmd(ks)
+}
+
+func getRootCmd(ks meta.IKubescape) *cobra.Command {
+
+	rootCmd := &cobra.Command{
+		Use:     "kubescape",
+		Version: cautils.BuildNumber,
+		Short:   "Kubescape is a tool for testing Kubernetes security posture",
+		Long:    `Based on NSA \ MITRE ATT&CK® and other frameworks specifications`,
+		Example: ksExamples,
+	}
+
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLsDep, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLs, "env", "", envFlagUsage)
+	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
+	rootCmd.PersistentFlags().MarkHidden("environment")
+	rootCmd.PersistentFlags().MarkHidden("env")
+
+	rootCmd.PersistentFlags().StringVar(&rootInfo.LoggerName, "logger-name", "", fmt.Sprintf("Logger name. Supported: %s [$KS_LOGGER_NAME]", strings.Join(logger.ListLoggersNames(), "/")))
+	rootCmd.PersistentFlags().MarkHidden("logger-name")
+
+	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
+	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
+
+	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)
+
+	// Supported commands
+	rootCmd.AddCommand(scan.GetScanCommand(ks))
+	rootCmd.AddCommand(download.GeDownloadCmd(ks))
+	rootCmd.AddCommand(delete.GetDeleteCmd(ks))
+	rootCmd.AddCommand(list.GetListCmd(ks))
+	rootCmd.AddCommand(submit.GetSubmitCmd(ks))
+	rootCmd.AddCommand(completion.GetCompletionCmd())
+	rootCmd.AddCommand(version.GetVersionCmd())
+	rootCmd.AddCommand(config.GetConfigCmd(ks))
+
+	return rootCmd
+}
+
+func Execute() error {
+	ks := NewDefaultKubescapeCommand()
+	return ks.Execute()
+}

cmd/rootutils.go

@@ -0,0 +1,89 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+	"strings"
+
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+
+	"github.com/mattn/go-isatty"
+)
+
+const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
+
+func initLogger() {
+	logger.DisableColor(rootInfo.DisableColor)
+
+	if rootInfo.LoggerName == "" {
+		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+			rootInfo.LoggerName = l
+		} else {
+			if isatty.IsTerminal(os.Stdout.Fd()) {
+				rootInfo.LoggerName = "pretty"
+			} else {
+				rootInfo.LoggerName = "zap"
+			}
+		}
+	}
+
+	logger.InitLogger(rootInfo.LoggerName)
+
+}
+func initLoggerLevel() {
+	if rootInfo.Logger == helpers.InfoLevel.String() {
+	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+		rootInfo.Logger = l
+	}
+
+	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+		logger.L().Fatal(fmt.Sprintf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/")), helpers.Error(err))
+	}
+}
+
+func initCacheDir() {
+	if rootInfo.CacheDir != getter.DefaultLocalStore {
+		getter.DefaultLocalStore = rootInfo.CacheDir
+	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+		getter.DefaultLocalStore = cacheDir
+	} else {
+		return // using default cache dir location
+	}
+
+	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+}
+func initEnvironment() {
+	if rootInfo.ArmoBEURLs == "" {
+		rootInfo.ArmoBEURLs = rootInfo.ArmoBEURLsDep
+	}
+	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
+	}
+	switch len(urlSlices) {
+	case 1:
+		switch urlSlices[0] {
+		case "dev", "development":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+		case "stage", "staging":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+		case "":
+			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+		default:
+			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+		}
+	case 2:
+		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+	case 3, 4:
+		var armoAUTHURL string
+		armoERURL := urlSlices[0] // mandatory
+		armoBEURL := urlSlices[1] // mandatory
+		armoFEURL := urlSlices[2] // mandatory
+		if len(urlSlices) >= 4 {
+			armoAUTHURL = urlSlices[3]
+		}
+		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+	}
+}

cmd/scan/control.go

@@ -6,10 +6,13 @@ import (
 	"os"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )
 
@@ -32,7 +35,7 @@ var (
 )
 
 // controlCmd represents the control command
-func getControlCmd(scanInfo *cautils.ScanInfo) *cobra.Command {
+func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
 	return &cobra.Command{
 		Use:     "control <control names list>/<control ids list>",
 		Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
@@ -55,18 +58,18 @@ func getControlCmd(scanInfo *cautils.ScanInfo) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 
 			// flagValidationControl(scanInfo)
-			scanInfo.PolicyIdentifier = []reporthandling.PolicyIdentifier{}
+			scanInfo.PolicyIdentifier = []cautils.PolicyIdentifier{}
 
 			if len(args) == 0 {
 				scanInfo.ScanAll = true
 			} else { // expected control or list of control sepparated by ","
 
 				// Read controls from input args
-				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), reporthandling.KindControl)
+				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), apisv1.KindControl)
 
 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {
-						scanInfo.InputPatterns = args[1:]
+						scanInfo.InputPatterns = []string{args[1]}
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -84,40 +87,20 @@ func getControlCmd(scanInfo *cautils.ScanInfo) *cobra.Command {
 
 			scanInfo.FrameworkScan = false
 
-			results, err := clihandler.Scan(scanInfo)
+			results, err := ks.Scan(scanInfo)
 			if err != nil {
 				logger.L().Fatal(err.Error())
 			}
-			results.HandleResults()
+			if err := results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
-				return fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", results.GetRiskScore(), scanInfo.FailThreshold)
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
 			return nil
 		},
 	}
 }
-
-// func flagValidationControl() {
-// 	if 100 < scanInfo.FailThreshold {
-// 		logger.L().Fatal("bad argument: out of range threshold")
-// 	}
-// }
-
-// func setScanForFirstControl(scanInfo, controls []string) []reporthandling.PolicyIdentifier {
-// 	newPolicy := reporthandling.PolicyIdentifier{}
-// 	newPolicy.Kind = reporthandling.KindControl
-// 	newPolicy.Name = controls[0]
-// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	return scanInfo.PolicyIdentifier
-// }
-
-// func SetScanForGivenControls(scanInfo, controls []string) []reporthandling.PolicyIdentifier {
-// 	for _, control := range controls {
-// 		control := strings.TrimLeft(control, " ")
-// 		newPolicy := reporthandling.PolicyIdentifier{}
-// 		newPolicy.Kind = reporthandling.KindControl
-// 		newPolicy.Name = control
-// 		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	}
-// 	return scanInfo.PolicyIdentifier
-// }

cmd/scan/framework.go

@@ -6,10 +6,13 @@ import (
 	"os"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/opa-utils/reporthandling"
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )
 
@@ -27,14 +30,14 @@ var (
   # Scan all frameworks
   kubescape scan framework all
 
-  # Scan kubernetes YAML manifest files
+  # Scan kubernetes YAML manifest files (single file or glob)
   kubescape scan framework nsa *.yaml
 
   Run 'kubescape list frameworks' for the list of supported frameworks
 `
 )
 
-func getFrameworkCmd(scanInfo *cautils.ScanInfo) *cobra.Command {
+func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
 
 	return &cobra.Command{
 		Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
@@ -58,7 +61,9 @@ func getFrameworkCmd(scanInfo *cautils.ScanInfo) *cobra.Command {
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
 
-			flagValidationFramework(scanInfo)
+			if err := flagValidationFramework(scanInfo); err != nil {
+				return err
+			}
 			scanInfo.FrameworkScan = true
 
 			var frameworks []string
@@ -74,7 +79,7 @@ func getFrameworkCmd(scanInfo *cautils.ScanInfo) *cobra.Command {
 				}
 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {
-						scanInfo.InputPatterns = args[1:]
+						scanInfo.InputPatterns = []string{args[1]}
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -91,40 +96,33 @@ func getFrameworkCmd(scanInfo *cautils.ScanInfo) *cobra.Command {
 			}
 			scanInfo.FrameworkScan = true
 
-			scanInfo.SetPolicyIdentifiers(frameworks, reporthandling.KindFramework)
+			scanInfo.SetPolicyIdentifiers(frameworks, apisv1.KindFramework)
 
-			results, err := clihandler.Scan(scanInfo)
+			results, err := ks.Scan(scanInfo)
 			if err != nil {
 				logger.L().Fatal(err.Error())
 			}
-			results.HandleResults()
+
+			if err = results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
-				return fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", results.GetRiskScore(), scanInfo.FailThreshold)
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
 			return nil
 		},
 	}
 }
 
-// func init() {
-// 	scanCmd.AddCommand(frameworkCmd)
-// 	scanInfo = cautils.ScanInfo{}
-
-// }
-
-// func SetScanForFirstFramework(frameworks []string) []reporthandling.PolicyIdentifier {
-// 	newPolicy := reporthandling.PolicyIdentifier{}
-// 	newPolicy.Kind = reporthandling.KindFramework
-// 	newPolicy.Name = frameworks[0]
-// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	return scanInfo.PolicyIdentifier
-// }
-
-func flagValidationFramework(scanInfo *cautils.ScanInfo) {
+func flagValidationFramework(scanInfo *cautils.ScanInfo) error {
 	if scanInfo.Submit && scanInfo.Local {
-		logger.L().Fatal("you can use `keep-local` or `submit`, but not both")
+		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
 	}
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
+	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
+		return fmt.Errorf("bad argument: out of range threshold")
 	}
+	return nil
 }

cmd/scan/scan.go

@@ -1,8 +1,11 @@
 package scan
 
 import (
+	"fmt"
+
 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )
 
@@ -10,7 +13,7 @@ var scanCmdExamples = `
   Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defind frameworks 
   
   # Scan current cluster with all frameworks
-  kubescape scan --submit --enable-host-scan
+  kubescape scan --submit --enable-host-scan --verbose
 
   # Scan kubernetes YAML manifest files
   kubescape scan *.yaml
@@ -26,7 +29,7 @@ var scanCmdExamples = `
   
 `
 
-func GetScanCommand() *cobra.Command {
+func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	var scanInfo cautils.ScanInfo
 
 	// scanCmd represents the scan command
@@ -39,7 +42,7 @@ func GetScanCommand() *cobra.Command {
 			if len(args) > 0 {
 				if args[0] != "framework" && args[0] != "control" {
 					scanInfo.ScanAll = true
-					return getFrameworkCmd(&scanInfo).RunE(cmd, append([]string{"all"}, args...))
+					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{"all"}, args...))
 				}
 			}
 			return nil
@@ -48,7 +51,7 @@ func GetScanCommand() *cobra.Command {
 
 			if len(args) == 0 {
 				scanInfo.ScanAll = true
-				return getFrameworkCmd(&scanInfo).RunE(cmd, []string{"all"})
+				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{"all"})
 			}
 			return nil
 		},
@@ -71,15 +74,16 @@ func GetScanCommand() *cobra.Command {
 	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to ARMO backend. Use this flag if you ran with the '--submit' flag in the past and you do not want to submit your current scan results")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
-	scanCmd.PersistentFlags().BoolVar(&scanInfo.VerboseMode, "verbose", false, "Display all of the input resources and not only failed resources")
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display all of the input resources and not only failed resources")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.View, "view", string(cautils.ResourceViewType), fmt.Sprintf("View results based on the %s/%s. default is --view=%s", cautils.ResourceViewType, cautils.ControlViewType, cautils.ResourceViewType))
 	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
 	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Send the scan results to ARMO management portal where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host sensor DaemonSet. Use this flag cautiously")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host scanner DaemonSet. Use this flag cautiously")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 
 	// Deprecated flags - remove 1.May.2022
+	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Silent, "silent", "s", false, "Silent progress messages")
 	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")
 
 	// hidden flags
@@ -87,12 +91,12 @@ func GetScanCommand() *cobra.Command {
 	scanCmd.PersistentFlags().MarkHidden("silent")         // this flag should be deprecated since we added the --logger support
 	// scanCmd.PersistentFlags().MarkHidden("format-version") // meant for testing different output approaches and not for common use
 
-	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://raw.githubusercontent.com/armosec/kubescape/master/hostsensorutils/hostsensor.yaml")
+	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy ARMO K8s host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/armosec/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
 	hostF.NoOptDefVal = "true"
 	hostF.DefValue = "false, for no TTY in stdin"
 
-	scanCmd.AddCommand(getControlCmd(&scanInfo))
-	scanCmd.AddCommand(getFrameworkCmd(&scanInfo))
+	scanCmd.AddCommand(getControlCmd(ks, &scanInfo))
+	scanCmd.AddCommand(getFrameworkCmd(ks, &scanInfo))
 
 	return scanCmd
 }

cmd/submit/exceptions.go

@@ -3,13 +3,14 @@ package submit
 import (
 	"fmt"
 
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+
 	"github.com/spf13/cobra"
 )
 
-func getExceptionsCmd(submitInfo *cliobjects.Submit) *cobra.Command {
+func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Command {
 	return &cobra.Command{
 		Use:   "exceptions <full path to exceptins file>",
 		Short: "Submit exceptions to the Kubescape SaaS version",
@@ -20,7 +21,7 @@ func getExceptionsCmd(submitInfo *cliobjects.Submit) *cobra.Command {
 			return nil
 		},
 		Run: func(cmd *cobra.Command, args []string) {
-			if err := clihandler.SubmitExceptions(submitInfo.Account, args[0]); err != nil {
+			if err := ks.SubmitExceptions(submitInfo.Account, args[0]); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 		},

cmd/submit/rbac.go

@@ -2,20 +2,22 @@ package submit
 
 import (
 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+
+	reporterv1 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v1"
+
 	"github.com/armosec/rbac-utils/rbacscanner"
 	"github.com/spf13/cobra"
 )
 
 // getRBACCmd represents the RBAC command
-func getRBACCmd(submitInfo *cliobjects.Submit) *cobra.Command {
+func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 	return &cobra.Command{
 		Use:   "rbac \nExample:\n$ kubescape submit rbac",
 		Short: "Submit cluster's Role-Based Access Control(RBAC)",
@@ -31,7 +33,7 @@ func getRBACCmd(submitInfo *cliobjects.Submit) *cobra.Command {
 			}
 
 			// list RBAC
-			rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetClusterName()))
+			rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetContextName()))
 
 			// submit resources
 			r := reporterv1.NewReportEventReceiver(clusterConfig.GetConfigObj())
@@ -42,7 +44,7 @@ func getRBACCmd(submitInfo *cliobjects.Submit) *cobra.Command {
 				Reporter:      r,
 			}
 
-			if err := clihandler.Submit(submitInterfaces); err != nil {
+			if err := ks.Submit(submitInterfaces); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil

cmd/submit/results.go

@@ -7,14 +7,15 @@ import (
 	"time"
 
 	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	reporterv1 "github.com/armosec/kubescape/resultshandling/reporter/v1"
-	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
+	reporterv1 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v1"
+	reporterv2 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v2"
+
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/google/uuid"
 	"github.com/spf13/cobra"
@@ -55,7 +56,7 @@ func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinter
 	return map[string]workloadinterface.IMetadata{}, nil
 }
 
-func getResultsCmd(submitInfo *cliobjects.Submit) *cobra.Command {
+func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 	var resultsCmd = &cobra.Command{
 		Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json --format-version v2",
 		Short: "Submit a pre scanned results file. The file must be in json format",
@@ -73,7 +74,7 @@ func getResultsCmd(submitInfo *cliobjects.Submit) *cobra.Command {
 				logger.L().Error("failed setting account ID", helpers.Error(err))
 			}
 
-			resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetClusterName(), args[0])
+			resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetContextName(), args[0])
 
 			// submit resources
 			var r reporter.IReport
@@ -91,7 +92,7 @@ func getResultsCmd(submitInfo *cliobjects.Submit) *cobra.Command {
 				Reporter:      r,
 			}
 
-			if err := clihandler.Submit(submitInterfaces); err != nil {
+			if err := ks.Submit(submitInterfaces); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil

cmd/submit/submit.go

@@ -1,7 +1,8 @@
 package submit
 
 import (
-	"github.com/armosec/kubescape/clihandler/cliobjects"
+	"github.com/armosec/kubescape/v2/core/meta"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )
 
@@ -9,8 +10,8 @@ var submitCmdExamples = `
 
 `
 
-func GetSubmitCmd() *cobra.Command {
-	var submitInfo cliobjects.Submit
+func GetSubmitCmd(ks meta.IKubescape) *cobra.Command {
+	var submitInfo metav1.Submit
 
 	submitCmd := &cobra.Command{
 		Use:   "submit <command>",
@@ -21,9 +22,9 @@ func GetSubmitCmd() *cobra.Command {
 	}
 	submitCmd.PersistentFlags().StringVarP(&submitInfo.Account, "account", "", "", "Armo portal account ID. Default will load account ID from configMap or config file")
 
-	submitCmd.AddCommand(getExceptionsCmd(&submitInfo))
-	submitCmd.AddCommand(getResultsCmd(&submitInfo))
-	submitCmd.AddCommand(getRBACCmd(&submitInfo))
+	submitCmd.AddCommand(getExceptionsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getResultsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getRBACCmd(ks, &submitInfo))
 
 	return submitCmd
 }

cmd/version/version.go

@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"os"
 
-	"github.com/armosec/kubescape/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/spf13/cobra"
 )
 

core/README.md

@@ -0,0 +1,14 @@
+# Kubescape core package
+
+```go
+
+// initialize kubescape
+ks := core.NewKubescape()
+
+// scan cluster
+results, err := ks.Scan(&cautils.ScanInfo{})
+
+// convert scan results to json
+jsonRes, err := results.ToJson()
+
+```

core/cautils/customerloader.go

@@ -10,7 +10,8 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	corev1 "k8s.io/api/core/v1"
 )
 
@@ -66,8 +67,9 @@ type ITenantConfig interface {
 	DeleteCachedConfig() error
 
 	// getters
-	GetClusterName() string
+	GetContextName() string
 	GetAccountID() string
+	GetTennatEmail() string
 	GetConfigObj() *ConfigObj
 	// GetBackendAPI() getter.IBackend
 	// GenerateURL()
@@ -117,8 +119,9 @@ func NewLocalConfig(
 }
 
 func (lc *LocalConfig) GetConfigObj() *ConfigObj { return lc.configObj }
+func (lc *LocalConfig) GetTennatEmail() string   { return lc.configObj.CustomerAdminEMail }
 func (lc *LocalConfig) GetAccountID() string     { return lc.configObj.AccountID }
-func (lc *LocalConfig) GetClusterName() string   { return lc.configObj.ClusterName }
+func (lc *LocalConfig) GetContextName() string   { return lc.configObj.ClusterName }
 func (lc *LocalConfig) IsConfigFound() bool      { return existsConfigFile() }
 func (lc *LocalConfig) SetTenant() error {
 
@@ -135,7 +138,10 @@ func (lc *LocalConfig) UpdateCachedConfig() error {
 }
 
 func (lc *LocalConfig) DeleteCachedConfig() error {
-	return DeleteConfigFile()
+	if err := DeleteConfigFile(); err != nil {
+		logger.L().Warning(err.Error())
+	}
+	return nil
 }
 
 func getTenantConfigFromBE(backendAPI getter.IBackend, configObj *ConfigObj) error {
@@ -213,7 +219,7 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 	getAccountFromEnv(c.configObj)
 
 	if c.configObj.ClusterName == "" {
-		c.configObj.ClusterName = AdoptClusterName(k8sinterface.GetClusterName())
+		c.configObj.ClusterName = AdoptClusterName(k8sinterface.GetContextName())
 	} else { // override the cluster name if it has unwanted characters
 		c.configObj.ClusterName = AdoptClusterName(c.configObj.ClusterName)
 	}
@@ -228,6 +234,7 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 func (c *ClusterConfig) GetConfigObj() *ConfigObj { return c.configObj }
 func (c *ClusterConfig) GetDefaultNS() string     { return c.configMapNamespace }
 func (c *ClusterConfig) GetAccountID() string     { return c.configObj.AccountID }
+func (c *ClusterConfig) GetTennatEmail() string   { return c.configObj.CustomerAdminEMail }
 func (c *ClusterConfig) IsConfigFound() bool      { return existsConfigFile() || c.existsConfigMap() }
 
 func (c *ClusterConfig) SetTenant() error {
@@ -257,14 +264,14 @@ func (c *ClusterConfig) UpdateCachedConfig() error {
 
 func (c *ClusterConfig) DeleteCachedConfig() error {
 	if err := c.deleteConfigMap(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	if err := DeleteConfigFile(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	return nil
 }
-func (c *ClusterConfig) GetClusterName() string {
+func (c *ClusterConfig) GetContextName() string {
 	return c.configObj.ClusterName
 }
 

core/cautils/datastructures.go

@@ -0,0 +1,88 @@
+package cautils
+
+import (
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/opa-utils/reporthandling"
+	apis "github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+)
+
+// K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
+type K8SResources map[string][]string
+type ArmoResources map[string][]string
+
+type OPASessionObj struct {
+	K8SResources          *K8SResources                          // input k8s objects
+	ArmoResource          *ArmoResources                         // input ARMO objects
+	Policies              []reporthandling.Framework             // list of frameworks to scan
+	AllResources          map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
+	ResourcesResult       map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
+	ResourceSource        map[string]string                      // resources sources, map[<rtesource ID>]<resource result>
+	PostureReport         *reporthandling.PostureReport          // scan results v1 - Remove
+	Report                *reporthandlingv2.PostureReport        // scan results v2 - Remove
+	Exceptions            []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
+	RegoInputData         RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
+	Metadata              *reporthandlingv2.Metadata
+	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
+	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
+	SessionID             string                     // SessionID
+}
+
+func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
+	return &OPASessionObj{
+		Report:                &reporthandlingv2.PostureReport{},
+		Policies:              frameworks,
+		K8SResources:          k8sResources,
+		AllResources:          make(map[string]workloadinterface.IMetadata),
+		ResourcesResult:       make(map[string]resourcesresults.Result),
+		InfoMap:               make(map[string]apis.StatusInfo),
+		ResourceToControlsMap: make(map[string][]string),
+		ResourceSource:        make(map[string]string),
+		SessionID:             scanInfo.ScanID,
+		PostureReport: &reporthandling.PostureReport{
+			ClusterName:  ClusterName,
+			CustomerGUID: CustomerGUID,
+		},
+		Metadata: scanInfoToScanMetadata(scanInfo),
+	}
+}
+
+func NewOPASessionObjMock() *OPASessionObj {
+	return &OPASessionObj{
+		Policies:        nil,
+		K8SResources:    nil,
+		AllResources:    make(map[string]workloadinterface.IMetadata),
+		ResourcesResult: make(map[string]resourcesresults.Result),
+		Report:          &reporthandlingv2.PostureReport{},
+		PostureReport: &reporthandling.PostureReport{
+			ClusterName:  "",
+			CustomerGUID: "",
+			ReportID:     "",
+			JobID:        "",
+		},
+	}
+}
+
+type ComponentConfig struct {
+	Exceptions Exception `json:"exceptions"`
+}
+
+type Exception struct {
+	Ignore        *bool                      `json:"ignore"`        // ignore test results
+	MultipleScore *reporthandling.AlertScore `json:"multipleScore"` // MultipleScore number - float32
+	Namespaces    []string                   `json:"namespaces"`
+	Regex         string                     `json:"regex"` // not supported
+}
+
+type RegoInputData struct {
+	PostureControlInputs map[string][]string `json:"postureControlInputs"`
+	// ClusterName          string              `json:"clusterName"`
+	// K8sConfig            RegoK8sConfig       `json:"k8sconfig"`
+}
+
+type Policies struct {
+	Frameworks []string
+	Controls   map[string]reporthandling.Control // map[<control ID>]<control>
+}

core/cautils/datastructuresmethods.go

@@ -1,10 +1,10 @@
 package cautils
 
 import (
-	pkgcautils "github.com/armosec/utils-go/utils"
 	"golang.org/x/mod/semver"
 
 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/utils-go/boolutils"
 )
 
 func NewPolicies() *Policies {
@@ -40,7 +40,7 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 		return false
 	}
 	if s, ok := attributes["armoOpa"]; ok { // TODO - make global
-		return pkgcautils.StringToBool(s.(string))
+		return boolutils.StringToBool(s.(string))
 	}
 	return false
 }
@@ -51,18 +51,16 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 func isRuleKubescapeVersionCompatible(attributes map[string]interface{}, version string) bool {
 	if from, ok := attributes["useFromKubescapeVersion"]; ok && from != nil {
 		if version != "" {
-
-			if semver.Compare(from.(string), BuildNumber) > 0 {
+			if semver.Compare(version, from.(string)) == -1 {
 				return false
 			}
 		}
 	}
 	if until, ok := attributes["useUntilKubescapeVersion"]; ok && until != nil {
-		if version != "" {
-			if semver.Compare(BuildNumber, until.(string)) >= 0 {
-				return false
-			}
-		} else {
+		if version == "" {
+			return false
+		}
+		if semver.Compare(version, until.(string)) >= 0 {
 			return false
 		}
 	}

core/cautils/display.go

@@ -4,7 +4,7 @@ import (
 	"os"
 	"time"
 
-	"github.com/briandowns/spinner"
+	spinnerpkg "github.com/briandowns/spinner"
 	"github.com/fatih/color"
 	"github.com/mattn/go-isatty"
 )
@@ -18,18 +18,24 @@ var SimpleDisplay = color.New().FprintfFunc()
 var SuccessDisplay = color.New(color.Bold, color.FgHiGreen).FprintfFunc()
 var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()
 
-var Spinner *spinner.Spinner
+var spinner *spinnerpkg.Spinner
 
 func StartSpinner() {
+	if spinner != nil {
+		if !spinner.Active() {
+			spinner.Start()
+		}
+		return
+	}
 	if isatty.IsTerminal(os.Stdout.Fd()) {
-		Spinner = spinner.New(spinner.CharSets[7], 100*time.Millisecond) // Build our new spinner
-		Spinner.Start()
+		spinner = spinnerpkg.New(spinnerpkg.CharSets[7], 100*time.Millisecond) // Build our new spinner
+		spinner.Start()
 	}
 }
 
 func StopSpinner() {
-	if Spinner == nil {
+	if spinner == nil || !spinner.Active() {
 		return
 	}
-	Spinner.Stop()
+	spinner.Stop()
 }

core/cautils/environments.go

@@ -0,0 +1,7 @@
+package cautils
+
+// CA environment vars
+var (
+	CustomerGUID = ""
+	ClusterName  = ""
+)

core/cautils/fileutils.go

@@ -9,14 +9,14 @@ import (
 	"strings"
 
 	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	"github.com/armosec/opa-utils/objectsenvelopes"
 	"gopkg.in/yaml.v2"
 )
 
 var (
-	YAML_PREFIX = []string{".yaml", ".yml"}
-	JSON_PREFIX = []string{".json"}
+	YAML_PREFIX = []string{"yaml", "yml"}
+	JSON_PREFIX = []string{"json"}
 )
 
 type FileFormat string
@@ -26,7 +26,7 @@ const (
 	JSON_FILE_FORMAT FileFormat = "json"
 )
 
-func LoadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetadata, error) {
+func LoadResourcesFromFiles(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error) {
 	files, errs := listFiles(inputPatterns)
 	if len(errs) > 0 {
 		logger.L().Error(fmt.Sprintf("%v", errs))
@@ -42,8 +42,8 @@ func LoadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetada
 	return workloads, nil
 }
 
-func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
-	workloads := []workloadinterface.IMetadata{}
+func loadFiles(filePaths []string) (map[string][]workloadinterface.IMetadata, []error) {
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
 	errs := []error{}
 	for i := range filePaths {
 		f, err := loadFile(filePaths[i])
@@ -54,7 +54,12 @@ func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
 		w, e := ReadFile(f, GetFileFormat(filePaths[i]))
 		errs = append(errs, e...)
 		if w != nil {
-			workloads = append(workloads, w...)
+			if _, ok := workloads[filePaths[i]]; !ok {
+				workloads[filePaths[i]] = []workloadinterface.IMetadata{}
+			}
+			wSlice := workloads[filePaths[i]]
+			wSlice = append(wSlice, w...)
+			workloads[filePaths[i]] = wSlice
 		}
 	}
 	return workloads, errs
@@ -73,7 +78,6 @@ func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IM
 	default:
 		return nil, nil // []error{fmt.Errorf("file extension %s not supported", fileFromat)}
 	}
-
 }
 
 func listFiles(patterns []string) ([]string, []error) {
@@ -173,11 +177,11 @@ func convertYamlToJson(i interface{}) interface{} {
 }
 
 func IsYaml(filePath string) bool {
-	return StringInSlice(YAML_PREFIX, filepath.Ext(filePath)) != ValueNotFound
+	return StringInSlice(YAML_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
 }
 
 func IsJson(filePath string) bool {
-	return StringInSlice(JSON_PREFIX, filepath.Ext(filePath)) != ValueNotFound
+	return StringInSlice(JSON_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
 }
 
 func glob(root, pattern string) ([]string, error) {

core/cautils/fileutils_test.go

@@ -11,7 +11,7 @@ import (
 
 func onlineBoutiquePath() string {
 	o, _ := os.Getwd()
-	return filepath.Join(filepath.Dir(o), "examples/online-boutique/*")
+	return filepath.Join(filepath.Dir(o), "../examples/online-boutique/*")
 }
 
 func TestListFiles(t *testing.T) {
@@ -23,6 +23,20 @@ func TestListFiles(t *testing.T) {
 	assert.Equal(t, 12, len(files))
 }
 
+func TestLoadResourcesFromFiles(t *testing.T) {
+	workloads, err := LoadResourcesFromFiles([]string{onlineBoutiquePath()})
+	assert.NoError(t, err)
+	assert.Equal(t, 12, len(workloads))
+
+	for i, w := range workloads {
+		switch filepath.Base(i) {
+		case "adservice.yaml":
+			assert.Equal(t, 2, len(w))
+			assert.Equal(t, "apps/v1//Deployment/adservice", w[0].GetID())
+			assert.Equal(t, "/v1//Service/adservice", w[1].GetID())
+		}
+	}
+}
 func TestLoadFiles(t *testing.T) {
 	files, _ := listFiles([]string{onlineBoutiquePath()})
 	_, err := loadFiles(files)

core/cautils/floatutils.go

@@ -0,0 +1,18 @@
+package cautils
+
+import "math"
+
+// Float64ToInt convert float64 to int
+func Float64ToInt(x float64) int {
+	return int(math.Round(x))
+}
+
+// Float32ToInt convert float32 to int
+func Float32ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}
+
+// Float16ToInt convert float16 to int
+func Float16ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}

core/cautils/floatutils_test.go

@@ -0,0 +1,24 @@
+package cautils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFloat64ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float64ToInt(3.49))
+	assert.Equal(t, 4, Float64ToInt(3.5))
+	assert.Equal(t, 4, Float64ToInt(3.51))
+}
+
+func TestFloat32ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float32ToInt(3.49))
+	assert.Equal(t, 4, Float32ToInt(3.5))
+	assert.Equal(t, 4, Float32ToInt(3.51))
+}
+func TestFloat16ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float16ToInt(3.49))
+	assert.Equal(t, 4, Float16ToInt(3.5))
+	assert.Equal(t, 4, Float16ToInt(3.51))
+}

core/cautils/getter/armoapi.go

@@ -10,8 +10,8 @@ import (
 	"time"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/armosec/opa-utils/reporthandling"
 )
 
@@ -163,7 +163,6 @@ func (armoAPI *ArmoAPI) GetFramework(name string) (*reporthandling.Framework, er
 	if err = JSONDecoder(respStr).Decode(framework); err != nil {
 		return nil, err
 	}
-	SaveInFile(framework, GetDefaultPath(name+".json"))
 
 	return framework, err
 }
@@ -233,7 +232,14 @@ func (armoAPI *ArmoAPI) GetAccountConfig(clusterName string) (*armotypes.Custome
 	}
 
 	if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
-		return nil, err
+		// try with default scope
+		respStr, err = armoAPI.Get(armoAPI.getAccountConfigDefault(clusterName), nil)
+		if err != nil {
+			return nil, err
+		}
+		if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
+			return nil, err
+		}
 	}
 
 	return accountConfig, nil

core/cautils/getter/armoapiutils.go

@@ -9,12 +9,23 @@ import (
 	"strings"
 )
 
+func parseHost(urlObj *url.URL) {
+	if strings.Contains(urlObj.Host, "http://") {
+		urlObj.Scheme = "http"
+		urlObj.Host = strings.Replace(urlObj.Host, "http://", "", 1)
+	} else {
+		urlObj.Scheme = "https"
+		urlObj.Host = strings.Replace(urlObj.Host, "https://", "", 1)
+	}
+}
+
 var NativeFrameworks = []string{"nsa", "mitre", "armobest", "devopsbest"}
 
 func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Host = armoAPI.GetAPIURL()
+	parseHost(&u)
+
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
 	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
@@ -31,8 +42,9 @@ func (armoAPI *ArmoAPI) getFrameworkURL(frameworkName string) string {
 
 func (armoAPI *ArmoAPI) getListFrameworkURL() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Host = armoAPI.GetAPIURL()
+	parseHost(&u)
+
 	u.Path = "api/v1/armoFrameworks"
 	q := u.Query()
 	q.Add("customerGUID", armoAPI.getCustomerGUIDFallBack())
@@ -42,8 +54,8 @@ func (armoAPI *ArmoAPI) getListFrameworkURL() string {
 }
 func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Host = armoAPI.GetAPIURL()
+	parseHost(&u)
 	u.Path = "api/v1/armoPostureExceptions"
 
 	q := u.Query()
@@ -58,8 +70,8 @@ func (armoAPI *ArmoAPI) getExceptionsURL(clusterName string) string {
 
 func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Host = armoAPI.GetAPIURL()
+	parseHost(&u)
 	u.Path = "api/v1/postureExceptionPolicy"
 
 	q := u.Query()
@@ -73,10 +85,16 @@ func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	return u.String()
 }
 
+func (armoAPI *ArmoAPI) getAccountConfigDefault(clusterName string) string {
+	config := armoAPI.getAccountConfig(clusterName)
+	url := config + "&scope=customer"
+	return url
+}
+
 func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Host = armoAPI.GetAPIURL()
+	parseHost(&u)
 	u.Path = "api/v1/armoCustomerConfiguration"
 
 	q := u.Query()
@@ -91,8 +109,8 @@ func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 
 func (armoAPI *ArmoAPI) getAccountURL() string {
 	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
+	u.Host = armoAPI.GetAPIURL()
+	parseHost(&u)
 	u.Path = "api/v1/createTenant"
 	return u.String()
 }
@@ -100,7 +118,6 @@ func (armoAPI *ArmoAPI) getAccountURL() string {
 func (armoAPI *ArmoAPI) getApiToken() string {
 	u := url.URL{}
 	u.Scheme = "https"
-	u.Host = armoAPI.authURL
 	u.Path = "frontegg/identity/resources/auth/v1/api-token"
 	return u.String()
 }
@@ -108,7 +125,6 @@ func (armoAPI *ArmoAPI) getApiToken() string {
 func (armoAPI *ArmoAPI) getOpenidCustomers() string {
 	u := url.URL{}
 	u.Scheme = "https"
-	u.Host = armoAPI.apiURL
 	u.Path = "api/v1/openid_customers"
 	return u.String()
 }

core/cautils/logger/methods.go

@@ -4,10 +4,10 @@ import (
 	"os"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/cautils/logger/nonelogger"
-	"github.com/armosec/kubescape/cautils/logger/prettylogger"
-	"github.com/armosec/kubescape/cautils/logger/zaplogger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/nonelogger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/prettylogger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/zaplogger"
 )
 
 type ILogger interface {

core/cautils/logger/nonelogger/logger.go

@@ -3,7 +3,7 @@ package nonelogger
 import (
 	"os"
 
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 )
 
 const LoggerName string = "none"

core/cautils/logger/prettylogger/colors.go

@@ -3,7 +3,7 @@ package prettylogger
 import (
 	"io"
 
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/fatih/color"
 )
 

core/cautils/logger/prettylogger/logger.go

@@ -5,7 +5,7 @@ import (
 	"os"
 	"sync"
 
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 )
 
 const LoggerName string = "pretty"

core/cautils/logger/zaplogger/logger.go

@@ -3,7 +3,7 @@ package zaplogger
 import (
 	"os"
 
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"go.uber.org/zap"
 	"go.uber.org/zap/zapcore"
 )

core/cautils/reportv2tov1.go

@@ -11,8 +11,7 @@ func ReportV2ToV1(opaSessionObj *OPASessionObj) {
 	if len(opaSessionObj.PostureReport.FrameworkReports) > 0 {
 		return // report already converted
 	}
-
-	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider
+	//	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider
 
 	frameworks := []reporthandling.FrameworkReport{}
 

core/cautils/rootinfo.go

@@ -0,0 +1,89 @@
+package cautils
+
+type RootInfo struct {
+	Logger       string // logger level
+	LoggerName   string // logger name ("pretty"/"zap"/"none")
+	CacheDir     string // cached dir
+	DisableColor bool   // Disable Color
+
+	ArmoBEURLs    string // armo url
+	ArmoBEURLsDep string // armo url
+}
+
+// func (rootInfo *RootInfo) InitLogger() {
+// 	logger.DisableColor(rootInfo.DisableColor)
+
+// 	if rootInfo.LoggerName == "" {
+// 		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+// 			rootInfo.LoggerName = l
+// 		} else {
+// 			if isatty.IsTerminal(os.Stdout.Fd()) {
+// 				rootInfo.LoggerName = "pretty"
+// 			} else {
+// 				rootInfo.LoggerName = "zap"
+// 			}
+// 		}
+// 	}
+
+// 	logger.InitLogger(rootInfo.LoggerName)
+
+// }
+// func (rootInfo *RootInfo) InitLoggerLevel() error {
+// 	if rootInfo.Logger == helpers.InfoLevel.String() {
+// 	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+// 		rootInfo.Logger = l
+// 	}
+
+// 	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+// 		return fmt.Errorf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/"))
+// 	}
+// 	return nil
+// }
+
+// func (rootInfo *RootInfo) InitCacheDir() error {
+// 	if rootInfo.CacheDir == getter.DefaultLocalStore {
+// 		getter.DefaultLocalStore = rootInfo.CacheDir
+// 	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+// 		getter.DefaultLocalStore = cacheDir
+// 	} else {
+// 		return nil // using default cache dir location
+// 	}
+
+// 	// TODO create dir if not found exist
+// 	// logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+// 	return nil
+// }
+// func (rootInfo *RootInfo) InitEnvironment() error {
+
+// 	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+// 	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+// 		return fmt.Errorf("expected at least 2 URLs (report,api,frontend,auth)")
+// 	}
+// 	switch len(urlSlices) {
+// 	case 1:
+// 		switch urlSlices[0] {
+// 		case "dev", "development":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+// 		case "stage", "staging":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+// 		case "":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+// 		default:
+// 			return fmt.Errorf("unknown environment")
+// 		}
+// 	case 2:
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, "", ""))
+// 	case 3, 4:
+// 		var armoAUTHURL string
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		armoFEURL := urlSlices[2] // mandatory
+// 		if len(urlSlices) <= 4 {
+// 			armoAUTHURL = urlSlices[3]
+// 		}
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+// 	}
+// 	return nil
+// }

core/cautils/scaninfo.go

@@ -0,0 +1,318 @@
+package cautils
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/armosec/armoapi-go/armotypes"
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	giturl "github.com/armosec/go-git-url"
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/opa-utils/reporthandling"
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/google/uuid"
+)
+
+const (
+	ScanCluster                string = "cluster"
+	ScanLocalFiles             string = "yaml"
+	localControlInputsFilename string = "controls-inputs.json"
+	localExceptionsFilename    string = "exceptions.json"
+)
+
+type BoolPtrFlag struct {
+	valPtr *bool
+}
+
+func NewBoolPtr(b *bool) BoolPtrFlag {
+	return BoolPtrFlag{valPtr: b}
+}
+
+func (bpf *BoolPtrFlag) Type() string {
+	return "bool"
+}
+
+func (bpf *BoolPtrFlag) String() string {
+	if bpf.valPtr != nil {
+		return fmt.Sprintf("%v", *bpf.valPtr)
+	}
+	return ""
+}
+func (bpf *BoolPtrFlag) Get() *bool {
+	return bpf.valPtr
+}
+func (bpf *BoolPtrFlag) GetBool() bool {
+	if bpf.valPtr == nil {
+		return false
+	}
+	return *bpf.valPtr
+}
+
+func (bpf *BoolPtrFlag) SetBool(val bool) {
+	bpf.valPtr = &val
+}
+
+func (bpf *BoolPtrFlag) Set(val string) error {
+	switch val {
+	case "true":
+		bpf.SetBool(true)
+	case "false":
+		bpf.SetBool(false)
+	}
+	return nil
+}
+
+// TODO - UPDATE
+type ViewTypes string
+
+const (
+	ResourceViewType ViewTypes = "resource"
+	ControlViewType  ViewTypes = "control"
+)
+
+type PolicyIdentifier struct {
+	Name        string                        // policy name e.g. nsa,mitre,c-0012
+	Kind        apisv1.NotificationPolicyKind // policy kind e.g. Framework,Control,Rule
+	Designators armotypes.PortalDesignator
+}
+
+type ScanInfo struct {
+	Getters                               // TODO - remove from object
+	PolicyIdentifier   []PolicyIdentifier // TODO - remove from object
+	UseExceptions      string             // Load file with exceptions configuration
+	ControlsInputs     string             // Load file with inputs for controls
+	UseFrom            []string           // Load framework from local file (instead of download). Use when running offline
+	UseDefault         bool               // Load framework from cached file (instead of download). Use when running offline
+	UseArtifactsFrom   string             // Load artifacts from local path. Use when running offline
+	VerboseMode        bool               // Display all of the input resources and not only failed resources
+	View               string             // Display all of the input resources and not only failed resources
+	Format             string             // Format results (table, json, junit ...)
+	Output             string             // Store results in an output file, Output file name
+	FormatVersion      string             // Output object can be differnet between versions, this is for testing and backward compatibility
+	ExcludedNamespaces string             // used for host scanner namespace
+	IncludeNamespaces  string             //
+	InputPatterns      []string           // Yaml files input patterns
+	Silent             bool               // Silent mode - Do not print progress logs
+	FailThreshold      float32            // Failure score threshold
+	Submit             bool               // Submit results to Armo BE
+	ScanID             string             // Report id of the current scan
+	HostSensorEnabled  BoolPtrFlag        // Deploy ARMO K8s host scanner to collect data from certain controls
+	HostSensorYamlPath string             // Path to hostsensor file
+	Local              bool               // Do not submit results
+	Account            string             // account ID
+	KubeContext        string             // context name
+	FrameworkScan      bool               // false if scanning control
+	ScanAll            bool               // true if scan all frameworks
+}
+
+type Getters struct {
+	ExceptionsGetter     getter.IExceptionsGetter
+	ControlsInputsGetter getter.IControlsInputsGetter
+	PolicyGetter         getter.IPolicyGetter
+}
+
+func (scanInfo *ScanInfo) Init() {
+	scanInfo.setUseFrom()
+	scanInfo.setOutputFile()
+	scanInfo.setUseArtifactsFrom()
+	if scanInfo.ScanID == "" {
+		scanInfo.ScanID = uuid.NewString()
+	}
+
+}
+
+func (scanInfo *ScanInfo) setUseArtifactsFrom() {
+	if scanInfo.UseArtifactsFrom == "" {
+		return
+	}
+	// UseArtifactsFrom must be a path without a filename
+	dir, file := filepath.Split(scanInfo.UseArtifactsFrom)
+	if dir == "" {
+		scanInfo.UseArtifactsFrom = file
+	} else if strings.Contains(file, ".json") {
+		scanInfo.UseArtifactsFrom = dir
+	}
+	// set frameworks files
+	files, err := ioutil.ReadDir(scanInfo.UseArtifactsFrom)
+	if err != nil {
+		logger.L().Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
+	}
+	framework := &reporthandling.Framework{}
+	for _, f := range files {
+		filePath := filepath.Join(scanInfo.UseArtifactsFrom, f.Name())
+		file, err := os.ReadFile(filePath)
+		if err == nil {
+			if err := json.Unmarshal(file, framework); err == nil {
+				scanInfo.UseFrom = append(scanInfo.UseFrom, filepath.Join(scanInfo.UseArtifactsFrom, f.Name()))
+			}
+		}
+	}
+	// set config-inputs file
+	scanInfo.ControlsInputs = filepath.Join(scanInfo.UseArtifactsFrom, localControlInputsFilename)
+	// set exceptions
+	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
+}
+
+func (scanInfo *ScanInfo) setUseFrom() {
+	if scanInfo.UseDefault {
+		for _, policy := range scanInfo.PolicyIdentifier {
+			scanInfo.UseFrom = append(scanInfo.UseFrom, getter.GetDefaultPath(policy.Name+".json"))
+		}
+	}
+}
+
+func (scanInfo *ScanInfo) setOutputFile() {
+	if scanInfo.Output == "" {
+		return
+	}
+	if scanInfo.Format == "json" {
+		if filepath.Ext(scanInfo.Output) != ".json" {
+			scanInfo.Output += ".json"
+		}
+	}
+	if scanInfo.Format == "junit" {
+		if filepath.Ext(scanInfo.Output) != ".xml" {
+			scanInfo.Output += ".xml"
+		}
+	}
+	if scanInfo.Format == "pdf" {
+		if filepath.Ext(scanInfo.Output) != ".pdf" {
+			scanInfo.Output += ".pdf"
+		}
+	}
+}
+
+func (scanInfo *ScanInfo) GetScanningEnvironment() string {
+	if len(scanInfo.InputPatterns) != 0 {
+		return ScanLocalFiles
+	}
+	return ScanCluster
+}
+
+func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind) {
+	for _, policy := range policies {
+		if !scanInfo.contains(policy) {
+			newPolicy := PolicyIdentifier{}
+			newPolicy.Kind = kind
+			newPolicy.Name = policy
+			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
+		}
+	}
+}
+
+func (scanInfo *ScanInfo) contains(policyName string) bool {
+	for _, policy := range scanInfo.PolicyIdentifier {
+		if policy.Name == policyName {
+			return true
+		}
+	}
+	return false
+}
+
+func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata {
+	metadata := &reporthandlingv2.Metadata{}
+
+	metadata.ScanMetadata.Format = scanInfo.Format
+	metadata.ScanMetadata.FormatVersion = scanInfo.FormatVersion
+	metadata.ScanMetadata.Submit = scanInfo.Submit
+
+	// TODO - Add excluded and included namespaces
+	// if len(scanInfo.ExcludedNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.ExcludedNamespaces = strings.Split(scanInfo.ExcludedNamespaces[1:], ",")
+	// }
+	// if len(scanInfo.IncludeNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.IncludeNamespaces = strings.Split(scanInfo.IncludeNamespaces[1:], ",")
+	// }
+
+	// scan type
+	if len(scanInfo.PolicyIdentifier) > 0 {
+		metadata.ScanMetadata.TargetType = string(scanInfo.PolicyIdentifier[0].Kind)
+	}
+	// append frameworks
+	for _, policy := range scanInfo.PolicyIdentifier {
+		metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Name)
+	}
+
+	metadata.ScanMetadata.KubescapeVersion = BuildNumber
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.FailThreshold = scanInfo.FailThreshold
+	metadata.ScanMetadata.HostScanner = scanInfo.HostSensorEnabled.GetBool()
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.ControlsInputs = scanInfo.ControlsInputs
+
+	metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Cluster
+	if scanInfo.GetScanningEnvironment() == ScanLocalFiles {
+		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File
+	}
+
+	inputFiles := ""
+	if len(scanInfo.InputPatterns) > 0 {
+		inputFiles = scanInfo.InputPatterns[0]
+	}
+	setContextMetadata(&metadata.ContextMetadata, inputFiles)
+
+	return metadata
+}
+
+func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) {
+	//  cluster
+	if input == "" {
+		contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{
+			ContextName: k8sinterface.GetContextName(),
+		}
+		return
+	}
+
+	// url
+	if gitParser, err := giturl.NewGitURL(input); err == nil {
+		if gitParser.GetBranch() == "" {
+			gitParser.SetDefaultBranch()
+		}
+		contextMetadata.RepoContextMetadata = &reporthandlingv2.RepoContextMetadata{
+			Repo:   gitParser.GetRepo(),
+			Owner:  gitParser.GetOwner(),
+			Branch: gitParser.GetBranch(),
+		}
+		return
+	}
+
+	if !filepath.IsAbs(input) {
+		if o, err := os.Getwd(); err == nil {
+			input = filepath.Join(o, input)
+		}
+	}
+
+	//  single file
+	if IsFile(input) {
+		contextMetadata.FileContextMetadata = &reporthandlingv2.FileContextMetadata{
+			FilePath: input,
+			HostName: getHostname(),
+		}
+		return
+	}
+
+	//  dir/glob
+	if !IsFile(input) {
+		contextMetadata.DirectoryContextMetadata = &reporthandlingv2.DirectoryContextMetadata{
+			BasePath: input,
+			HostName: getHostname(),
+		}
+		return
+	}
+
+}
+
+func getHostname() string {
+	if h, e := os.Hostname(); e == nil {
+		return h
+	}
+	return ""
+}

core/cautils/scaninfo_test.go

@@ -0,0 +1,67 @@
+package cautils
+
+import (
+	"testing"
+
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestSetContextMetadata(t *testing.T) {
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "")
+
+		assert.NotNil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "file")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.NotNil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+
+		hostName := getHostname()
+		assert.Contains(t, ctx.DirectoryContextMetadata.BasePath, "file")
+		assert.Equal(t, hostName, ctx.DirectoryContextMetadata.HostName)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "scaninfo_test.go")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.NotNil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+
+		hostName := getHostname()
+		assert.Contains(t, ctx.FileContextMetadata.FilePath, "scaninfo_test.go")
+		assert.Equal(t, hostName, ctx.FileContextMetadata.HostName)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "https://github.com/armosec/kubescape")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.NotNil(t, ctx.RepoContextMetadata)
+
+		assert.Equal(t, "kubescape", ctx.RepoContextMetadata.Repo)
+		assert.Equal(t, "armosec", ctx.RepoContextMetadata.Owner)
+		assert.Equal(t, "master", ctx.RepoContextMetadata.Branch)
+	}
+}
+
+func TestGetHostname(t *testing.T) {
+	assert.NotEqual(t, "", getHostname())
+}

core/cautils/versioncheck.go

@@ -6,14 +6,15 @@ import (
 	"net/http"
 	"os"
 
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	pkgutils "github.com/armosec/utils-go/utils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/utils-go/boolutils"
 	"golang.org/x/mod/semver"
 )
 
-const SKIP_VERSION_CHECK = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"
 
 var BuildNumber string
 
@@ -27,7 +28,9 @@ func NewIVersionCheckHandler() IVersionCheckHandler {
 	if BuildNumber == "" {
 		logger.L().Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
 	}
-	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && pkgutils.StringToBool(v) {
+	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && boolutils.StringToBool(v) {
+		return NewVersionCheckHandlerMock()
+	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
 	}
 	return NewVersionCheckHandler()
@@ -98,7 +101,7 @@ func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckReques
 	}
 
 	if latestVersion.ClientUpdate != "" {
-		if BuildNumber != "" && semver.Compare(BuildNumber, latestVersion.ClientUpdate) >= 0 {
+		if BuildNumber != "" && semver.Compare(BuildNumber, latestVersion.ClientUpdate) == -1 {
 			logger.L().Warning(warningMessage(latestVersion.ClientUpdate))
 		}
 	}

core/cautils/versioncheck_test.go

@@ -6,6 +6,7 @@ import (
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/stretchr/testify/assert"
+	"golang.org/x/mod/semver"
 )
 
 func TestGetKubernetesObjects(t *testing.T) {
@@ -30,9 +31,38 @@ func TestIsRuleKubescapeVersionCompatible(t *testing.T) {
 	assert.True(t, isRuleKubescapeVersionCompatible(rule_v1_0_134.Attributes, buildNumberMock))
 
 	// should only use rules that version is in range of use
-	buildNumberMock = "v1.0.133"
+	buildNumberMock = "v1.0.130"
 	assert.True(t, isRuleKubescapeVersionCompatible(rule_v1_0_131.Attributes, buildNumberMock))
 	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_132.Attributes, buildNumberMock))
 	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_133.Attributes, buildNumberMock))
 	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_134.Attributes, buildNumberMock))
+
+	// should only use rules that version is in range of use
+	buildNumberMock = "v1.0.132"
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_131.Attributes, buildNumberMock))
+	assert.True(t, isRuleKubescapeVersionCompatible(rule_v1_0_132.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_133.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_134.Attributes, buildNumberMock))
+
+	// should only use rules that version is in range of use
+	buildNumberMock = "v1.0.133"
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_131.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_132.Attributes, buildNumberMock))
+	assert.True(t, isRuleKubescapeVersionCompatible(rule_v1_0_133.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_134.Attributes, buildNumberMock))
+
+	// should only use rules that version is in range of use
+	buildNumberMock = "v1.0.135"
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_131.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_132.Attributes, buildNumberMock))
+	assert.False(t, isRuleKubescapeVersionCompatible(rule_v1_0_133.Attributes, buildNumberMock))
+	assert.True(t, isRuleKubescapeVersionCompatible(rule_v1_0_134.Attributes, buildNumberMock))
+}
+
+func TestCheckLatestVersion(t *testing.T) {
+	assert.Equal(t, -1, semver.Compare("v2.0.150", "v2.0.151"))
+	assert.Equal(t, 0, semver.Compare("v2.0.150", "v2.0.150"))
+	assert.Equal(t, 1, semver.Compare("v2.0.150", "v2.0.149"))
+	assert.Equal(t, -1, semver.Compare("v2.0.150", "v3.0.150"))
+
 }

core/cautils/workloadmappingutils.go

@@ -0,0 +1,52 @@
+package cautils
+
+import (
+	"strings"
+
+	"github.com/armosec/opa-utils/reporthandling/apis"
+)
+
+var (
+	ImageVulnResources  = []string{"ImageVulnerabilities"}
+	HostSensorResources = []string{"KubeletConfiguration",
+		"KubeletCommandLine",
+		"OsReleaseFile",
+		"KernelVersion",
+		"LinuxSecurityHardeningStatus",
+		"OpenPortsList",
+		"LinuxKernelVariables"}
+	CloudResources = []string{"ClusterDescribe"}
+)
+
+func MapArmoResource(armoResourceMap *ArmoResources, resources []string) []string {
+	var hostResources []string
+	for k := range *armoResourceMap {
+		for _, resource := range resources {
+			if strings.Contains(k, resource) {
+				hostResources = append(hostResources, k)
+			}
+		}
+	}
+	return hostResources
+}
+
+func MapHostResources(armoResourceMap *ArmoResources) []string {
+	return MapArmoResource(armoResourceMap, HostSensorResources)
+}
+
+func MapImageVulnResources(armoResourceMap *ArmoResources) []string {
+	return MapArmoResource(armoResourceMap, ImageVulnResources)
+}
+
+func MapCloudResources(armoResourceMap *ArmoResources) []string {
+	return MapArmoResource(armoResourceMap, CloudResources)
+}
+
+func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo) {
+	for _, resource := range resources {
+		errorMap[resource] = apis.StatusInfo{
+			InnerInfo:   info,
+			InnerStatus: apis.StatusSkipped,
+		}
+	}
+}

core/core/cachedconfig.go

@@ -0,0 +1,37 @@
+package core
+
+import (
+	"fmt"
+
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+)
+
+func (ks *Kubescape) SetCachedConfig(setConfig *metav1.SetConfig) error {
+
+	tenant := getTenantConfig("", "", getKubernetesApi())
+
+	if setConfig.Account != "" {
+		tenant.GetConfigObj().AccountID = setConfig.Account
+	}
+	if setConfig.SecretKey != "" {
+		tenant.GetConfigObj().SecretKey = setConfig.SecretKey
+	}
+	if setConfig.ClientID != "" {
+		tenant.GetConfigObj().ClientID = setConfig.ClientID
+	}
+
+	return tenant.UpdateCachedConfig()
+}
+
+// View cached configurations
+func (ks *Kubescape) ViewCachedConfig(viewConfig *metav1.ViewConfig) error {
+	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
+	fmt.Fprintf(viewConfig.Writer, "%s\n", tenant.GetConfigObj().Config())
+	return nil
+}
+
+func (ks *Kubescape) DeleteCachedConfig(deleteConfig *metav1.DeleteConfig) error {
+
+	tenant := getTenantConfig("", "", getKubernetesApi()) // change k8sinterface
+	return tenant.DeleteCachedConfig()
+}

core/core/delete.go

@@ -1,17 +1,18 @@
-package clihandler
+package core
 
 import (
 	"fmt"
 
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	v1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 )
 
-func DeleteExceptions(accountID string, exceptions []string) error {
+func (ks *Kubescape) DeleteExceptions(delExceptions *v1.DeleteExceptions) error {
 
 	// load cached config
-	getTenantConfig(accountID, "", getKubernetesApi())
+	getTenantConfig(delExceptions.Account, "", getKubernetesApi())
 
 	// login kubescape SaaS
 	armoAPI := getter.GetArmoAPIConnector()
@@ -19,8 +20,8 @@ func DeleteExceptions(accountID string, exceptions []string) error {
 		return err
 	}
 
-	for i := range exceptions {
-		exceptionName := exceptions[i]
+	for i := range delExceptions.Exceptions {
+		exceptionName := delExceptions.Exceptions[i]
 		if exceptionName == "" {
 			continue
 		}

core/core/download.go

@@ -1,18 +1,19 @@
-package clihandler
+package core
 
 import (
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"
 
 	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 )
 
-var downloadFunc = map[string]func(*cautils.DownloadInfo) error{
+var downloadFunc = map[string]func(*metav1.DownloadInfo) error{
 	"controls-inputs": downloadConfigInputs,
 	"exceptions":      downloadExceptions,
 	"control":         downloadControl,
@@ -28,15 +29,18 @@ func DownloadSupportCommands() []string {
 	return commands
 }
 
-func CliDownload(downloadInfo *cautils.DownloadInfo) error {
+func (ks *Kubescape) Download(downloadInfo *metav1.DownloadInfo) error {
 	setPathandFilename(downloadInfo)
+	if err := os.MkdirAll(downloadInfo.Path, os.ModePerm); err != nil {
+		return err
+	}
 	if err := downloadArtifact(downloadInfo, downloadFunc); err != nil {
 		return err
 	}
 	return nil
 }
 
-func downloadArtifact(downloadInfo *cautils.DownloadInfo, downloadArtifactFunc map[string]func(*cautils.DownloadInfo) error) error {
+func downloadArtifact(downloadInfo *metav1.DownloadInfo, downloadArtifactFunc map[string]func(*metav1.DownloadInfo) error) error {
 	if f, ok := downloadArtifactFunc[downloadInfo.Target]; ok {
 		if err := f(downloadInfo); err != nil {
 			return err
@@ -46,7 +50,7 @@ func downloadArtifact(downloadInfo *cautils.DownloadInfo, downloadArtifactFunc m
 	return fmt.Errorf("unknown command to download")
 }
 
-func setPathandFilename(downloadInfo *cautils.DownloadInfo) {
+func setPathandFilename(downloadInfo *metav1.DownloadInfo) {
 	if downloadInfo.Path == "" {
 		downloadInfo.Path = getter.GetDefaultPath("")
 	} else {
@@ -60,32 +64,35 @@ func setPathandFilename(downloadInfo *cautils.DownloadInfo) {
 	}
 }
 
-func downloadArtifacts(downloadInfo *cautils.DownloadInfo) error {
+func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error {
 	downloadInfo.FileName = ""
-	var artifacts = map[string]func(*cautils.DownloadInfo) error{
+	var artifacts = map[string]func(*metav1.DownloadInfo) error{
 		"controls-inputs": downloadConfigInputs,
 		"exceptions":      downloadExceptions,
 		"framework":       downloadFramework,
 	}
 	for artifact := range artifacts {
-		if err := downloadArtifact(&cautils.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
+		if err := downloadArtifact(&metav1.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
 			logger.L().Error("error downloading", helpers.String("artifact", artifact), helpers.Error(err))
 		}
 	}
 	return nil
 }
 
-func downloadConfigInputs(downloadInfo *cautils.DownloadInfo) error {
+func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 
 	controlsInputsGetter := getConfigInputsGetter(downloadInfo.Name, tenant.GetAccountID(), nil)
-	controlInputs, err := controlsInputsGetter.GetControlsInputs(tenant.GetClusterName())
+	controlInputs, err := controlsInputsGetter.GetControlsInputs(tenant.GetContextName())
 	if err != nil {
 		return err
 	}
 	if downloadInfo.FileName == "" {
 		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
 	}
+	if controlInputs == nil {
+		return fmt.Errorf("failed to download controlInputs - received an empty objects")
+	}
 	// save in file
 	err = getter.SaveInFile(controlInputs, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	if err != nil {
@@ -95,14 +102,14 @@ func downloadConfigInputs(downloadInfo *cautils.DownloadInfo) error {
 	return nil
 }
 
-func downloadExceptions(downloadInfo *cautils.DownloadInfo) error {
+func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 	var err error
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 
 	exceptionsGetter := getExceptionsGetter("")
 	exceptions := []armotypes.PostureExceptionPolicy{}
 	if tenant.GetAccountID() != "" {
-		exceptions, err = exceptionsGetter.GetExceptions(tenant.GetClusterName())
+		exceptions, err = exceptionsGetter.GetExceptions(tenant.GetContextName())
 		if err != nil {
 			return err
 		}
@@ -119,11 +126,11 @@ func downloadExceptions(downloadInfo *cautils.DownloadInfo) error {
 	return nil
 }
 
-func downloadFramework(downloadInfo *cautils.DownloadInfo) error {
+func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 
-	g := getPolicyGetter(nil, tenant.GetAccountID(), true, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), true, nil)
 
 	if downloadInfo.Name == "" {
 		// if framework name not specified - download all frameworks
@@ -148,6 +155,9 @@ func downloadFramework(downloadInfo *cautils.DownloadInfo) error {
 		if err != nil {
 			return err
 		}
+		if framework == nil {
+			return fmt.Errorf("failed to download framework - received an empty objects")
+		}
 		downloadTo := filepath.Join(downloadInfo.Path, downloadInfo.FileName)
 		err = getter.SaveInFile(framework, downloadTo)
 		if err != nil {
@@ -158,11 +168,11 @@ func downloadFramework(downloadInfo *cautils.DownloadInfo) error {
 	return nil
 }
 
-func downloadControl(downloadInfo *cautils.DownloadInfo) error {
+func downloadControl(downloadInfo *metav1.DownloadInfo) error {
 
 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())
 
-	g := getPolicyGetter(nil, tenant.GetAccountID(), false, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), false, nil)
 
 	if downloadInfo.Name == "" {
 		// TODO - support
@@ -175,6 +185,9 @@ func downloadControl(downloadInfo *cautils.DownloadInfo) error {
 	if err != nil {
 		return err
 	}
+	if controls == nil {
+		return fmt.Errorf("failed to download control - received an empty objects")
+	}
 	downloadTo := filepath.Join(downloadInfo.Path, downloadInfo.FileName)
 	err = getter.SaveInFile(controls, downloadTo)
 	if err != nil {

core/core/initutils.go

@@ -1,20 +1,18 @@
-package clihandler
+package core
 
 import (
 	"fmt"
-	"os"
 
 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/hostsensorutils"
-	"github.com/armosec/kubescape/resourcehandler"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	reporterv2 "github.com/armosec/kubescape/resultshandling/reporter/v2"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/pkg/hostsensorutils"
+	"github.com/armosec/kubescape/v2/core/pkg/resourcehandler"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
+	reporterv2 "github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter/v2"
 
-	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/rbac-utils/rbacscanner"
 )
 
@@ -43,16 +41,16 @@ func getExceptionsGetter(useExceptions string) getter.IExceptionsGetter {
 
 func getRBACHandler(tenantConfig cautils.ITenantConfig, k8s *k8sinterface.KubernetesApi, submit bool) *cautils.RBACObjects {
 	if submit {
-		return cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, tenantConfig.GetAccountID(), tenantConfig.GetClusterName()))
+		return cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, tenantConfig.GetAccountID(), tenantConfig.GetContextName()))
 	}
 	return nil
 }
 
-func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fwScan, clusterScan bool) reporter.IReport {
-	if submit && clusterScan {
+func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fwScan bool) reporter.IReport {
+	if submit {
 		return reporterv2.NewReportEventReceiver(tenantConfig.GetConfigObj(), reportID)
 	}
-	if tenantConfig.GetAccountID() == "" && fwScan && clusterScan {
+	if tenantConfig.GetAccountID() == "" {
 		// Add link only when scanning a cluster using a framework
 		return reporterv2.NewReportMock(reporterv2.NO_SUBMIT_QUERY, "run kubescape with the '--submit' flag")
 	}
@@ -60,9 +58,7 @@ func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fw
 	if !fwScan {
 		message = "Kubescape does not submit scan results when scanning controls"
 	}
-	if !clusterScan {
-		message = "Kubescape will submit scan results only when scanning a cluster (not YAML files)"
-	}
+
 	return reporterv2.NewReportMock("", message)
 }
 
@@ -82,15 +78,15 @@ func getHostSensorHandler(scanInfo *cautils.ScanInfo, k8s *k8sinterface.Kubernet
 	}
 
 	hasHostSensorControls := true
-	// we need to determined which controls needs host sensor
+	// we need to determined which controls needs host scanner
 	if scanInfo.HostSensorEnabled.Get() == nil && hasHostSensorControls {
-		scanInfo.HostSensorEnabled.SetBool(askUserForHostSensor())
+		scanInfo.HostSensorEnabled.SetBool(false) // default - do not run host scanner
 		logger.L().Warning("Kubernetes cluster nodes scanning is disabled. This is required to collect valuable data for certain controls. You can enable it using  the --enable-host-scan flag")
 	}
 	if hostSensorVal := scanInfo.HostSensorEnabled.Get(); hostSensorVal != nil && *hostSensorVal {
 		hostSensorHandler, err := hostsensorutils.NewHostSensorHandler(k8s, scanInfo.HostSensorYamlPath)
 		if err != nil {
-			logger.L().Warning(fmt.Sprintf("failed to create host sensor: %s", err.Error()))
+			logger.L().Warning(fmt.Sprintf("failed to create host scanner: %s", err.Error()))
 			return &hostsensorutils.HostSensorHandlerMock{}
 		}
 		return hostSensorHandler
@@ -108,7 +104,7 @@ func getFieldSelector(scanInfo *cautils.ScanInfo) resourcehandler.IFieldSelector
 	return &resourcehandler.EmptySelector{}
 }
 
-func policyIdentifierNames(pi []reporthandling.PolicyIdentifier) string {
+func policyIdentifierNames(pi []cautils.PolicyIdentifier) string {
 	policiesNames := ""
 	for i := range pi {
 		policiesNames += pi[i].Name
@@ -153,11 +149,11 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC
 }
 
 // setPolicyGetter set the policy getter - local file/github release/ArmoAPI
-func getPolicyGetter(loadPoliciesFromFile []string, accountID string, frameworkScope bool, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
+func getPolicyGetter(loadPoliciesFromFile []string, tennatEmail string, frameworkScope bool, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
 	if len(loadPoliciesFromFile) > 0 {
 		return getter.NewLoadPolicy(loadPoliciesFromFile)
 	}
-	if accountID != "" && frameworkScope {
+	if tennatEmail != "" && frameworkScope {
 		g := getter.GetArmoAPIConnector() // download policy from ARMO backend
 		return g
 	}
@@ -195,7 +191,7 @@ func getConfigInputsGetter(ControlsInputs string, accountID string, downloadRele
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
 	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull config inputs, fallback to BE
-		cautils.WarningDisplay(os.Stderr, "Warning: failed to get config inputs from github release, this may affect the scanning results\n")
+		logger.L().Warning("failed to get config inputs from github release, this may affect the scanning results", helpers.Error(err))
 	}
 	return downloadReleasedPolicy
 }

core/core/kscore.go

@@ -0,0 +1,7 @@
+package core
+
+type Kubescape struct{}
+
+func NewKubescape() *Kubescape {
+	return &Kubescape{}
+}

core/core/list.go

@@ -1,4 +1,4 @@
-package clihandler
+package core
 
 import (
 	"encoding/json"
@@ -6,29 +6,29 @@ import (
 	"sort"
 	"strings"
 
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/clihandler/cliobjects"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
 )
 
-var listFunc = map[string]func(*cliobjects.ListPolicies) ([]string, error){
+var listFunc = map[string]func(*metav1.ListPolicies) ([]string, error){
 	"controls":   listControls,
 	"frameworks": listFrameworks,
 	"exceptions": listExceptions,
 }
 
-var listFormatFunc = map[string]func(*cliobjects.ListPolicies, []string){
+var listFormatFunc = map[string]func(*metav1.ListPolicies, []string){
 	"pretty-print": prettyPrintListFormat,
 	"json":         jsonListFormat,
 }
 
-func ListSupportCommands() []string {
+func ListSupportActions() []string {
 	commands := []string{}
 	for k := range listFunc {
 		commands = append(commands, k)
 	}
 	return commands
 }
-func CliList(listPolicies *cliobjects.ListPolicies) error {
+func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {
 	if f, ok := listFunc[listPolicies.Target]; ok {
 		policies, err := f(listPolicies)
 		if err != nil {
@@ -43,17 +43,17 @@ func CliList(listPolicies *cliobjects.ListPolicies) error {
 	return fmt.Errorf("unknown command to download")
 }
 
-func listFrameworks(listPolicies *cliobjects.ListPolicies) ([]string, error) {
+func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
-	g := getPolicyGetter(nil, tenant.GetAccountID(), true, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), true, nil)
 
 	return listFrameworksNames(g), nil
 }
 
-func listControls(listPolicies *cliobjects.ListPolicies) ([]string, error) {
+func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
 
-	g := getPolicyGetter(nil, tenant.GetAccountID(), false, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), false, nil)
 	l := getter.ListName
 	if listPolicies.ListIDs {
 		l = getter.ListID
@@ -61,8 +61,8 @@ func listControls(listPolicies *cliobjects.ListPolicies) ([]string, error) {
 	return g.ListControls(l)
 }
 
-func listExceptions(listPolicies *cliobjects.ListPolicies) ([]string, error) {
-	// load tenant config
+func listExceptions(listPolicies *metav1.ListPolicies) ([]string, error) {
+	// load tenant metav1
 	getTenantConfig(listPolicies.Account, "", getKubernetesApi())
 
 	var exceptionsNames []string
@@ -77,12 +77,12 @@ func listExceptions(listPolicies *cliobjects.ListPolicies) ([]string, error) {
 	return exceptionsNames, nil
 }
 
-func prettyPrintListFormat(listPolicies *cliobjects.ListPolicies, policies []string) {
+func prettyPrintListFormat(listPolicies *metav1.ListPolicies, policies []string) {
 	sep := "\n  * "
 	fmt.Printf("Supported %s:%s%s\n", listPolicies.Target, sep, strings.Join(policies, sep))
 }
 
-func jsonListFormat(listPolicies *cliobjects.ListPolicies, policies []string) {
+func jsonListFormat(listPolicies *metav1.ListPolicies, policies []string) {
 	j, _ := json.MarshalIndent(policies, "", "  ")
 	fmt.Printf("%s\n", j)
 }

core/core/scan.go

@@ -1,27 +1,25 @@
-package clihandler
+package core
 
 import (
 	"fmt"
-	"io/fs"
-	"os"
 
-	"github.com/armosec/armoapi-go/armotypes"
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
 	"github.com/armosec/k8s-interface/k8sinterface"
-	"github.com/armosec/kubescape/resultshandling/printer"
 
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/hostsensorutils"
-	"github.com/armosec/kubescape/opaprocessor"
-	"github.com/armosec/kubescape/policyhandler"
-	"github.com/armosec/kubescape/resourcehandler"
-	"github.com/armosec/kubescape/resultshandling"
-	"github.com/armosec/kubescape/resultshandling/reporter"
-	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/pkg/hostsensorutils"
+	"github.com/armosec/kubescape/v2/core/pkg/opaprocessor"
+	"github.com/armosec/kubescape/v2/core/pkg/policyhandler"
+	"github.com/armosec/kubescape/v2/core/pkg/resourcehandler"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/printer"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
+
 	"github.com/armosec/opa-utils/resources"
-	"github.com/mattn/go-isatty"
 )
 
 type componentInterfaces struct {
@@ -50,6 +48,11 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// Set submit behavior AFTER loading tenant config
 	setSubmitBehavior(scanInfo, tenantConfig)
 
+	// Do not submit yaml scanning
+	if len(scanInfo.InputPatterns) > 0 {
+		scanInfo.Submit = false
+	}
+
 	if scanInfo.Submit {
 		// submit - Create tenant & Submit report
 		if err := tenantConfig.SetTenant(); err != nil {
@@ -62,11 +65,11 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	v := cautils.NewIVersionCheckHandler()
 	v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierNames(scanInfo.PolicyIdentifier), "", scanInfo.GetScanningEnvironment()))
 
-	// ================== setup host sensor object ======================================
+	// ================== setup host scanner object ======================================
 
 	hostSensorHandler := getHostSensorHandler(scanInfo, k8s)
 	if err := hostSensorHandler.Init(); err != nil {
-		logger.L().Error("failed to init host sensor", helpers.Error(err))
+		logger.L().Error("failed to init host scanner", helpers.Error(err))
 		hostSensorHandler = &hostsensorutils.HostSensorHandlerMock{}
 	}
 	// excluding hostsensor namespace
@@ -88,10 +91,10 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// ================== setup reporter & printer objects ======================================
 
 	// reporting behavior - setup reporter
-	reportHandler := getReporter(tenantConfig, scanInfo.ReportID, scanInfo.Submit, scanInfo.FrameworkScan, len(scanInfo.InputPatterns) == 0)
+	reportHandler := getReporter(tenantConfig, scanInfo.ScanID, scanInfo.Submit, scanInfo.FrameworkScan)
 
 	// setup printer
-	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.FormatVersion, scanInfo.VerboseMode)
+	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.FormatVersion, scanInfo.VerboseMode, cautils.ViewTypes(scanInfo.View))
 	printerHandler.SetWriter(scanInfo.Output)
 
 	// ================== return interface ======================================
@@ -105,7 +108,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	}
 }
 
-func Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
+func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
 	logger.L().Info("ARMO security scanner starting")
 
 	// ===================== Initialization =====================
@@ -113,27 +116,27 @@ func Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
 
 	interfaces := getInterfaces(scanInfo)
 
-	cautils.ClusterName = interfaces.tenantConfig.GetClusterName() // TODO - Deprecated
+	cautils.ClusterName = interfaces.tenantConfig.GetContextName() // TODO - Deprecated
 	cautils.CustomerGUID = interfaces.tenantConfig.GetAccountID()  // TODO - Deprecated
-	interfaces.report.SetClusterName(interfaces.tenantConfig.GetClusterName())
+	interfaces.report.SetClusterName(interfaces.tenantConfig.GetContextName())
 	interfaces.report.SetCustomerGUID(interfaces.tenantConfig.GetAccountID())
 
 	downloadReleasedPolicy := getter.NewDownloadReleasedPolicy() // download config inputs from github release
 
 	// set policy getter only after setting the customerGUID
-	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetAccountID(), scanInfo.FrameworkScan, downloadReleasedPolicy)
+	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetTennatEmail(), scanInfo.FrameworkScan, downloadReleasedPolicy)
 	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
 	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(scanInfo.UseExceptions)
 
 	// TODO - list supported frameworks/controls
 	if scanInfo.ScanAll {
-		scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), reporthandling.KindFramework)
+		scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), apisv1.KindFramework)
 	}
 
 	// remove host scanner components
 	defer func() {
 		if err := interfaces.hostSensorHandler.TearDown(); err != nil {
-			logger.L().Error("failed to tear down host sensor", helpers.Error(err))
+			logger.L().Error("failed to tear down host scanner", helpers.Error(err))
 		}
 	}()
 
@@ -141,13 +144,13 @@ func Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
 
 	// ===================== policies & resources =====================
 	policyHandler := policyhandler.NewPolicyHandler(interfaces.resourceHandler)
-	scanData, err := CollectResources(policyHandler, scanInfo)
+	scanData, err := policyHandler.CollectResources(scanInfo.PolicyIdentifier, scanInfo)
 	if err != nil {
 		return resultsHandling, err
 	}
 
 	// ========================= opa testing =====================
-	deps := resources.NewRegoDependenciesData(k8sinterface.GetK8sConfig(), interfaces.tenantConfig.GetClusterName())
+	deps := resources.NewRegoDependenciesData(k8sinterface.GetK8sConfig(), interfaces.tenantConfig.GetContextName())
 	reportResults := opaprocessor.NewOPAProcessor(scanData, deps)
 	if err := reportResults.ProcessRulesListenner(); err != nil {
 		// TODO - do something
@@ -164,46 +167,24 @@ func Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
 	return resultsHandling, nil
 }
 
-func CollectResources(policyHandler *policyhandler.PolicyHandler, scanInfo *cautils.ScanInfo) (*cautils.OPASessionObj, error) {
-	policyNotification := &reporthandling.PolicyNotification{
-		Rules: scanInfo.PolicyIdentifier,
-		KubescapeNotification: reporthandling.KubescapeNotification{
-			Designators:      armotypes.PortalDesignator{},
-			NotificationType: reporthandling.TypeExecPostureScan,
-		},
-	}
-	switch policyNotification.KubescapeNotification.NotificationType {
-	case reporthandling.TypeExecPostureScan:
-		collectedResources, err := policyHandler.CollectResources(policyNotification, scanInfo)
-		if err != nil {
-			return nil, err
-		}
-		return collectedResources, nil
+// func askUserForHostSensor() bool {
+// 	return false
 
-	default:
-		return nil, fmt.Errorf("notification type '%s' Unknown", policyNotification.KubescapeNotification.NotificationType)
-	}
-	return nil, nil
-}
-
-func askUserForHostSensor() bool {
-	return false
-
-	if !isatty.IsTerminal(os.Stdin.Fd()) {
-		return false
-	}
-	if ssss, err := os.Stdin.Stat(); err == nil {
-		// fmt.Printf("Found stdin type: %s\n", ssss.Mode().Type())
-		if ssss.Mode().Type()&(fs.ModeDevice|fs.ModeCharDevice) > 0 { //has TTY
-			fmt.Fprintf(os.Stderr, "Would you like to scan K8s nodes? [y/N]. This is required to collect valuable data for certain controls\n")
-			fmt.Fprintf(os.Stderr, "Use --enable-host-scan flag to suppress this message\n")
-			var b []byte = make([]byte, 1)
-			if n, err := os.Stdin.Read(b); err == nil {
-				if n > 0 && len(b) > 0 && (b[0] == 'y' || b[0] == 'Y') {
-					return true
-				}
-			}
-		}
-	}
-	return false
-}
+// 	if !isatty.IsTerminal(os.Stdin.Fd()) {
+// 		return false
+// 	}
+// 	if ssss, err := os.Stdin.Stat(); err == nil {
+// 		// fmt.Printf("Found stdin type: %s\n", ssss.Mode().Type())
+// 		if ssss.Mode().Type()&(fs.ModeDevice|fs.ModeCharDevice) > 0 { //has TTY
+// 			fmt.Fprintf(os.Stderr, "Would you like to scan K8s nodes? [y/N]. This is required to collect valuable data for certain controls\n")
+// 			fmt.Fprintf(os.Stderr, "Use --enable-host-scan flag to suppress this message\n")
+// 			var b []byte = make([]byte, 1)
+// 			if n, err := os.Stdin.Read(b); err == nil {
+// 				if n > 0 && len(b) > 0 && (b[0] == 'y' || b[0] == 'Y') {
+// 					return true
+// 				}
+// 			}
+// 		}
+// 	}
+// 	return false
+// }

core/core/submit.go

@@ -1,14 +1,14 @@
-package clihandler
+package core
 
 import (
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/cautils/getter"
-	"github.com/armosec/kubescape/cautils/logger"
-	"github.com/armosec/kubescape/cautils/logger/helpers"
-	"github.com/armosec/kubescape/clihandler/cliinterfaces"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
 )
 
-func Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
+func (ks *Kubescape) Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
 
 	// list resources
 	postureReport, err := submitInterfaces.SubmitObjects.SetResourcesReport()
@@ -20,7 +20,7 @@ func Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
 		return err
 	}
 	// report
-	if err := submitInterfaces.Reporter.ActionSendReport(&cautils.OPASessionObj{PostureReport: postureReport, AllResources: allresources}); err != nil {
+	if err := submitInterfaces.Reporter.Submit(&cautils.OPASessionObj{PostureReport: postureReport, AllResources: allresources}); err != nil {
 		return err
 	}
 	logger.L().Success("Data has been submitted successfully")
@@ -29,7 +29,7 @@ func Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
 	return nil
 }
 
-func SubmitExceptions(accountID, excPath string) error {
+func (ks *Kubescape) SubmitExceptions(accountID, excPath string) error {
 	logger.L().Info("submitting exceptions", helpers.String("path", excPath))
 
 	// load cached config

core/kscore.go

@@ -1,7 +0,0 @@
-package core
-
-// Scan
-// List
-// Download
-// Config
-// Submit

core/meta/cliinterfaces/submit.go

@@ -2,8 +2,8 @@ package cliinterfaces
 
 import (
 	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/cautils"
-	"github.com/armosec/kubescape/resultshandling/reporter"
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling/reporter"
 	"github.com/armosec/opa-utils/reporthandling"
 )
 

core/meta/datastructures/v1/config.go

@@ -0,0 +1,16 @@
+package v1
+
+import "io"
+
+type SetConfig struct {
+	Account   string
+	ClientID  string
+	SecretKey string
+}
+
+type ViewConfig struct {
+	Writer io.Writer
+}
+
+type DeleteConfig struct {
+}

core/meta/datastructures/v1/delete.go

@@ -0,0 +1,6 @@
+package v1
+
+type DeleteExceptions struct {
+	Account    string
+	Exceptions []string
+}

core/meta/datastructures/v1/download.go

@@ -1,9 +1,9 @@
-package cautils
+package v1
 
 type DownloadInfo struct {
 	Path     string // directory to save artifact. Default is "~/.kubescape/"
 	FileName string // can be empty
 	Target   string // type of artifact to download
 	Name     string // name of artifact to download
-	Account  string // customerGUID
+	Account  string // AccountID
 }

core/meta/datastructures/v1/listpolicies.go

@@ -1,4 +1,4 @@
-package cliobjects
+package v1
 
 type ListPolicies struct {
 	Target  string
@@ -6,3 +6,8 @@ type ListPolicies struct {
 	Account string
 	Format  string
 }
+
+type ListResponse struct {
+	Names []string
+	IDs   []string
+}

core/meta/datastructures/v1/scan.go

@@ -0,0 +1,3 @@
+package v1
+
+// Add scanInfo

core/meta/datastructures/v1/submit.go

@@ -1,4 +1,4 @@
-package cliobjects
+package v1
 
 type Submit struct {
 	Account string

core/meta/ksinterface.go

@@ -0,0 +1,28 @@
+package meta
+
+import (
+	"github.com/armosec/kubescape/v2/core/cautils"
+	"github.com/armosec/kubescape/v2/core/meta/cliinterfaces"
+	metav1 "github.com/armosec/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/armosec/kubescape/v2/core/pkg/resultshandling"
+)
+
+type IKubescape interface {
+	Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) // TODO - use scanInfo from v1
+
+	// policies
+	List(listPolicies *metav1.ListPolicies) error     // TODO - return list response
+	Download(downloadInfo *metav1.DownloadInfo) error // TODO - return downloaded policies
+
+	// submit
+	Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error // TODO - func should receive object
+	SubmitExceptions(accountID, excPath string) error             // TODO - remove
+
+	// config
+	SetCachedConfig(setConfig *metav1.SetConfig) error
+	ViewCachedConfig(viewConfig *metav1.ViewConfig) error
+	DeleteCachedConfig(deleteConfig *metav1.DeleteConfig) error
+
+	// delete
+	DeleteExceptions(deleteexceptions *metav1.DeleteExceptions) error
+}