report format version

convert score to int
support only one input
2026-02-25 23:33:51 +00:00 · 2022-04-07 11:59:19 +03:00 · 2022-04-07 11:00:39 +03:00 · 2022-04-07 09:53:44 +03:00 · 2022-04-06 16:11:57 +03:00 · 2022-04-06 09:45:32 +03:00
93 changed files with 2629 additions and 650 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -38,6 +38,8 @@ jobs:
        run: cd cmd && go test -v ./...
      
      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: cd core && go test -v ./...

      - name: Test httphandler pkg
@@ -51,7 +53,7 @@ jobs:
          ArmoERServer: report.armo.cloud
          ArmoWebsite: portal.armo.cloud
          CGO_ENABLED: 0
-        run: python3 --version && python3 build.py
+        run: cd cmd && python3 --version && python3 build.py
      
      - name: Smoke Testing
        env:
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -22,6 +22,8 @@ jobs:
        run: cd cmd && go test -v ./...
      
      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: cd core && go test -v ./...

      - name: Test httphandler pkg
@@ -35,7 +37,7 @@ jobs:
          ArmoERServer: report.armo.cloud
          ArmoWebsite: portal.armo.cloud
          CGO_ENABLED: 0
-        run: python3 --version && python3 build.py
+        run: cd cmd && python3 --version && python3 build.py
      
      - name: Smoke Testing
        env:
--- a/.github/workflows/master_pr_checks.yaml
+++ b/.github/workflows/master_pr_checks.yaml
@@ -19,8 +19,16 @@ jobs:
        with:
          go-version: 1.17

-      - name: Test
-        run: go test -v ./...
+      - name: Test cmd pkg
+        run: cd cmd && go test -v ./...
+      
+      - name: Test core pkg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: cd core && go test -v ./...
+
+      - name: Test httphandler pkg
+        run: cd httphandler && go test -v ./...

      - name: Build
        env:
@@ -30,7 +38,7 @@ jobs:
          ArmoERServer: report.armo.cloud
          ArmoWebsite: portal.armo.cloud
          CGO_ENABLED: 0
-        run: python3 --version && python3 build.py
+        run: cd cmd && python3 --version && python3 build.py

      - name: Smoke Testing
        env:
--- a/README.md
+++ b/README.md
@@ -12,8 +12,20 @@ Kubescape integrates natively with other DevOps tools, including Jenkins, Circle

 </br>

+<!-- # Kubescape Coverage
+<img src="docs/ksfromcodetodeploy.png">
+
+</br> -->
+
+
+# Kubescape CLI:
 <img src="docs/demo.gif">

+</br>
+
+<!-- # Kubescape overview:
+<img src="docs/ARMO-header-2022.gif"> -->
+
 # TL;DR
 ## Install:
 ```
@@ -103,7 +115,7 @@ Set-ExecutionPolicy RemoteSigned -scope CurrentUser

 #### Scan a running Kubernetes cluster and submit results to the [Kubescape SaaS version](https://portal.armo.cloud/)
 ```
-kubescape scan --submit --enable-host-scan
+kubescape scan --submit --enable-host-scan  --verbose
 ```

 > Read [here](https://hub.armo.cloud/docs/host-sensor) more about the `enable-host-scan` flag
@@ -255,6 +267,16 @@ Now you can submit the results to the Kubescape SaaS version -
 kubescape submit results path/to/results.json
 ```

+
+# Integrations
+
+## VS Code Extension 
+
+![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/kubescape.kubescape?label=VScode) ![Open VSX](https://img.shields.io/open-vsx/dt/kubescape/kubescape?label=openVSX&color=yellowgreen)
+
+Scan the YAML files while writing them using the [vs code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) 
+
+
 # Under the hood

 ## Technology
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -18,14 +18,27 @@ RUN pip3 install --no-cache --upgrade pip setuptools
 WORKDIR /work
 ADD . .

+# build kubescape server
+WORKDIR /work/httphandler
 RUN python build.py
-
 RUN ls -ltr build/ubuntu-latest

+# build kubescape cmd
+WORKDIR /work/cmd
+RUN python build.py
+
+RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts
+
 FROM alpine
+
+RUN addgroup -S ks && adduser -S ks -G ks
+USER ks
+WORKDIR /home/ks/
+
+COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver
 COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape

-# # Download the frameworks. Use the "--use-default" flag when running kubescape
-# RUN kubescape download framework nsa && kubescape download framework mitre
+RUN mkdir /home/ks/.kubescape && chmod 777 -R /home/ks/.kubescape 
+COPY --from=builder /work/artifacts/ /home/ks/.kubescape

-ENTRYPOINT ["kubescape"]
+ENTRYPOINT ["ksserver"]
--- a/cmd/build.py
+++ b/cmd/build.py
@@ -18,7 +18,7 @@ def checkStatus(status, msg):

 def getBuildDir():
    currentPlatform = platform.system()
-    buildDir = "build/"
+    buildDir = "../build/"

    if currentPlatform == "Windows": buildDir += "windows-latest"
    elif currentPlatform == "Linux": buildDir += "ubuntu-latest"
@@ -70,7 +70,7 @@ def main():
        ldflags += " -X {}={}".format(WEBSITE_CONST, ArmoWebsite)
    if ArmoAuthServer:
        ldflags += " -X {}={}".format(AUTH_SERVER_CONST, ArmoAuthServer)
-
+ 
    build_command = ["go", "build", "-o", ks_file, "-ldflags" ,ldflags]

    print("Building kubescape and saving here: {}".format(ks_file))
--- a/cmd/go.mod
+++ b/cmd/go.mod
@@ -7,8 +7,9 @@ replace github.com/armosec/kubescape/core => ../core
 require (
 	github.com/armosec/k8s-interface v0.0.68
 	github.com/armosec/kubescape/core v0.0.0-00010101000000-000000000000
-	github.com/armosec/opa-utils v0.0.116
+	github.com/armosec/opa-utils v0.0.130
 	github.com/armosec/rbac-utils v0.0.14
+	github.com/enescakir/emoji v1.0.0
 	github.com/google/uuid v1.3.0
 	github.com/mattn/go-isatty v0.0.14
 	github.com/spf13/cobra v1.4.0
@@ -51,7 +52,6 @@ require (
 	github.com/docker/docker v20.10.9+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
-	github.com/enescakir/emoji v1.0.0 // indirect
 	github.com/envoyproxy/go-control-plane v0.10.1 // indirect
 	github.com/envoyproxy/protoc-gen-validate v0.6.2 // indirect
 	github.com/fatih/color v1.13.0 // indirect
@@ -88,6 +88,7 @@ require (
 	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
 	github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/whilp/git-urls v1.0.0 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b // indirect
--- a/cmd/go.sum
+++ b/cmd/go.sum
@@ -109,8 +109,8 @@ github.com/armosec/k8s-interface v0.0.66/go.mod h1:vwprS8qn/iowd5yf0JHpqDsLA5I8W
 github.com/armosec/k8s-interface v0.0.68 h1:6CtSakISiI47YHkxh+Va9FzZQIBkWa6g9sbiNxq1Zkk=
 github.com/armosec/k8s-interface v0.0.68/go.mod h1:PeWn41C2uenZi+xfZdyFF/zG5wXACA00htQyknDUWDE=
 github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c=
-github.com/armosec/opa-utils v0.0.116 h1:3oWuhcpI+MJD/CktEStU1BA0feGNwsCbQrI3ifVfzMs=
-github.com/armosec/opa-utils v0.0.116/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
+github.com/armosec/opa-utils v0.0.130 h1:uP60M0PzmDtLqvsA/jX8BED9/Ava4n2QG7VCkuI+hwI=
+github.com/armosec/opa-utils v0.0.130/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
 github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40=
 github.com/armosec/rbac-utils v0.0.14 h1:CKYKcgqJEXWF2Hen/B1pVGtS3nDAG1wp9dDv6oNtq90=
 github.com/armosec/rbac-utils v0.0.14/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
@@ -774,6 +774,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
+github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
+github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -22,6 +22,8 @@ import (
 	"github.com/spf13/cobra"
 )

+var rootInfo cautils.RootInfo
+
 var ksExamples = `
  # Scan command
  kubescape scan --submit
@@ -43,7 +45,6 @@ func NewDefaultKubescapeCommand() *cobra.Command {
 }

 func getRootCmd(ks meta.IKubescape) *cobra.Command {
-	var rootInfo cautils.RootInfo

 	rootCmd := &cobra.Command{
 		Use:     "kubescape",
@@ -53,8 +54,8 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 		Example: ksExamples,
 	}

-	rootCmd.PersistentFlags().StringVar(&armoBEURLsDep, "environment", "", envFlagUsage)
-	rootCmd.PersistentFlags().StringVar(&armoBEURLs, "env", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLsDep, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.ArmoBEURLs, "env", "", envFlagUsage)
 	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
 	rootCmd.PersistentFlags().MarkHidden("environment")
 	rootCmd.PersistentFlags().MarkHidden("env")
@@ -66,11 +67,7 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
 	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")

-	// Initialize
-	initLogger(&rootInfo)
-	initLoggerLevel(&rootInfo)
-	initEnvironment(&rootInfo)
-	initCacheDir(&rootInfo)
+	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)

 	// Supported commands
 	rootCmd.AddCommand(scan.GetScanCommand(ks))
@@ -87,5 +84,8 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {

 func main() {
 	ks := NewDefaultKubescapeCommand()
-	ks.Execute()
+	err := ks.Execute()
+	if err != nil {
+		logger.L().Fatal(err.Error())
+	}
 }
--- a/cmd/rootutils.go
+++ b/cmd/rootutils.go
@@ -5,7 +5,6 @@ import (
 	"os"
 	"strings"

-	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/getter"
 	"github.com/armosec/kubescape/core/cautils/logger"
 	"github.com/armosec/kubescape/core/cautils/logger/helpers"
@@ -13,12 +12,9 @@ import (
 	"github.com/mattn/go-isatty"
 )

-var armoBEURLs = ""
-var armoBEURLsDep = ""
-
 const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"

-func initLogger(rootInfo *cautils.RootInfo) {
+func initLogger() {
 	logger.DisableColor(rootInfo.DisableColor)

 	if rootInfo.LoggerName == "" {
@@ -36,8 +32,8 @@ func initLogger(rootInfo *cautils.RootInfo) {
 	logger.InitLogger(rootInfo.LoggerName)

 }
-func initLoggerLevel(rootInfo *cautils.RootInfo) {
-	if rootInfo.Logger != helpers.InfoLevel.String() {
+func initLoggerLevel() {
+	if rootInfo.Logger == helpers.InfoLevel.String() {
 	} else if l := os.Getenv("KS_LOGGER"); l != "" {
 		rootInfo.Logger = l
 	}
@@ -47,8 +43,8 @@ func initLoggerLevel(rootInfo *cautils.RootInfo) {
 	}
 }

-func initCacheDir(rootInfo *cautils.RootInfo) {
-	if rootInfo.CacheDir == getter.DefaultLocalStore {
+func initCacheDir() {
+	if rootInfo.CacheDir != getter.DefaultLocalStore {
 		getter.DefaultLocalStore = rootInfo.CacheDir
 	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
 		getter.DefaultLocalStore = cacheDir
@@ -58,11 +54,11 @@ func initCacheDir(rootInfo *cautils.RootInfo) {

 	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
 }
-func initEnvironment(rootInfo *cautils.RootInfo) {
-	if armoBEURLsDep != "" {
-		armoBEURLs = armoBEURLsDep
+func initEnvironment() {
+	if rootInfo.ArmoBEURLs == "" {
+		rootInfo.ArmoBEURLs = rootInfo.ArmoBEURLsDep
 	}
-	urlSlices := strings.Split(armoBEURLs, ",")
+	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
 	if len(urlSlices) != 1 && len(urlSlices) < 3 {
 		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
 	}
@@ -85,7 +81,7 @@ func initEnvironment(rootInfo *cautils.RootInfo) {
 		armoERURL := urlSlices[0] // mandatory
 		armoBEURL := urlSlices[1] // mandatory
 		armoFEURL := urlSlices[2] // mandatory
-		if len(urlSlices) <= 4 {
+		if len(urlSlices) >= 4 {
 			armoAUTHURL = urlSlices[3]
 		}
 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -8,8 +8,10 @@ import (

 	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/logger"
+	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 	"github.com/armosec/kubescape/core/meta"
 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )

@@ -66,7 +68,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman

 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {
-						scanInfo.InputPatterns = args[1:]
+						scanInfo.InputPatterns = []string{args[1]}
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -88,36 +90,16 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			if err != nil {
 				logger.L().Fatal(err.Error())
 			}
-			results.HandleResults()
+			if err := results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose' flag for full scan details\n\n", emoji.Detective)
+			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
-				return fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", results.GetRiskScore(), scanInfo.FailThreshold)
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
 			return nil
 		},
 	}
 }
-
-// func flagValidationControl() {
-// 	if 100 < scanInfo.FailThreshold {
-// 		logger.L().Fatal("bad argument: out of range threshold")
-// 	}
-// }
-
-// func setScanForFirstControl(scanInfo, controls []string) []reporthandling.PolicyIdentifier {
-// 	newPolicy := reporthandling.PolicyIdentifier{}
-// 	newPolicy.Kind = reporthandling.KindControl
-// 	newPolicy.Name = controls[0]
-// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	return scanInfo.PolicyIdentifier
-// }
-
-// func SetScanForGivenControls(scanInfo, controls []string) []reporthandling.PolicyIdentifier {
-// 	for _, control := range controls {
-// 		control := strings.TrimLeft(control, " ")
-// 		newPolicy := reporthandling.PolicyIdentifier{}
-// 		newPolicy.Kind = reporthandling.KindControl
-// 		newPolicy.Name = control
-// 		scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	}
-// 	return scanInfo.PolicyIdentifier
-// }
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -8,8 +8,10 @@ import (

 	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/logger"
+	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 	"github.com/armosec/kubescape/core/meta"
 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )

@@ -27,7 +29,7 @@ var (
  # Scan all frameworks
  kubescape scan framework all

-  # Scan kubernetes YAML manifest files
+  # Scan kubernetes YAML manifest files (single file or glob)
  kubescape scan framework nsa *.yaml

  Run 'kubescape list frameworks' for the list of supported frameworks
@@ -58,7 +60,9 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {

-			flagValidationFramework(scanInfo)
+			if err := flagValidationFramework(scanInfo); err != nil {
+				return err
+			}
 			scanInfo.FrameworkScan = true

 			var frameworks []string
@@ -74,7 +78,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				}
 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {
-						scanInfo.InputPatterns = args[1:]
+						scanInfo.InputPatterns = []string{args[1]}
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -97,34 +101,27 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 			if err != nil {
 				logger.L().Fatal(err.Error())
 			}
-			results.HandleResults()
+
+			if err = results.HandleResults(); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose' flag for full scan details\n\n", emoji.Detective)
+			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
-				return fmt.Errorf("scan risk-score %.2f is above permitted threshold %.2f", results.GetRiskScore(), scanInfo.FailThreshold)
+				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
 			return nil
 		},
 	}
 }

-// func init() {
-// 	scanCmd.AddCommand(frameworkCmd)
-// 	scanInfo = cautils.ScanInfo{}
-
-// }
-
-// func SetScanForFirstFramework(frameworks []string) []reporthandling.PolicyIdentifier {
-// 	newPolicy := reporthandling.PolicyIdentifier{}
-// 	newPolicy.Kind = reporthandling.KindFramework
-// 	newPolicy.Name = frameworks[0]
-// 	scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
-// 	return scanInfo.PolicyIdentifier
-// }
-
-func flagValidationFramework(scanInfo *cautils.ScanInfo) {
+func flagValidationFramework(scanInfo *cautils.ScanInfo) error {
 	if scanInfo.Submit && scanInfo.Local {
-		logger.L().Fatal("you can use `keep-local` or `submit`, but not both")
+		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
 	}
-	if 100 < scanInfo.FailThreshold {
-		logger.L().Fatal("bad argument: out of range threshold")
+	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
+		return fmt.Errorf("bad argument: out of range threshold")
 	}
+	return nil
 }
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -11,7 +11,7 @@ var scanCmdExamples = `
  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defind frameworks 
  
  # Scan current cluster with all frameworks
-  kubescape scan --submit --enable-host-scan
+  kubescape scan --submit --enable-host-scan --verbose

  # Scan kubernetes YAML manifest files
  kubescape scan *.yaml
--- a/core/cautils/customerloader.go
+++ b/core/cautils/customerloader.go
@@ -11,6 +11,7 @@ import (

 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/core/cautils/getter"
+	"github.com/armosec/kubescape/core/cautils/logger"
 	corev1 "k8s.io/api/core/v1"
 )

@@ -68,6 +69,7 @@ type ITenantConfig interface {
 	// getters
 	GetClusterName() string
 	GetAccountID() string
+	GetTennatEmail() string
 	GetConfigObj() *ConfigObj
 	// GetBackendAPI() getter.IBackend
 	// GenerateURL()
@@ -117,6 +119,7 @@ func NewLocalConfig(
 }

 func (lc *LocalConfig) GetConfigObj() *ConfigObj { return lc.configObj }
+func (lc *LocalConfig) GetTennatEmail() string   { return lc.configObj.CustomerAdminEMail }
 func (lc *LocalConfig) GetAccountID() string     { return lc.configObj.AccountID }
 func (lc *LocalConfig) GetClusterName() string   { return lc.configObj.ClusterName }
 func (lc *LocalConfig) IsConfigFound() bool      { return existsConfigFile() }
@@ -135,7 +138,10 @@ func (lc *LocalConfig) UpdateCachedConfig() error {
 }

 func (lc *LocalConfig) DeleteCachedConfig() error {
-	return DeleteConfigFile()
+	if err := DeleteConfigFile(); err != nil {
+		logger.L().Warning(err.Error())
+	}
+	return nil
 }

 func getTenantConfigFromBE(backendAPI getter.IBackend, configObj *ConfigObj) error {
@@ -228,6 +234,7 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 func (c *ClusterConfig) GetConfigObj() *ConfigObj { return c.configObj }
 func (c *ClusterConfig) GetDefaultNS() string     { return c.configMapNamespace }
 func (c *ClusterConfig) GetAccountID() string     { return c.configObj.AccountID }
+func (c *ClusterConfig) GetTennatEmail() string   { return c.configObj.CustomerAdminEMail }
 func (c *ClusterConfig) IsConfigFound() bool      { return existsConfigFile() || c.existsConfigMap() }

 func (c *ClusterConfig) SetTenant() error {
@@ -257,10 +264,10 @@ func (c *ClusterConfig) UpdateCachedConfig() error {

 func (c *ClusterConfig) DeleteCachedConfig() error {
 	if err := c.deleteConfigMap(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	if err := DeleteConfigFile(); err != nil {
-		return err
+		logger.L().Warning(err.Error())
 	}
 	return nil
 }
--- a/core/cautils/datastructures.go
+++ b/core/cautils/datastructures.go
@@ -4,35 +4,48 @@ import (
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/opa-utils/reporthandling"
+	apis "github.com/armosec/opa-utils/reporthandling/apis"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
 	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 )

 // K8SResources map[<api group>/<api version>/<resource>][]<resourceID>
 type K8SResources map[string][]string
+type ArmoResources map[string][]string

 type OPASessionObj struct {
-	K8SResources    *K8SResources                          // input k8s objects
-	Policies        []reporthandling.Framework             // list of frameworks to scan
-	AllResources    map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
-	ResourcesResult map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
-	PostureReport   *reporthandling.PostureReport          // scan results v1 - Remove
-	Report          *reporthandlingv2.PostureReport        // scan results v2 - Remove
-	Exceptions      []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
-	RegoInputData   RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
+	K8SResources          *K8SResources                          // input k8s objects
+	ArmoResource          *ArmoResources                         // input ARMO objects
+	Policies              []reporthandling.Framework             // list of frameworks to scan
+	AllResources          map[string]workloadinterface.IMetadata // all scanned resources, map[<rtesource ID>]<resource>
+	ResourcesResult       map[string]resourcesresults.Result     // resources scan results, map[<rtesource ID>]<resource result>
+	ResourceSource        map[string]string                      // resources sources, map[<rtesource ID>]<resource result>
+	PostureReport         *reporthandling.PostureReport          // scan results v1 - Remove
+	Report                *reporthandlingv2.PostureReport        // scan results v2 - Remove
+	Exceptions            []armotypes.PostureExceptionPolicy     // list of exceptions to apply on scan results
+	RegoInputData         RegoInputData                          // input passed to rgo for scanning. map[<control name>][<input arguments>]
+	Metadata              *reporthandlingv2.Metadata
+	InfoMap               map[string]apis.StatusInfo // Map errors of resources to StatusInfo
+	ResourceToControlsMap map[string][]string        // map[<apigroup/apiversion/resource>] = [<control_IDs>]
+	SessionID             string                     // SessionID
 }

-func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources) *OPASessionObj {
+func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
 	return &OPASessionObj{
-		Report:          &reporthandlingv2.PostureReport{},
-		Policies:        frameworks,
-		K8SResources:    k8sResources,
-		AllResources:    make(map[string]workloadinterface.IMetadata),
-		ResourcesResult: make(map[string]resourcesresults.Result),
+		Report:                &reporthandlingv2.PostureReport{},
+		Policies:              frameworks,
+		K8SResources:          k8sResources,
+		AllResources:          make(map[string]workloadinterface.IMetadata),
+		ResourcesResult:       make(map[string]resourcesresults.Result),
+		InfoMap:               make(map[string]apis.StatusInfo),
+		ResourceToControlsMap: make(map[string][]string),
+		ResourceSource:        make(map[string]string),
+		SessionID:             scanInfo.ScanID,
 		PostureReport: &reporthandling.PostureReport{
 			ClusterName:  ClusterName,
 			CustomerGUID: CustomerGUID,
 		},
+		Metadata: scanInfoToScanMetadata(scanInfo),
 	}
 }

--- a/core/cautils/environments.go
+++ b/core/cautils/environments.go
@@ -2,10 +2,6 @@ package cautils

 // CA environment vars
 var (
-	CustomerGUID          = ""
-	ClusterName           = ""
-	EventReceiverURL      = ""
-	NotificationServerURL = ""
-	DashboardBackendURL   = ""
-	RestAPIPort           = "4001"
+	CustomerGUID = ""
+	ClusterName  = ""
 )
--- a/core/cautils/fileutils.go
+++ b/core/cautils/fileutils.go
@@ -26,7 +26,7 @@ const (
 	JSON_FILE_FORMAT FileFormat = "json"
 )

-func LoadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetadata, error) {
+func LoadResourcesFromFiles(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error) {
 	files, errs := listFiles(inputPatterns)
 	if len(errs) > 0 {
 		logger.L().Error(fmt.Sprintf("%v", errs))
@@ -42,8 +42,8 @@ func LoadResourcesFromFiles(inputPatterns []string) ([]workloadinterface.IMetada
 	return workloads, nil
 }

-func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
-	workloads := []workloadinterface.IMetadata{}
+func loadFiles(filePaths []string) (map[string][]workloadinterface.IMetadata, []error) {
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
 	errs := []error{}
 	for i := range filePaths {
 		f, err := loadFile(filePaths[i])
@@ -54,7 +54,12 @@ func loadFiles(filePaths []string) ([]workloadinterface.IMetadata, []error) {
 		w, e := ReadFile(f, GetFileFormat(filePaths[i]))
 		errs = append(errs, e...)
 		if w != nil {
-			workloads = append(workloads, w...)
+			if _, ok := workloads[filePaths[i]]; !ok {
+				workloads[filePaths[i]] = []workloadinterface.IMetadata{}
+			}
+			wSlice := workloads[filePaths[i]]
+			wSlice = append(wSlice, w...)
+			workloads[filePaths[i]] = wSlice
 		}
 	}
 	return workloads, errs
--- a/core/cautils/fileutils_test.go
+++ b/core/cautils/fileutils_test.go
@@ -23,6 +23,20 @@ func TestListFiles(t *testing.T) {
 	assert.Equal(t, 12, len(files))
 }

+func TestLoadResourcesFromFiles(t *testing.T) {
+	workloads, err := LoadResourcesFromFiles([]string{onlineBoutiquePath()})
+	assert.NoError(t, err)
+	assert.Equal(t, 12, len(workloads))
+
+	for i, w := range workloads {
+		switch filepath.Base(i) {
+		case "adservice.yaml":
+			assert.Equal(t, 2, len(w))
+			assert.Equal(t, "apps/v1//Deployment/adservice", w[0].GetID())
+			assert.Equal(t, "/v1//Service/adservice", w[1].GetID())
+		}
+	}
+}
 func TestLoadFiles(t *testing.T) {
 	files, _ := listFiles([]string{onlineBoutiquePath()})
 	_, err := loadFiles(files)
--- a/core/cautils/floatutils.go
+++ b/core/cautils/floatutils.go
@@ -0,0 +1,18 @@
+package cautils
+
+import "math"
+
+// Float64ToInt convert float64 to int
+func Float64ToInt(x float64) int {
+	return int(math.Round(x))
+}
+
+// Float32ToInt convert float32 to int
+func Float32ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}
+
+// Float16ToInt convert float16 to int
+func Float16ToInt(x float32) int {
+	return Float64ToInt(float64(x))
+}
--- a/core/cautils/floatutils_test.go
+++ b/core/cautils/floatutils_test.go
@@ -0,0 +1,24 @@
+package cautils
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestFloat64ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float64ToInt(3.49))
+	assert.Equal(t, 4, Float64ToInt(3.5))
+	assert.Equal(t, 4, Float64ToInt(3.51))
+}
+
+func TestFloat32ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float32ToInt(3.49))
+	assert.Equal(t, 4, Float32ToInt(3.5))
+	assert.Equal(t, 4, Float32ToInt(3.51))
+}
+func TestFloat16ToInt(t *testing.T) {
+	assert.Equal(t, 3, Float16ToInt(3.49))
+	assert.Equal(t, 4, Float16ToInt(3.5))
+	assert.Equal(t, 4, Float16ToInt(3.51))
+}
--- a/core/cautils/getter/armoapi.go
+++ b/core/cautils/getter/armoapi.go
@@ -233,7 +233,14 @@ func (armoAPI *ArmoAPI) GetAccountConfig(clusterName string) (*armotypes.Custome
 	}

 	if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
-		return nil, err
+		// try with default scope
+		respStr, err = armoAPI.Get(armoAPI.getAccountConfigDefault(clusterName), nil)
+		if err != nil {
+			return nil, err
+		}
+		if err = JSONDecoder(respStr).Decode(&accountConfig); err != nil {
+			return nil, err
+		}
 	}

 	return accountConfig, nil
--- a/core/cautils/getter/armoapiutils.go
+++ b/core/cautils/getter/armoapiutils.go
@@ -73,6 +73,12 @@ func (armoAPI *ArmoAPI) exceptionsURL(exceptionsPolicyName string) string {
 	return u.String()
 }

+func (armoAPI *ArmoAPI) getAccountConfigDefault(clusterName string) string {
+	config := armoAPI.getAccountConfig(clusterName)
+	url := config + "&scope=default"
+	return url
+}
+
 func (armoAPI *ArmoAPI) getAccountConfig(clusterName string) string {
 	u := url.URL{}
 	u.Scheme = "https"
--- a/core/cautils/reportv2tov1.go
+++ b/core/cautils/reportv2tov1.go
@@ -11,8 +11,7 @@ func ReportV2ToV1(opaSessionObj *OPASessionObj) {
 	if len(opaSessionObj.PostureReport.FrameworkReports) > 0 {
 		return // report already converted
 	}
-
-	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider
+	//	opaSessionObj.PostureReport.ClusterCloudProvider = opaSessionObj.Report.ClusterCloudProvider

 	frameworks := []reporthandling.FrameworkReport{}

--- a/core/cautils/rootinfo.go
+++ b/core/cautils/rootinfo.go
@@ -0,0 +1,89 @@
+package cautils
+
+type RootInfo struct {
+	Logger       string // logger level
+	LoggerName   string // logger name ("pretty"/"zap"/"none")
+	CacheDir     string // cached dir
+	DisableColor bool   // Disable Color
+
+	ArmoBEURLs    string // armo url
+	ArmoBEURLsDep string // armo url
+}
+
+// func (rootInfo *RootInfo) InitLogger() {
+// 	logger.DisableColor(rootInfo.DisableColor)
+
+// 	if rootInfo.LoggerName == "" {
+// 		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
+// 			rootInfo.LoggerName = l
+// 		} else {
+// 			if isatty.IsTerminal(os.Stdout.Fd()) {
+// 				rootInfo.LoggerName = "pretty"
+// 			} else {
+// 				rootInfo.LoggerName = "zap"
+// 			}
+// 		}
+// 	}
+
+// 	logger.InitLogger(rootInfo.LoggerName)
+
+// }
+// func (rootInfo *RootInfo) InitLoggerLevel() error {
+// 	if rootInfo.Logger == helpers.InfoLevel.String() {
+// 	} else if l := os.Getenv("KS_LOGGER"); l != "" {
+// 		rootInfo.Logger = l
+// 	}
+
+// 	if err := logger.L().SetLevel(rootInfo.Logger); err != nil {
+// 		return fmt.Errorf("supported levels: %s", strings.Join(helpers.SupportedLevels(), "/"))
+// 	}
+// 	return nil
+// }
+
+// func (rootInfo *RootInfo) InitCacheDir() error {
+// 	if rootInfo.CacheDir == getter.DefaultLocalStore {
+// 		getter.DefaultLocalStore = rootInfo.CacheDir
+// 	} else if cacheDir := os.Getenv("KS_CACHE_DIR"); cacheDir != "" {
+// 		getter.DefaultLocalStore = cacheDir
+// 	} else {
+// 		return nil // using default cache dir location
+// 	}
+
+// 	// TODO create dir if not found exist
+// 	// logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
+// 	return nil
+// }
+// func (rootInfo *RootInfo) InitEnvironment() error {
+
+// 	urlSlices := strings.Split(rootInfo.ArmoBEURLs, ",")
+// 	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+// 		return fmt.Errorf("expected at least 2 URLs (report,api,frontend,auth)")
+// 	}
+// 	switch len(urlSlices) {
+// 	case 1:
+// 		switch urlSlices[0] {
+// 		case "dev", "development":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+// 		case "stage", "staging":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+// 		case "":
+// 			getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+// 		default:
+// 			return fmt.Errorf("unknown environment")
+// 		}
+// 	case 2:
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, "", ""))
+// 	case 3, 4:
+// 		var armoAUTHURL string
+// 		armoERURL := urlSlices[0] // mandatory
+// 		armoBEURL := urlSlices[1] // mandatory
+// 		armoFEURL := urlSlices[2] // mandatory
+// 		if len(urlSlices) <= 4 {
+// 			armoAUTHURL = urlSlices[3]
+// 		}
+// 		getter.SetARMOAPIConnector(getter.NewARMOAPICustomized(armoERURL, armoBEURL, armoFEURL, armoAUTHURL))
+// 	}
+// 	return nil
+// }
--- a/core/cautils/scaninfo.go
+++ b/core/cautils/scaninfo.go
@@ -8,10 +8,13 @@ import (
 	"path/filepath"
 	"strings"

+	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/core/cautils/getter"
 	"github.com/armosec/kubescape/core/cautils/logger"
 	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 	"github.com/armosec/opa-utils/reporthandling"
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/google/uuid"
 )

 const (
@@ -38,6 +41,12 @@ func (bpf *BoolPtrFlag) String() string {
 func (bpf *BoolPtrFlag) Get() *bool {
 	return bpf.valPtr
 }
+func (bpf *BoolPtrFlag) GetBool() bool {
+	if bpf.valPtr == nil {
+		return false
+	}
+	return *bpf.valPtr
+}

 func (bpf *BoolPtrFlag) SetBool(val bool) {
 	bpf.valPtr = &val
@@ -53,13 +62,6 @@ func (bpf *BoolPtrFlag) Set(val string) error {
 	return nil
 }

-type RootInfo struct {
-	Logger       string // logger level
-	LoggerName   string // logger name ("pretty"/"zap"/"none")
-	CacheDir     string // cached dir
-	DisableColor bool   // Disable Color
-}
-
 // TODO - UPDATE
 type ScanInfo struct {
 	Getters                                              // TODO - remove from object
@@ -79,7 +81,7 @@ type ScanInfo struct {
 	Silent             bool                              // Silent mode - Do not print progress logs
 	FailThreshold      float32                           // Failure score threshold
 	Submit             bool                              // Submit results to Armo BE
-	ReportID           string                            // Report id of the current scan
+	ScanID             string                            // Report id of the current scan
 	HostSensorEnabled  BoolPtrFlag                       // Deploy ARMO K8s host scanner to collect data from certain controls
 	HostSensorYamlPath string                            // Path to hostsensor file
 	Local              bool                              // Do not submit results
@@ -99,6 +101,10 @@ func (scanInfo *ScanInfo) Init() {
 	scanInfo.setUseFrom()
 	scanInfo.setOutputFile()
 	scanInfo.setUseArtifactsFrom()
+	if scanInfo.ScanID == "" {
+		scanInfo.ScanID = uuid.NewString()
+	}
+
 }

 func (scanInfo *ScanInfo) setUseArtifactsFrom() {
@@ -133,15 +139,6 @@ func (scanInfo *ScanInfo) setUseArtifactsFrom() {
 	scanInfo.UseExceptions = filepath.Join(scanInfo.UseArtifactsFrom, localExceptionsFilename)
 }

-func (scanInfo *ScanInfo) setUseExceptions() {
-	if scanInfo.UseExceptions != "" {
-		// load exceptions from file
-		scanInfo.ExceptionsGetter = getter.NewLoadPolicy([]string{scanInfo.UseExceptions})
-	} else {
-		scanInfo.ExceptionsGetter = getter.GetArmoAPIConnector()
-	}
-}
-
 func (scanInfo *ScanInfo) setUseFrom() {
 	if scanInfo.UseDefault {
 		for _, policy := range scanInfo.PolicyIdentifier {
@@ -197,3 +194,94 @@ func (scanInfo *ScanInfo) contains(policyName string) bool {
 	}
 	return false
 }
+
+func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata {
+	metadata := &reporthandlingv2.Metadata{}
+
+	metadata.ScanMetadata.Format = scanInfo.Format
+	metadata.ScanMetadata.FormatVersion = scanInfo.FormatVersion
+	metadata.ScanMetadata.Submit = scanInfo.Submit
+
+	// TODO - Add excluded and included namespaces
+	// if len(scanInfo.ExcludedNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.ExcludedNamespaces = strings.Split(scanInfo.ExcludedNamespaces[1:], ",")
+	// }
+	// if len(scanInfo.IncludeNamespaces) > 1 {
+	// 	opaSessionObj.Metadata.ScanMetadata.IncludeNamespaces = strings.Split(scanInfo.IncludeNamespaces[1:], ",")
+	// }
+
+	// scan type
+	if len(scanInfo.PolicyIdentifier) > 0 {
+		metadata.ScanMetadata.TargetType = string(scanInfo.PolicyIdentifier[0].Kind)
+	}
+	// append frameworks
+	for _, policy := range scanInfo.PolicyIdentifier {
+		metadata.ScanMetadata.TargetNames = append(metadata.ScanMetadata.TargetNames, policy.Name)
+	}
+
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.FailThreshold = scanInfo.FailThreshold
+	metadata.ScanMetadata.HostScanner = scanInfo.HostSensorEnabled.GetBool()
+	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
+	metadata.ScanMetadata.ControlsInputs = scanInfo.ControlsInputs
+
+	metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Cluster
+	if scanInfo.GetScanningEnvironment() == ScanLocalFiles {
+		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File
+	}
+
+	inputFiles := ""
+	if len(scanInfo.InputPatterns) > 0 {
+		inputFiles = scanInfo.InputPatterns[0]
+	}
+	setContextMetadata(&metadata.ContextMetadata, inputFiles)
+
+	return metadata
+}
+
+func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) {
+	// if cluster
+	if input == "" {
+		contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{
+			ContextName: k8sinterface.GetClusterName(),
+		}
+		return
+	}
+
+	// if url
+	if strings.HasPrefix(input, "http") { // TODO - check if can parse
+		return
+	}
+
+	if !filepath.IsAbs(input) {
+		if o, err := os.Getwd(); err == nil {
+			input = filepath.Join(o, input)
+		}
+	}
+
+	// if single file
+	if IsFile(input) {
+		contextMetadata.FileContextMetadata = &reporthandlingv2.FileContextMetadata{
+			FilePath: input,
+			HostName: getHostname(),
+		}
+		return
+	}
+
+	// if dir/glob
+	if !IsFile(input) {
+		contextMetadata.DirectoryContextMetadata = &reporthandlingv2.DirectoryContextMetadata{
+			BasePath: input,
+			HostName: getHostname(),
+		}
+		return
+	}
+
+}
+
+func getHostname() string {
+	if h, e := os.Hostname(); e == nil {
+		return h
+	}
+	return ""
+}
--- a/core/cautils/scaninfo_test.go
+++ b/core/cautils/scaninfo_test.go
@@ -0,0 +1,65 @@
+package cautils
+
+import (
+	"testing"
+
+	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
+	"github.com/stretchr/testify/assert"
+)
+
+// func TestSetInputPatterns(t *testing.T) { //Unitest
+// 	{
+// 		scanInfo := ScanInfo{
+// 			InputPatterns: []string{"file"},
+// 		}
+// 		scanInfo.setInputPatterns()
+// 		assert.Equal(t, "file", scanInfo.InputPatterns[0])
+// 	}
+// }
+
+func TestSetContextMetadata(t *testing.T) {
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "")
+
+		assert.NotNil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "file")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.NotNil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "scaninfo_test.go")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.NotNil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata)
+	}
+	{
+		ctx := reporthandlingv2.ContextMetadata{}
+		setContextMetadata(&ctx, "https://github.com/armosec/kubescape")
+
+		assert.Nil(t, ctx.ClusterContextMetadata)
+		assert.Nil(t, ctx.DirectoryContextMetadata)
+		assert.Nil(t, ctx.FileContextMetadata)
+		assert.Nil(t, ctx.HelmContextMetadata)
+		assert.Nil(t, ctx.RepoContextMetadata) // TODO
+	}
+}
+
+func TestGetHostname(t *testing.T) {
+	assert.NotEqual(t, "", getHostname())
+}
--- a/core/cautils/versioncheck.go
+++ b/core/cautils/versioncheck.go
@@ -13,7 +13,8 @@ import (
 	"golang.org/x/mod/semver"
 )

-const SKIP_VERSION_CHECK = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK_DEPRECATED = "KUBESCAPE_SKIP_UPDATE_CHECK"
+const SKIP_VERSION_CHECK = "KS_SKIP_UPDATE_CHECK"

 var BuildNumber string

@@ -29,6 +30,8 @@ func NewIVersionCheckHandler() IVersionCheckHandler {
 	}
 	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && pkgutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
+	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && pkgutils.StringToBool(v) {
+		return NewVersionCheckHandlerMock()
 	}
 	return NewVersionCheckHandler()
 }
--- a/core/cautils/workloadmappingutils.go
+++ b/core/cautils/workloadmappingutils.go
@@ -0,0 +1,52 @@
+package cautils
+
+import (
+	"strings"
+
+	"github.com/armosec/opa-utils/reporthandling/apis"
+)
+
+var (
+	ImageVulnResources  = []string{"ImageVulnerabilities"}
+	HostSensorResources = []string{"KubeletConfiguration",
+		"KubeletCommandLine",
+		"OsReleaseFile",
+		"KernelVersion",
+		"LinuxSecurityHardeningStatus",
+		"OpenPortsList",
+		"LinuxKernelVariables"}
+	CloudResources = []string{"ClusterDescribe"}
+)
+
+func MapArmoResource(armoResourceMap *ArmoResources, resources []string) []string {
+	var hostResources []string
+	for k := range *armoResourceMap {
+		for _, resource := range resources {
+			if strings.Contains(k, resource) {
+				hostResources = append(hostResources, k)
+			}
+		}
+	}
+	return hostResources
+}
+
+func MapHostResources(armoResourceMap *ArmoResources) []string {
+	return MapArmoResource(armoResourceMap, HostSensorResources)
+}
+
+func MapImageVulnResources(armoResourceMap *ArmoResources) []string {
+	return MapArmoResource(armoResourceMap, ImageVulnResources)
+}
+
+func MapCloudResources(armoResourceMap *ArmoResources) []string {
+	return MapArmoResource(armoResourceMap, CloudResources)
+}
+
+func SetInfoMapForResources(info string, resources []string, errorMap map[string]apis.StatusInfo) {
+	for _, resource := range resources {
+		errorMap[resource] = apis.StatusInfo{
+			InnerInfo:   info,
+			InnerStatus: apis.StatusSkipped,
+		}
+	}
+}
--- a/core/core/download.go
+++ b/core/core/download.go
@@ -2,6 +2,7 @@ package core

 import (
 	"fmt"
+	"os"
 	"path/filepath"
 	"strings"

@@ -30,6 +31,9 @@ func DownloadSupportCommands() []string {

 func (ks *Kubescape) Download(downloadInfo *metav1.DownloadInfo) error {
 	setPathandFilename(downloadInfo)
+	if err := os.MkdirAll(downloadInfo.Path, os.ModePerm); err != nil {
+		return err
+	}
 	if err := downloadArtifact(downloadInfo, downloadFunc); err != nil {
 		return err
 	}
@@ -86,6 +90,9 @@ func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
 	if downloadInfo.FileName == "" {
 		downloadInfo.FileName = fmt.Sprintf("%s.json", downloadInfo.Target)
 	}
+	if controlInputs == nil {
+		return fmt.Errorf("failed to download controlInputs - received an empty objects")
+	}
 	// save in file
 	err = getter.SaveInFile(controlInputs, filepath.Join(downloadInfo.Path, downloadInfo.FileName))
 	if err != nil {
@@ -123,7 +130,7 @@ func downloadFramework(downloadInfo *metav1.DownloadInfo) error {

 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())

-	g := getPolicyGetter(nil, tenant.GetAccountID(), true, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), true, nil)

 	if downloadInfo.Name == "" {
 		// if framework name not specified - download all frameworks
@@ -148,6 +155,9 @@ func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 		if err != nil {
 			return err
 		}
+		if framework == nil {
+			return fmt.Errorf("failed to download framework - received an empty objects")
+		}
 		downloadTo := filepath.Join(downloadInfo.Path, downloadInfo.FileName)
 		err = getter.SaveInFile(framework, downloadTo)
 		if err != nil {
@@ -162,7 +172,7 @@ func downloadControl(downloadInfo *metav1.DownloadInfo) error {

 	tenant := getTenantConfig(downloadInfo.Account, "", getKubernetesApi())

-	g := getPolicyGetter(nil, tenant.GetAccountID(), false, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), false, nil)

 	if downloadInfo.Name == "" {
 		// TODO - support
@@ -175,6 +185,9 @@ func downloadControl(downloadInfo *metav1.DownloadInfo) error {
 	if err != nil {
 		return err
 	}
+	if controls == nil {
+		return fmt.Errorf("failed to download control - received an empty objects")
+	}
 	downloadTo := filepath.Join(downloadInfo.Path, downloadInfo.FileName)
 	err = getter.SaveInFile(controls, downloadTo)
 	if err != nil {
--- a/core/core/initutils.go
+++ b/core/core/initutils.go
@@ -48,11 +48,11 @@ func getRBACHandler(tenantConfig cautils.ITenantConfig, k8s *k8sinterface.Kubern
 	return nil
 }

-func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fwScan, clusterScan bool) reporter.IReport {
-	if submit && clusterScan {
+func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fwScan bool) reporter.IReport {
+	if submit {
 		return reporterv2.NewReportEventReceiver(tenantConfig.GetConfigObj(), reportID)
 	}
-	if tenantConfig.GetAccountID() == "" && fwScan && clusterScan {
+	if tenantConfig.GetAccountID() == "" {
 		// Add link only when scanning a cluster using a framework
 		return reporterv2.NewReportMock(reporterv2.NO_SUBMIT_QUERY, "run kubescape with the '--submit' flag")
 	}
@@ -60,9 +60,7 @@ func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fw
 	if !fwScan {
 		message = "Kubescape does not submit scan results when scanning controls"
 	}
-	if !clusterScan {
-		message = "Kubescape will submit scan results only when scanning a cluster (not YAML files)"
-	}
+
 	return reporterv2.NewReportMock("", message)
 }

@@ -153,11 +151,11 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC
 }

 // setPolicyGetter set the policy getter - local file/github release/ArmoAPI
-func getPolicyGetter(loadPoliciesFromFile []string, accountID string, frameworkScope bool, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
+func getPolicyGetter(loadPoliciesFromFile []string, tennatEmail string, frameworkScope bool, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
 	if len(loadPoliciesFromFile) > 0 {
 		return getter.NewLoadPolicy(loadPoliciesFromFile)
 	}
-	if accountID != "" && frameworkScope {
+	if tennatEmail != "" && frameworkScope {
 		g := getter.GetArmoAPIConnector() // download policy from ARMO backend
 		return g
 	}
--- a/core/core/list.go
+++ b/core/core/list.go
@@ -45,7 +45,7 @@ func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {

 func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface
-	g := getPolicyGetter(nil, tenant.GetAccountID(), true, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), true, nil)

 	return listFrameworksNames(g), nil
 }
@@ -53,7 +53,7 @@ func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(listPolicies.Account, "", getKubernetesApi()) // change k8sinterface

-	g := getPolicyGetter(nil, tenant.GetAccountID(), false, nil)
+	g := getPolicyGetter(nil, tenant.GetTennatEmail(), false, nil)
 	l := getter.ListName
 	if listPolicies.ListIDs {
 		l = getter.ListID
--- a/core/core/scan.go
+++ b/core/core/scan.go
@@ -86,7 +86,7 @@ func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 	// ================== setup reporter & printer objects ======================================

 	// reporting behavior - setup reporter
-	reportHandler := getReporter(tenantConfig, scanInfo.ReportID, scanInfo.Submit, scanInfo.FrameworkScan, len(scanInfo.InputPatterns) == 0)
+	reportHandler := getReporter(tenantConfig, scanInfo.ScanID, scanInfo.Submit, scanInfo.FrameworkScan)

 	// setup printer
 	printerHandler := resultshandling.NewPrinter(scanInfo.Format, scanInfo.FormatVersion, scanInfo.VerboseMode)
@@ -119,7 +119,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH
 	downloadReleasedPolicy := getter.NewDownloadReleasedPolicy() // download config inputs from github release

 	// set policy getter only after setting the customerGUID
-	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetAccountID(), scanInfo.FrameworkScan, downloadReleasedPolicy)
+	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetTennatEmail(), scanInfo.FrameworkScan, downloadReleasedPolicy)
 	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
 	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(scanInfo.UseExceptions)

--- a/core/core/submit.go
+++ b/core/core/submit.go
@@ -20,7 +20,7 @@ func (ks *Kubescape) Submit(submitInterfaces cliinterfaces.SubmitInterfaces) err
 		return err
 	}
 	// report
-	if err := submitInterfaces.Reporter.ActionSendReport(&cautils.OPASessionObj{PostureReport: postureReport, AllResources: allresources}); err != nil {
+	if err := submitInterfaces.Reporter.Submit(&cautils.OPASessionObj{PostureReport: postureReport, AllResources: allresources}); err != nil {
 		return err
 	}
 	logger.L().Success("Data has been submitted successfully")
--- a/core/go.mod
+++ b/core/go.mod
@@ -5,7 +5,7 @@ go 1.17
 require (
 	github.com/armosec/armoapi-go v0.0.58
 	github.com/armosec/k8s-interface v0.0.68
-	github.com/armosec/opa-utils v0.0.116
+	github.com/armosec/opa-utils v0.0.130
 	github.com/armosec/rbac-utils v0.0.14
 	github.com/armosec/utils-go v0.0.3
 	github.com/armosec/utils-k8s-go v0.0.3
@@ -19,12 +19,14 @@ require (
 	github.com/olekukonko/tablewriter v0.0.5
 	github.com/open-policy-agent/opa v0.38.0
 	github.com/stretchr/testify v1.7.0
+	github.com/whilp/git-urls v1.0.0
 	go.uber.org/zap v1.21.0
 	golang.org/x/mod v0.5.1
 	gopkg.in/yaml.v2 v2.4.0
 	k8s.io/api v0.23.4
 	k8s.io/apimachinery v0.23.4
 	k8s.io/client-go v0.23.4
+	k8s.io/utils v0.0.0-20211116205334-6203023598ed
 	sigs.k8s.io/yaml v1.3.0
 )

@@ -116,7 +118,6 @@ require (
 	gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
 	k8s.io/klog/v2 v2.30.0 // indirect
 	k8s.io/kube-openapi v0.0.0-20211115234752-e816edb12b65 // indirect
-	k8s.io/utils v0.0.0-20211116205334-6203023598ed // indirect
 	sigs.k8s.io/controller-runtime v0.11.1 // indirect
 	sigs.k8s.io/json v0.0.0-20211020170558-c049b76a60c6 // indirect
 	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
--- a/core/go.sum
+++ b/core/go.sum
@@ -109,8 +109,8 @@ github.com/armosec/k8s-interface v0.0.66/go.mod h1:vwprS8qn/iowd5yf0JHpqDsLA5I8W
 github.com/armosec/k8s-interface v0.0.68 h1:6CtSakISiI47YHkxh+Va9FzZQIBkWa6g9sbiNxq1Zkk=
 github.com/armosec/k8s-interface v0.0.68/go.mod h1:PeWn41C2uenZi+xfZdyFF/zG5wXACA00htQyknDUWDE=
 github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c=
-github.com/armosec/opa-utils v0.0.116 h1:3oWuhcpI+MJD/CktEStU1BA0feGNwsCbQrI3ifVfzMs=
-github.com/armosec/opa-utils v0.0.116/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
+github.com/armosec/opa-utils v0.0.130 h1:uP60M0PzmDtLqvsA/jX8BED9/Ava4n2QG7VCkuI+hwI=
+github.com/armosec/opa-utils v0.0.130/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
 github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40=
 github.com/armosec/rbac-utils v0.0.14 h1:CKYKcgqJEXWF2Hen/B1pVGtS3nDAG1wp9dDv6oNtq90=
 github.com/armosec/rbac-utils v0.0.14/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
@@ -771,6 +771,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
+github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
+github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
--- a/core/pkg/hostsensorutils/hostsensorgetfrompod.go
+++ b/core/pkg/hostsensorutils/hostsensorgetfrompod.go
@@ -9,6 +9,7 @@ import (
 	"github.com/armosec/kubescape/core/cautils/logger"
 	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 	"github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
+	"github.com/armosec/opa-utils/reporthandling/apis"
 	"sigs.k8s.io/yaml"
 )

@@ -156,56 +157,77 @@ func (hsh *HostSensorHandler) GetKubeletConfigurations() ([]hostsensor.HostSenso
 	return res, err
 }

-func (hsh *HostSensorHandler) CollectResources() ([]hostsensor.HostSensorDataEnvelope, error) {
+func (hsh *HostSensorHandler) CollectResources() ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error) {
 	res := make([]hostsensor.HostSensorDataEnvelope, 0)
+	infoMap := make(map[string]apis.StatusInfo)
 	if hsh.DaemonSet == nil {
-		return res, nil
+		return res, nil, nil
 	}
-
+	var kcData []hostsensor.HostSensorDataEnvelope
+	var err error
 	logger.L().Debug("Accessing host scanner")
-	kcData, err := hsh.GetKubeletConfigurations()
+	kcData, err = hsh.GetKubeletConfigurations()
 	if err != nil {
-		return kcData, err
+		addInfoToMap(KubeletConfiguration, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
-	res = append(res, kcData...)
 	//
 	kcData, err = hsh.GetKubeletCommandLine()
 	if err != nil {
-		return kcData, err
+		addInfoToMap(KubeletCommandLine, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
-	res = append(res, kcData...)
 	//
 	kcData, err = hsh.GetOsReleaseFile()
 	if err != nil {
-		return kcData, err
+		addInfoToMap(OsReleaseFile, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
-	res = append(res, kcData...)
 	//
 	kcData, err = hsh.GetKernelVersion()
 	if err != nil {
-		return kcData, err
+		addInfoToMap(KernelVersion, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
-	res = append(res, kcData...)
 	//
 	kcData, err = hsh.GetLinuxSecurityHardeningStatus()
 	if err != nil {
-		return kcData, err
+		addInfoToMap(LinuxSecurityHardeningStatus, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
-	res = append(res, kcData...)
 	//
 	kcData, err = hsh.GetOpenPortsList()
 	if err != nil {
-		return kcData, err
+		addInfoToMap(OpenPortsList, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
-	res = append(res, kcData...)
 	// GetKernelVariables
 	kcData, err = hsh.GetKernelVariables()
 	if err != nil {
-		return kcData, err
+		addInfoToMap(LinuxKernelVariables, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
-	res = append(res, kcData...)
-	// finish
-
 	logger.L().Debug("Done reading information from host scanner")
-	return res, nil
+	return res, infoMap, nil
 }
--- a/core/pkg/hostsensorutils/hostsensorinterface.go
+++ b/core/pkg/hostsensorutils/hostsensorinterface.go
@@ -1,10 +1,13 @@
 package hostsensorutils

-import "github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
+import (
+	"github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
+	"github.com/armosec/opa-utils/reporthandling/apis"
+)

 type IHostSensor interface {
 	Init() error
 	TearDown() error
-	CollectResources() ([]hostsensor.HostSensorDataEnvelope, error)
+	CollectResources() ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error)
 	GetNamespace() string
 }
--- a/core/pkg/hostsensorutils/hostsensormock.go
+++ b/core/pkg/hostsensorutils/hostsensormock.go
@@ -2,6 +2,7 @@ package hostsensorutils

 import (
 	"github.com/armosec/opa-utils/objectsenvelopes/hostsensor"
+	"github.com/armosec/opa-utils/reporthandling/apis"
 )

 type HostSensorHandlerMock struct {
@@ -15,8 +16,8 @@ func (hshm *HostSensorHandlerMock) TearDown() error {
 	return nil
 }

-func (hshm *HostSensorHandlerMock) CollectResources() ([]hostsensor.HostSensorDataEnvelope, error) {
-	return []hostsensor.HostSensorDataEnvelope{}, nil
+func (hshm *HostSensorHandlerMock) CollectResources() ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error) {
+	return []hostsensor.HostSensorDataEnvelope{}, nil, nil
 }

 func (hshm *HostSensorHandlerMock) GetNamespace() string {
--- a/core/pkg/hostsensorutils/utils.go
+++ b/core/pkg/hostsensorutils/utils.go
@@ -0,0 +1,35 @@
+package hostsensorutils
+
+import (
+	"github.com/armosec/k8s-interface/k8sinterface"
+	"github.com/armosec/opa-utils/reporthandling/apis"
+)
+
+var (
+	KubeletConfiguration         = "KubeletConfiguration"
+	OsReleaseFile                = "OsReleaseFile"
+	KernelVersion                = "KernelVersion"
+	LinuxSecurityHardeningStatus = "LinuxSecurityHardeningStatus"
+	OpenPortsList                = "OpenPortsList"
+	LinuxKernelVariables         = "LinuxKernelVariables"
+	KubeletCommandLine           = "KubeletCommandLine"
+
+	MapResourceToApiGroup = map[string]string{
+		KubeletConfiguration:         "hostdata.kubescape.cloud/v1beta0",
+		OsReleaseFile:                "hostdata.kubescape.cloud/v1beta0",
+		KubeletCommandLine:           "hostdata.kubescape.cloud/v1beta0",
+		KernelVersion:                "hostdata.kubescape.cloud/v1beta0",
+		LinuxSecurityHardeningStatus: "hostdata.kubescape.cloud/v1beta0",
+		OpenPortsList:                "hostdata.kubescape.cloud/v1beta0",
+		LinuxKernelVariables:         "hostdata.kubescape.cloud/v1beta0",
+	}
+)
+
+func addInfoToMap(resource string, infoMap map[string]apis.StatusInfo, err error) {
+	group, version := k8sinterface.SplitApiVersion(MapResourceToApiGroup[resource])
+	r := k8sinterface.JoinResourceTriplets(group, version, resource)
+	infoMap[r] = apis.StatusInfo{
+		InnerStatus: apis.StatusSkipped,
+		InnerInfo:   err.Error(),
+	}
+}
--- a/core/pkg/opaprocessor/processorhandler.go
+++ b/core/pkg/opaprocessor/processorhandler.go
@@ -133,7 +133,7 @@ func (opap *OPAProcessor) processRule(rule *reporthandling.PolicyRule) (map[stri

 	postureControlInputs := opap.regoDependenciesData.GetFilteredPostureControlInputs(rule.ConfigInputs) // get store

-	inputResources, err := reporthandling.RegoResourcesAggregator(rule, getAllSupportedObjects(opap.K8SResources, opap.AllResources, rule))
+	inputResources, err := reporthandling.RegoResourcesAggregator(rule, getAllSupportedObjects(opap.K8SResources, opap.ArmoResource, opap.AllResources, rule))
 	if err != nil {
 		return nil, fmt.Errorf("error getting aggregated k8sObjects: %s", err.Error())
 	}
--- a/core/pkg/opaprocessor/processorhandler_test.go
+++ b/core/pkg/opaprocessor/processorhandler_test.go
@@ -112,10 +112,10 @@ func TestProcessResourcesResult(t *testing.T) {
 	assert.Equal(t, 0, len(summaryDetails.ListResourcesIDs().Passed()))

 	// test control listing
-	assert.Equal(t, len(res.ListControlsIDs(nil).All()), len(summaryDetails.ListControls().All()))
-	assert.Equal(t, len(res.ListControlsIDs(nil).Passed()), len(summaryDetails.ListControls().Passed()))
-	assert.Equal(t, len(res.ListControlsIDs(nil).Failed()), len(summaryDetails.ListControls().Failed()))
-	assert.Equal(t, len(res.ListControlsIDs(nil).Excluded()), len(summaryDetails.ListControls().Excluded()))
+	assert.Equal(t, len(res.ListControlsIDs(nil).All()), summaryDetails.NumberOfControls().All())
+	assert.Equal(t, len(res.ListControlsIDs(nil).Passed()), summaryDetails.NumberOfControls().Passed())
+	assert.Equal(t, len(res.ListControlsIDs(nil).Failed()), summaryDetails.NumberOfControls().Failed())
+	assert.Equal(t, len(res.ListControlsIDs(nil).Excluded()), summaryDetails.NumberOfControls().Excluded())
 	assert.True(t, summaryDetails.GetStatus().IsFailed())

 	opaSessionObj.Exceptions = []armotypes.PostureExceptionPolicy{*mocks.MockExceptionAllKinds(&armotypes.PosturePolicy{FrameworkName: frameworks[0].Name})}
--- a/core/pkg/opaprocessor/processorhandlerutils.go
+++ b/core/pkg/opaprocessor/processorhandlerutils.go
@@ -1,14 +1,14 @@
 package opaprocessor

 import (
-	"fmt"
-
 	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/logger"
+	"github.com/armosec/kubescape/core/cautils/logger/helpers"

 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/opa-utils/reporthandling/apis"
 	resources "github.com/armosec/opa-utils/resources"
 )

@@ -46,8 +46,9 @@ func (opap *OPAProcessor) updateResults() {
 	}

 	// set result summary
-	opap.Report.SummaryDetails.InitResourcesSummary()
-
+	// map control to error
+	controlToInfoMap := mapControlToInfo(opap.ResourceToControlsMap, opap.InfoMap)
+	opap.Report.SummaryDetails.InitResourcesSummary(controlToInfoMap)
 	// for f := range opap.PostureReport.FrameworkReports {
 	// 	// set exceptions
 	// 	exceptions.SetFrameworkExceptions(&opap.PostureReport.FrameworkReports[f], opap.Exceptions, cautils.ClusterName)
@@ -60,13 +61,50 @@ func (opap *OPAProcessor) updateResults() {
 	// }
 }

-func getAllSupportedObjects(k8sResources *cautils.K8SResources, allResources map[string]workloadinterface.IMetadata, rule *reporthandling.PolicyRule) []workloadinterface.IMetadata {
+func mapControlToInfo(mapResourceToControls map[string][]string, infoMap map[string]apis.StatusInfo) map[string]apis.StatusInfo {
+	controlToInfoMap := make(map[string]apis.StatusInfo)
+	for resource, statusInfo := range infoMap {
+		controls := mapResourceToControls[resource]
+		for _, control := range controls {
+			controlToInfoMap[control] = statusInfo
+		}
+	}
+	return controlToInfoMap
+}
+
+func getAllSupportedObjects(k8sResources *cautils.K8SResources, armoResources *cautils.ArmoResources, allResources map[string]workloadinterface.IMetadata, rule *reporthandling.PolicyRule) []workloadinterface.IMetadata {
 	k8sObjects := []workloadinterface.IMetadata{}
 	k8sObjects = append(k8sObjects, getKubernetesObjects(k8sResources, allResources, rule.Match)...)
-	k8sObjects = append(k8sObjects, getKubernetesObjects(k8sResources, allResources, rule.DynamicMatch)...)
+	k8sObjects = append(k8sObjects, getArmoObjects(armoResources, allResources, rule.DynamicMatch)...)
 	return k8sObjects
 }

+func getArmoObjects(k8sResources *cautils.ArmoResources, allResources map[string]workloadinterface.IMetadata, match []reporthandling.RuleMatchObjects) []workloadinterface.IMetadata {
+	k8sObjects := []workloadinterface.IMetadata{}
+
+	for m := range match {
+		for _, groups := range match[m].APIGroups {
+			for _, version := range match[m].APIVersions {
+				for _, resource := range match[m].Resources {
+					groupResources := k8sinterface.ResourceGroupToString(groups, version, resource)
+					for _, groupResource := range groupResources {
+						if k8sObj, ok := (*k8sResources)[groupResource]; ok {
+							// if k8sObj == nil {
+							// 	logger.L().Debug(fmt.Sprintf("resource '%s' is nil, probably failed to pull the resource", groupResource))
+							// }
+							for i := range k8sObj {
+								k8sObjects = append(k8sObjects, allResources[k8sObj[i]])
+							}
+						}
+					}
+				}
+			}
+		}
+	}
+
+	return filterOutChildResources(k8sObjects, match)
+}
+
 func getKubernetesObjects(k8sResources *cautils.K8SResources, allResources map[string]workloadinterface.IMetadata, match []reporthandling.RuleMatchObjects) []workloadinterface.IMetadata {
 	k8sObjects := []workloadinterface.IMetadata{}

@@ -78,7 +116,7 @@ func getKubernetesObjects(k8sResources *cautils.K8SResources, allResources map[s
 					for _, groupResource := range groupResources {
 						if k8sObj, ok := (*k8sResources)[groupResource]; ok {
 							if k8sObj == nil {
-								logger.L().Debug(fmt.Sprintf("resource '%s' is nil, probably failed to pull the resource", groupResource))
+								logger.L().Debug("skipping", helpers.String("resource", groupResource))
 							}
 							for i := range k8sObj {
 								k8sObjects = append(k8sObjects, allResources[k8sObj[i]])
--- a/core/pkg/policyhandler/handlenotification.go
+++ b/core/pkg/policyhandler/handlenotification.go
@@ -23,7 +23,8 @@ func NewPolicyHandler(resourceHandler resourcehandler.IResourceHandler) *PolicyH
 }

 func (policyHandler *PolicyHandler) CollectResources(notification *reporthandling.PolicyNotification, scanInfo *cautils.ScanInfo) (*cautils.OPASessionObj, error) {
-	opaSessionObj := cautils.NewOPASessionObj(nil, nil)
+	opaSessionObj := cautils.NewOPASessionObj(nil, nil, scanInfo)
+
 	// validate notification
 	// TODO
 	policyHandler.getters = &scanInfo.Getters
@@ -46,15 +47,16 @@ func (policyHandler *PolicyHandler) CollectResources(notification *reporthandlin
 }

 func (policyHandler *PolicyHandler) getResources(notification *reporthandling.PolicyNotification, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) error {
-
 	opaSessionObj.Report.ClusterAPIServerInfo = policyHandler.resourceHandler.GetClusterAPIServerInfo()
-	resourcesMap, allResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj.Policies, &notification.Designators)
+
+	resourcesMap, allResources, armoResources, err := policyHandler.resourceHandler.GetResources(opaSessionObj, &notification.Designators)
 	if err != nil {
 		return err
 	}

 	opaSessionObj.K8SResources = resourcesMap
 	opaSessionObj.AllResources = allResources
+	opaSessionObj.ArmoResource = armoResources

 	return nil
 }
--- a/core/pkg/registryadaptors/armosec/v1/civarmoadaptorutils.go
+++ b/core/pkg/registryadaptors/armosec/v1/civarmoadaptorutils.go
@@ -60,6 +60,9 @@ func responseObjectToVulnerabilities(vulnerabilitiesList containerscan.Vulnerabi
 		vulnerabilities[i].Relevancy = vulnerabilityEntry.Relevancy
 		vulnerabilities[i].Severity = vulnerabilityEntry.Severity
 		vulnerabilities[i].UrgentCount = vulnerabilityEntry.UrgentCount
+		vulnerabilities[i].Categories = registryvulnerabilities.Categories{
+			IsRCE: vulnerabilityEntry.Categories.IsRCE,
+		}
 	}
 	return vulnerabilities
 }
--- a/core/pkg/registryadaptors/registryvulnerabilities/datastructures.go
+++ b/core/pkg/registryadaptors/registryvulnerabilities/datastructures.go
@@ -23,6 +23,10 @@ type FixedIn struct {
 	ImgTag  string `json:"imageTag"`
 	Version string `json:"version"`
 }
+type Categories struct {
+	IsRCE bool `json:"isRce"`
+}
+
 type Vulnerability struct {
 	Name               string      `json:"name"`
 	RelatedPackageName string      `json:"packageName"`
@@ -36,6 +40,7 @@ type Vulnerability struct {
 	UrgentCount        int         `json:"urgent"`
 	NeglectedCount     int         `json:"neglected"`
 	HealthStatus       string      `json:"healthStatus"`
+	Categories         Categories  `json:"categories"`
 }

 type ContainerImageVulnerabilityReport struct {
--- a/core/pkg/resourcehandler/filesloader.go
+++ b/core/pkg/resourcehandler/filesloader.go
@@ -10,7 +10,6 @@ import (

 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/core/cautils"
-	"github.com/armosec/opa-utils/reporthandling"
 )

 // FileResourceHandler handle resources from files and URLs
@@ -27,36 +26,45 @@ func NewFileResourceHandler(inputPatterns []string, registryAdaptors *RegistryAd
 	}
 }

-func (fileHandler *FileResourceHandler) GetResources(frameworks []reporthandling.Framework, designator *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, error) {
+func (fileHandler *FileResourceHandler) GetResources(sessionObj *cautils.OPASessionObj, designator *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, *cautils.ArmoResources, error) {

 	// build resources map
 	// map resources based on framework required resources: map["/group/version/kind"][]<k8s workloads ids>
-	k8sResources := setResourceMap(frameworks)
+	k8sResources := setK8sResourceMap(sessionObj.Policies)
 	allResources := map[string]workloadinterface.IMetadata{}
+	workloadIDToSource := make(map[string]string, 0)
+	armoResources := &cautils.ArmoResources{}

 	workloads := []workloadinterface.IMetadata{}

 	// load resource from local file system
 	w, err := cautils.LoadResourcesFromFiles(fileHandler.inputPatterns)
 	if err != nil {
-		return nil, allResources, err
+		return nil, allResources, nil, err
 	}
-	if w != nil {
-		workloads = append(workloads, w...)
+	for source, ws := range w {
+		workloads = append(workloads, ws...)
+		for i := range ws {
+			workloadIDToSource[ws[i].GetID()] = source
+		}
 	}

 	// load resources from url
 	w, err = loadResourcesFromUrl(fileHandler.inputPatterns)
 	if err != nil {
-		return nil, allResources, err
+		return nil, allResources, nil, err
 	}
-	if w != nil {
-		workloads = append(workloads, w...)
+	for source, ws := range w {
+		workloads = append(workloads, ws...)
+		for i := range ws {
+			workloadIDToSource[ws[i].GetID()] = source
+		}
 	}

 	if len(workloads) == 0 {
-		return nil, allResources, fmt.Errorf("empty list of workloads - no workloads found")
+		return nil, allResources, nil, fmt.Errorf("empty list of workloads - no workloads found")
 	}
+	sessionObj.ResourceSource = workloadIDToSource

 	// map all resources: map["/group/version/kind"][]<k8s workloads>
 	mappedResources := mapResources(workloads)
@@ -73,11 +81,11 @@ func (fileHandler *FileResourceHandler) GetResources(frameworks []reporthandling
 		}
 	}

-	if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources); err != nil {
+	if err := fileHandler.registryAdaptors.collectImagesVulnerabilities(k8sResources, allResources, armoResources); err != nil {
 		cautils.WarningDisplay(os.Stderr, "Warning: failed to collect images vulnerabilities: %s\n", err.Error())
 	}

-	return k8sResources, allResources, nil
+	return k8sResources, allResources, armoResources, nil

 }

--- a/core/pkg/resourcehandler/k8sresources.go
+++ b/core/pkg/resourcehandler/k8sresources.go
@@ -10,7 +10,7 @@ import (
 	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 	"github.com/armosec/kubescape/core/pkg/hostsensorutils"
 	"github.com/armosec/opa-utils/objectsenvelopes"
-	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/opa-utils/reporthandling/apis"

 	"github.com/armosec/k8s-interface/cloudsupport"
 	"github.com/armosec/k8s-interface/k8sinterface"
@@ -44,46 +44,92 @@ func NewK8sResourceHandler(k8s *k8sinterface.KubernetesApi, fieldSelector IField
 	}
 }

-func (k8sHandler *K8sResourceHandler) GetResources(frameworks []reporthandling.Framework, designator *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, error) {
+func (k8sHandler *K8sResourceHandler) GetResources(sessionObj *cautils.OPASessionObj, designator *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, *cautils.ArmoResources, error) {
 	allResources := map[string]workloadinterface.IMetadata{}

 	// get k8s resources
 	logger.L().Info("Accessing Kubernetes objects")

 	cautils.StartSpinner()
-
+	resourceToControl := make(map[string][]string)
 	// build resources map
 	// map resources based on framework required resources: map["/group/version/kind"][]<k8s workloads ids>
-	k8sResourcesMap := setResourceMap(frameworks)
+	k8sResourcesMap := setK8sResourceMap(sessionObj.Policies)

 	// get namespace and labels from designator (ignore cluster labels)
 	_, namespace, labels := armotypes.DigestPortalDesignator(designator)

 	// pull k8s recourses
+	armoResourceMap := setArmoResourceMap(sessionObj.Policies, resourceToControl)
+
+	// map of armo resources to control_ids
+	sessionObj.ResourceToControlsMap = resourceToControl
+
 	if err := k8sHandler.pullResources(k8sResourcesMap, allResources, namespace, labels); err != nil {
 		cautils.StopSpinner()
-		return k8sResourcesMap, allResources, err
+		return k8sResourcesMap, allResources, armoResourceMap, err
 	}

-	if err := k8sHandler.registryAdaptors.collectImagesVulnerabilities(k8sResourcesMap, allResources); err != nil {
-		logger.L().Warning("failed to collect image vulnerabilities", helpers.Error(err))
+	numberOfWorkerNodes, err := k8sHandler.pullWorkerNodesNumber()
+
+	if err != nil {
+		logger.L().Debug("failed to collect worker nodes number", helpers.Error(err))
+	} else {
+		if sessionObj.Metadata != nil && sessionObj.Metadata.ContextMetadata.ClusterContextMetadata != nil {
+			sessionObj.Metadata.ContextMetadata.ClusterContextMetadata.NumberOfWorkerNodes = numberOfWorkerNodes
+		}
 	}

-	if err := k8sHandler.collectHostResources(allResources, k8sResourcesMap); err != nil {
-		logger.L().Warning("failed to collect host scanner resources", helpers.Error(err))
+	imgVulnResources := cautils.MapImageVulnResources(armoResourceMap)
+	// check that controls use image vulnerability resources
+	if len(imgVulnResources) > 0 {
+		if err := k8sHandler.registryAdaptors.collectImagesVulnerabilities(k8sResourcesMap, allResources, armoResourceMap); err != nil {
+			logger.L().Warning("failed to collect image vulnerabilities", helpers.Error(err))
+		}
+	}
+
+	hostResources := cautils.MapHostResources(armoResourceMap)
+	// check that controls use host sensor resources
+	if len(hostResources) > 0 {
+		if sessionObj.Metadata.ScanMetadata.HostScanner {
+			infoMap, err := k8sHandler.collectHostResources(allResources, armoResourceMap)
+			if err != nil {
+				logger.L().Warning("failed to collect host scanner resources", helpers.Error(err))
+				cautils.SetInfoMapForResources(err.Error(), hostResources, sessionObj.InfoMap)
+			} else if k8sHandler.hostSensorHandler == nil {
+				// using hostSensor mock
+				cautils.SetInfoMapForResources("failed to init host scanner", hostResources, sessionObj.InfoMap)
+			} else {
+				sessionObj.InfoMap = infoMap
+			}
+		} else {
+			cautils.SetInfoMapForResources("enable-host-scan flag not used", hostResources, sessionObj.InfoMap)
+		}
 	}

 	if err := k8sHandler.collectRbacResources(allResources); err != nil {
 		logger.L().Warning("failed to collect rbac resources", helpers.Error(err))
 	}
-	if err := getCloudProviderDescription(allResources, k8sResourcesMap); err != nil {
-		logger.L().Warning("failed to collect cloud data", helpers.Error(err))
+
+	cloudResources := cautils.MapCloudResources(armoResourceMap)
+	// check that controls use cloud resources
+	if len(cloudResources) > 0 {
+		provider, err := getCloudProviderDescription(allResources, armoResourceMap)
+		if err != nil {
+			cautils.SetInfoMapForResources(err.Error(), cloudResources, sessionObj.InfoMap)
+			logger.L().Warning("failed to collect cloud data", helpers.Error(err))
+		}
+		if provider != "" {
+			if sessionObj.Metadata != nil && sessionObj.Metadata.ContextMetadata.ClusterContextMetadata != nil {
+				sessionObj.Metadata.ContextMetadata.ClusterContextMetadata.CloudProvider = provider
+			}
+		}
 	}

 	cautils.StopSpinner()
 	logger.L().Success("Accessed to Kubernetes objects")

-	return k8sResourcesMap, allResources, nil
+	return k8sResourcesMap, allResources, armoResourceMap, nil
 }

 func (k8sHandler *K8sResourceHandler) GetClusterAPIServerInfo() *version.Info {
@@ -180,12 +226,11 @@ func ConvertMapListToMeta(resourceMap []map[string]interface{}) []workloadinterf
 // 	}
 // 	return nil
 // }
-func (k8sHandler *K8sResourceHandler) collectHostResources(allResources map[string]workloadinterface.IMetadata, resourcesMap *cautils.K8SResources) error {
+func (k8sHandler *K8sResourceHandler) collectHostResources(allResources map[string]workloadinterface.IMetadata, armoResourceMap *cautils.ArmoResources) (map[string]apis.StatusInfo, error) {
 	logger.L().Debug("Collecting host scanner resources")
-
-	hostResources, err := k8sHandler.hostSensorHandler.CollectResources()
+	hostResources, infoMap, err := k8sHandler.hostSensorHandler.CollectResources()
 	if err != nil {
-		return err
+		return nil, err
 	}

 	for rscIdx := range hostResources {
@@ -193,13 +238,13 @@ func (k8sHandler *K8sResourceHandler) collectHostResources(allResources map[stri
 		groupResource := k8sinterface.JoinResourceTriplets(group, version, hostResources[rscIdx].GetKind())
 		allResources[hostResources[rscIdx].GetID()] = &hostResources[rscIdx]

-		grpResourceList, ok := (*resourcesMap)[groupResource]
+		grpResourceList, ok := (*armoResourceMap)[groupResource]
 		if !ok {
 			grpResourceList = make([]string, 0)
 		}
-		(*resourcesMap)[groupResource] = append(grpResourceList, hostResources[rscIdx].GetID())
+		(*armoResourceMap)[groupResource] = append(grpResourceList, hostResources[rscIdx].GetID())
 	}
-	return nil
+	return infoMap, nil
 }

 func (k8sHandler *K8sResourceHandler) collectRbacResources(allResources map[string]workloadinterface.IMetadata) error {
@@ -218,20 +263,19 @@ func (k8sHandler *K8sResourceHandler) collectRbacResources(allResources map[stri
 	return nil
 }

-func getCloudProviderDescription(allResources map[string]workloadinterface.IMetadata, k8sResourcesMap *cautils.K8SResources) error {
+func getCloudProviderDescription(allResources map[string]workloadinterface.IMetadata, armoResourceMap *cautils.ArmoResources) (string, error) {
 	logger.L().Debug("Collecting cloud data")
-
 	cloudProvider := initCloudProvider()
 	cluster := cloudProvider.getKubeCluster()
 	clusterName := cloudProvider.getKubeClusterName()
 	provider := getCloudProvider()
 	region, err := cloudProvider.getRegion(cluster, provider)
 	if err != nil {
-		return err
+		return provider, err
 	}
 	project, err := cloudProvider.getProject(cluster, provider)
 	if err != nil {
-		return err
+		return provider, err
 	}

 	if provider != "" {
@@ -240,19 +284,28 @@ func getCloudProviderDescription(allResources map[string]workloadinterface.IMeta
 		wl, err := cloudsupport.GetDescriptiveInfoFromCloudProvider(clusterName, provider, region, project)
 		if err != nil {
 			// Return error with useful info on how to configure credentials for getting cloud provider info
-			switch provider {
-			case "gke":
-				return fmt.Errorf("could not get descriptive information about gke cluster: %s using sdk client. See https://developers.google.com/accounts/docs/application-default-credentials for more information", cluster)
-			case "eks":
-				return fmt.Errorf("could not get descriptive information about eks cluster: %s using sdk client. Check out how to configure credentials in https://docs.aws.amazon.com/sdk-for-go/api/", cluster)
-			case "aks":
-				return fmt.Errorf("could not get descriptive information about aks cluster: %s. %v", cluster, err.Error())
-			}
-			return err
+			logger.L().Debug("failed to get descriptive information", helpers.Error(err))
+			return provider, fmt.Errorf("failed to get %s descriptive information. Read more: https://hub.armo.cloud/docs/kubescape-integration-with-cloud-providers", strings.ToUpper(provider))
 		}
 		allResources[wl.GetID()] = wl
-		(*k8sResourcesMap)[fmt.Sprintf("%s/%s", wl.GetApiVersion(), wl.GetKind())] = []string{wl.GetID()}
+		(*armoResourceMap)[fmt.Sprintf("%s/%s", wl.GetApiVersion(), wl.GetKind())] = []string{wl.GetID()}
 	}
-	return nil
+	return provider, nil

 }
+
+func (k8sHandler *K8sResourceHandler) pullWorkerNodesNumber() (int, error) {
+	// labels used for control plane
+	listOptions := metav1.ListOptions{
+		LabelSelector: "!node-role.kubernetes.io/control-plane,!node-role.kubernetes.io/master",
+	}
+	nodesList, err := k8sHandler.k8s.KubernetesClient.CoreV1().Nodes().List(context.TODO(), listOptions)
+	if err != nil {
+		return 0, err
+	}
+	nodesNumber := 0
+	if nodesList != nil {
+		nodesNumber = len(nodesList.Items)
+	}
+	return nodesNumber, nil
+}
--- a/core/pkg/resourcehandler/k8sresourcesutils.go
+++ b/core/pkg/resourcehandler/k8sresourcesutils.go
@@ -4,14 +4,23 @@ import (
 	"strings"

 	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/kubescape/core/pkg/hostsensorutils"
 	"github.com/armosec/opa-utils/reporthandling"
+	"k8s.io/utils/strings/slices"

 	"github.com/armosec/k8s-interface/k8sinterface"
 )

-func setResourceMap(frameworks []reporthandling.Framework) *cautils.K8SResources {
+var (
+	ClusterDescribe = "ClusterDescribe"
+
+	MapResourceToApiGroupCloud = map[string][]string{
+		ClusterDescribe: {"container.googleapis.com/v1", "eks.amazonaws.com/v1"}}
+)
+
+func setK8sResourceMap(frameworks []reporthandling.Framework) *cautils.K8SResources {
 	k8sResources := make(cautils.K8SResources)
-	complexMap := setComplexResourceMap(frameworks)
+	complexMap := setComplexK8sResourceMap(frameworks)
 	for group := range complexMap {
 		for version := range complexMap[group] {
 			for resource := range complexMap[group][version] {
@@ -25,33 +34,87 @@ func setResourceMap(frameworks []reporthandling.Framework) *cautils.K8SResources
 	return &k8sResources
 }

+func setArmoResourceMap(frameworks []reporthandling.Framework, resourceToControl map[string][]string) *cautils.ArmoResources {
+	armoResources := make(cautils.ArmoResources)
+	complexMap := setComplexArmoResourceMap(frameworks, resourceToControl)
+	for group := range complexMap {
+		for version := range complexMap[group] {
+			for resource := range complexMap[group][version] {
+				groupResources := k8sinterface.ResourceGroupToString(group, version, resource)
+				for _, groupResource := range groupResources {
+					armoResources[groupResource] = nil
+				}
+			}
+		}
+	}
+	return &armoResources
+}
+
 func convertComplexResourceMap(frameworks []reporthandling.Framework) map[string]map[string]map[string]interface{} {
 	k8sResources := make(map[string]map[string]map[string]interface{})
 	for _, framework := range frameworks {
 		for _, control := range framework.Controls {
 			for _, rule := range control.Rules {
 				for _, match := range rule.Match {
-					insertK8sResources(k8sResources, match)
+					insertResources(k8sResources, match)
 				}
 			}
 		}
 	}
 	return k8sResources
 }
-func setComplexResourceMap(frameworks []reporthandling.Framework) map[string]map[string]map[string]interface{} {
+func setComplexK8sResourceMap(frameworks []reporthandling.Framework) map[string]map[string]map[string]interface{} {
 	k8sResources := make(map[string]map[string]map[string]interface{})
 	for _, framework := range frameworks {
 		for _, control := range framework.Controls {
 			for _, rule := range control.Rules {
 				for _, match := range rule.Match {
-					insertK8sResources(k8sResources, match)
+					insertResources(k8sResources, match)
 				}
 			}
 		}
 	}
 	return k8sResources
 }
-func insertK8sResources(k8sResources map[string]map[string]map[string]interface{}, match reporthandling.RuleMatchObjects) {
+
+// [group][versionn][resource]
+func setComplexArmoResourceMap(frameworks []reporthandling.Framework, resourceToControls map[string][]string) map[string]map[string]map[string]interface{} {
+	k8sResources := make(map[string]map[string]map[string]interface{})
+	for _, framework := range frameworks {
+		for _, control := range framework.Controls {
+			for _, rule := range control.Rules {
+				for _, match := range rule.DynamicMatch {
+					insertArmoResourcesAndControls(k8sResources, match, resourceToControls, control)
+				}
+			}
+		}
+	}
+	return k8sResources
+}
+
+func mapArmoResourceToApiGroup(resource string) []string {
+	if val, ok := hostsensorutils.MapResourceToApiGroup[resource]; ok {
+		return []string{val}
+	}
+	return MapResourceToApiGroupCloud[resource]
+}
+
+func insertControls(resource string, resourceToControl map[string][]string, control reporthandling.Control) {
+	armoResources := mapArmoResourceToApiGroup(resource)
+	for _, armoResource := range armoResources {
+		group, version := k8sinterface.SplitApiVersion(armoResource)
+		r := k8sinterface.JoinResourceTriplets(group, version, resource)
+		if _, ok := resourceToControl[r]; !ok {
+			resourceToControl[r] = append(resourceToControl[r], control.ControlID)
+		} else {
+			if !slices.Contains(resourceToControl[r], control.ControlID) {
+				resourceToControl[r] = append(resourceToControl[r], control.ControlID)
+			}
+		}
+	}
+}
+
+func insertResources(k8sResources map[string]map[string]map[string]interface{}, match reporthandling.RuleMatchObjects) {
 	for _, apiGroup := range match.APIGroups {
 		if v, ok := k8sResources[apiGroup]; !ok || v == nil {
 			k8sResources[apiGroup] = make(map[string]map[string]interface{})
@@ -69,6 +132,25 @@ func insertK8sResources(k8sResources map[string]map[string]map[string]interface{
 	}
 }

+func insertArmoResourcesAndControls(k8sResources map[string]map[string]map[string]interface{}, match reporthandling.RuleMatchObjects, resourceToControl map[string][]string, control reporthandling.Control) {
+	for _, apiGroup := range match.APIGroups {
+		if v, ok := k8sResources[apiGroup]; !ok || v == nil {
+			k8sResources[apiGroup] = make(map[string]map[string]interface{})
+		}
+		for _, apiVersions := range match.APIVersions {
+			if v, ok := k8sResources[apiGroup][apiVersions]; !ok || v == nil {
+				k8sResources[apiGroup][apiVersions] = make(map[string]interface{})
+			}
+			for _, resource := range match.Resources {
+				if _, ok := k8sResources[apiGroup][apiVersions][resource]; !ok {
+					k8sResources[apiGroup][apiVersions][resource] = nil
+				}
+				insertControls(resource, resourceToControl, control)
+			}
+		}
+	}
+}
+
 func getGroupNVersion(apiVersion string) (string, string) {
 	gv := strings.Split(apiVersion, "/")
 	group, version := "", ""
--- a/core/pkg/resourcehandler/k8sresourcesutils_test.go
+++ b/core/pkg/resourcehandler/k8sresourcesutils_test.go
@@ -13,7 +13,7 @@ func TestGetK8sResources(t *testing.T) {
 func TestSetResourceMap(t *testing.T) {
 	k8sinterface.InitializeMapResourcesMock()
 	framework := reporthandling.MockFrameworkA()
-	k8sResources := setResourceMap([]reporthandling.Framework{*framework})
+	k8sResources := setK8sResourceMap([]reporthandling.Framework{*framework})
 	resources := k8sinterface.ResourceGroupToString("*", "v1", "Pod")
 	if len(resources) == 0 {
 		t.Error("expected resources")
@@ -43,9 +43,9 @@ func TestInsertK8sResources(t *testing.T) {
 		APIVersions: []string{"v1"},
 		Resources:   []string{"secrets"},
 	}
-	insertK8sResources(k8sResources, match1)
-	insertK8sResources(k8sResources, match2)
-	insertK8sResources(k8sResources, match3)
+	insertResources(k8sResources, match1)
+	insertResources(k8sResources, match2)
+	insertResources(k8sResources, match3)

 	apiGroup1, ok := k8sResources["apps"]
 	if !ok {
--- a/core/pkg/resourcehandler/registrydata.go
+++ b/core/pkg/resourcehandler/registrydata.go
@@ -34,7 +34,7 @@ func NewRegistryAdaptors() (*RegistryAdaptors, error) {
 	return registryAdaptors, nil
 }

-func (registryAdaptors *RegistryAdaptors) collectImagesVulnerabilities(k8sResourcesMap *cautils.K8SResources, allResources map[string]workloadinterface.IMetadata) error {
+func (registryAdaptors *RegistryAdaptors) collectImagesVulnerabilities(k8sResourcesMap *cautils.K8SResources, allResources map[string]workloadinterface.IMetadata, armoResourceMap *cautils.ArmoResources) error {
 	logger.L().Debug("Collecting images vulnerabilities")

 	// list cluster images
@@ -64,7 +64,7 @@ func (registryAdaptors *RegistryAdaptors) collectImagesVulnerabilities(k8sResour
 	for i := range metaObjs {
 		allResources[metaObjs[i].GetID()] = metaObjs[i]
 	}
-	(*k8sResourcesMap)[k8sinterface.JoinResourceTriplets(ImagevulnerabilitiesObjectGroup, ImagevulnerabilitiesObjectVersion, ImagevulnerabilitiesObjectKind)] = workloadinterface.ListMetaIDs(metaObjs)
+	(*armoResourceMap)[k8sinterface.JoinResourceTriplets(ImagevulnerabilitiesObjectGroup, ImagevulnerabilitiesObjectVersion, ImagevulnerabilitiesObjectKind)] = workloadinterface.ListMetaIDs(metaObjs)

 	return nil
 }
--- a/core/pkg/resourcehandler/repositoryscanner.go
+++ b/core/pkg/resourcehandler/repositoryscanner.go
@@ -4,15 +4,27 @@ import (
 	"encoding/json"
 	"fmt"
 	"net/http"
+	"os"
+	"path/filepath"
 	"strings"

 	"github.com/armosec/kubescape/core/cautils/getter"
+	giturls "github.com/whilp/git-urls"
+	"k8s.io/utils/strings/slices"
 )

 type IRepository interface {
+	parse(fullURL string) error
+
 	setBranch(string) error
 	setTree() error
-	getYamlFromTree() []string
+	setIsFile(bool)
+
+	getIsFile() bool
+	getBranch() string
+	getTree() tree
+
+	getFilesFromTree([]string) []string
 }

 type innerTree struct {
@@ -23,19 +35,24 @@ type tree struct {
 }

 type GitHubRepository struct {
+	// name   string // <org>/<repo>
 	host   string
-	name   string // <org>/<repo>
+	owner  string //
+	repo   string //
 	branch string
+	path   string
+	token  string
+	isFile bool
 	tree   tree
 }
 type githubDefaultBranchAPI struct {
 	DefaultBranch string `json:"default_branch"`
 }

-func NewGitHubRepository(rep string) *GitHubRepository {
+func NewGitHubRepository() *GitHubRepository {
 	return &GitHubRepository{
-		host: "github",
-		name: rep,
+		host:  "github.com",
+		token: os.Getenv("GITHUB_TOKEN"),
 	}
 }

@@ -45,79 +62,143 @@ func ScanRepository(command string, branchOptional string) ([]string, error) {
 		return nil, err
 	}

-	err = repo.setBranch(branchOptional)
-	if err != nil {
+	if err := repo.parse(command); err != nil {
 		return nil, err
 	}

-	err = repo.setTree()
-	if err != nil {
+	if err := repo.setBranch(branchOptional); err != nil {
+		return nil, err
+	}
+
+	if err := repo.setTree(); err != nil {
 		return nil, err
 	}

 	// get all paths that are of the yaml type, and build them into a valid url
-	return repo.getYamlFromTree(), nil
+	return repo.getFilesFromTree([]string{"yaml", "yml", "json"}), nil
 }

-func getHostAndRepoName(url string) (string, string, error) {
-	splitUrl := strings.Split(url, "/")
-
-	if len(splitUrl) != 5 {
-		return "", "", fmt.Errorf("failed to pars url: %s", url)
+func getHost(fullURL string) (string, error) {
+	parsedURL, err := giturls.Parse(fullURL)
+	if err != nil {
+		return "", err
 	}

-	hostUrl := splitUrl[2]                                               // github.com, gitlab.com, etc.
-	repository := splitUrl[3] + "/" + strings.Split(splitUrl[4], ".")[0] // user/reposetory
-
-	return hostUrl, repository, nil
+	return parsedURL.Host, nil
 }

-func getRepository(url string) (IRepository, error) {
-	hostUrl, repoName, err := getHostAndRepoName(url)
+func getRepository(fullURL string) (IRepository, error) {
+	hostUrl, err := getHost(fullURL)
 	if err != nil {
 		return nil, err
 	}

 	var repo IRepository
-	switch repoHost := strings.Split(hostUrl, ".")[0]; repoHost {
-	case "github":
-		repo = NewGitHubRepository(repoName)
+	switch hostUrl {
+	case "github.com":
+		repo = NewGitHubRepository()
+	case "raw.githubusercontent.com":
+		repo = NewGitHubRepository()
+		repo.setIsFile(true)
 	default:
-		return nil, fmt.Errorf("unknown repository host: %s", repoHost)
+		return nil, fmt.Errorf("unknown repository host: %s", hostUrl)
 	}

 	// Returns the host-url, and the part of the user and repository from the url
 	return repo, nil
 }
+func (g *GitHubRepository) parse(fullURL string) error {
+	parsedURL, err := giturls.Parse(fullURL)
+	if err != nil {
+		return err
+	}
+	index := 0
+
+	splittedRepo := strings.FieldsFunc(parsedURL.Path, func(c rune) bool { return c == '/' })
+	if len(splittedRepo) < 2 {
+		return fmt.Errorf("expecting <user>/<repo> in url path, received: '%s'", parsedURL.Path)
+	}
+	g.owner = splittedRepo[index]
+	index += 1
+	g.repo = splittedRepo[index]
+	index += 1
+
+	// root of repo
+	if len(splittedRepo) < index+1 {
+		return nil
+	}
+
+	// is file or dir
+	switch splittedRepo[index] {
+	case "blob":
+		g.isFile = true
+		index += 1
+	case "tree":
+		g.isFile = false
+		index += 1
+	}
+
+	if len(splittedRepo) < index+1 {
+		return nil
+	}
+
+	g.branch = splittedRepo[index]
+	index += 1
+
+	if len(splittedRepo) < index+1 {
+		return nil
+	}
+	g.path = strings.Join(splittedRepo[index:], "/")
+
+	return nil
+}
+
+func (g *GitHubRepository) getBranch() string     { return g.branch }
+func (g *GitHubRepository) getTree() tree         { return g.tree }
+func (g *GitHubRepository) setIsFile(isFile bool) { g.isFile = isFile }
+func (g *GitHubRepository) getIsFile() bool       { return g.isFile }

 func (g *GitHubRepository) setBranch(branchOptional string) error {
 	// Checks whether the repository type is a master or another type.
 	// By default it is "master", unless the branchOptional came with a value
-	if branchOptional == "" {
-
-		body, err := getter.HttpGetter(&http.Client{}, g.defaultBranchAPI(), nil)
-		if err != nil {
-			return err
-		}
-
-		var data githubDefaultBranchAPI
-		err = json.Unmarshal([]byte(body), &data)
-		if err != nil {
-			return err
-		}
-		g.branch = data.DefaultBranch
-	} else {
+	if branchOptional != "" {
 		g.branch = branchOptional
 	}
+	if g.branch != "" {
+		return nil
+	}
+	body, err := getter.HttpGetter(&http.Client{}, g.defaultBranchAPI(), g.getHeaders())
+	if err != nil {
+		return err
+	}
+
+	var data githubDefaultBranchAPI
+	err = json.Unmarshal([]byte(body), &data)
+	if err != nil {
+		return err
+	}
+	g.branch = data.DefaultBranch
 	return nil
 }

-func (g *GitHubRepository) defaultBranchAPI() string {
-	return fmt.Sprintf("https://api.github.com/repos/%s", g.name)
+func joinOwnerNRepo(owner, repo string) string {
+	return fmt.Sprintf("%s/%s", owner, repo)
+}
+func (g *GitHubRepository) defaultBranchAPI() string {
+	return fmt.Sprintf("https://api.github.com/repos/%s", joinOwnerNRepo(g.owner, g.repo))
+}
+func (g *GitHubRepository) getHeaders() map[string]string {
+	if g.token == "" {
+		return nil
+	}
+	return map[string]string{"Authorization": fmt.Sprintf("token %s", g.token)}
 }
-
 func (g *GitHubRepository) setTree() error {
-	body, err := getter.HttpGetter(&http.Client{}, g.treeAPI(), nil)
+	if g.isFile {
+		return nil
+	}
+
+	body, err := getter.HttpGetter(&http.Client{}, g.treeAPI(), g.getHeaders())
 	if err != nil {
 		return err
 	}
@@ -135,14 +216,24 @@ func (g *GitHubRepository) setTree() error {
 }

 func (g *GitHubRepository) treeAPI() string {
-	return fmt.Sprintf("https://api.github.com/repos/%s/git/trees/%s?recursive=1", g.name, g.branch)
+	return fmt.Sprintf("https://api.github.com/repos/%s/git/trees/%s?recursive=1", joinOwnerNRepo(g.owner, g.repo), g.branch)
 }

 // return a list of yaml for a given repository tree
-func (g *GitHubRepository) getYamlFromTree() []string {
+func (g *GitHubRepository) getFilesFromTree(filesExtensions []string) []string {
 	var urls []string
+	if g.isFile {
+		if slices.Contains(filesExtensions, getFileExtension(g.path)) {
+			return []string{fmt.Sprintf("%s/%s", g.rowYamlUrl(), g.path)}
+		} else {
+			return []string{}
+		}
+	}
 	for _, path := range g.tree.InnerTrees {
-		if strings.HasSuffix(path.Path, ".yaml") {
+		if g.path != "" && !strings.HasPrefix(path.Path, g.path) {
+			continue
+		}
+		if slices.Contains(filesExtensions, getFileExtension(path.Path)) {
 			urls = append(urls, fmt.Sprintf("%s/%s", g.rowYamlUrl(), path.Path))
 		}
 	}
@@ -150,5 +241,9 @@ func (g *GitHubRepository) getYamlFromTree() []string {
 }

 func (g *GitHubRepository) rowYamlUrl() string {
-	return fmt.Sprintf("https://raw.githubusercontent.com/%s/%s", g.name, g.branch)
+	return fmt.Sprintf("https://raw.githubusercontent.com/%s/%s", joinOwnerNRepo(g.owner, g.repo), g.branch)
+}
+
+func getFileExtension(path string) string {
+	return strings.TrimPrefix(filepath.Ext(path), ".")
 }
--- a/core/pkg/resourcehandler/repositoryscanner_test.go
+++ b/core/pkg/resourcehandler/repositoryscanner_test.go
@@ -0,0 +1,140 @@
+package resourcehandler
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+var (
+	urlA = "https://github.com/armosec/kubescape"
+	urlB = "https://github.com/armosec/kubescape/blob/master/examples/online-boutique/adservice.yaml"
+	urlC = "https://github.com/armosec/kubescape/tree/master/examples/online-boutique"
+	urlD = "https://raw.githubusercontent.com/armosec/kubescape/master/examples/online-boutique/adservice.yaml"
+)
+
+func TestScanRepository(t *testing.T) {
+	{
+		files, err := ScanRepository(urlA, "")
+		assert.NoError(t, err)
+		assert.Less(t, 0, len(files))
+	}
+	{
+		files, err := ScanRepository(urlB, "")
+		assert.NoError(t, err)
+		assert.Less(t, 0, len(files))
+	}
+	{
+		files, err := ScanRepository(urlC, "")
+		assert.NoError(t, err)
+		assert.Less(t, 0, len(files))
+	}
+	{
+		files, err := ScanRepository(urlD, "")
+		assert.NoError(t, err)
+		assert.Equal(t, 1, len(files))
+	}
+
+}
+
+func TestGetHost(t *testing.T) {
+	{
+		host, err := getHost(urlA)
+		assert.NoError(t, err)
+		assert.Equal(t, "github.com", host)
+	}
+	{
+		host, err := getHost(urlB)
+		assert.NoError(t, err)
+		assert.Equal(t, "github.com", host)
+	}
+	{
+		host, err := getHost(urlC)
+		assert.NoError(t, err)
+		assert.Equal(t, "github.com", host)
+	}
+	{
+		host, err := getHost(urlD)
+		assert.NoError(t, err)
+		assert.Equal(t, "raw.githubusercontent.com", host)
+	}
+}
+
+func TestGithubSetBranch(t *testing.T) {
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlA))
+		assert.NoError(t, gh.setBranch(""))
+		assert.Equal(t, "master", gh.getBranch())
+	}
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlB))
+		err := gh.setBranch("dev")
+		assert.NoError(t, err)
+		assert.Equal(t, "dev", gh.getBranch())
+	}
+}
+
+func TestGithubSetTree(t *testing.T) {
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlA))
+		assert.NoError(t, gh.setBranch(""))
+		err := gh.setTree()
+		assert.NoError(t, err)
+		assert.Less(t, 0, len(gh.getTree().InnerTrees))
+	}
+}
+func TestGithubGetYamlFromTree(t *testing.T) {
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlA))
+		assert.NoError(t, gh.setBranch(""))
+		assert.NoError(t, gh.setTree())
+		files := gh.getFilesFromTree([]string{"yaml"})
+		assert.Less(t, 0, len(files))
+	}
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlB))
+		assert.NoError(t, gh.setBranch(""))
+		assert.NoError(t, gh.setTree())
+		files := gh.getFilesFromTree([]string{"yaml"})
+		assert.Equal(t, 1, len(files))
+	}
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlC))
+		assert.NoError(t, gh.setBranch(""))
+		assert.NoError(t, gh.setTree())
+		files := gh.getFilesFromTree([]string{"yaml"})
+		assert.Equal(t, 12, len(files))
+	}
+}
+
+func TestGithubParse(t *testing.T) {
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlA))
+		assert.Equal(t, "armosec/kubescape", joinOwnerNRepo(gh.owner, gh.repo))
+	}
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlB))
+		assert.Equal(t, "armosec/kubescape", joinOwnerNRepo(gh.owner, gh.repo))
+		assert.Equal(t, "master", gh.branch)
+		assert.Equal(t, "examples/online-boutique/adservice.yaml", gh.path)
+		assert.True(t, gh.isFile)
+		assert.Equal(t, 1, len(gh.getFilesFromTree([]string{"yaml"})))
+		assert.Equal(t, 0, len(gh.getFilesFromTree([]string{"yml"})))
+	}
+	{
+		gh := NewGitHubRepository()
+		assert.NoError(t, gh.parse(urlC))
+		assert.Equal(t, "armosec/kubescape", joinOwnerNRepo(gh.owner, gh.repo))
+		assert.Equal(t, "master", gh.branch)
+		assert.Equal(t, "examples/online-boutique", gh.path)
+		assert.False(t, gh.isFile)
+	}
+}
--- a/core/pkg/resourcehandler/resourceshandler.go
+++ b/core/pkg/resourcehandler/resourceshandler.go
@@ -4,11 +4,10 @@ import (
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/core/cautils"
-	"github.com/armosec/opa-utils/reporthandling"
 	"k8s.io/apimachinery/pkg/version"
 )

 type IResourceHandler interface {
-	GetResources([]reporthandling.Framework, *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, error)
+	GetResources(*cautils.OPASessionObj, *armotypes.PortalDesignator) (*cautils.K8SResources, map[string]workloadinterface.IMetadata, *cautils.ArmoResources, error)
 	GetClusterAPIServerInfo() *version.Info
 }
--- a/core/pkg/resourcehandler/urlloader.go
+++ b/core/pkg/resourcehandler/urlloader.go
@@ -12,7 +12,7 @@ import (
 	"github.com/armosec/kubescape/core/cautils/logger"
 )

-func loadResourcesFromUrl(inputPatterns []string) ([]workloadinterface.IMetadata, error) {
+func loadResourcesFromUrl(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error) {
 	urls := listUrls(inputPatterns)
 	if len(urls) == 0 {
 		return nil, nil
@@ -29,14 +29,10 @@ func listUrls(patterns []string) []string {
 	urls := []string{}
 	for i := range patterns {
 		if strings.HasPrefix(patterns[i], "http") {
-			if !cautils.IsYaml(patterns[i]) && !cautils.IsJson(patterns[i]) { // if url of repo
-				if yamls, err := ScanRepository(patterns[i], ""); err == nil { // TODO - support branch
-					urls = append(urls, yamls...)
-				} else {
-					logger.L().Error(err.Error())
-				}
-			} else { // url of single file
-				urls = append(urls, patterns[i])
+			if yamls, err := ScanRepository(patterns[i], ""); err == nil { // TODO - support branch
+				urls = append(urls, yamls...)
+			} else {
+				logger.L().Error(err.Error())
 			}
 		}
 	}
@@ -44,8 +40,8 @@ func listUrls(patterns []string) []string {
 	return urls
 }

-func downloadFiles(urls []string) ([]workloadinterface.IMetadata, []error) {
-	workloads := []workloadinterface.IMetadata{}
+func downloadFiles(urls []string) (map[string][]workloadinterface.IMetadata, []error) {
+	workloads := make(map[string][]workloadinterface.IMetadata, 0)
 	errs := []error{}
 	for i := range urls {
 		f, err := downloadFile(urls[i])
@@ -56,7 +52,12 @@ func downloadFiles(urls []string) ([]workloadinterface.IMetadata, []error) {
 		w, e := cautils.ReadFile(f, cautils.GetFileFormat(urls[i]))
 		errs = append(errs, e...)
 		if w != nil {
-			workloads = append(workloads, w...)
+			if _, ok := workloads[urls[i]]; !ok {
+				workloads[urls[i]] = make([]workloadinterface.IMetadata, 0)
+			}
+			wSlice := workloads[urls[i]]
+			wSlice = append(wSlice, w...)
+			workloads[urls[i]] = wSlice
 		}
 	}
 	return workloads, errs
--- a/core/pkg/resourcehandler/urlloader_test.go
+++ b/core/pkg/resourcehandler/urlloader_test.go
@@ -0,0 +1,66 @@
+package resourcehandler
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestLoadResourcesFromUrl(t *testing.T) {
+	{
+		workloads, err := loadResourcesFromUrl([]string{"https://github.com/armosec/kubescape/tree/master/examples/online-boutique"})
+		assert.NoError(t, err)
+		assert.Equal(t, 12, len(workloads))
+
+		for i, w := range workloads {
+			switch i {
+			case "https://raw.githubusercontent.com/armosec/kubescape/master/examples/online-boutique/adservice.yaml":
+				assert.Equal(t, 2, len(w))
+				assert.Equal(t, "apps/v1//Deployment/adservice", w[0].GetID())
+				assert.Equal(t, "/v1//Service/adservice", w[1].GetID())
+			}
+		}
+	}
+	{
+		workloads, err := loadResourcesFromUrl([]string{"https://github.com/armosec/kubescape"})
+		assert.NoError(t, err)
+		assert.Less(t, 12, len(workloads))
+
+		for i, w := range workloads {
+			switch i {
+			case "https://raw.githubusercontent.com/armosec/kubescape/master/examples/online-boutique/adservice.yaml":
+				assert.Equal(t, 2, len(w))
+				assert.Equal(t, "apps/v1//Deployment/adservice", w[0].GetID())
+				assert.Equal(t, "/v1//Service/adservice", w[1].GetID())
+			}
+		}
+	}
+	{
+		workloads, err := loadResourcesFromUrl([]string{"https://github.com/armosec/kubescape/blob/master/examples/online-boutique/adservice.yaml"})
+		assert.NoError(t, err)
+		assert.Equal(t, 1, len(workloads))
+
+		for i, w := range workloads {
+			switch i {
+			case "https://raw.githubusercontent.com/armosec/kubescape/master/examples/online-boutique/adservice.yaml":
+				assert.Equal(t, 2, len(w))
+				assert.Equal(t, "apps/v1//Deployment/adservice", w[0].GetID())
+				assert.Equal(t, "/v1//Service/adservice", w[1].GetID())
+			}
+		}
+	}
+	{
+		workloads, err := loadResourcesFromUrl([]string{"https://raw.githubusercontent.com/armosec/kubescape/master/examples/online-boutique/adservice.yaml"})
+		assert.NoError(t, err)
+		assert.Equal(t, 1, len(workloads))
+
+		for i, w := range workloads {
+			switch i {
+			case "https://raw.githubusercontent.com/armosec/kubescape/master/examples/online-boutique/adservice.yaml":
+				assert.Equal(t, 2, len(w))
+				assert.Equal(t, "apps/v1//Deployment/adservice", w[0].GetID())
+				assert.Equal(t, "/v1//Service/adservice", w[1].GetID())
+			}
+		}
+	}
+}
--- a/core/pkg/resultshandling/printer/v1/jsonprinter.go
+++ b/core/pkg/resultshandling/printer/v1/jsonprinter.go
@@ -23,7 +23,7 @@ func (jsonPrinter *JsonPrinter) SetWriter(outputFile string) {
 }

 func (jsonPrinter *JsonPrinter) Score(score float32) {
-	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", int(score))
+	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", cautils.Float32ToInt(score))
 }

 func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
--- a/core/pkg/resultshandling/printer/v1/prometheusprinter.go
+++ b/core/pkg/resultshandling/printer/v1/prometheusprinter.go
@@ -27,7 +27,7 @@ func (prometheusPrinter *PrometheusPrinter) SetWriter(outputFile string) {
 }

 func (prometheusPrinter *PrometheusPrinter) Score(score float32) {
-	fmt.Printf("\n# Overall risk-score (0- Excellent, 100- All failed)\nkubescape_score %d\n", int(score))
+	fmt.Printf("\n# Overall risk-score (0- Excellent, 100- All failed)\nkubescape_score %d\n", cautils.Float32ToInt(score))
 }

 func (printer *PrometheusPrinter) printResources(allResources map[string]workloadinterface.IMetadata, resourcesIDs *reporthandling.ResourcesIDs, frameworkName, controlName string) {
--- a/core/pkg/resultshandling/printer/v2/controltable.go
+++ b/core/pkg/resultshandling/printer/v2/controltable.go
@@ -4,33 +4,125 @@ import (
 	"fmt"
 	"sort"

+	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/opa-utils/reporthandling/apis"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+	"github.com/fatih/color"
+	"github.com/olekukonko/tablewriter"
 )

-func generateRow(controlSummary reportsummary.IControlSummary) []string {
-	row := []string{controlSummary.GetName()}
-	row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().Failed()))
-	row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().Excluded()))
-	row = append(row, fmt.Sprintf("%d", controlSummary.NumberOfResources().All()))
+const (
+	columnSeverity       = iota
+	columnName           = iota
+	columnCounterFailed  = iota
+	columnCounterExclude = iota
+	columnCounterAll     = iota
+	columnRiskScore      = iota
+	columnInfo           = iota
+	_rowLen              = iota
+)

-	if !controlSummary.GetStatus().IsSkipped() {
-		row = append(row, fmt.Sprintf("%d", int(controlSummary.GetScore()))+"%")
-	} else {
-		row = append(row, "skipped")
+func generateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfo []infoStars, verbose bool) []string {
+	row := make([]string, _rowLen)
+
+	// ignore passed results
+	if !verbose && (controlSummary.GetStatus().IsPassed()) {
+		return []string{}
 	}
+
+	// ignore irelevant results
+	if !verbose && (controlSummary.GetStatus().IsSkipped() && controlSummary.GetStatus().Status() == apis.StatusIrrelevant) {
+		return []string{}
+	}
+
+	row[columnSeverity] = getSeverityColumn(controlSummary)
+	row[columnName] = controlSummary.GetName()
+	row[columnCounterFailed] = fmt.Sprintf("%d", controlSummary.NumberOfResources().Failed())
+	row[columnCounterExclude] = fmt.Sprintf("%d", controlSummary.NumberOfResources().Excluded())
+	row[columnCounterAll] = fmt.Sprintf("%d", controlSummary.NumberOfResources().All())
+	row[columnRiskScore] = getRiskScoreColumn(controlSummary)
+	row[columnInfo] = getInfoColumn(controlSummary, infoToPrintInfo)
+
 	return row
 }

-func getSortedControlsNames(controls reportsummary.ControlSummaries) []string {
-	controlNames := make([]string, 0, len(controls))
+func getInfoColumn(controlSummary reportsummary.IControlSummary, infoToPrintInfo []infoStars) string {
+	if !controlSummary.GetStatus().IsSkipped() {
+		return ""
+	}
+
+	if controlSummary.GetStatus().IsSkipped() {
+		for i := range infoToPrintInfo {
+			if infoToPrintInfo[i].info == controlSummary.GetStatus().Info() {
+				return infoToPrintInfo[i].stars
+			}
+		}
+	}
+	return ""
+}
+
+func getRiskScoreColumn(controlSummary reportsummary.IControlSummary) string {
+	if controlSummary.GetStatus().IsSkipped() {
+		return string(controlSummary.GetStatus().Status())
+	}
+	return fmt.Sprintf("%d", cautils.Float32ToInt(controlSummary.GetScore())) + "%"
+}
+
+func getSeverityColumn(controlSummary reportsummary.IControlSummary) string {
+	// if controlSummary.GetStatus().IsPassed() || controlSummary.GetStatus().IsSkipped() {
+	// 	return " "
+	// }
+	severity := apis.ControlSeverityToString(controlSummary.GetScoreFactor())
+	return color.New(getColor(severity), color.Bold).SprintFunc()(severity)
+}
+func getColor(controlSeverity string) color.Attribute {
+	switch controlSeverity {
+	case "Critical":
+		return color.FgRed
+	case "High":
+		return color.FgYellow
+	case "Medium":
+		return color.FgCyan
+	case "Low":
+		return color.FgWhite
+	default:
+		return color.FgWhite
+	}
+}
+
+func getSortedControlsNames(controls reportsummary.ControlSummaries) [][]string {
+	controlNames := make([][]string, 5)
 	for k := range controls {
 		c := controls[k]
-		controlNames = append(controlNames, c.GetName())
+		i := apis.ControlSeverityToInt(c.GetScoreFactor())
+		controlNames[i] = append(controlNames[i], c.GetName())
+	}
+	for i := range controlNames {
+		sort.Strings(controlNames[i])
 	}
-	sort.Strings(controlNames)
 	return controlNames
 }

 func getControlTableHeaders() []string {
-	return []string{"CONTROL NAME", "FAILED RESOURCES", "EXCLUDED RESOURCES", "ALL RESOURCES", "% RISK-SCORE"}
+	headers := make([]string, _rowLen)
+	headers[columnName] = "CONTROL NAME"
+	headers[columnCounterFailed] = "FAILED RESOURCES"
+	headers[columnCounterExclude] = "EXCLUDED RESOURCES"
+	headers[columnCounterAll] = "ALL RESOURCES"
+	headers[columnSeverity] = "SEVERITY"
+	headers[columnRiskScore] = "% RISK-SCORE"
+	headers[columnInfo] = "INFO"
+	return headers
+}
+
+func getColumnsAlignments() []int {
+	alignments := make([]int, _rowLen)
+	alignments[columnName] = tablewriter.ALIGN_LEFT
+	alignments[columnCounterFailed] = tablewriter.ALIGN_CENTER
+	alignments[columnCounterExclude] = tablewriter.ALIGN_CENTER
+	alignments[columnCounterAll] = tablewriter.ALIGN_CENTER
+	alignments[columnSeverity] = tablewriter.ALIGN_LEFT
+	alignments[columnRiskScore] = tablewriter.ALIGN_CENTER
+	alignments[columnRiskScore] = tablewriter.ALIGN_CENTER
+	return alignments
 }
--- a/core/pkg/resultshandling/printer/v2/jsonprinter.go
+++ b/core/pkg/resultshandling/printer/v2/jsonprinter.go
@@ -24,7 +24,7 @@ func (jsonPrinter *JsonPrinter) SetWriter(outputFile string) {
 }

 func (jsonPrinter *JsonPrinter) Score(score float32) {
-	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", int(score))
+	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", cautils.Float32ToInt(score))
 }

 func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
@@ -32,7 +32,6 @@ func (jsonPrinter *JsonPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj
 	if err != nil {
 		logger.L().Fatal("failed to Marshal posture report object")
 	}
-	jsonPrinter.writer.Write(r)

 	logOUtputFile(jsonPrinter.writer.Name())
 	if _, err := jsonPrinter.writer.Write(r); err != nil {
--- a/core/pkg/resultshandling/printer/v2/junit.go
+++ b/core/pkg/resultshandling/printer/v2/junit.go
@@ -100,7 +100,7 @@ func (junitPrinter *JunitPrinter) SetWriter(outputFile string) {
 }

 func (junitPrinter *JunitPrinter) Score(score float32) {
-	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", int(score))
+	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", cautils.Float32ToInt(score))
 }

 func (junitPrinter *JunitPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
@@ -128,7 +128,7 @@ func listTestsSuite(results *cautils.OPASessionObj) []JUnitTestSuite {
 	var testSuites []JUnitTestSuite

 	// control scan
-	if len(results.Report.SummaryDetails.ListFrameworks().All()) == 0 {
+	if len(results.Report.SummaryDetails.ListFrameworks()) == 0 {
 		testSuite := JUnitTestSuite{}
 		testSuite.Failures = results.Report.SummaryDetails.NumberOfControls().Failed()
 		testSuite.Timestamp = results.Report.ReportGenerationTime.String()
@@ -147,7 +147,7 @@ func listTestsSuite(results *cautils.OPASessionObj) []JUnitTestSuite {
 		testSuite.ID = i
 		testSuite.Name = f.Name
 		testSuite.Properties = properties(f.Score)
-		testSuite.TestCases = testsCases(results, f.ListControls(), f.GetName())
+		testSuite.TestCases = testsCases(results, f.GetControls(), f.GetName())
 		testSuites = append(testSuites, testSuite)
 	}

@@ -176,7 +176,7 @@ func testsCases(results *cautils.OPASessionObj, controls reportsummary.IControls
 			testCaseFailure := JUnitFailure{}
 			testCaseFailure.Type = "Control"
 			// testCaseFailure.Contents =
-			testCaseFailure.Message = fmt.Sprintf("Remediation: %s\nMore details: %s\n\n%s", control.GetRemediation(), getControlURL(control.GetID()), strings.Join(resourcesStr, "\n"))
+			testCaseFailure.Message = fmt.Sprintf("Remediation: %s\nMore details: %s\n\n%s", control.GetRemediation(), getControlLink(control.GetID()), strings.Join(resourcesStr, "\n"))

 			testCase.Failure = &testCaseFailure
 		} else if control.GetStatus().IsSkipped() {
--- a/core/pkg/resultshandling/printer/v2/pdf.go
+++ b/core/pkg/resultshandling/printer/v2/pdf.go
@@ -31,8 +31,7 @@ var (
 )

 type PdfPrinter struct {
-	writer             *os.File
-	sortedControlNames []string
+	writer *os.File
 }

 func NewPdfPrinter() *PdfPrinter {
@@ -52,17 +51,39 @@ func (pdfPrinter *PdfPrinter) SetWriter(outputFile string) {
 }

 func (pdfPrinter *PdfPrinter) Score(score float32) {
-	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", int(score))
+	fmt.Fprintf(os.Stderr, "\nOverall risk-score (0- Excellent, 100- All failed): %d\n", cautils.Float32ToInt(score))
+}
+func (pdfPrinter *PdfPrinter) printInfo(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, infoMap []infoStars) {
+	emptyRowCounter := 1
+	for i := range infoMap {
+		if infoMap[i].info != "" {
+			m.Row(5, func() {
+				m.Col(1, func() {
+					m.Text(fmt.Sprintf("%v", infoMap[i].info))
+				})
+				m.Col(12, func() {
+					m.Text(fmt.Sprintf("%v", infoMap[i].stars))
+				})
+			})
+			if emptyRowCounter < len(infoMap) {
+				m.Row(2.5, func() {})
+				emptyRowCounter++
+			}
+		}
+	}
+
 }

 func (pdfPrinter *PdfPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
-	pdfPrinter.sortedControlNames = getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls)
+	sortedControlNames := getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls)

+	infoToPrintInfo := mapInfoToPrintInfo(opaSessionObj.Report.SummaryDetails.Controls)
 	m := pdf.NewMaroto(consts.Portrait, consts.A4)
 	pdfPrinter.printHeader(m)
-	pdfPrinter.printFramework(m, opaSessionObj.Report.SummaryDetails.ListFrameworks().All())
-	pdfPrinter.printTable(m, &opaSessionObj.Report.SummaryDetails)
+	pdfPrinter.printFramework(m, opaSessionObj.Report.SummaryDetails.ListFrameworks())
+	pdfPrinter.printTable(m, &opaSessionObj.Report.SummaryDetails, sortedControlNames)
 	pdfPrinter.printFinalResult(m, &opaSessionObj.Report.SummaryDetails)
+	pdfPrinter.printInfo(m, &opaSessionObj.Report.SummaryDetails, infoToPrintInfo)

 	// Extrat output buffer.
 	outBuff, err := m.Output()
@@ -115,7 +136,7 @@ func (pdfPrinter *PdfPrinter) printHeader(m pdf.Maroto) {
 }

 // Print pdf frameworks after pdf header.
-func (pdfPrinter *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsummary.IPolicies) {
+func (pdfPrinter *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsummary.IFrameworkSummary) {
 	m.Row(10, func() {
 		m.Text(frameworksScoresToString(frameworks), props.Text{
 			Align:  consts.Center,
@@ -127,14 +148,17 @@ func (pdfPrinter *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsu
 }

 // Create pdf table
-func (pdfPrinter *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails) {
+func (pdfPrinter *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, sortedControlNames [][]string) {
 	headers := getControlTableHeaders()
-	controls := make([][]string, len(pdfPrinter.sortedControlNames))
+	infoToPrintInfoMap := mapInfoToPrintInfo(summaryDetails.Controls)
+	controls := make([][]string, len(sortedControlNames))
 	for i := range controls {
 		controls[i] = make([]string, len(headers))
 	}
-	for i := 0; i < len(pdfPrinter.sortedControlNames); i++ {
-		controls[i] = generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, pdfPrinter.sortedControlNames[i]))
+	for i := len(sortedControlNames) - 1; i >= 0; i-- {
+		for _, c := range sortedControlNames[i] {
+			controls[i] = generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, c), infoToPrintInfoMap, true)
+		}
 	}

 	m.TableList(headers, controls, props.TableList{
@@ -163,7 +187,7 @@ func (pdfPrinter *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsum

 // Add final results.
 func (pdfPrinter *PdfPrinter) printFinalResult(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails) {
-	m.Row(5, func() {
+	m.Row(_rowLen, func() {
 		m.Col(3, func() {
 			m.Text("Resource summary", props.Text{
 				Align:  consts.Left,
--- a/core/pkg/resultshandling/printer/v2/prettyprinter.go
+++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go
@@ -17,10 +17,9 @@ import (
 )

 type PrettyPrinter struct {
-	formatVersion      string
-	writer             *os.File
-	verboseMode        bool
-	sortedControlNames []string
+	formatVersion string
+	writer        *os.File
+	verboseMode   bool
 }

 func NewPrettyPrinter(verboseMode bool, formatVersion string) *PrettyPrinter {
@@ -31,14 +30,16 @@ func NewPrettyPrinter(verboseMode bool, formatVersion string) *PrettyPrinter {
 }

 func (prettyPrinter *PrettyPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
-	prettyPrinter.sortedControlNames = getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls) // ListControls().All())
+	sortedControlNames := getSortedControlsNames(opaSessionObj.Report.SummaryDetails.Controls) // ListControls().All())

-	if prettyPrinter.formatVersion == "v1" {
-		prettyPrinter.printResults(&opaSessionObj.Report.SummaryDetails.Controls, opaSessionObj.AllResources)
-	} else if prettyPrinter.formatVersion == "v2" {
-		prettyPrinter.resourceTable(opaSessionObj.ResourcesResult, opaSessionObj.AllResources)
+	if prettyPrinter.verboseMode {
+		if prettyPrinter.formatVersion == "v1" {
+			prettyPrinter.printResults(&opaSessionObj.Report.SummaryDetails.Controls, opaSessionObj.AllResources, sortedControlNames)
+		} else if prettyPrinter.formatVersion == "v2" {
+			prettyPrinter.resourceTable(opaSessionObj.ResourcesResult, opaSessionObj.AllResources)
+		}
 	}
-	prettyPrinter.printSummaryTable(&opaSessionObj.Report.SummaryDetails)
+	prettyPrinter.printSummaryTable(&opaSessionObj.Report.SummaryDetails, sortedControlNames)

 }

@@ -49,13 +50,14 @@ func (prettyPrinter *PrettyPrinter) SetWriter(outputFile string) {
 func (prettyPrinter *PrettyPrinter) Score(score float32) {
 }

-func (prettyPrinter *PrettyPrinter) printResults(controls *reportsummary.ControlSummaries, allResources map[string]workloadinterface.IMetadata) {
-	for i := 0; i < len(prettyPrinter.sortedControlNames); i++ {
-
-		controlSummary := controls.GetControl(reportsummary.EControlCriteriaName, prettyPrinter.sortedControlNames[i]) //  summaryDetails.Controls ListControls().All() Controls.GetControl(ca)
-		prettyPrinter.printTitle(controlSummary)
-		prettyPrinter.printResources(controlSummary, allResources)
-		prettyPrinter.printSummary(prettyPrinter.sortedControlNames[i], controlSummary)
+func (prettyPrinter *PrettyPrinter) printResults(controls *reportsummary.ControlSummaries, allResources map[string]workloadinterface.IMetadata, sortedControlNames [][]string) {
+	for i := len(sortedControlNames) - 1; i >= 0; i-- {
+		for _, c := range sortedControlNames[i] {
+			controlSummary := controls.GetControl(reportsummary.EControlCriteriaName, c) //  summaryDetails.Controls ListControls().All() Controls.GetControl(ca)
+			prettyPrinter.printTitle(controlSummary)
+			prettyPrinter.printResources(controlSummary, allResources)
+			prettyPrinter.printSummary(c, controlSummary)
+		}
 	}
 }

@@ -75,7 +77,7 @@ func (prettyPrinter *PrettyPrinter) printSummary(controlName string, controlSumm

 }
 func (prettyPrinter *PrettyPrinter) printTitle(controlSummary reportsummary.IControlSummary) {
-	cautils.InfoDisplay(prettyPrinter.writer, "[control: %s - %s] ", controlSummary.GetName(), getControlURL(controlSummary.GetID()))
+	cautils.InfoDisplay(prettyPrinter.writer, "[control: %s - %s] ", controlSummary.GetName(), getControlLink(controlSummary.GetID()))
 	switch controlSummary.GetStatus().Status() {
 	case apis.StatusSkipped:
 		cautils.InfoDisplay(prettyPrinter.writer, "skipped %v\n", emoji.ConfusedFace)
@@ -83,10 +85,17 @@ func (prettyPrinter *PrettyPrinter) printTitle(controlSummary reportsummary.ICon
 		cautils.FailureDisplay(prettyPrinter.writer, "failed %v\n", emoji.SadButRelievedFace)
 	case apis.StatusExcluded:
 		cautils.WarningDisplay(prettyPrinter.writer, "excluded %v\n", emoji.NeutralFace)
+	case apis.StatusIrrelevant:
+		cautils.SuccessDisplay(prettyPrinter.writer, "irrelevant %v\n", emoji.ConfusedFace)
+	case apis.StatusError:
+		cautils.WarningDisplay(prettyPrinter.writer, "error %v\n", emoji.ConfusedFace)
 	default:
 		cautils.SuccessDisplay(prettyPrinter.writer, "passed %v\n", emoji.ThumbsUp)
 	}
 	cautils.DescriptionDisplay(prettyPrinter.writer, "Description: %s\n", controlSummary.GetDescription())
+	if controlSummary.GetStatus().Info() != "" {
+		cautils.WarningDisplay(prettyPrinter.writer, "Reason: %v\n", controlSummary.GetStatus().Info())
+	}
 }
 func (prettyPrinter *PrettyPrinter) printResources(controlSummary reportsummary.IControlSummary, allResources map[string]workloadinterface.IMetadata) {

@@ -160,38 +169,54 @@ func generateRelatedObjectsStr(workload WorkloadSummary) string {
 }
 func generateFooter(summaryDetails *reportsummary.SummaryDetails) []string {
 	// Control name | # failed resources | all resources | % success
-	row := []string{}
-	row = append(row, "Resource Summary") //fmt.Sprintf(""%d", numControlers"))
-	row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().Failed()))
-	row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().Excluded()))
-	row = append(row, fmt.Sprintf("%d", summaryDetails.NumberOfResources().All()))
-	row = append(row, fmt.Sprintf("%.2f%s", summaryDetails.Score, "%"))
+	row := make([]string, _rowLen)
+	row[columnName] = "Resource Summary"
+	row[columnCounterFailed] = fmt.Sprintf("%d", summaryDetails.NumberOfResources().Failed())
+	row[columnCounterExclude] = fmt.Sprintf("%d", summaryDetails.NumberOfResources().Excluded())
+	row[columnCounterAll] = fmt.Sprintf("%d", summaryDetails.NumberOfResources().All())
+	row[columnSeverity] = " "
+	row[columnRiskScore] = fmt.Sprintf("%.2f%s", summaryDetails.Score, "%")
+	row[columnInfo] = " "

 	return row
 }
-func (prettyPrinter *PrettyPrinter) printSummaryTable(summaryDetails *reportsummary.SummaryDetails) {
+func (prettyPrinter *PrettyPrinter) printSummaryTable(summaryDetails *reportsummary.SummaryDetails, sortedControlNames [][]string) {

 	summaryTable := tablewriter.NewWriter(prettyPrinter.writer)
 	summaryTable.SetAutoWrapText(false)
 	summaryTable.SetHeader(getControlTableHeaders())
 	summaryTable.SetHeaderLine(true)
-	alignments := []int{tablewriter.ALIGN_LEFT, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER, tablewriter.ALIGN_CENTER}
-	summaryTable.SetColumnAlignment(alignments)
+	summaryTable.SetColumnAlignment(getColumnsAlignments())

-	for i := 0; i < len(prettyPrinter.sortedControlNames); i++ {
-		summaryTable.Append(generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, prettyPrinter.sortedControlNames[i])))
+	infoToPrintInfo := mapInfoToPrintInfo(summaryDetails.Controls)
+	for i := len(sortedControlNames) - 1; i >= 0; i-- {
+		for _, c := range sortedControlNames[i] {
+			row := generateRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaName, c), infoToPrintInfo, prettyPrinter.verboseMode)
+			if len(row) > 0 {
+				summaryTable.Append(row)
+			}
+		}
 	}

 	summaryTable.SetFooter(generateFooter(summaryDetails))

-	// summaryTable.SetFooter(generateFooter())
 	summaryTable.Render()

-	// For control scan framework will be nil
-	cautils.InfoTextDisplay(prettyPrinter.writer, frameworksScoresToString(summaryDetails.ListFrameworks().All()))
+	// When scanning controls the framework list will be empty
+	cautils.InfoTextDisplay(prettyPrinter.writer, frameworksScoresToString(summaryDetails.ListFrameworks()))
+
+	prettyPrinter.printInfo(infoToPrintInfo)
+
 }

-func frameworksScoresToString(frameworks []reportsummary.IPolicies) string {
+func (prettyPrinter *PrettyPrinter) printInfo(infoToPrintInfo []infoStars) {
+	fmt.Println()
+	for i := range infoToPrintInfo {
+		cautils.InfoDisplay(prettyPrinter.writer, fmt.Sprintf("%s %s\n", infoToPrintInfo[i].stars, infoToPrintInfo[i].info))
+	}
+}
+
+func frameworksScoresToString(frameworks []reportsummary.IFrameworkSummary) string {
 	if len(frameworks) == 1 {
 		if frameworks[0].GetName() != "" {
 			return fmt.Sprintf("FRAMEWORK %s\n", frameworks[0].GetName())
@@ -209,14 +234,6 @@ func frameworksScoresToString(frameworks []reportsummary.IPolicies) string {
 	return ""
 }

-// func getSortedControlsNames(controls []reportsummary.IPolicies) []string {
-// 	controlNames := make([]string, 0, len(controls))
-// 	for k := range controls {
-// 		controlNames = append(controlNames, controls[k].Get())
-// 	}
-// 	sort.Strings(controlNames)
-// 	return controlNames
-// }
-func getControlURL(controlID string) string {
+func getControlLink(controlID string) string {
 	return fmt.Sprintf("https://hub.armo.cloud/docs/%s", strings.ToLower(controlID))
 }
--- a/core/pkg/resultshandling/printer/v2/prometheus.go
+++ b/core/pkg/resultshandling/printer/v2/prometheus.go
@@ -0,0 +1,55 @@
+package v2
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/kubescape/core/cautils/logger"
+	"github.com/armosec/kubescape/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/core/pkg/resultshandling/printer"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
+)
+
+type PrometheusPrinter struct {
+	writer      *os.File
+	verboseMode bool
+}
+
+func NewPrometheusPrinter(verboseMode bool) *PrometheusPrinter {
+	return &PrometheusPrinter{
+		verboseMode: verboseMode,
+	}
+}
+
+func (prometheusPrinter *PrometheusPrinter) SetWriter(outputFile string) {
+	prometheusPrinter.writer = printer.GetWriter(outputFile)
+}
+
+func (prometheusPrinter *PrometheusPrinter) Score(score float32) {
+	fmt.Printf("\n# Overall risk-score (0- Excellent, 100- All failed)\nkubescape_score %d\n", cautils.Float32ToInt(score))
+}
+
+func (printer *PrometheusPrinter) generatePrometheusFormat(
+	resources map[string]workloadinterface.IMetadata,
+	results map[string]resourcesresults.Result,
+	summaryDetails *reportsummary.SummaryDetails) *Metrics {
+
+	m := &Metrics{}
+	m.setRiskScores(summaryDetails)
+	m.setResourcesCounters(resources, results)
+
+	return m
+}
+
+func (printer *PrometheusPrinter) ActionPrint(opaSessionObj *cautils.OPASessionObj) {
+
+	metrics := printer.generatePrometheusFormat(opaSessionObj.AllResources, opaSessionObj.ResourcesResult, &opaSessionObj.Report.SummaryDetails)
+
+	logOUtputFile(printer.writer.Name())
+	if _, err := printer.writer.Write([]byte(metrics.String())); err != nil {
+		logger.L().Error("failed to write results", helpers.Error(err))
+	}
+}
--- a/core/pkg/resultshandling/printer/v2/prometheusutils.go
+++ b/core/pkg/resultshandling/printer/v2/prometheusutils.go
@@ -0,0 +1,343 @@
+package v2
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/opa-utils/reporthandling/apis"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
+)
+
+type metricsName string
+
+const (
+	ksMetrics        metricsName = "kubescape"
+	metricsCluster   metricsName = "cluster"
+	metricsScore     metricsName = "riskScore"
+	metricsCount     metricsName = "count"
+	metricsFailed    metricsName = "failed"
+	metricsExcluded  metricsName = "exclude"
+	metricsPassed    metricsName = "passed"
+	metricsControl   metricsName = "control"
+	metricsControls  metricsName = "controls"
+	metricsResource  metricsName = "resource"
+	metricsResources metricsName = "resources"
+	metricsFramework metricsName = "framework"
+)
+
+// ============================================ CLUSTER ============================================================
+func (mrs *mRiskScore) metrics() []string {
+	/*
+		##### Overall risk score
+		kubescape_cluster_riskScore{} <risk score>
+
+		###### Overall resources counters
+		kubescape_cluster_count_resources_failed{} <counter>
+		kubescape_cluster_count_resources_excluded{} <counter>
+		kubescape_cluster_count_resources_passed{} <counter>
+
+		###### Overall controls counters
+		kubescape_cluster_count_controls_failed{} <counter>
+		kubescape_cluster_count_controls_excluded{} <counter>
+		kubescape_cluster_count_controls_passed{} <counter>
+	*/
+
+	m := []string{}
+	// overall
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s", mrs.prefix(), metricsScore), mrs.labels(), mrs.riskScore))
+
+	// resources
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrs.prefix(), metricsCount, metricsResources, metricsFailed), mrs.labels(), mrs.resourcesCountFailed))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrs.prefix(), metricsCount, metricsResources, metricsExcluded), mrs.labels(), mrs.resourcesCountExcluded))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrs.prefix(), metricsCount, metricsResources, metricsPassed), mrs.labels(), mrs.resourcesCountPassed))
+
+	// controls
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrs.prefix(), metricsCount, metricsControl, metricsFailed), mrs.labels(), mrs.controlsCountFailed))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrs.prefix(), metricsCount, metricsControl, metricsExcluded), mrs.labels(), mrs.controlsCountExcluded))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrs.prefix(), metricsCount, metricsControl, metricsPassed), mrs.labels(), mrs.controlsCountPassed))
+
+	return m
+}
+func (mrs *mRiskScore) labels() string {
+	return ""
+}
+
+func (mrs *mRiskScore) prefix() string {
+	return fmt.Sprintf("%s_%s", ksMetrics, metricsCluster)
+}
+
+// ============================================ CONTROL ============================================================
+
+func (mcrs *mControlRiskScore) metrics() []string {
+	/*
+		# Risk score
+		kubescape_control_riskScore{name="<control name>",url="<docs url>",severity="<control severity>"} <risk score>
+
+		# Resources counters
+		kubescape_control_count_resources_failed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
+		kubescape_control_count_resources_excluded{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
+		kubescape_control_count_resources_passed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
+	*/
+
+	m := []string{}
+	// overall
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s", mcrs.prefix(), metricsScore), mcrs.labels(), mcrs.riskScore))
+
+	// resources
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mcrs.prefix(), metricsCount, metricsResources, metricsFailed), mcrs.labels(), mcrs.resourcesCountFailed))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mcrs.prefix(), metricsCount, metricsResources, metricsExcluded), mcrs.labels(), mcrs.resourcesCountExcluded))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mcrs.prefix(), metricsCount, metricsResources, metricsPassed), mcrs.labels(), mcrs.resourcesCountPassed))
+
+	return m
+}
+func (mcrs *mControlRiskScore) labels() string {
+	r := fmt.Sprintf("name=\"%s\"", mcrs.controlName) + ","
+	r += fmt.Sprintf("severity=\"%s\"", mcrs.severity) + ","
+	r += fmt.Sprintf("link=\"%s\"", mcrs.link)
+	return r
+}
+func (mcrs *mControlRiskScore) prefix() string {
+	return fmt.Sprintf("%s_%s", ksMetrics, metricsControl)
+}
+
+// ============================================ FRAMEWORK ============================================================
+
+func (mfrs *mFrameworkRiskScore) metrics() []string {
+	/*
+		#### Frameworks metrics
+		kubescape_framework_riskScore{name="<framework name>"} <risk score>
+
+		###### Frameworks resources counters
+		kubescape_framework_count_resources_failed{} <counter>
+		kubescape_framework_count_resources_excluded{} <counter>
+		kubescape_framework_count_resources_passed{} <counter>
+
+		###### Frameworks controls counters
+		kubescape_framework_count_controls_failed{name="<framework name>"} <counter>
+		kubescape_framework_count_controls_excluded{name="<framework name>"} <counter>
+		kubescape_framework_count_controls_passed{name="<framework name>"} <counter>
+
+	*/
+
+	m := []string{}
+	// overall
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s", mfrs.prefix(), metricsScore), mfrs.labels(), mfrs.riskScore))
+
+	// resources
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mfrs.prefix(), metricsCount, metricsResources, metricsFailed), mfrs.labels(), mfrs.resourcesCountFailed))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mfrs.prefix(), metricsCount, metricsResources, metricsExcluded), mfrs.labels(), mfrs.resourcesCountExcluded))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mfrs.prefix(), metricsCount, metricsResources, metricsPassed), mfrs.labels(), mfrs.resourcesCountPassed))
+
+	// controls
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mfrs.prefix(), metricsCount, metricsControl, metricsFailed), mfrs.labels(), mfrs.controlsCountFailed))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mfrs.prefix(), metricsCount, metricsControl, metricsExcluded), mfrs.labels(), mfrs.controlsCountExcluded))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mfrs.prefix(), metricsCount, metricsControl, metricsPassed), mfrs.labels(), mfrs.controlsCountPassed))
+
+	return m
+}
+func (mfrs *mFrameworkRiskScore) labels() string {
+	r := fmt.Sprintf("name=\"%s\"", mfrs.frameworkName)
+	return r
+}
+func (mfrs *mFrameworkRiskScore) prefix() string {
+	return fmt.Sprintf("%s_%s", ksMetrics, metricsFramework)
+}
+
+// ============================================ RESOURCES ============================================================
+
+func (mrc *mResources) metrics() []string {
+	/*
+		#### Resources metrics
+		kubescape_resource_count_controls_failed{apiVersion="<>",kind="<>",namespace="<>",name="<>"} <counter>
+		kubescape_resource_count_controls_excluded{apiVersion="<>",kind="<>",namespace="<>",name="<>"} <counter>
+	*/
+
+	m := []string{}
+
+	// controls
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrc.prefix(), metricsCount, metricsControls, metricsFailed), mrc.labels(), mrc.controlsCountFailed))
+	m = append(m, toRowInMetrics(fmt.Sprintf("%s_%s_%s_%s", mrc.prefix(), metricsCount, metricsControls, metricsExcluded), mrc.labels(), mrc.controlsCountExcluded))
+	return m
+}
+
+func (mrc *mResources) labels() string {
+	r := fmt.Sprintf("apiVersion=\"%s\"", mrc.apiVersion) + ","
+	r += fmt.Sprintf("kind=\"%s\"", mrc.kind) + ","
+	r += fmt.Sprintf("namespace=\"%s\"", mrc.namespace) + ","
+	r += fmt.Sprintf("name=\"%s\"", mrc.name)
+	return r
+}
+func (mrc *mResources) prefix() string {
+	return fmt.Sprintf("%s_%s", ksMetrics, metricsResource)
+}
+
+// ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+func toRowInMetrics(name string, row string, value int) string {
+	return fmt.Sprintf("%s{%s} %d", name, row, value)
+
+}
+func (m *Metrics) String() string {
+
+	r := strings.Join(m.rs.metrics(), "\n") + "\n"
+	for i := range m.listFrameworks {
+		r += strings.Join(m.listFrameworks[i].metrics(), "\n") + "\n"
+	}
+	for i := range m.listControls {
+		r += strings.Join(m.listControls[i].metrics(), "\n") + "\n"
+	}
+	for i := range m.listResources {
+		r += strings.Join(m.listResources[i].metrics(), "\n") + "\n"
+	}
+	return r
+}
+
+type mRiskScore struct {
+	resourcesCountPassed   int
+	resourcesCountFailed   int
+	resourcesCountExcluded int
+	controlsCountPassed    int
+	controlsCountFailed    int
+	controlsCountExcluded  int
+	controlsCountSkipped   int
+	riskScore              int
+}
+
+type mControlRiskScore struct {
+	controlName            string
+	controlID              string
+	link                   string
+	severity               string
+	remediation            string
+	resourcesCountPassed   int
+	resourcesCountFailed   int
+	resourcesCountExcluded int
+	riskScore              int
+}
+
+type mFrameworkRiskScore struct {
+	frameworkName          string
+	resourcesCountPassed   int
+	resourcesCountFailed   int
+	resourcesCountExcluded int
+	controlsCountPassed    int
+	controlsCountFailed    int
+	controlsCountExcluded  int
+	controlsCountSkipped   int
+	riskScore              int
+}
+
+type mResources struct {
+	name                  string
+	namespace             string
+	apiVersion            string
+	kind                  string
+	controlsCountPassed   int
+	controlsCountFailed   int
+	controlsCountExcluded int
+}
+type Metrics struct {
+	rs             mRiskScore
+	listFrameworks []mFrameworkRiskScore
+	listControls   []mControlRiskScore
+	listResources  []mResources
+}
+
+func (mrs *mRiskScore) set(resources reportsummary.ICounters, controls reportsummary.ICounters) {
+	mrs.resourcesCountExcluded = resources.Excluded()
+	mrs.resourcesCountFailed = resources.Failed()
+	mrs.resourcesCountPassed = resources.Passed()
+	mrs.controlsCountExcluded = controls.Excluded()
+	mrs.controlsCountFailed = controls.Failed()
+	mrs.controlsCountPassed = controls.Passed()
+	mrs.controlsCountSkipped = controls.Skipped()
+}
+
+func (mfrs *mFrameworkRiskScore) set(resources reportsummary.ICounters, controls reportsummary.ICounters) {
+	mfrs.resourcesCountExcluded = resources.Excluded()
+	mfrs.resourcesCountFailed = resources.Failed()
+	mfrs.resourcesCountPassed = resources.Passed()
+	mfrs.controlsCountExcluded = controls.Excluded()
+	mfrs.controlsCountFailed = controls.Failed()
+	mfrs.controlsCountPassed = controls.Passed()
+	mfrs.controlsCountSkipped = controls.Skipped()
+}
+
+func (mcrs *mControlRiskScore) set(resources reportsummary.ICounters) {
+	mcrs.resourcesCountExcluded = resources.Excluded()
+	mcrs.resourcesCountFailed = resources.Failed()
+	mcrs.resourcesCountPassed = resources.Passed()
+}
+func (m *Metrics) setRiskScores(summaryDetails *reportsummary.SummaryDetails) {
+	m.rs.set(summaryDetails.NumberOfResources(), summaryDetails.NumberOfControls())
+	m.rs.riskScore = cautils.Float32ToInt(summaryDetails.GetScore())
+
+	for _, fw := range summaryDetails.ListFrameworks() {
+		mfrs := mFrameworkRiskScore{
+			frameworkName: fw.GetName(),
+			riskScore:     cautils.Float32ToInt(fw.GetScore()),
+		}
+		mfrs.set(fw.NumberOfResources(), fw.NumberOfControls())
+		m.listFrameworks = append(m.listFrameworks, mfrs)
+	}
+
+	for _, control := range summaryDetails.ListControls() {
+		mcrs := mControlRiskScore{
+			controlName: control.GetName(),
+			controlID:   control.GetID(),
+			riskScore:   cautils.Float32ToInt(control.GetScore()),
+			link:        getControlLink(control.GetID()),
+			severity:    apis.ControlSeverityToString(control.GetScoreFactor()),
+			remediation: control.GetRemediation(),
+		}
+		mcrs.set(control.NumberOfResources())
+		m.listControls = append(m.listControls, mcrs)
+	}
+}
+
+// return -> (passed, exceluded, failed)
+func resourceControlStatusCounters(result *resourcesresults.Result) (int, int, int) {
+	failed := 0
+	excluded := 0
+	passed := 0
+	for i := range result.ListControls() {
+		switch result.ListControls()[i].GetStatus(nil).Status() {
+		case apis.StatusExcluded:
+			excluded++
+		case apis.StatusFailed:
+			failed++
+		case apis.StatusPassed:
+			passed++
+		}
+	}
+	return passed, excluded, failed
+}
+func (m *Metrics) setResourcesCounters(
+	resources map[string]workloadinterface.IMetadata,
+	results map[string]resourcesresults.Result) {
+
+	for resourceID, result := range results {
+		r, ok := resources[resourceID]
+		if !ok {
+			continue
+		}
+		passed, excluded, failed := resourceControlStatusCounters(&result)
+
+		mrc := mResources{}
+		mrc.apiVersion = r.GetApiVersion()
+		mrc.namespace = r.GetNamespace()
+		mrc.kind = r.GetKind()
+		mrc.name = r.GetName()
+
+		// append
+		mrc.controlsCountPassed = passed
+		mrc.controlsCountFailed = failed
+		mrc.controlsCountExcluded = excluded
+
+		m.listResources = append(m.listResources, mrc)
+	}
+
+}
--- a/core/pkg/resultshandling/printer/v2/summary.go
+++ b/core/pkg/resultshandling/printer/v2/summary.go
@@ -1 +0,0 @@
-package v2
--- a/core/pkg/resultshandling/printer/v2/utils.go
+++ b/core/pkg/resultshandling/printer/v2/utils.go
@@ -6,6 +6,7 @@ import (
 	"github.com/armosec/kubescape/core/cautils/logger"
 	"github.com/armosec/kubescape/core/cautils/logger/helpers"
 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/opa-utils/reporthandling/results/v1/reportsummary"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
 	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 )
@@ -25,8 +26,7 @@ func DataToJson(data *cautils.OPASessionObj) *reporthandlingv2.PostureReport {
 	report.Results = make([]resourcesresults.Result, len(data.ResourcesResult))
 	finalizeResults(report.Results, data.ResourcesResult)

-	report.Resources = make([]reporthandling.Resource, 0) // do not initialize slice length
-	finalizeResources(report.Resources, report.Results, data.AllResources)
+	report.Resources = finalizeResources(report.Results, data.AllResources)

 	return &report
 }
@@ -38,7 +38,32 @@ func finalizeResults(results []resourcesresults.Result, resourcesResult map[stri
 	}
 }

-func finalizeResources(resources []reporthandling.Resource, results []resourcesresults.Result, allResources map[string]workloadinterface.IMetadata) {
+type infoStars struct {
+	stars string
+	info  string
+}
+
+func mapInfoToPrintInfo(controls reportsummary.ControlSummaries) []infoStars {
+	infoToPrintInfo := []infoStars{}
+	infoToPrintInfoMap := map[string]interface{}{}
+	starCount := "*"
+	for _, control := range controls {
+		if control.GetStatus().IsSkipped() && control.GetStatus().Info() != "" {
+			if _, ok := infoToPrintInfoMap[control.GetStatus().Info()]; !ok {
+				infoToPrintInfo = append(infoToPrintInfo, infoStars{
+					info:  control.GetStatus().Info(),
+					stars: starCount,
+				})
+				starCount += starCount
+				infoToPrintInfoMap[control.GetStatus().Info()] = nil
+			}
+		}
+	}
+	return infoToPrintInfo
+}
+
+func finalizeResources(results []resourcesresults.Result, allResources map[string]workloadinterface.IMetadata) []reporthandling.Resource {
+	resources := make([]reporthandling.Resource, 0)
 	for i := range results {
 		if obj, ok := allResources[results[i].ResourceID]; ok {
 			r := *reporthandling.NewResource(obj.GetObject())
@@ -46,6 +71,7 @@ func finalizeResources(resources []reporthandling.Resource, results []resourcesr
 			resources = append(resources, r)
 		}
 	}
+	return resources
 }

 func logOUtputFile(fileName string) {
--- a/core/pkg/resultshandling/reporter/interface.go
+++ b/core/pkg/resultshandling/reporter/interface.go
@@ -3,8 +3,9 @@ package reporter
 import "github.com/armosec/kubescape/core/cautils"

 type IReport interface {
-	ActionSendReport(opaSessionObj *cautils.OPASessionObj) error
+	Submit(opaSessionObj *cautils.OPASessionObj) error
 	SetCustomerGUID(customerGUID string)
 	SetClusterName(clusterName string)
 	DisplayReportURL()
+	GetURL() string
 }
--- a/core/pkg/resultshandling/reporter/v1/reporteventreceiver.go
+++ b/core/pkg/resultshandling/reporter/v1/reporteventreceiver.go
@@ -38,7 +38,7 @@ func NewReportEventReceiver(tenantConfig *cautils.ConfigObj) *ReportEventReceive
 	}
 }

-func (report *ReportEventReceiver) ActionSendReport(opaSessionObj *cautils.OPASessionObj) error {
+func (report *ReportEventReceiver) Submit(opaSessionObj *cautils.OPASessionObj) error {
 	if opaSessionObj.PostureReport == nil && opaSessionObj.Report != nil {
 		cautils.ReportV2ToV1(opaSessionObj)
 	}
@@ -157,6 +157,9 @@ func (report *ReportEventReceiver) generateMessage() {
 	report.message = fmt.Sprintf("%s %s", message, u.String())
 }

+func (report *ReportEventReceiver) GetURL() string {
+	return getter.GetArmoAPIConnector().GetFrontendURL()
+}
 func (report *ReportEventReceiver) DisplayReportURL() {
 	cautils.InfoTextDisplay(os.Stderr, fmt.Sprintf("\n\n%s\n\n", report.message))
 }
--- a/core/pkg/resultshandling/reporter/v2/mockreporter.go
+++ b/core/pkg/resultshandling/reporter/v2/mockreporter.go
@@ -21,7 +21,7 @@ func NewReportMock(query, message string) *ReportMock {
 		message: message,
 	}
 }
-func (reportMock *ReportMock) ActionSendReport(opaSessionObj *cautils.OPASessionObj) error {
+func (reportMock *ReportMock) Submit(opaSessionObj *cautils.OPASessionObj) error {
 	return nil
 }

@@ -31,6 +31,10 @@ func (reportMock *ReportMock) SetCustomerGUID(customerGUID string) {
 func (reportMock *ReportMock) SetClusterName(clusterName string) {
 }

+func (reportMock *ReportMock) GetURL() string {
+	return getter.GetArmoAPIConnector().GetFrontendURL()
+}
+
 func (reportMock *ReportMock) DisplayReportURL() {
 	u := fmt.Sprintf("https://%s/account/login", getter.GetArmoAPIConnector().GetFrontendURL())
 	if reportMock.query != "" {
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
@@ -7,11 +7,11 @@ import (
 	"net/url"
 	"os"

+	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/getter"
 	"github.com/armosec/kubescape/core/cautils/logger"
 	"github.com/armosec/kubescape/core/cautils/logger/helpers"
-	"github.com/google/uuid"

 	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
@@ -42,33 +42,28 @@ func NewReportEventReceiver(tenantConfig *cautils.ConfigObj, reportID string) *R
 	}
 }

-func (report *ReportEventReceiver) ActionSendReport(opaSessionObj *cautils.OPASessionObj) error {
-	finalizeReport(opaSessionObj)
+func (report *ReportEventReceiver) Submit(opaSessionObj *cautils.OPASessionObj) error {

 	if report.customerGUID == "" {
 		logger.L().Warning("failed to publish results. Reason: Unknown accout ID. Run kubescape with the '--account <account ID>' flag. Contact ARMO team for more details")
-
 		return nil
 	}
-	if report.clusterName == "" {
+	if opaSessionObj.Metadata.ScanMetadata.ScanningTarget == reporthandlingv2.Cluster && report.clusterName == "" {
 		logger.L().Warning("failed to publish results because the cluster name is Unknown. If you are scanning YAML files the results are not submitted to the Kubescape SaaS")
 		return nil
 	}
-	if opaSessionObj.Report.ReportID == "" {
-		opaSessionObj.Report.ReportID = uuid.NewString()
-	}
-	opaSessionObj.Report.ReportID = uuid.NewString()
-	opaSessionObj.Report.CustomerGUID = report.customerGUID
-	opaSessionObj.Report.ClusterName = report.clusterName

-	if err := report.prepareReport(opaSessionObj.Report); err != nil {
-		logger.L().Error("failed to publish results", helpers.Error(err))
-	} else {
+	err := report.prepareReport(opaSessionObj)
+	if err == nil {
 		report.generateMessage()
+	} else {
+
+		err = fmt.Errorf("failed to submit scan results. url: '%s'", report.GetURL())
 	}
+
 	logger.L().Debug("", helpers.String("account ID", report.customerGUID))

-	return nil
+	return err
 }

 func (report *ReportEventReceiver) SetCustomerGUID(customerGUID string) {
@@ -79,80 +74,111 @@ func (report *ReportEventReceiver) SetClusterName(clusterName string) {
 	report.clusterName = cautils.AdoptClusterName(clusterName) // clean cluster name
 }

-func (report *ReportEventReceiver) prepareReport(postureReport *reporthandlingv2.PostureReport) error {
+func (report *ReportEventReceiver) prepareReport(opaSessionObj *cautils.OPASessionObj) error {
 	report.initEventReceiverURL()
-	host := hostToString(report.eventReceiverURL, postureReport.ReportID)
+	host := hostToString(report.eventReceiverURL, report.reportID)

 	cautils.StartSpinner()

-	reportCounter := 0
-
 	// send resources
-	err := report.sendResources(host, postureReport, &reportCounter, false)
+	err := report.sendResources(host, opaSessionObj)

 	cautils.StopSpinner()
 	return err
 }

-func (report *ReportEventReceiver) sendResources(host string, postureReport *reporthandlingv2.PostureReport, reportCounter *int, isLastReport bool) error {
-	splittedPostureReport := setSubReport(postureReport)
+func (report *ReportEventReceiver) GetURL() string {
+	u := url.URL{}
+	u.Scheme = "https"
+	u.Host = getter.GetArmoAPIConnector().GetFrontendURL()
+
+	if report.customerAdminEMail != "" || report.token == "" { // data has been submitted
+		u.Path = fmt.Sprintf("configuration-scanning/%s", report.clusterName)
+	} else {
+		u.Path = "account/sign-up"
+		q := u.Query()
+		q.Add("invitationToken", report.token)
+		q.Add("customerGUID", report.customerGUID)
+
+		u.RawQuery = q.Encode()
+	}
+	return u.String()
+
+}
+func (report *ReportEventReceiver) sendResources(host string, opaSessionObj *cautils.OPASessionObj) error {
+	splittedPostureReport := report.setSubReport(opaSessionObj)
 	counter := 0
-
-	for _, v := range postureReport.Resources {
-		r, err := json.Marshal(v)
-		if err != nil {
-			return fmt.Errorf("failed to unmarshal resource '%s', reason: %v", v.ResourceID, err)
-		}
-
-		if counter+len(r) >= MAX_REPORT_SIZE && len(splittedPostureReport.Resources) > 0 {
-
-			// send report
-			if err := report.sendReport(host, splittedPostureReport, *reportCounter, false); err != nil {
-				return err
-			}
-			*reportCounter++
-
-			// delete resources
-			splittedPostureReport.Resources = []reporthandling.Resource{}
-			splittedPostureReport.Results = []resourcesresults.Result{}
-
-			// restart counter
-			counter = 0
-		}
-
-		counter += len(r)
-		splittedPostureReport.Resources = append(splittedPostureReport.Resources, v)
+	reportCounter := 0
+	if err := report.setResources(splittedPostureReport, opaSessionObj.AllResources, opaSessionObj.ResourceSource, &counter, &reportCounter, host); err != nil {
+		return err
+	}
+	if err := report.setResults(splittedPostureReport, opaSessionObj.ResourcesResult, &counter, &reportCounter, host); err != nil {
+		return err
 	}

-	for _, v := range postureReport.Results {
+	return report.sendReport(host, splittedPostureReport, reportCounter, true)
+}
+func (report *ReportEventReceiver) setResults(reportObj *reporthandlingv2.PostureReport, results map[string]resourcesresults.Result, counter, reportCounter *int, host string) error {
+	for _, v := range results {
 		r, err := json.Marshal(v)
 		if err != nil {
 			return fmt.Errorf("failed to unmarshal resource '%s', reason: %v", v.GetResourceID(), err)
 		}

-		if counter+len(r) >= MAX_REPORT_SIZE && len(splittedPostureReport.Results) > 0 {
+		if *counter+len(r) >= MAX_REPORT_SIZE && len(reportObj.Results) > 0 {

 			// send report
-			if err := report.sendReport(host, splittedPostureReport, *reportCounter, false); err != nil {
+			if err := report.sendReport(host, reportObj, *reportCounter, false); err != nil {
 				return err
 			}
 			*reportCounter++

 			// delete results
-			splittedPostureReport.Results = []resourcesresults.Result{}
-			splittedPostureReport.Resources = []reporthandling.Resource{}
+			reportObj.Results = []resourcesresults.Result{}
+			reportObj.Resources = []reporthandling.Resource{}

 			// restart counter
-			counter = 0
+			*counter = 0
 		}

-		counter += len(r)
-		splittedPostureReport.Results = append(splittedPostureReport.Results, v)
+		*counter += len(r)
+		reportObj.Results = append(reportObj.Results, v)
 	}
-
-	return report.sendReport(host, splittedPostureReport, *reportCounter, true)
+	return nil
 }

+func (report *ReportEventReceiver) setResources(reportObj *reporthandlingv2.PostureReport, allResources map[string]workloadinterface.IMetadata, resourcesSource map[string]string, counter, reportCounter *int, host string) error {
+	for resourceID, v := range allResources {
+		resource := reporthandling.NewResourceIMetadata(v)
+		if r, ok := resourcesSource[resourceID]; ok {
+			resource.SetSource(&reporthandling.Source{Path: r})
+		}
+		r, err := json.Marshal(resource)
+		if err != nil {
+			return fmt.Errorf("failed to unmarshal resource '%s', reason: %v", resourceID, err)
+		}
+
+		if *counter+len(r) >= MAX_REPORT_SIZE && len(reportObj.Resources) > 0 {
+
+			// send report
+			if err := report.sendReport(host, reportObj, *reportCounter, false); err != nil {
+				return err
+			}
+			*reportCounter++
+
+			// delete resources
+			reportObj.Resources = []reporthandling.Resource{}
+			reportObj.Results = []resourcesresults.Result{}
+
+			// restart counter
+			*counter = 0
+		}
+
+		*counter += len(r)
+		reportObj.Resources = append(reportObj.Resources, *resource)
+	}
+	return nil
+}
 func (report *ReportEventReceiver) sendReport(host string, postureReport *reporthandlingv2.PostureReport, counter int, isLastReport bool) error {
 	postureReport.PaginationInfo = reporthandlingv2.PaginationMarks{
 		ReportNumber: counter,
@@ -170,26 +196,12 @@ func (report *ReportEventReceiver) sendReport(host string, postureReport *report
 }

 func (report *ReportEventReceiver) generateMessage() {
-
-	u := url.URL{}
-	u.Scheme = "https"
-	u.Host = getter.GetArmoAPIConnector().GetFrontendURL()
-
-	if report.customerAdminEMail != "" || report.token == "" { // data has been submitted
-		u.Path = fmt.Sprintf("configuration-scanning/%s", report.clusterName)
-	} else {
-		u.Path = "account/sign-up"
-		q := u.Query()
-		q.Add("invitationToken", report.token)
-		q.Add("customerGUID", report.customerGUID)
-
-		u.RawQuery = q.Encode()
-	}
+	report.message = ""

 	sep := "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\n"
 	report.message = sep
 	report.message += "   << WOW! Now you can see the scan results on the web >>\n\n"
-	report.message += fmt.Sprintf("   %s\n", u.String())
+	report.message += fmt.Sprintf("   %s\n", report.GetURL())
 	report.message += sep

 }
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiverutils.go
@@ -3,9 +3,8 @@ package v2
 import (
 	"net/url"

-	"github.com/armosec/k8s-interface/workloadinterface"
+	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/getter"
-	"github.com/armosec/opa-utils/reporthandling"
 	reporthandlingv2 "github.com/armosec/opa-utils/reporthandling/v2"
 	"github.com/google/uuid"
 )
@@ -33,22 +32,22 @@ func hostToString(host *url.URL, reportID string) string {
 	return host.String()
 }

-func setSubReport(postureReport *reporthandlingv2.PostureReport) *reporthandlingv2.PostureReport {
-	return &reporthandlingv2.PostureReport{
-		CustomerGUID:         postureReport.CustomerGUID,
-		ClusterName:          postureReport.ClusterName,
-		ReportID:             postureReport.ReportID,
-		ReportGenerationTime: postureReport.ReportGenerationTime,
-		SummaryDetails:       postureReport.SummaryDetails,
-		Attributes:           postureReport.Attributes,
-		ClusterCloudProvider: postureReport.ClusterCloudProvider,
-		JobID:                postureReport.JobID,
-		ClusterAPIServerInfo: postureReport.ClusterAPIServerInfo,
+func (report *ReportEventReceiver) setSubReport(opaSessionObj *cautils.OPASessionObj) *reporthandlingv2.PostureReport {
+	reportObj := &reporthandlingv2.PostureReport{
+		CustomerGUID:         report.customerGUID,
+		ClusterName:          report.clusterName,
+		ReportID:             report.reportID,
+		ReportGenerationTime: opaSessionObj.Report.ReportGenerationTime,
+		SummaryDetails:       opaSessionObj.Report.SummaryDetails,
+		Attributes:           opaSessionObj.Report.Attributes,
+		ClusterAPIServerInfo: opaSessionObj.Report.ClusterAPIServerInfo,
 	}
-}
-func iMetaToResource(obj workloadinterface.IMetadata) *reporthandling.Resource {
-	return &reporthandling.Resource{
-		ResourceID: obj.GetID(),
-		Object:     obj.GetObject(),
+	if opaSessionObj.Metadata != nil {
+		reportObj.Metadata = *opaSessionObj.Metadata
+		if opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata != nil {
+			reportObj.ClusterCloudProvider = opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata.CloudProvider // DEPRECATED
+			reportObj.Metadata.ClusterMetadata = *opaSessionObj.Metadata.ContextMetadata.ClusterContextMetadata
+		}
 	}
+	return reportObj
 }
--- a/core/pkg/resultshandling/reporter/v2/utils.go
+++ b/core/pkg/resultshandling/reporter/v2/utils.go
@@ -2,47 +2,8 @@ package v2

 import (
 	"strings"
-
-	"github.com/armosec/k8s-interface/workloadinterface"
-	"github.com/armosec/kubescape/core/cautils"
-	"github.com/armosec/opa-utils/reporthandling"
-	"github.com/armosec/opa-utils/reporthandling/results/v1/resourcesresults"
 )

-// finalizeV2Report finalize the results objects by copying data from map to lists
-func finalizeReport(opaSessionObj *cautils.OPASessionObj) {
-	opaSessionObj.PostureReport = nil
-	if len(opaSessionObj.Report.Results) == 0 {
-		opaSessionObj.Report.Results = make([]resourcesresults.Result, len(opaSessionObj.ResourcesResult))
-		finalizeResults(opaSessionObj.Report.Results, opaSessionObj.ResourcesResult)
-		opaSessionObj.ResourcesResult = nil
-	}
-
-	if len(opaSessionObj.Report.Resources) == 0 {
-		opaSessionObj.Report.Resources = make([]reporthandling.Resource, 0) // do not set slice length
-		finalizeResources(opaSessionObj.Report.Resources, opaSessionObj.AllResources)
-		opaSessionObj.AllResources = nil
-	}
-
-}
-func finalizeResults(results []resourcesresults.Result, resourcesResult map[string]resourcesresults.Result) {
-	index := 0
-	for resourceID := range resourcesResult {
-		results[index] = resourcesResult[resourceID]
-		index++
-	}
-}
-
-func finalizeResources(resources []reporthandling.Resource, allResources map[string]workloadinterface.IMetadata) {
-	for resourceID := range allResources {
-		if obj, ok := allResources[resourceID]; ok {
-			r := *reporthandling.NewResource(obj.GetObject())
-			r.ResourceID = resourceID
-			resources = append(resources, r)
-		}
-	}
-}
-
 func maskID(id string) string {
 	sep := "-"
 	splitted := strings.Split(id, sep)
--- a/core/pkg/resultshandling/results.go
+++ b/core/pkg/resultshandling/results.go
@@ -56,17 +56,19 @@ func (resultsHandler *ResultsHandler) ToJson() ([]byte, error) {
 }

 // HandleResults handle the scan results according to the pre defind interfaces
-func (resultsHandler *ResultsHandler) HandleResults() {
+func (resultsHandler *ResultsHandler) HandleResults() error {

 	resultsHandler.printerObj.ActionPrint(resultsHandler.scanData)

-	if err := resultsHandler.reporterObj.ActionSendReport(resultsHandler.scanData); err != nil {
-		logger.L().Error(err.Error())
+	if err := resultsHandler.reporterObj.Submit(resultsHandler.scanData); err != nil {
+		return err
 	}

 	resultsHandler.printerObj.Score(resultsHandler.GetRiskScore())

 	resultsHandler.reporterObj.DisplayReportURL()
+
+	return nil
 }

 // NewPrinter defind output format
@@ -84,7 +86,7 @@ func NewPrinter(printFormat, formatVersion string, verboseMode bool) printer.IPr
 	case printer.JunitResultFormat:
 		return printerv2.NewJunitPrinter(verboseMode)
 	case printer.PrometheusFormat:
-		return printerv1.NewPrometheusPrinter(verboseMode)
+		return printerv2.NewPrometheusPrinter(verboseMode)
 	case printer.PdfFormat:
 		return printerv2.NewPdfPrinter()
 	default:
--- a/docs/ARMO-header-2022.gif
+++ b/docs/ARMO-header-2022.gif
--- a/docs/ksfromcodetodeploy.png
+++ b/docs/ksfromcodetodeploy.png
--- a/docs/roadmap.md
+++ b/docs/roadmap.md
@@ -5,33 +5,33 @@
 Kubescape roadmap items are labeled based on where the feature is used and by their maturity.

 The features serve different stages of the workflow of the users:
-* **Development phase** (writing Kubernetes manifests) - example: VS Code extension is used while editing YAMLs
+* **Development phase** (writing Kubernetes manifests) - example: The VS Code extension is used while editing YAMLs.
 * **CI phase** (integrating manifests to GIT repo) - example: GitHub action validating HELM charts on PRs
-* **CD phase** (deploying applications in Kubernetes) - example: running cluster scan after a new deployment
-* **Monitoring phase** (scanning application in Kubernetes) - example: Prometheus scraping the cluster security risk 
+* **CD phase** (deploying applications in Kubernetes) - example: running a cluster scan after a new deployment
+* **Monitoring phase** (scanning application in Kubernetes) - example: Prometheus scraping the cluster security risk

-The items in Kubescape roadmap are split to 3 major groups based on the feature planning maturity:
+The items in the Kubescape roadmap are split into 3 major groups based on the feature planning maturity:

-* [Planning](#planning) - we have tickets open for these issues with more or less clear vision of design
-* [Backlog](#backlog)  - feature which were discussed at a high level but are not ready for development 
-* [Wishlist](#wishlist) -  features we are dreaming of 😀 and want to push them gradually forward 
+* [Planning](#planning) - we have tickets open for these issues with a more or less clear vision of design.
+* [Backlog](#backlog)  -  features that were discussed at a high level but are not ready for development 
+* [Wishlist](#wishlist) -  features we are dreaming of in 😀 and want to push them gradually forward


 ## Planning 👷
 * ##### Integration with image registries 
-  We want to expand Kubescape to integrate with differnet image registries and read image vulnerability information from there. This will allow Kubescape to give contextual security information about vulnerabilities [Container registry integration](/docs/proposals/container-image-vulnerability-adaptor.md)
+ We want to expand Kubescape to integrate with different image registries and read image vulnerability information from there. This will allow Kubescape to give contextual security information about vulnerabilities. Container registry integration
 * ##### Kubescape as a microservice 
-  Create a REST API for Kubescape so it can run constantly in a cluster and other components like Prometheus can scrape results
+  Create a REST API for Kubescape so it can constantly run in a cluster, and other components like Prometheus can scrape results.
 * ##### Kubescape CLI control over cluster operations 
-  Add functionality to Kubescape CLI to trigger operations in Kubescape cluster components (example: trigger images scans and etc.)
+  Add functionality to Kubescape CLI to trigger operations in Kubescape cluster components (example: trigger image scans, etc.)
 * ##### Produce md/HTML reports 
-  Create scan reports for different output formats
+  Create scan reports for different output formats.
 * ##### Git integration for pull requests 
  Create insightful GitHub actions for Kubescape

 ## Backlog 📅
 * ##### JSON path for HELM charts 
-  Today Kubescape can point to issues in the Kubernetes object, we want to develop this feature so Kubescape will be able to point to the misconfigured source file (HELM)
+  Today, Kubescape can point to issues in the Kubernetes object. We want to develop this feature so Kubescape will be able to point to the misconfigured source file (HELM).
 * ##### Create Kubescape HELM plugin
 * ##### Kubescape based admission controller 
  Implement admission controller API for Kubescape microservice to enable users to use Kubescape rules as policies
--- a/httphandler/README.md
+++ b/httphandler/README.md
@@ -5,14 +5,14 @@
 Running `kubescape` will start up a webserver on port `8080` which will serve the following paths: 

 * POST `/v1/scan` - Trigger a kubescape scan. The server will return an ID and will execute the scanning asynchronously 
-* * `synchronously`: scan synchronously (return results and not ID). Use only in small clusters are with an increased timeout
+* * `wait`: scan synchronously (return results and not ID). Use only in small clusters are with an increased timeout
 * GET `/v1/results` -  Request kubescape scan results
-* * query `id=<string>` -> ID returned when triggering the scan action. If empty will return latest results
+* * query `id=<string>` -> ID returned when triggering the scan action. ~If empty will return latest results~ (not supported)
 * * query `remove` -> Remove results from storage after reading the results
-* DELETE `/v1/results` - Delete kubescape scan results from storage If empty will delete latest results
+* DELETE `/v1/results` - Delete kubescape scan results from storage. ~If empty will delete latest results~ (not supported)
 * * query `id=<string>`: Delete ID of specific results 
 * * query `all`: Delete all cached results
-* GET/POST `/v1/metrics` - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed.
+* GET/POST `/metrics` - will trigger cluster scan. will respond with prometheus metrics once they have been scanned. This will respond 503 if the scan failed.
 * `/livez` - will respond 200 is server is alive
 * `/readyz` - will respond 200 if server can receive requests 

@@ -20,15 +20,16 @@ Running `kubescape` will start up a webserver on port `8080` which will serve th

 POST /v1/results
 body:
-```json
+```
 {
-    "format": "",               // results format [default: json] (same as 'kubescape scan --format')
-    "excludedNamespaces": null, // list of namespaces to exclude (same as 'kubescape scan --excluded-namespaces')
-    "includeNamespaces": null,  // list of namespaces to include (same as 'kubescape scan --include-namespaces')
-    "submit": false,            // submit results to Kubescape cloud (same as 'kubescape scan --submit')
-    "hostScanner": false,       // deploy kubescape K8s host-scanner DaemonSet in the scanned cluster (same as 'kubescape scan --enable-host-scan')
-    "keepLocal": false,         // do not submit results to Kubescape cloud (same as 'kubescape scan --keep-local')
-    "account": ""               // account ID (same as 'kubescape scan --account')
+    "format": <str>,               // results format [default: json] (same as 'kubescape scan --format')
+    "excludedNamespaces": <[]str>, // list of namespaces to exclude (same as 'kubescape scan --excluded-namespaces')
+    "includeNamespaces": <[]str>,  // list of namespaces to include (same as 'kubescape scan --include-namespaces')
+    "useCachedArtifacts"`: <bool>, // use the cached artifacts instead of downloading (offline support)
+    "submit": <bool>,              // submit results to Kubescape cloud (same as 'kubescape scan --submit')
+    "hostScanner": <bool>,         // deploy kubescape K8s host-scanner DaemonSet in the scanned cluster (same as 'kubescape scan --enable-host-scan')
+    "keepLocal": <bool>,           // do not submit results to Kubescape cloud (same as 'kubescape scan --keep-local')
+    "account": <str>               // account ID (same as 'kubescape scan --account')
 }
 ```

@@ -37,11 +38,10 @@ e.g.:
 ```bash
 curl --header "Content-Type: application/json" \
  --request POST \
-  --data '{"account":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX","hostScanner":true, "submit":true}' \
+  --data '{"hostScanner":true, "submit":true}' \
  http://127.0.0.1:8080/v1/scan
 ```
-## Installation into kubernetes
+## Examples

-The [yaml](ks-prometheus-support.yaml) file will deploy one instance of kubescape (with all relevant dependencies) to run on your cluster
-
-**NOTE** Make sure the configurations suit your cluster (e.g. `serviceType`, namespace, etc.)
+* [Prometheus](examples/prometheus/README.md)
+* [Microservice](examples/microservice/README.md)
--- a/httphandler/build.py
+++ b/httphandler/build.py
@@ -0,0 +1,92 @@
+import os
+import sys
+import hashlib
+import platform
+import subprocess
+
+BASE_GETTER_CONST = "github.com/armosec/kubescape/core/cautils/getter"
+BE_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoBEURL"
+ER_SERVER_CONST   = BASE_GETTER_CONST + ".ArmoERURL"
+WEBSITE_CONST     = BASE_GETTER_CONST + ".ArmoFEURL"
+AUTH_SERVER_CONST = BASE_GETTER_CONST + ".armoAUTHURL"
+
+def checkStatus(status, msg):
+    if status != 0:
+        sys.stderr.write(msg)
+        exit(status)
+
+
+def getBuildDir():
+    currentPlatform = platform.system()
+    buildDir = "build/"
+
+    if currentPlatform == "Windows": return os.path.join(buildDir, "windows-latest") 
+    if currentPlatform == "Linux": return os.path.join(buildDir, "ubuntu-latest")  
+    if currentPlatform == "Darwin": return os.path.join(buildDir, "macos-latest")  
+    raise OSError("Platform %s is not supported!" % (currentPlatform))
+
+def getPackageName():
+    packageName = "kubescape"
+    # if platform.system() == "Windows": packageName += ".exe"
+
+    return packageName
+
+
+def main():
+    print("Building Kubescape")
+
+    # print environment variables
+    # print(os.environ)
+
+    # Set some variables
+    packageName = getPackageName()
+    buildUrl = "github.com/armosec/kubescape/core/cautils.BuildNumber"
+    releaseVersion = os.getenv("RELEASE")
+    ArmoBEServer = os.getenv("ArmoBEServer")
+    ArmoERServer = os.getenv("ArmoERServer")
+    ArmoWebsite = os.getenv("ArmoWebsite")
+    ArmoAuthServer = os.getenv("ArmoAuthServer")
+
+    # Create build directory
+    buildDir = getBuildDir()
+
+    ks_file = os.path.join(buildDir, packageName)
+    hash_file = ks_file + ".sha256"
+
+    if not os.path.isdir(buildDir):
+        os.makedirs(buildDir)
+
+    # Build kubescape
+    ldflags = "-w -s"
+    if releaseVersion:
+        ldflags += " -X {}={}".format(buildUrl, releaseVersion)
+    if ArmoBEServer:
+        ldflags += " -X {}={}".format(BE_SERVER_CONST, ArmoBEServer)
+    if ArmoERServer:
+        ldflags += " -X {}={}".format(ER_SERVER_CONST, ArmoERServer)
+    if ArmoWebsite:
+        ldflags += " -X {}={}".format(WEBSITE_CONST, ArmoWebsite)
+    if ArmoAuthServer:
+        ldflags += " -X {}={}".format(AUTH_SERVER_CONST, ArmoAuthServer)
+
+    build_command = ["go", "build", "-o", ks_file, "-ldflags" ,ldflags]
+
+    print("Building kubescape and saving here: {}".format(ks_file))
+    print("Build command: {}".format(" ".join(build_command)))
+
+    status = subprocess.call(build_command)
+    checkStatus(status, "Failed to build kubescape")
+    
+    sha256 = hashlib.sha256()
+    with open(ks_file, "rb") as kube:
+        sha256.update(kube.read())
+        with open(hash_file, "w") as kube_sha:
+            hash = sha256.hexdigest()
+            print("kubescape hash: {}, file: {}".format(hash, hash_file))
+            kube_sha.write(sha256.hexdigest())
+
+    print("Build Done")
+ 
+ 
+if __name__ == "__main__":
+    main()
--- a/httphandler/examples/microservice/README.md
+++ b/httphandler/examples/microservice/README.md
@@ -0,0 +1,20 @@
+# Kubescape as a microservice
+
+1. Deploy kubescape microservice
+    ```bash
+    kubectl apply -f ks-deployment.yaml
+    ```
+    > **NOTE** Make sure the configurations suit your cluster (e.g. `serviceType`, namespace, etc.)
+
+2. Trigger scan
+    ```bash
+    curl --header "Content-Type: application/json" \
+    --request POST \
+    --data '{"account":"XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX","hostScanner":true, "submit":true}' \
+    http://127.0.0.1:8080/v1/scan
+    ```
+
+3. Get results
+    ```bash
+    curl --request GET http://127.0.0.1:8080/v1/results -o results.json
+    ```
--- a/httphandler/examples/microservice/ks-deployment.yaml
+++ b/httphandler/examples/microservice/ks-deployment.yaml
@@ -51,6 +51,7 @@ spec:
  type: NodePort
  ports:
    - port: 8080
+      name: http
      targetPort: 8080
      protocol: TCP
  selector:
@@ -76,28 +77,31 @@ spec:
      serviceAccountName: kubescape-discovery
      containers:
      - name: kubescape
-        # livenessProbe:
-        #   httpGet:
-        #     path: /livez
-        #     port: 8080
-        #   initialDelaySeconds: 3
-        #   periodSeconds: 3
-        # readinessProbe:
-        #   httpGet:
-        #     path: /readyz
-        #     port: 8080
-        #   initialDelaySeconds: 3
-        #   periodSeconds: 3
-        image: quay.io/armosec/kubescape:prometheus.v1
+        livenessProbe:
+          httpGet:
+            path: /livez
+            port: 8080
+          initialDelaySeconds: 3
+          periodSeconds: 3
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8080
+          initialDelaySeconds: 3
+          periodSeconds: 3
+        image: quay.io/armosec/kubescape:prometheus.v2
        env:
-        - name: KS_RUN_PROMETHEUS_SERVER
-          value: "true"
        - name: KS_DEFAULT_CONFIGMAP_NAMESPACE
-          value: "ks-scanner"
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
        ports:
        - containerPort: 8080
+          name: http
+          protocol: TCP
        command:
-        - kubescape
+        - ksserver
        resources:
          requests:
            cpu: 10m
--- a/httphandler/examples/prometheus/README.md
+++ b/httphandler/examples/prometheus/README.md
@@ -0,0 +1,122 @@
+# Prometheus Kubescape Integration
+
+1. Deploy kubescape
+    ```bash
+    kubectl apply -f ks-deployment.yaml
+    ```
+    > **NOTE** Make sure the configurations suit your cluster (e.g. `serviceType`, etc.)
+
+2. Deploy kube-prometheus-stack
+    ```bash
+    helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
+    helm repo update
+    kubectl create namespace prometheus
+    helm install -n prometheus kube-prometheus-stack prometheus-community/kube-prometheus-stack --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false,prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
+    ```
+3. Deploy pod monitor
+    ```bash
+    kubectl apply -f podmonitor.yaml
+    ```
+ 
+
+## Metrics
+
+All kubescape related metrics begin with `kubescape`
+
+> `riskScore` is the output of an algorithm calculating the risk of the vulinrability. `0` indicates there is no risk and `100` indicates highest risk. 
+
+#### Cluster scope metrics
+
+##### Overall risk score
+```
+# Overall riskScore of the scan
+kubescape_cluster_riskScore{} <risk score>
+```
+
+###### Overall resources counters
+```
+# Number of resources that failed 
+kubescape_cluster_count_resources_failed{} <counter>
+
+# Number of resources that where excluded
+kubescape_cluster_count_resources_excluded{} <counter>
+
+# Number of resources that passed
+kubescape_cluster_count_resources_passed{} <counter>
+```
+
+###### Overall controls counters
+```
+# Number of controls that failed 
+kubescape_cluster_count_controls_failed{} <counter>
+
+# Number of controls that where excluded 
+kubescape_cluster_count_controls_excluded{} <counter>
+
+# Number of controls that passed
+kubescape_cluster_count_controls_passed{} <counter>
+```
+
+#### Frameworks metrics
+
+##### Frameworks risk score
+```
+kubescape_framework_riskScore{name="<framework name>"} <risk score>
+```
+
+###### Frameworks resources counters
+
+```
+# Number of resources that failed 
+kubescape_framework_count_resources_failed{} <counter>
+
+# Number of resources that where excluded
+kubescape_framework_count_resources_excluded{} <counter>
+
+# Number of resources that passed
+kubescape_framework_count_resources_passed{} <counter>
+``` 
+###### Frameworks controls counters
+
+```
+# Number of controls that failed 
+kubescape_framework_count_controls_failed{name="<framework name>"} <counter>
+
+# Number of controls that where excluded 
+kubescape_framework_count_controls_excluded{name="<framework name>"} <counter>
+
+# Number of controls that passed
+kubescape_framework_count_controls_passed{name="<framework name>"} <counter>
+```
+
+#### Controls metrics
+
+##### Controls risk score
+
+```
+kubescape_control_riskScore{name="<control name>",url="<docs url>",severity="<control severity>"} <risk score>
+```
+
+###### Controls resources counters
+
+```
+# Number of resources that failed 
+kubescape_control_count_resources_failed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
+
+# Number of resources that where excluded
+kubescape_control_count_resources_excluded{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
+
+# Number of resources that passed
+kubescape_control_count_resources_passed{name="<control name>",url="<docs url>",severity="<control severity>"} <counter>
+```
+
+#### Resources metrics
+The resources metrics give you the ability to prioritize fixing the resources by the number of controls that failed 
+
+```
+# Number of controls that failed for this particular resource
+kubescape_resource_count_controls_failed{apiVersion="<>",kind="<>",namespace="<>",name="<>"} <counter>
+
+# Number of controls that where excluded for this particular resource
+kubescape_resource_count_controls_excluded{apiVersion="<>",kind="<>",namespace="<>",name="<>"} <counter>
+```
--- a/httphandler/examples/prometheus/ks-deployment.yaml
+++ b/httphandler/examples/prometheus/ks-deployment.yaml
@@ -0,0 +1,117 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    app: kubescape
+  name: ks-scanner
+---
+# ------------------- Kubescape Service Account ------------------- #
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app: kubescape
+  name: kubescape-discovery
+  namespace: ks-scanner
+---
+# ------------------- Kubescape Cluster Role & Cluster Role Binding ------------------- #
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-clusterroles
+  # "namespace" omitted since ClusterRoles are not namespaced
+rules:
+- apiGroups: ["*"]
+  resources: ["*"]
+  verbs: ["get", "list", "describe"]
+
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: kubescape-discovery-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: kubescape-discovery-clusterroles
+subjects:
+- kind: ServiceAccount
+  name: kubescape-discovery
+  namespace: ks-scanner
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: kubescape-service
+  namespace: ks-scanner
+  labels:
+    app: kubescape-service
+spec:
+  type: NodePort
+  ports:
+    - port: 8080
+      name: http
+      targetPort: 8080
+      protocol: TCP
+  selector:
+    app: kubescape
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: kubescape
+  namespace: ks-scanner
+  labels:
+    app: kubescape
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: kubescape
+  template:
+    metadata:
+      labels:
+        app: kubescape
+    spec:
+      serviceAccountName: kubescape-discovery
+      containers:
+      - name: kubescape
+        livenessProbe:
+          httpGet:
+            path: /livez
+            port: 8080
+          initialDelaySeconds: 3
+          periodSeconds: 3
+        readinessProbe:
+          httpGet:
+            path: /readyz
+            port: 8080
+          initialDelaySeconds: 3
+          periodSeconds: 3
+        image: quay.io/armosec/kubescape:prometheus.v2
+        env:
+        - name: KS_DEFAULT_CONFIGMAP_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: "KS_SKIP_UPDATE_CHECK" # do not check latest version
+          value: "true"
+        - name: KS_ENABLE_HOST_SCANNER # enable host scanner -> https://hub.armo.cloud/docs/host-sensor
+          value: "false"               # TODO - add permissions to rbac 
+        - name: KS_DOWNLOAD_ARTIFACTS  # When set to true the artifacts will be downloaded every scan execution
+          value: "false" 
+        ports:
+        - containerPort: 8080
+          name: http
+          protocol: TCP
+        command:
+        - ksserver
+        resources:
+          requests:
+            cpu: 10m
+            memory: 100Mi
+          limits:
+            cpu: 500m
+            memory: 500Mi
--- a/httphandler/examples/prometheus/podmonitor.yaml
+++ b/httphandler/examples/prometheus/podmonitor.yaml
@@ -0,0 +1,16 @@
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+  name: kubescape
+  namespace: ks-scanner
+  labels:
+    app: kubescape
+spec:
+  selector:
+    matchLabels:
+      app: kubescape
+  podMetricsEndpoints:
+  - port: http
+    # path: v1
+    interval: 120s
+    scrapeTimeout: 100s
--- a/httphandler/go.mod
+++ b/httphandler/go.mod
@@ -6,8 +6,11 @@ replace github.com/armosec/kubescape/core => ../core

 require (
 	github.com/armosec/kubescape/core v0.0.0-00010101000000-000000000000
+	github.com/armosec/opa-utils v0.0.130
+	github.com/armosec/utils-go v0.0.3
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
+	github.com/stretchr/testify v1.7.0
 )

 require (
@@ -22,9 +25,7 @@ require (
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/armosec/armoapi-go v0.0.58 // indirect
 	github.com/armosec/k8s-interface v0.0.68 // indirect
-	github.com/armosec/opa-utils v0.0.116 // indirect
 	github.com/armosec/rbac-utils v0.0.14 // indirect
-	github.com/armosec/utils-go v0.0.3 // indirect
 	github.com/armosec/utils-k8s-go v0.0.3 // indirect
 	github.com/aws/aws-sdk-go v1.41.11 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.12.0 // indirect
@@ -83,10 +84,12 @@ require (
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.0.2 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/pquerna/cachecontrol v0.1.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20200313005456-10cdbea86bc0 // indirect
 	github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	github.com/whilp/git-urls v1.0.0 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
 	github.com/yashtewari/glob-intersection v0.0.0-20180916065949-5c77d914dd0b // indirect
--- a/httphandler/go.sum
+++ b/httphandler/go.sum
@@ -109,8 +109,8 @@ github.com/armosec/k8s-interface v0.0.66/go.mod h1:vwprS8qn/iowd5yf0JHpqDsLA5I8W
 github.com/armosec/k8s-interface v0.0.68 h1:6CtSakISiI47YHkxh+Va9FzZQIBkWa6g9sbiNxq1Zkk=
 github.com/armosec/k8s-interface v0.0.68/go.mod h1:PeWn41C2uenZi+xfZdyFF/zG5wXACA00htQyknDUWDE=
 github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c=
-github.com/armosec/opa-utils v0.0.116 h1:3oWuhcpI+MJD/CktEStU1BA0feGNwsCbQrI3ifVfzMs=
-github.com/armosec/opa-utils v0.0.116/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
+github.com/armosec/opa-utils v0.0.130 h1:uP60M0PzmDtLqvsA/jX8BED9/Ava4n2QG7VCkuI+hwI=
+github.com/armosec/opa-utils v0.0.130/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
 github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40=
 github.com/armosec/rbac-utils v0.0.14 h1:CKYKcgqJEXWF2Hen/B1pVGtS3nDAG1wp9dDv6oNtq90=
 github.com/armosec/rbac-utils v0.0.14/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
@@ -772,6 +772,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri
 github.com/ugorji/go/codec v0.0.0-20181204163529-d75b2dcb6bc8/go.mod h1:VFNgLljTbGfSG7qAOspJ7OScBnGdDN/yBr0sguwnwf0=
 github.com/viant/assertly v0.4.8/go.mod h1:aGifi++jvCrUaklKEKT0BU95igDNaqkvz+49uaYMPRU=
 github.com/viant/toolbox v0.24.0/go.mod h1:OxMCG57V0PXuIP2HNQrtJf2CjqdmbrOx5EkMILuUhzM=
+github.com/whilp/git-urls v1.0.0 h1:95f6UMWN5FKW71ECsXRUd3FVYiXdrE7aX4NZKcPmIjU=
+github.com/whilp/git-urls v1.0.0/go.mod h1:J16SAmobsqc3Qcy98brfl5f5+e0clUvg1krgwk/qCfE=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
 github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
--- a/httphandler/handlerequests/v1/datastructure.go
+++ b/httphandler/handlerequests/v1/datastructure.go
@@ -1,17 +1,23 @@
 package v1

+import (
+	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/opa-utils/reporthandling"
+)
+
 type PostScanRequest struct {
-	Format             string   `json:"format"`             // Format results (table, json, junit ...) - default json
-	ExcludedNamespaces []string `json:"excludedNamespaces"` // used for host scanner namespace
-	IncludeNamespaces  []string `json:"includeNamespaces"`  // DEPRECATED?
-	FailThreshold      float32  `json:"failThreshold"`      // Failure score threshold
-	Submit             bool     `json:"submit"`             // Submit results to Armo BE - default will
-	HostScanner        bool     `json:"hostScanner"`        // Deploy ARMO K8s host scanner to collect data from certain controls
-	KeepLocal          bool     `json:"keepLocal"`          // Do not submit results
-	Account            string   `json:"account"`            // account ID
-	Logger             string   `json:"-"`                  // logger level - debug/info/error - default is debug
-	TargetType         string   `json:"-"`                  // framework/control - default is framework
-	TargetNames        []string `json:"-"`                  // default is all
+	Format             string                                 `json:"format"`             // Format results (table, json, junit ...) - default json
+	Account            string                                 `json:"account"`            // account ID
+	Logger             string                                 `json:"-"`                  // logger level - debug/info/error - default is debug
+	FailThreshold      float32                                `json:"failThreshold"`      // Failure score threshold
+	ExcludedNamespaces []string                               `json:"excludedNamespaces"` // used for host scanner namespace
+	IncludeNamespaces  []string                               `json:"includeNamespaces"`  // DEPRECATED?
+	TargetNames        []string                               `json:"targetNames"`        // default is all
+	TargetType         *reporthandling.NotificationPolicyKind `json:"targetType"`         // framework/control - default is framework
+	Submit             cautils.BoolPtrFlag                    `json:"submit"`             // Submit results to Armo BE - default will
+	HostScanner        cautils.BoolPtrFlag                    `json:"hostScanner"`        // Deploy ARMO K8s host scanner to collect data from certain controls
+	KeepLocal          cautils.BoolPtrFlag                    `json:"keepLocal"`          // Do not submit results
+	UseCachedArtifacts cautils.BoolPtrFlag                    `json:"useCachedArtifacts"` // Use the cached artifacts instead of downloading
 	// UseExceptions      string      // Load file with exceptions configuration
 	// ControlsInputs     string      // Load file with inputs for controls
 	// VerboseMode        bool        // Display all of the input resources and not only failed resources
--- a/httphandler/handlerequests/v1/datastructuremethods.go
+++ b/httphandler/handlerequests/v1/datastructuremethods.go
@@ -4,27 +4,48 @@ import (
 	"strings"

 	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/kubescape/core/cautils/getter"
+	"github.com/armosec/opa-utils/reporthandling"
 )

 func (scanRequest *PostScanRequest) ToScanInfo() *cautils.ScanInfo {
-	scanInfo := cautils.ScanInfo{}
-	scanInfo.Account = scanRequest.Account
-	scanInfo.ExcludedNamespaces = strings.Join(scanRequest.ExcludedNamespaces, ",")
-	scanInfo.IncludeNamespaces = strings.Join(scanRequest.IncludeNamespaces, ",")
-	scanInfo.FailThreshold = scanRequest.FailThreshold // TODO - handle default
+	scanInfo := defaultScanInfo()

-	scanInfo.Format = scanRequest.Format // TODO - handle default
-
-	scanInfo.Local = scanRequest.KeepLocal
-	scanInfo.Submit = scanRequest.Submit
-	scanInfo.HostSensorEnabled.SetBool(scanRequest.HostScanner)
-
-	return &scanInfo
-}
-
-/*
-err := clihandler.ScanCliSetup(&scanInfo)
-		if err != nil {
-			logger.L().Fatal(err.Error())
+	if scanRequest.TargetType != nil && len(scanRequest.TargetNames) > 0 {
+		if *scanRequest.TargetType == reporthandling.KindFramework {
+			scanInfo.FrameworkScan = true
 		}
-*/
+		scanInfo.SetPolicyIdentifiers(scanRequest.TargetNames, *scanRequest.TargetType)
+		scanInfo.ScanAll = false
+	} else {
+		scanInfo.ScanAll = true
+	}
+
+	if scanRequest.Account != "" {
+		scanInfo.Account = scanRequest.Account
+	}
+	if len(scanRequest.ExcludedNamespaces) > 0 {
+		scanInfo.ExcludedNamespaces = strings.Join(scanRequest.ExcludedNamespaces, ",")
+	}
+	if len(scanRequest.IncludeNamespaces) > 0 {
+		scanInfo.IncludeNamespaces = strings.Join(scanRequest.IncludeNamespaces, ",")
+	}
+
+	if scanRequest.Format == "" {
+		scanInfo.Format = scanRequest.Format // TODO - handle default
+	}
+
+	if scanRequest.UseCachedArtifacts.Get() != nil && !*scanRequest.UseCachedArtifacts.Get() {
+		scanInfo.UseArtifactsFrom = getter.DefaultLocalStore // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+	}
+
+	if scanRequest.KeepLocal.Get() != nil {
+		scanInfo.Local = *scanRequest.KeepLocal.Get() // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+	}
+	if scanRequest.Submit.Get() != nil {
+		scanInfo.Submit = *scanRequest.Submit.Get()
+	}
+	scanInfo.HostSensorEnabled = scanRequest.HostScanner
+
+	return scanInfo
+}
--- a/httphandler/handlerequests/v1/prometheus.go
+++ b/httphandler/handlerequests/v1/prometheus.go
@@ -15,45 +15,52 @@ import (
 // Metrics http listener for prometheus support
 func (handler *HTTPHandler) Metrics(w http.ResponseWriter, r *http.Request) {
 	if handler.state.isBusy() { // if already scanning the cluster
-		w.Write([]byte(fmt.Sprintf("scan '%s' in action", handler.state.getID())))
+		message := fmt.Sprintf("scan '%s' in action", handler.state.getID())
+		logger.L().Info("server is busy", helpers.String("message", message), helpers.Time())
 		w.WriteHeader(http.StatusServiceUnavailable)
+		w.Write([]byte(message))
 		return
 	}

 	handler.state.setBusy()
 	defer handler.state.setNotBusy()

-	handler.state.setID(uuid.NewString())
+	scanID := uuid.NewString()
+	handler.state.setID(scanID)

 	// trigger scanning
 	logger.L().Info(handler.state.getID(), helpers.String("action", "triggering scan"), helpers.Time())
 	ks := core.NewKubescape()
-	results, err := ks.Scan(getPrometheusDefaultScanCommand(handler.state.getID()))
+	results, err := ks.Scan(getPrometheusDefaultScanCommand(scanID))
+	if err != nil {
+		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte(fmt.Sprintf("failed to complete scan. reason: %s", err.Error())))
+		return
+	}
+	results.HandleResults()
 	logger.L().Info(handler.state.getID(), helpers.String("action", "done scanning"), helpers.Time())

+	f, err := os.ReadFile(scanID)
+	// res, err := results.ToJson()
 	if err != nil {
-		w.Write([]byte(fmt.Sprintf("failed to complete scan. reason: %s", err.Error())))
-		w.WriteHeader(http.StatusInternalServerError)
-		return
-	}
-	res, err := results.ToJson()
-	if err != nil {
-		w.Write([]byte(fmt.Sprintf("failed to convert scan scan results to json. reason: %s", err.Error())))
 		w.WriteHeader(http.StatusInternalServerError)
+		w.Write([]byte(fmt.Sprintf("failed read results from file. reason: %s", err.Error())))
 		return
 	}
+	os.Remove(scanID)

-	w.Write(res)
 	w.WriteHeader(http.StatusOK)
+	w.Write(f)
 }

 func getPrometheusDefaultScanCommand(scanID string) *cautils.ScanInfo {
-	scanInfo := cautils.ScanInfo{}
+	scanInfo := defaultScanInfo()
 	scanInfo.FrameworkScan = true
-	scanInfo.ScanAll = true                                            // scan all frameworks
-	scanInfo.ReportID = scanID                                         // scan ID
-	scanInfo.HostSensorEnabled.Set(os.Getenv("KS_ENABLE_HOST_SENSOR")) // enable host scanner
-	scanInfo.FailThreshold = 100                                       // Do not fail scanning
-	// scanInfo.Format = "prometheus" 								   // results format
-	return &scanInfo
+	scanInfo.ScanAll = true                                                        // scan all frameworks
+	scanInfo.ScanID = scanID                                                       // scan ID
+	scanInfo.FailThreshold = 100                                                   // Do not fail scanning
+	scanInfo.Output = scanID                                                       // results output
+	scanInfo.Format = envToString("KS_FORMAT", "prometheus")                       // default output should be json
+	scanInfo.HostSensorEnabled.SetBool(envToBool("KS_ENABLE_HOST_SCANNER", false)) // enable host scanner
+	return scanInfo
 }
--- a/httphandler/handlerequests/v1/prometheus_test.go
+++ b/httphandler/handlerequests/v1/prometheus_test.go
@@ -0,0 +1,19 @@
+package v1
+
+import (
+	"testing"
+
+	"github.com/armosec/kubescape/core/cautils/getter"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetPrometheusDefaultScanCommand(t *testing.T) {
+	scanID := "1234"
+	scanInfo := getPrometheusDefaultScanCommand(scanID)
+
+	assert.Equal(t, scanID, scanInfo.ScanID)
+	assert.Equal(t, scanID, scanInfo.Output)
+	assert.Equal(t, "prometheus", scanInfo.Format)
+	// assert.False(t, *scanInfo.HostSensorEnabled.Get())
+	assert.Equal(t, getter.DefaultLocalStore, scanInfo.UseArtifactsFrom)
+}
--- a/httphandler/handlerequests/v1/requestshandler.go
+++ b/httphandler/handlerequests/v1/requestshandler.go
@@ -110,6 +110,7 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 	}()

 	wg.Wait()
+	w.WriteHeader(http.StatusOK)
 	w.Write(response)
 }
 func (handler *HTTPHandler) Results(w http.ResponseWriter, r *http.Request) {
@@ -128,30 +129,33 @@ func (handler *HTTPHandler) Results(w http.ResponseWriter, r *http.Request) {
 	if scanID = r.URL.Query().Get("scanID"); scanID == "" {
 		scanID = handler.state.getLatestID()
 	}
-	logger.L().Info("requesting results", helpers.String("ID", scanID))

 	if handler.state.isBusy() { // if requested ID is still scanning
 		if scanID == handler.state.getID() {
 			logger.L().Info("scan in process", helpers.String("ID", scanID))
-			w.Write([]byte(handler.state.getID()))
 			w.WriteHeader(http.StatusOK) // Should we return ok?
+			w.Write([]byte(handler.state.getID()))
 			return
 		}
 	}

 	switch r.Method {
 	case http.MethodGet:
+		logger.L().Info("requesting results", helpers.String("ID", scanID))
+
 		if r.URL.Query().Has("remove") {
 			defer removeResultsFile(scanID)
 		}
 		if res, err := readResultsFile(scanID); err != nil {
-			w.Write([]byte(err.Error()))
 			w.WriteHeader(http.StatusNoContent)
+			w.Write([]byte(err.Error()))
 		} else {
-			w.Write(res)
 			w.WriteHeader(http.StatusOK)
+			w.Write(res)
 		}
 	case http.MethodDelete:
+		logger.L().Info("deleting results", helpers.String("ID", scanID))
+
 		if r.URL.Query().Has("all") {
 			removeResultDirs()
 		} else {
--- a/httphandler/handlerequests/v1/requestshandlerutils.go
+++ b/httphandler/handlerequests/v1/requestshandlerutils.go
@@ -5,12 +5,16 @@ import (
 	"os"
 	"path/filepath"

+	pkgcautils "github.com/armosec/utils-go/utils"
+
 	"github.com/armosec/kubescape/core/cautils"
+	"github.com/armosec/kubescape/core/cautils/getter"
 	"github.com/armosec/kubescape/core/core"
 )

 func scan(scanRequest *PostScanRequest, scanID string) ([]byte, error) {
 	scanInfo := getScanCommand(scanRequest, scanID)
+
 	ks := core.NewKubescape()
 	result, err := ks.Scan(scanInfo)
 	if err != nil {
@@ -34,7 +38,7 @@ func readResultsFile(fileID string) ([]byte, error) {
 	if fileName := searchFile(fileID); fileName != "" {
 		return os.ReadFile(fileName)
 	}
-	return nil, fmt.Errorf("file not found")
+	return nil, fmt.Errorf("file %s not found", fileID)
 }

 func removeResultDirs() {
@@ -59,7 +63,7 @@ func searchFile(fileID string) string {

 func findFile(targetDir string, fileName string) (string, error) {

-	matches, err := filepath.Glob(targetDir + fileName)
+	matches, err := filepath.Glob(filepath.Join(targetDir, fileName))
 	if err != nil {
 		return "", err
 	}
@@ -73,13 +77,7 @@ func findFile(targetDir string, fileName string) (string, error) {
 func getScanCommand(scanRequest *PostScanRequest, scanID string) *cautils.ScanInfo {

 	scanInfo := scanRequest.ToScanInfo()
-	scanInfo.ReportID = scanID
-
-	// *** start ***
-	// TODO - support frameworks/controls and support scanning single frameworks/controls
-	scanInfo.FrameworkScan = true
-	scanInfo.ScanAll = true
-	// *** end ***
+	scanInfo.ScanID = scanID

 	// *** start ***
 	// Set default format
@@ -94,7 +92,36 @@ func getScanCommand(scanRequest *PostScanRequest, scanID string) *cautils.ScanIn
 	scanInfo.Output = filepath.Join(OutputDir, scanID)
 	// *** end ***

-	scanInfo.Init()
-
 	return scanInfo
 }
+
+func defaultScanInfo() *cautils.ScanInfo {
+	scanInfo := &cautils.ScanInfo{}
+	scanInfo.FailThreshold = 100
+	scanInfo.Account = envToString("KS_ACCOUNT", "")                              // publish results to Kubescape SaaS
+	scanInfo.ExcludedNamespaces = envToString("KS_EXCLUDE_NAMESPACES", "")        // namespace to exclude
+	scanInfo.IncludeNamespaces = envToString("KS_INCLUDE_NAMESPACES", "")         // namespace to include
+	scanInfo.FormatVersion = envToString("KS_FORMAT_VERSION", "v2")               // output format version
+	scanInfo.Format = envToString("KS_FORMAT", "json")                            // default output should be json
+	scanInfo.Submit = envToBool("KS_SUBMIT", false)                               // publish results to Kubescape SaaS
+	scanInfo.HostSensorEnabled.SetBool(envToBool("KS_ENABLE_HOST_SCANNER", true)) // enable host scanner
+	scanInfo.Local = envToBool("KS_KEEP_LOCAL", false)                            // do not publish results to Kubescape SaaS
+	if !envToBool("KS_DOWNLOAD_ARTIFACTS", false) {
+		scanInfo.UseArtifactsFrom = getter.DefaultLocalStore // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+	}
+	return scanInfo
+}
+
+func envToBool(env string, defaultValue bool) bool {
+	if d, ok := os.LookupEnv(env); ok {
+		return pkgcautils.StringToBool(d)
+	}
+	return defaultValue
+}
+
+func envToString(env string, defaultValue string) string {
+	if d, ok := os.LookupEnv(env); ok {
+		return d
+	}
+	return defaultValue
+}
--- a/httphandler/listener/setup.go
+++ b/httphandler/listener/setup.go
@@ -6,8 +6,10 @@ import (
 	"net/http"
 	"os"

+	"github.com/armosec/kubescape/core/cautils"
 	"github.com/armosec/kubescape/core/cautils/logger"
 	"github.com/armosec/kubescape/core/cautils/logger/helpers"
+	"github.com/armosec/kubescape/core/cautils/logger/zaplogger"
 	handlerequestsv1 "github.com/armosec/kubescape/httphandler/handlerequests/v1"
 	"github.com/gorilla/mux"
 )
@@ -15,13 +17,15 @@ import (
 const (
 	scanPath              = "/v1/scan"
 	resultsPath           = "/v1/results"
-	prometheusMmeticsPath = "/v1/metrics"
+	prometheusMmeticsPath = "/metrics"
 	livePath              = "/livez"
 	readyPath             = "/readyz"
 )

 // SetupHTTPListener set up listening http servers
 func SetupHTTPListener() error {
+	logger.InitLogger(zaplogger.LoggerName)
+
 	keyPair, err := loadTLSKey("", "") // TODO - support key and crt files
 	if err != nil {
 		return err
@@ -47,7 +51,7 @@ func SetupHTTPListener() error {

 	server.Handler = rtr

-	logger.L().Info("Started Kubescape server", helpers.String("port", getPort()))
+	logger.L().Info("Started Kubescape server", helpers.String("port", getPort()), helpers.String("version", cautils.BuildNumber))
 	server.ListenAndServe()
 	if keyPair != nil {
 		return server.ListenAndServeTLS("", "")
--- a/install.sh
+++ b/install.sh
@@ -54,6 +54,6 @@ echo -e "\033[0m"
 $KUBESCAPE_EXEC version
 echo

-echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan --submit --enable-host-scan"
+echo -e "\033[35mUsage: $ $KUBESCAPE_EXEC scan --submit --enable-host-scan  --verbose"

 echo -e "\033[0m"
Author	SHA1	Message	Date
David Wertenteil	2a7c20ea94	report format version	2022-04-07 11:59:19 +03:00
David Wertenteil	bde0dc9a17	convert score to int	2022-04-07 11:00:39 +03:00
David Wertenteil	7d7336ae01	support only one input	2022-04-07 09:53:44 +03:00
David Wertenteil	e5e608324d	send file meta	2022-04-06 16:11:57 +03:00
David Wertenteil	569c1444f7	Merge remote-tracking branch 'armosec/dev'	2022-04-06 09:45:32 +03:00
dwertent	dc5ef28324	update output	2022-04-06 09:29:28 +03:00
David Wertenteil	aea6c0eab8	Merge pull request #477 from Daniel-GrunbergerCA/master Fix error msg for cloud	2022-04-06 09:23:12 +03:00
DanielGrunbergerCA	c80a15d0cf	Merge remote-tracking branch 'upstream/dev'	2022-04-05 17:19:11 +03:00
DanielGrunbergerCA	1ddd57aa1d	fix error msg for cloud	2022-04-05 17:18:50 +03:00
David Wertenteil	55adb0da6b	Merge pull request #474 from Daniel-GrunbergerCA/master Fix posture control inputs for yaml scan	2022-04-05 16:28:39 +03:00
DanielGrunbergerCA	a716289cc8	go mod	2022-04-05 14:10:11 +03:00
DanielGrunbergerCA	093d71fff4	exit status 1	2022-04-05 14:05:31 +03:00
DanielGrunbergerCA	4fe40e348d	Merge branch 'master' of github.com:Daniel-GrunbergerCA/kubescape	2022-04-05 13:40:41 +03:00
DanielGrunbergerCA	29a67b806d	Merge remote-tracking branch 'upstream/dev'	2022-04-05 13:39:39 +03:00
DanielGrunbergerCA	0169f42747	Merge remote-tracking branch 'upstream/master'	2022-04-05 13:39:28 +03:00
David Wertenteil	92e100c497	Merge branch 'dev' into master	2022-04-04 13:39:17 +03:00
DanielGrunbergerCA	536fe970f7	fix go mod	2022-04-04 12:31:45 +03:00
DanielGrunbergerCA	85526b06b6	fix control input for yaml scan	2022-04-04 12:27:30 +03:00
dwertent	d9b6c048d5	Merge remote-tracking branch 'armosec/dev'	2022-04-04 12:14:45 +03:00
David Wertenteil	7e46a6529a	Merge pull request #473 from Lucifergene/dev Added Severity Column with colored text	2022-04-04 12:14:35 +03:00
dwertent	2dc5fd80da	Merge remote-tracking branch 'armosec/dev'	2022-04-04 12:14:13 +03:00
dwertent	e89cc8ca24	register usesrs download from BE	2022-04-04 12:13:35 +03:00
dwertent	d39aeb0691	update metrics	2022-04-04 11:32:56 +03:00
Lucifergene	da9d98134a	Added Severity Column with colored text	2022-04-04 03:46:05 +05:30
David Wertenteil	9992a9a0e4	Merge pull request #472 from falconcode16/master Improved grammatical mistakes and typos	2022-04-03 10:03:15 +03:00
Rohit Patil	adc8a16e85	Improved grammatical mistakes and typos	2022-04-03 10:40:56 +05:30
dwertent	58b833c18a	support yaml scan submit	2022-03-28 09:40:11 +03:00
Rotem Refael	cb424eab00	Merge pull request #461 from armosec/dev Microservice support	2022-03-27 17:20:35 +03:00
Rotem Refael	9f2e18c3ee	Merge pull request #466 from dwertent/master udpate armo api types	2022-03-27 17:09:52 +03:00
dwertent	b44a73aea5	udpate armo api types	2022-03-27 17:07:17 +03:00
Rotem Refael	9c5759286f	Merge pull request #465 from dwertent/master Update url support	2022-03-27 16:29:01 +03:00
dwertent	74dc714736	use scan ID	2022-03-27 15:51:29 +03:00
dwertent	83751e22cc	fixed report sending	2022-03-27 15:37:11 +03:00
dwertent	db5fdd75c4	inserting scan source	2022-03-25 16:08:07 +03:00
dwertent	4be2104d4b	adding githubusercontent tests	2022-03-24 12:37:00 +02:00
dwertent	b6bab7618f	loading github token from env	2022-03-24 12:15:54 +02:00
dwertent	3e1fda6f3b	fixed test	2022-03-24 11:12:28 +02:00
dwertent	8487a031ee	fixed url scanning	2022-03-24 09:45:35 +02:00
David Wertenteil	efbb123fce	Merge pull request #464 from dwertent/master update error display	2022-03-23 09:27:58 +02:00
dwertent	5a335d4f1c	update error display	2022-03-23 09:05:36 +02:00
dwertent	5770a823d6	update readme	2022-03-23 08:47:24 +02:00
Rotem Refael	52d7be9108	Add kubescape covarage	2022-03-22 17:42:20 +02:00
David Wertenteil	9512b9c6c4	Merge pull request #463 from Daniel-GrunbergerCA/dev fix json printer	2022-03-22 09:14:59 +02:00
DanielGrunbergerCA	da9ab642ec	rm list initializtion	2022-03-22 09:07:55 +02:00
DanielGrunbergerCA	718ca1c7ab	fix json printer	2022-03-22 08:55:36 +02:00
DanielGrunbergerCA	ee3742c5a0	update opa-utils version	2022-03-21 15:36:17 +02:00
DanielGrunbergerCA	7eef843a7a	fix resources in report	2022-03-21 15:11:26 +02:00
David Wertenteil	b4a8b06f07	Merge pull request #462 from dwertent/master update get context	2022-03-21 09:09:12 +02:00
dwertent	4e13609985	update get context	2022-03-21 09:08:01 +02:00
David Wertenteil	2e5e4328f6	Merge pull request #460 from dwertent/master update readme	2022-03-20 11:30:37 +02:00
dwertent	d98a11a8fa	udpate badges	2022-03-20 11:28:56 +02:00
dwertent	bdb25cbb66	adding vs code to readme	2022-03-20 11:08:48 +02:00
David Wertenteil	369804cb6e	Merge pull request #459 from shm12/dev send scan metadata	2022-03-20 10:45:19 +02:00
shm12	1b08a92095	send scan metadata	2022-03-20 10:05:40 +02:00
David Wertenteil	e787454d53	Merge pull request #458 from dwertent/master fixed json output	2022-03-16 16:58:54 +02:00
dwertent	31d1ba663a	json output	2022-03-16 16:58:05 +02:00
David Wertenteil	c3731d8ff6	Merge pull request #457 from dwertent/master support frameworks from http request	2022-03-16 16:37:40 +02:00
dwertent	c5b46beb1a	support frameworks from http request	2022-03-16 16:33:03 +02:00
dwertent	c5ca576c98	Merge remote-tracking branch 'armosec/dev'	2022-03-16 15:27:10 +02:00
dwertent	eae6458b42	fixed cmd init	2022-03-16 15:26:59 +02:00
David Wertenteil	aa1aa913b6	Merge pull request #456 from Daniel-GrunbergerCA/dev Support status information	2022-03-16 15:17:49 +02:00
DanielGrunbergerCA	44084592cb	fixes	2022-03-16 14:16:48 +02:00
DanielGrunbergerCA	6cacfb7b16	refactor	2022-03-16 12:22:21 +02:00
DanielGrunbergerCA	6372ce5647	Merge branch 'dev'	2022-03-16 12:13:16 +02:00
DanielGrunbergerCA	306d3a7081	fix table display	2022-03-16 12:12:39 +02:00
DanielGrunbergerCA	442530061f	rm space	2022-03-16 12:09:53 +02:00
DanielGrunbergerCA	961a6f6ebc	Merge remote-tracking branch 'upstream/dev' into dev	2022-03-16 12:08:38 +02:00
DanielGrunbergerCA	0d0c8e1b97	support status info	2022-03-16 12:08:04 +02:00
David Wertenteil	5b843ba2c4	Merge pull request #455 from dwertent/master update prometheus format	2022-03-16 09:32:23 +02:00
dwertent	8f9b46cdbe	update prometheus format	2022-03-16 09:25:45 +02:00
David Wertenteil	e16885a044	Merge pull request #452 from dwertent/master update dockerfile and scan triggering	2022-03-15 22:12:31 +02:00
dwertent	06a2fa05be	add ks user to dockerfile	2022-03-15 22:10:27 +02:00
dwertent	d26f90b98e	update Prometheus yaml	2022-03-15 18:40:42 +02:00
David Wertenteil	b47c128eb3	Merge pull request #451 from dwertent/master update prometheus format	2022-03-15 17:12:07 +02:00
dwertent	9d957b3c77	update output	2022-03-15 17:04:59 +02:00
dwertent	8ec5615569	junit format	2022-03-15 16:50:39 +02:00
David Wertenteil	fae73b827a	Merge pull request #450 from dwertent/master build each pkg	2022-03-14 19:27:47 +02:00
dwertent	6477437872	update readme	2022-03-14 19:14:31 +02:00
dwertent	6099f46dea	adding docker build	2022-03-14 18:34:34 +02:00
Rotem Refael	5009e6ef47	change gif	2022-03-14 11:33:56 +02:00
Rotem Refael	c4450d3259	add web & CLI Interfaces	2022-03-14 11:27:57 +02:00
Rotem Refael	0c3339f1c9	update gif	2022-03-14 10:28:32 +02:00
Rotem Refael	faee3d5ad6	Add new video to readme	2022-03-14 10:14:55 +02:00
David Wertenteil	a279963b28	Merge pull request #449 from dwertent/master split to packages	2022-03-13 19:37:02 +02:00
David Wertenteil	353a39d66a	Merge pull request #448 from dwertent/master microservice support	2022-03-10 17:17:35 +02:00
Rotem Refael	9733178228	Merge pull request #428 from armosec/dev Release	2022-03-06 11:51:59 +02:00