update docker user name

build/Dockerfile

@@ -31,14 +31,15 @@ RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts
 
 FROM alpine
 
-RUN addgroup -S ks && adduser -S ks -G ks
-USER ks
-WORKDIR /home/ks/
+RUN addgroup -S armo && adduser -S armo -G armo
+USER armo
+WORKDIR /home/armo
 
 COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver
 COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape
 
-RUN mkdir /home/ks/.kubescape && chmod 777 -R /home/ks/.kubescape 
+RUN mkdir /home/armo/.kubescape 
 COPY --from=builder /work/artifacts/ /home/ks/.kubescape
+RUN chmod 777 -R /home/armo/.kubescape
 
 ENTRYPOINT ["ksserver"]

cmd/scan/control.go

@@ -6,6 +6,8 @@ import (
 	"os"
 	"strings"
 
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
@@ -64,7 +66,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			} else { // expected control or list of control sepparated by ","
 
 				// Read controls from input args
-				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), reporthandling.KindControl)
+				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), apisv1.KindControl)
 
 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {

cmd/scan/framework.go

@@ -6,11 +6,12 @@ import (
 	"os"
 	"strings"
 
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/armosec/kubescape/v2/core/meta"
-	"github.com/armosec/opa-utils/reporthandling"
 	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )
@@ -95,7 +96,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 			}
 			scanInfo.FrameworkScan = true
 
-			scanInfo.SetPolicyIdentifiers(frameworks, reporthandling.KindFramework)
+			scanInfo.SetPolicyIdentifiers(frameworks, apisv1.KindFramework)
 
 			results, err := ks.Scan(scanInfo)
 			if err != nil {

core/cautils/datastructuresmethods.go

@@ -1,10 +1,10 @@
 package cautils
 
 import (
-	pkgcautils "github.com/armosec/utils-go/utils"
 	"golang.org/x/mod/semver"
 
 	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/armosec/utils-go/boolutils"
 )
 
 func NewPolicies() *Policies {
@@ -40,7 +40,7 @@ func ruleWithArmoOpaDependency(attributes map[string]interface{}) bool {
 		return false
 	}
 	if s, ok := attributes["armoOpa"]; ok { // TODO - make global
-		return pkgcautils.StringToBool(s.(string))
+		return boolutils.StringToBool(s.(string))
 	}
 	return false
 }

core/cautils/fileutils.go

@@ -15,8 +15,8 @@ import (
 )
 
 var (
-	YAML_PREFIX = []string{".yaml", ".yml"}
-	JSON_PREFIX = []string{".json"}
+	YAML_PREFIX = []string{"yaml", "yml"}
+	JSON_PREFIX = []string{"json"}
 )
 
 type FileFormat string
@@ -78,7 +78,6 @@ func ReadFile(fileContent []byte, fileFromat FileFormat) ([]workloadinterface.IM
 	default:
 		return nil, nil // []error{fmt.Errorf("file extension %s not supported", fileFromat)}
 	}
-
 }
 
 func listFiles(patterns []string) ([]string, []error) {
@@ -178,11 +177,11 @@ func convertYamlToJson(i interface{}) interface{} {
 }
 
 func IsYaml(filePath string) bool {
-	return StringInSlice(YAML_PREFIX, filepath.Ext(filePath)) != ValueNotFound
+	return StringInSlice(YAML_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
 }
 
 func IsJson(filePath string) bool {
-	return StringInSlice(JSON_PREFIX, filepath.Ext(filePath)) != ValueNotFound
+	return StringInSlice(JSON_PREFIX, strings.ReplaceAll(filepath.Ext(filePath), ".", "")) != ValueNotFound
 }
 
 func glob(root, pattern string) ([]string, error) {

core/cautils/scaninfo.go

@@ -8,6 +8,9 @@ import (
 	"path/filepath"
 	"strings"
 
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
+	giturl "github.com/armosec/go-git-url"
 	"github.com/armosec/k8s-interface/k8sinterface"
 	"github.com/armosec/kubescape/v2/core/cautils/getter"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
@@ -28,6 +31,10 @@ type BoolPtrFlag struct {
 	valPtr *bool
 }
 
+func NewBoolPtr(b *bool) BoolPtrFlag {
+	return BoolPtrFlag{valPtr: b}
+}
+
 func (bpf *BoolPtrFlag) Type() string {
 	return "bool"
 }
@@ -175,11 +182,11 @@ func (scanInfo *ScanInfo) GetScanningEnvironment() string {
 	return ScanCluster
 }
 
-func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind reporthandling.NotificationPolicyKind) {
+func (scanInfo *ScanInfo) SetPolicyIdentifiers(policies []string, kind apisv1.NotificationPolicyKind) {
 	for _, policy := range policies {
 		if !scanInfo.contains(policy) {
 			newPolicy := reporthandling.PolicyIdentifier{}
-			newPolicy.Kind = kind // reporthandling.KindFramework
+			newPolicy.Kind = reporthandling.NotificationPolicyKind(kind) // reporthandling.KindFramework
 			newPolicy.Name = policy
 			scanInfo.PolicyIdentifier = append(scanInfo.PolicyIdentifier, newPolicy)
 		}
@@ -240,7 +247,7 @@ func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata {
 }
 
 func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) {
-	// if cluster
+	//  cluster
 	if input == "" {
 		contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{
 			ContextName: k8sinterface.GetContextName(),
@@ -248,8 +255,16 @@ func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input
 		return
 	}
 
-	// if url
-	if strings.HasPrefix(input, "http") { // TODO - check if can parse
+	// url
+	if gitParser, err := giturl.NewGitURL(input); err == nil {
+		if gitParser.GetBranch() == "" {
+			gitParser.SetDefaultBranch()
+		}
+		contextMetadata.RepoContextMetadata = &reporthandlingv2.RepoContextMetadata{
+			Repo:   gitParser.GetRepo(),
+			Owner:  gitParser.GetOwner(),
+			Branch: gitParser.GetBranch(),
+		}
 		return
 	}
 
@@ -259,7 +274,7 @@ func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input
 		}
 	}
 
-	// if single file
+	//  single file
 	if IsFile(input) {
 		contextMetadata.FileContextMetadata = &reporthandlingv2.FileContextMetadata{
 			FilePath: input,
@@ -268,7 +283,7 @@ func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input
 		return
 	}
 
-	// if dir/glob
+	//  dir/glob
 	if !IsFile(input) {
 		contextMetadata.DirectoryContextMetadata = &reporthandlingv2.DirectoryContextMetadata{
 			BasePath: input,

core/cautils/scaninfo_test.go

@@ -7,16 +7,6 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-// func TestSetInputPatterns(t *testing.T) { //Unitest
-// 	{
-// 		scanInfo := ScanInfo{
-// 			InputPatterns: []string{"file"},
-// 		}
-// 		scanInfo.setInputPatterns()
-// 		assert.Equal(t, "file", scanInfo.InputPatterns[0])
-// 	}
-// }
-
 func TestSetContextMetadata(t *testing.T) {
 	{
 		ctx := reporthandlingv2.ContextMetadata{}
@@ -37,6 +27,10 @@ func TestSetContextMetadata(t *testing.T) {
 		assert.Nil(t, ctx.FileContextMetadata)
 		assert.Nil(t, ctx.HelmContextMetadata)
 		assert.Nil(t, ctx.RepoContextMetadata)
+
+		hostName := getHostname()
+		assert.Contains(t, ctx.DirectoryContextMetadata.BasePath, "file")
+		assert.Equal(t, hostName, ctx.DirectoryContextMetadata.HostName)
 	}
 	{
 		ctx := reporthandlingv2.ContextMetadata{}
@@ -47,6 +41,10 @@ func TestSetContextMetadata(t *testing.T) {
 		assert.NotNil(t, ctx.FileContextMetadata)
 		assert.Nil(t, ctx.HelmContextMetadata)
 		assert.Nil(t, ctx.RepoContextMetadata)
+
+		hostName := getHostname()
+		assert.Contains(t, ctx.FileContextMetadata.FilePath, "scaninfo_test.go")
+		assert.Equal(t, hostName, ctx.FileContextMetadata.HostName)
 	}
 	{
 		ctx := reporthandlingv2.ContextMetadata{}
@@ -56,7 +54,11 @@ func TestSetContextMetadata(t *testing.T) {
 		assert.Nil(t, ctx.DirectoryContextMetadata)
 		assert.Nil(t, ctx.FileContextMetadata)
 		assert.Nil(t, ctx.HelmContextMetadata)
-		assert.Nil(t, ctx.RepoContextMetadata) // TODO
+		assert.NotNil(t, ctx.RepoContextMetadata)
+
+		assert.Equal(t, "kubescape", ctx.RepoContextMetadata.Repo)
+		assert.Equal(t, "armosec", ctx.RepoContextMetadata.Owner)
+		assert.Equal(t, "master", ctx.RepoContextMetadata.Branch)
 	}
 }
 

core/cautils/versioncheck.go

@@ -9,7 +9,7 @@ import (
 	"github.com/armosec/kubescape/v2/core/cautils/getter"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
-	pkgutils "github.com/armosec/utils-go/utils"
+	"github.com/armosec/utils-go/boolutils"
 	"golang.org/x/mod/semver"
 )
 
@@ -28,9 +28,9 @@ func NewIVersionCheckHandler() IVersionCheckHandler {
 	if BuildNumber == "" {
 		logger.L().Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
 	}
-	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && pkgutils.StringToBool(v) {
+	if v, ok := os.LookupEnv(SKIP_VERSION_CHECK); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
-	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && pkgutils.StringToBool(v) {
+	} else if v, ok := os.LookupEnv(SKIP_VERSION_CHECK_DEPRECATED); ok && boolutils.StringToBool(v) {
 		return NewVersionCheckHandlerMock()
 	}
 	return NewVersionCheckHandler()

core/core/scan.go

@@ -3,6 +3,8 @@ package core
 import (
 	"fmt"
 
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/armosec/k8s-interface/k8sinterface"
 
@@ -130,7 +132,7 @@ func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsH
 
 	// TODO - list supported frameworks/controls
 	if scanInfo.ScanAll {
-		scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), reporthandling.KindFramework)
+		scanInfo.SetPolicyIdentifiers(listFrameworksNames(scanInfo.Getters.PolicyGetter), apisv1.KindFramework)
 	}
 
 	// remove host scanner components

core/pkg/resourcehandler/k8sresourcesutils.go

@@ -50,19 +50,6 @@ func setArmoResourceMap(frameworks []reporthandling.Framework, resourceToControl
 	return &armoResources
 }
 
-func convertComplexResourceMap(frameworks []reporthandling.Framework) map[string]map[string]map[string]interface{} {
-	k8sResources := make(map[string]map[string]map[string]interface{})
-	for _, framework := range frameworks {
-		for _, control := range framework.Controls {
-			for _, rule := range control.Rules {
-				for _, match := range rule.Match {
-					insertResources(k8sResources, match)
-				}
-			}
-		}
-	}
-	return k8sResources
-}
 func setComplexK8sResourceMap(frameworks []reporthandling.Framework) map[string]map[string]map[string]interface{} {
 	k8sResources := make(map[string]map[string]map[string]interface{})
 	for _, framework := range frameworks {

core/pkg/resourcehandler/urlloader.go

@@ -1,82 +1,48 @@
 package resourcehandler
 
 import (
-	"bytes"
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-
+	giturl "github.com/armosec/go-git-url"
 	"github.com/armosec/k8s-interface/workloadinterface"
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 )
 
 func loadResourcesFromUrl(inputPatterns []string) (map[string][]workloadinterface.IMetadata, error) {
-	urls := listUrls(inputPatterns)
-	if len(urls) == 0 {
+	if len(inputPatterns) == 0 {
+		return nil, nil
+	}
+	g, err := giturl.NewGitURL(inputPatterns[0])
+	if err != nil {
 		return nil, nil
 	}
 
-	workloads, errs := downloadFiles(urls)
+	files, errs := g.DownloadFilesWithExtension(append(cautils.YAML_PREFIX, cautils.JSON_PREFIX...))
 	if len(errs) > 0 {
-		logger.L().Error(fmt.Sprintf("%v", errs))
-	}
-	return workloads, nil
-}
-
-func listUrls(patterns []string) []string {
-	urls := []string{}
-	for i := range patterns {
-		if strings.HasPrefix(patterns[i], "http") {
-			if yamls, err := ScanRepository(patterns[i], ""); err == nil { // TODO - support branch
-				urls = append(urls, yamls...)
-			} else {
-				logger.L().Error(err.Error())
-			}
+		for i, j := range errs {
+			logger.L().Error(i, helpers.Error(j))
 		}
 	}
 
-	return urls
-}
+	if len(files) == 0 {
+		return nil, nil
+	}
 
-func downloadFiles(urls []string) (map[string][]workloadinterface.IMetadata, []error) {
+	// convert files to IMetadata
 	workloads := make(map[string][]workloadinterface.IMetadata, 0)
-	errs := []error{}
-	for i := range urls {
-		f, err := downloadFile(urls[i])
-		if err != nil {
-			errs = append(errs, err)
+
+	for i, j := range files {
+		w, e := cautils.ReadFile(j, cautils.GetFileFormat(i))
+		if len(e) != 0 || len(w) == 0 {
 			continue
 		}
-		w, e := cautils.ReadFile(f, cautils.GetFileFormat(urls[i]))
-		errs = append(errs, e...)
-		if w != nil {
-			if _, ok := workloads[urls[i]]; !ok {
-				workloads[urls[i]] = make([]workloadinterface.IMetadata, 0)
-			}
-			wSlice := workloads[urls[i]]
-			wSlice = append(wSlice, w...)
-			workloads[urls[i]] = wSlice
+		if _, ok := workloads[i]; !ok {
+			workloads[i] = make([]workloadinterface.IMetadata, 0)
 		}
+		wSlice := workloads[i]
+		wSlice = append(wSlice, w...)
+		workloads[i] = wSlice
 	}
-	return workloads, errs
-}
 
-func downloadFile(url string) ([]byte, error) {
-	resp, err := http.Get(url)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	if resp.StatusCode < 200 || 301 < resp.StatusCode {
-		return nil, fmt.Errorf("failed to download file, url: '%s', status code: %s", url, resp.Status)
-	}
-	return streamToByte(resp.Body), nil
-}
-
-func streamToByte(stream io.Reader) []byte {
-	buf := new(bytes.Buffer)
-	buf.ReadFrom(stream)
-	return buf.Bytes()
+	return workloads, nil
 }

go.mod

@@ -3,12 +3,13 @@ module github.com/armosec/kubescape/v2
 go 1.17
 
 require (
-	github.com/armosec/armoapi-go v0.0.66
-	github.com/armosec/k8s-interface v0.0.69
-	github.com/armosec/opa-utils v0.0.130
+	github.com/armosec/armoapi-go v0.0.67
+	github.com/armosec/go-git-url v0.0.4
+	github.com/armosec/k8s-interface v0.0.70
+	github.com/armosec/opa-utils v0.0.135
 	github.com/armosec/rbac-utils v0.0.14
-	github.com/armosec/utils-go v0.0.3
-	github.com/armosec/utils-k8s-go v0.0.5
+	github.com/armosec/utils-go v0.0.5
+	github.com/armosec/utils-k8s-go v0.0.6
 	github.com/briandowns/spinner v1.18.1
 	github.com/enescakir/emoji v1.0.0
 	github.com/fatih/color v1.13.0

go.sum

@@ -113,26 +113,28 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armosec/armoapi-go v0.0.2/go.mod h1:vIK17yoKbJRQyZXWWLe3AqfqCRITxW8qmSkApyq5xFs=
 github.com/armosec/armoapi-go v0.0.23/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
-github.com/armosec/armoapi-go v0.0.58/go.mod h1:U/Axd+D5N00x9Ekr7t+5HXqLCMO+98NfJSVAggqJftI=
-github.com/armosec/armoapi-go v0.0.66 h1:SEm4nTwtexlMqYQr7sj3rWIrDYZj3BQ76FvKLA8hiLo=
-github.com/armosec/armoapi-go v0.0.66/go.mod h1:U/Axd+D5N00x9Ekr7t+5HXqLCMO+98NfJSVAggqJftI=
+github.com/armosec/armoapi-go v0.0.67 h1:XHm3nasLjzQBQJVQKVCA9MpFVQsqyl6JnN4lx2IVHpU=
+github.com/armosec/armoapi-go v0.0.67/go.mod h1:/9SQAgtLbYkfFneRRm/zkIn3zz+4Y2xv6N3vtFcyF8s=
+github.com/armosec/go-git-url v0.0.4 h1:emG9Yfl53rHpuX41fXLD92ehzhRoNSSnGT6Pr7ogWMY=
+github.com/armosec/go-git-url v0.0.4/go.mod h1:PJqdEyJyFxTQvawBcyOM0Ies6+uezire5gpwfr1XX5M=
 github.com/armosec/k8s-interface v0.0.8/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM=
 github.com/armosec/k8s-interface v0.0.37/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
-github.com/armosec/k8s-interface v0.0.66/go.mod h1:vwprS8qn/iowd5yf0JHpqDsLA5I8W2muqX9AxKhkb0Q=
-github.com/armosec/k8s-interface v0.0.69 h1:rpZElGJjt9xlYrBc5IGKECybf7mZeu+rMEVEQyJOmbg=
-github.com/armosec/k8s-interface v0.0.69/go.mod h1:MmpOS7RselE+tZgojx5PcBXVbKjWBfHHd/hZ2tWXBdQ=
+github.com/armosec/k8s-interface v0.0.70 h1:NU3UIaNl7H3hsRecwggiaQbZXTwXtOKg3GOBjq6/XJw=
+github.com/armosec/k8s-interface v0.0.70/go.mod h1:8NX4xWXh8mwW7QyZdZea1czNdM2azCK9BbUNmiZYXW0=
 github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c=
-github.com/armosec/opa-utils v0.0.130 h1:uP60M0PzmDtLqvsA/jX8BED9/Ava4n2QG7VCkuI+hwI=
-github.com/armosec/opa-utils v0.0.130/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
+github.com/armosec/opa-utils v0.0.135 h1:7JMHGKMD13XWwwd4g11tw6T9C4BRPifDiqdeDJEz638=
+github.com/armosec/opa-utils v0.0.135/go.mod h1:mCFQzz4E227f7V2jQVQ9XCivkNNK3UWCTaZ0HE5rBWk=
 github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40=
 github.com/armosec/rbac-utils v0.0.14 h1:CKYKcgqJEXWF2Hen/B1pVGtS3nDAG1wp9dDv6oNtq90=
 github.com/armosec/rbac-utils v0.0.14/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
 github.com/armosec/utils-go v0.0.2/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
-github.com/armosec/utils-go v0.0.3 h1:uyQI676yRciQM0sSN9uPoqHkbspTxHO0kmzXhBeE/xU=
 github.com/armosec/utils-go v0.0.3/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
+github.com/armosec/utils-go v0.0.4/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
+github.com/armosec/utils-go v0.0.5 h1:+pfZirWrOvfqvVYlL7OG1wMQD4T4YMwC78zzosB+mlQ=
+github.com/armosec/utils-go v0.0.5/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
 github.com/armosec/utils-k8s-go v0.0.1/go.mod h1:qrU4pmY2iZsOb39Eltpm0sTTNM3E4pmeyWx4dgDUC2U=
-github.com/armosec/utils-k8s-go v0.0.5 h1:zlw6lidAVbUs4cxlm30BOhxKWA/iuVUZTgZMhDC2wtQ=
-github.com/armosec/utils-k8s-go v0.0.5/go.mod h1:n6V42HYZZBDzMZMiAgUHROZcp4/Wz+wrBm+L6/m6Sdg=
+github.com/armosec/utils-k8s-go v0.0.6 h1:GriAQZeKsVdlM64lwRnh4EDKlb2R9tK7WXtRYQOrPwk=
+github.com/armosec/utils-k8s-go v0.0.6/go.mod h1:YFdWi3rEQQLbN6mZO21TSdoda8kGQYRV4rs5CRp8Kjs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.41.1/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/aws/aws-sdk-go v1.41.11 h1:QLouWsiYQ8i22kD8k58Dpdhio1A0MpT7bg9ZNXqEjuI=
@@ -1147,7 +1149,6 @@ golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

httphandler/README.md

@@ -23,25 +23,57 @@ body:
 ```
 {
     "format": <str>,               // results format [default: json] (same as 'kubescape scan --format')
-    "excludedNamespaces": <[]str>, // list of namespaces to exclude (same as 'kubescape scan --excluded-namespaces')
-    "includeNamespaces": <[]str>,  // list of namespaces to include (same as 'kubescape scan --include-namespaces')
+    "excludedNamespaces": [<str>], // list of namespaces to exclude (same as 'kubescape scan --excluded-namespaces')
+    "includeNamespaces": [<str>],  // list of namespaces to include (same as 'kubescape scan --include-namespaces')
     "useCachedArtifacts"`: <bool>, // use the cached artifacts instead of downloading (offline support)
     "submit": <bool>,              // submit results to Kubescape cloud (same as 'kubescape scan --submit')
     "hostScanner": <bool>,         // deploy kubescape K8s host-scanner DaemonSet in the scanned cluster (same as 'kubescape scan --enable-host-scan')
     "keepLocal": <bool>,           // do not submit results to Kubescape cloud (same as 'kubescape scan --keep-local')
-    "account": <str>               // account ID (same as 'kubescape scan --account')
+    "account": <str>,              // account ID (same as 'kubescape scan --account')
+    "targetType": <str>,           // framework/control
+    "targetNames": [<str>]         // names. e.g. when targetType==framework, targetNames=["nsa", "mitre"]
 }
 ```
 
-e.g.:
+#### Default scan  
 
+1. Trigger kubescape scan
+  ```bash
+  curl --header "Content-Type: application/json" --request POST --data '{}' http://127.0.0.1:8080/v1/scan -o scan_id
+  ```
+2. Get kubescape scan results
+  ```bash
+  curl --request GET http://127.0.0.1:8080/v1/results?id=$(cat scan_id)
+  ```
+
+#### Scan single namespace with specific framework
 ```bash
 curl --header "Content-Type: application/json" \
   --request POST \
   --data '{"hostScanner":true, "submit":true}' \
   http://127.0.0.1:8080/v1/scan
 ```
+
+#### Scan single namespace with specific framework
+```bash
+curl --header "Content-Type: application/json" \
+  --request POST \
+  --data '{"hostScanner":true, "submit":true, "includeNamespaces": ["ks-scanner"], "targetType": "framework", "targetNames": ["nsa"] }' \
+  http://127.0.0.1:8080/v1/scan
+```
 ## Examples
 
 * [Prometheus](examples/prometheus/README.md)
 * [Microservice](examples/microservice/README.md)
+
+
+## Supported environment variables
+
+* `KS_ACCOUNT`: Account ID
+* `KS_SUBMIT`: Submit the results to Kubescape SaaS version
+* `KS_EXCLUDE_NAMESPACES`: List of namespaces to exclude, e.g. `KS_EXCLUDE_NAMESPACES=kube-system,kube-public`
+* `KS_INCLUDE_NAMESPACES`: List of namespaces to include, rest of the namespaces will be ignored. e.g. `KS_INCLUDE_NAMESPACES=dev,prod`
+* `KS_HOST_SCAN_YAML`: Full path to the host scanner YAML
+* `KS_FORMAT`: Output file format. default is json
+* `KS_ENABLE_HOST_SCANNER`: Enable the host scanner feature
+* `KS_DOWNLOAD_ARTIFACTS`: Download the artifacts every scan

httphandler/go.mod

@@ -6,8 +6,8 @@ replace github.com/armosec/kubescape/v2 => ../
 
 require (
 	github.com/armosec/kubescape/v2 v2.0.0-00010101000000-000000000000
-	github.com/armosec/opa-utils v0.0.130
-	github.com/armosec/utils-go v0.0.3
+	github.com/armosec/opa-utils v0.0.135
+	github.com/armosec/utils-go v0.0.5
 	github.com/google/uuid v1.3.0
 	github.com/gorilla/mux v1.8.0
 	github.com/stretchr/testify v1.7.1
@@ -28,10 +28,11 @@ require (
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/armosec/armoapi-go v0.0.66 // indirect
-	github.com/armosec/k8s-interface v0.0.69 // indirect
+	github.com/armosec/armoapi-go v0.0.67 // indirect
+	github.com/armosec/go-git-url v0.0.4 // indirect
+	github.com/armosec/k8s-interface v0.0.70 // indirect
 	github.com/armosec/rbac-utils v0.0.14 // indirect
-	github.com/armosec/utils-k8s-go v0.0.5 // indirect
+	github.com/armosec/utils-k8s-go v0.0.6 // indirect
 	github.com/aws/aws-sdk-go v1.41.11 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.12.0 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.12.0 // indirect

httphandler/go.sum

@@ -113,26 +113,29 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8=
 github.com/armosec/armoapi-go v0.0.2/go.mod h1:vIK17yoKbJRQyZXWWLe3AqfqCRITxW8qmSkApyq5xFs=
 github.com/armosec/armoapi-go v0.0.23/go.mod h1:iaVVGyc23QGGzAdv4n+szGQg3Rbpixn9yQTU3qWRpaw=
-github.com/armosec/armoapi-go v0.0.58/go.mod h1:U/Axd+D5N00x9Ekr7t+5HXqLCMO+98NfJSVAggqJftI=
-github.com/armosec/armoapi-go v0.0.66 h1:SEm4nTwtexlMqYQr7sj3rWIrDYZj3BQ76FvKLA8hiLo=
-github.com/armosec/armoapi-go v0.0.66/go.mod h1:U/Axd+D5N00x9Ekr7t+5HXqLCMO+98NfJSVAggqJftI=
+github.com/armosec/armoapi-go v0.0.67 h1:XHm3nasLjzQBQJVQKVCA9MpFVQsqyl6JnN4lx2IVHpU=
+github.com/armosec/armoapi-go v0.0.67/go.mod h1:/9SQAgtLbYkfFneRRm/zkIn3zz+4Y2xv6N3vtFcyF8s=
+github.com/armosec/go-git-url v0.0.4 h1:emG9Yfl53rHpuX41fXLD92ehzhRoNSSnGT6Pr7ogWMY=
+github.com/armosec/go-git-url v0.0.4/go.mod h1:PJqdEyJyFxTQvawBcyOM0Ies6+uezire5gpwfr1XX5M=
 github.com/armosec/k8s-interface v0.0.8/go.mod h1:xxS+V5QT3gVQTwZyAMMDrYLWGrfKOpiJ7Jfhfa0w9sM=
 github.com/armosec/k8s-interface v0.0.37/go.mod h1:vHxGWqD/uh6+GQb9Sqv7OGMs+Rvc2dsFVc0XtgRh1ZU=
-github.com/armosec/k8s-interface v0.0.66/go.mod h1:vwprS8qn/iowd5yf0JHpqDsLA5I8W2muqX9AxKhkb0Q=
-github.com/armosec/k8s-interface v0.0.69 h1:rpZElGJjt9xlYrBc5IGKECybf7mZeu+rMEVEQyJOmbg=
-github.com/armosec/k8s-interface v0.0.69/go.mod h1:MmpOS7RselE+tZgojx5PcBXVbKjWBfHHd/hZ2tWXBdQ=
+github.com/armosec/k8s-interface v0.0.70 h1:NU3UIaNl7H3hsRecwggiaQbZXTwXtOKg3GOBjq6/XJw=
+github.com/armosec/k8s-interface v0.0.70/go.mod h1:8NX4xWXh8mwW7QyZdZea1czNdM2azCK9BbUNmiZYXW0=
 github.com/armosec/opa-utils v0.0.64/go.mod h1:6tQP8UDq2EvEfSqh8vrUdr/9QVSCG4sJfju1SXQOn4c=
-github.com/armosec/opa-utils v0.0.130 h1:uP60M0PzmDtLqvsA/jX8BED9/Ava4n2QG7VCkuI+hwI=
-github.com/armosec/opa-utils v0.0.130/go.mod h1:gap+EaLG5rnyqvIRGxtdNDC9y7VvoGNm90zK8Ls7avQ=
+github.com/armosec/opa-utils v0.0.134/go.mod h1:mCFQzz4E227f7V2jQVQ9XCivkNNK3UWCTaZ0HE5rBWk=
+github.com/armosec/opa-utils v0.0.135 h1:7JMHGKMD13XWwwd4g11tw6T9C4BRPifDiqdeDJEz638=
+github.com/armosec/opa-utils v0.0.135/go.mod h1:mCFQzz4E227f7V2jQVQ9XCivkNNK3UWCTaZ0HE5rBWk=
 github.com/armosec/rbac-utils v0.0.1/go.mod h1:pQ8CBiij8kSKV7aeZm9FMvtZN28VgA7LZcYyTWimq40=
 github.com/armosec/rbac-utils v0.0.14 h1:CKYKcgqJEXWF2Hen/B1pVGtS3nDAG1wp9dDv6oNtq90=
 github.com/armosec/rbac-utils v0.0.14/go.mod h1:Ex/IdGWhGv9HZq6Hs8N/ApzCKSIvpNe/ETqDfnuyah0=
 github.com/armosec/utils-go v0.0.2/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
-github.com/armosec/utils-go v0.0.3 h1:uyQI676yRciQM0sSN9uPoqHkbspTxHO0kmzXhBeE/xU=
 github.com/armosec/utils-go v0.0.3/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
+github.com/armosec/utils-go v0.0.4/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
+github.com/armosec/utils-go v0.0.5 h1:+pfZirWrOvfqvVYlL7OG1wMQD4T4YMwC78zzosB+mlQ=
+github.com/armosec/utils-go v0.0.5/go.mod h1:itWmRLzRdsnwjpEOomL0mBWGnVNNIxSjDAdyc+b0iUo=
 github.com/armosec/utils-k8s-go v0.0.1/go.mod h1:qrU4pmY2iZsOb39Eltpm0sTTNM3E4pmeyWx4dgDUC2U=
-github.com/armosec/utils-k8s-go v0.0.5 h1:zlw6lidAVbUs4cxlm30BOhxKWA/iuVUZTgZMhDC2wtQ=
-github.com/armosec/utils-k8s-go v0.0.5/go.mod h1:n6V42HYZZBDzMZMiAgUHROZcp4/Wz+wrBm+L6/m6Sdg=
+github.com/armosec/utils-k8s-go v0.0.6 h1:GriAQZeKsVdlM64lwRnh4EDKlb2R9tK7WXtRYQOrPwk=
+github.com/armosec/utils-k8s-go v0.0.6/go.mod h1:YFdWi3rEQQLbN6mZO21TSdoda8kGQYRV4rs5CRp8Kjs=
 github.com/asaskevich/govalidator v0.0.0-20190424111038-f61b66f89f4a/go.mod h1:lB+ZfQJz7igIIfQNfa7Ml4HSf2uFQQRzpGGRXenZAgY=
 github.com/aws/aws-sdk-go v1.41.1/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q=
 github.com/aws/aws-sdk-go v1.41.11 h1:QLouWsiYQ8i22kD8k58Dpdhio1A0MpT7bg9ZNXqEjuI=
@@ -1146,7 +1149,6 @@ golang.org/x/sys v0.0.0-20210831042530-f4d43177bf5e/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.0.0-20210908233432-aa78b53d3365/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20211025201205-69cdffdb9359/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211029165221-6e7872819dc8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211124211545-fe61309f8881/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211205182925-97ca703d548d/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

httphandler/handlerequests/v1/datastructure.go

@@ -1,24 +0,0 @@
-package v1
-
-import (
-	"github.com/armosec/kubescape/v2/core/cautils"
-	"github.com/armosec/opa-utils/reporthandling"
-)
-
-type PostScanRequest struct {
-	Format             string                                 `json:"format"`             // Format results (table, json, junit ...) - default json
-	Account            string                                 `json:"account"`            // account ID
-	Logger             string                                 `json:"-"`                  // logger level - debug/info/error - default is debug
-	FailThreshold      float32                                `json:"failThreshold"`      // Failure score threshold
-	ExcludedNamespaces []string                               `json:"excludedNamespaces"` // used for host scanner namespace
-	IncludeNamespaces  []string                               `json:"includeNamespaces"`  // DEPRECATED?
-	TargetNames        []string                               `json:"targetNames"`        // default is all
-	TargetType         *reporthandling.NotificationPolicyKind `json:"targetType"`         // framework/control - default is framework
-	Submit             cautils.BoolPtrFlag                    `json:"submit"`             // Submit results to Armo BE - default will
-	HostScanner        cautils.BoolPtrFlag                    `json:"hostScanner"`        // Deploy ARMO K8s host scanner to collect data from certain controls
-	KeepLocal          cautils.BoolPtrFlag                    `json:"keepLocal"`          // Do not submit results
-	UseCachedArtifacts cautils.BoolPtrFlag                    `json:"useCachedArtifacts"` // Use the cached artifacts instead of downloading
-	// UseExceptions      string      // Load file with exceptions configuration
-	// ControlsInputs     string      // Load file with inputs for controls
-	// VerboseMode        bool        // Display all of the input resources and not only failed resources
-}

httphandler/handlerequests/v1/datastructuremethods.go

@@ -3,21 +3,33 @@ package v1
 import (
 	"strings"
 
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
+
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/getter"
 	"github.com/armosec/opa-utils/reporthandling"
 )
 
-func (scanRequest *PostScanRequest) ToScanInfo() *cautils.ScanInfo {
+func ToScanInfo(scanRequest *utilsmetav1.PostScanRequest) *cautils.ScanInfo {
 	scanInfo := defaultScanInfo()
 
-	if scanRequest.TargetType != nil && len(scanRequest.TargetNames) > 0 {
-		if *scanRequest.TargetType == reporthandling.KindFramework {
+	if scanRequest.TargetType != "" && len(scanRequest.TargetNames) > 0 {
+		if strings.EqualFold(string(scanRequest.TargetType), string(reporthandling.KindFramework)) {
+			scanRequest.TargetType = apisv1.KindFramework
 			scanInfo.FrameworkScan = true
+		} else if strings.EqualFold(string(scanRequest.TargetType), string(reporthandling.KindControl)) {
+			scanRequest.TargetType = apisv1.KindControl
+		} else {
+			// unknown policy kind - set scan all
+			scanInfo.FrameworkScan = true
+			scanInfo.ScanAll = true
+			scanRequest.TargetNames = []string{}
 		}
-		scanInfo.SetPolicyIdentifiers(scanRequest.TargetNames, *scanRequest.TargetType)
+		scanInfo.SetPolicyIdentifiers(scanRequest.TargetNames, scanRequest.TargetType)
 		scanInfo.ScanAll = false
 	} else {
+		scanInfo.FrameworkScan = true
 		scanInfo.ScanAll = true
 	}
 
@@ -31,21 +43,24 @@ func (scanRequest *PostScanRequest) ToScanInfo() *cautils.ScanInfo {
 		scanInfo.IncludeNamespaces = strings.Join(scanRequest.IncludeNamespaces, ",")
 	}
 
-	if scanRequest.Format == "" {
-		scanInfo.Format = scanRequest.Format // TODO - handle default
+	if scanRequest.Format != "" {
+		scanInfo.Format = scanRequest.Format
 	}
 
-	if scanRequest.UseCachedArtifacts.Get() != nil && !*scanRequest.UseCachedArtifacts.Get() {
+	useCachedArtifacts := cautils.NewBoolPtr(scanRequest.UseCachedArtifacts)
+	if useCachedArtifacts.Get() != nil && !*useCachedArtifacts.Get() {
 		scanInfo.UseArtifactsFrom = getter.DefaultLocalStore // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
 	}
 
-	if scanRequest.KeepLocal.Get() != nil {
-		scanInfo.Local = *scanRequest.KeepLocal.Get() // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
+	keepLocal := cautils.NewBoolPtr(scanRequest.KeepLocal)
+	if keepLocal.Get() != nil {
+		scanInfo.Local = *keepLocal.Get() // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
 	}
-	if scanRequest.Submit.Get() != nil {
-		scanInfo.Submit = *scanRequest.Submit.Get()
+	submit := cautils.NewBoolPtr(scanRequest.Submit)
+	if submit.Get() != nil {
+		scanInfo.Submit = *submit.Get()
 	}
-	scanInfo.HostSensorEnabled = scanRequest.HostScanner
+	scanInfo.HostSensorEnabled = cautils.NewBoolPtr(scanRequest.HostScanner)
 
 	return scanInfo
 }

httphandler/handlerequests/v1/datastructuremethods_test.go

@@ -0,0 +1,61 @@
+package v1
+
+import (
+	"testing"
+
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
+	"github.com/armosec/opa-utils/reporthandling"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestToScanInfo(t *testing.T) {
+	{
+		req := &utilsmetav1.PostScanRequest{
+			TargetType:         apisv1.KindFramework,
+			Account:            "abc",
+			Logger:             "info",
+			Format:             "pdf",
+			FailThreshold:      50,
+			ExcludedNamespaces: []string{"kube-system", "kube-public"},
+			TargetNames:        []string{"nsa", "mitre"},
+		}
+		s := ToScanInfo(req)
+		assert.Equal(t, "abc", s.Account)
+		assert.Equal(t, "v2", s.FormatVersion)
+		assert.Equal(t, "pdf", s.Format)
+		assert.Equal(t, 2, len(s.PolicyIdentifier))
+		assert.Equal(t, "kube-system,kube-public", s.ExcludedNamespaces)
+
+		assert.False(t, s.HostSensorEnabled.GetBool())
+		assert.False(t, s.Local)
+		assert.False(t, s.Submit)
+		assert.False(t, s.ScanAll)
+		assert.True(t, s.FrameworkScan)
+		assert.Equal(t, "nsa", s.PolicyIdentifier[0].Name)
+		assert.Equal(t, reporthandling.KindFramework, s.PolicyIdentifier[0].Kind)
+		assert.Equal(t, "mitre", s.PolicyIdentifier[1].Name)
+		assert.Equal(t, reporthandling.KindFramework, s.PolicyIdentifier[1].Kind)
+	}
+	{
+		req := &utilsmetav1.PostScanRequest{
+			TargetType:        apisv1.KindControl,
+			TargetNames:       []string{"c-0001"},
+			IncludeNamespaces: []string{"kube-system", "kube-public"},
+		}
+		s := ToScanInfo(req)
+		assert.False(t, s.ScanAll)
+		assert.False(t, s.FrameworkScan)
+		assert.Equal(t, "kube-system,kube-public", s.IncludeNamespaces)
+		assert.Equal(t, "", s.ExcludedNamespaces)
+		assert.Equal(t, 1, len(s.PolicyIdentifier))
+		assert.Equal(t, "c-0001", s.PolicyIdentifier[0].Name)
+		assert.Equal(t, reporthandling.KindControl, s.PolicyIdentifier[0].Kind)
+	}
+	{
+		req := &utilsmetav1.PostScanRequest{}
+		s := ToScanInfo(req)
+		assert.True(t, s.ScanAll)
+		assert.True(t, s.FrameworkScan)
+	}
+}

httphandler/handlerequests/v1/prometheus.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"net/http"
 	"os"
+	"path/filepath"
 
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
@@ -28,10 +29,12 @@ func (handler *HTTPHandler) Metrics(w http.ResponseWriter, r *http.Request) {
 	scanID := uuid.NewString()
 	handler.state.setID(scanID)
 
+	resultsFile := filepath.Join(OutputDir, scanID)
+
 	// trigger scanning
 	logger.L().Info(handler.state.getID(), helpers.String("action", "triggering scan"), helpers.Time())
 	ks := core.NewKubescape()
-	results, err := ks.Scan(getPrometheusDefaultScanCommand(scanID))
+	results, err := ks.Scan(getPrometheusDefaultScanCommand(scanID, resultsFile))
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write([]byte(fmt.Sprintf("failed to complete scan. reason: %s", err.Error())))
@@ -40,26 +43,25 @@ func (handler *HTTPHandler) Metrics(w http.ResponseWriter, r *http.Request) {
 	results.HandleResults()
 	logger.L().Info(handler.state.getID(), helpers.String("action", "done scanning"), helpers.Time())
 
-	f, err := os.ReadFile(scanID)
-	// res, err := results.ToJson()
+	f, err := os.ReadFile(resultsFile)
 	if err != nil {
 		w.WriteHeader(http.StatusInternalServerError)
 		w.Write([]byte(fmt.Sprintf("failed read results from file. reason: %s", err.Error())))
 		return
 	}
-	os.Remove(scanID)
+	os.Remove(resultsFile)
 
 	w.WriteHeader(http.StatusOK)
 	w.Write(f)
 }
 
-func getPrometheusDefaultScanCommand(scanID string) *cautils.ScanInfo {
+func getPrometheusDefaultScanCommand(scanID, resultsFile string) *cautils.ScanInfo {
 	scanInfo := defaultScanInfo()
 	scanInfo.FrameworkScan = true
 	scanInfo.ScanAll = true                                                        // scan all frameworks
 	scanInfo.ScanID = scanID                                                       // scan ID
 	scanInfo.FailThreshold = 100                                                   // Do not fail scanning
-	scanInfo.Output = scanID                                                       // results output
+	scanInfo.Output = resultsFile                                                  // results output
 	scanInfo.Format = envToString("KS_FORMAT", "prometheus")                       // default output should be json
 	scanInfo.HostSensorEnabled.SetBool(envToBool("KS_ENABLE_HOST_SCANNER", false)) // enable host scanner
 	return scanInfo

httphandler/handlerequests/v1/prometheus_test.go

@@ -1,6 +1,7 @@
 package v1
 
 import (
+	"path/filepath"
 	"testing"
 
 	"github.com/armosec/kubescape/v2/core/cautils/getter"
@@ -9,10 +10,11 @@ import (
 
 func TestGetPrometheusDefaultScanCommand(t *testing.T) {
 	scanID := "1234"
-	scanInfo := getPrometheusDefaultScanCommand(scanID)
+	outputFile := filepath.Join(OutputDir, scanID)
+	scanInfo := getPrometheusDefaultScanCommand(scanID, outputFile)
 
 	assert.Equal(t, scanID, scanInfo.ScanID)
-	assert.Equal(t, scanID, scanInfo.Output)
+	assert.Equal(t, outputFile, scanInfo.Output)
 	assert.Equal(t, "prometheus", scanInfo.Format)
 	// assert.False(t, *scanInfo.HostSensorEnabled.Get())
 	assert.Equal(t, getter.DefaultLocalStore, scanInfo.UseArtifactsFrom)

httphandler/handlerequests/v1/requestshandler.go

@@ -7,6 +7,8 @@ import (
 	"net/http"
 	"sync"
 
+	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
+
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
 	"github.com/google/uuid"
@@ -24,14 +26,18 @@ func NewHTTPHandler() *HTTPHandler {
 		state: newServerState(),
 	}
 }
-
 func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
+	response := utilsmetav1.Response{}
+	w.Header().Set("Content-Type", "application/json")
+
 	defer func() {
 		if err := recover(); err != nil {
 			handler.state.setNotBusy()
 			logger.L().Error("Scan recover", helpers.Error(fmt.Errorf("%v", err)))
 			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(fmt.Sprintf("%v", err)))
+			response.Response = []byte(fmt.Sprintf("%v", err))
+			response.Type = utilsmetav1.ErrorScanResponseType
+			w.Write(responseToBytes(&response))
 		}
 	}()
 
@@ -39,7 +45,7 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 
 	switch r.Method {
 	case http.MethodGet: // return request template
-		json.NewEncoder(w).Encode(PostScanRequest{})
+		json.NewEncoder(w).Encode(utilsmetav1.PostScanRequest{})
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
 		return
@@ -50,8 +56,8 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if handler.state.isBusy() {
-		w.Write([]byte(handler.state.getID()))
 		w.WriteHeader(http.StatusOK)
+		w.Write([]byte(handler.state.getID()))
 		return
 	}
 
@@ -60,24 +66,28 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 	// generate id
 	scanID := uuid.NewString()
 	handler.state.setID(scanID)
+	response.ID = scanID
+	response.Type = utilsmetav1.IDScanResponseType
 
 	readBuffer, err := ioutil.ReadAll(r.Body)
 	if err != nil {
 		defer handler.state.setNotBusy()
 		w.WriteHeader(http.StatusBadRequest)
-		w.Write([]byte(fmt.Sprintf("failed to read request body, reason: %s", err.Error())))
+		response.Response = []byte(fmt.Sprintf("failed to read request body, reason: %s", err.Error()))
+		response.Type = utilsmetav1.ErrorScanResponseType
+		w.Write(responseToBytes(&response))
 		return
 	}
-	scanRequest := PostScanRequest{}
+	scanRequest := utilsmetav1.PostScanRequest{}
 	if err := json.Unmarshal(readBuffer, &scanRequest); err != nil {
 		defer handler.state.setNotBusy()
 		w.WriteHeader(http.StatusBadRequest)
-		w.Write([]byte(fmt.Sprintf("failed to parse request payload, reason: %s", err.Error())))
+		response.Response = []byte(fmt.Sprintf("failed to parse request payload, reason: %s", err.Error()))
+		response.Type = utilsmetav1.ErrorScanResponseType
+		w.Write(responseToBytes(&response))
 		return
 	}
 
-	response := []byte(scanID)
-
 	returnResults := r.URL.Query().Has("wait")
 	var wg sync.WaitGroup
 	if returnResults {
@@ -85,7 +95,7 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 	} else {
 		wg.Add(0)
 	}
-
+	statusCode := http.StatusOK
 	go func() {
 		// execute scan in the background
 
@@ -95,14 +105,15 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 		if err != nil {
 			logger.L().Error("scanning failed", helpers.String("ID", scanID), helpers.Error(err))
 			if returnResults {
-				response = []byte(err.Error())
-				w.WriteHeader(http.StatusInternalServerError)
+				response.Type = utilsmetav1.ErrorScanResponseType
+				response.Response = []byte(err.Error())
+				statusCode = http.StatusInternalServerError
 			}
 		} else {
 			logger.L().Success("done scanning", helpers.String("ID", scanID))
 			if returnResults {
-				w.Header().Set("Content-Type", "application/json")
-				response = results
+				response.Type = utilsmetav1.ResultsV1ScanResponseType
+				response.Response = results
 				wg.Done()
 			}
 		}
@@ -110,31 +121,47 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 	}()
 
 	wg.Wait()
-	w.WriteHeader(http.StatusOK)
-	w.Write(response)
+
+	w.WriteHeader(statusCode)
+	w.Write(responseToBytes(&response))
 }
 func (handler *HTTPHandler) Results(w http.ResponseWriter, r *http.Request) {
+	response := utilsmetav1.Response{}
+	w.Header().Set("Content-Type", "application/json")
+
 	defer func() {
 		if err := recover(); err != nil {
 			handler.state.setNotBusy()
 			logger.L().Error("Results recover", helpers.Error(fmt.Errorf("%v", err)))
 			w.WriteHeader(http.StatusInternalServerError)
-			w.Write([]byte(fmt.Sprintf("%v", err)))
+			response.Response = []byte(fmt.Sprintf("%v", err))
+			response.Type = utilsmetav1.ErrorScanResponseType
+			w.Write(responseToBytes(&response))
 		}
 	}()
 
 	defer r.Body.Close()
 
 	var scanID string
-	if scanID = r.URL.Query().Get("scanID"); scanID == "" {
+	if scanID = r.URL.Query().Get("id"); scanID == "" {
 		scanID = handler.state.getLatestID()
 	}
+	if scanID == "" { // if no scan found
+		logger.L().Info("empty scan ID")
+		w.WriteHeader(http.StatusBadRequest) // Should we return ok?
+		response.Response = []byte("latest scan not found. trigger again")
+		response.Type = utilsmetav1.ErrorScanResponseType
+		w.Write(responseToBytes(&response))
+		return
+	}
+	response.ID = scanID
 
 	if handler.state.isBusy() { // if requested ID is still scanning
 		if scanID == handler.state.getID() {
 			logger.L().Info("scan in process", helpers.String("ID", scanID))
-			w.WriteHeader(http.StatusOK) // Should we return ok?
-			w.Write([]byte(handler.state.getID()))
+			w.WriteHeader(http.StatusOK)
+			response.Response = []byte("scanning in progress")
+			w.Write(responseToBytes(&response))
 			return
 		}
 	}
@@ -144,15 +171,19 @@ func (handler *HTTPHandler) Results(w http.ResponseWriter, r *http.Request) {
 		logger.L().Info("requesting results", helpers.String("ID", scanID))
 
 		if r.URL.Query().Has("remove") {
+			logger.L().Info("deleting results", helpers.String("ID", scanID))
 			defer removeResultsFile(scanID)
 		}
 		if res, err := readResultsFile(scanID); err != nil {
+			logger.L().Info("scan result not found", helpers.String("ID", scanID))
 			w.WriteHeader(http.StatusNoContent)
-			w.Write([]byte(err.Error()))
+			response.Response = []byte(err.Error())
 		} else {
+			logger.L().Info("scan result found", helpers.String("ID", scanID))
 			w.WriteHeader(http.StatusOK)
-			w.Write(res)
+			response.Response = res
 		}
+		w.Write(responseToBytes(&response))
 	case http.MethodDelete:
 		logger.L().Info("deleting results", helpers.String("ID", scanID))
 
@@ -175,3 +206,8 @@ func (handler *HTTPHandler) Live(w http.ResponseWriter, r *http.Request) {
 func (handler *HTTPHandler) Ready(w http.ResponseWriter, r *http.Request) {
 	w.WriteHeader(http.StatusOK)
 }
+
+func responseToBytes(res *utilsmetav1.Response) []byte {
+	b, _ := json.Marshal(res)
+	return b
+}

httphandler/handlerequests/v1/requestshandlerutil_test.go

@@ -0,0 +1,34 @@
+package v1
+
+import (
+	"testing"
+
+	apisv1 "github.com/armosec/opa-utils/httpserver/apis/v1"
+	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestDefaultScanInfo(t *testing.T) {
+	s := defaultScanInfo()
+
+	assert.Equal(t, "", s.Account)
+	assert.Equal(t, "v2", s.FormatVersion)
+	assert.Equal(t, "json", s.Format)
+	assert.False(t, s.HostSensorEnabled.GetBool())
+	assert.False(t, s.Local)
+	assert.False(t, s.Submit)
+}
+
+func TestGetScanCommand(t *testing.T) {
+	req := utilsmetav1.PostScanRequest{
+		TargetType: apisv1.KindFramework,
+	}
+	s := getScanCommand(&req, "abc")
+	assert.Equal(t, "", s.Account)
+	assert.Equal(t, "abc", s.ScanID)
+	assert.Equal(t, "v2", s.FormatVersion)
+	assert.Equal(t, "json", s.Format)
+	assert.False(t, s.HostSensorEnabled.GetBool())
+	assert.False(t, s.Local)
+	assert.False(t, s.Submit)
+}

httphandler/handlerequests/v1/requestshandlerutils.go

@@ -4,15 +4,16 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-
-	pkgcautils "github.com/armosec/utils-go/utils"
+	"strings"
 
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/getter"
 	"github.com/armosec/kubescape/v2/core/core"
+	utilsmetav1 "github.com/armosec/opa-utils/httpserver/meta/v1"
+	"github.com/armosec/utils-go/boolutils"
 )
 
-func scan(scanRequest *PostScanRequest, scanID string) ([]byte, error) {
+func scan(scanRequest *utilsmetav1.PostScanRequest, scanID string) ([]byte, error) {
 	scanInfo := getScanCommand(scanRequest, scanID)
 
 	ks := core.NewKubescape()
@@ -26,7 +27,9 @@ func scan(scanRequest *PostScanRequest, scanID string) ([]byte, error) {
 		f.Write([]byte(e.Error()))
 
 	}
-	result.HandleResults()
+	if err := result.HandleResults(); err != nil {
+		return nil, err
+	}
 	b, err := result.ToJson()
 	if err != nil {
 		err = fmt.Errorf("failed to parse results to json, reason: %s", err.Error())
@@ -62,21 +65,25 @@ func searchFile(fileID string) string {
 }
 
 func findFile(targetDir string, fileName string) (string, error) {
-
-	matches, err := filepath.Glob(filepath.Join(targetDir, fileName))
+	var files []string
+	err := filepath.Walk(targetDir, func(path string, info os.FileInfo, err error) error {
+		files = append(files, path)
+		return nil
+	})
 	if err != nil {
 		return "", err
 	}
-
-	if len(matches) != 0 {
-		return matches[0], nil
+	for i := range files {
+		if strings.Contains(files[i], fileName) {
+			return files[i], nil
+		}
 	}
 	return "", nil
 }
 
-func getScanCommand(scanRequest *PostScanRequest, scanID string) *cautils.ScanInfo {
+func getScanCommand(scanRequest *utilsmetav1.PostScanRequest, scanID string) *cautils.ScanInfo {
 
-	scanInfo := scanRequest.ToScanInfo()
+	scanInfo := ToScanInfo(scanRequest)
 	scanInfo.ScanID = scanID
 
 	// *** start ***
@@ -98,14 +105,15 @@ func getScanCommand(scanRequest *PostScanRequest, scanID string) *cautils.ScanIn
 func defaultScanInfo() *cautils.ScanInfo {
 	scanInfo := &cautils.ScanInfo{}
 	scanInfo.FailThreshold = 100
-	scanInfo.Account = envToString("KS_ACCOUNT", "")                              // publish results to Kubescape SaaS
-	scanInfo.ExcludedNamespaces = envToString("KS_EXCLUDE_NAMESPACES", "")        // namespace to exclude
-	scanInfo.IncludeNamespaces = envToString("KS_INCLUDE_NAMESPACES", "")         // namespace to include
-	scanInfo.FormatVersion = envToString("KS_FORMAT_VERSION", "v2")               // output format version
-	scanInfo.Format = envToString("KS_FORMAT", "json")                            // default output should be json
-	scanInfo.Submit = envToBool("KS_SUBMIT", false)                               // publish results to Kubescape SaaS
-	scanInfo.HostSensorEnabled.SetBool(envToBool("KS_ENABLE_HOST_SCANNER", true)) // enable host scanner
-	scanInfo.Local = envToBool("KS_KEEP_LOCAL", false)                            // do not publish results to Kubescape SaaS
+	scanInfo.Account = envToString("KS_ACCOUNT", "")                               // publish results to Kubescape SaaS
+	scanInfo.ExcludedNamespaces = envToString("KS_EXCLUDE_NAMESPACES", "")         // namespace to exclude
+	scanInfo.HostSensorYamlPath = envToString("KS_HOST_SCAN_YAML", "")             // namespace to exclude
+	scanInfo.IncludeNamespaces = envToString("KS_INCLUDE_NAMESPACES", "")          // namespace to include
+	scanInfo.FormatVersion = envToString("KS_FORMAT_VERSION", "v2")                // output format version
+	scanInfo.Format = envToString("KS_FORMAT", "json")                             // default output should be json
+	scanInfo.Submit = envToBool("KS_SUBMIT", false)                                // publish results to Kubescape SaaS
+	scanInfo.HostSensorEnabled.SetBool(envToBool("KS_ENABLE_HOST_SCANNER", false)) // enable host scanner
+	scanInfo.Local = envToBool("KS_KEEP_LOCAL", false)                             // do not publish results to Kubescape SaaS
 	if !envToBool("KS_DOWNLOAD_ARTIFACTS", false) {
 		scanInfo.UseArtifactsFrom = getter.DefaultLocalStore // Load files from cache (this will prevent kubescape fom downloading the artifacts every time)
 	}
@@ -114,7 +122,7 @@ func defaultScanInfo() *cautils.ScanInfo {
 
 func envToBool(env string, defaultValue bool) bool {
 	if d, ok := os.LookupEnv(env); ok {
-		return pkgcautils.StringToBool(d)
+		return boolutils.StringToBool(d)
 	}
 	return defaultValue
 }

httphandler/listener/init.go

@@ -0,0 +1,32 @@
+package listener
+
+import (
+	"os"
+
+	"github.com/armosec/kubescape/v2/core/cautils/getter"
+	"github.com/armosec/kubescape/v2/core/cautils/logger"
+	"github.com/armosec/kubescape/v2/core/cautils/logger/zaplogger"
+)
+
+func initialize() error {
+	logger.InitLogger(zaplogger.LoggerName)
+
+	initializeSaaSEnv()
+	return nil
+}
+
+func initializeSaaSEnv() {
+
+	saasEnv := os.Getenv("KS_SAAS_ENV")
+	switch saasEnv {
+	case "dev", "development":
+		logger.L().Debug("setting dev env")
+		getter.SetARMOAPIConnector(getter.NewARMOAPIDev())
+	case "stage", "staging":
+		logger.L().Debug("setting staging env")
+		getter.SetARMOAPIConnector(getter.NewARMOAPIStaging())
+	default:
+		logger.L().Debug("setting prod env")
+		getter.SetARMOAPIConnector(getter.NewARMOAPIProd())
+	}
+}

httphandler/listener/setup.go

@@ -9,7 +9,6 @@ import (
 	"github.com/armosec/kubescape/v2/core/cautils"
 	"github.com/armosec/kubescape/v2/core/cautils/logger"
 	"github.com/armosec/kubescape/v2/core/cautils/logger/helpers"
-	"github.com/armosec/kubescape/v2/core/cautils/logger/zaplogger"
 	handlerequestsv1 "github.com/armosec/kubescape/v2/httphandler/handlerequests/v1"
 	"github.com/gorilla/mux"
 )
@@ -24,7 +23,7 @@ const (
 
 // SetupHTTPListener set up listening http servers
 func SetupHTTPListener() error {
-	logger.InitLogger(zaplogger.LoggerName)
+	initialize()
 
 	keyPair, err := loadTLSKey("", "") // TODO - support key and crt files
 	if err != nil {