todo

.github/PULL_REQUEST_TEMPLATE.md

@@ -41,4 +41,7 @@ put an [x] in the box to get it checked
 - [ ] If it is a core feature, I have added thorough tests.
 - [ ] New and existing unit tests pass locally with my changes
 
---> 
+**Please open the PR against the `dev` branch (Unless the PR contains only documentation changes)**
+
+-->
+ 

.github/actions/tag-action/action.yaml

@@ -1,44 +0,0 @@
-name: 'Tag validator and retag'
-description: 'This action will check if the tag is rc and create a new tag for release'
-inputs:
-  ORIGINAL_TAG:  # id of input
-    description: 'Original tag'
-    required: true
-    default: ${{ github.ref_name }}
-  SUB_STRING: 
-    description: 'Sub string for rc tag'
-    required: true
-    default: "-rc"
-outputs:
-  NEW_TAG:
-    description: "The new tag for release"
-    value: ${{ steps.retag.outputs.NEW_TAG }}
-runs:
-  using: "composite"
-  steps:
-    - run: |
-        if [[ -z "${{ inputs.ORIGINAL_TAG }}" ]]; then
-          echo "The value of ORIGINAL_TAG is ${{ inputs.ORIGINAL_TAG }}"
-          echo "Setting the value of ORIGINAL_TAG to ${{ github.ref_name }}"
-          echo ORIGINAL_TAG="${{ github.ref_name }}" >> $GITHUB_ENV
-        fi
-      shell: bash
-
-    - run: |
-        if [[ "${{ inputs.ORIGINAL_TAG }}" == *"${{ inputs.SUB_STRING }}"* ]]; then
-            echo "Release candidate tag found."
-        else
-            echo "Release candidate tag not found."
-            exit 1
-        fi
-      shell: bash
-
-
-    - id: retag
-      run: | 
-          NEW_TAG=
-          echo "Original tag: ${{ inputs.ORIGINAL_TAG }}"
-          NEW_TAG=$(echo ${{ inputs.ORIGINAL_TAG }} | awk -F '-rc' '{print $1}')
-          echo "New tag: $NEW_TAG"
-          echo "NEW_TAG=$NEW_TAG" >> $GITHUB_OUTPUT
-      shell: bash

.github/workflows/00-pr-scanner.yaml

@@ -1,31 +0,0 @@
-name: 00-pr_scanner
-on:
-  pull_request:
-    types: [opened, reopened, synchronize, ready_for_review]
-    branches:
-      - 'master'
-      - 'main'
-      - 'dev'
-    paths-ignore:
-      - '**.yaml'
-      - '**.md'
-      - '**.sh'
-      - 'website/*'
-      - 'examples/*'
-      - 'docs/*'
-      - 'build/*'
-      - '.github/*'
-      
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  pr-scanner:
-    permissions:
-      pull-requests: write
-    uses: ./.github/workflows/a-pr-scanner.yaml
-    with:
-      RELEASE: ""
-      CLIENT: test
-    secrets: inherit

.github/workflows/00-test.yaml

@@ -0,0 +1,129 @@
+name: 00-test
+
+on:
+  workflow_call:
+    inputs:
+      release:
+        description: 'release'
+        required: true
+        type: string
+      client:
+        description: 'Client name'
+        required: true
+        type: string
+jobs:
+  basic-tests:
+    name: Create cross-platform build
+    runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        os: [ubuntu-20.04, macos-latest, windows-latest]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Cache Go modules (Linux)
+        if: matrix.os == 'ubuntu-20.04'
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Cache Go modules (macOS)
+        if: matrix.os == 'macos-latest' 
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/Library/Caches/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Cache Go modules (Windows)
+        if: matrix.os == 'windows-latest'
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~\AppData\Local\go-build
+            ~\go\pkg\mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+
+      - name: Install MSYS2 & libgit2 (Windows)
+        shell: cmd
+        run: .\build.bat all
+        if: matrix.os == 'windows-latest'
+
+      - name: Install libgit2 (Linux/macOS)
+        run: make libgit2
+        if: matrix.os != 'windows-latest'
+ 
+      - name: Test core pkg
+        run: go test "-tags=static,gitenabled" -v ./...
+
+      - name: Test httphandler pkg
+        run: cd httphandler && go test "-tags=static,gitenabled" -v ./...
+
+      - name: Build
+        env:
+          RELEASE: ${{ inputs.release }}
+          CLIENT: test
+          CGO_ENABLED: 1
+        run: python3 --version && python3 build.py
+
+      - name: Smoke Testing (Windows / MacOS)
+        env:
+          RELEASE: ${{ inputs.release }} 
+          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
+        run: python3 smoke_testing/init.py ${PWD}/build/${{ matrix.os }}/kubescape-${{ matrix.os }}
+        if: matrix.os != 'ubuntu-20.04'
+
+      - name: Smoke Testing (Linux)
+        env:
+          RELEASE: ${{ inputs.release }} 
+          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
+        run: python3 smoke_testing/init.py ${PWD}/build/ubuntu-latest/kubescape-ubuntu-latest
+        if: matrix.os == 'ubuntu-20.04'      
+
+      - name: golangci-lint
+        if: matrix.os == 'ubuntu-20.04'      
+        continue-on-error: true
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: latest
+
+          # Optional: working directory, useful for monorepos
+          # working-directory: somedir
+
+          # Optional: golangci-lint command line arguments.
+          # args: --issues-exit-code=0
+          args: --timeout 10m --build-tags=static
+          #--new-from-rev dev
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          only-new-issues: true
+
+          # Optional: if set to true then the all caching functionality will be complete disabled,
+          #           takes precedence over all other caching options.
+          # skip-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          # skip-pkg-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          # skip-build-cache: true

.github/workflows/01-create-release.yaml

@@ -0,0 +1,41 @@
+name: 01-create-release
+
+on:
+  workflow_call:
+    inputs:
+      release_name:
+        description: 'release'
+        required: true
+        type: string
+      tag:
+        description: 'tag'
+        required: true
+        type: string
+      draft:
+        description: 'create draft release'
+        required: false
+        type: boolean
+        default: false
+    outputs:
+      upload_url:
+        description: "The first output string"
+        value: ${{ jobs.release.outputs.upload_url }}
+
+jobs:
+  release:
+    name: Create release
+    runs-on: ubuntu-latest
+    outputs:
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
+    steps:
+      - name: Create a release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          release_name: ${{ inputs.release_name }}
+          tag_name: ${{ inputs.tag }}
+          draft: ${{ inputs.draft }}
+          prerelease: false
+   

.github/workflows/01-pr-merged.yaml

@@ -1,34 +0,0 @@
-name: 01-pr-merged
-
-on:
-  pull_request_target:
-    types: [closed]
-    branches:
-      - 'master'
-      - 'main'
-    paths-ignore:
-      - '**.yaml'
-      - '**.md'
-      - '**.sh'
-      - 'website/*'
-      - 'examples/*'
-      - 'docs/*'
-      - 'build/*'
-      - '.github/*'
-      
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  binary-build:
-    if: ${{ github.event.pull_request.merged == true && contains( github.event.pull_request.labels.*.name, 'trigger-integration-test') && github.event.pull_request.base.ref == 'master' }} ## run only if labeled as "trigger-integration-test" and base branch is master
-    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
-    with:
-      COMPONENT_NAME: kubescape
-      CGO_ENABLED: 1
-      GO111MODULE: ""
-      GO_VERSION: "1.20"
-      RELEASE: ""
-      CLIENT: test
-    secrets: inherit

.github/workflows/02-publish-artifacts.yaml

@@ -0,0 +1,71 @@
+name: publish-artifacts
+
+on:
+  workflow_call:
+    inputs:
+      upload_url:
+        description: 'upload url'
+        required: true
+        type: string
+      release:
+        description: 'release tag'
+        required: true
+        type: string
+
+jobs:
+  publish-artifacts:
+    name: Build and publish artifacts
+    runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        os: [ubuntu-20.04, macos-latest, windows-latest]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.19
+
+      - name: Install MSYS2 & libgit2 (Windows)
+        shell: cmd
+        run: .\build.bat all
+        if: matrix.os == 'windows-latest'
+
+      - name: Install libgit2 (Linux/macOS)
+        run: make libgit2
+        if: matrix.os != 'windows-latest'
+
+      - name: Build
+        env:
+          RELEASE: ${{ inputs.release }}
+          CLIENT: release
+          CGO_ENABLED: 1
+        run: python3 --version && python3 build.py
+
+      - name: Upload release assets (Windows / MacOS)
+        id: upload-release-asset-win-macos
+        uses: shogo82148/actions-upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ inputs.upload_url }}
+          asset_path: build/${{ matrix.os }}/*
+        if: matrix.os != 'ubuntu-20.04'
+
+      - name: Upload release assets (Linux)
+        id: upload-release-asset-linux
+        uses: shogo82148/actions-upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ inputs.upload_url }}
+          asset_path: build/ubuntu-latest/*
+        if: matrix.os == 'ubuntu-20.04'
+
+      - name: Update new version in krew-index
+        uses: rajatjindal/krew-release-bot@v0.0.43

.github/workflows/02-release.yaml

@@ -1,51 +0,0 @@
-name: 02-create_release
-on:
-  push:
-    tags:
-      - 'v*.*.*-rc.*'
-jobs:
-  retag:
-    outputs:
-      NEW_TAG: ${{ steps.tag-calculator.outputs.NEW_TAG }}
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
-      - id: tag-calculator
-        uses: ./.github/actions/tag-action
-        with:
-          SUB_STRING: "-rc"
-  binary-build:
-    needs: [retag]
-    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
-    with:
-      COMPONENT_NAME: kubescape
-      CGO_ENABLED: 1
-      GO111MODULE: ""
-      GO_VERSION: "1.20"
-      RELEASE: ${{ needs.retag.outputs.NEW_TAG }}
-      CLIENT: release
-    secrets: inherit
-  create-release:
-    permissions:
-      contents: write
-    needs: [retag, binary-build]
-    uses: ./.github/workflows/c-create-release.yaml
-    with:
-      RELEASE_NAME: "Release ${{ needs.retag.outputs.NEW_TAG }}"
-      TAG: ${{ needs.retag.outputs.NEW_TAG }}
-      DRAFT: false
-    secrets: inherit
-  publish-image:
-    permissions:
-      id-token: write
-      packages: write
-      contents: read
-    uses: ./.github/workflows/d-publish-image.yaml
-    needs: [create-release, retag]
-    with:
-      client: "image-release"
-      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
-      image_tag: ${{ needs.retag.outputs.NEW_TAG }}
-      support_platforms: true
-      cosign: true
-    secrets: inherit

.github/workflows/03-post-release.yaml

@@ -1,41 +0,0 @@
-name: 03-post_release
-on:
-  release:
-    types: [published]
-    branches:
-      - 'master'
-      - 'main'
-jobs:
-  post_release:
-    name: Post release jobs
-    runs-on: ubuntu-latest
-    steps:
-      - name: Digest
-        uses: MCJack123/ghaction-generate-release-hashes@c03f3111b39432dde3edebe401c5a8d1ffbbf917 # ratchet:MCJack123/ghaction-generate-release-hashes@v1
-        with:
-          hash-type: sha1
-          file-name: kubescape-release-digests
-      - name: Invoke workflow to update packaging
-        uses: benc-uk/workflow-dispatch@v1
-        if: github.repository_owner == 'kubescape'
-        with:
-          workflow: release.yml
-          repo: kubescape/packaging
-          ref: refs/heads/main
-          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
-      - name: Invoke workflow to update homebrew tap
-        uses: benc-uk/workflow-dispatch@v1
-        if: github.repository_owner == 'kubescape'
-        with:
-          workflow: release.yml
-          repo: kubescape/homebrew-tap
-          ref: refs/heads/main
-          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
-      - name: Invoke workflow to update github action
-        uses: benc-uk/workflow-dispatch@v1
-        if: github.repository_owner == 'kubescape'
-        with:
-          workflow: release.yaml
-          repo: kubescape/github-action
-          ref: refs/heads/main
-          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}

.github/workflows/03-publish-image.yaml

@@ -1,4 +1,5 @@
-name: d-publish-image
+name: 03-publish-image
+
 on:
   workflow_call:
     inputs:
@@ -24,6 +25,7 @@ on:
         default: true
         type: boolean
         description: 'support amd64/arm64'
+
 jobs:
   check-secret:
     name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets
@@ -31,39 +33,51 @@ jobs:
     outputs:
       is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }}
     steps:
-      - name: check if QUAYIO_REGISTRY_USERNAME & QUAYIO_REGISTRY_PASSWORD is set in github secrets
+      - name: Check whether unity activation requests should be done
         id: check-secret-set
         env:
-          QUAYIO_REGISTRY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
-          QUAYIO_REGISTRY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
+            QUAYIO_REGISTRY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
+            QUAYIO_REGISTRY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
         run: |
-          echo "is-secret-set=${{ env.QUAYIO_REGISTRY_USERNAME != '' && env.QUAYIO_REGISTRY_PASSWORD != '' }}" >> $GITHUB_OUTPUT
+            echo "is-secret-set=${{ env.QUAYIO_REGISTRY_USERNAME != '' && env.QUAYIO_REGISTRY_PASSWORD != '' }}" >> $GITHUB_OUTPUT
+
   build-image:
     needs: [check-secret]
     if: needs.check-secret.outputs.is-secret-set == 'true'
     name: Build image and upload to registry
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
+      - uses: actions/checkout@v3
         with:
           submodules: recursive
+
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # ratchet:docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v2
+
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # ratchet:docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v2
+
       - name: Login to Quay.io
         env:
           QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
           QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
         run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
+
       - name: Build and push image
         if: ${{ inputs.support_platforms }}
         run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push --platform linux/amd64,linux/arm64
+
       - name: Build and push image without amd64/arm64 support
         if: ${{ !inputs.support_platforms }}
-        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push
+        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push 
+
       - name: Install cosign
-        uses: sigstore/cosign-installer@4079ad3567a89f68395480299c77e40170430341 # ratchet:sigstore/cosign-installer@main
+        uses: sigstore/cosign-installer@main
         with:
           cosign-release: 'v1.12.0'
       - name: sign kubescape container image
@@ -71,4 +85,5 @@ jobs:
         env:
           COSIGN_EXPERIMENTAL: "true"
         run: |
-          cosign sign --force ${{ inputs.image_name }}
+            cosign sign --force ${{ inputs.image_name }}
+

.github/workflows/04-publish-krew-plugin.yaml

@@ -1,16 +0,0 @@
-name: 04-publish_krew_plugin
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-jobs:
-  publish_krew_plugin:
-    name: Publish Krew plugin
-    runs-on: ubuntu-latest
-    if: github.repository_owner == 'kubescape'
-    steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
-        with:
-          submodules: recursive
-      - name: Update new version in krew-index
-        uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # ratchet:rajatjindal/krew-release-bot@v0.0.43

.github/workflows/a-pr-check.yaml

@@ -0,0 +1,24 @@
+name: pr-checks
+
+on:
+  pull_request:
+    types: [ edited, opened, synchronize, reopened ]
+    branches: 
+      - 'master'
+      - 'main'
+      - 'dev'
+    paths-ignore:
+      - '**.yaml'
+      - '**.md'
+      - '**.sh'
+      - 'website/*'
+      - 'examples/*'
+      - 'docs/*'
+      - 'build/*'
+      - '.github/*'
+jobs:
+  test:
+    uses: ./.github/workflows/00-test.yaml
+    with:
+      release: ${{ github.ref_name}}
+      client: test

.github/workflows/a-pr-scanner.yaml

@@ -1,101 +0,0 @@
-name: a-pr-scanner
-on:
-  workflow_call:
-    inputs:
-      RELEASE:
-        description: 'release'
-        required: true
-        type: string
-      CLIENT:
-        description: 'Client name'
-        required: true
-        type: string
-      UNIT_TESTS_PATH:
-        required: false
-        type: string
-        default: "./..."
-jobs:
-  scanners:
-    env:
-      GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
-      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-    name: PR Scanner
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
-        with:
-          fetch-depth: 0
-          submodules: recursive
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # Install go because go-licenses use it ratchet:actions/setup-go@v3
-        name: Installing go
-        with:
-          go-version: '1.20'
-          cache: true
-      - name: Scanning - Forbidden Licenses (go-licenses)
-        id: licenses-scan
-        continue-on-error: true
-        run: |
-          echo "## Installing go-licenses tool"
-          go install github.com/google/go-licenses@latest
-          echo "## Scanning for forbiden licenses ##"
-          go-licenses check .
-      - name: Scanning - Credentials (GitGuardian)
-        if: ${{ env.GITGUARDIAN_API_KEY }}
-        continue-on-error: true
-        id: credentials-scan
-        uses: GitGuardian/ggshield-action@4ab2994172fadab959240525e6b833d9ae3aca61 # ratchet:GitGuardian/ggshield-action@master
-        with:
-          args: -v --all-policies
-        env:
-          GITHUB_PUSH_BEFORE_SHA: ${{ github.event.before }}
-          GITHUB_PUSH_BASE_SHA: ${{ github.event.base }}
-          GITHUB_PULL_BASE_SHA: ${{ github.event.pull_request.base.sha }}
-          GITHUB_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
-          GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
-      - name: Scanning - Vulnerabilities (Snyk)
-        if: ${{ env.SNYK_TOKEN }}
-        id: vulnerabilities-scan
-        continue-on-error: true
-        uses: snyk/actions/golang@806182742461562b67788a64410098c9d9b96adb # ratchet:snyk/actions/golang@master
-        with:
-          command: test --all-projects
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-
-      - name: Test coverage
-        id: unit-test
-        run: go test -v ${{ inputs.UNIT_TESTS_PATH }} -covermode=count -coverprofile=coverage.out
-
-      - name: Convert coverage count to lcov format
-        uses: jandelgado/gcov2lcov-action@v1
-        
-      - name: Submit coverage tests to Coveralls
-        continue-on-error: true
-        uses: coverallsapp/github-action@v1
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          path-to-lcov: coverage.lcov
-
-      - name: Comment results to PR
-        continue-on-error: true # Warning: This might break opening PRs from forks
-        uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # ratchet:peter-evans/create-or-update-comment@v2.1.0
-        with:
-          issue-number: ${{ github.event.pull_request.number }}
-          body: |
-            Scan results:
-            - License scan: ${{ steps.licenses-scan.outcome }}
-            - Credentials scan: ${{ steps.credentials-scan.outcome }}
-            - Vulnerabilities scan: ${{ steps.vulnerabilities-scan.outcome }}
-          reactions: 'eyes'
-  basic-tests:
-    needs: scanners
-    uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
-    with:
-      COMPONENT_NAME: kubescape
-      CGO_ENABLED: 1
-      GO111MODULE: ""
-      GO_VERSION: "1.20"
-      RELEASE: ${{ inputs.RELEASE }}
-      CLIENT: ${{ inputs.CLIENT }}
-      CHECKOUT_REPO: ${{ github.repository }}
-    secrets: inherit

.github/workflows/b-binary-build-and-e2e-tests.yaml

@@ -1,286 +0,0 @@
-name: b-binary-build-and-e2e-tests
-on:
-  workflow_call:
-    inputs:
-      COMPONENT_NAME:
-        required: true
-        type: string
-      RELEASE:
-        required: true
-        type: string
-      CLIENT:
-        required: true
-        type: string
-      GO_VERSION:
-        type: string
-        default: "1.20"
-      GO111MODULE:
-        required: true
-        type: string
-      CGO_ENABLED:
-        type: number
-        default: 1
-      BINARY_TESTS:
-        type: string
-        default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score" ]'
-      CHECKOUT_REPO:
-        required: false
-        type: string
-
-
-
-jobs:
-  wf-preparation:
-    name: secret-validator
-    runs-on: ubuntu-latest
-    outputs:
-      TEST_NAMES: ${{ steps.export_tests_to_env.outputs.TEST_NAMES }}
-      is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }}
-    steps:
-      - name: check if the necessary secrets are set in github secrets
-        id: check-secret-set
-        env:
-          CUSTOMER: ${{ secrets.CUSTOMER }}
-          USERNAME: ${{ secrets.USERNAME }}
-          PASSWORD: ${{ secrets.PASSWORD }}
-          CLIENT_ID: ${{ secrets.CLIENT_ID_PROD }}
-          SECRET_KEY: ${{ secrets.SECRET_KEY_PROD }}
-          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-        run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && \n                        env.USERNAME != '' &&\n                        env.PASSWORD != '' &&\n                        env.CLIENT_ID != '' &&\n                        env.SECRET_KEY != '' &&\n                        env.REGISTRY_USERNAME != '' &&\n                        env.REGISTRY_PASSWORD != ''\n                      }}\" >> $GITHUB_OUTPUT\n"
-
-      - id: export_tests_to_env
-        name: set test name
-        run: |
-          echo "TEST_NAMES=$input" >> $GITHUB_OUTPUT
-        env:
-          input: ${{ inputs.BINARY_TESTS }}
-        
-
-  binary-build:
-    name: Create cross-platform build
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      GOARCH: ${{ matrix.arch }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-20.04, macos-latest, windows-latest]
-        arch: ["", arm64]
-        exclude:
-        - os: windows-latest
-          arch: arm64
-    steps:
-
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
-        with:
-          repository: ${{inputs.CHECKOUT_REPO}}
-          fetch-depth: 0
-          submodules: recursive
-
-      - name: Cache Go modules (Linux)
-        if: matrix.os == 'ubuntu-20.04'
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Cache Go modules (macOS)
-        if: matrix.os == 'macos-latest'
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3
-        with:
-          path: |
-            ~/Library/Caches/go-build
-            ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - name: Cache Go modules (Windows)
-        if: matrix.os == 'windows-latest'
-        uses: actions/cache@69d9d449aced6a2ede0bc19182fadc3a0a42d2b0 # ratchet:actions/cache@v3
-        with:
-          path: |
-            ~\AppData\Local\go-build
-            ~\go\pkg\mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-
-
-      - uses: actions/setup-go@6edd4406fa81c3da01a34fa6f6343087c207a568 # ratchet:actions/setup-go@v3
-        name: Installing go
-        with:
-          go-version: ${{ inputs.GO_VERSION }}
-          cache: true
-
-      - name: start ${{ matrix.arch }} environment in container
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y binfmt-support qemu-user-static
-          sudo docker run --platform linux/${{ matrix.arch }} -e RELEASE=${{ inputs.RELEASE }} \
-          -e CLIENT=${{ inputs.CLIENT }} -e CGO_ENABLED=${{ inputs.CGO_ENABLED }} \
-          -e KUBESCAPE_SKIP_UPDATE_CHECK=true -e GOARCH=${{ matrix.arch }} -v ${PWD}:/work \
-          -w /work -v ~/go/pkg/mod:/root/go/pkg/mod -v ~/.cache/go-build:/root/.cache/go-build \
-          -d --name build golang:${{ inputs.GO_VERSION }}-bullseye sleep 21600
-          sudo docker ps
-          DOCKER_CMD="sudo docker exec build"
-          ${DOCKER_CMD} apt update
-          ${DOCKER_CMD} apt install -y cmake python3
-          ${DOCKER_CMD} git config --global --add safe.directory '*'
-          echo "DOCKER_CMD=${DOCKER_CMD}" >> $GITHUB_ENV;
-        if: matrix.os == 'ubuntu-20.04' && matrix.arch != ''
-
-      - name: Install MSYS2 & libgit2 (Windows)
-        shell: cmd
-        run: .\build.bat all
-        if: matrix.os == 'windows-latest'
-
-      - name: Install pkg-config (macOS)
-        run: brew install pkg-config
-        if: matrix.os == 'macos-latest'
-
-      - name: Install libgit2 (Linux/macOS)
-        run: ${{ env.DOCKER_CMD }} make libgit2${{ matrix.arch }}
-        if: matrix.os != 'windows-latest'
-
-      - name: Test core pkg
-        run: ${{ env.DOCKER_CMD }} go test "-tags=static,gitenabled" -v ./...
-        if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"
-
-      - name: Test httphandler pkg
-        run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test "-tags=static,gitenabled" -v ./...'
-        if: "!startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch == '' || startsWith(github.ref, 'refs/tags') && (matrix.os != 'macos-latest' || matrix.arch != 'arm64')"
-
-      - name: Build
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          CLIENT: ${{ inputs.CLIENT }}
-          CGO_ENABLED: ${{ inputs.CGO_ENABLED }}
-        run: ${{ env.DOCKER_CMD }} python3 --version && ${{ env.DOCKER_CMD }} python3 build.py
-
-      - name: Smoke Testing (Windows / MacOS)
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-        run: python3 smoke_testing/init.py ${PWD}/build/kubescape-${{ matrix.os }}
-        if: startsWith(github.ref, 'refs/tags') && matrix.os != 'ubuntu-20.04' && matrix.arch == ''
-
-      - name: Smoke Testing (Linux amd64)
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-        run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ${PWD}/build/kubescape-ubuntu-latest
-        if: matrix.os == 'ubuntu-20.04' && matrix.arch == ''
-
-      - name: Smoke Testing (Linux ${{ matrix.arch }})
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-        run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ./build/kubescape-${{ matrix.arch }}-ubuntu-latest
-        if: startsWith(github.ref, 'refs/tags') && matrix.os == 'ubuntu-20.04' && matrix.arch != ''
-
-      - name: golangci-lint
-        if: matrix.os == 'ubuntu-20.04'
-        continue-on-error: true
-        uses: golangci/golangci-lint-action@08e2f20817b15149a52b5b3ebe7de50aff2ba8c5 # ratchet:golangci/golangci-lint-action@v3
-        with:
-          version: latest
-          args: --timeout 10m --build-tags=static
-          only-new-issues: true
-
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1
-        name: Upload artifact (Linux)
-        if: matrix.os == 'ubuntu-20.04'
-        with:
-          name: kubescape${{ matrix.arch }}-ubuntu-latest
-          path: build/
-          if-no-files-found: error
-
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1
-        name: Upload artifact (MacOS, Win)
-        if: matrix.os != 'ubuntu-20.04'
-        with:
-          name: kubescape${{ matrix.arch }}-${{ matrix.os }}
-          path: build/
-          if-no-files-found: error
-
-  run-tests:
-    strategy:
-      fail-fast: false
-      matrix:
-        TEST: ${{ fromJson(needs.wf-preparation.outputs.TEST_NAMES) }}
-    needs: [wf-preparation, binary-build]
-    if: ${{ (needs.wf-preparation.outputs.is-secret-set == 'true') && (always() && (contains(needs.*.result, 'success') || contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }}
-    runs-on: ubuntu-latest # This cannot change
-    steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
-        id: download-artifact
-        with:
-          name: kubescape-ubuntu-latest
-          path: "~"
-
-      - run: ls -laR
-
-      - name: chmod +x
-        run: chmod +x -R ${{steps.download-artifact.outputs.download-path}}/kubescape-ubuntu-latest
-
-      - name: Checkout systests repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
-        with:
-          repository: armosec/system-tests
-          path: .
-
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # ratchet:actions/setup-python@v4
-        with:
-          python-version: '3.8.13'
-          cache: 'pip'
-
-      - name: create env
-        run: ./create_env.sh
-
-      - name: Generate uuid
-        id: uuid
-        run: |
-          echo "RANDOM_UUID=$(uuidgen)" >> $GITHUB_OUTPUT
-
-      - name: Create k8s Kind Cluster
-        id: kind-cluster-install
-        uses: helm/kind-action@d08cf6ff1575077dee99962540d77ce91c62387d # ratchet:helm/kind-action@v1.3.0
-        with:
-          cluster_name: ${{ steps.uuid.outputs.RANDOM_UUID }}
-
-      - name: run-tests-on-local-built-kubescape
-        env:
-          CUSTOMER: ${{ secrets.CUSTOMER }}
-          USERNAME: ${{ secrets.USERNAME }}
-          PASSWORD: ${{ secrets.PASSWORD }}
-          CLIENT_ID: ${{ secrets.CLIENT_ID_PROD }}
-          SECRET_KEY: ${{ secrets.SECRET_KEY_PROD }}
-          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-        run: |
-          echo "Test history:"
-          echo " ${{ matrix.TEST }} " >/tmp/testhistory
-          cat /tmp/testhistory
-          source systests_python_env/bin/activate
-
-          python3 systest-cli.py             \
-            -t ${{ matrix.TEST }}            \
-            -b production                    \
-            -c CyberArmorTests               \
-            --duration 3                     \
-            --logger DEBUG                   \
-            --kwargs kubescape=${{steps.download-artifact.outputs.download-path}}/kubescape-ubuntu-latest
-
-          deactivate
-
-      - name: Test Report
-        uses: mikepenz/action-junit-report@6e9933f4a97f4d2b99acef4d7b97924466037882 # ratchet:mikepenz/action-junit-report@v3.6.1
-        if: always() # always run even if the previous step fails
-        with:
-          report_paths: '**/results_xml_format/**.xml'
-          commit: ${{github.event.workflow_run.head_sha}}

.github/workflows/c-create-release.yaml

@@ -1,72 +0,0 @@
-name: c-create_release
-on:
-  workflow_call:
-    inputs:
-      RELEASE_NAME:
-        description: 'Release name'
-        required: true
-        type: string
-      TAG:
-        description: 'Tag name'
-        required: true
-        type: string
-      DRAFT:
-        description: 'Create draft release'
-        required: false
-        type: boolean
-        default: false
-jobs:
-  create-release:
-    name: create-release
-    runs-on: ubuntu-latest
-    env:
-      MAC_OS: macos-latest
-      UBUNTU_OS: ubuntu-latest
-      WINDOWS_OS: windows-latest
-    # permissions:
-    #   contents: write
-    steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
-        id: download-artifact
-        with:
-          path: .
-
-      # TODO: kubescape-windows-latest is deprecated and should be removed
-      - name: Get kubescape.exe from kubescape-windows-latest
-        run: cp ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }} ./kubescape-${{ env.WINDOWS_OS }}/kubescape.exe
-
-      - name: Set release token
-        run: |
-          if [ "${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" != "" ]; then
-            echo "TOKEN=${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}" >> $GITHUB_ENV;
-          else
-            echo "TOKEN=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_ENV;
-          fi
-      - name: Release
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # ratchet:softprops/action-gh-release@v1
-        with:
-          token: ${{ env.TOKEN }}
-          name: ${{ inputs.RELEASE_NAME }}
-          tag_name: ${{ inputs.TAG }}
-          body: ${{ github.event.pull_request.body }}
-          draft: ${{ inputs.DRAFT }}
-          fail_on_unmatched_files: true
-          prerelease: false
-          # TODO: kubescape-windows-latest is deprecated and should be removed
-          files: |
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }}
-            ./kubescape-${{ env.MAC_OS }}/kubescape-${{ env.MAC_OS }}
-            ./kubescape-${{ env.MAC_OS }}/kubescape-${{ env.MAC_OS }}.sha256
-            ./kubescape-${{ env.MAC_OS }}/kubescape-${{ env.MAC_OS }}.tar.gz
-            ./kubescape-${{ env.UBUNTU_OS }}/kubescape-${{ env.UBUNTU_OS }}
-            ./kubescape-${{ env.UBUNTU_OS }}/kubescape-${{ env.UBUNTU_OS }}.sha256
-            ./kubescape-${{ env.UBUNTU_OS }}/kubescape-${{ env.UBUNTU_OS }}.tar.gz
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape.exe
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }}.sha256
-            ./kubescape-${{ env.WINDOWS_OS }}/kubescape-${{ env.WINDOWS_OS }}.tar.gz
-            ./kubescapearm64-${{ env.MAC_OS }}/kubescape-arm64-${{ env.MAC_OS }}
-            ./kubescapearm64-${{ env.MAC_OS }}/kubescape-arm64-${{ env.MAC_OS }}.sha256
-            ./kubescapearm64-${{ env.MAC_OS }}/kubescape-arm64-${{ env.MAC_OS }}.tar.gz
-            ./kubescapearm64-${{ env.UBUNTU_OS }}/kubescape-arm64-${{ env.UBUNTU_OS }}
-            ./kubescapearm64-${{ env.UBUNTU_OS }}/kubescape-arm64-${{ env.UBUNTU_OS }}.sha256
-            ./kubescapearm64-${{ env.UBUNTU_OS }}/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz

.github/workflows/c-release.yaml

@@ -0,0 +1,47 @@
+name: release
+
+on:
+  push:
+    tags:
+    # - 'v*.*.*-rc.*' # Comment out since the re-tagging process is not yet implemented
+    - 'v*.*.*'
+jobs:
+  test:
+    uses: ./.github/workflows/00-test.yaml
+    with:
+      release: ${{ github.ref_name}}
+      client: test
+  
+  # integration-test:
+  #   if: ${{ label == e2e-tests }}
+
+  # re-tag:
+  #   # if tests passed, create new tag without `rc`
+    
+  create-release:
+    uses: ./.github/workflows/01-create-release.yaml
+    needs: test
+    with:
+      release_name: "Release ${{ github.ref_name}}"
+      tag: ${{ github.ref_name}}
+    secrets: inherit
+
+  publish-artifacts:
+    uses: ./.github/workflows/02-publish-artifacts.yaml
+    needs: create-release
+    with:
+      upload_url: ${{ needs.create-release.outputs.upload_url }}
+      release: "${{ github.ref_name}}"
+    secrets: inherit
+       
+
+  publish-image:
+    uses: ./.github/workflows/03-publish-image.yaml
+    needs: create-release
+    with:
+      client: "image-release"
+      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
+      image_tag: "${{ github.ref_name}}"
+      support_platforms: true
+      cosign: true
+    secrets: inherit

.github/workflows/d-post-release.yaml

@@ -0,0 +1,19 @@
+name: create release digests
+
+on:
+  release:
+    types: [ published]
+    branches:
+    - 'master'
+    - 'main'
+  
+jobs:
+  once:
+    name: Creating digests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Digest
+        uses: MCJack123/ghaction-generate-release-hashes@v1
+        with:
+          hash-type: sha1
+          file-name: kubescape-release-digests

.github/workflows/z-close-typos-issues.yaml

@@ -1,19 +1,23 @@
 on:
   issues:
     types: [opened, labeled]
+
 jobs:
   open_PR_message:
     if: github.event.label.name == 'typo'
     runs-on: ubuntu-latest
     steps:
-      - uses: ben-z/actions-comment-on-issue@10be23f9c43ac792663043420fda29dde07e2f0f # ratchet:ben-z/actions-comment-on-issue@1.0.2
+      - uses: ben-z/actions-comment-on-issue@1.0.2
         with:
           message: "Hello! :wave:\n\nThis issue is being automatically closed, Please open a PR with a relevant fix."
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          
+          
   auto_close_issues:
     runs-on: ubuntu-latest
     steps:
-      - uses: lee-dohm/close-matching-issues@e9e43aad2fa6f06a058cedfd8fb975fd93b56d8f # ratchet:lee-dohm/close-matching-issues@v2
+      - uses: lee-dohm/close-matching-issues@v2
         with:
           query: 'label:typo'
           token: ${{ secrets.GITHUB_TOKEN }}

.gitignore

@@ -7,4 +7,3 @@
 .history
 ca.srl
 *.out
-ks

.krew.yaml

@@ -3,40 +3,34 @@ kind: Plugin
 metadata:
   name: kubescape
 spec:
-  homepage: https://github.com/kubescape/kubescape/
-  shortDescription: Scan resources and cluster configs against security frameworks.
+  homepage: https://kubescape.io/
+  shortDescription: An open-source Kubernetes security platform for your IDE, CI/CD pipelines, and clusters
   version: {{ .TagName }}
   description: |
-    It includes risk analysis, security compliance, and misconfiguration scanning
-    with an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities.
+    Kubescape is an open-source Kubernetes security platform.
+    It includes risk analysis, security compliance, and misconfiguration scanning.
+    Targeted at the DevSecOps practitioner or platform engineer,
+    it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities.
+    It saves Kubernetes users and admins precious time, effort, and resources.
+    
+    Kubescape was created by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository)
+    and is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/).
   platforms:
   - selector:
       matchLabels:
         os: darwin
         arch: amd64
-    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-macos-latest.tar.gz" .TagName }}
-    bin: kubescape
-  - selector:
-      matchLabels:
-        os: darwin
-        arch: arm64
-    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-arm64-macos-latest.tar.gz" .TagName }}
-    bin: kubescape
+    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-macos-latest" .TagName }}
+    bin: kubectl-kubescape
   - selector:
       matchLabels:
         os: linux
         arch: amd64
-    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-ubuntu-latest.tar.gz" .TagName }}
-    bin: kubescape
-  - selector:
-      matchLabels:
-        os: linux
-        arch: arm64
-    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-arm64-ubuntu-latest.tar.gz" .TagName }}
-    bin: kubescape
+    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-ubuntu-latest" .TagName }}
+    bin: kubectl-kubescape
   - selector:
       matchLabels:
         os: windows
         arch: amd64
-    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-windows-latest.tar.gz" .TagName }}
-    bin: kubescape.exe
+    {{ addURIAndSha "https://github.com/kubescape/kubescape/releases/download/{{ .TagName }}/kubescape-windows-latest" .TagName }}
+    bin: kubectl-kubescape.exe

CONTRIBUTING.md

@@ -21,7 +21,7 @@ Please follow our [code of conduct](CODE_OF_CONDUCT.md) in all of your interacti
    build.
 2. Update the README.md with details of changes to the interface, this includes new environment 
    variables, exposed ports, useful file locations and container parameters.
-3. Open Pull Request to the `master` branch.
+3. Open Pull Request to `dev` branch - we test the component before merging into the `master` branch
 4. We will merge the Pull Request once you have the sign-off.
 
 ## Developer Certificate of Origin
@@ -47,7 +47,7 @@ Add [`-s`](https://git-scm.com/docs/git-commit#Documentation/git-commit.txt--s)
 
 ```git commit -s -m "Fix issue 64738"```
 
-This is tedious, and if you forget, you'll have to [amend your commit](#fixing-a-commit-where-the-dco-failed).
+This is tedious, and if you forget, you'll have to [amend your commit](#f)
 
 ### Configure a repository to always include sign off
 
@@ -59,36 +59,6 @@ curl -Ls https://gist.githubusercontent.com/dixudx/7d7edea35b4d91e1a2a8fbf41d095
 chmod +x .git/hooks/prepare-commit-msg
 ```
 
-### Use semantic commit messages (optional)
-
-When contributing, you could consider using [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/), in order to improve logs readability and help us to automatically generate `CHANGELOG`s.
-
-Format: `<type>(<scope>): <subject>`
-
-`<scope>` is optional
-
-#### Example
-
-```
-feat(cmd): add kubectl plugin
-^--^ ^-^   ^----------------^
-|    |     |
-|    |     +-> subject: summary in present tense.
-|    |
-|    +-------> scope: point of interest
-|
-+-------> type: chore, docs, feat, fix, refactor, style, or test.
-```
-
-More Examples:
-* `feat`: new feature for the user, not a new feature for build script
-* `fix`: bug fix for the user, not a fix to a build script
-* `docs`: changes to the documentation
-* `style`: formatting, missing semi colons, etc; no production code change
-* `refactor`: refactoring production code, eg. renaming a variable
-* `test`: adding missing tests, refactoring tests; no production code change
-* `chore`: updating grunt tasks etc; no production code change
-
 ## Fixing a commit where the DCO failed
 
 Check out [this guide](https://github.com/src-d/guide/blob/master/developer-community/fix-DCO.md).

Makefile

@@ -10,14 +10,6 @@ libgit2:
 	-git submodule update --init --recursive
 	cd git2go; make install-static
 
-# build and install libgit2 for macOS m1
-libgit2arm64:
-	git submodule update --init --recursive
-	if [ "$(shell uname -s)" = "Darwin" ]; then \
-		sed -i '' 's/cmake -D/cmake -DCMAKE_OSX_ARCHITECTURES="arm64" -D/' git2go/script/build-libgit2.sh; \
-	fi
-	cd git2go; make install-static
-
 # go build tags
 TAGS = "gitenabled,static"
 

README.md

@@ -1,5 +1,5 @@
-[![Version](https://img.shields.io/github/v/release/kubescape/kubescape)](https://github.com/kubescape/kubescape/releases)
-[![build](https://github.com/kubescape/kubescape/actions/workflows/02-release.yaml/badge.svg)](https://github.com/kubescape/kubescape/actions/workflows/02-release.yaml)
+[![Version](https://img.shields.io/github/v/release/kubescape/kubescape)](releases)
+[![build](https://github.com/kubescape/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/kubescape/kubescape/actions/workflows/build.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/kubescape/kubescape)](https://goreportcard.com/report/github.com/kubescape/kubescape)
 [![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-Ready--to--Code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/kubescape/kubescape)
 [![GitHub](https://img.shields.io/github/license/kubescape/kubescape)](https://github.com/kubescape/kubescape/blob/master/LICENSE)
@@ -37,11 +37,11 @@ curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh
 
 Learn more about:
 
-* [Installing Kubescape](docs/installation.md)
+* [Installing Kubescape](docs/getting-started.md#install-kubescape)
 * [Running your first scan](docs/getting-started.md#run-your-first-scan)
 * [Usage](docs/getting-started.md#examples)
 * [Architecture](docs/architecture.md)
-* [Building Kubescape from source](https://github.com/kubescape/kubescape/wiki/Building)
+* [Building Kubescape from source](docs/building.md)
 
 _Did you know you can use Kubescape in all these places?_
 
@@ -65,7 +65,7 @@ It retrieves Kubernetes objects from the API server and runs a set of [Rego snip
 
 Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and are building more tests and controls as the ecosystem develops.
 
-We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, on the first Tuesday of every month, at 14:00 GMT. ([See that in your local time zone](https://time.is/compare/1400_in_GMT)).
+We hold [community meetings](https://us02web.zoom.us/j/84020231442) on Zoom, on the first Tuesday of every month, at 14:00 GMT.
 
 The Kubescape project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
 

build.py

@@ -6,7 +6,6 @@ import subprocess
 import tarfile
 
 BASE_GETTER_CONST = "github.com/kubescape/kubescape/v2/core/cautils/getter"
-CURRENT_PLATFORM = platform.system()
 
 platformSuffixes = {
     "Windows": "windows-latest",
@@ -21,19 +20,19 @@ def check_status(status, msg):
 
 
 def get_build_dir():
-    return "build"
+    current_platform = platform.system()
+
+    if current_platform not in platformSuffixes: raise OSError("Platform %s is not supported!" % (current_platform))
+
+    return os.path.join("build", platformSuffixes[current_platform])
 
 
 def get_package_name():
-    if CURRENT_PLATFORM not in platformSuffixes: raise OSError("Platform %s is not supported!" % (CURRENT_PLATFORM))
+    current_platform = platform.system()
 
-    # # TODO: kubescape-windows-latest is deprecated and should be removed
-    # if CURRENT_PLATFORM == "Windows": return "kubescape.exe"
+    if current_platform not in platformSuffixes: raise OSError("Platform %s is not supported!" % (current_platform))
 
-    package_name = "kubescape-"
-    if os.getenv("GOARCH"):
-        package_name += os.getenv("GOARCH") + "-"
-    return package_name + platformSuffixes[CURRENT_PLATFORM]
+    return "kubescape-" + platformSuffixes[current_platform]
 
 
 def main():
@@ -81,11 +80,7 @@ def main():
             kube_sha.write(sha256.hexdigest())
 
     with tarfile.open(tar_file, 'w:gz') as archive:
-        name = "kubescape"
-        if CURRENT_PLATFORM == "Windows":
-            name += ".exe"
-        archive.add(ks_file, name)
-        archive.add("LICENSE", "LICENSE")
+        archive.add(ks_file, "kubescape")
 
     print("Build Done")
 

build/Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.20-alpine as builder
+FROM golang:1.19-alpine as builder
 
 ARG image_version
 ARG client
@@ -25,13 +25,13 @@ RUN rm -rf git2go && make libgit2
 # build kubescape server
 WORKDIR /work/httphandler
 RUN python build.py
-RUN ls -ltr build/
+RUN ls -ltr build/ubuntu-latest
 
 # build kubescape cmd
 WORKDIR /work
 RUN python build.py
 
-RUN /work/build/kubescape-ubuntu-latest download artifacts -o /work/artifacts
+RUN /work/build/ubuntu-latest/kubescape-ubuntu-latest download artifacts -o /work/artifacts
 
 FROM alpine:3.16.2
 
@@ -45,7 +45,7 @@ USER ks
 
 WORKDIR /home/ks
 
-COPY --from=builder /work/httphandler/build/kubescape-ubuntu-latest /usr/bin/ksserver
-COPY --from=builder /work/build/kubescape-ubuntu-latest /usr/bin/kubescape
+COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape-ubuntu-latest /usr/bin/ksserver
+COPY --from=builder /work/build/ubuntu-latest/kubescape-ubuntu-latest /usr/bin/kubescape
 
 ENTRYPOINT ["ksserver"]

cmd/completion/completion.go

@@ -15,8 +15,8 @@ var completionCmdExamples = fmt.Sprintf(`
   $ echo 'source <(%[1]s completion bash)' >> ~/.bashrc
 
   # Enable ZSH shell autocompletion
-  $ source <(%[1]s completion zsh)
-  $ echo 'source <(%[1]s completion zsh)' >> "${fpath[1]}/_%[1]s"
+  $ source <(kubectl completion zsh)
+  $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl"
 `, cautils.ExecName())
 
 func GetCompletionCmd() *cobra.Command {

cmd/config/delete.go

@@ -1,8 +1,6 @@
 package config
 
 import (
-	"context"
-
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v2/core/meta"
 	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
@@ -15,7 +13,7 @@ func getDeleteCmd(ks meta.IKubescape) *cobra.Command {
 		Short: "Delete cached configurations",
 		Long:  ``,
 		Run: func(cmd *cobra.Command, args []string) {
-			if err := ks.DeleteCachedConfig(context.TODO(), &v1.DeleteConfig{}); err != nil {
+			if err := ks.DeleteCachedConfig(&v1.DeleteConfig{}); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 		},

cmd/download/download.go

@@ -1,7 +1,6 @@
 package download
 
 import (
-	"context"
 	"fmt"
 	"path/filepath"
 	"strings"
@@ -42,7 +41,7 @@ var (
 `, cautils.ExecName())
 )
 
-func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
+func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
 	var downloadInfo = v1.DownloadInfo{}
 
 	downloadCmd := &cobra.Command{
@@ -75,7 +74,7 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 				downloadInfo.Identifier = args[1]
 
 			}
-			if err := ks.Download(context.TODO(), &downloadInfo); err != nil {
+			if err := ks.Download(&downloadInfo); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil

cmd/fix/fix.go

@@ -1,26 +1,23 @@
 package fix
 
 import (
-	"context"
 	"errors"
-	"fmt"
 
-	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/meta"
 	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 
 	"github.com/spf13/cobra"
 )
 
-var fixCmdExamples = fmt.Sprintf(`
+var fixCmdExamples = `
   Fix command is for fixing kubernetes manifest files based on a scan command output.
   Use with caution, this command will change your files in-place.
 
   # Fix kubernetes YAML manifest files based on a scan command output (output.json)
-  1) %[1]s scan . --format json --output output.json
-  2) %[1]s fix output.json
+  1) kubescape scan --format json --format-version v2 --output output.json
+  2) kubescape fix output.json
 
-`, cautils.ExecName())
+`
 
 func GetFixCmd(ks meta.IKubescape) *cobra.Command {
 	var fixInfo metav1.FixInfo
@@ -36,7 +33,7 @@ func GetFixCmd(ks meta.IKubescape) *cobra.Command {
 			}
 			fixInfo.ReportFile = args[0]
 
-			return ks.Fix(context.TODO(), &fixInfo)
+			return ks.Fix(&fixInfo)
 		},
 	}
 

cmd/list/list.go

@@ -1,7 +1,6 @@
 package list
 
 import (
-	"context"
 	"fmt"
 	"strings"
 
@@ -56,7 +55,7 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 
 			listPolicies.Target = args[0]
 
-			if err := ks.List(context.TODO(), &listPolicies); err != nil {
+			if err := ks.List(&listPolicies); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil

cmd/root.go

@@ -81,7 +81,7 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 
 	// Supported commands
 	rootCmd.AddCommand(scan.GetScanCommand(ks))
-	rootCmd.AddCommand(download.GetDownloadCmd(ks))
+	rootCmd.AddCommand(download.GeDownloadCmd(ks))
 	rootCmd.AddCommand(delete.GetDeleteCmd(ks))
 	rootCmd.AddCommand(list.GetListCmd(ks))
 	rootCmd.AddCommand(submit.GetSubmitCmd(ks))

cmd/rootutils.go

@@ -85,11 +85,6 @@ func initEnvironment() {
 		if len(urlSlices) >= 4 {
 			ksAuthURL = urlSlices[3]
 		}
-
-		getter.SetKSCloudAPIConnector(getter.NewKSCloudAPICustomized(
-			ksBackendURL, ksAuthURL,
-			getter.WithReportURL(ksEventReceiverURL),
-			getter.WithFrontendURL(ksFrontendURL),
-		))
+		getter.SetKSCloudAPIConnector(getter.NewKSCloudAPICustomized(ksEventReceiverURL, ksBackendURL, ksFrontendURL, ksAuthURL))
 	}
 }

cmd/scan/control.go

@@ -1,7 +1,6 @@
 package scan
 
 import (
-	"context"
 	"fmt"
 	"io"
 	"os"
@@ -14,6 +13,7 @@ import (
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/meta"
 
+	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )
 
@@ -96,23 +96,19 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 				return err
 			}
 
-			ctx := context.TODO()
-			results, err := ks.Scan(ctx, scanInfo)
+			results, err := ks.Scan(scanInfo)
 			if err != nil {
 				logger.L().Fatal(err.Error())
 			}
-			if err := results.HandleResults(ctx); err != nil {
+			if err := results.HandleResults(); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			if !scanInfo.VerboseMode {
-				logger.L().Info("Run with '--verbose'/'-v' flag for detailed resources view\n")
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
 			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
-			if results.GetComplianceScore() < float32(scanInfo.ComplianceThreshold) {
-				logger.L().Fatal("scan compliance-score is below permitted threshold", helpers.String("compliance score", fmt.Sprintf("%.2f", results.GetComplianceScore())), helpers.String("compliance-threshold", fmt.Sprintf("%.2f", scanInfo.ComplianceThreshold)))
-			}
 			enforceSeverityThresholds(results.GetResults().SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
 
 			return nil

cmd/scan/framework.go

@@ -1,7 +1,6 @@
 package scan
 
 import (
-	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -15,7 +14,6 @@ import (
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	"github.com/kubescape/kubescape/v2/core/meta"
 
 	"github.com/spf13/cobra"
@@ -73,9 +71,6 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 			}
 			scanInfo.FrameworkScan = true
 
-			// We do not scan all frameworks by default when triggering scan from the CLI
-			scanInfo.ScanAll = false
-
 			var frameworks []string
 
 			if len(args) == 0 { // scan all frameworks
@@ -85,12 +80,11 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				frameworks = strings.Split(args[0], ",")
 				if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
 					scanInfo.ScanAll = true
-					frameworks = getter.NativeFrameworks
+					frameworks = []string{}
 				}
 				if len(args) > 1 {
 					if len(args[1:]) == 0 || args[1] != "-" {
 						scanInfo.InputPatterns = args[1:]
-						logger.L().Debug("List of input files", helpers.Interface("patterns", scanInfo.InputPatterns))
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -109,24 +103,20 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 
 			scanInfo.SetPolicyIdentifiers(frameworks, apisv1.KindFramework)
 
-			ctx := context.TODO()
-			results, err := ks.Scan(ctx, scanInfo)
+			results, err := ks.Scan(scanInfo)
 			if err != nil {
 				logger.L().Fatal(err.Error())
 			}
 
-			if err = results.HandleResults(ctx); err != nil {
+			if err = results.HandleResults(); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			if !scanInfo.VerboseMode {
-				logger.L().Info("Run with '--verbose'/'-v' flag for detailed resources view\n")
+				cautils.SimpleDisplay(os.Stderr, "Run with '--verbose'/'-v' flag for detailed resources view\n\n")
 			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
-			if results.GetComplianceScore() < float32(scanInfo.ComplianceThreshold) {
-				logger.L().Fatal("scan compliance-score is below permitted threshold", helpers.String("compliance-score", fmt.Sprintf("%.2f", results.GetComplianceScore())), helpers.String("compliance-threshold", fmt.Sprintf("%.2f", scanInfo.ComplianceThreshold)))
-			}
 
 			enforceSeverityThresholds(results.GetData().Report.SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
 			return nil
@@ -171,14 +161,14 @@ func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCou
 }
 
 // terminateOnExceedingSeverity terminates the application on exceeding severity
-func terminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l helpers.ILogger) {
+func terminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l logger.ILogger) {
 	l.Fatal("result exceeds severity threshold", helpers.String("set severity threshold", scanInfo.FailThresholdSeverity))
 }
 
 // enforceSeverityThresholds ensures that the scan results are below the defined severity threshold
 //
 // The function forces the application to terminate with an exit code 1 if at least one control failed control that exceeds the set severity threshold
-func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo, onExceed func(*cautils.ScanInfo, helpers.ILogger)) {
+func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo, onExceed func(*cautils.ScanInfo, logger.ILogger)) {
 	// If a severity threshold is not set, we don’t need to enforce it
 	if scanInfo.FailThresholdSeverity == "" {
 		return
@@ -207,9 +197,6 @@ func validateFrameworkScanInfo(scanInfo *cautils.ScanInfo) error {
 	if scanInfo.Submit && scanInfo.Local {
 		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
 	}
-	if 100 < scanInfo.ComplianceThreshold || 0 > scanInfo.ComplianceThreshold {
-		return fmt.Errorf("bad argument: out of range threshold")
-	}
 	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
 		return fmt.Errorf("bad argument: out of range threshold")
 	}

cmd/scan/scan.go

@@ -3,11 +3,9 @@ package scan
 import (
 	"flag"
 	"fmt"
-	"strings"
 
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	"github.com/kubescape/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )
@@ -43,7 +41,8 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 		Args: func(cmd *cobra.Command, args []string) error {
 			if len(args) > 0 {
 				if args[0] != "framework" && args[0] != "control" {
-					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{strings.Join(getter.NativeFrameworks, ",")}, args...))
+					scanInfo.ScanAll = true
+					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{"all"}, args...))
 				}
 			}
 			return nil
@@ -51,7 +50,8 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 		RunE: func(cmd *cobra.Command, args []string) error {
 
 			if len(args) == 0 {
-				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{strings.Join(getter.NativeFrameworks, ",")})
+				scanInfo.ScanAll = true
+				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{"all"})
 			}
 			return nil
 		},
@@ -75,7 +75,6 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Notice, when running with `exclude-namespace` kubescape does not scan cluster-scoped objects.")
 
 	scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().Float32VarP(&scanInfo.ComplianceThreshold, "compliance-threshold", "", 0, "Compliance threshold is the percent below which the command fails and returns exit code 1")
 
 	scanCmd.PersistentFlags().StringVar(&scanInfo.FailThresholdSeverity, "severity-threshold", "", "Severity threshold is the severity of failed controls at which the command fails and returns exit code 1")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "", `Output file format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html", "sarif"`)
@@ -87,14 +86,13 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
 	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host scanner DaemonSet. Use this flag cautiously")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v2", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.CustomClusterName, "cluster-name", "", "Set the custom name of the cluster. Not same as the kube-context flag")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Submit the scan results to Kubescape SaaS where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.OmitRawResources, "omit-raw-resources", "", false, "Omit raw resources from the output. By default the raw resources are included in the output")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.PrintAttackTree, "print-attack-tree", "", false, "Print attack tree")
 
 	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")
-	scanCmd.PersistentFlags().MarkDeprecated("fail-threshold", "use '--compliance-threshold' flag instead. Flag will be removed at 1.Dec.2023")
 
 	// hidden flags
 	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes

cmd/scan/scan_test.go

@@ -1,8 +1,7 @@
 package scan
 
 import (
-	"context"
-
+	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 
 	"github.com/kubescape/kubescape/v2/core/cautils"
@@ -161,7 +160,7 @@ func Test_enforceSeverityThresholds(t *testing.T) {
 				want := tc.Want
 
 				got := false
-				onExceed := func(*cautils.ScanInfo, helpers.ILogger) {
+				onExceed := func(*cautils.ScanInfo, logger.ILogger) {
 					got = true
 				}
 
@@ -194,7 +193,6 @@ func (l *spyLogger) GetLevel() string                                { return ""
 func (l *spyLogger) SetWriter(w *os.File)                            {}
 func (l *spyLogger) GetWriter() *os.File                             { return &os.File{} }
 func (l *spyLogger) LoggerName() string                              { return "" }
-func (l *spyLogger) Ctx(_ context.Context) helpers.ILogger           { return l }
 
 func (l *spyLogger) Fatal(msg string, details ...helpers.IDetails) {
 	firstDetail := details[0]

cmd/submit/exceptions.go

@@ -1,7 +1,6 @@
 package submit
 
 import (
-	"context"
 	"fmt"
 
 	logger "github.com/kubescape/go-logger"
@@ -27,7 +26,7 @@ func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Comm
 				logger.L().Fatal(err.Error())
 			}
 
-			if err := ks.SubmitExceptions(context.TODO(), &submitInfo.Credentials, args[0]); err != nil {
+			if err := ks.SubmitExceptions(&submitInfo.Credentials, args[0]); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 		},

cmd/submit/rbac.go

@@ -1,7 +1,6 @@
 package submit
 
 import (
-	"context"
 	"fmt"
 
 	"github.com/google/uuid"
@@ -67,7 +66,7 @@ func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 				Reporter:      r,
 			}
 
-			if err := ks.Submit(context.TODO(), submitInterfaces); err != nil {
+			if err := ks.Submit(submitInterfaces); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil

cmd/submit/results.go

@@ -1,7 +1,6 @@
 package submit
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -83,13 +82,13 @@ func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
 				Reporter:      r,
 			}
 
-			if err := ks.Submit(context.TODO(), submitInterfaces); err != nil {
+			if err := ks.Submit(submitInterfaces); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			return nil
 		},
 	}
-	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v2", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v1", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 
 	return resultsCmd
 }

cmd/update/update.go

@@ -5,7 +5,6 @@ package update
 //          kubescape update
 
 import (
-	"fmt"
 	"os/exec"
 	"runtime"
 
@@ -14,17 +13,11 @@ import (
 	"github.com/spf13/cobra"
 )
 
-var updateCmdExamples = fmt.Sprintf(`
-  # Update to the latest kubescape release
-  %[1]s update
-`, cautils.ExecName())
-
 func GetUpdateCmd() *cobra.Command {
 	updateCmd := &cobra.Command{
-		Use:     "update",
-		Short:   "Update your version",
-		Long:    ``,
-		Example: updateCmdExamples,
+		Use:   "update",
+		Short: "Update your version",
+		Long:  ``,
 		RunE: func(_ *cobra.Command, args []string) error {
 			//Checking the user's version of kubescape to the latest release
 			if cautils.BuildNumber == cautils.LatestReleaseVersion {

cmd/version/version.go

@@ -1,7 +1,6 @@
 package version
 
 import (
-	"context"
 	"fmt"
 	"os"
 
@@ -15,9 +14,8 @@ func GetVersionCmd() *cobra.Command {
 		Short: "Get current version",
 		Long:  ``,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			ctx := context.TODO()
-			v := cautils.NewIVersionCheckHandler(ctx)
-			v.CheckLatestVersion(ctx, cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
+			v := cautils.NewIVersionCheckHandler()
+			v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, "", "", "version"))
 			fmt.Fprintf(os.Stdout,
 				"Your current version is: %s [git enabled in build: %t]\n",
 				cautils.BuildNumber,

core/cautils/customerloader.go

@@ -70,7 +70,7 @@ type ITenantConfig interface {
 	// set
 	SetTenant() error
 	UpdateCachedConfig() error
-	DeleteCachedConfig(ctx context.Context) error
+	DeleteCachedConfig() error
 
 	// getters
 	GetContextName() string
@@ -94,9 +94,6 @@ type ITenantConfig interface {
 // ============================ Local Config ============================================
 // ======================================================================================
 // Config when scanning YAML files or URL but not a Kubernetes cluster
-
-var _ ITenantConfig = &LocalConfig{}
-
 type LocalConfig struct {
 	backendAPI getter.IBackend
 	configObj  *ConfigObj
@@ -149,8 +146,6 @@ func NewLocalConfig(
 	}
 	logger.L().Debug("Kubescape Cloud URLs", helpers.String("api", lc.backendAPI.GetCloudAPIURL()), helpers.String("auth", lc.backendAPI.GetCloudAuthURL()), helpers.String("report", lc.backendAPI.GetCloudReportURL()), helpers.String("UI", lc.backendAPI.GetCloudUIURL()))
 
-	initializeCloudAPI(lc)
-
 	return lc
 }
 
@@ -180,9 +175,9 @@ func (lc *LocalConfig) UpdateCachedConfig() error {
 	return updateConfigFile(lc.configObj)
 }
 
-func (lc *LocalConfig) DeleteCachedConfig(ctx context.Context) error {
+func (lc *LocalConfig) DeleteCachedConfig() error {
 	if err := DeleteConfigFile(); err != nil {
-		logger.L().Ctx(ctx).Warning(err.Error())
+		logger.L().Warning(err.Error())
 	}
 	return nil
 }
@@ -225,8 +220,6 @@ KS_SECRET_KEY
 TODO - support:
 KS_CACHE // path to cached files
 */
-var _ ITenantConfig = &ClusterConfig{}
-
 type ClusterConfig struct {
 	backendAPI         getter.IBackend
 	k8s                *k8sinterface.KubernetesApi
@@ -295,8 +288,6 @@ func NewClusterConfig(k8s *k8sinterface.KubernetesApi, backendAPI getter.IBacken
 	}
 	logger.L().Debug("Kubescape Cloud URLs", helpers.String("api", c.backendAPI.GetCloudAPIURL()), helpers.String("auth", c.backendAPI.GetCloudAuthURL()), helpers.String("report", c.backendAPI.GetCloudReportURL()), helpers.String("UI", c.backendAPI.GetCloudUIURL()))
 
-	initializeCloudAPI(c)
-
 	return c
 }
 
@@ -339,12 +330,12 @@ func (c *ClusterConfig) UpdateCachedConfig() error {
 	return updateConfigFile(c.configObj)
 }
 
-func (c *ClusterConfig) DeleteCachedConfig(ctx context.Context) error {
+func (c *ClusterConfig) DeleteCachedConfig() error {
 	if err := c.deleteConfigMap(); err != nil {
-		logger.L().Ctx(ctx).Warning(err.Error())
+		logger.L().Warning(err.Error())
 	}
 	if err := DeleteConfigFile(); err != nil {
-		logger.L().Ctx(ctx).Warning(err.Error())
+		logger.L().Warning(err.Error())
 	}
 	return nil
 }
@@ -631,15 +622,3 @@ func updateCloudURLs(configObj *ConfigObj) {
 	}
 
 }
-
-func initializeCloudAPI(c ITenantConfig) {
-	cloud := getter.GetKSCloudAPIConnector()
-	cloud.SetAccountID(c.GetAccountID())
-	cloud.SetClientID(c.GetClientID())
-	cloud.SetSecretKey(c.GetSecretKey())
-	cloud.SetCloudAuthURL(c.GetCloudAuthURL())
-	cloud.SetCloudReportURL(c.GetCloudReportURL())
-	cloud.SetCloudUIURL(c.GetCloudUIURL())
-	cloud.SetCloudAPIURL(c.GetCloudAPIURL())
-	getter.SetKSCloudAPIConnector(cloud)
-}

core/cautils/customerloader_test.go

@@ -5,7 +5,6 @@ import (
 	"os"
 	"testing"
 
-	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	"github.com/stretchr/testify/assert"
 	corev1 "k8s.io/api/core/v1"
 )
@@ -269,33 +268,3 @@ func TestUpdateCloudURLs(t *testing.T) {
 	updateCloudURLs(co)
 	assert.Equal(t, co.CloudAPIURL, mockCloudAPIURL)
 }
-
-func Test_initializeCloudAPI(t *testing.T) {
-	type args struct {
-		c ITenantConfig
-	}
-	tests := []struct {
-		name string
-		args args
-	}{
-		{
-			name: "test",
-			args: args{
-				c: mockClusterConfig(),
-			},
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			initializeCloudAPI(tt.args.c)
-			cloud := getter.GetKSCloudAPIConnector()
-			assert.Equal(t, tt.args.c.GetCloudAPIURL(), cloud.GetCloudAPIURL())
-			assert.Equal(t, tt.args.c.GetCloudAuthURL(), cloud.GetCloudAuthURL())
-			assert.Equal(t, tt.args.c.GetCloudUIURL(), cloud.GetCloudUIURL())
-			assert.Equal(t, tt.args.c.GetCloudReportURL(), cloud.GetCloudReportURL())
-			assert.Equal(t, tt.args.c.GetAccountID(), cloud.GetAccountID())
-			assert.Equal(t, tt.args.c.GetClientID(), cloud.GetClientID())
-			assert.Equal(t, tt.args.c.GetSecretKey(), cloud.GetSecretKey())
-		})
-	}
-}

core/cautils/datastructures.go

@@ -1,8 +1,6 @@
 package cautils
 
 import (
-	"context"
-
 	"github.com/armosec/armoapi-go/armotypes"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/opa-utils/reporthandling"
@@ -38,7 +36,7 @@ type OPASessionObj struct {
 	OmitRawResources      bool                               // omit raw resources from output
 }
 
-func NewOPASessionObj(ctx context.Context, frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
+func NewOPASessionObj(frameworks []reporthandling.Framework, k8sResources *K8SResources, scanInfo *ScanInfo) *OPASessionObj {
 	return &OPASessionObj{
 		Report:                &reporthandlingv2.PostureReport{},
 		Policies:              frameworks,
@@ -50,7 +48,7 @@ func NewOPASessionObj(ctx context.Context, frameworks []reporthandling.Framework
 		ResourceToControlsMap: make(map[string][]string),
 		ResourceSource:        make(map[string]reporthandling.Source),
 		SessionID:             scanInfo.ScanID,
-		Metadata:              scanInfoToScanMetadata(ctx, scanInfo),
+		Metadata:              scanInfoToScanMetadata(scanInfo),
 		OmitRawResources:      scanInfo.OmitRawResources,
 	}
 }

core/cautils/datastructuresmethods.go

@@ -5,7 +5,6 @@ import (
 
 	"github.com/armosec/utils-go/boolutils"
 	"github.com/kubescape/opa-utils/reporthandling"
-	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
 func NewPolicies() *Policies {
@@ -30,16 +29,7 @@ func (policies *Policies) Set(frameworks []reporthandling.Framework, version str
 			if len(compatibleRules) > 0 {
 				frameworks[i].Controls[j].Rules = compatibleRules
 				policies.Controls[frameworks[i].Controls[j].ControlID] = frameworks[i].Controls[j]
-			} else { // if the control type is manual review, add it to the list of controls
-				actionRequiredStr := frameworks[i].Controls[j].GetActionRequiredAttribute()
-				if actionRequiredStr == "" {
-					continue
-				}
-				if actionRequiredStr == string(apis.SubStatusManualReview) {
-					policies.Controls[frameworks[i].Controls[j].ControlID] = frameworks[i].Controls[j]
-				}
 			}
-
 		}
 
 	}

core/cautils/display.go

@@ -6,10 +6,7 @@ import (
 
 	spinnerpkg "github.com/briandowns/spinner"
 	"github.com/fatih/color"
-	logger "github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
 	"github.com/mattn/go-isatty"
-	"github.com/schollz/progressbar/v3"
 )
 
 var FailureDisplay = color.New(color.Bold, color.FgHiRed).FprintfFunc()
@@ -24,10 +21,6 @@ var DescriptionDisplay = color.New(color.Faint, color.FgWhite).FprintfFunc()
 var spinner *spinnerpkg.Spinner
 
 func StartSpinner() {
-	if helpers.ToLevel(logger.L().GetLevel()) >= helpers.WarningLevel {
-		return
-	}
-
 	if spinner != nil {
 		if !spinner.Active() {
 			spinner.Start()
@@ -46,28 +39,3 @@ func StopSpinner() {
 	}
 	spinner.Stop()
 }
-
-type ProgressHandler struct {
-	pb    *progressbar.ProgressBar
-	title string
-}
-
-func NewProgressHandler(title string) *ProgressHandler {
-	return &ProgressHandler{title: title}
-}
-
-func (p *ProgressHandler) Start(allSteps int) {
-	if !isatty.IsTerminal(os.Stderr.Fd()) || helpers.ToLevel(logger.L().GetLevel()) >= helpers.WarningLevel {
-		p.pb = progressbar.DefaultSilent(int64(allSteps), p.title)
-		return
-	}
-	p.pb = progressbar.Default(int64(allSteps), p.title)
-}
-
-func (p *ProgressHandler) ProgressJob(step int, message string) {
-	p.pb.Add(step)
-	p.pb.Describe(message)
-}
-
-func (p *ProgressHandler) Stop() {
-}

core/cautils/display_test.go

@@ -1,32 +0,0 @@
-package cautils
-
-import (
-	"testing"
-
-	"github.com/kubescape/go-logger"
-)
-
-func TestStartSpinner(t *testing.T) {
-	tests := []struct {
-		name        string
-		loggerLevel string
-		enabled     bool
-	}{
-		{
-			name:        "TestStartSpinner - disabled",
-			loggerLevel: "warning",
-			enabled:     false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			logger.L().SetLevel(tt.loggerLevel)
-			StartSpinner()
-			if !tt.enabled {
-				if spinner != nil {
-					t.Errorf("spinner should be nil")
-				}
-			}
-		})
-	}
-}

core/cautils/fileutils.go

@@ -2,7 +2,6 @@ package cautils
 
 import (
 	"bytes"
-	"context"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -32,7 +31,7 @@ const (
 )
 
 // LoadResourcesFromHelmCharts scans a given path (recursively) for helm charts, renders the templates and returns a map of workloads and a map of chart names
-func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, map[string]string) {
+func LoadResourcesFromHelmCharts(basePath string) (map[string][]workloadinterface.IMetadata, map[string]string) {
 	directories, _ := listDirs(basePath)
 	helmDirectories := make([]string, 0)
 	for _, dir := range directories {
@@ -48,7 +47,7 @@ func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[stri
 		if err == nil {
 			wls, errs := chart.GetWorkloadsWithDefaultValues()
 			if len(errs) > 0 {
-				logger.L().Ctx(ctx).Warning(fmt.Sprintf("Rendering of Helm chart template '%s', failed: %v", chart.GetName(), errs))
+				logger.L().Error(fmt.Sprintf("Rendering of Helm chart template '%s', failed: %v", chart.GetName(), errs))
 				continue
 			}
 
@@ -64,7 +63,7 @@ func LoadResourcesFromHelmCharts(ctx context.Context, basePath string) (map[stri
 
 // If the contents at given path is a Kustomize Directory, LoadResourcesFromKustomizeDirectory will
 // generate yaml files using "Kustomize" & renders a map of workloads from those yaml files
-func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (map[string][]workloadinterface.IMetadata, string) {
+func LoadResourcesFromKustomizeDirectory(basePath string) (map[string][]workloadinterface.IMetadata, string) {
 	isKustomizeDirectory := IsKustomizeDirectory(basePath)
 	isKustomizeFile := IsKustomizeFile(basePath)
 	if ok := isKustomizeDirectory || isKustomizeFile; !ok {
@@ -88,7 +87,7 @@ func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (
 	kustomizeDirectoryName := GetKustomizeDirectoryName(newBasePath)
 
 	if len(errs) > 0 {
-		logger.L().Ctx(ctx).Warning(fmt.Sprintf("Rendering yaml from Kustomize failed: %v", errs))
+		logger.L().Error(fmt.Sprintf("Rendering yaml from Kustomize failed: %v", errs))
 	}
 
 	for k, v := range wls {
@@ -97,19 +96,18 @@ func LoadResourcesFromKustomizeDirectory(ctx context.Context, basePath string) (
 	return sourceToWorkloads, kustomizeDirectoryName
 }
 
-func LoadResourcesFromFiles(ctx context.Context, input, rootPath string) map[string][]workloadinterface.IMetadata {
+func LoadResourcesFromFiles(input, rootPath string) map[string][]workloadinterface.IMetadata {
 	files, errs := listFiles(input)
 	if len(errs) > 0 {
-		logger.L().Ctx(ctx).Warning(fmt.Sprintf("%v", errs))
+		logger.L().Error(fmt.Sprintf("%v", errs))
 	}
 	if len(files) == 0 {
-		logger.L().Ctx(ctx).Error("no files found to scan", helpers.String("input", input))
 		return nil
 	}
 
 	workloads, errs := loadFiles(rootPath, files)
 	if len(errs) > 0 {
-		logger.L().Ctx(ctx).Warning(fmt.Sprintf("%v", errs))
+		logger.L().Error(fmt.Sprintf("%v", errs))
 	}
 
 	return workloads

core/cautils/fileutils_test.go

@@ -1,7 +1,6 @@
 package cautils
 
 import (
-	"context"
 	"os"
 	"path/filepath"
 	"strings"
@@ -31,7 +30,7 @@ func TestListFiles(t *testing.T) {
 }
 
 func TestLoadResourcesFromFiles(t *testing.T) {
-	workloads := LoadResourcesFromFiles(context.TODO(), onlineBoutiquePath(), "")
+	workloads := LoadResourcesFromFiles(onlineBoutiquePath(), "")
 	assert.Equal(t, 12, len(workloads))
 
 	for i, w := range workloads {
@@ -45,7 +44,7 @@ func TestLoadResourcesFromFiles(t *testing.T) {
 }
 
 func TestLoadResourcesFromHelmCharts(t *testing.T) {
-	sourceToWorkloads, sourceToChartName := LoadResourcesFromHelmCharts(context.TODO(), helmChartPath())
+	sourceToWorkloads, sourceToChartName := LoadResourcesFromHelmCharts(helmChartPath())
 	assert.Equal(t, 6, len(sourceToWorkloads))
 
 	for file, workloads := range sourceToWorkloads {

core/cautils/getter/datastructures.go

@@ -1,61 +1,24 @@
 package getter
 
-import (
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/kubescape/opa-utils/reporthandling"
-	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
-	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
-)
+type FeLoginData struct {
+	Secret   string `json:"secret"`
+	ClientId string `json:"clientId"`
+}
 
-// NativeFrameworks identifies all pre-built, native frameworks.
-var NativeFrameworks = []string{"allcontrols", "nsa", "mitre"}
+type FeLoginResponse struct {
+	Token        string `json:"accessToken"`
+	RefreshToken string `json:"refreshToken"`
+	Expires      string `json:"expires"`
+	ExpiresIn    int32  `json:"expiresIn"`
+}
 
-type (
-	// TenantResponse holds the credentials for a tenant.
-	TenantResponse struct {
-		TenantID  string `json:"tenantId"`
-		Token     string `json:"token"`
-		Expires   string `json:"expires"`
-		AdminMail string `json:"adminMail,omitempty"`
-	}
+type KSCloudSelectCustomer struct {
+	SelectedCustomerGuid string `json:"selectedCustomer"`
+}
 
-	// AttackTrack is an alias to the API type definition for attack tracks.
-	AttackTrack = v1alpha1.AttackTrack
-
-	// Framework is an alias to the API type definition for a framework.
-	Framework = reporthandling.Framework
-
-	// Control is an alias to the API type definition for a control.
-	Control = reporthandling.Control
-
-	// PostureExceptionPolicy is an alias to the API type definition for posture exception policy.
-	PostureExceptionPolicy = armotypes.PostureExceptionPolicy
-
-	// CustomerConfig is an alias to the API type definition for a customer configuration.
-	CustomerConfig = armotypes.CustomerConfig
-
-	// PostureReport is an alias to the API type definition for a posture report.
-	PostureReport = reporthandlingv2.PostureReport
-)
-
-type (
-	// internal data descriptors
-
-	// feLoginData describes the input to a login challenge.
-	feLoginData struct {
-		Secret   string `json:"secret"`
-		ClientId string `json:"clientId"`
-	}
-
-	// feLoginResponse describes the response to a login challenge.
-	feLoginResponse struct {
-		Token        string `json:"accessToken"`
-		RefreshToken string `json:"refreshToken"`
-		Expires      string `json:"expires"`
-		ExpiresIn    int32  `json:"expiresIn"`
-	}
-
-	ksCloudSelectCustomer struct {
-		SelectedCustomerGuid string `json:"selectedCustomer"`
-	}
-)
+type TenantResponse struct {
+	TenantID  string `json:"tenantId"`
+	Token     string `json:"token"`
+	Expires   string `json:"expires"`
+	AdminMail string `json:"adminMail,omitempty"`
+}

core/cautils/getter/doc.go

@@ -1,8 +0,0 @@
-// Package getter provides functionality to retrieve policy objects.
-//
-// It comes with 3 implementations:
-//
-// * KSCloudAPI is a client for the KS Cloud SaaS API
-// * LoadPolicy exposes policy objects stored in a local repository
-// * DownloadReleasedPolicy downloads policy objects from the policy library released on github: https://github.com/kubescape/regolibrary
-package getter

core/cautils/getter/downloadreleasedpolicy.go

@@ -5,21 +5,14 @@ import (
 	"strings"
 
 	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/kubescape/opa-utils/gitregostore"
 	"github.com/kubescape/opa-utils/reporthandling"
 	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
-
-	"github.com/kubescape/regolibrary/gitregostore"
 )
 
 // =======================================================================================================================
 // ======================================== DownloadReleasedPolicy =======================================================
 // =======================================================================================================================
-var (
-	_ IPolicyGetter         = &DownloadReleasedPolicy{}
-	_ IExceptionsGetter     = &DownloadReleasedPolicy{}
-	_ IAttackTracksGetter   = &DownloadReleasedPolicy{}
-	_ IControlsInputsGetter = &DownloadReleasedPolicy{}
-)
 
 // Use gitregostore to get policies from github release
 type DownloadReleasedPolicy struct {
@@ -78,12 +71,12 @@ func (drp *DownloadReleasedPolicy) ListControls() ([]string, error) {
 	}
 	var controlsFrameworksList [][]string
 	for _, control := range controls {
-		controlsFrameworksList = append(controlsFrameworksList, drp.gs.GetOpaFrameworkListByControlID(control.ControlID))
+		controlsFrameworksList = append(controlsFrameworksList, control.FrameworkNames)
 	}
 	controlsNamesWithIDsandFrameworksList := make([]string, len(controlsIDsList))
 	// by design all slices have the same lengt
 	for i := range controlsIDsList {
-		controlsNamesWithIDsandFrameworksList[i] = fmt.Sprintf("%v|%v|%v", controlsIDsList[i], controlsNamesList[i], strings.Join(controlsFrameworksList[i], ", "))
+		controlsNamesWithIDsandFrameworksList[i] = fmt.Sprintf("%v|%v|%v", controlsIDsList[i], controlsNamesList[i], strings.Join(controlsFrameworksList[i], ","))
 	}
 	return controlsNamesWithIDsandFrameworksList, nil
 }
@@ -112,6 +105,19 @@ func (drp *DownloadReleasedPolicy) SetRegoObjects() error {
 	return drp.gs.SetRegoObjects()
 }
 
+func isNativeFramework(framework string) bool {
+	return contains(NativeFrameworks, framework)
+}
+
+func contains(s []string, str string) bool {
+	for _, v := range s {
+		if strings.EqualFold(v, str) {
+			return true
+		}
+	}
+	return false
+}
+
 func (drp *DownloadReleasedPolicy) GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error) {
 	exceptions, err := drp.gs.GetSystemPostureExceptionPolicies()
 	if err != nil {

core/cautils/getter/downloadreleasedpolicy_test.go

@@ -1,164 +0,0 @@
-package getter
-
-import (
-	"errors"
-	"fmt"
-	"io/fs"
-	"os"
-	"path/filepath"
-	"strings"
-	"testing"
-
-	"github.com/kubescape/kubescape/v2/internal/testutils"
-	jsoniter "github.com/json-iterator/go"
-	"github.com/stretchr/testify/require"
-)
-
-func TestReleasedPolicy(t *testing.T) {
-	t.Parallel()
-
-	p := NewDownloadReleasedPolicy()
-
-	t.Run("should initialize objects", func(t *testing.T) {
-		t.Parallel()
-
-		// acquire from github or from local fixture
-		hydrateReleasedPolicyFromMock(t, p)
-
-		require.NoError(t, p.SetRegoObjects())
-
-		t.Run("with ListControls", func(t *testing.T) {
-			t.Parallel()
-
-			controlIDs, err := p.ListControls()
-			require.NoError(t, err)
-			require.NotEmpty(t, controlIDs)
-
-			sampleSize := int(min(int64(len(controlIDs)), 10))
-
-			for _, toPin := range controlIDs[:sampleSize] {
-				// Example of a returned "ID": `C-0154|Ensure_that_the_--client-cert-auth_argument_is_set_to_true|`
-				controlString := toPin
-				parts := strings.Split(controlString, "|")
-				controlID := parts[0]
-
-				t.Run(fmt.Sprintf("with GetControl(%q)", controlID), func(t *testing.T) {
-					t.Parallel()
-
-					ctrl, err := p.GetControl(controlID)
-					require.NoError(t, err)
-					require.NotEmpty(t, ctrl)
-					require.Equal(t, controlID, ctrl.ControlID)
-				})
-			}
-
-			t.Run("with unknown GetControl()", func(t *testing.T) {
-				t.Parallel()
-
-				ctrl, err := p.GetControl("zork")
-				require.Error(t, err)
-				require.Nil(t, ctrl)
-			})
-		})
-
-		t.Run("with GetFrameworks", func(t *testing.T) {
-			t.Parallel()
-
-			frameworks, err := p.GetFrameworks()
-			require.NoError(t, err)
-			require.NotEmpty(t, frameworks)
-
-			for _, toPin := range frameworks {
-				framework := toPin
-				require.NotEmpty(t, framework)
-				require.NotEmpty(t, framework.Name)
-
-				t.Run(fmt.Sprintf("with GetFramework(%q)", framework.Name), func(t *testing.T) {
-					t.Parallel()
-
-					fw, err := p.GetFramework(framework.Name)
-					require.NoError(t, err)
-					require.NotNil(t, fw)
-
-					require.EqualValues(t, framework, *fw)
-				})
-			}
-
-			t.Run("with unknown GetFramework()", func(t *testing.T) {
-				t.Parallel()
-
-				ctrl, err := p.GetFramework("zork")
-				require.Error(t, err)
-				require.Nil(t, ctrl)
-			})
-
-			t.Run("with ListFrameworks", func(t *testing.T) {
-				t.Parallel()
-
-				frameworkIDs, err := p.ListFrameworks()
-				require.NoError(t, err)
-				require.NotEmpty(t, frameworkIDs)
-
-				require.Len(t, frameworkIDs, len(frameworks))
-			})
-
-		})
-
-		t.Run("with GetControlsInput", func(t *testing.T) {
-			t.Parallel()
-
-			controlInputs, err := p.GetControlsInputs("") // NOTE: cluster name currently unused
-			require.NoError(t, err)
-			require.NotEmpty(t, controlInputs)
-		})
-
-		t.Run("with GetAttackTracks", func(t *testing.T) {
-			t.Parallel()
-
-			attackTracks, err := p.GetAttackTracks()
-			require.NoError(t, err)
-			require.NotEmpty(t, attackTracks)
-		})
-
-		t.Run("with GetExceptions", func(t *testing.T) {
-			t.Parallel()
-
-			exceptions, err := p.GetExceptions("") // NOTE: cluster name currently unused
-			require.NoError(t, err)
-			require.NotEmpty(t, exceptions)
-		})
-	})
-}
-
-func hydrateReleasedPolicyFromMock(t testing.TB, p *DownloadReleasedPolicy) {
-	regoFile := testRegoFile("policy")
-
-	if _, err := os.Stat(regoFile); errors.Is(err, fs.ErrNotExist) {
-		// retrieve fixture from latest released policy from github.
-		//
-		// NOTE: to update the mock, just delete the testdata/policy.json file and run the tests again.
-		t.Logf("updating fixture file %q from github", regoFile)
-
-		require.NoError(t, p.SetRegoObjects())
-		require.NotNil(t, p.gs)
-
-		require.NoError(t,
-			SaveInFile(p.gs, regoFile),
-		)
-
-		return
-	}
-
-	// we have a mock fixture: load this rather than calling github
-	t.Logf("populating rego policy from fixture file %q", regoFile)
-	buf, err := os.ReadFile(regoFile)
-	require.NoError(t, err)
-
-	require.NoError(t,
-		jsoniter.Unmarshal(buf, p.gs),
-	)
-}
-
-func testRegoFile(framework string) string {
-	return filepath.Join(testutils.CurrentDir(), "testdata", fmt.Sprintf("%s.json", framework))
-}

core/cautils/getter/getpolicies.go

@@ -0,0 +1,47 @@
+package getter
+
+import (
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/kubescape/opa-utils/reporthandling"
+	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
+)
+
+type IPolicyGetter interface {
+	GetFramework(name string) (*reporthandling.Framework, error)
+	GetFrameworks() ([]reporthandling.Framework, error)
+	GetControl(ID string) (*reporthandling.Control, error)
+
+	ListFrameworks() ([]string, error)
+	ListControls() ([]string, error)
+}
+
+type IExceptionsGetter interface {
+	GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error)
+}
+type IBackend interface {
+	GetAccountID() string
+	GetClientID() string
+	GetSecretKey() string
+	GetCloudReportURL() string
+	GetCloudAPIURL() string
+	GetCloudUIURL() string
+	GetCloudAuthURL() string
+
+	SetAccountID(accountID string)
+	SetClientID(clientID string)
+	SetSecretKey(secretKey string)
+	SetCloudReportURL(cloudReportURL string)
+	SetCloudAPIURL(cloudAPIURL string)
+	SetCloudUIURL(cloudUIURL string)
+	SetCloudAuthURL(cloudAuthURL string)
+
+	GetTenant() (*TenantResponse, error)
+}
+
+type IControlsInputsGetter interface {
+	GetControlsInputs(clusterName string) (map[string][]string, error)
+}
+
+type IAttackTracksGetter interface {
+	GetAttackTracks() ([]v1alpha1.AttackTrack, error)
+}

core/cautils/getter/getpoliciesutils.go

@@ -6,27 +6,24 @@ import (
 	"io"
 	"net/http"
 	"os"
+	"path"
 	"path/filepath"
 	"strings"
 )
 
-// GetDefaultPath returns a location under the local dot files for kubescape.
-//
-// This is typically located under $HOME/.kubescape
 func GetDefaultPath(name string) string {
 	return filepath.Join(DefaultLocalStore, name)
 }
 
-// SaveInFile serializes any object as a JSON file.
-func SaveInFile(object interface{}, targetFile string) error {
-	encodedData, err := json.MarshalIndent(object, "", "  ")
+func SaveInFile(policy interface{}, pathStr string) error {
+	encodedData, err := json.MarshalIndent(policy, "", "  ")
 	if err != nil {
 		return err
 	}
-	err = os.WriteFile(targetFile, encodedData, 0644) //nolint:gosec
+	err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec
 	if err != nil {
 		if os.IsNotExist(err) {
-			pathDir := filepath.Dir(targetFile)
+			pathDir := path.Dir(pathStr)
 			// pathDir could contain subdirectories
 			if erm := os.MkdirAll(pathDir, 0755); erm != nil {
 				return erm
@@ -35,7 +32,7 @@ func SaveInFile(object interface{}, targetFile string) error {
 			return err
 
 		}
-		err = os.WriteFile(targetFile, encodedData, 0644) //nolint:gosec
+		err = os.WriteFile(pathStr, encodedData, 0644) //nolint:gosec
 		if err != nil {
 			return err
 		}
@@ -43,9 +40,6 @@ func SaveInFile(object interface{}, targetFile string) error {
 	return nil
 }
 
-// HttpDelete provides a low-level capability to send a HTTP DELETE request and serialize the response as a string.
-//
-// Deprecated: use methods of the KSCloudAPI client instead.
 func HttpDelete(httpClient *http.Client, fullURL string, headers map[string]string) (string, error) {
 
 	req, err := http.NewRequest("DELETE", fullURL, nil)
@@ -65,10 +59,8 @@ func HttpDelete(httpClient *http.Client, fullURL string, headers map[string]stri
 	return respStr, nil
 }
 
-// HttpGetter provides a low-level capability to send a HTTP GET request and serialize the response as a string.
-//
-// Deprecated: use methods of the KSCloudAPI client instead.
 func HttpGetter(httpClient *http.Client, fullURL string, headers map[string]string) (string, error) {
+
 	req, err := http.NewRequest("GET", fullURL, nil)
 	if err != nil {
 		return "", err
@@ -86,10 +78,8 @@ func HttpGetter(httpClient *http.Client, fullURL string, headers map[string]stri
 	return respStr, nil
 }
 
-// HttpPost provides a low-level capability to send a HTTP POST request and serialize the response as a string.
-//
-// Deprecated: use methods of the KSCloudAPI client instead.
 func HttpPost(httpClient *http.Client, fullURL string, headers map[string]string, body []byte) (string, error) {
+
 	req, err := http.NewRequest("POST", fullURL, bytes.NewReader(body))
 	if err != nil {
 		return "", err
@@ -114,7 +104,7 @@ func setHeaders(req *http.Request, headers map[string]string) {
 	}
 }
 
-// httpRespToString parses the body as string and checks the HTTP status code, it closes the body reader at the end
+// HTTPRespToString parses the body as string and checks the HTTP status code, it closes the body reader at the end
 func httpRespToString(resp *http.Response) (string, error) {
 	if resp == nil || resp.Body == nil {
 		return "", nil
@@ -124,7 +114,6 @@ func httpRespToString(resp *http.Response) (string, error) {
 	if resp.ContentLength > 0 {
 		strBuilder.Grow(int(resp.ContentLength))
 	}
-
 	_, err := io.Copy(&strBuilder, resp.Body)
 	respStr := strBuilder.String()
 	if err != nil {

core/cautils/getter/getpoliciesutils_test.go

@@ -1,97 +0,0 @@
-package getter
-
-import (
-	"net/http"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestGetDefaultPath(t *testing.T) {
-	t.Parallel()
-
-	const name = "mine"
-
-	pth := GetDefaultPath(name)
-	require.Equal(t, name, filepath.Base(pth))
-	require.Equal(t, ".kubescape", filepath.Base(filepath.Dir(pth)))
-}
-
-func TestSaveInFile(t *testing.T) {
-	t.Parallel()
-
-	dir, err := os.MkdirTemp(".", "test")
-	require.NoError(t, err)
-	defer func() {
-		_ = os.RemoveAll(dir)
-	}()
-
-	policy := map[string]interface{}{
-		"key":    "value",
-		"number": 1.00,
-	}
-
-	t.Run("should save data as JSON (target folder exists)", func(t *testing.T) {
-		target := filepath.Join(dir, "target.json")
-		require.NoError(t, SaveInFile(policy, target))
-
-		buf, err := os.ReadFile(target)
-		require.NoError(t, err)
-		var retrieved interface{}
-		require.NoError(t, json.Unmarshal(buf, &retrieved))
-
-		require.EqualValues(t, policy, retrieved)
-	})
-
-	t.Run("should save data as JSON (new target folder)", func(t *testing.T) {
-		target := filepath.Join(dir, "subdir", "target.json")
-		require.NoError(t, SaveInFile(policy, target))
-
-		buf, err := os.ReadFile(target)
-		require.NoError(t, err)
-		var retrieved interface{}
-		require.NoError(t, json.Unmarshal(buf, &retrieved))
-
-		require.EqualValues(t, policy, retrieved)
-	})
-
-	t.Run("should error", func(t *testing.T) {
-		badPolicy := map[string]interface{}{
-			"key":    "value",
-			"number": 1.00,
-			"err":    func() {},
-		}
-		target := filepath.Join(dir, "error.json")
-		require.Error(t, SaveInFile(badPolicy, target))
-	})
-}
-
-func TestHttpMethods(t *testing.T) {
-	client := http.DefaultClient
-	hdrs := map[string]string{"key": "value"}
-
-	srv := mockAPIServer(t)
-	t.Cleanup(srv.Close)
-
-	t.Run("HttpGetter should GET", func(t *testing.T) {
-		resp, err := HttpGetter(client, srv.URL(pathTestGet), hdrs)
-		require.NoError(t, err)
-		require.EqualValues(t, "body-get", resp)
-	})
-
-	t.Run("HttpPost should POST", func(t *testing.T) {
-		body := []byte("body-post")
-
-		resp, err := HttpPost(client, srv.URL(pathTestPost), hdrs, body)
-		require.NoError(t, err)
-		require.EqualValues(t, string(body), resp)
-	})
-
-	t.Run("HttpDelete should DELETE", func(t *testing.T) {
-		resp, err := HttpDelete(client, srv.URL(pathTestDelete), hdrs)
-		require.NoError(t, err)
-		require.EqualValues(t, "body-delete", resp)
-	})
-}

core/cautils/getter/interfaces.go

@@ -1,55 +0,0 @@
-package getter
-
-import (
-	"github.com/armosec/armoapi-go/armotypes"
-	"github.com/kubescape/opa-utils/reporthandling"
-	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
-)
-
-type (
-	// IPolicyGetter knows how to retrieve policies, i.e. frameworks and their controls.
-	IPolicyGetter interface {
-		GetFramework(name string) (*reporthandling.Framework, error)
-		GetFrameworks() ([]reporthandling.Framework, error)
-		GetControl(ID string) (*reporthandling.Control, error)
-
-		ListFrameworks() ([]string, error)
-		ListControls() ([]string, error)
-	}
-
-	// IExceptionsGetter knows how to retrieve exceptions.
-	IExceptionsGetter interface {
-		GetExceptions(clusterName string) ([]armotypes.PostureExceptionPolicy, error)
-	}
-
-	// IControlsInputsGetter knows how to retrieve controls inputs.
-	IControlsInputsGetter interface {
-		GetControlsInputs(clusterName string) (map[string][]string, error)
-	}
-
-	// IAttackTracksGetter knows how to retrieve attack tracks.
-	IAttackTracksGetter interface {
-		GetAttackTracks() ([]v1alpha1.AttackTrack, error)
-	}
-
-	// IBackend knows how to configure a KS Cloud client
-	IBackend interface {
-		GetAccountID() string
-		GetClientID() string
-		GetSecretKey() string
-		GetCloudReportURL() string
-		GetCloudAPIURL() string
-		GetCloudUIURL() string
-		GetCloudAuthURL() string
-
-		SetAccountID(accountID string)
-		SetClientID(clientID string)
-		SetSecretKey(secretKey string)
-		SetCloudReportURL(cloudReportURL string)
-		SetCloudAPIURL(cloudAPIURL string)
-		SetCloudUIURL(cloudUIURL string)
-		SetCloudAuthURL(cloudAuthURL string)
-
-		GetTenant() (*TenantResponse, error)
-	}
-)

core/cautils/getter/json.go

@@ -1,13 +1,16 @@
 package getter
 
 import (
-	"io"
 	"strings"
 
+	stdjson "encoding/json"
+
 	jsoniter "github.com/json-iterator/go"
 )
 
-var json jsoniter.API
+var (
+	json jsoniter.API
+)
 
 func init() {
 	// NOTE(fredbi): attention, this configuration rounds floats down to 6 digits
@@ -15,24 +18,9 @@ func init() {
 	json = jsoniter.ConfigFastest
 }
 
-// JSONDecoder provides a low-level utility that returns a JSON decoder for given string.
-//
-// Deprecated: use higher level methods from the KSCloudAPI client instead.
-func JSONDecoder(origin string) *jsoniter.Decoder {
-	dec := jsoniter.NewDecoder(strings.NewReader(origin))
+// JSONDecoder returns JSON decoder for given string
+func JSONDecoder(origin string) *stdjson.Decoder {
+	dec := stdjson.NewDecoder(strings.NewReader(origin))
 	dec.UseNumber()
-
 	return dec
 }
-
-func decode[T any](rdr io.Reader) (T, error) {
-	var receiver T
-	dec := newDecoder(rdr)
-	err := dec.Decode(&receiver)
-
-	return receiver, err
-}
-
-func newDecoder(rdr io.Reader) *jsoniter.Decoder {
-	return json.NewDecoder(rdr)
-}

core/cautils/getter/kscloudapi_mocks_test.go

@@ -1,294 +0,0 @@
-package getter
-
-import (
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/armosec/armoapi-go/armotypes"
-	jsoniter "github.com/json-iterator/go"
-	"github.com/kubescape/kubescape/v2/internal/testutils"
-	"github.com/kubescape/opa-utils/reporthandling"
-	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
-	"github.com/stretchr/testify/require"
-)
-
-func mockAttackTracks() []v1alpha1.AttackTrack {
-	return []v1alpha1.AttackTrack{
-		{
-			ApiVersion: "v1",
-			Kind:       "track",
-			Metadata:   map[string]interface{}{"label": "name"},
-			Spec: v1alpha1.AttackTrackSpecification{
-				Version:     "v2",
-				Description: "a mock",
-				Data: v1alpha1.AttackTrackStep{
-					Name:        "track1",
-					Description: "mock-step",
-					SubSteps: []v1alpha1.AttackTrackStep{
-						{
-							Name:        "track1",
-							Description: "mock-step",
-							Controls: []v1alpha1.IAttackTrackControl{
-								mockControlPtr("control-1"),
-							},
-						},
-					},
-					Controls: []v1alpha1.IAttackTrackControl{
-						mockControlPtr("control-2"),
-						mockControlPtr("control-3"),
-					},
-				},
-			},
-		},
-		{
-			ApiVersion: "v1",
-			Kind:       "track",
-			Metadata:   map[string]interface{}{"label": "stuff"},
-			Spec: v1alpha1.AttackTrackSpecification{
-				Version:     "v1",
-				Description: "another mock",
-				Data: v1alpha1.AttackTrackStep{
-					Name:        "track2",
-					Description: "mock-step2",
-					SubSteps: []v1alpha1.AttackTrackStep{
-						{
-							Name:        "track3",
-							Description: "mock-step",
-							Controls: []v1alpha1.IAttackTrackControl{
-								mockControlPtr("control-4"),
-							},
-						},
-					},
-					Controls: []v1alpha1.IAttackTrackControl{
-						mockControlPtr("control-5"),
-						mockControlPtr("control-6"),
-					},
-				},
-			},
-		},
-	}
-}
-
-func mockFrameworks() []reporthandling.Framework {
-	id1s := []string{"control-1", "control-2"}
-	id2s := []string{"control-3", "control-4"}
-	id3s := []string{"control-5", "control-6"}
-
-	return []reporthandling.Framework{
-		{
-			PortalBase: armotypes.PortalBase{
-				Name: "mock-1",
-			},
-			CreationTime: "now",
-			Description:  "mock-1",
-			Controls: []reporthandling.Control{
-				mockControl("control-1"),
-				mockControl("control-2"),
-			},
-			ControlsIDs: &id1s,
-			SubSections: map[string]*reporthandling.FrameworkSubSection{
-				"section1": {
-					ID:         "section-id",
-					ControlIDs: id1s,
-				},
-			},
-		},
-		{
-			PortalBase: armotypes.PortalBase{
-				Name: "mock-2",
-			},
-			CreationTime: "then",
-			Description:  "mock-2",
-			Controls: []reporthandling.Control{
-				mockControl("control-3"),
-				mockControl("control-4"),
-			},
-			ControlsIDs: &id2s,
-			SubSections: map[string]*reporthandling.FrameworkSubSection{
-				"section2": {
-					ID:         "section-id",
-					ControlIDs: id2s,
-				},
-			},
-		},
-		{
-			PortalBase: armotypes.PortalBase{
-				Name: "nsa",
-			},
-			CreationTime: "tomorrow",
-			Description:  "nsa mock",
-			Controls: []reporthandling.Control{
-				mockControl("control-5"),
-				mockControl("control-6"),
-			},
-			ControlsIDs: &id3s,
-			SubSections: map[string]*reporthandling.FrameworkSubSection{
-				"section2": {
-					ID:         "section-id",
-					ControlIDs: id3s,
-				},
-			},
-		},
-	}
-}
-
-func mockControl(controlID string) reporthandling.Control {
-	return reporthandling.Control{
-		ControlID: controlID,
-	}
-}
-func mockControlPtr(controlID string) *reporthandling.Control {
-	val := mockControl(controlID)
-
-	return &val
-}
-
-func mockExceptions() []armotypes.PostureExceptionPolicy {
-	return []armotypes.PostureExceptionPolicy{
-		{
-			PolicyType:   "postureExceptionPolicy",
-			CreationTime: "now",
-			Actions: []armotypes.PostureExceptionPolicyActions{
-				"alertOnly",
-			},
-			Resources: []armotypes.PortalDesignator{
-				{
-					DesignatorType: "Attributes",
-					Attributes: map[string]string{
-						"kind":      "Pod",
-						"name":      "coredns-[A-Za-z0-9]+-[A-Za-z0-9]+",
-						"namespace": "kube-system",
-					},
-				},
-				{
-					DesignatorType: "Attributes",
-					Attributes: map[string]string{
-						"kind":      "Pod",
-						"name":      "etcd-.*",
-						"namespace": "kube-system",
-					},
-				},
-			},
-			PosturePolicies: []armotypes.PosturePolicy{
-				{
-					FrameworkName: "MITRE",
-					ControlID:     "C-.*",
-				},
-				{
-					FrameworkName: "another-framework",
-					ControlID:     "a regexp",
-				},
-			},
-		},
-		{
-			PolicyType:   "postureExceptionPolicy",
-			CreationTime: "then",
-			Actions: []armotypes.PostureExceptionPolicyActions{
-				"alertOnly",
-			},
-			Resources: []armotypes.PortalDesignator{
-				{
-					DesignatorType: "Attributes",
-					Attributes: map[string]string{
-						"kind": "Deployment",
-						"name": "my-regexp",
-					},
-				},
-				{
-					DesignatorType: "Attributes",
-					Attributes: map[string]string{
-						"kind": "Secret",
-						"name": "another-regexp",
-					},
-				},
-			},
-			PosturePolicies: []armotypes.PosturePolicy{
-				{
-					FrameworkName: "yet-another-framework",
-					ControlID:     "a regexp",
-				},
-			},
-		},
-	}
-}
-
-func mockTenantResponse() *TenantResponse {
-	return &TenantResponse{
-		TenantID:  "id",
-		Token:     "token",
-		Expires:   "expiry-time",
-		AdminMail: "admin@example.com",
-	}
-}
-
-func mockCustomerConfig(cluster, scope string) func() *armotypes.CustomerConfig {
-	if cluster == "" {
-		cluster = "my-cluster"
-	}
-
-	if scope == "" {
-		scope = "default"
-	}
-
-	return func() *armotypes.CustomerConfig {
-		return &armotypes.CustomerConfig{
-			Name: "user",
-			Attributes: map[string]interface{}{
-				"label": "value",
-			},
-			Scope: armotypes.PortalDesignator{
-				DesignatorType: "Attributes",
-				Attributes: map[string]string{
-					"kind":  "Cluster",
-					"name":  cluster,
-					"scope": scope,
-				},
-			},
-			Settings: armotypes.Settings{
-				PostureControlInputs: map[string][]string{
-					"inputs-1": {"x1", "y2"},
-					"inputs-2": {"x2", "y2"},
-				},
-				PostureScanConfig: armotypes.PostureScanConfig{
-					ScanFrequency: armotypes.ScanFrequency("weekly"),
-				},
-				VulnerabilityScanConfig: armotypes.VulnerabilityScanConfig{
-					ScanFrequency:             armotypes.ScanFrequency("daily"),
-					CriticalPriorityThreshold: 1,
-					HighPriorityThreshold:     2,
-					MediumPriorityThreshold:   3,
-					ScanNewDeployment:         true,
-					AllowlistRegistries:       []string{"a", "b"},
-					BlocklistRegistries:       []string{"c", "d"},
-				},
-				SlackConfigurations: armotypes.SlackSettings{
-					Token: "slack-token",
-				},
-			},
-		}
-	}
-}
-
-func mockLoginResponse() *feLoginResponse {
-	return &feLoginResponse{
-		Token:        "access-token",
-		RefreshToken: "refresh-token",
-		Expires:      "expiry-time",
-		ExpiresIn:    123,
-	}
-}
-
-func mockPostureReport(t testing.TB, reportID, cluster string) *PostureReport {
-	fixture := filepath.Join(testutils.CurrentDir(), "testdata", "mock_posture_report.json")
-
-	buf, err := os.ReadFile(fixture)
-	require.NoError(t, err)
-
-	var report PostureReport
-	require.NoError(t,
-		jsoniter.Unmarshal(buf, &report),
-	)
-
-	return &report
-}

core/cautils/getter/kscloudapiutils.go

@@ -0,0 +1,186 @@
+package getter
+
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+var NativeFrameworks = []string{"nsa", "mitre", "armobest", "devopsbest"}
+
+func (api *KSCloudAPI) getFrameworkURL(frameworkName string) string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/armoFrameworks"
+	q := u.Query()
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
+	if isNativeFramework(frameworkName) {
+		q.Add("frameworkName", strings.ToUpper(frameworkName))
+	} else {
+		// For customer framework has to be the way it was added
+		q.Add("frameworkName", frameworkName)
+	}
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+
+func (api *KSCloudAPI) getAttackTracksURL() string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/attackTracks"
+	q := u.Query()
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+
+func (api *KSCloudAPI) getListFrameworkURL() string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/armoFrameworks"
+	q := u.Query()
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+func (api *KSCloudAPI) getExceptionsURL(clusterName string) string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/armoPostureExceptions"
+
+	q := u.Query()
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
+	// if clusterName != "" { // TODO - fix customer name support in Armo BE
+	// 	q.Add("clusterName", clusterName)
+	// }
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+
+func (api *KSCloudAPI) exceptionsURL(exceptionsPolicyName string) string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/postureExceptionPolicy"
+
+	q := u.Query()
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
+	if exceptionsPolicyName != "" { // for delete
+		q.Add("policyName", exceptionsPolicyName)
+	}
+
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+
+func (api *KSCloudAPI) getAccountConfigDefault(clusterName string) string {
+	config := api.getAccountConfig(clusterName)
+	url := config + "&scope=customer"
+	return url
+}
+
+func (api *KSCloudAPI) getAccountConfig(clusterName string) string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/armoCustomerConfiguration"
+
+	q := u.Query()
+	q.Add("customerGUID", api.getCustomerGUIDFallBack())
+	if clusterName != "" { // TODO - fix customer name support in Armo BE
+		q.Add("clusterName", clusterName)
+	}
+	u.RawQuery = q.Encode()
+
+	return u.String()
+}
+
+func (api *KSCloudAPI) getAccountURL() string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/createTenant"
+	return u.String()
+}
+
+func (api *KSCloudAPI) getApiToken() string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAuthURL())
+	u.Path = "identity/resources/auth/v1/api-token"
+	return u.String()
+}
+
+func (api *KSCloudAPI) getOpenidCustomers() string {
+	u := url.URL{}
+	u.Scheme, u.Host = parseHost(api.GetCloudAPIURL())
+	u.Path = "api/v1/openid_customers"
+	return u.String()
+}
+
+func (api *KSCloudAPI) getAuthCookie() (string, error) {
+	selectCustomer := KSCloudSelectCustomer{SelectedCustomerGuid: api.accountID}
+	requestBody, _ := json.Marshal(selectCustomer)
+	client := &http.Client{}
+	httpRequest, err := http.NewRequest(http.MethodPost, api.getOpenidCustomers(), bytes.NewBuffer(requestBody))
+	if err != nil {
+		return "", err
+	}
+	httpRequest.Header.Set("Content-Type", "application/json")
+	httpRequest.Header.Set("Authorization", fmt.Sprintf("Bearer %s", api.feToken.Token))
+	httpResponse, err := client.Do(httpRequest)
+	if err != nil {
+		return "", err
+	}
+	defer httpResponse.Body.Close()
+	if httpResponse.StatusCode != http.StatusOK {
+		return "", fmt.Errorf("failed to get cookie from %s: status %d", api.getOpenidCustomers(), httpResponse.StatusCode)
+	}
+
+	cookies := httpResponse.Header.Get("set-cookie")
+	if len(cookies) == 0 {
+		return "", fmt.Errorf("no cookie field in response from %s", api.getOpenidCustomers())
+	}
+
+	authCookie := ""
+	for _, cookie := range strings.Split(cookies, ";") {
+		kv := strings.Split(cookie, "=")
+		if kv[0] == "auth" {
+			authCookie = kv[1]
+		}
+	}
+
+	if len(authCookie) == 0 {
+		return "", fmt.Errorf("no auth cookie field in response from %s", api.getOpenidCustomers())
+	}
+
+	return authCookie, nil
+}
+func (api *KSCloudAPI) appendAuthHeaders(headers map[string]string) {
+
+	if api.feToken.Token != "" {
+		headers["Authorization"] = fmt.Sprintf("Bearer %s", api.feToken.Token)
+	}
+	if api.authCookie != "" {
+		headers["Cookie"] = fmt.Sprintf("auth=%s", api.authCookie)
+	}
+}
+
+func (api *KSCloudAPI) getCustomerGUIDFallBack() string {
+	if api.accountID != "" {
+		return api.accountID
+	}
+	return "11111111-1111-1111-1111-111111111111"
+}
+
+func parseHost(host string) (string, string) {
+	if strings.HasPrefix(host, "http://") {
+		return "http", strings.Replace(host, "http://", "", 1)
+	}
+
+	// default scheme
+	return "https", strings.Replace(host, "https://", "", 1)
+}

core/cautils/getter/kscloudoptions.go

@@ -1,202 +0,0 @@
-package getter
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"net/http"
-	"net/http/httputil"
-	"time"
-)
-
-type (
-	// KSCloudOption allows to configure the behavior of the KS Cloud client.
-	KSCloudOption func(*ksCloudOptions)
-
-	// ksCloudOptions holds all the configurable parts of the KS Cloud client.
-	ksCloudOptions struct {
-		httpClient     *http.Client
-		cloudReportURL string
-		cloudUIURL     string
-		timeout        *time.Duration
-		withTrace      bool
-	}
-
-	// request option instructs post/get/delete to alter the outgoing request
-	requestOption func(*requestOptions)
-
-	// requestOptions knows how to enrich a request with headers
-	requestOptions struct {
-		withJSON   bool
-		withToken  string
-		withCookie *http.Cookie
-		withTrace  bool
-		headers    map[string]string
-		reqContext context.Context
-	}
-)
-
-// KS Cloud client options
-
-// WithHTTPClient overrides the default http.Client used by the KS Cloud client.
-func WithHTTPClient(client *http.Client) KSCloudOption {
-	return func(o *ksCloudOptions) {
-		o.httpClient = client
-	}
-}
-
-// WithTimeout sets a global timeout on a operations performed by the KS Cloud client.
-//
-// A value of 0 means no timeout.
-//
-// The default is 61s.
-func WithTimeout(timeout time.Duration) KSCloudOption {
-	duration := timeout
-
-	return func(o *ksCloudOptions) {
-		o.timeout = &duration
-	}
-}
-
-// WithReportURL specifies the URL to post reports.
-func WithReportURL(u string) KSCloudOption {
-	return func(o *ksCloudOptions) {
-		o.cloudReportURL = u
-	}
-}
-
-// WithFrontendURL specifies the URL to access the KS Cloud UI.
-func WithFrontendURL(u string) KSCloudOption {
-	return func(o *ksCloudOptions) {
-		o.cloudUIURL = u
-	}
-}
-
-// WithTrace toggles requests dump for inspection & debugging.
-func WithTrace(enabled bool) KSCloudOption {
-	return func(o *ksCloudOptions) {
-		o.withTrace = enabled
-	}
-}
-
-var defaultClient = &http.Client{
-	Timeout: 61 * time.Second,
-}
-
-// ksCloudOptionsWithDefaults sets defaults for the KS client and applies overrides.
-func ksCloudOptionsWithDefaults(opts []KSCloudOption) *ksCloudOptions {
-	options := &ksCloudOptions{
-		httpClient: defaultClient,
-	}
-
-	for _, apply := range opts {
-		apply(options)
-	}
-
-	if options.timeout != nil {
-		// non-default timeout (0 means no timeout)
-		// clone the client and override the timeout
-		client := *options.httpClient
-		client.Timeout = *options.timeout
-		options.httpClient = &client
-	}
-
-	return options
-}
-
-// http request options
-
-// withContentJSON sets JSON content type for a request
-func withContentJSON(enabled bool) requestOption {
-	return func(o *requestOptions) {
-		o.withJSON = enabled
-	}
-}
-
-// withToken sets an Authorization header for a request
-func withToken(token string) requestOption {
-	return func(o *requestOptions) {
-		o.withToken = token
-	}
-}
-
-// withCookie sets an authentication cookie for a request
-func withCookie(cookie *http.Cookie) requestOption {
-	return func(o *requestOptions) {
-		o.withCookie = cookie
-	}
-}
-
-// withExtraHeaders adds extra headers to a request
-func withExtraHeaders(headers map[string]string) requestOption {
-	return func(o *requestOptions) {
-		o.headers = headers
-	}
-}
-
-/* not used yet
-// withContext sets the context of a request.
-//
-// By default, context.Background() is used.
-func withContext(ctx context.Context) requestOption {
-	return func(o *requestOptions) {
-		o.reqContext = ctx
-	}
-}
-*/
-
-// withTrace dumps requests for debugging
-func withTrace(enabled bool) requestOption {
-	return func(o *requestOptions) {
-		o.withTrace = enabled
-	}
-}
-
-func (o *requestOptions) setHeaders(req *http.Request) {
-	if o.withJSON {
-		req.Header.Set("Content-Type", "application/json")
-	}
-
-	if len(o.withToken) > 0 {
-		req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", o.withToken))
-	}
-
-	if o.withCookie != nil {
-		req.AddCookie(o.withCookie)
-	}
-
-	for k, v := range o.headers {
-		req.Header.Set(k, v)
-	}
-}
-
-// traceReq dumps the content of an outgoing request for inspecting or debugging the client.
-func (o *requestOptions) traceReq(req *http.Request) {
-	if !o.withTrace {
-		return
-	}
-
-	dump, _ := httputil.DumpRequestOut(req, true)
-	log.Printf("%s\n", dump)
-}
-
-// traceResp dumps the content of an API response for inspecting or debugging the client.
-func (o *requestOptions) traceResp(resp *http.Response) {
-	if !o.withTrace {
-		return
-	}
-
-	dump, _ := httputil.DumpResponse(resp, true)
-	log.Printf("%s\n", dump)
-}
-
-func requestOptionsWithDefaults(opts []requestOption) *requestOptions {
-	o := &requestOptions{
-		reqContext: context.Background(),
-	}
-	for _, apply := range opts {
-		apply(o)
-	}
-
-	return o
-}

core/cautils/getter/loadpolicy.go

@@ -24,13 +24,9 @@ var (
 	ErrIDRequired           = errors.New("missing required input control ID")
 	ErrFrameworkNotMatching = errors.New("framework from file not matching")
 	ErrControlNotMatching   = errors.New("framework from file not matching")
-)
 
-var (
-	_ IPolicyGetter         = &LoadPolicy{}
-	_ IExceptionsGetter     = &LoadPolicy{}
-	_ IAttackTracksGetter   = &LoadPolicy{}
-	_ IControlsInputsGetter = &LoadPolicy{}
+	_ IPolicyGetter     = &LoadPolicy{}
+	_ IExceptionsGetter = &LoadPolicy{}
 )
 
 func getCacheDir() string {
@@ -164,7 +160,7 @@ func (lp *LoadPolicy) ListFrameworks() ([]string, error) {
 			continue
 		}
 
-		if framework.Name == "" || contains(frameworkNames, framework.Name) {
+		if contains(frameworkNames, framework.Name) {
 			continue
 		}
 

core/cautils/getter/loadpolicy_test.go

@@ -6,7 +6,6 @@ import (
 	"path/filepath"
 	"testing"
 
-	"github.com/kubescape/kubescape/v2/internal/testutils"
 	"github.com/stretchr/testify/require"
 )
 
@@ -180,29 +179,6 @@ func TestLoadPolicy(t *testing.T) {
 			require.Equal(t, extraFramework, fws[1])
 		})
 
-		t.Run("should not return an empty framework", func(t *testing.T) {
-			t.Parallel()
-
-			const (
-				extraFramework = "NSA"
-				attackTracks   = "attack-tracks"
-				controlsInputs = "controls-inputs"
-			)
-			p := NewLoadPolicy([]string{
-				testFrameworkFile(testFramework),
-				testFrameworkFile(extraFramework),
-				testFrameworkFile(attackTracks),   // should be ignored
-				testFrameworkFile(controlsInputs), // should be ignored
-			})
-			fws, err := p.ListFrameworks()
-			require.NoError(t, err)
-			require.Len(t, fws, 2)
-			require.NotContains(t, fws, "")
-
-			require.Equal(t, testFramework, fws[0])
-			require.Equal(t, extraFramework, fws[1])
-		})
-
 		t.Run("should fail on file error", func(t *testing.T) {
 			t.Parallel()
 
@@ -387,7 +363,7 @@ func TestLoadPolicy(t *testing.T) {
 }
 
 func testFrameworkFile(framework string) string {
-	return filepath.Join(testutils.CurrentDir(), "testdata", fmt.Sprintf("%s.json", framework))
+	return filepath.Join(".", "testdata", fmt.Sprintf("%s.json", framework))
 }
 
 func writeTempJSONControlInputs(t testing.TB) (string, map[string][]string) {

core/cautils/getter/testdata/controls-inputs.json

@@ -1,125 +0,0 @@
-{
-  "publicRegistries": [],
-  "untrustedRegistries": [],
-  "listOfDangerousArtifacts": [
-    "bin/bash",
-    "sbin/sh",
-    "bin/ksh",
-    "bin/tcsh",
-    "bin/zsh",
-    "usr/bin/scsh",
-    "bin/csh",
-    "bin/busybox",
-    "usr/bin/busybox"
-  ],
-  "sensitiveKeyNames": [
-    "aws_access_key_id",
-    "aws_secret_access_key",
-    "azure_batchai_storage_account",
-    "azure_batchai_storage_key",
-    "azure_batch_account",
-    "azure_batch_key",
-    "secret",
-    "key",
-    "password",
-    "pwd",
-    "token",
-    "jwt",
-    "bearer",
-    "credential"
-  ],
-  "servicesNames": [
-    "nifi-service",
-    "argo-server",
-    "minio",
-    "postgres",
-    "workflow-controller-metrics",
-    "weave-scope-app",
-    "kubernetes-dashboard"
-  ],
-  "memory_limit_max": [],
-  "cpu_request_min": [],
-  "wlKnownNames": [
-    "coredns",
-    "kube-proxy",
-    "event-exporter-gke",
-    "kube-dns",
-    "17-default-backend",
-    "metrics-server",
-    "ca-audit",
-    "ca-dashboard-aggregator",
-    "ca-notification-server",
-    "ca-ocimage",
-    "ca-oracle",
-    "ca-posture",
-    "ca-rbac",
-    "ca-vuln-scan",
-    "ca-webhook",
-    "ca-websocket",
-    "clair-clair"
-  ],
-  "sensitiveInterfaces": [
-    "nifi",
-    "argo-server",
-    "weave-scope-app",
-    "kubeflow",
-    "kubernetes-dashboard",
-    "jenkins",
-    "prometheus-deployment"
-  ],
-  "max_high_vulnerabilities": [
-    "10"
-  ],
-  "sensitiveValues": [
-    "BEGIN \\w+ PRIVATE KEY",
-    "PRIVATE KEY",
-    "eyJhbGciO",
-    "JWT",
-    "Bearer",
-    "_key_",
-    "_secret_"
-  ],
-  "memory_request_max": [],
-  "memory_request_min": [],
-  "cpu_request_max": [],
-  "cpu_limit_max": [],
-  "cpu_limit_min": [],
-  "insecureCapabilities": [
-    "SETPCAP",
-    "NET_ADMIN",
-    "NET_RAW",
-    "SYS_MODULE",
-    "SYS_RAWIO",
-    "SYS_PTRACE",
-    "SYS_ADMIN",
-    "SYS_BOOT",
-    "MAC_OVERRIDE",
-    "MAC_ADMIN",
-    "PERFMON",
-    "ALL",
-    "BPF"
-  ],
-  "max_critical_vulnerabilities": [
-    "5"
-  ],
-  "sensitiveValuesAllowed": [],
-  "memory_limit_min": [],
-  "recommendedLabels": [
-    "app",
-    "tier",
-    "phase",
-    "version",
-    "owner",
-    "env"
-  ],
-  "k8sRecommendedLabels": [
-    "app.kubernetes.io/name",
-    "app.kubernetes.io/instance",
-    "app.kubernetes.io/version",
-    "app.kubernetes.io/component",
-    "app.kubernetes.io/part-of",
-    "app.kubernetes.io/managed-by",
-    "app.kubernetes.io/created-by"
-  ],
-  "imageRepositoryAllowList": []
-}

core/cautils/getter/url.go

@@ -1,65 +0,0 @@
-package getter
-
-import (
-	"net/url"
-	"path"
-)
-
-// buildAPIURL builds an URL pointing to the API backend.
-func (api *KSCloudAPI) buildAPIURL(pth string, pairs ...string) string {
-	return buildQuery(url.URL{
-		Scheme: api.scheme,
-		Host:   api.host,
-		Path:   pth,
-	}, pairs...)
-}
-
-// buildUIURL builds an URL pointing to the UI frontend.
-func (api *KSCloudAPI) buildUIURL(pth string, pairs ...string) string {
-	return buildQuery(url.URL{
-		Scheme: api.uischeme,
-		Host:   api.uihost,
-		Path:   pth,
-	}, pairs...)
-}
-
-// buildAuthURL builds an URL pointing to the authentication endpoint.
-func (api *KSCloudAPI) buildAuthURL(pth string, pairs ...string) string {
-	return buildQuery(url.URL{
-		Scheme: api.authscheme,
-		Host:   api.authhost,
-		Path:   pth,
-	}, pairs...)
-}
-
-// buildReportURL builds an URL pointing to the reporting endpoint.
-func (api *KSCloudAPI) buildReportURL(pth string, pairs ...string) string {
-	return buildQuery(url.URL{
-		Scheme: api.reportscheme,
-		Host:   api.reporthost,
-		Path:   pth,
-	}, pairs...)
-}
-
-// buildQuery builds an URL with query params.
-//
-// Params are provided in pairs (param name, value).
-func buildQuery(u url.URL, pairs ...string) string {
-	if len(pairs)%2 != 0 {
-		panic("dev error: buildURL accepts query params in (name, value) pairs")
-	}
-
-	q := u.Query()
-
-	for i := 0; i < len(pairs)-1; i += 2 {
-		param := pairs[i]
-		value := pairs[i+1]
-
-		q.Add(param, value)
-	}
-
-	u.RawQuery = q.Encode()
-	u.Path = path.Clean(u.Path)
-
-	return u.String()
-}

core/cautils/getter/url_test.go

@@ -1,86 +0,0 @@
-package getter
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestBuildURL(t *testing.T) {
-	t.Parallel()
-
-	ks := NewKSCloudAPICustomized(
-		"api.example.com", "auth.example.com", // required
-		WithFrontendURL("ui.example.com"),   // optional
-		WithReportURL("report.example.com"), // optional
-	)
-
-	t.Run("should build API URL with query params on https host", func(t *testing.T) {
-		require.Equal(t,
-			"https://api.example.com/path?q1=v1&q2=v2",
-			ks.buildAPIURL("/path", "q1", "v1", "q2", "v2"),
-		)
-	})
-
-	t.Run("should build API URL with query params on http host", func(t *testing.T) {
-		ku := NewKSCloudAPICustomized("http://api.example.com", "auth.example.com")
-
-		require.Equal(t,
-			"http://api.example.com/path?q1=v1&q2=v2",
-			ku.buildAPIURL("/path", "q1", "v1", "q2", "v2"),
-		)
-	})
-
-	t.Run("should panic when params are not provided in pairs", func(t *testing.T) {
-		require.Panics(t, func() {
-			// notice how the linter detects wrong args
-			_ = ks.buildAPIURL("/path", "q1", "v1", "q2") //nolint:staticcheck
-		})
-	})
-
-	t.Run("should build UI URL with query params on https host", func(t *testing.T) {
-		require.Equal(t,
-			"https://ui.example.com/path?q1=v1&q2=v2",
-			ks.buildUIURL("/path", "q1", "v1", "q2", "v2"),
-		)
-	})
-
-	t.Run("should build report URL with query params on https host", func(t *testing.T) {
-		require.Equal(t,
-			"https://report.example.com/path?q1=v1&q2=v2",
-			ks.buildReportURL("/path", "q1", "v1", "q2", "v2"),
-		)
-	})
-}
-
-func TestViewURL(t *testing.T) {
-	t.Parallel()
-
-	ks := NewKSCloudAPICustomized(
-		"api.example.com", "auth.example.com", // required
-		WithFrontendURL("ui.example.com"),   // optional
-		WithReportURL("report.example.com"), // optional
-	)
-	ks.SetAccountID("me")
-	ks.SetInvitationToken("invite")
-
-	t.Run("should render UI report URL", func(t *testing.T) {
-		require.Equal(t, "https://ui.example.com/repository-scanning/xyz", ks.ViewReportURL("xyz"))
-	})
-
-	t.Run("should render UI dashboard URL", func(t *testing.T) {
-		require.Equal(t, "https://ui.example.com/dashboard", ks.ViewDashboardURL())
-	})
-
-	t.Run("should render UI RBAC URL", func(t *testing.T) {
-		require.Equal(t, "https://ui.example.com/rbac-visualizer", ks.ViewRBACURL())
-	})
-
-	t.Run("should render UI scan URL", func(t *testing.T) {
-		require.Equal(t, "https://ui.example.com/compliance/cluster", ks.ViewScanURL("cluster"))
-	})
-
-	t.Run("should render UI sign URL", func(t *testing.T) {
-		require.Equal(t, "https://ui.example.com/account/sign-up?customerGUID=me&invitationToken=invite&utm_medium=createaccount&utm_source=ARMOgithub", ks.ViewSignURL())
-	})
-}

core/cautils/getter/utils.go

@@ -1,82 +0,0 @@
-package getter
-
-import (
-	"fmt"
-	"io"
-	"net/http"
-	"strings"
-)
-
-// parseHost picks a host from a hostname or an URL and detects the scheme.
-//
-// The default scheme is https. This may be altered by specifying an explicit http://hostname URL.
-func parseHost(host string) (string, string) {
-	if strings.HasPrefix(host, "http://") {
-		return "http", strings.Replace(host, "http://", "", 1) // cut... index ...
-	}
-
-	// default scheme
-	return "https", strings.Replace(host, "https://", "", 1)
-}
-
-func isNativeFramework(framework string) bool {
-	return contains(NativeFrameworks, framework)
-}
-
-func contains(s []string, str string) bool {
-	for _, v := range s {
-		if strings.EqualFold(v, str) {
-			return true
-		}
-	}
-
-	return false
-}
-
-func min(a, b int64) int64 {
-	if a < b {
-		return a
-	}
-
-	return b
-}
-
-// errAPI reports an API error, with a cap on the length of the error message.
-func errAPI(resp *http.Response) error {
-	const maxSize = 1024
-
-	reason := new(strings.Builder)
-	if resp.Body != nil {
-		size := min(resp.ContentLength, maxSize)
-		if size > 0 {
-			reason.Grow(int(size))
-		}
-
-		_, _ = io.CopyN(reason, resp.Body, size)
-		defer resp.Body.Close()
-	}
-
-	return fmt.Errorf("http-error: '%s', reason: '%s'", resp.Status, reason.String())
-}
-
-// errAuth returns an authentication error.
-//
-// Authentication errors upon login croak a less detailed message.
-func errAuth(resp *http.Response) error {
-	return fmt.Errorf("error authenticating: %d", resp.StatusCode)
-}
-
-func readString(rdr io.Reader, sizeHint int64) (string, error) {
-
-	// if the response is empty, return an empty string
-	if sizeHint < 0 {
-		return "", nil
-	}
-
-	var b strings.Builder
-
-	b.Grow(int(sizeHint))
-	_, err := io.Copy(&b, rdr)
-
-	return b.String(), err
-}

core/cautils/getter/utils_test.go

@@ -1,99 +0,0 @@
-package getter
-
-import (
-	"io"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestParseHost(t *testing.T) {
-	t.Parallel()
-
-	t.Run("should recognize http scheme", func(t *testing.T) {
-		t.Parallel()
-
-		const input = "http://localhost:7555"
-		scheme, host := parseHost(input)
-		require.Equal(t, "http", scheme)
-		require.Equal(t, "localhost:7555", host)
-	})
-
-	t.Run("should recognize https scheme", func(t *testing.T) {
-		t.Parallel()
-
-		const input = "https://localhost:7555"
-		scheme, host := parseHost(input)
-		require.Equal(t, "https", scheme)
-		require.Equal(t, "localhost:7555", host)
-	})
-
-	t.Run("should adopt https scheme by default", func(t *testing.T) {
-		t.Parallel()
-
-		const input = "portal-dev.armo.cloud"
-		scheme, host := parseHost(input)
-		require.Equal(t, "https", scheme)
-		require.Equal(t, "portal-dev.armo.cloud", host)
-	})
-}
-
-func TestIsNativeFramework(t *testing.T) {
-	t.Parallel()
-
-	require.Truef(t, isNativeFramework("nSa"), "expected nsa to be native (case insensitive)")
-	require.Falsef(t, isNativeFramework("foo"), "expected framework to be custom")
-}
-
-func Test_readString(t *testing.T) {
-	type args struct {
-		rdr      io.Reader
-		sizeHint int64
-	}
-	tests := []struct {
-		name    string
-		args    args
-		want    string
-		wantErr bool
-	}{
-		{
-			name: "should return empty string if sizeHint is negative",
-			args: args{
-				rdr:      nil,
-				sizeHint: -1,
-			},
-			want:    "",
-			wantErr: false,
-		},
-		{
-			name: "should return empty string if sizeHint is zero",
-			args: args{
-				rdr:      &io.LimitedReader{},
-				sizeHint: 0,
-			},
-			want:    "",
-			wantErr: false,
-		},
-		{
-			name: "should return empty string if sizeHint is positive",
-			args: args{
-				rdr:      &io.LimitedReader{},
-				sizeHint: 1,
-			},
-			want:    "",
-			wantErr: false,
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got, err := readString(tt.args.rdr, tt.args.sizeHint)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("readString() error = %v, wantErr %v", err, tt.wantErr)
-				return
-			}
-			if got != tt.want {
-				t.Errorf("readString() = %v, want %v", got, tt.want)
-			}
-		})
-	}
-}

core/cautils/reportv2tov1.go

@@ -3,6 +3,7 @@ package cautils
 import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/opa-utils/reporthandling"
+	helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 )
 
@@ -71,9 +72,9 @@ func controlReportV2ToV1(opaSessionObj *OPASessionObj, frameworkName string, con
 					}
 
 					rulev1 := rulesv1[rulev2.GetName()]
-					status := rulev2.GetStatus(nil)
+					status := rulev2.GetStatus(&helpersv1.Filters{FrameworkNames: []string{frameworkName}})
 
-					if status.IsFailed() {
+					if status.IsFailed() || status.IsExcluded() {
 
 						// rule response
 						ruleResponse := reporthandling.RuleResponse{}

core/cautils/scaninfo.go

@@ -1,7 +1,6 @@
 package cautils
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"os"
@@ -9,12 +8,13 @@ import (
 	"strings"
 
 	"github.com/armosec/armoapi-go/armotypes"
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
+
 	giturl "github.com/kubescape/go-git-url"
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	"github.com/kubescape/opa-utils/reporthandling"
 	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 
@@ -112,14 +112,13 @@ type ScanInfo struct {
 	View                  string             // Display all of the input resources and not only failed resources
 	Format                string             // Format results (table, json, junit ...)
 	Output                string             // Store results in an output file, Output file name
-	FormatVersion         string             // Output object can be different between versions, this is for testing and backward compatibility
+	FormatVersion         string             // Output object can be differnet between versions, this is for testing and backward compatibility
 	CustomClusterName     string             // Set the custom name of the cluster
 	ExcludedNamespaces    string             // used for host scanner namespace
 	IncludeNamespaces     string             //
 	InputPatterns         []string           // Yaml files input patterns
 	Silent                bool               // Silent mode - Do not print progress logs
-	FailThreshold         float32            // DEPRECATED - Failure score threshold
-	ComplianceThreshold   float32            // Compliance score threshold
+	FailThreshold         float32            // Failure score threshold
 	FailThresholdSeverity string             // Severity at and above which the command should fail
 	Submit                bool               // Submit results to Kubescape Cloud BE
 	CreateAccount         bool               // Create account in Kubescape Cloud BE if no account found in local cache
@@ -142,16 +141,16 @@ type Getters struct {
 	AttackTracksGetter   getter.IAttackTracksGetter
 }
 
-func (scanInfo *ScanInfo) Init(ctx context.Context) {
+func (scanInfo *ScanInfo) Init() {
 	scanInfo.setUseFrom()
-	scanInfo.setUseArtifactsFrom(ctx)
+	scanInfo.setUseArtifactsFrom()
 	if scanInfo.ScanID == "" {
 		scanInfo.ScanID = uuid.NewString()
 	}
 
 }
 
-func (scanInfo *ScanInfo) setUseArtifactsFrom(ctx context.Context) {
+func (scanInfo *ScanInfo) setUseArtifactsFrom() {
 	if scanInfo.UseArtifactsFrom == "" {
 		return
 	}
@@ -165,7 +164,7 @@ func (scanInfo *ScanInfo) setUseArtifactsFrom(ctx context.Context) {
 	// set frameworks files
 	files, err := os.ReadDir(scanInfo.UseArtifactsFrom)
 	if err != nil {
-		logger.L().Ctx(ctx).Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
+		logger.L().Fatal("failed to read files from directory", helpers.String("dir", scanInfo.UseArtifactsFrom), helpers.Error(err))
 	}
 	framework := &reporthandling.Framework{}
 	for _, f := range files {
@@ -224,10 +223,10 @@ func (scanInfo *ScanInfo) contains(policyName string) bool {
 	return false
 }
 
-func scanInfoToScanMetadata(ctx context.Context, scanInfo *ScanInfo) *reporthandlingv2.Metadata {
+func scanInfoToScanMetadata(scanInfo *ScanInfo) *reporthandlingv2.Metadata {
 	metadata := &reporthandlingv2.Metadata{}
 
-	metadata.ScanMetadata.Formats = []string{scanInfo.Format}
+	metadata.ScanMetadata.Format = scanInfo.Format
 	metadata.ScanMetadata.FormatVersion = scanInfo.FormatVersion
 	metadata.ScanMetadata.Submit = scanInfo.Submit
 
@@ -251,7 +250,6 @@ func scanInfoToScanMetadata(ctx context.Context, scanInfo *ScanInfo) *reporthand
 	metadata.ScanMetadata.KubescapeVersion = BuildNumber
 	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
 	metadata.ScanMetadata.FailThreshold = scanInfo.FailThreshold
-	metadata.ScanMetadata.ComplianceThreshold = scanInfo.ComplianceThreshold
 	metadata.ScanMetadata.HostScanner = scanInfo.HostSensorEnabled.GetBool()
 	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
 	metadata.ScanMetadata.ControlsInputs = scanInfo.ControlsInputs
@@ -279,7 +277,7 @@ func scanInfoToScanMetadata(ctx context.Context, scanInfo *ScanInfo) *reporthand
 
 	}
 
-	setContextMetadata(ctx, &metadata.ContextMetadata, inputFiles)
+	setContextMetadata(&metadata.ContextMetadata, inputFiles)
 
 	return metadata
 }
@@ -323,7 +321,7 @@ func GetScanningContext(input string) ScanningContext {
 	//  dir/glob
 	return ContextDir
 }
-func setContextMetadata(ctx context.Context, contextMetadata *reporthandlingv2.ContextMetadata, input string) {
+func setContextMetadata(contextMetadata *reporthandlingv2.ContextMetadata, input string) {
 	switch GetScanningContext(input) {
 	case ContextCluster:
 		contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{
@@ -333,7 +331,7 @@ func setContextMetadata(ctx context.Context, contextMetadata *reporthandlingv2.C
 		// url
 		context, err := metadataGitURL(input)
 		if err != nil {
-			logger.L().Ctx(ctx).Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
+			logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
 		}
 		contextMetadata.RepoContextMetadata = context
 	case ContextDir:
@@ -350,7 +348,7 @@ func setContextMetadata(ctx context.Context, contextMetadata *reporthandlingv2.C
 		// local
 		context, err := metadataGitLocal(input)
 		if err != nil {
-			logger.L().Ctx(ctx).Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
+			logger.L().Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
 		}
 		contextMetadata.RepoContextMetadata = context
 	}

core/cautils/scaninfo_test.go

@@ -1,7 +1,6 @@
 package cautils
 
 import (
-	"context"
 	"testing"
 
 	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
@@ -11,7 +10,7 @@ import (
 func TestSetContextMetadata(t *testing.T) {
 	{
 		ctx := reporthandlingv2.ContextMetadata{}
-		setContextMetadata(context.TODO(), &ctx, "")
+		setContextMetadata(&ctx, "")
 
 		assert.NotNil(t, ctx.ClusterContextMetadata)
 		assert.Nil(t, ctx.DirectoryContextMetadata)

core/cautils/versioncheck.go

@@ -1,7 +1,6 @@
 package cautils
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -11,7 +10,7 @@ import (
 	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
-	"go.opentelemetry.io/otel"
+
 	"golang.org/x/mod/semver"
 )
 
@@ -26,12 +25,12 @@ var LatestReleaseVersion string
 const UnknownBuildNumber = "unknown"
 
 type IVersionCheckHandler interface {
-	CheckLatestVersion(context.Context, *VersionCheckRequest) error
+	CheckLatestVersion(*VersionCheckRequest) error
 }
 
-func NewIVersionCheckHandler(ctx context.Context) IVersionCheckHandler {
+func NewIVersionCheckHandler() IVersionCheckHandler {
 	if BuildNumber == "" {
-		logger.L().Ctx(ctx).Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
+		logger.L().Warning("unknown build number, this might affect your scan results. Please make sure you are updated to latest version")
 	}
 
 	if v, ok := os.LookupEnv(CLIENT_ENV); ok && v != "" {
@@ -99,17 +98,15 @@ func NewVersionCheckRequest(buildNumber, frameworkName, frameworkVersion, scanni
 	}
 }
 
-func (v *VersionCheckHandlerMock) CheckLatestVersion(_ context.Context, _ *VersionCheckRequest) error {
+func (v *VersionCheckHandlerMock) CheckLatestVersion(versionData *VersionCheckRequest) error {
 	logger.L().Info("Skipping version check")
 	return nil
 }
 
-func (v *VersionCheckHandler) CheckLatestVersion(ctx context.Context, versionData *VersionCheckRequest) error {
-	ctx, span := otel.Tracer("").Start(ctx, "versionCheckHandler.CheckLatestVersion")
-	defer span.End()
+func (v *VersionCheckHandler) CheckLatestVersion(versionData *VersionCheckRequest) error {
 	defer func() {
 		if err := recover(); err != nil {
-			logger.L().Ctx(ctx).Warning("failed to get latest version", helpers.Interface("error", err))
+			logger.L().Warning("failed to get latest version", helpers.Interface("error", err))
 		}
 	}()
 
@@ -122,7 +119,7 @@ func (v *VersionCheckHandler) CheckLatestVersion(ctx context.Context, versionDat
 
 	if latestVersion.ClientUpdate != "" {
 		if BuildNumber != "" && semver.Compare(BuildNumber, LatestReleaseVersion) == -1 {
-			logger.L().Ctx(ctx).Warning(warningMessage(LatestReleaseVersion))
+			logger.L().Warning(warningMessage(LatestReleaseVersion))
 		}
 	}
 

core/cautils/workloadmappingutils.go

@@ -4,7 +4,6 @@ import (
 	"strings"
 
 	"github.com/kubescape/k8s-interface/cloudsupport"
-	cloudapis "github.com/kubescape/k8s-interface/cloudsupport/apis"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
@@ -21,13 +20,9 @@ var (
 		"KubeProxyInfo",
 		"ControlPlaneInfo",
 		"CloudProviderInfo",
-		"CNIInfo",
 	}
 	CloudResources = []string{
-		cloudapis.CloudProviderDescribeKind,
-		cloudapis.CloudProviderDescribeRepositoriesKind,
-		cloudapis.CloudProviderListEntitiesForPoliciesKind,
-		cloudapis.CloudProviderPolicyVersionKind,
+		"ClusterDescribe",
 		string(cloudsupport.TypeApiServerInfo),
 	}
 )

core/core/cachedconfig.go

@@ -1,7 +1,6 @@
 package core
 
 import (
-	"context"
 	"fmt"
 
 	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
@@ -43,8 +42,8 @@ func (ks *Kubescape) ViewCachedConfig(viewConfig *metav1.ViewConfig) error {
 	return nil
 }
 
-func (ks *Kubescape) DeleteCachedConfig(ctx context.Context, deleteConfig *metav1.DeleteConfig) error {
+func (ks *Kubescape) DeleteCachedConfig(deleteConfig *metav1.DeleteConfig) error {
 
 	tenant := getTenantConfig(nil, "", "", getKubernetesApi()) // change k8sinterface
-	return tenant.DeleteCachedConfig(ctx)
+	return tenant.DeleteCachedConfig()
 }

core/core/download.go

@@ -1,7 +1,6 @@
 package core
 
 import (
-	"context"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -22,7 +21,7 @@ const (
 	TargetAttackTracks   = "attack-tracks"
 )
 
-var downloadFunc = map[string]func(context.Context, *metav1.DownloadInfo) error{
+var downloadFunc = map[string]func(*metav1.DownloadInfo) error{
 	TargetControlsInputs: downloadConfigInputs,
 	TargetExceptions:     downloadExceptions,
 	TargetControl:        downloadControl,
@@ -39,20 +38,20 @@ func DownloadSupportCommands() []string {
 	return commands
 }
 
-func (ks *Kubescape) Download(ctx context.Context, downloadInfo *metav1.DownloadInfo) error {
+func (ks *Kubescape) Download(downloadInfo *metav1.DownloadInfo) error {
 	setPathandFilename(downloadInfo)
 	if err := os.MkdirAll(downloadInfo.Path, os.ModePerm); err != nil {
 		return err
 	}
-	if err := downloadArtifact(ctx, downloadInfo, downloadFunc); err != nil {
+	if err := downloadArtifact(downloadInfo, downloadFunc); err != nil {
 		return err
 	}
 	return nil
 }
 
-func downloadArtifact(ctx context.Context, downloadInfo *metav1.DownloadInfo, downloadArtifactFunc map[string]func(context.Context, *metav1.DownloadInfo) error) error {
+func downloadArtifact(downloadInfo *metav1.DownloadInfo, downloadArtifactFunc map[string]func(*metav1.DownloadInfo) error) error {
 	if f, ok := downloadArtifactFunc[downloadInfo.Target]; ok {
-		if err := f(ctx, downloadInfo); err != nil {
+		if err := f(downloadInfo); err != nil {
 			return err
 		}
 		return nil
@@ -74,26 +73,26 @@ func setPathandFilename(downloadInfo *metav1.DownloadInfo) {
 	}
 }
 
-func downloadArtifacts(ctx context.Context, downloadInfo *metav1.DownloadInfo) error {
+func downloadArtifacts(downloadInfo *metav1.DownloadInfo) error {
 	downloadInfo.FileName = ""
-	var artifacts = map[string]func(context.Context, *metav1.DownloadInfo) error{
+	var artifacts = map[string]func(*metav1.DownloadInfo) error{
 		"controls-inputs": downloadConfigInputs,
 		"exceptions":      downloadExceptions,
 		"framework":       downloadFramework,
 		"attack-tracks":   downloadAttackTracks,
 	}
 	for artifact := range artifacts {
-		if err := downloadArtifact(ctx, &metav1.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
-			logger.L().Ctx(ctx).Warning("error downloading", helpers.String("artifact", artifact), helpers.Error(err))
+		if err := downloadArtifact(&metav1.DownloadInfo{Target: artifact, Path: downloadInfo.Path, FileName: fmt.Sprintf("%s.json", artifact)}, artifacts); err != nil {
+			logger.L().Error("error downloading", helpers.String("artifact", artifact), helpers.Error(err))
 		}
 	}
 	return nil
 }
 
-func downloadConfigInputs(ctx context.Context, downloadInfo *metav1.DownloadInfo) error {
+func downloadConfigInputs(downloadInfo *metav1.DownloadInfo) error {
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
-	controlsInputsGetter := getConfigInputsGetter(ctx, downloadInfo.Identifier, tenant.GetAccountID(), nil)
+	controlsInputsGetter := getConfigInputsGetter(downloadInfo.Identifier, tenant.GetAccountID(), nil)
 	controlInputs, err := controlsInputsGetter.GetControlsInputs(tenant.GetContextName())
 	if err != nil {
 		return err
@@ -113,9 +112,9 @@ func downloadConfigInputs(ctx context.Context, downloadInfo *metav1.DownloadInfo
 	return nil
 }
 
-func downloadExceptions(ctx context.Context, downloadInfo *metav1.DownloadInfo) error {
+func downloadExceptions(downloadInfo *metav1.DownloadInfo) error {
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
-	exceptionsGetter := getExceptionsGetter(ctx, "", tenant.GetAccountID(), nil)
+	exceptionsGetter := getExceptionsGetter("", tenant.GetAccountID(), nil)
 
 	exceptions, err := exceptionsGetter.GetExceptions(tenant.GetContextName())
 	if err != nil {
@@ -130,15 +129,15 @@ func downloadExceptions(ctx context.Context, downloadInfo *metav1.DownloadInfo)
 	if err != nil {
 		return err
 	}
-	logger.L().Ctx(ctx).Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("path", filepath.Join(downloadInfo.Path, downloadInfo.FileName)))
+	logger.L().Success("Downloaded", helpers.String("artifact", downloadInfo.Target), helpers.String("path", filepath.Join(downloadInfo.Path, downloadInfo.FileName)))
 	return nil
 }
 
-func downloadAttackTracks(ctx context.Context, downloadInfo *metav1.DownloadInfo) error {
+func downloadAttackTracks(downloadInfo *metav1.DownloadInfo) error {
 	var err error
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
-	attackTracksGetter := getAttackTracksGetter(ctx, "", tenant.GetAccountID(), nil)
+	attackTracksGetter := getAttackTracksGetter("", tenant.GetAccountID(), nil)
 
 	attackTracks, err := attackTracksGetter.GetAttackTracks()
 	if err != nil {
@@ -158,11 +157,11 @@ func downloadAttackTracks(ctx context.Context, downloadInfo *metav1.DownloadInfo
 
 }
 
-func downloadFramework(ctx context.Context, downloadInfo *metav1.DownloadInfo) error {
+func downloadFramework(downloadInfo *metav1.DownloadInfo) error {
 
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
-	g := getPolicyGetter(ctx, nil, tenant.GetTenantEmail(), true, nil)
+	g := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)
 
 	if downloadInfo.Identifier == "" {
 		// if framework name not specified - download all frameworks
@@ -200,11 +199,11 @@ func downloadFramework(ctx context.Context, downloadInfo *metav1.DownloadInfo) e
 	return nil
 }
 
-func downloadControl(ctx context.Context, downloadInfo *metav1.DownloadInfo) error {
+func downloadControl(downloadInfo *metav1.DownloadInfo) error {
 
 	tenant := getTenantConfig(&downloadInfo.Credentials, "", "", getKubernetesApi())
 
-	g := getPolicyGetter(ctx, nil, tenant.GetTenantEmail(), false, nil)
+	g := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
 
 	if downloadInfo.Identifier == "" {
 		// TODO - support

core/core/fix.go

@@ -1,7 +1,6 @@
 package core
 
 import (
-	"context"
 	"fmt"
 	"strings"
 
@@ -11,44 +10,42 @@ import (
 	"github.com/kubescape/kubescape/v2/core/pkg/fixhandler"
 )
 
-const (
-	noChangesApplied     = "No changes were applied."
-	noResourcesToFix     = "No issues to fix."
-	confirmationQuestion = "Would you like to apply the changes to the files above? [y|n]: "
-)
+const NoChangesApplied = "No changes were applied."
+const NoResourcesToFix = "No issues to fix."
+const ConfirmationQuestion = "Would you like to apply the changes to the files above? [y|n]: "
 
-func (ks *Kubescape) Fix(ctx context.Context, fixInfo *metav1.FixInfo) error {
+func (ks *Kubescape) Fix(fixInfo *metav1.FixInfo) error {
 	logger.L().Info("Reading report file...")
 	handler, err := fixhandler.NewFixHandler(fixInfo)
 	if err != nil {
 		return err
 	}
 
-	resourcesToFix := handler.PrepareResourcesToFix(ctx)
+	resourcesToFix := handler.PrepareResourcesToFix()
 
 	if len(resourcesToFix) == 0 {
-		logger.L().Info(noResourcesToFix)
+		logger.L().Info(NoResourcesToFix)
 		return nil
 	}
 
 	handler.PrintExpectedChanges(resourcesToFix)
 
 	if fixInfo.DryRun {
-		logger.L().Info(noChangesApplied)
+		logger.L().Info(NoChangesApplied)
 		return nil
 	}
 
 	if !fixInfo.NoConfirm && !userConfirmed() {
-		logger.L().Info(noChangesApplied)
+		logger.L().Info(NoChangesApplied)
 		return nil
 	}
 
-	updatedFilesCount, errors := handler.ApplyChanges(ctx, resourcesToFix)
+	updatedFilesCount, errors := handler.ApplyChanges(resourcesToFix)
 	logger.L().Info(fmt.Sprintf("Fixed resources in %d files.", updatedFilesCount))
 
 	if len(errors) > 0 {
 		for _, err := range errors {
-			logger.L().Ctx(ctx).Warning(err.Error())
+			logger.L().Error(err.Error())
 		}
 		return fmt.Errorf("Failed to fix some resources, check the logs for more details")
 	}
@@ -60,7 +57,7 @@ func userConfirmed() bool {
 	var input string
 
 	for {
-		fmt.Println(confirmationQuestion)
+		fmt.Printf(ConfirmationQuestion)
 		if _, err := fmt.Scanln(&input); err != nil {
 			continue
 		}

core/core/initutils.go

@@ -1,7 +1,6 @@
 package core
 
 import (
-	"context"
 	"fmt"
 	"os"
 
@@ -16,7 +15,6 @@ import (
 	printerv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer/v2"
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter"
 	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
-	"go.opentelemetry.io/otel"
 
 	"github.com/google/uuid"
 
@@ -37,7 +35,7 @@ func getTenantConfig(credentials *cautils.Credentials, clusterName string, custo
 	return cautils.NewClusterConfig(k8s, getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
 }
 
-func getExceptionsGetter(ctx context.Context, useExceptions string, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IExceptionsGetter {
+func getExceptionsGetter(useExceptions string, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IExceptionsGetter {
 	if useExceptions != "" {
 		// load exceptions from file
 		return getter.NewLoadPolicy([]string{useExceptions})
@@ -51,7 +49,7 @@ func getExceptionsGetter(ctx context.Context, useExceptions string, accountID st
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
 	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache
-		logger.L().Ctx(ctx).Warning("failed to get exceptions from github release, loading attack tracks from cache", helpers.Error(err))
+		logger.L().Warning("failed to get exceptions from github release, loading attack tracks from cache", helpers.Error(err))
 		return getter.NewLoadPolicy([]string{getter.GetDefaultPath(cautils.LocalExceptionsFilename)})
 	}
 	return downloadReleasedPolicy
@@ -65,10 +63,7 @@ func getRBACHandler(tenantConfig cautils.ITenantConfig, k8s *k8sinterface.Kubern
 	return nil
 }
 
-func getReporter(ctx context.Context, tenantConfig cautils.ITenantConfig, reportID string, submit, fwScan bool, scanningContext cautils.ScanningContext) reporter.IReport {
-	_, span := otel.Tracer("").Start(ctx, "getReporter")
-	defer span.End()
-
+func getReporter(tenantConfig cautils.ITenantConfig, reportID string, submit, fwScan bool, scanningContext cautils.ScanningContext) reporter.IReport {
 	if submit {
 		submitData := reporterv2.SubmitContextScan
 		if scanningContext != cautils.ContextCluster {
@@ -78,7 +73,7 @@ func getReporter(ctx context.Context, tenantConfig cautils.ITenantConfig, report
 	}
 	if tenantConfig.GetAccountID() == "" {
 		// Add link only when scanning a cluster using a framework
-		return reporterv2.NewReportMock("", "")
+		return reporterv2.NewReportMock("https://hub.armosec.io/docs/installing-kubescape", "run kubescape with the '--account' flag")
 	}
 	var message string
 	if !fwScan {
@@ -88,51 +83,37 @@ func getReporter(ctx context.Context, tenantConfig cautils.ITenantConfig, report
 	return reporterv2.NewReportMock("", message)
 }
 
-func getResourceHandler(ctx context.Context, scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig, k8s *k8sinterface.KubernetesApi, hostSensorHandler hostsensorutils.IHostSensor, registryAdaptors *resourcehandler.RegistryAdaptors) resourcehandler.IResourceHandler {
-	ctx, span := otel.Tracer("").Start(ctx, "getResourceHandler")
-	defer span.End()
-
+func getResourceHandler(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantConfig, k8s *k8sinterface.KubernetesApi, hostSensorHandler hostsensorutils.IHostSensor, registryAdaptors *resourcehandler.RegistryAdaptors) resourcehandler.IResourceHandler {
 	if len(scanInfo.InputPatterns) > 0 || k8s == nil {
 		// scanInfo.HostSensor.SetBool(false)
-		return resourcehandler.NewFileResourceHandler(ctx, scanInfo.InputPatterns, registryAdaptors)
+		return resourcehandler.NewFileResourceHandler(scanInfo.InputPatterns, registryAdaptors)
 	}
 	getter.GetKSCloudAPIConnector()
 	rbacObjects := getRBACHandler(tenantConfig, k8s, scanInfo.Submit)
 	return resourcehandler.NewK8sResourceHandler(k8s, getFieldSelector(scanInfo), hostSensorHandler, rbacObjects, registryAdaptors)
 }
 
-// getHostSensorHandler yields a IHostSensor that knows how to collect a host's scanned resources.
-//
-// A noop sensor is returned whenever host scanning is disabled or an error prevented the scanner to properly deploy.
-func getHostSensorHandler(ctx context.Context, scanInfo *cautils.ScanInfo, k8s *k8sinterface.KubernetesApi) hostsensorutils.IHostSensor {
-	const wantsHostSensorControls = true // defaults to disabling the scanner if not explictly enabled (TODO(fredbi): should be addressed by injecting ScanInfo defaults)
-	hostSensorVal := scanInfo.HostSensorEnabled.Get()
+func getHostSensorHandler(scanInfo *cautils.ScanInfo, k8s *k8sinterface.KubernetesApi) hostsensorutils.IHostSensor {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
+		return &hostsensorutils.HostSensorHandlerMock{}
+	}
 
-	switch {
-	case !k8sinterface.IsConnectedToCluster() || k8s == nil: // TODO(fred): fix race condition on global KSConfig there
-		return hostsensorutils.NewHostSensorHandlerMock()
-
-	case hostSensorVal != nil && *hostSensorVal:
+	hasHostSensorControls := true
+	// we need to determined which controls needs host scanner
+	if scanInfo.HostSensorEnabled.Get() == nil && hasHostSensorControls {
+		scanInfo.HostSensorEnabled.SetBool(false) // default - do not run host scanner
+		logger.L().Warning("Kubernetes cluster nodes scanning is disabled. This is required to collect valuable data for certain controls. You can enable it using the --enable-host-scan flag")
+	}
+	if hostSensorVal := scanInfo.HostSensorEnabled.Get(); hostSensorVal != nil && *hostSensorVal {
 		hostSensorHandler, err := hostsensorutils.NewHostSensorHandler(k8s, scanInfo.HostSensorYamlPath)
 		if err != nil {
-			logger.L().Ctx(ctx).Warning(fmt.Sprintf("failed to create host scanner: %s", err.Error()))
-
-			return hostsensorutils.NewHostSensorHandlerMock()
+			logger.L().Warning(fmt.Sprintf("failed to create host scanner: %s", err.Error()))
+			return &hostsensorutils.HostSensorHandlerMock{}
 		}
-
 		return hostSensorHandler
-
-	case hostSensorVal == nil && wantsHostSensorControls:
-		// TODO: we need to determine which controls need the host scanner
-		scanInfo.HostSensorEnabled.SetBool(false)
-
-		fallthrough
-
-	default:
-		return hostsensorutils.NewHostSensorHandlerMock()
 	}
+	return &hostsensorutils.HostSensorHandlerMock{}
 }
-
 func getFieldSelector(scanInfo *cautils.ScanInfo) resourcehandler.IFieldSelector {
 	if scanInfo.IncludeNamespaces != "" {
 		return resourcehandler.NewIncludeSelector(scanInfo.IncludeNamespaces)
@@ -208,7 +189,7 @@ func setSubmitBehavior(scanInfo *cautils.ScanInfo, tenantConfig cautils.ITenantC
 }
 
 // setPolicyGetter set the policy getter - local file/github release/Kubescape Cloud API
-func getPolicyGetter(ctx context.Context, loadPoliciesFromFile []string, tenantEmail string, frameworkScope bool, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
+func getPolicyGetter(loadPoliciesFromFile []string, tenantEmail string, frameworkScope bool, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
 	if len(loadPoliciesFromFile) > 0 {
 		return getter.NewLoadPolicy(loadPoliciesFromFile)
 	}
@@ -219,12 +200,12 @@ func getPolicyGetter(ctx context.Context, loadPoliciesFromFile []string, tenantE
 	if downloadReleasedPolicy == nil {
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
-	return getDownloadReleasedPolicy(ctx, downloadReleasedPolicy)
+	return getDownloadReleasedPolicy(downloadReleasedPolicy)
 
 }
 
 // setConfigInputsGetter sets the config input getter - local file/github release/Kubescape Cloud API
-func getConfigInputsGetter(ctx context.Context, ControlsInputs string, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IControlsInputsGetter {
+func getConfigInputsGetter(ControlsInputs string, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IControlsInputsGetter {
 	if len(ControlsInputs) > 0 {
 		return getter.NewLoadPolicy([]string{ControlsInputs})
 	}
@@ -236,14 +217,14 @@ func getConfigInputsGetter(ctx context.Context, ControlsInputs string, accountID
 		downloadReleasedPolicy = getter.NewDownloadReleasedPolicy()
 	}
 	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull config inputs, fallback to BE
-		logger.L().Ctx(ctx).Warning("failed to get config inputs from github release, this may affect the scanning results", helpers.Error(err))
+		logger.L().Warning("failed to get config inputs from github release, this may affect the scanning results", helpers.Error(err))
 	}
 	return downloadReleasedPolicy
 }
 
-func getDownloadReleasedPolicy(ctx context.Context, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
+func getDownloadReleasedPolicy(downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IPolicyGetter {
 	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull policy, fallback to cache
-		logger.L().Ctx(ctx).Warning("failed to get policies from github release, loading policies from cache", helpers.Error(err))
+		logger.L().Warning("failed to get policies from github release, loading policies from cache", helpers.Error(err))
 		return getter.NewLoadPolicy(getDefaultFrameworksPaths())
 	} else {
 		return downloadReleasedPolicy
@@ -266,7 +247,7 @@ func listFrameworksNames(policyGetter getter.IPolicyGetter) []string {
 	return getter.NativeFrameworks
 }
 
-func getAttackTracksGetter(ctx context.Context, attackTracks, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IAttackTracksGetter {
+func getAttackTracksGetter(attackTracks, accountID string, downloadReleasedPolicy *getter.DownloadReleasedPolicy) getter.IAttackTracksGetter {
 	if len(attackTracks) > 0 {
 		return getter.NewLoadPolicy([]string{attackTracks})
 	}
@@ -279,23 +260,18 @@ func getAttackTracksGetter(ctx context.Context, attackTracks, accountID string,
 	}
 
 	if err := downloadReleasedPolicy.SetRegoObjects(); err != nil { // if failed to pull attack tracks, fallback to cache
-		logger.L().Ctx(ctx).Warning("failed to get attack tracks from github release, loading attack tracks from cache", helpers.Error(err))
+		logger.L().Warning("failed to get attack tracks from github release, loading attack tracks from cache", helpers.Error(err))
 		return getter.NewLoadPolicy([]string{getter.GetDefaultPath(cautils.LocalAttackTracksFilename)})
 	}
 	return downloadReleasedPolicy
 }
 
 // getUIPrinter returns a printer that will be used to print to the program’s UI (terminal)
-func getUIPrinter(ctx context.Context, verboseMode bool, formatVersion string, attackTree bool, viewType cautils.ViewTypes) printer.IPrinter {
-	var p printer.IPrinter
-	if helpers.ToLevel(logger.L().GetLevel()) >= helpers.WarningLevel {
-		p = &printerv2.SilentPrinter{}
-	} else {
-		p = printerv2.NewPrettyPrinter(verboseMode, formatVersion, attackTree, viewType)
+func getUIPrinter(verboseMode bool, formatVersion string, attackTree bool, viewType cautils.ViewTypes) printer.IPrinter {
+	p := printerv2.NewPrettyPrinter(verboseMode, formatVersion, attackTree, viewType)
 
-		// Since the UI of the program is a CLI (Stdout), it means that it should always print to Stdout
-		p.SetWriter(ctx, os.Stdout.Name())
-	}
+	// Since the UI of the program is a CLI (Stdout), it means that it should always print to Stdout
+	p.SetWriter(os.Stdout.Name())
 
 	return p
 }

core/core/initutils_test.go

@@ -1,17 +1,10 @@
 package core
 
 import (
-	"context"
 	"reflect"
 	"testing"
 
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
-	"github.com/kubescape/kubescape/v2/core/pkg/hostsensorutils"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
 )
 
 func Test_getUIPrinter(t *testing.T) {
@@ -20,159 +13,27 @@ func Test_getUIPrinter(t *testing.T) {
 		VerboseMode:   true,
 		View:          "control",
 	}
-	type args struct {
-		ctx           context.Context
-		formatVersion string
-		viewType      cautils.ViewTypes
-		verboseMode   bool
-		printAttack   bool
-		loggerLevel   helpers.Level
-	}
-	type wantTypes struct {
-		structType    string
-		formatVersion string
-		viewType      cautils.ViewTypes
-		verboseMode   bool
-	}
-	tests := []struct {
-		name          string
-		args          args
-		want          wantTypes
-		testAllFields bool
-	}{
-		{
-			name: "Test getUIPrinter PrettyPrinter",
-			args: args{
-				ctx:           context.TODO(),
-				verboseMode:   scanInfo.VerboseMode,
-				formatVersion: scanInfo.FormatVersion,
-				printAttack:   scanInfo.PrintAttackTree,
-				viewType:      cautils.ViewTypes(scanInfo.View),
-				loggerLevel:   helpers.InfoLevel,
-			},
-			want: wantTypes{
-				structType:    "*printer.PrettyPrinter",
-				formatVersion: scanInfo.FormatVersion,
-				verboseMode:   scanInfo.VerboseMode,
-				viewType:      cautils.ViewTypes(scanInfo.View),
-			},
-			testAllFields: true,
-		},
-		{
-			name: "Test getUIPrinter SilentPrinter",
-			args: args{
-				ctx:           context.TODO(),
-				verboseMode:   scanInfo.VerboseMode,
-				formatVersion: scanInfo.FormatVersion,
-				printAttack:   scanInfo.PrintAttackTree,
-				viewType:      cautils.ViewTypes(scanInfo.View),
-				loggerLevel:   helpers.WarningLevel,
-			},
-			want: wantTypes{
-				structType:    "*printer.SilentPrinter",
-				formatVersion: "",
-				verboseMode:   false,
-				viewType:      cautils.ViewTypes(""),
-			},
-			testAllFields: false,
-		},
+	wantFormatVersion := scanInfo.FormatVersion
+	wantVerboseMode := scanInfo.VerboseMode
+	wantViewType := cautils.ViewTypes(scanInfo.View)
+
+	got := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View))
+
+	gotValue := reflect.ValueOf(got).Elem()
+	gotFormatVersion := gotValue.FieldByName("formatVersion").String()
+	gotVerboseMode := gotValue.FieldByName("verboseMode").Bool()
+	gotViewType := cautils.ViewTypes(gotValue.FieldByName("viewType").String())
+
+	if gotFormatVersion != wantFormatVersion {
+		t.Errorf("Got: %s, want: %s", gotFormatVersion, wantFormatVersion)
 	}
 
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			logger.L().SetLevel(tt.args.loggerLevel.String())
-			got := getUIPrinter(tt.args.ctx, tt.args.verboseMode, tt.args.formatVersion, tt.args.printAttack, tt.args.viewType)
-
-			assert.Equal(t, tt.want.structType, reflect.TypeOf(got).String())
-
-			if !tt.testAllFields {
-				return
-			}
-
-			gotValue := reflect.ValueOf(got).Elem()
-			gotFormatVersion := gotValue.FieldByName("formatVersion").String()
-			gotVerboseMode := gotValue.FieldByName("verboseMode").Bool()
-			gotViewType := cautils.ViewTypes(gotValue.FieldByName("viewType").String())
-
-			if gotFormatVersion != tt.want.formatVersion {
-				t.Errorf("Got: %s, want: %s", gotFormatVersion, tt.want.formatVersion)
-			}
-
-			if gotVerboseMode != tt.want.verboseMode {
-				t.Errorf("Got: %t, want: %t", gotVerboseMode, tt.want.verboseMode)
-			}
-
-			if gotViewType != tt.want.viewType {
-				t.Errorf("Got: %v, want: %v", gotViewType, tt.want.viewType)
-			}
-		})
+	if gotVerboseMode != wantVerboseMode {
+		t.Errorf("Got: %t, want: %t", gotVerboseMode, wantVerboseMode)
 	}
-}
-
-func TestGetSensorHandler(t *testing.T) {
-	t.Parallel()
-
-	ctx := context.Background()
-
-	t.Run("should return mock sensor if not k8s interface is provided", func(t *testing.T) {
-		t.Parallel()
-
-		scanInfo := &cautils.ScanInfo{}
-		var k8s *k8sinterface.KubernetesApi
-
-		sensor := getHostSensorHandler(ctx, scanInfo, k8s)
-		require.NotNil(t, sensor)
-
-		_, isMock := sensor.(*hostsensorutils.HostSensorHandlerMock)
-		require.True(t, isMock)
-	})
-
-	t.Run("should return mock sensor if the sensor is not enabled", func(t *testing.T) {
-		t.Parallel()
-
-		scanInfo := &cautils.ScanInfo{}
-		k8s := &k8sinterface.KubernetesApi{}
-
-		sensor := getHostSensorHandler(ctx, scanInfo, k8s)
-		require.NotNil(t, sensor)
-
-		_, isMock := sensor.(*hostsensorutils.HostSensorHandlerMock)
-		require.True(t, isMock)
-	})
-
-	t.Run("should return mock sensor if the sensor is disabled", func(t *testing.T) {
-		t.Parallel()
-
-		falseFlag := cautils.NewBoolPtr(nil)
-		falseFlag.SetBool(false)
-		scanInfo := &cautils.ScanInfo{
-			HostSensorEnabled: falseFlag,
-		}
-		k8s := &k8sinterface.KubernetesApi{}
-
-		sensor := getHostSensorHandler(ctx, scanInfo, k8s)
-		require.NotNil(t, sensor)
-
-		_, isMock := sensor.(*hostsensorutils.HostSensorHandlerMock)
-		require.True(t, isMock)
-	})
-
-	t.Run("should return mock sensor if the sensor is enabled, but can't deploy (nil)", func(t *testing.T) {
-		t.Parallel()
-
-		falseFlag := cautils.NewBoolPtr(nil)
-		falseFlag.SetBool(true)
-		scanInfo := &cautils.ScanInfo{
-			HostSensorEnabled: falseFlag,
-		}
-		var k8s *k8sinterface.KubernetesApi
-
-		sensor := getHostSensorHandler(ctx, scanInfo, k8s)
-		require.NotNil(t, sensor)
-
-		_, isMock := sensor.(*hostsensorutils.HostSensorHandlerMock)
-		require.True(t, isMock)
-	})
-
-	// TODO(fredbi): need to share the k8s client mock to test a happy path / deployment failure path
+
+	if gotViewType != wantViewType {
+		t.Errorf("Got: %v, want: %v", gotViewType, wantViewType)
+	}
+
 }

core/core/list.go

@@ -1,7 +1,6 @@
 package core
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
 	"sort"
@@ -14,13 +13,13 @@ import (
 	"github.com/olekukonko/tablewriter"
 )
 
-var listFunc = map[string]func(context.Context, *metav1.ListPolicies) ([]string, error){
+var listFunc = map[string]func(*metav1.ListPolicies) ([]string, error){
 	"controls":   listControls,
 	"frameworks": listFrameworks,
 	"exceptions": listExceptions,
 }
 
-var listFormatFunc = map[string]func(context.Context, string, []string){
+var listFormatFunc = map[string]func(string, []string){
 	"pretty-print": prettyPrintListFormat,
 	"json":         jsonListFormat,
 }
@@ -32,16 +31,16 @@ func ListSupportActions() []string {
 	}
 	return commands
 }
-func (ks *Kubescape) List(ctx context.Context, listPolicies *metav1.ListPolicies) error {
+func (ks *Kubescape) List(listPolicies *metav1.ListPolicies) error {
 	if policyListerFunc, ok := listFunc[listPolicies.Target]; ok {
-		policies, err := policyListerFunc(ctx, listPolicies)
+		policies, err := policyListerFunc(listPolicies)
 		if err != nil {
 			return err
 		}
 		sort.Strings(policies)
 
 		if listFormatFunction, ok := listFormatFunc[listPolicies.Format]; ok {
-			listFormatFunction(ctx, listPolicies.Target, policies)
+			listFormatFunction(listPolicies.Target, policies)
 		} else {
 			return fmt.Errorf("Invalid format \"%s\", Supported formats: 'pretty-print'/'json' ", listPolicies.Format)
 		}
@@ -51,26 +50,26 @@ func (ks *Kubescape) List(ctx context.Context, listPolicies *metav1.ListPolicies
 	return fmt.Errorf("unknown command to download")
 }
 
-func listFrameworks(ctx context.Context, listPolicies *metav1.ListPolicies) ([]string, error) {
+func listFrameworks(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi()) // change k8sinterface
-	policyGetter := getPolicyGetter(ctx, nil, tenant.GetTenantEmail(), true, nil)
+	policyGetter := getPolicyGetter(nil, tenant.GetTenantEmail(), true, nil)
 
 	return listFrameworksNames(policyGetter), nil
 }
 
-func listControls(ctx context.Context, listPolicies *metav1.ListPolicies) ([]string, error) {
+func listControls(listPolicies *metav1.ListPolicies) ([]string, error) {
 	tenant := getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi()) // change k8sinterface
 
-	policyGetter := getPolicyGetter(ctx, nil, tenant.GetTenantEmail(), false, nil)
+	policyGetter := getPolicyGetter(nil, tenant.GetTenantEmail(), false, nil)
 	return policyGetter.ListControls()
 }
 
-func listExceptions(ctx context.Context, listPolicies *metav1.ListPolicies) ([]string, error) {
+func listExceptions(listPolicies *metav1.ListPolicies) ([]string, error) {
 	// load tenant metav1
 	tenant := getTenantConfig(&listPolicies.Credentials, "", "", getKubernetesApi())
 
 	var exceptionsNames []string
-	ksCloudAPI := getExceptionsGetter(ctx, "", tenant.GetAccountID(), nil)
+	ksCloudAPI := getExceptionsGetter("", tenant.GetAccountID(), nil)
 	exceptions, err := ksCloudAPI.GetExceptions("")
 	if err != nil {
 		return exceptionsNames, err
@@ -81,15 +80,15 @@ func listExceptions(ctx context.Context, listPolicies *metav1.ListPolicies) ([]s
 	return exceptionsNames, nil
 }
 
-func prettyPrintListFormat(ctx context.Context, targetPolicy string, policies []string) {
+func prettyPrintListFormat(targetPolicy string, policies []string) {
 	if targetPolicy == "controls" {
-		prettyPrintControls(ctx, policies)
+		prettyPrintControls(policies)
 		return
 	}
 
 	header := fmt.Sprintf("Supported %s", targetPolicy)
 
-	policyTable := tablewriter.NewWriter(printer.GetWriter(ctx, ""))
+	policyTable := tablewriter.NewWriter(printer.GetWriter(""))
 	policyTable.SetAutoWrapText(true)
 	policyTable.SetHeader([]string{header})
 	policyTable.SetHeaderLine(true)
@@ -104,14 +103,14 @@ func prettyPrintListFormat(ctx context.Context, targetPolicy string, policies []
 	policyTable.Render()
 }
 
-func jsonListFormat(_ context.Context, _ string, policies []string) {
+func jsonListFormat(targetPolicy string, policies []string) {
 	j, _ := json.MarshalIndent(policies, "", "  ")
 
 	fmt.Printf("%s\n", j)
 }
 
-func prettyPrintControls(ctx context.Context, policies []string) {
-	controlsTable := tablewriter.NewWriter(printer.GetWriter(ctx, ""))
+func prettyPrintControls(policies []string) {
+	controlsTable := tablewriter.NewWriter(printer.GetWriter(""))
 	controlsTable.SetAutoWrapText(true)
 	controlsTable.SetHeader([]string{"Control ID", "Control Name", "Docs", "Frameworks"})
 	controlsTable.SetHeaderLine(true)

core/core/scan.go

@@ -1,12 +1,14 @@
 package core
 
 import (
-	"context"
 	"fmt"
 
+	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
+
+	"github.com/kubescape/k8s-interface/k8sinterface"
+
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	"github.com/kubescape/kubescape/v2/core/pkg/hostsensorutils"
@@ -17,8 +19,6 @@ import (
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling"
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/printer"
 	"github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter"
-	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
-	"go.opentelemetry.io/otel"
 
 	"github.com/kubescape/opa-utils/resources"
 )
@@ -32,22 +32,20 @@ type componentInterfaces struct {
 	hostSensorHandler hostsensorutils.IHostSensor
 }
 
-func getInterfaces(ctx context.Context, scanInfo *cautils.ScanInfo) componentInterfaces {
-	ctx, span := otel.Tracer("").Start(ctx, "setup interfaces")
-	defer span.End()
+func getInterfaces(scanInfo *cautils.ScanInfo) componentInterfaces {
 
 	// ================== setup k8s interface object ======================================
 	var k8s *k8sinterface.KubernetesApi
 	if scanInfo.GetScanningContext() == cautils.ContextCluster {
 		k8s = getKubernetesApi()
 		if k8s == nil {
-			logger.L().Ctx(ctx).Fatal("failed connecting to Kubernetes cluster")
+			logger.L().Fatal("failed connecting to Kubernetes cluster")
 		}
 	}
 
 	// ================== setup tenant object ======================================
-	ctxTenant, spanTenant := otel.Tracer("").Start(ctx, "setup tenant")
-	tenantConfig := getTenantConfig(&scanInfo.Credentials, k8sinterface.GetContextName(), scanInfo.CustomClusterName, k8s)
+
+	tenantConfig := getTenantConfig(&scanInfo.Credentials, scanInfo.KubeContext, scanInfo.CustomClusterName, k8s)
 
 	// Set submit behavior AFTER loading tenant config
 	setSubmitBehavior(scanInfo, tenantConfig)
@@ -55,56 +53,58 @@ func getInterfaces(ctx context.Context, scanInfo *cautils.ScanInfo) componentInt
 	if scanInfo.Submit {
 		// submit - Create tenant & Submit report
 		if err := tenantConfig.SetTenant(); err != nil {
-			logger.L().Ctx(ctxTenant).Error(err.Error())
+			logger.L().Error(err.Error())
 		}
 
 		if scanInfo.OmitRawResources {
-			logger.L().Ctx(ctx).Warning("omit-raw-resources flag will be ignored in submit mode")
+			logger.L().Warning("omit-raw-resources flag will be ignored in submit mode")
 		}
 	}
-	spanTenant.End()
 
 	// ================== version testing ======================================
 
-	v := cautils.NewIVersionCheckHandler(ctx)
-	v.CheckLatestVersion(ctx, cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierIdentities(scanInfo.PolicyIdentifier), "", cautils.ScanningContextToScanningScope(scanInfo.GetScanningContext())))
+	v := cautils.NewIVersionCheckHandler()
+	v.CheckLatestVersion(cautils.NewVersionCheckRequest(cautils.BuildNumber, policyIdentifierIdentities(scanInfo.PolicyIdentifier), "", cautils.ScanningContextToScanningScope(scanInfo.GetScanningContext())))
 
 	// ================== setup host scanner object ======================================
-	ctxHostScanner, spanHostScanner := otel.Tracer("").Start(ctx, "setup host scanner")
-	hostSensorHandler := getHostSensorHandler(ctx, scanInfo, k8s)
-	if err := hostSensorHandler.Init(ctxHostScanner); err != nil {
-		logger.L().Ctx(ctxHostScanner).Error("failed to init host scanner", helpers.Error(err))
-		hostSensorHandler = hostsensorutils.NewHostSensorHandlerMock()
+
+	hostSensorHandler := getHostSensorHandler(scanInfo, k8s)
+	if err := hostSensorHandler.Init(); err != nil {
+		logger.L().Error("failed to init host scanner", helpers.Error(err))
+		hostSensorHandler = &hostsensorutils.HostSensorHandlerMock{}
+	}
+	// excluding hostsensor namespace
+	if len(scanInfo.IncludeNamespaces) == 0 && hostSensorHandler.GetNamespace() != "" {
+		scanInfo.ExcludedNamespaces = fmt.Sprintf("%s,%s", scanInfo.ExcludedNamespaces, hostSensorHandler.GetNamespace())
 	}
-	spanHostScanner.End()
 
 	// ================== setup registry adaptors ======================================
 
 	registryAdaptors, err := resourcehandler.NewRegistryAdaptors()
 	if err != nil {
-		logger.L().Ctx(ctx).Error("failed to initialize registry adaptors", helpers.Error(err))
+		logger.L().Error("failed to initialize registry adaptors", helpers.Error(err))
 	}
 
 	// ================== setup resource collector object ======================================
 
-	resourceHandler := getResourceHandler(ctx, scanInfo, tenantConfig, k8s, hostSensorHandler, registryAdaptors)
+	resourceHandler := getResourceHandler(scanInfo, tenantConfig, k8s, hostSensorHandler, registryAdaptors)
 
 	// ================== setup reporter & printer objects ======================================
 
 	// reporting behavior - setup reporter
-	reportHandler := getReporter(ctx, tenantConfig, scanInfo.ScanID, scanInfo.Submit, scanInfo.FrameworkScan, scanInfo.GetScanningContext())
+	reportHandler := getReporter(tenantConfig, scanInfo.ScanID, scanInfo.Submit, scanInfo.FrameworkScan, scanInfo.GetScanningContext())
 
 	// setup printers
 	formats := scanInfo.Formats()
 
 	outputPrinters := make([]printer.IPrinter, 0)
 	for _, format := range formats {
-		printerHandler := resultshandling.NewPrinter(ctx, format, scanInfo.FormatVersion, scanInfo.PrintAttackTree, scanInfo.VerboseMode, cautils.ViewTypes(scanInfo.View))
-		printerHandler.SetWriter(ctx, scanInfo.Output)
+		printerHandler := resultshandling.NewPrinter(format, scanInfo.FormatVersion, scanInfo.PrintAttackTree, scanInfo.VerboseMode, cautils.ViewTypes(scanInfo.View))
+		printerHandler.SetWriter(scanInfo.Output)
 		outputPrinters = append(outputPrinters, printerHandler)
 	}
 
-	uiPrinter := getUIPrinter(ctx, scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View))
+	uiPrinter := getUIPrinter(scanInfo.VerboseMode, scanInfo.FormatVersion, scanInfo.PrintAttackTree, cautils.ViewTypes(scanInfo.View))
 
 	// ================== return interface ======================================
 
@@ -118,15 +118,13 @@ func getInterfaces(ctx context.Context, scanInfo *cautils.ScanInfo) componentInt
 	}
 }
 
-func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
-	ctxInit, spanInit := otel.Tracer("").Start(ctx, "initialization")
-
+func (ks *Kubescape) Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) {
 	logger.L().Info("Kubescape scanner starting")
 
 	// ===================== Initialization =====================
-	scanInfo.Init(ctxInit) // initialize scan info
+	scanInfo.Init() // initialize scan info
 
-	interfaces := getInterfaces(ctxInit, scanInfo)
+	interfaces := getInterfaces(scanInfo)
 
 	cautils.ClusterName = interfaces.tenantConfig.GetContextName() // TODO - Deprecated
 	cautils.CustomerGUID = interfaces.tenantConfig.GetAccountID()  // TODO - Deprecated
@@ -136,10 +134,10 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res
 	downloadReleasedPolicy := getter.NewDownloadReleasedPolicy() // download config inputs from github release
 
 	// set policy getter only after setting the customerGUID
-	scanInfo.Getters.PolicyGetter = getPolicyGetter(ctxInit, scanInfo.UseFrom, interfaces.tenantConfig.GetTenantEmail(), scanInfo.FrameworkScan, downloadReleasedPolicy)
-	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(ctxInit, scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
-	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(ctxInit, scanInfo.UseExceptions, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
-	scanInfo.Getters.AttackTracksGetter = getAttackTracksGetter(ctxInit, scanInfo.AttackTracks, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
+	scanInfo.Getters.PolicyGetter = getPolicyGetter(scanInfo.UseFrom, interfaces.tenantConfig.GetTenantEmail(), scanInfo.FrameworkScan, downloadReleasedPolicy)
+	scanInfo.Getters.ControlsInputsGetter = getConfigInputsGetter(scanInfo.ControlsInputs, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
+	scanInfo.Getters.ExceptionsGetter = getExceptionsGetter(scanInfo.UseExceptions, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
+	scanInfo.Getters.AttackTracksGetter = getAttackTracksGetter(scanInfo.AttackTracks, interfaces.tenantConfig.GetAccountID(), downloadReleasedPolicy)
 
 	// TODO - list supported frameworks/controls
 	if scanInfo.ScanAll {
@@ -149,42 +147,34 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res
 	// remove host scanner components
 	defer func() {
 		if err := interfaces.hostSensorHandler.TearDown(); err != nil {
-			logger.L().Ctx(ctx).Error("failed to tear down host scanner", helpers.Error(err))
+			logger.L().Error("failed to tear down host scanner", helpers.Error(err))
 		}
 	}()
 
 	resultsHandling := resultshandling.NewResultsHandler(interfaces.report, interfaces.outputPrinters, interfaces.uiPrinter)
 
 	// ===================== policies & resources =====================
-	ctxPolicies, spanPolicies := otel.Tracer("").Start(ctxInit, "policies & resources")
 	policyHandler := policyhandler.NewPolicyHandler(interfaces.resourceHandler)
-	scanData, err := policyHandler.CollectResources(ctxPolicies, scanInfo.PolicyIdentifier, scanInfo, cautils.NewProgressHandler(""))
+	scanData, err := policyHandler.CollectResources(scanInfo.PolicyIdentifier, scanInfo)
 	if err != nil {
-		spanInit.End()
 		return resultsHandling, err
 	}
-	spanPolicies.End()
-	spanInit.End()
 
 	// ========================= opa testing =====================
-	ctxOpa, spanOpa := otel.Tracer("").Start(ctx, "opa testing")
-	defer spanOpa.End()
-
 	deps := resources.NewRegoDependenciesData(k8sinterface.GetK8sConfig(), interfaces.tenantConfig.GetContextName())
 	reportResults := opaprocessor.NewOPAProcessor(scanData, deps)
-	if err := reportResults.ProcessRulesListener(ctxOpa, cautils.NewProgressHandler("")); err != nil {
+	if err := reportResults.ProcessRulesListenner(); err != nil {
 		// TODO - do something
 		return resultsHandling, fmt.Errorf("%w", err)
 	}
 
 	// ======================== prioritization ===================
-	_, spanPrioritization := otel.Tracer("").Start(ctxOpa, "prioritization")
-	if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(ctxOpa, scanInfo.Getters.AttackTracksGetter, scanInfo.PrintAttackTree); err != nil {
-		logger.L().Ctx(ctx).Warning("failed to get attack tracks, this may affect the scanning results", helpers.Error(err))
+
+	if priotizationHandler, err := resourcesprioritization.NewResourcesPrioritizationHandler(scanInfo.Getters.AttackTracksGetter, scanInfo.PrintAttackTree); err != nil {
+		logger.L().Warning("failed to get attack tracks, this may affect the scanning results", helpers.Error(err))
 	} else if err := priotizationHandler.PrioritizeResources(scanData); err != nil {
 		return resultsHandling, fmt.Errorf("%w", err)
 	}
-	spanPrioritization.End()
 
 	// ========================= results handling =====================
 	resultsHandling.SetData(scanData)

core/core/submit.go

@@ -1,8 +1,6 @@
 package core
 
 import (
-	"context"
-
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/cautils/getter"
 	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
@@ -11,7 +9,7 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 )
 
-func (ks *Kubescape) Submit(ctx context.Context, submitInterfaces cliinterfaces.SubmitInterfaces) error {
+func (ks *Kubescape) Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error {
 
 	// list resources
 	report, err := submitInterfaces.SubmitObjects.SetResourcesReport()
@@ -28,7 +26,7 @@ func (ks *Kubescape) Submit(ctx context.Context, submitInterfaces cliinterfaces.
 		AllResources: allresources,
 		Metadata:     &report.Metadata,
 	}
-	if err := submitInterfaces.Reporter.Submit(ctx, o); err != nil {
+	if err := submitInterfaces.Reporter.Submit(o); err != nil {
 		return err
 	}
 	logger.L().Success("Data has been submitted successfully")
@@ -37,13 +35,13 @@ func (ks *Kubescape) Submit(ctx context.Context, submitInterfaces cliinterfaces.
 	return nil
 }
 
-func (ks *Kubescape) SubmitExceptions(ctx context.Context, credentials *cautils.Credentials, excPath string) error {
+func (ks *Kubescape) SubmitExceptions(credentials *cautils.Credentials, excPath string) error {
 	logger.L().Info("submitting exceptions", helpers.String("path", excPath))
 
 	// load cached config
 	tenantConfig := getTenantConfig(credentials, "", "", getKubernetesApi())
 	if err := tenantConfig.SetTenant(); err != nil {
-		logger.L().Ctx(ctx).Warning("failed setting account ID", helpers.Error(err))
+		logger.L().Error("failed setting account ID", helpers.Error(err))
 	}
 
 	// load exceptions from file

core/meta/ksinterface.go

@@ -1,8 +1,6 @@
 package meta
 
 import (
-	"context"
-
 	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
 	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
@@ -10,24 +8,24 @@ import (
 )
 
 type IKubescape interface {
-	Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) // TODO - use scanInfo from v1
+	Scan(scanInfo *cautils.ScanInfo) (*resultshandling.ResultsHandler, error) // TODO - use scanInfo from v1
 
 	// policies
-	List(ctx context.Context, listPolicies *metav1.ListPolicies) error     // TODO - return list response
-	Download(ctx context.Context, downloadInfo *metav1.DownloadInfo) error // TODO - return downloaded policies
+	List(listPolicies *metav1.ListPolicies) error     // TODO - return list response
+	Download(downloadInfo *metav1.DownloadInfo) error // TODO - return downloaded policies
 
 	// submit
-	Submit(ctx context.Context, submitInterfaces cliinterfaces.SubmitInterfaces) error            // TODO - func should receive object
-	SubmitExceptions(ctx context.Context, credentials *cautils.Credentials, excPath string) error // TODO - remove
+	Submit(submitInterfaces cliinterfaces.SubmitInterfaces) error            // TODO - func should receive object
+	SubmitExceptions(credentials *cautils.Credentials, excPath string) error // TODO - remove
 
 	// config
 	SetCachedConfig(setConfig *metav1.SetConfig) error
 	ViewCachedConfig(viewConfig *metav1.ViewConfig) error
-	DeleteCachedConfig(ctx context.Context, deleteConfig *metav1.DeleteConfig) error
+	DeleteCachedConfig(deleteConfig *metav1.DeleteConfig) error
 
 	// delete
 	DeleteExceptions(deleteexceptions *metav1.DeleteExceptions) error
 
 	// fix
-	Fix(ctx context.Context, fixInfo *metav1.FixInfo) error
+	Fix(fixInfo *metav1.FixInfo) error
 }

core/pkg/fixhandler/datastructures.go

@@ -20,7 +20,7 @@ type FixHandler struct {
 
 // ResourceFixInfo is a struct that holds the information about the resource that needs to be fixed
 type ResourceFixInfo struct {
-	YamlExpressions map[string]armotypes.FixPath
+	YamlExpressions map[string]*armotypes.FixPath
 	Resource        *reporthandling.Resource
 	FilePath        string
 	DocumentIndex   int
@@ -58,7 +58,7 @@ func withNewline(content, targetNewline string) string {
 	replaceNewlines := map[string]bool{
 		unixNewline:    true,
 		windowsNewline: true,
-		oldMacNewline:  true,
+		oldMacNewline:     true,
 	}
 	replaceNewlines[targetNewline] = false
 

core/pkg/fixhandler/fixhandler.go

@@ -1,10 +1,9 @@
 package fixhandler
 
 import (
-	"context"
 	"encoding/json"
 	"fmt"
-	"io"
+	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
@@ -36,7 +35,7 @@ func NewFixHandler(fixInfo *metav1.FixInfo) (*FixHandler, error) {
 		return nil, err
 	}
 	defer jsonFile.Close()
-	byteValue, _ := io.ReadAll(jsonFile)
+	byteValue, _ := ioutil.ReadAll(jsonFile)
 
 	var reportObj reporthandlingv2.PostureReport
 	if err = json.Unmarshal(byteValue, &reportObj); err != nil {
@@ -120,7 +119,7 @@ func (h *FixHandler) getPathFromRawResource(obj map[string]interface{}) string {
 	return ""
 }
 
-func (h *FixHandler) PrepareResourcesToFix(ctx context.Context) []ResourceFixInfo {
+func (h *FixHandler) PrepareResourcesToFix() []ResourceFixInfo {
 	resourceIdToResource := h.buildResourcesMap()
 
 	resourcesToFix := make([]ResourceFixInfo, 0)
@@ -142,20 +141,20 @@ func (h *FixHandler) PrepareResourcesToFix(ctx context.Context) []ResourceFixInf
 
 		relativePath, documentIndex, err := h.getFilePathAndIndex(resourcePath)
 		if err != nil {
-			logger.L().Ctx(ctx).Warning("Skipping invalid resource path: " + resourcePath)
+			logger.L().Error("Skipping invalid resource path: " + resourcePath)
 			continue
 		}
 
 		absolutePath := path.Join(h.localBasePath, relativePath)
 		if _, err := os.Stat(absolutePath); err != nil {
-			logger.L().Ctx(ctx).Warning("Skipping missing file: " + absolutePath)
+			logger.L().Error("Skipping missing file: " + absolutePath)
 			continue
 		}
 
 		rfi := ResourceFixInfo{
 			FilePath:        absolutePath,
 			Resource:        resourceObj,
-			YamlExpressions: make(map[string]armotypes.FixPath, 0),
+			YamlExpressions: make(map[string]*armotypes.FixPath, 0),
 			DocumentIndex:   documentIndex,
 		}
 
@@ -185,7 +184,7 @@ func (h *FixHandler) PrintExpectedChanges(resourcesToFix []ResourceFixInfo) {
 
 		i := 1
 		for _, fixPath := range resourceFixInfo.YamlExpressions {
-			sb.WriteString(fmt.Sprintf("\t%d) %s = %s\n", i, fixPath.Path, fixPath.Value))
+			sb.WriteString(fmt.Sprintf("\t%d) %s = %s\n", i, (*fixPath).Path, (*fixPath).Value))
 			i++
 		}
 		sb.WriteString("\n------\n")
@@ -194,21 +193,21 @@ func (h *FixHandler) PrintExpectedChanges(resourcesToFix []ResourceFixInfo) {
 	logger.L().Info(sb.String())
 }
 
-func (h *FixHandler) ApplyChanges(ctx context.Context, resourcesToFix []ResourceFixInfo) (int, []error) {
+func (h *FixHandler) ApplyChanges(resourcesToFix []ResourceFixInfo) (int, []error) {
 	updatedFiles := make(map[string]bool)
 	errors := make([]error, 0)
 
 	fileYamlExpressions := h.getFileYamlExpressions(resourcesToFix)
 
 	for filepath, yamlExpression := range fileYamlExpressions {
-		fileAsString, err := GetFileString(filepath)
+		fileAsString, err := getFileString(filepath)
 
 		if err != nil {
 			errors = append(errors, err)
 			continue
 		}
 
-		fixedYamlString, err := ApplyFixToContent(ctx, fileAsString, yamlExpression)
+		fixedYamlString, err := h.ApplyFixToContent(fileAsString, yamlExpression)
 
 		if err != nil {
 			errors = append(errors, fmt.Errorf("Failed to fix file %s: %w ", filepath, err))
@@ -220,7 +219,7 @@ func (h *FixHandler) ApplyChanges(ctx context.Context, resourcesToFix []Resource
 		err = writeFixesToFile(filepath, fixedYamlString)
 
 		if err != nil {
-			logger.L().Ctx(ctx).Warning(fmt.Sprintf("Failed to write fixes to file %s, %v", filepath, err.Error()))
+			logger.L().Error(fmt.Sprintf("Failed to write fixes to file %s, %v", filepath, err.Error()))
 			errors = append(errors, err)
 		}
 	}
@@ -242,7 +241,7 @@ func (h *FixHandler) getFilePathAndIndex(filePathWithIndex string) (filePath str
 	}
 }
 
-func ApplyFixToContent(ctx context.Context, yamlAsString, yamlExpression string) (fixedString string, err error) {
+func (h *FixHandler) ApplyFixToContent(yamlAsString, yamlExpression string) (fixedString string, err error) {
 	newline := determineNewlineSeparator(yamlAsString)
 
 	yamlLines := strings.Split(yamlAsString, newline)
@@ -253,15 +252,15 @@ func ApplyFixToContent(ctx context.Context, yamlAsString, yamlExpression string)
 		return "", err
 	}
 
-	fixedRootNodes, err := getFixedNodes(ctx, yamlAsString, yamlExpression)
+	fixedRootNodes, err := getFixedNodes(yamlAsString, yamlExpression)
 
 	if err != nil {
 		return "", err
 	}
 
-	fixInfo := getFixInfo(ctx, originalRootNodes, fixedRootNodes)
+	fileFixInfo := getFixInfo(originalRootNodes, fixedRootNodes)
 
-	fixedYamlLines := getFixedYamlLines(yamlLines, fixInfo, newline)
+	fixedYamlLines := getFixedYamlLines(yamlLines, fileFixInfo, newline)
 
 	fixedString = getStringFromSlice(fixedYamlLines, newline)
 
@@ -270,9 +269,7 @@ func ApplyFixToContent(ctx context.Context, yamlAsString, yamlExpression string)
 
 func (h *FixHandler) getFileYamlExpressions(resourcesToFix []ResourceFixInfo) map[string]string {
 	fileYamlExpressions := make(map[string]string, 0)
-	for _, toPin := range resourcesToFix {
-		resourceToFix := toPin
-
+	for _, resourceToFix := range resourcesToFix {
 		singleExpression := reduceYamlExpressions(&resourceToFix)
 		resourceFilePath := resourceToFix.FilePath
 
@@ -301,8 +298,8 @@ func (rfi *ResourceFixInfo) addYamlExpressionsFromResourceAssociatedControl(docu
 				continue
 			}
 
-			yamlExpression := FixPathToValidYamlExpression(rulePaths.FixPath.Path, rulePaths.FixPath.Value, documentIndex)
-			rfi.YamlExpressions[yamlExpression] = rulePaths.FixPath
+			yamlExpression := fixPathToValidYamlExpression(rulePaths.FixPath.Path, rulePaths.FixPath.Value, documentIndex)
+			rfi.YamlExpressions[yamlExpression] = &rulePaths.FixPath
 		}
 	}
 }
@@ -317,7 +314,7 @@ func reduceYamlExpressions(resource *ResourceFixInfo) string {
 	return strings.Join(expressions, " | ")
 }
 
-func FixPathToValidYamlExpression(fixPath, value string, documentIndexInYaml int) string {
+func fixPathToValidYamlExpression(fixPath, value string, documentIndexInYaml int) string {
 	isStringValue := true
 	if _, err := strconv.ParseBool(value); err == nil {
 		isStringValue = false
@@ -340,8 +337,8 @@ func joinStrings(inputStrings ...string) string {
 	return strings.Join(inputStrings, "")
 }
 
-func GetFileString(filepath string) (string, error) {
-	bytes, err := os.ReadFile(filepath)
+func getFileString(filepath string) (string, error) {
+	bytes, err := ioutil.ReadFile(filepath)
 
 	if err != nil {
 		return "", fmt.Errorf("Error reading file %s", filepath)
@@ -351,7 +348,7 @@ func GetFileString(filepath string) (string, error) {
 }
 
 func writeFixesToFile(filepath, content string) error {
-	err := os.WriteFile(filepath, []byte(content), 0644) //nolint:gosec
+	err := ioutil.WriteFile(filepath, []byte(content), 0644)
 
 	if err != nil {
 		return fmt.Errorf("Error writing fixes to file: %w", err)

core/pkg/fixhandler/fixhandler_test.go

@@ -1,14 +1,12 @@
 package fixhandler
 
 import (
-	"context"
 	"os"
 	"path/filepath"
 	"testing"
 
 	logger "github.com/kubescape/go-logger"
 	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
-	"github.com/kubescape/kubescape/v2/internal/testutils"
 	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 	"github.com/mikefarah/yq/v4/pkg/yqlib"
 	"github.com/stretchr/testify/assert"
@@ -33,6 +31,11 @@ func NewFixHandlerMock() (*FixHandler, error) {
 	}, nil
 }
 
+func getTestdataPath() string {
+	currentDir, _ := os.Getwd()
+	return filepath.Join(currentDir, "testdata")
+}
+
 func getTestCases() []indentationTestCase {
 	indentationTestCases := []indentationTestCase{
 		// Insertion Scenarios
@@ -119,7 +122,7 @@ func getTestCases() []indentationTestCase {
 		},
 		{
 			"removes/tc-04-00-input.yaml",
-			`del(select(di==0).spec.containers[0].securityContext) |
+			`del(select(di==0).spec.containers[0].securityContext) | 
 			 del(select(di==1).spec.containers[1])`,
 			"removes/tc-04-01-expected.yaml",
 		},
@@ -173,8 +176,9 @@ func TestApplyFixKeepsFormatting(t *testing.T) {
 	for _, tc := range testCases {
 		t.Run(tc.inputFile, func(t *testing.T) {
 			getTestDataPath := func(filename string) string {
+				currentDir, _ := os.Getwd()
 				currentFile := "testdata/" + filename
-				return filepath.Join(testutils.CurrentDir(), currentFile)
+				return filepath.Join(currentDir, currentFile)
 			}
 
 			input, _ := os.ReadFile(getTestDataPath(tc.inputFile))
@@ -182,7 +186,9 @@ func TestApplyFixKeepsFormatting(t *testing.T) {
 			want := string(wantRaw)
 			expression := tc.yamlExpression
 
-			got, _ := ApplyFixToContent(context.TODO(), string(input), expression)
+			h, _ := NewFixHandlerMock()
+
+			got, _ := h.ApplyFixToContent(string(input), expression)
 
 			assert.Equalf(
 				t, want, got,
@@ -239,7 +245,7 @@ func Test_fixPathToValidYamlExpression(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			if got := FixPathToValidYamlExpression(tt.args.fixPath, tt.args.value, tt.args.documentIndexInYaml); got != tt.want {
+			if got := fixPathToValidYamlExpression(tt.args.fixPath, tt.args.value, tt.args.documentIndexInYaml); got != tt.want {
 				t.Errorf("fixPathToValidYamlExpression() = %v, want %v", got, tt.want)
 			}
 		})

core/pkg/fixhandler/yamlhandler.go

@@ -2,7 +2,6 @@ package fixhandler
 
 import (
 	"container/list"
-	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -37,7 +36,7 @@ func decodeDocumentRoots(yamlAsString string) ([]yaml.Node, error) {
 	return nodes, nil
 }
 
-func getFixedNodes(ctx context.Context, yamlAsString, yamlExpression string) ([]yaml.Node, error) {
+func getFixedNodes(yamlAsString, yamlExpression string) ([]yaml.Node, error) {
 	preferences := yqlib.ConfiguredYamlPreferences
 	preferences.EvaluateTogether = true
 	decoder := yqlib.NewYamlDecoder(preferences)
@@ -45,7 +44,7 @@ func getFixedNodes(ctx context.Context, yamlAsString, yamlExpression string) ([]
 	var allDocuments = list.New()
 	reader := strings.NewReader(yamlAsString)
 
-	fileDocuments, err := readDocuments(ctx, reader, decoder)
+	fileDocuments, err := readDocuments(reader, decoder)
 	if err != nil {
 		return nil, err
 	}
@@ -88,14 +87,14 @@ func flattenWithDFSHelper(node *yaml.Node, parent *yaml.Node, dfsOrder *[]nodeIn
 	}
 }
 
-func getFixInfo(ctx context.Context, originalRootNodes, fixedRootNodes []yaml.Node) fileFixInfo {
+func getFixInfo(originalRootNodes, fixedRootNodes []yaml.Node) fileFixInfo {
 	contentToAdd := make([]contentToAdd, 0)
 	linesToRemove := make([]linesToRemove, 0)
 
 	for idx := 0; idx < len(fixedRootNodes); idx++ {
 		originalList := flattenWithDFS(&originalRootNodes[idx])
 		fixedList := flattenWithDFS(&fixedRootNodes[idx])
-		nodeContentToAdd, nodeLinesToRemove := getFixInfoHelper(ctx, *originalList, *fixedList)
+		nodeContentToAdd, nodeLinesToRemove := getFixInfoHelper(*originalList, *fixedList)
 		contentToAdd = append(contentToAdd, nodeContentToAdd...)
 		linesToRemove = append(linesToRemove, nodeLinesToRemove...)
 	}
@@ -106,7 +105,7 @@ func getFixInfo(ctx context.Context, originalRootNodes, fixedRootNodes []yaml.No
 	}
 }
 
-func getFixInfoHelper(ctx context.Context, originalList, fixedList []nodeInfo) ([]contentToAdd, []linesToRemove) {
+func getFixInfoHelper(originalList, fixedList []nodeInfo) ([]contentToAdd, []linesToRemove) {
 
 	// While obtaining fixedYamlNode, comments and empty lines at the top are ignored.
 	// This causes a difference in Line numbers across the tree structure. In order to
@@ -139,20 +138,20 @@ func getFixInfoHelper(ctx context.Context, originalList, fixedList []nodeInfo) (
 			fixedListTracker += 1
 
 		case removedNode:
-			originalListTracker, fixedListTracker = addLinesToRemove(ctx, fixInfoMetadata)
+			originalListTracker, fixedListTracker = addLinesToRemove(fixInfoMetadata)
 
 		case insertedNode:
-			originalListTracker, fixedListTracker = addLinesToInsert(ctx, fixInfoMetadata)
+			originalListTracker, fixedListTracker = addLinesToInsert(fixInfoMetadata)
 
 		case replacedNode:
-			originalListTracker, fixedListTracker = updateLinesToReplace(ctx, fixInfoMetadata)
+			originalListTracker, fixedListTracker = updateLinesToReplace(fixInfoMetadata)
 		}
 	}
 
 	// Some nodes are still not visited if they are removed at the end of the list
 	for originalListTracker < len(originalList) {
 		fixInfoMetadata.originalListTracker = originalListTracker
-		originalListTracker, _ = addLinesToRemove(ctx, fixInfoMetadata)
+		originalListTracker, _ = addLinesToRemove(fixInfoMetadata)
 	}
 
 	// Some nodes are still not visited if they are inserted at the end of the list
@@ -160,7 +159,7 @@ func getFixInfoHelper(ctx context.Context, originalList, fixedList []nodeInfo) (
 		// Use negative index of last node in original list as a placeholder to determine the last line number later
 		fixInfoMetadata.originalListTracker = -(len(originalList) - 1)
 		fixInfoMetadata.fixedListTracker = fixedListTracker
-		_, fixedListTracker = addLinesToInsert(ctx, fixInfoMetadata)
+		_, fixedListTracker = addLinesToInsert(fixInfoMetadata)
 	}
 
 	return contentToAdd, linesToRemove
@@ -168,13 +167,13 @@ func getFixInfoHelper(ctx context.Context, originalList, fixedList []nodeInfo) (
 }
 
 // Adds the lines to remove and returns the updated originalListTracker
-func addLinesToRemove(ctx context.Context, fixInfoMetadata *fixInfoMetadata) (int, int) {
+func addLinesToRemove(fixInfoMetadata *fixInfoMetadata) (int, int) {
 	isOneLine, line := isOneLineSequenceNode(fixInfoMetadata.originalList, fixInfoMetadata.originalListTracker)
 
 	if isOneLine {
 		// Remove the entire line and replace it with the sequence node in fixed info. This way,
 		// the original formatting is not lost.
-		return replaceSingleLineSequence(ctx, fixInfoMetadata, line)
+		return replaceSingleLineSequence(fixInfoMetadata, line)
 	}
 
 	currentDFSNode := (*fixInfoMetadata.originalList)[fixInfoMetadata.originalListTracker]
@@ -189,18 +188,18 @@ func addLinesToRemove(ctx context.Context, fixInfoMetadata *fixInfoMetadata) (in
 }
 
 // Adds the lines to insert and returns the updated fixedListTracker
-func addLinesToInsert(ctx context.Context, fixInfoMetadata *fixInfoMetadata) (int, int) {
+func addLinesToInsert(fixInfoMetadata *fixInfoMetadata) (int, int) {
 
 	isOneLine, line := isOneLineSequenceNode(fixInfoMetadata.fixedList, fixInfoMetadata.fixedListTracker)
 
 	if isOneLine {
-		return replaceSingleLineSequence(ctx, fixInfoMetadata, line)
+		return replaceSingleLineSequence(fixInfoMetadata, line)
 	}
 
 	currentDFSNode := (*fixInfoMetadata.fixedList)[fixInfoMetadata.fixedListTracker]
 
 	lineToInsert := getLineToInsert(fixInfoMetadata)
-	contentToInsert := getContent(ctx, currentDFSNode.parent, fixInfoMetadata.fixedList, fixInfoMetadata.fixedListTracker)
+	contentToInsert := getContent(currentDFSNode.parent, fixInfoMetadata.fixedList, fixInfoMetadata.fixedListTracker)
 
 	newFixedTracker := updateTracker(fixInfoMetadata.fixedList, fixInfoMetadata.fixedListTracker)
 
@@ -213,12 +212,12 @@ func addLinesToInsert(ctx context.Context, fixInfoMetadata *fixInfoMetadata) (in
 }
 
 // Adds the lines to remove and insert and updates the fixedListTracker and originalListTracker
-func updateLinesToReplace(ctx context.Context, fixInfoMetadata *fixInfoMetadata) (int, int) {
+func updateLinesToReplace(fixInfoMetadata *fixInfoMetadata) (int, int) {
 
 	isOneLine, line := isOneLineSequenceNode(fixInfoMetadata.fixedList, fixInfoMetadata.fixedListTracker)
 
 	if isOneLine {
-		return replaceSingleLineSequence(ctx, fixInfoMetadata, line)
+		return replaceSingleLineSequence(fixInfoMetadata, line)
 	}
 
 	currentDFSNode := (*fixInfoMetadata.fixedList)[fixInfoMetadata.fixedListTracker]
@@ -229,8 +228,8 @@ func updateLinesToReplace(ctx context.Context, fixInfoMetadata *fixInfoMetadata)
 		fixInfoMetadata.fixedListTracker -= 1
 	}
 
-	addLinesToRemove(ctx, fixInfoMetadata)
-	updatedOriginalTracker, updatedFixedTracker := addLinesToInsert(ctx, fixInfoMetadata)
+	addLinesToRemove(fixInfoMetadata)
+	updatedOriginalTracker, updatedFixedTracker := addLinesToInsert(fixInfoMetadata)
 
 	return updatedOriginalTracker, updatedFixedTracker
 }

core/pkg/fixhandler/yamlhelper.go

@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"bytes"
 	"container/list"
-	"context"
 	"errors"
 	"fmt"
 	"io"
@@ -74,6 +73,9 @@ func adjustFixedListLines(originalList, fixedList *[]nodeInfo) {
 			node.node.Line += differenceAtTop
 		}
 	}
+
+	return
+
 }
 
 func enocodeIntoYaml(parentNode *yaml.Node, nodeList *[]nodeInfo, tracker int) (string, error) {
@@ -109,10 +111,10 @@ func enocodeIntoYaml(parentNode *yaml.Node, nodeList *[]nodeInfo, tracker int) (
 	return fmt.Sprintf(`%v`, buf.String()), nil
 }
 
-func getContent(ctx context.Context, parentNode *yaml.Node, nodeList *[]nodeInfo, tracker int) string {
+func getContent(parentNode *yaml.Node, nodeList *[]nodeInfo, tracker int) string {
 	content, err := enocodeIntoYaml(parentNode, nodeList, tracker)
 	if err != nil {
-		logger.L().Ctx(ctx).Fatal("Cannot Encode into YAML")
+		logger.L().Fatal("Cannot Encode into YAML")
 	}
 
 	indentationSpaces := parentNode.Column - 1
@@ -272,7 +274,7 @@ func isEmptyLineOrComment(lineContent string) bool {
 	return false
 }
 
-func readDocuments(ctx context.Context, reader io.Reader, decoder yqlib.Decoder) (*list.List, error) {
+func readDocuments(reader io.Reader, decoder yqlib.Decoder) (*list.List, error) {
 	err := decoder.Init(reader)
 	if err != nil {
 		return nil, fmt.Errorf("Error Initializing the decoder, %w", err)
@@ -287,7 +289,7 @@ func readDocuments(ctx context.Context, reader io.Reader, decoder yqlib.Decoder)
 		if errors.Is(errorReading, io.EOF) {
 			switch reader := reader.(type) {
 			case *os.File:
-				safelyCloseFile(ctx, reader)
+				safelyCloseFile(reader)
 			}
 			return inputList, nil
 		} else if errorReading != nil {
@@ -303,21 +305,21 @@ func readDocuments(ctx context.Context, reader io.Reader, decoder yqlib.Decoder)
 	}
 }
 
-func safelyCloseFile(ctx context.Context, file *os.File) {
+func safelyCloseFile(file *os.File) {
 	err := file.Close()
 	if err != nil {
-		logger.L().Ctx(ctx).Warning("Error Closing File")
+		logger.L().Error("Error Closing File")
 	}
 }
 
 // Remove the entire line and replace it with the sequence node in fixed info. This way,
 // the original formatting is lost.
-func replaceSingleLineSequence(ctx context.Context, fixInfoMetadata *fixInfoMetadata, line int) (int, int) {
+func replaceSingleLineSequence(fixInfoMetadata *fixInfoMetadata, line int) (int, int) {
 	originalListTracker := getFirstNodeInLine(fixInfoMetadata.originalList, line)
 	fixedListTracker := getFirstNodeInLine(fixInfoMetadata.fixedList, line)
 
 	currentDFSNode := (*fixInfoMetadata.fixedList)[fixedListTracker]
-	contentToInsert := getContent(ctx, currentDFSNode.parent, fixInfoMetadata.fixedList, fixedListTracker)
+	contentToInsert := getContent(currentDFSNode.parent, fixInfoMetadata.fixedList, fixedListTracker)
 
 	// Remove the Single line
 	*fixInfoMetadata.linesToRemove = append(*fixInfoMetadata.linesToRemove, linesToRemove{

core/pkg/hostsensorutils/hostsensor.yaml

@@ -16,7 +16,6 @@ metadata:
   labels:
     app: host-scanner
     k8s-app: kubescape-host-scanner
-    otel: enabled
 spec:
   selector:
     matchLabels:
@@ -27,12 +26,17 @@ spec:
         name: host-scanner
     spec:
       tolerations:
-      # this toleration is to have the DaemonDet runnable on all nodes (including masters)
+      # this toleration is to have the DaemonDet runnable on master nodes
       # remove it if your masters can't run pods
-      - operator: Exists
+      - key: node-role.kubernetes.io/control-plane
+        operator: Exists
+        effect: NoSchedule
+      - key: node-role.kubernetes.io/master
+        operator: Exists
+        effect: NoSchedule
       containers:
       - name: host-sensor
-        image: quay.io/kubescape/host-scanner:v1.0.57
+        image: quay.io/kubescape/host-scanner:v1.0.39
         securityContext:
           allowPrivilegeEscalation: true
           privileged: true
@@ -40,6 +44,7 @@ spec:
           procMount: Unmasked
         ports:
           - name: scanner # Do not change port name
+            hostPort: 7888
             containerPort: 7888
             protocol: TCP
         resources:
@@ -56,8 +61,8 @@ spec:
           httpGet:
             path: /kernelVersion
             port: 7888
-          initialDelaySeconds: 1
-          periodSeconds: 1
+            initialDelaySeconds: 1
+            periodSeconds: 1
       terminationGracePeriodSeconds: 120
       dnsPolicy: ClusterFirstWithHostNet
       automountServiceAccountToken: false
@@ -66,5 +71,6 @@ spec:
           path: /
           type: Directory
         name: host-filesystem
+      hostNetwork: true
       hostPID: true
       hostIPC: true

core/pkg/hostsensorutils/hostsensor_mock_test.go

@@ -1,23 +0,0 @@
-package hostsensorutils
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/require"
-)
-
-func TestHostSensorHandlerMock(t *testing.T) {
-	ctx := context.Background()
-	h := &HostSensorHandlerMock{}
-
-	require.NoError(t, h.Init(ctx))
-
-	envelope, status, err := h.CollectResources(ctx)
-	require.Empty(t, envelope)
-	require.Nil(t, status)
-	require.NoError(t, err)
-
-	require.Empty(t, h.GetNamespace())
-	require.NoError(t, h.TearDown())
-}

core/pkg/hostsensorutils/hostsensordeploy.go

@@ -1,8 +1,8 @@
 package hostsensorutils
 
 import (
-	"context"
 	_ "embed"
+	"encoding/json"
 	"fmt"
 	"os"
 	"sync"
@@ -22,49 +22,43 @@ import (
 
 var (
 	//go:embed hostsensor.yaml
-	hostSensorYAML      string
-	namespaceWasPresent bool
+	hostSensorYAML string
 )
 
-const portName string = "scanner"
+const PortName string = "scanner"
 
-// HostSensorHandler is a client that interacts with a host-scanner component deployed on nodes.
-//
-// The API exposed by the host sensor is defined here: https://github.com/kubescape/host-scanner
 type HostSensorHandler struct {
-	hostSensorPort                int32
-	hostSensorPodNames            map[string]string //map from pod names to node names
-	hostSensorUnscheduledPodNames map[string]string //map from pod names to node names
+	HostSensorPort                int32
+	HostSensorPodNames            map[string]string //map from pod names to node names
+	HostSensorUnscheduledPodNames map[string]string //map from pod names to node names
+	IsReady                       <-chan bool       //readonly chan
 	k8sObj                        *k8sinterface.KubernetesApi
-	daemonSet                     *appsv1.DaemonSet
+	DaemonSet                     *appsv1.DaemonSet
 	podListLock                   sync.RWMutex
 	gracePeriod                   int64
 	workerPool                    workerPool
 }
 
-// NewHostSensorHandler builds a new http client to the host-scanner API.
 func NewHostSensorHandler(k8sObj *k8sinterface.KubernetesApi, hostSensorYAMLFile string) (*HostSensorHandler, error) {
+
 	if k8sObj == nil {
 		return nil, fmt.Errorf("nil k8s interface received")
 	}
-
 	if hostSensorYAMLFile != "" {
 		d, err := loadHostSensorFromFile(hostSensorYAMLFile)
 		if err != nil {
-			return nil, fmt.Errorf("failed to load host-scan yaml file, reason: %w", err)
+			return nil, fmt.Errorf("failed to load host-scan yaml file, reason: %s", err.Error())
 		}
 		hostSensorYAML = d
 	}
-
 	hsh := &HostSensorHandler{
 		k8sObj:                        k8sObj,
-		hostSensorPodNames:            map[string]string{},
-		hostSensorUnscheduledPodNames: map[string]string{},
+		HostSensorPodNames:            map[string]string{},
+		HostSensorUnscheduledPodNames: map[string]string{},
 		gracePeriod:                   int64(15),
-		workerPool:                    newWorkerPool(),
+		workerPool:                    NewWorkerPool(),
 	}
-
-	// Don't deploy on a cluster with no nodes. Some cloud providers prevent the termination of K8s objects for cluster with no nodes!!!
+	// Don't deploy on cluster with no nodes. Some cloud providers prevents termination of K8s objects for cluster with no nodes!!!
 	if nodeList, err := k8sObj.KubernetesClient.CoreV1().Nodes().List(k8sObj.Context, metav1.ListOptions{}); err != nil || len(nodeList.Items) == 0 {
 		if err == nil {
 			err = fmt.Errorf("no nodes to scan")
@@ -75,8 +69,7 @@ func NewHostSensorHandler(k8sObj *k8sinterface.KubernetesApi, hostSensorYAMLFile
 	return hsh, nil
 }
 
-// Init deploys the host-scanner and start watching the pods on the host.
-func (hsh *HostSensorHandler) Init(ctx context.Context) error {
+func (hsh *HostSensorHandler) Init() error {
 	// deploy the YAML
 	// store namespace + port
 	// store pod names
@@ -85,46 +78,20 @@ func (hsh *HostSensorHandler) Init(ctx context.Context) error {
 	logger.L().Debug("The host scanner is a DaemonSet that runs on each node in the cluster. The DaemonSet will be running in it's own namespace and will be deleted once the scan is completed. If you do not wish to install the host scanner, please run the scan without the --enable-host-scan flag.")
 
 	cautils.StartSpinner()
-	defer cautils.StopSpinner()
 
-	if err := hsh.applyYAML(ctx); err != nil {
+	if err := hsh.applyYAML(); err != nil {
+		cautils.StopSpinner()
 		return fmt.Errorf("failed to apply host scanner YAML, reason: %v", err)
 	}
-
-	hsh.populatePodNamesToNodeNames(ctx)
+	hsh.populatePodNamesToNodeNames()
 	if err := hsh.checkPodForEachNode(); err != nil {
-		logger.L().Ctx(ctx).Warning("failed to validate host-sensor pods status", helpers.Error(err))
+		logger.L().Error("failed to validate host-sensor pods status", helpers.Error(err))
 	}
-
+	cautils.StopSpinner()
 	return nil
 }
 
-// checkNamespaceWasPresent check if the given namespace was already present on kubernetes and in "Active" state.
-// Return true in case it find the namespace on the list, false otherwise.
-// In case we have some error with the kubernetes APIs, it returns an error.
-func (hsh *HostSensorHandler) checkNamespaceWasPresent(namespace string) bool {
-	ns, err := hsh.k8sObj.KubernetesClient.
-		CoreV1().
-		Namespaces().
-		Get(hsh.k8sObj.Context, namespace, metav1.GetOptions{})
-	if err != nil {
-		return false
-	}
-
-	// check also if it is in "Active" state.
-	if ns.Status.Phase != corev1.NamespaceActive {
-		return false
-	}
-
-	return true
-}
-
-// namespaceWasPresent return the namespaceWasPresent variable value.
-func (hsh *HostSensorHandler) namespaceWasPresent() bool {
-	return namespaceWasPresent
-}
-
-func (hsh *HostSensorHandler) applyYAML(ctx context.Context) error {
+func (hsh *HostSensorHandler) applyYAML() error {
 	workloads, err := cautils.ReadFile([]byte(hostSensorYAML), cautils.YAML_FILE_FORMAT)
 	if err != nil {
 		return fmt.Errorf("failed to read YAML files, reason: %v", err)
@@ -138,8 +105,6 @@ func (hsh *HostSensorHandler) applyYAML(ctx context.Context) error {
 			break
 		}
 	}
-	// check if namespace was already present on kubernetes
-	namespaceWasPresent = hsh.checkNamespaceWasPresent(namespaceName)
 
 	// Update workload data before applying
 	for i := range workloads {
@@ -156,17 +121,18 @@ func (hsh *HostSensorHandler) applyYAML(ctx context.Context) error {
 			containers, err := w.GetContainers()
 			if err != nil {
 				if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
-					logger.L().Ctx(ctx).Warning("failed to tear down namespace", helpers.Error(erra))
+					logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
 				}
 				return fmt.Errorf("container not found in DaemonSet: %v", err)
 			}
 			for j := range containers {
 				for k := range containers[j].Ports {
-					if containers[j].Ports[k].Name == portName {
-						hsh.hostSensorPort = containers[j].Ports[k].ContainerPort
+					if containers[j].Ports[k].Name == PortName {
+						hsh.HostSensorPort = containers[j].Ports[k].ContainerPort
 					}
 				}
 			}
+
 		}
 
 		// Apply workload
@@ -180,7 +146,7 @@ func (hsh *HostSensorHandler) applyYAML(ctx context.Context) error {
 		}
 		if e != nil {
 			if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
-				logger.L().Ctx(ctx).Warning("failed to tear down namespace", helpers.Error(erra))
+				logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
 			}
 			return fmt.Errorf("failed to create/update YAML, reason: %v", e)
 		}
@@ -190,21 +156,20 @@ func (hsh *HostSensorHandler) applyYAML(ctx context.Context) error {
 			b, err := json.Marshal(newWorkload.GetObject())
 			if err != nil {
 				if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
-					logger.L().Ctx(ctx).Warning("failed to tear down namespace", helpers.Error(erra))
+					logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
 				}
 				return fmt.Errorf("failed to Marshal YAML of DaemonSet, reason: %v", err)
 			}
 			var ds appsv1.DaemonSet
 			if err := json.Unmarshal(b, &ds); err != nil {
 				if erra := hsh.tearDownNamespace(namespaceName); erra != nil {
-					logger.L().Ctx(ctx).Warning("failed to tear down namespace", helpers.Error(erra))
+					logger.L().Warning("failed to tear down namespace", helpers.Error(erra))
 				}
 				return fmt.Errorf("failed to Unmarshal YAML of DaemonSet, reason: %v", err)
 			}
-			hsh.daemonSet = &ds
+			hsh.DaemonSet = &ds
 		}
 	}
-
 	return nil
 }
 
@@ -215,56 +180,52 @@ func (hsh *HostSensorHandler) checkPodForEachNode() error {
 		if err != nil {
 			return fmt.Errorf("in checkPodsForEveryNode, failed to get nodes list: %v", nodesList)
 		}
-
 		hsh.podListLock.RLock()
-		podsNum := len(hsh.hostSensorPodNames)
-		unschedPodNum := len(hsh.hostSensorUnscheduledPodNames)
+		podsNum := len(hsh.HostSensorPodNames)
+		unschedPodNum := len(hsh.HostSensorUnscheduledPodNames)
 		hsh.podListLock.RUnlock()
 		if len(nodesList.Items) <= podsNum+unschedPodNum {
 			break
 		}
-
 		if time.Now().After(deadline) {
 			hsh.podListLock.RLock()
-			podsMap := hsh.hostSensorPodNames
+			podsMap := hsh.HostSensorPodNames
 			hsh.podListLock.RUnlock()
 			return fmt.Errorf("host-sensor pods number (%d) differ than nodes number (%d) after deadline exceeded. Kubescape will take data only from the pods below: %v",
 				podsNum, len(nodesList.Items), podsMap)
 		}
 		time.Sleep(100 * time.Millisecond)
 	}
-
 	return nil
 }
 
 // initiating routine to keep pod list updated
-func (hsh *HostSensorHandler) populatePodNamesToNodeNames(ctx context.Context) {
+func (hsh *HostSensorHandler) populatePodNamesToNodeNames() {
+
 	go func() {
 		var watchRes watch.Interface
 		var err error
-		watchRes, err = hsh.k8sObj.KubernetesClient.CoreV1().Pods(hsh.daemonSet.Namespace).Watch(hsh.k8sObj.Context, metav1.ListOptions{
+		watchRes, err = hsh.k8sObj.KubernetesClient.CoreV1().Pods(hsh.DaemonSet.Namespace).Watch(hsh.k8sObj.Context, metav1.ListOptions{
 			Watch:         true,
-			LabelSelector: fmt.Sprintf("name=%s", hsh.daemonSet.Spec.Template.Labels["name"]),
+			LabelSelector: fmt.Sprintf("name=%s", hsh.DaemonSet.Spec.Template.Labels["name"]),
 		})
 		if err != nil {
-			logger.L().Ctx(ctx).Warning("failed to watch over DaemonSet pods - are we missing watch pods permissions?", helpers.Error(err))
+			logger.L().Error("failed to watch over daemonset pods - are we missing watch pods permissions?", helpers.Error(err))
 		}
 		if watchRes == nil {
-			logger.L().Ctx(ctx).Error("failed to watch over DaemonSet pods, will not be able to get host-sensor data")
 			return
 		}
-
 		for eve := range watchRes.ResultChan() {
 			pod, ok := eve.Object.(*corev1.Pod)
 			if !ok {
 				continue
 			}
-			go hsh.updatePodInListAtomic(ctx, eve.Type, pod)
+			go hsh.updatePodInListAtomic(eve.Type, pod)
 		}
 	}()
 }
 
-func (hsh *HostSensorHandler) updatePodInListAtomic(ctx context.Context, eventType watch.EventType, podObj *corev1.Pod) {
+func (hsh *HostSensorHandler) updatePodInListAtomic(eventType watch.EventType, podObj *corev1.Pod) {
 	hsh.podListLock.Lock()
 	defer hsh.podListLock.Unlock()
 
@@ -272,8 +233,8 @@ func (hsh *HostSensorHandler) updatePodInListAtomic(ctx context.Context, eventTy
 	case watch.Added, watch.Modified:
 		if podObj.Status.Phase == corev1.PodRunning && len(podObj.Status.ContainerStatuses) > 0 &&
 			podObj.Status.ContainerStatuses[0].Ready {
-			hsh.hostSensorPodNames[podObj.ObjectMeta.Name] = podObj.Spec.NodeName
-			delete(hsh.hostSensorUnscheduledPodNames, podObj.ObjectMeta.Name)
+			hsh.HostSensorPodNames[podObj.ObjectMeta.Name] = podObj.Spec.NodeName
+			delete(hsh.HostSensorUnscheduledPodNames, podObj.ObjectMeta.Name)
 		} else {
 			if podObj.Status.Phase == corev1.PodPending && len(podObj.Status.Conditions) > 0 &&
 				podObj.Status.Conditions[0].Reason == corev1.PodReasonUnschedulable {
@@ -285,42 +246,35 @@ func (hsh *HostSensorHandler) updatePodInListAtomic(ctx context.Context, eventTy
 					len(podObj.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms[0].MatchFields[0].Values) > 0 {
 					nodeName = podObj.Spec.Affinity.NodeAffinity.RequiredDuringSchedulingIgnoredDuringExecution.NodeSelectorTerms[0].MatchFields[0].Values[0]
 				}
-				logger.L().Ctx(ctx).Warning("One host-sensor pod is unable to schedule on node. We will fail to collect the data from this node",
+				logger.L().Warning("One host-sensor pod is unable to schedule on node. We will fail to collect the data from this node",
 					helpers.String("message", podObj.Status.Conditions[0].Message),
 					helpers.String("nodeName", nodeName),
 					helpers.String("podName", podObj.ObjectMeta.Name))
 				if nodeName != "" {
-					hsh.hostSensorUnscheduledPodNames[podObj.ObjectMeta.Name] = nodeName
+					hsh.HostSensorUnscheduledPodNames[podObj.ObjectMeta.Name] = nodeName
 				}
 			} else {
-				delete(hsh.hostSensorPodNames, podObj.ObjectMeta.Name)
+				delete(hsh.HostSensorPodNames, podObj.ObjectMeta.Name)
 			}
 		}
 	default:
-		delete(hsh.hostSensorPodNames, podObj.ObjectMeta.Name)
+		delete(hsh.HostSensorPodNames, podObj.ObjectMeta.Name)
 	}
 }
 
 func (hsh *HostSensorHandler) tearDownNamespace(namespace string) error {
-	// if namespace was already present on kubernetes (before installing host-scanner),
-	// then we shouldn't delete it.
-	if hsh.namespaceWasPresent() {
-		return nil
-	}
+
 	if err := hsh.k8sObj.KubernetesClient.CoreV1().Namespaces().Delete(hsh.k8sObj.Context, namespace, metav1.DeleteOptions{GracePeriodSeconds: &hsh.gracePeriod}); err != nil {
 		return fmt.Errorf("failed to delete host-sensor namespace: %v", err)
 	}
-
 	return nil
 }
 
 func (hsh *HostSensorHandler) TearDown() error {
 	namespace := hsh.GetNamespace()
-	// delete DaemonSet
-	if err := hsh.k8sObj.KubernetesClient.AppsV1().DaemonSets(hsh.GetNamespace()).Delete(hsh.k8sObj.Context, hsh.daemonSet.Name, metav1.DeleteOptions{GracePeriodSeconds: &hsh.gracePeriod}); err != nil {
+	if err := hsh.k8sObj.KubernetesClient.AppsV1().DaemonSets(hsh.GetNamespace()).Delete(hsh.k8sObj.Context, hsh.DaemonSet.Name, metav1.DeleteOptions{GracePeriodSeconds: &hsh.gracePeriod}); err != nil {
 		return fmt.Errorf("failed to delete host-sensor daemonset: %v", err)
 	}
-	// delete Namespace
 	if err := hsh.tearDownNamespace(namespace); err != nil {
 		return fmt.Errorf("failed to delete host-sensor daemonset: %v", err)
 	}
@@ -330,10 +284,10 @@ func (hsh *HostSensorHandler) TearDown() error {
 }
 
 func (hsh *HostSensorHandler) GetNamespace() string {
-	if hsh.daemonSet == nil {
+	if hsh.DaemonSet == nil {
 		return ""
 	}
-	return hsh.daemonSet.Namespace
+	return hsh.DaemonSet.Namespace
 }
 
 func loadHostSensorFromFile(hostSensorYAMLFile string) (string, error) {

core/pkg/hostsensorutils/hostsensordeploy_test.go

@@ -1,211 +0,0 @@
-package hostsensorutils
-
-import (
-	"context"
-	"os"
-	"path/filepath"
-	"testing"
-
-	"github.com/kubescape/kubescape/v2/internal/testutils"
-	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
-	"github.com/stretchr/testify/require"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-func TestHostSensorHandler(t *testing.T) {
-	t.Parallel()
-	ctx := context.Background()
-
-	t.Run("with default manifest", func(t *testing.T) {
-		t.Run("should build host sensor", func(t *testing.T) {
-			k8s := NewKubernetesApiMock(WithNode(mockNode1()), WithPod(mockPod1()), WithPod(mockPod2()), WithResponses(mockResponses()))
-			h, err := NewHostSensorHandler(k8s, "")
-			require.NoError(t, err)
-			require.NotNil(t, h)
-
-			t.Run("should initialize host sensor", func(t *testing.T) {
-				require.NoError(t, h.Init(ctx))
-
-				w, err := k8s.KubernetesClient.CoreV1().Pods(h.daemonSet.Namespace).Watch(ctx, metav1.ListOptions{})
-				require.NoError(t, err)
-				w.Stop()
-
-				require.Len(t, h.hostSensorPodNames, 2)
-			})
-
-			t.Run("should return namespace", func(t *testing.T) {
-				require.Equal(t, "kubescape-host-scanner", h.GetNamespace())
-			})
-
-			t.Run("should collect resources from pods - happy path", func(t *testing.T) {
-				envelope, status, err := h.CollectResources(ctx)
-				require.NoError(t, err)
-
-				require.Len(t, envelope, 10*2) // has cloud provider, no control plane requested
-				require.Len(t, status, 0)
-
-				foundControl, foundProvider := false, false
-				for _, sensed := range envelope {
-					if sensed.Kind == ControlPlaneInfo.String() {
-						foundControl = true
-					}
-					if sensed.Kind == CloudProviderInfo.String() {
-						foundProvider = hasCloudProviderInfo([]hostsensor.HostSensorDataEnvelope{sensed})
-					}
-				}
-
-				require.False(t, foundControl)
-				require.True(t, foundProvider)
-			})
-		})
-
-		t.Run("should build host sensor without cloud provider", func(t *testing.T) {
-			k8s := NewKubernetesApiMock(WithNode(mockNode1()), WithPod(mockPod1()), WithPod(mockPod2()), WithResponses(mockResponsesNoCloudProvider()))
-			h, err := NewHostSensorHandler(k8s, "")
-			require.NoError(t, err)
-			require.NotNil(t, h)
-
-			t.Run("should initialize host sensor", func(t *testing.T) {
-				require.NoError(t, h.Init(ctx))
-
-				w, err := k8s.KubernetesClient.CoreV1().Pods(h.daemonSet.Namespace).Watch(ctx, metav1.ListOptions{})
-				require.NoError(t, err)
-				w.Stop()
-
-				require.Len(t, h.hostSensorPodNames, 2)
-			})
-
-			t.Run("should get version", func(t *testing.T) {
-				version, err := h.getVersion()
-				require.NoError(t, err)
-				require.Equal(t, "v1.0.45", version)
-			})
-
-			t.Run("ForwardToPod is a stub, not implemented", func(t *testing.T) {
-				resp, err := h.forwardToPod("pod1", "/version")
-				require.Contains(t, err.Error(), "not implemented")
-				require.Nil(t, resp)
-			})
-
-			t.Run("should collect resources from pods", func(t *testing.T) {
-				envelope, status, err := h.CollectResources(ctx)
-				require.NoError(t, err)
-
-				require.Len(t, envelope, 11*2) // has empty cloud provider, has control plane info
-				require.Len(t, status, 0)
-
-				foundControl, foundProvider := false, false
-				for _, sensed := range envelope {
-					if sensed.Kind == ControlPlaneInfo.String() {
-						foundControl = true
-					}
-					if sensed.Kind == CloudProviderInfo.String() {
-						foundProvider = hasCloudProviderInfo([]hostsensor.HostSensorDataEnvelope{sensed})
-					}
-				}
-
-				require.True(t, foundControl)
-				require.False(t, foundProvider)
-			})
-		})
-
-		t.Run("should build host sensor with error in response from /version", func(t *testing.T) {
-			k8s := NewKubernetesApiMock(WithNode(mockNode1()),
-				WithPod(mockPod1()),
-				WithPod(mockPod2()),
-				WithResponses(mockResponsesNoCloudProvider()),
-				WithErrorResponse(RestURL{"http", "pod1", "7888", "/version"}), // this endpoint will return an error from this pod
-				WithErrorResponse(RestURL{"http", "pod2", "7888", "/version"}), // this endpoint will return an error from this pod
-			)
-
-			h, err := NewHostSensorHandler(k8s, "")
-			require.NoError(t, err)
-			require.NotNil(t, h)
-
-			t.Run("should initialize host sensor", func(t *testing.T) {
-				require.NoError(t, h.Init(ctx))
-
-				w, err := k8s.KubernetesClient.CoreV1().Pods(h.daemonSet.Namespace).Watch(ctx, metav1.ListOptions{})
-				require.NoError(t, err)
-				w.Stop()
-
-				require.Len(t, h.hostSensorPodNames, 2)
-			})
-
-			t.Run("should NOT be able to get version", func(t *testing.T) {
-				// NOTE: GetVersion might be successful if only one pod responds successfully.
-				// In order to ensure an error, we need ALL pods to error.
-				_, err := h.getVersion()
-				require.Error(t, err)
-				require.Contains(t, err.Error(), "mock")
-			})
-		})
-
-		t.Run("should FAIL to build host sensor because there are no nodes", func(t *testing.T) {
-			h, err := NewHostSensorHandler(NewKubernetesApiMock(), "")
-			require.Error(t, err)
-			require.NotNil(t, h)
-			require.Contains(t, err.Error(), "no nodes to scan")
-		})
-	})
-
-	t.Run("should NOT build host sensor with nil k8s API", func(t *testing.T) {
-		h, err := NewHostSensorHandler(nil, "")
-		require.Error(t, err)
-		require.Nil(t, h)
-	})
-
-	t.Run("with manifest from YAML file", func(t *testing.T) {
-		t.Run("should build host sensor", func(t *testing.T) {
-			k8s := NewKubernetesApiMock(WithNode(mockNode1()), WithPod(mockPod1()), WithPod(mockPod2()), WithResponses(mockResponses()))
-			h, err := NewHostSensorHandler(k8s, filepath.Join(testutils.CurrentDir(), "hostsensor.yaml"))
-			require.NoError(t, err)
-			require.NotNil(t, h)
-
-			t.Run("should initialize host sensor", func(t *testing.T) {
-				require.NoError(t, h.Init(ctx))
-
-				w, err := k8s.KubernetesClient.CoreV1().Pods(h.daemonSet.Namespace).Watch(ctx, metav1.ListOptions{})
-				require.NoError(t, err)
-				w.Stop()
-
-				require.Len(t, h.hostSensorPodNames, 2)
-			})
-		})
-	})
-
-	t.Run("with manifest from invalid YAML file", func(t *testing.T) {
-		t.Run("should NOT build host sensor", func(t *testing.T) {
-			var invalid string
-			t.Run("should create temp file", func(t *testing.T) {
-				file, err := os.CreateTemp("", "*.yaml")
-				require.NoError(t, err)
-				t.Cleanup(func() {
-					_ = os.Remove(file.Name())
-				})
-				_, err = file.Write([]byte("	x: 1"))
-				require.NoError(t, err)
-
-				invalid = file.Name()
-				require.NoError(t, file.Close())
-			})
-
-			k8s := NewKubernetesApiMock(WithNode(mockNode1()), WithPod(mockPod1()), WithPod(mockPod2()), WithResponses(mockResponses()))
-			_, err := NewHostSensorHandler(k8s, filepath.Join(testutils.CurrentDir(), invalid))
-			require.Error(t, err)
-		})
-	})
-
-	// TODO(test coverage): the following cases are not covered by tests yet.
-	//
-	// * applyYAML fails
-	// * checkPodForEachNode fails, or times out
-	// * non-active namespace
-	// * getPodList fails when GetVersion
-	// * getPodList fails when CollectResources
-	// * error cases that trigger a namespace tear-down
-	// * watch pods with a Delete event
-	// * explicit TearDown()
-	//
-	// Notice that the package doesn't current pass tests with the race detector enabled.
-}

core/pkg/hostsensorutils/hostsensorgetfrompod.go

@@ -1,57 +1,59 @@
 package hostsensorutils
 
 import (
-	"context"
-	stdjson "encoding/json"
-	"errors"
+	"encoding/json"
 	"fmt"
-	"reflect"
 	"strings"
 	"sync"
 
 	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
+
+	"sigs.k8s.io/yaml"
 )
 
-// getPodList clones the internal list of pods being watched as a map of pod names.
-func (hsh *HostSensorHandler) getPodList() map[string]string {
+func (hsh *HostSensorHandler) getPodList() (res map[string]string, err error) {
 	hsh.podListLock.RLock()
-	res := make(map[string]string, len(hsh.hostSensorPodNames))
-	for k, v := range hsh.hostSensorPodNames {
-		res[k] = v
-	}
+	jsonBytes, err := json.Marshal(hsh.HostSensorPodNames)
 	hsh.podListLock.RUnlock()
-
-	return res
+	if err != nil {
+		return res, fmt.Errorf("failed to marshal pod list: %v", err)
+	}
+	err = json.Unmarshal(jsonBytes, &res)
+	if err != nil {
+		return res, fmt.Errorf("failed to unmarshal pod list: %v", err)
+	}
+	return res, nil
 }
 
-// httpGetToPod sends the request to a pod using the HostSensorPort.
-func (hsh *HostSensorHandler) httpGetToPod(podName, path string) ([]byte, error) {
-	restProxy := hsh.k8sObj.KubernetesClient.CoreV1().Pods(hsh.daemonSet.Namespace).ProxyGet("http", podName, fmt.Sprintf("%d", hsh.hostSensorPort), path, map[string]string{})
+func (hsh *HostSensorHandler) HTTPGetToPod(podName, path string) ([]byte, error) {
+	//  send the request to the port
+
+	restProxy := hsh.k8sObj.KubernetesClient.CoreV1().Pods(hsh.DaemonSet.Namespace).ProxyGet("http", podName, fmt.Sprintf("%d", hsh.HostSensorPort), path, map[string]string{})
 	return restProxy.DoRaw(hsh.k8sObj.Context)
 }
 
-func (hsh *HostSensorHandler) getResourcesFromPod(podName, nodeName string, resourceKind scannerResource, path string) (hostsensor.HostSensorDataEnvelope, error) {
+func (hsh *HostSensorHandler) getResourcesFromPod(podName, nodeName, resourceKind, path string) (hostsensor.HostSensorDataEnvelope, error) {
 	//  send the request and pack the response as an hostSensorDataEnvelope
 
-	resBytes, err := hsh.httpGetToPod(podName, path)
+	resBytes, err := hsh.HTTPGetToPod(podName, path)
 	if err != nil {
 		return hostsensor.HostSensorDataEnvelope{}, err
 	}
 
 	hostSensorDataEnvelope := hostsensor.HostSensorDataEnvelope{}
 	hostSensorDataEnvelope.SetApiVersion(k8sinterface.JoinGroupVersion(hostsensor.GroupHostSensor, hostsensor.Version))
-	hostSensorDataEnvelope.SetKind(resourceKind.String())
+	hostSensorDataEnvelope.SetKind(resourceKind)
 	hostSensorDataEnvelope.SetName(nodeName)
 	hostSensorDataEnvelope.SetData(resBytes)
 
 	return hostSensorDataEnvelope, nil
 }
 
-// forwardToPod is currently not implemented.
-func (hsh *HostSensorHandler) forwardToPod(podName, path string) ([]byte, error) {
+func (hsh *HostSensorHandler) ForwardToPod(podName, path string) ([]byte, error) {
 	// NOT IN USE:
 	// ---
 	// spawn port forwarding
@@ -70,18 +72,21 @@ func (hsh *HostSensorHandler) forwardToPod(podName, path string) ([]byte, error)
 	// }
 	// hostIP := strings.TrimLeft(req.RestConfig.Host, "htps:/")
 	// dialer := spdy.NewDialer(upgrader, &http.Client{Transport: transport}, http.MethodPost, &url.URL{Scheme: "http", Path: path, Host: hostIP})
-	return nil, errors.New("not implemented")
+	return nil, nil
 }
 
-// sendAllPodsHTTPGETRequest fills the raw bytes response in the envelope and the node name, but not the GroupVersionKind
+// sendAllPodsHTTPGETRequest fills the raw byte response in the envelope and the node name, but not the GroupVersionKind
 // so the caller is responsible to convert the raw data to some structured data and add the GroupVersionKind details
 //
 // The function produces a worker-pool with a fixed number of workers.
-//
 // For each node the request is pushed to the jobs channel, the worker sends the request and pushes the result to the result channel.
 // When all workers have finished, the function returns a list of results
-func (hsh *HostSensorHandler) sendAllPodsHTTPGETRequest(ctx context.Context, path string, requestKind scannerResource) ([]hostsensor.HostSensorDataEnvelope, error) {
-	podList := hsh.getPodList()
+func (hsh *HostSensorHandler) sendAllPodsHTTPGETRequest(path, requestKind string) ([]hostsensor.HostSensorDataEnvelope, error) {
+	podList, err := hsh.getPodList()
+	if err != nil {
+		return nil, fmt.Errorf("failed to sendAllPodsHTTPGETRequest: %v", err)
+	}
+
 	res := make([]hostsensor.HostSensorDataEnvelope, 0, len(podList))
 	var wg sync.WaitGroup
 	// initialization of the channels
@@ -89,223 +94,246 @@ func (hsh *HostSensorHandler) sendAllPodsHTTPGETRequest(ctx context.Context, pat
 
 	hsh.workerPool.hostSensorApplyJobs(podList, path, requestKind)
 	hsh.workerPool.hostSensorGetResults(&res)
-	hsh.workerPool.createWorkerPool(ctx, hsh, &wg)
+	hsh.workerPool.createWorkerPool(hsh, &wg)
 	hsh.workerPool.waitForDone(&wg)
 
 	return res, nil
 }
 
-// getVersion returns the version of the deployed host scanner.
-//
-// NOTE: we pick the version from the first responding pod.
-func (hsh *HostSensorHandler) getVersion() (string, error) {
+// return host-scanner version
+func (hsh *HostSensorHandler) GetVersion() (string, error) {
 	// loop over pods and port-forward it to each of them
-	podList := hsh.getPodList()
+	podList, err := hsh.getPodList()
+	if err != nil {
+		return "", fmt.Errorf("failed to sendAllPodsHTTPGETRequest: %v", err)
+	}
 
 	// initialization of the channels
 	hsh.workerPool.init(len(podList))
 	hsh.workerPool.hostSensorApplyJobs(podList, "/version", "version")
 	for job := range hsh.workerPool.jobs {
-		resBytes, err := hsh.httpGetToPod(job.podName, job.path)
+		resBytes, err := hsh.HTTPGetToPod(job.podName, job.path)
 		if err != nil {
 			return "", err
 		} else {
 			version := strings.ReplaceAll(string(resBytes), "\"", "")
 			version = strings.ReplaceAll(version, "\n", "")
-
 			return version, nil
 		}
 	}
-
 	return "", nil
 }
 
-// getKernelVariables returns the list of Linux Kernel variables.
-func (hsh *HostSensorHandler) getKernelVariables(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of LinuxKernelVariables
+func (hsh *HostSensorHandler) GetKernelVariables() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/LinuxKernelVariables", LinuxKernelVariables)
+	return hsh.sendAllPodsHTTPGETRequest("/LinuxKernelVariables", "LinuxKernelVariables")
 }
 
-// getOpenPortsList returns the list of open ports.
-func (hsh *HostSensorHandler) getOpenPortsList(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of OpenPortsList
+func (hsh *HostSensorHandler) GetOpenPortsList() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/openedPorts", OpenPortsList)
+	return hsh.sendAllPodsHTTPGETRequest("/openedPorts", "OpenPortsList")
 }
 
-// getLinuxSecurityHardeningStatus returns the list of LinuxSecurityHardeningStatus metadata.
-func (hsh *HostSensorHandler) getLinuxSecurityHardeningStatus(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of LinuxSecurityHardeningStatus
+func (hsh *HostSensorHandler) GetLinuxSecurityHardeningStatus() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/linuxSecurityHardening", LinuxSecurityHardeningStatus)
+	return hsh.sendAllPodsHTTPGETRequest("/linuxSecurityHardening", "LinuxSecurityHardeningStatus")
 }
 
-// getKubeletInfo returns the list of kubelet metadata.
-func (hsh *HostSensorHandler) getKubeletInfo(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of KubeletInfo
+func (hsh *HostSensorHandler) GetKubeletInfo() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/kubeletInfo", KubeletInfo)
+	return hsh.sendAllPodsHTTPGETRequest("/kubeletInfo", "KubeletInfo")
 }
 
-// getKubeProxyInfo returns the list of kubeProxy metadata.
-func (hsh *HostSensorHandler) getKubeProxyInfo(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of KubeProxyInfo
+func (hsh *HostSensorHandler) GetKubeProxyInfo() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/kubeProxyInfo", KubeProxyInfo)
+	return hsh.sendAllPodsHTTPGETRequest("/kubeProxyInfo", "KubeProxyInfo")
 }
 
-// getControlPlanInfo returns the list of controlPlaneInfo metadata
-func (hsh *HostSensorHandler) getControlPlaneInfo(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of KubeProxyInfo
+func (hsh *HostSensorHandler) GetControlPlaneInfo() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/controlPlaneInfo", ControlPlaneInfo)
+	return hsh.sendAllPodsHTTPGETRequest("/controlPlaneInfo", ControlPlaneInfo)
 }
 
-// getCloudProviderInfo returns the list of cloudProviderInfo metadata.
-func (hsh *HostSensorHandler) getCloudProviderInfo(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of KubeProxyInfo
+func (hsh *HostSensorHandler) GetCloudProviderInfo() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/cloudProviderInfo", CloudProviderInfo)
+	return hsh.sendAllPodsHTTPGETRequest("/cloudProviderInfo", CloudProviderInfo)
 }
 
-// getKubeletCommandLine returns the list of kubelet command lines.
-func (hsh *HostSensorHandler) getKubeletCommandLine(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of KubeletCommandLine
+func (hsh *HostSensorHandler) GetKubeletCommandLine() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	resps, err := hsh.sendAllPodsHTTPGETRequest(ctx, "/kubeletCommandLine", KubeletCommandLine)
+	resps, err := hsh.sendAllPodsHTTPGETRequest("/kubeletCommandLine", "KubeletCommandLine")
 	if err != nil {
 		return resps, err
 	}
-
 	for resp := range resps {
 		var data = make(map[string]interface{})
 		data["fullCommand"] = string(resps[resp].Data)
 		resBytesMarshal, err := json.Marshal(data)
 		// TODO catch error
 		if err == nil {
-			resps[resp].Data = stdjson.RawMessage(resBytesMarshal)
+			resps[resp].Data = json.RawMessage(resBytesMarshal)
 		}
 	}
 
 	return resps, nil
+
 }
 
-// getCNIInfo returns the list of CNI metadata
-func (hsh *HostSensorHandler) getCNIInfo(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of
+func (hsh *HostSensorHandler) GetKernelVersion() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/CNIInfo", CNIInfo)
+	return hsh.sendAllPodsHTTPGETRequest("/kernelVersion", "KernelVersion")
 }
 
-// getKernelVersion returns the list of kernelVersion metadata.
-func (hsh *HostSensorHandler) getKernelVersion(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of
+func (hsh *HostSensorHandler) GetOsReleaseFile() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/kernelVersion", "KernelVersion")
+	return hsh.sendAllPodsHTTPGETRequest("/osRelease", "OsReleaseFile")
 }
 
-// getOsReleaseFile returns the list of osRelease metadata.
-func (hsh *HostSensorHandler) getOsReleaseFile(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
+// return list of
+func (hsh *HostSensorHandler) GetKubeletConfigurations() ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
-	return hsh.sendAllPodsHTTPGETRequest(ctx, "/osRelease", "OsReleaseFile")
-}
-
-// hasCloudProviderInfo iterates over the []hostsensor.HostSensorDataEnvelope list to find info about the cloud provider.
-//
-// If information are found, then return true. Return false otherwise.
-func hasCloudProviderInfo(cpi []hostsensor.HostSensorDataEnvelope) bool {
-	for index := range cpi {
-		if !reflect.DeepEqual(cpi[index].GetData(), stdjson.RawMessage("{}\n")) {
-			return true
+	res, err := hsh.sendAllPodsHTTPGETRequest("/kubeletConfigurations", "KubeletConfiguration") // empty kind, will be overridden
+	for resIdx := range res {
+		jsonBytes, ery := yaml.YAMLToJSON(res[resIdx].Data)
+		if ery != nil {
+			logger.L().Error("failed to convert kubelet configurations from yaml to json", helpers.Error(ery))
+			continue
 		}
+		res[resIdx].SetData(jsonBytes)
 	}
-
-	return false
+	return res, err
 }
 
-// CollectResources collects all required information about all the pods for this host.
-func (hsh *HostSensorHandler) CollectResources(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error) {
+func (hsh *HostSensorHandler) CollectResources() ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error) {
 	res := make([]hostsensor.HostSensorDataEnvelope, 0)
 	infoMap := make(map[string]apis.StatusInfo)
-	if hsh.daemonSet == nil {
+	if hsh.DaemonSet == nil {
 		return res, nil, nil
 	}
-
+	var kcData []hostsensor.HostSensorDataEnvelope
+	var err error
 	logger.L().Debug("Accessing host scanner")
-	version, err := hsh.getVersion()
+	version, err := hsh.GetVersion()
 	if err != nil {
-		logger.L().Ctx(ctx).Warning(err.Error())
+		logger.L().Warning(err.Error())
 	}
-
 	if len(version) > 0 {
 		logger.L().Info("Host scanner version : " + version)
 	} else {
 		logger.L().Info("Unknown host scanner version")
 	}
+	//
+	kcData, err = hsh.GetKubeletConfigurations()
+	if err != nil {
+		addInfoToMap(KubeletConfiguration, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
+	//
+	kcData, err = hsh.GetKubeletCommandLine()
+	if err != nil {
+		addInfoToMap(KubeletCommandLine, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
+	//
+	kcData, err = hsh.GetOsReleaseFile()
+	if err != nil {
+		addInfoToMap(OsReleaseFile, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
+	//
+	kcData, err = hsh.GetKernelVersion()
+	if err != nil {
+		addInfoToMap(KernelVersion, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
+	//
+	kcData, err = hsh.GetLinuxSecurityHardeningStatus()
+	if err != nil {
+		addInfoToMap(LinuxSecurityHardeningStatus, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
+	//
+	kcData, err = hsh.GetOpenPortsList()
+	if err != nil {
+		addInfoToMap(OpenPortsList, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
+	// GetKernelVariables
+	kcData, err = hsh.GetKernelVariables()
+	if err != nil {
+		addInfoToMap(LinuxKernelVariables, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
 
-	var hasCloudProvider bool
-	for _, toPin := range []struct {
-		Resource scannerResource
-		Query    func(context.Context) ([]hostsensor.HostSensorDataEnvelope, error)
-	}{
-		// queries to the deployed host-scanner
-		{
-			Resource: KubeletCommandLine,
-			Query:    hsh.getKubeletCommandLine,
-		},
-		{
-			Resource: OsReleaseFile,
-			Query:    hsh.getOsReleaseFile,
-		},
-		{
-			Resource: KernelVersion,
-			Query:    hsh.getKernelVersion,
-		},
-		{
-			Resource: LinuxSecurityHardeningStatus,
-			Query:    hsh.getLinuxSecurityHardeningStatus,
-		},
-		{
-			Resource: OpenPortsList,
-			Query:    hsh.getOpenPortsList,
-		},
-		{
-			Resource: LinuxKernelVariables,
-			Query:    hsh.getKernelVariables,
-		},
-		{
-			Resource: KubeletInfo,
-			Query:    hsh.getKubeletInfo,
-		},
-		{
-			Resource: KubeProxyInfo,
-			Query:    hsh.getKubeProxyInfo,
-		},
-		{
-			Resource: CloudProviderInfo,
-			Query:    hsh.getCloudProviderInfo,
-		},
-		{
-			Resource: CNIInfo,
-			Query:    hsh.getCNIInfo,
-		},
-		{
-			// ControlPlaneInfo is queried _after_ CloudProviderInfo.
-			Resource: ControlPlaneInfo,
-			Query:    hsh.getControlPlaneInfo,
-		},
-	} {
-		k8sInfo := toPin
+	// GetKubeletInfo
+	kcData, err = hsh.GetKubeletInfo()
+	if err != nil {
+		addInfoToMap(KubeletInfo, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
 
-		if k8sInfo.Resource == ControlPlaneInfo && hasCloudProvider {
-			// we retrieve control plane info only if we are not using a cloud provider
-			continue
-		}
+	// GetKubeProxyInfo
+	kcData, err = hsh.GetKubeProxyInfo()
+	if err != nil {
+		addInfoToMap(KubeProxyInfo, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
 
-		kcData, err := k8sInfo.Query(ctx)
-		if err != nil {
-			addInfoToMap(k8sInfo.Resource, infoMap, err)
-			logger.L().Ctx(ctx).Warning(err.Error())
-		}
+	// GetControlPlaneInfo
+	kcData, err = hsh.GetControlPlaneInfo()
+	if err != nil {
+		addInfoToMap(ControlPlaneInfo, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
+	}
 
-		if k8sInfo.Resource == CloudProviderInfo {
-			hasCloudProvider = hasCloudProviderInfo(kcData)
-		}
-
-		if len(kcData) > 0 {
-			res = append(res, kcData...)
-		}
+	// GetCloudProviderInfo
+	kcData, err = hsh.GetCloudProviderInfo()
+	if err != nil {
+		addInfoToMap(CloudProviderInfo, infoMap, err)
+		logger.L().Warning(err.Error())
+	}
+	if len(kcData) > 0 {
+		res = append(res, kcData...)
 	}
 
 	logger.L().Debug("Done reading information from host scanner")

core/pkg/hostsensorutils/hostsensorinterface.go

@@ -1,15 +1,13 @@
 package hostsensorutils
 
 import (
-	"context"
-
 	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
 type IHostSensor interface {
-	Init(ctx context.Context) error
+	Init() error
 	TearDown() error
-	CollectResources(context.Context) ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error)
+	CollectResources() ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error)
 	GetNamespace() string
 }

core/pkg/hostsensorutils/hostsensormock.go

@@ -1,22 +1,14 @@
 package hostsensorutils
 
 import (
-	"context"
-
 	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
 )
 
-// HostSensorHandlerMock is a noop sensor when the host scanner is disabled.
 type HostSensorHandlerMock struct {
 }
 
-// NewHostSensorHandlerMock yields a dummy host sensor.
-func NewHostSensorHandlerMock() *HostSensorHandlerMock {
-	return &HostSensorHandlerMock{}
-}
-
-func (hshm *HostSensorHandlerMock) Init(_ context.Context) error {
+func (hshm *HostSensorHandlerMock) Init() error {
 	return nil
 }
 
@@ -24,7 +16,7 @@ func (hshm *HostSensorHandlerMock) TearDown() error {
 	return nil
 }
 
-func (hshm *HostSensorHandlerMock) CollectResources(_ context.Context) ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error) {
+func (hshm *HostSensorHandlerMock) CollectResources() ([]hostsensor.HostSensorDataEnvelope, map[string]apis.StatusInfo, error) {
 	return []hostsensor.HostSensorDataEnvelope{}, nil, nil
 }
 

core/pkg/hostsensorutils/hostsensorworkerpool.go

@@ -1,7 +1,6 @@
 package hostsensorutils
 
 import (
-	"context"
 	"sync"
 
 	logger "github.com/kubescape/go-logger"
@@ -14,7 +13,7 @@ const noOfWorkers int = 10
 type job struct {
 	podName     string
 	nodeName    string
-	requestKind scannerResource
+	requestKind string
 	path        string
 }
 
@@ -25,7 +24,7 @@ type workerPool struct {
 	noOfWorkers int
 }
 
-func newWorkerPool() workerPool {
+func NewWorkerPool() workerPool {
 	wp := workerPool{}
 	wp.noOfWorkers = noOfWorkers
 	wp.init()
@@ -43,22 +42,22 @@ func (wp *workerPool) init(noOfPods ...int) {
 }
 
 // The worker takes a job out of the chan, executes the request, and pushes the result to the results chan
-func (wp *workerPool) hostSensorWorker(ctx context.Context, hsh *HostSensorHandler, wg *sync.WaitGroup) {
+func (wp *workerPool) hostSensorWorker(hsh *HostSensorHandler, wg *sync.WaitGroup) {
 	defer wg.Done()
 	for job := range wp.jobs {
 		hostSensorDataEnvelope, err := hsh.getResourcesFromPod(job.podName, job.nodeName, job.requestKind, job.path)
 		if err != nil {
-			logger.L().Ctx(ctx).Warning("failed to get data", helpers.String("path", job.path), helpers.String("podName", job.podName), helpers.Error(err))
-			continue
+			logger.L().Error("failed to get data", helpers.String("path", job.path), helpers.String("podName", job.podName), helpers.Error(err))
+		} else {
+			wp.results <- hostSensorDataEnvelope
 		}
-		wp.results <- hostSensorDataEnvelope
 	}
 }
 
-func (wp *workerPool) createWorkerPool(ctx context.Context, hsh *HostSensorHandler, wg *sync.WaitGroup) {
+func (wp *workerPool) createWorkerPool(hsh *HostSensorHandler, wg *sync.WaitGroup) {
 	for i := 0; i < noOfWorkers; i++ {
 		wg.Add(1)
-		go wp.hostSensorWorker(ctx, hsh, wg)
+		go wp.hostSensorWorker(hsh, wg)
 	}
 }
 
@@ -80,7 +79,7 @@ func (wp *workerPool) hostSensorGetResults(result *[]hostsensor.HostSensorDataEn
 	}()
 }
 
-func (wp *workerPool) hostSensorApplyJobs(podList map[string]string, path string, requestKind scannerResource) {
+func (wp *workerPool) hostSensorApplyJobs(podList map[string]string, path, requestKind string) {
 	go func() {
 		for podName, nodeName := range podList {
 			thisJob := job{