Merge pull request #1732 from kubescape/grpc

force grpc
try to move post-release steps into main workflow
2026-03-03 02:00:27 +00:00 · 2024-09-06 15:43:47 +02:00 · 2024-09-06 12:43:17 +02:00 · 2024-09-04 21:57:00 +02:00 · 2024-08-26 08:49:44 +02:00 · 2024-08-21 13:33:02 +02:00
78 changed files with 650 additions and 466 deletions
--- a/.github/workflows/02-release.yaml
+++ b/.github/workflows/02-release.yaml
@@ -89,4 +89,22 @@ jobs:
      support_platforms: true
      cosign: true
    secrets: inherit
-   
+  post-release:
+    permissions:
+      actions: read
+      checks: read
+      deployments: read
+      discussions: read
+      id-token: write
+      issues: read
+      packages: write
+      pages: read
+      pull-requests: read
+      repository-projects: read
+      security-events: read
+      statuses: read
+      attestations: read
+      contents: write
+    uses: ./.github/workflows/e-post-release.yaml
+    needs: [publish-image]
+    secrets: inherit
--- a/.github/workflows/04-publish-krew-plugin.yaml
+++ b/.github/workflows/04-publish-krew-plugin.yaml
@@ -1,17 +0,0 @@
-name: 04-publish_krew_plugin
-permissions: read-all
-on:
-  push:
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-jobs:
-  publish_krew_plugin:
-    name: Publish Krew plugin
-    runs-on: ubuntu-latest
-    if: github.repository_owner == 'kubescape'
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - name: Update new version in krew-index
-        uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # ratchet:rajatjindal/krew-release-bot@v0.0.43
--- a/.github/workflows/b-binary-build-and-e2e-tests.yaml
+++ b/.github/workflows/b-binary-build-and-e2e-tests.yaml
@@ -18,7 +18,7 @@ on:
      GO_VERSION:
        required: false
        type: string
-        default: "1.22"
+        default: "1.23"
      GO111MODULE:
        required: false
        type: string
@@ -70,7 +70,7 @@ on:
        type: string
      GO_VERSION:
        type: string
-        default: "1.22"
+        default: "1.23"
      GO111MODULE:
        required: true
        type: string
@@ -146,7 +146,7 @@ jobs:
    needs: wf-preparation
    env:
      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: ubuntu-22.04-large
+    runs-on: ubuntu-large
    steps:
      - name: (debug) Step 1 - Check disk space before checkout
        run: df -h
@@ -249,7 +249,7 @@ jobs:
      CGO_ENABLED: 0
      GO111MODULE: "on"
      BUILD_PLATFORM: linux/amd64,linux/arm64
-      GO_VERSION: "1.22"
+      GO_VERSION: "1.23"
      REQUIRED_TESTS: '[
                "ks_microservice_create_2_cronjob_mitre_and_nsa_proxy", 
                "ks_microservice_triggering_with_cron_job",
--- a/.github/workflows/03-post-release.yaml
+++ b/.github/workflows/03-post-release.yaml
@@ -1,21 +1,17 @@
-name: 03-post_release
+name: e-post_release
 permissions: read-all
 on:
-  release:
-    types: [published]
-    branches:
-      - 'master'
-      - 'main'
+  workflow_call: {}
 jobs:
  post_release:
    name: Post release jobs
    runs-on: ubuntu-latest
    steps:
-      - name: Digest
-        uses: MCJack123/ghaction-generate-release-hashes@c03f3111b39432dde3edebe401c5a8d1ffbbf917 # ratchet:MCJack123/ghaction-generate-release-hashes@v1
+      - uses: actions/checkout@v4
        with:
-          hash-type: sha1
-          file-name: kubescape-release-digests
+          submodules: recursive
+      - name: Update new version in krew-index
+        uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # ratchet:rajatjindal/krew-release-bot@v0.0.43
      - name: Invoke workflow to update packaging
        uses: benc-uk/workflow-dispatch@v1
        if: github.repository_owner == 'kubescape'
--- a/README.md
+++ b/README.md
@@ -20,13 +20,23 @@
  <img alt="Kubescape logo" align="right" src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/color/kubescape-stacked-color.svg" width="150">
 </picture>

-_An open-source Kubernetes security platform for your clusters, CI/CD pipelines, and IDE that seperates out the security signal from the scanner noise_
+_Comprehensive Kubernetes Security from Development to Runtime_

-Kubescape is an open-source Kubernetes security platform, built for use in your day-to-day workflow, by fitting into your clusters, CI/CD pipelines and IDE. It serves as a one-stop-shop for Kuberenetes security and includes vulnerability and misconfiguration scanning. You can run scans via the CLI, or add the Kubescape Helm chart, which gives an in-depth view of what is going on in the cluster.
+Kubescape is an open-source Kubernetes security platform that provides comprehensive security coverage from left to right across the entire development and deployment lifecycle. It offers hardening, posture management, and runtime security capabilities to ensure robust protection for Kubernetes environments.

-Kubescape includes misconfiguration and vulnerability scanning as well as risk analysis and security compliance indicators. All results are presented in context and users get many cues on what to do based on scan results.Targeted at the DevSecOps practitioner or platform engineer, it offers an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities. It saves Kubernetes users and admins precious time, effort, and resources.
+**Key features of Kubescape include**

-Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) and the [CIS Benchmark](https://www.armosec.io/blog/cis-kubernetes-benchmark-framework-scanning-tools-comparison/?utm_source=github&utm_medium=repository)).
+* **Shift-left security**: Kubescape enables developers to scan for misconfigurations as early as the manifest file submission stage, promoting a proactive approach to security.  
+* **IDE and CI/CD integration**: The tool integrates seamlessly with popular IDEs like VSCode and Lens, as well as CI/CD platforms such as GitHub and GitLab, allowing for security checks throughout the development process.
+* **Cluster scanning**: Kubescape can scan active Kubernetes clusters for vulnerabilities, misconfigurations, and security issues
+* **Multiple framework support**: Kubescape can test against various security frameworks, including NSA, MITRE, SOC2, and more.
+* **YAML and Helm chart validation**: The tool checks YAML files and Helm charts for correct configuration according to the frameworks above, without requiring an active cluster.
+* **Kubernetes hardening**: Kubescape ensures proactive identification and rapid remediation of misconfigurations and vulnerabilities through manual, recurring, or event-triggered scans.
+* **Runtime security**: Kubescape extends its protection to the runtime environment, providing continuous monitoring and threat detection for deployed applications.
+* **Compliance management**: The tool aids in maintaining compliance with recognized frameworks and standards, simplifying the process of meeting regulatory requirements.
+* **Multi-cloud support**: Kubescape offers frictionless security across various cloud providers and Kubernetes distributions.
+
+By providing this comprehensive security coverage from development to production, Kubescape enables organizations to implement a robust security posture throughout their Kubernetes deployment, addressing potential vulnerabilities and threats at every stage of the application lifecycle.

 Kubescape was created by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository) and is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/).

@@ -68,20 +78,29 @@ Kubescape can be used as a GitHub Action. This is a great way to integrate Kubes
 ## Under the hood

 Kubescape uses [Open Policy Agent](https://github.com/open-policy-agent/opa) to verify Kubernetes objects against [a library of posture controls](https://github.com/kubescape/regolibrary).
+For image scanning, it uses [Grype](https://github.com/anchore/grype).
+For image patching, it uses [Copacetic](https://github.com/project-copacetic/copacetic).

 By default, the results are printed in a console-friendly manner, but they can be:

-* exported to JSON or junit XML
+* exported to JSON, junit XML or SARIF
 * rendered to HTML or PDF
 * submitted to a [cloud service](docs/providers.md)

 It retrieves Kubernetes objects from the API server and runs a set of [Rego snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).

+## Architecture 
+![kubescape](docs/img/architecture-diagram.png)
+
+**Otel collector** - is not built-in, Otel endpoint spec is need to be added at setup [Setting Otel](https://kubescape.io/docs/operator/telemetry/)
+
+
 ## Community

-Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and are building more tests and controls as the ecosystem develops.
+Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the cloud-native community and are enhancing the project as the ecosystem develops.

-We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, every second week on Tuesdays, at 15:00 CET. ([See that in your local time zone](https://time.is/compare/1500_in_CET)).
+
+We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, every other week, at 15:00 CET. ([See that in your local time zone](https://time.is/compare/1500_in_CET).

 The Kubescape project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).

@@ -109,7 +128,7 @@ Kubescape changes are tracked on the [release](https://github.com/kubescape/kube

 ## License

-Copyright 2021-2023, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
+Copyright 2021-2024, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.

 Kubescape is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/) and was contributed by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository).

--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM golang:1.22-bullseye as builder
+FROM --platform=$BUILDPLATFORM golang:1.23-bookworm AS builder

 ENV GO111MODULE=on CGO_ENABLED=0
 WORKDIR /work
@@ -9,7 +9,7 @@ RUN --mount=target=. \
    --mount=type=cache,target=/go/pkg \
    cd httphandler && GOOS=$TARGETOS GOARCH=$TARGETARCH go build -o /out/ksserver .

-FROM gcr.io/distroless/static-debian11:nonroot
+FROM gcr.io/distroless/static-debian12:nonroot

 USER nonroot
 WORKDIR /home/nonroot/
--- a/build/kubescape-cli.Dockerfile
+++ b/build/kubescape-cli.Dockerfile
@@ -1,4 +1,4 @@
-FROM gcr.io/distroless/base-debian11:debug-nonroot
+FROM gcr.io/distroless/base-debian12:debug-nonroot

 USER nonroot
 WORKDIR /home/nonroot/
--- a/cmd/config/delete.go
+++ b/cmd/config/delete.go
@@ -3,7 +3,7 @@ package config
 import (
 	"context"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/meta"
 	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
--- a/cmd/config/set.go
+++ b/cmd/config/set.go
@@ -5,7 +5,7 @@ import (
 	"sort"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/meta"
 	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
--- a/cmd/config/view.go
+++ b/cmd/config/view.go
@@ -3,7 +3,7 @@ package config
 import (
 	"os"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/meta"
 	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -6,7 +6,7 @@ import (
 	"path/filepath"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/core"
 	"github.com/kubescape/kubescape/v3/core/meta"
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/core"
 	"github.com/kubescape/kubescape/v3/core/meta"
--- a/cmd/rootutils.go
+++ b/cmd/rootutils.go
@@ -8,7 +8,7 @@ import (
 	v1 "github.com/kubescape/backend/pkg/client/v1"
 	"github.com/kubescape/backend/pkg/servicediscovery"
 	sdClientV2 "github.com/kubescape/backend/pkg/servicediscovery/v2"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/go-logger/iconlogger"
 	"github.com/kubescape/go-logger/zaplogger"
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -9,7 +9,7 @@ import (

 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/cmd/shared"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -13,7 +13,7 @@ import (
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 	"golang.org/x/exp/slices"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/cmd/shared"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/cmd/scan/image.go
+++ b/cmd/scan/image.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"fmt"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/cmd/shared"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/meta"
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
 	"github.com/kubescape/kubescape/v3/core/meta"
--- a/cmd/scan/workload.go
+++ b/cmd/scan/workload.go
@@ -6,7 +6,7 @@ import (
 	"fmt"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/meta"
 	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
--- a/cmd/update/update.go
+++ b/cmd/update/update.go
@@ -10,7 +10,7 @@ import (
 	"strings"

 	"github.com/kubescape/backend/pkg/versioncheck"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/spf13/cobra"
--- a/cmd/vap/vap.go
+++ b/cmd/vap/vap.go
@@ -203,7 +203,7 @@ func createPolicyBinding(bindingName string, policyName string, action string, p
 		policyBinding.Spec.MatchResources.NamespaceSelector = &metav1.LabelSelector{
 			MatchExpressions: []metav1.LabelSelectorRequirement{
 				{
-					Key:      "name",
+					Key:      "kubernetes.io/metadata.name",
 					Operator: metav1.LabelSelectorOpIn,
 					Values:   namespaceArr,
 				},
--- a/core/cautils/customerloader.go
+++ b/core/cautils/customerloader.go
@@ -14,7 +14,7 @@ import (
 	"github.com/kubescape/backend/pkg/servicediscovery"
 	servicediscoveryv1 "github.com/kubescape/backend/pkg/servicediscovery/v1"
 	servicediscoveryv2 "github.com/kubescape/backend/pkg/servicediscovery/v2"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
--- a/core/cautils/display.go
+++ b/core/cautils/display.go
@@ -9,7 +9,7 @@ import (

 	spinnerpkg "github.com/briandowns/spinner"
 	"github.com/jwalton/gchalk"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/mattn/go-isatty"
 	"github.com/schollz/progressbar/v3"
--- a/core/cautils/fileutils.go
+++ b/core/cautils/fileutils.go
@@ -13,7 +13,7 @@ import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"golang.org/x/exp/slices"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/opa-utils/objectsenvelopes"
 	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"

--- a/core/cautils/helmchart.go
+++ b/core/cautils/helmchart.go
@@ -5,7 +5,7 @@ import (
 	"strconv"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
--- a/core/cautils/kustomizedirectory.go
+++ b/core/cautils/kustomizedirectory.go
@@ -4,7 +4,7 @@ import (
 	"os"
 	"path/filepath"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
--- a/core/cautils/parseFile.go
+++ b/core/cautils/parseFile.go
@@ -6,7 +6,7 @@ import (
 	"strconv"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/mikefarah/yq/v4/pkg/yqlib"
 	"gopkg.in/op/go-logging.v1"
 )
--- a/core/core/download.go
+++ b/core/core/download.go
@@ -8,7 +8,7 @@ import (
 	"sort"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
--- a/core/core/fix.go
+++ b/core/core/fix.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"

 	"github.com/kubescape/kubescape/v3/core/pkg/fixhandler"
--- a/core/core/image_scan.go
+++ b/core/core/image_scan.go
@@ -5,7 +5,7 @@ import (
 	"fmt"

 	"github.com/anchore/grype/grype/presenter/models"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	ksmetav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling"
--- a/core/core/patch.go
+++ b/core/core/patch.go
@@ -9,7 +9,7 @@ import (

 	"github.com/anchore/grype/grype/presenter"
 	"github.com/anchore/grype/grype/presenter/models"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"

 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/core/core/scan.go
+++ b/core/core/scan.go
@@ -169,7 +169,7 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res

 	// ===================== resources =====================
 	ctxResources, spanResources := otel.Tracer("").Start(ctxInit, "resources")
-	err = resourcehandler.CollectResources(ctxResources, interfaces.resourceHandler, scanInfo.PolicyIdentifier, scanData, cautils.NewProgressHandler(""), scanInfo)
+	err = resourcehandler.CollectResources(ctxResources, interfaces.resourceHandler, scanData, scanInfo)
 	if err != nil {
 		spanInit.End()
 		return resultsHandling, err
@@ -182,7 +182,7 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res
 	defer spanOpa.End()

 	deps := resources.NewRegoDependenciesData(k8sinterface.GetK8sConfig(), interfaces.tenantConfig.GetContextName())
-	reportResults := opaprocessor.NewOPAProcessor(scanData, deps, interfaces.tenantConfig.GetContextName())
+	reportResults := opaprocessor.NewOPAProcessor(scanData, deps, interfaces.tenantConfig.GetContextName(), scanInfo.ExcludedNamespaces, scanInfo.IncludeNamespaces)
 	if err = reportResults.ProcessRulesListener(ctxOpa, cautils.NewProgressHandler("")); err != nil {
 		// TODO - do something
 		return resultsHandling, fmt.Errorf("%w", err)
--- a/core/pkg/fixhandler/fixhandler.go
+++ b/core/pkg/fixhandler/fixhandler.go
@@ -15,7 +15,7 @@ import (
 	"github.com/armosec/armoapi-go/armotypes"
 	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/opa-utils/objectsenvelopes"
 	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
 	"github.com/kubescape/opa-utils/reporthandling"
--- a/core/pkg/fixhandler/fixhandler_test.go
+++ b/core/pkg/fixhandler/fixhandler_test.go
@@ -8,7 +8,7 @@ import (
 	"testing"

 	"github.com/armosec/armoapi-go/armotypes"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/kubescape/kubescape/v3/internal/testutils"
 	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
--- a/core/pkg/fixhandler/yamlhelper.go
+++ b/core/pkg/fixhandler/yamlhelper.go
@@ -12,7 +12,7 @@ import (
 	"os"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/mikefarah/yq/v4/pkg/yqlib"
 	"gopkg.in/yaml.v3"
 )
--- a/core/pkg/hostsensorutils/hostsensordeploy.go
+++ b/core/pkg/hostsensorutils/hostsensordeploy.go
@@ -8,7 +8,7 @@ import (
 	"sync"
 	"time"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/k8s-interface/workloadinterface"
--- a/core/pkg/hostsensorutils/hostsensorgetfrompod.go
+++ b/core/pkg/hostsensorutils/hostsensorgetfrompod.go
@@ -9,7 +9,7 @@ import (
 	"strings"
 	"sync"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
--- a/core/pkg/hostsensorutils/hostsensorworkerpool.go
+++ b/core/pkg/hostsensorutils/hostsensorworkerpool.go
@@ -4,7 +4,7 @@ import (
 	"context"
 	"sync"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/opa-utils/objectsenvelopes/hostsensor"
 )
--- a/core/pkg/opaprocessor/processorhandler.go
+++ b/core/pkg/opaprocessor/processorhandler.go
@@ -3,10 +3,11 @@ package opaprocessor
 import (
 	"context"
 	"fmt"
+	"strings"
 	"sync"

 	"github.com/armosec/armoapi-go/armotypes"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
@@ -37,10 +38,12 @@ type OPAProcessor struct {
 	clusterName          string
 	regoDependenciesData *resources.RegoDependenciesData
 	*cautils.OPASessionObj
-	opaRegisterOnce sync.Once
+	opaRegisterOnce   sync.Once
+	excludeNamespaces []string
+	includeNamespaces []string
 }

-func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *resources.RegoDependenciesData, clusterName string) *OPAProcessor {
+func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *resources.RegoDependenciesData, clusterName string, excludeNamespaces string, includeNamespaces string) *OPAProcessor {
 	if regoDependenciesData != nil && sessionObj != nil {
 		regoDependenciesData.PostureControlInputs = sessionObj.RegoInputData.PostureControlInputs
 		regoDependenciesData.DataControlInputs = sessionObj.RegoInputData.DataControlInputs
@@ -50,6 +53,8 @@ func NewOPAProcessor(sessionObj *cautils.OPASessionObj, regoDependenciesData *re
 		OPASessionObj:        sessionObj,
 		regoDependenciesData: regoDependenciesData,
 		clusterName:          clusterName,
+		excludeNamespaces:    split(excludeNamespaces),
+		includeNamespaces:    split(includeNamespaces),
 	}
 }

@@ -211,6 +216,9 @@ func (opap *OPAProcessor) processRule(ctx context.Context, rule *reporthandling.
 		inputResources = objectsenvelopes.ListMapToMeta(enumeratedData)

 		for i, inputResource := range inputResources {
+			if opap.skipNamespace(inputResource.GetNamespace()) {
+				continue
+			}
 			resources[inputResource.GetID()] = &resourcesresults.ResourceAssociatedRule{
 				Name:                  rule.Name,
 				ControlConfigurations: ruleRegoDependenciesData.PostureControlInputs,
@@ -229,6 +237,9 @@ func (opap *OPAProcessor) processRule(ctx context.Context, rule *reporthandling.
 		for _, ruleResponse := range ruleResponses {
 			failedResources := objectsenvelopes.ListMapToMeta(ruleResponse.GetFailedResources())
 			for _, failedResource := range failedResources {
+				if opap.skipNamespace(failedResource.GetNamespace()) {
+					continue
+				}
 				var ruleResult *resourcesresults.ResourceAssociatedRule
 				if r, found := resources[failedResource.GetID()]; found {
 					ruleResult = r
@@ -387,3 +398,25 @@ func (opap *OPAProcessor) makeRegoDeps(configInputs []reporthandling.ControlConf
 		PostureControlInputs: postureControlInputs,
 	}
 }
+
+func (opap *OPAProcessor) skipNamespace(ns string) bool {
+	if includeNamespaces := opap.includeNamespaces; len(includeNamespaces) > 0 {
+		if !slices.Contains(includeNamespaces, ns) {
+			// skip ns not in IncludeNamespaces
+			return true
+		}
+	} else if excludeNamespaces := opap.excludeNamespaces; len(excludeNamespaces) > 0 {
+		if slices.Contains(excludeNamespaces, ns) {
+			// skip ns in ExcludeNamespaces
+			return true
+		}
+	}
+	return false
+}
+
+func split(namespaces string) []string {
+	if namespaces == "" {
+		return nil
+	}
+	return strings.Split(namespaces, ",")
+}
--- a/core/pkg/opaprocessor/processorhandler_test.go
+++ b/core/pkg/opaprocessor/processorhandler_test.go
@@ -197,7 +197,7 @@ func TestProcessResourcesResult(t *testing.T) {
 	opaSessionObj.K8SResources = k8sResources
 	opaSessionObj.AllResources[deployment.GetID()] = deployment

-	opap := NewOPAProcessor(opaSessionObj, resources.NewRegoDependenciesDataMock(), "test")
+	opap := NewOPAProcessor(opaSessionObj, resources.NewRegoDependenciesDataMock(), "test", "", "")
 	opap.AllPolicies = policies
 	opap.Process(context.TODO(), policies, nil)

--- a/core/pkg/opaprocessor/processorhandlerutils.go
+++ b/core/pkg/opaprocessor/processorhandlerutils.go
@@ -5,7 +5,7 @@ import (

 	corev1 "k8s.io/api/core/v1"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/core/pkg/opaprocessor/utils.go
+++ b/core/pkg/opaprocessor/utils.go
@@ -4,7 +4,7 @@ import (
 	"fmt"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/opa-utils/reporthandling"
--- a/core/pkg/policyhandler/handlepullpolicies.go
+++ b/core/pkg/policyhandler/handlepullpolicies.go
@@ -7,7 +7,7 @@ import (
 	"strings"

 	"github.com/armosec/armoapi-go/armotypes"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
--- a/core/pkg/resourcehandler/filesloader.go
+++ b/core/pkg/resourcehandler/filesloader.go
@@ -14,7 +14,6 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/pkg/opaprocessor"
 )

 // FileResourceHandler handle resources from files and URLs
@@ -25,7 +24,7 @@ func NewFileResourceHandler() *FileResourceHandler {
 	return &FileResourceHandler{}
 }

-func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, _ opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error) {
+func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error) {
 	allResources := map[string]workloadinterface.IMetadata{}
 	externalResources := cautils.ExternalResources{}

@@ -44,10 +43,7 @@ func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessio
 		var err error

 		if scanInfo.ChartPath != "" && scanInfo.FilePath != "" {
-			workloadIDToSource, workloads, workloadIDToMappingNodes, err = getWorkloadFromHelmChart(ctx, scanInfo.InputPatterns[path], scanInfo.ChartPath, scanInfo.FilePath)
-			if err != nil {
-				// We should probably ignore the error so we can continue scanning other charts
-			}
+			workloadIDToSource, workloads, workloadIDToMappingNodes, _ = getWorkloadFromHelmChart(ctx, scanInfo.InputPatterns[path], scanInfo.ChartPath, scanInfo.FilePath)
 		} else {
 			workloadIDToSource, workloads, workloadIDToMappingNodes, err = getResourcesFromPath(ctx, scanInfo.InputPatterns[path])
 			if err != nil {
--- a/core/pkg/resourcehandler/handlepullresources_test.go
+++ b/core/pkg/resourcehandler/handlepullresources_test.go
@@ -100,12 +100,12 @@ func Test_CollectResources(t *testing.T) {
 	}

 	assert.NotPanics(t, func() {
-		CollectResources(context.TODO(), resourceHandler, []cautils.PolicyIdentifier{}, objSession, cautils.NewProgressHandler(""), &cautils.ScanInfo{})
+		CollectResources(context.TODO(), resourceHandler, objSession, &cautils.ScanInfo{})
 	}, "Cluster named .*eks.* without a cloud config panics on cluster scan !")

 	assert.NotPanics(t, func() {
 		objSession.Metadata.ScanMetadata.ScanningTarget = reportv2.File
-		CollectResources(context.TODO(), resourceHandler, []cautils.PolicyIdentifier{}, objSession, cautils.NewProgressHandler(""), &cautils.ScanInfo{})
+		CollectResources(context.TODO(), resourceHandler, objSession, &cautils.ScanInfo{})
 	}, "Cluster named .*eks.* without a cloud config panics on non-cluster scan !")

 }
--- a/core/pkg/resourcehandler/handlerpullresources.go
+++ b/core/pkg/resourcehandler/handlerpullresources.go
@@ -4,19 +4,18 @@ import (
 	"context"
 	"fmt"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	cloudsupportv1 "github.com/kubescape/k8s-interface/cloudsupport/v1"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/pkg/opaprocessor"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
 	helpersv1 "github.com/kubescape/opa-utils/reporthandling/helpers/v1"
 	reportv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 	"go.opentelemetry.io/otel"
 )

-func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyIdentifier []cautils.PolicyIdentifier, opaSessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) error {
+func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, opaSessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) error {
 	ctx, span := otel.Tracer("").Start(ctx, "resourcehandler.CollectResources")
 	defer span.End()
 	opaSessionObj.Report.ClusterAPIServerInfo = rsrcHandler.GetClusterAPIServerInfo(ctx)
@@ -26,7 +25,7 @@ func CollectResources(ctx context.Context, rsrcHandler IResourceHandler, policyI
 		setCloudMetadata(opaSessionObj, rsrcHandler.GetCloudProvider())
 	}

-	resourcesMap, allResources, externalResources, excludedRulesMap, err := rsrcHandler.GetResources(ctx, opaSessionObj, progressListener, scanInfo)
+	resourcesMap, allResources, externalResources, excludedRulesMap, err := rsrcHandler.GetResources(ctx, opaSessionObj, scanInfo)
 	if err != nil {
 		return err
 	}
--- a/core/pkg/resourcehandler/interface.go
+++ b/core/pkg/resourcehandler/interface.go
@@ -5,12 +5,11 @@ import (

 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/pkg/opaprocessor"
 	"k8s.io/apimachinery/pkg/version"
 )

 type IResourceHandler interface {
-	GetResources(context.Context, *cautils.OPASessionObj, opaprocessor.IJobProgressNotificationClient, *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error)
+	GetResources(context.Context, *cautils.OPASessionObj, *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error)
 	GetClusterAPIServerInfo(ctx context.Context) *version.Info
 	GetCloudProvider() string
 }
--- a/core/pkg/resourcehandler/k8sresources.go
+++ b/core/pkg/resourcehandler/k8sresources.go
@@ -5,14 +5,15 @@ import (
 	"fmt"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/metrics"
 	"github.com/kubescape/kubescape/v3/core/pkg/hostsensorutils"
-	"github.com/kubescape/kubescape/v3/core/pkg/opaprocessor"
 	"github.com/kubescape/opa-utils/objectsenvelopes"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/client-go/tools/pager"

 	"github.com/kubescape/k8s-interface/cloudsupport"
 	cloudapis "github.com/kubescape/k8s-interface/cloudsupport/apis"
@@ -60,7 +61,7 @@ func NewK8sResourceHandler(k8s *k8sinterface.KubernetesApi, hostSensorHandler ho
 	return k8sHandler
 }

-func (k8sHandler *K8sResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error) {
+func (k8sHandler *K8sResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error) {
 	logger.L().Start("Accessing Kubernetes objects...")
 	var err error

@@ -145,7 +146,7 @@ func (k8sHandler *K8sResourceHandler) GetResources(ctx context.Context, sessionO

 	// check that controls use cloud resources
 	if len(cloudResources) > 0 {
-		err := k8sHandler.collectCloudResources(ctx, sessionObj, allResources, ksResourceMap, cloudResources, progressListener)
+		err := k8sHandler.collectCloudResources(ctx, sessionObj, allResources, ksResourceMap, cloudResources)
 		if err != nil {
 			cautils.SetInfoMapForResources(err.Error(), cloudResources, sessionObj.InfoMap)
 			logger.L().Debug("failed to collect cloud data", helpers.Error(err))
@@ -173,9 +174,9 @@ func (k8sHandler *K8sResourceHandler) findScanObjectResource(resource *objectsen
 	}

 	if resource.GetApiVersion() != "" {
-		group, version := k8sinterface.SplitApiVersion(resource.GetApiVersion())
-		gvr.Group = group
-		gvr.Version = version
+		g, v := k8sinterface.SplitApiVersion(resource.GetApiVersion())
+		gvr.Group = g
+		gvr.Version = v
 	}

 	fieldSelectors := getNameFieldSelectorString(resource.GetName(), FieldSelectorsEqualsOperator)
@@ -208,7 +209,7 @@ func (k8sHandler *K8sResourceHandler) findScanObjectResource(resource *objectsen
 	return wl, nil
 }

-func (k8sHandler *K8sResourceHandler) collectCloudResources(ctx context.Context, sessionObj *cautils.OPASessionObj, allResources map[string]workloadinterface.IMetadata, externalResourceMap cautils.ExternalResources, cloudResources []string, progressListener opaprocessor.IJobProgressNotificationClient) error {
+func (k8sHandler *K8sResourceHandler) collectCloudResources(ctx context.Context, sessionObj *cautils.OPASessionObj, allResources map[string]workloadinterface.IMetadata, externalResourceMap cautils.ExternalResources, cloudResources []string) error {

 	if k8sHandler.cloudProvider == "" {
 		return fmt.Errorf("failed to get cloud provider, cluster: %s", k8sHandler.clusterName)
@@ -356,7 +357,7 @@ func (k8sHandler *K8sResourceHandler) pullResources(queryableResources Queryable
 }

 func (k8sHandler *K8sResourceHandler) pullSingleResource(resource *schema.GroupVersionResource, labels map[string]string, fields string, fieldSelector IFieldSelector) ([]unstructured.Unstructured, error) {
-	resourceList := []unstructured.Unstructured{}
+	var resourceList []unstructured.Unstructured
 	// set labels
 	listOptions := metav1.ListOptions{}
 	fieldSelectors := fieldSelector.GetNamespacesSelectors(resource)
@@ -376,30 +377,29 @@ func (k8sHandler *K8sResourceHandler) pullSingleResource(resource *schema.GroupV
 		clientResource := k8sHandler.k8s.DynamicClient.Resource(*resource)

 		// list resources
-		result, err := clientResource.List(context.Background(), listOptions)
-		if err != nil || result == nil {
-			return nil, fmt.Errorf("failed to get resource: %v, labelSelector: %v, fieldSelector: %v, reason: %v", resource, listOptions.LabelSelector, listOptions.FieldSelector, err)
+		if err := pager.New(func(ctx context.Context, opts metav1.ListOptions) (runtime.Object, error) {
+			return clientResource.List(ctx, opts)
+		}).EachListItem(context.Background(), listOptions, func(obj runtime.Object) error {
+			uObject := obj.(*unstructured.Unstructured)
+			if k8sinterface.IsTypeWorkload(uObject.Object) && k8sinterface.WorkloadHasParent(workloadinterface.NewWorkloadObj(uObject.Object)) {
+				logger.L().Debug("Skipping resource with parent", helpers.String("kind", uObject.GetKind()), helpers.String("name", uObject.GetName()))
+				return nil
+			}
+			resourceList = append(resourceList, *obj.(*unstructured.Unstructured))
+			return nil
+		}); err != nil {
+			return nil, fmt.Errorf("failed to get resource: %v, labelSelector: %v, fieldSelector: %v, reason: %w", resource, listOptions.LabelSelector, listOptions.FieldSelector, err)
 		}

-		resourceList = append(resourceList, result.Items...)
-
 	}

 	return resourceList, nil

 }
 func ConvertMapListToMeta(resourceMap []map[string]interface{}) []workloadinterface.IMetadata {
-	workloads := []workloadinterface.IMetadata{}
+	var workloads []workloadinterface.IMetadata
 	for i := range resourceMap {
 		r := resourceMap[i]
-
-		// skip workloads with parents. e.g. Pod with a ReplicaSet ownerReference. This will not skip resources with CRDs asa parents
-		if k8sinterface.IsTypeWorkload(r) {
-			if k8sinterface.WorkloadHasParent(workloadinterface.NewWorkloadObj(r)) {
-				continue
-			}
-		}
-
 		if w := objectsenvelopes.NewObject(r); w != nil {
 			workloads = append(workloads, w)
 		}
@@ -415,8 +415,8 @@ func (k8sHandler *K8sResourceHandler) collectHostResources(ctx context.Context,
 	}

 	for rscIdx := range hostResources {
-		group, version := getGroupNVersion(hostResources[rscIdx].GetApiVersion())
-		groupResource := k8sinterface.JoinResourceTriplets(group, version, hostResources[rscIdx].GetKind())
+		g, v := getGroupNVersion(hostResources[rscIdx].GetApiVersion())
+		groupResource := k8sinterface.JoinResourceTriplets(g, v, hostResources[rscIdx].GetKind())
 		allResources[hostResources[rscIdx].GetID()] = &hostResources[rscIdx]

 		grpResourceList, ok := externalResourceMap[groupResource]
--- a/core/pkg/resourcesprioritization/prioritizationhandler.go
+++ b/core/pkg/resourcesprioritization/prioritizationhandler.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"fmt"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/core/pkg/resultshandling/printer/printresults.go
+++ b/core/pkg/resultshandling/printer/printresults.go
@@ -6,7 +6,7 @@ import (
 	"os"
 	"path/filepath"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 )
--- a/core/pkg/resultshandling/printer/v1/jsonprinter.go
+++ b/core/pkg/resultshandling/printer/v1/jsonprinter.go
@@ -8,7 +8,7 @@ import (
 	"path/filepath"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
 )
--- a/core/pkg/resultshandling/printer/v1/prometheusprinter.go
+++ b/core/pkg/resultshandling/printer/v1/prometheusprinter.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"os"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
--- a/core/pkg/resultshandling/printer/v2/htmlprinter.go
+++ b/core/pkg/resultshandling/printer/v2/htmlprinter.go
@@ -9,7 +9,7 @@ import (
 	"sort"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
--- a/core/pkg/resultshandling/printer/v2/jsonprinter.go
+++ b/core/pkg/resultshandling/printer/v2/jsonprinter.go
@@ -11,7 +11,7 @@ import (
 	"github.com/anchore/clio"
 	"github.com/anchore/grype/grype/presenter"
 	"github.com/anchore/grype/grype/presenter/models"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
--- a/core/pkg/resultshandling/printer/v2/junit.go
+++ b/core/pkg/resultshandling/printer/v2/junit.go
@@ -9,7 +9,7 @@ import (
 	"sort"
 	"strings"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/core/pkg/resultshandling/printer/v2/pdf.go
+++ b/core/pkg/resultshandling/printer/v2/pdf.go
@@ -10,7 +10,7 @@ import (
 	"strings"
 	"time"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
--- a/core/pkg/resultshandling/printer/v2/prettyprinter.go
+++ b/core/pkg/resultshandling/printer/v2/prettyprinter.go
@@ -11,7 +11,7 @@ import (
 	"github.com/anchore/grype/grype/presenter/models"
 	"github.com/enescakir/emoji"
 	"github.com/jwalton/gchalk"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/core/pkg/resultshandling/printer/v2/prometheus.go
+++ b/core/pkg/resultshandling/printer/v2/prometheus.go
@@ -6,7 +6,7 @@ import (
 	"os"

 	"github.com/anchore/grype/grype/presenter/models"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/core/pkg/resultshandling/printer/v2/sarifprinter.go
+++ b/core/pkg/resultshandling/printer/v2/sarifprinter.go
@@ -14,7 +14,7 @@ import (

 	"github.com/anchore/grype/grype/presenter"
 	"github.com/anchore/grype/grype/presenter/models"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/fixhandler"
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver.go
@@ -10,7 +10,7 @@ import (
 	"github.com/armosec/armoapi-go/apis"
 	client "github.com/kubescape/backend/pkg/client/v1"
 	v1 "github.com/kubescape/backend/pkg/server/v1"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
--- a/core/pkg/resultshandling/reporter/v2/reporteventreceiver_test.go
+++ b/core/pkg/resultshandling/reporter/v2/reporteventreceiver_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"

 	v1 "github.com/kubescape/backend/pkg/client/v1"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/prettylogger"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
--- a/core/pkg/resultshandling/results.go
+++ b/core/pkg/resultshandling/results.go
@@ -5,7 +5,7 @@ import (
 	"encoding/json"
 	"fmt"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -6,7 +6,7 @@ The best way to get started with Kubescape is to download it to the machine you

 ## Install Kubescape

-```sh
+```bash
 curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
 ```

@@ -16,175 +16,255 @@ You can also check [other installation methods](installation.md)

 ## Run your first scan

-```sh
-kubescape scan --verbose
+```bash
+kubescape scan
 ```

 You will see output like this:

-<img src="img/summary.png">
+```bash
+Kubescape security posture overview for cluster: minikube

-## Usage
+In this overview, Kubescape shows you a summary of your cluster security posture, including the number of users who can perform administrative actions. For each result greater than 0, you should evaluate its need, and then define an exception to allow it. This baseline can be used to detect drift in future.

-_Some documentation on using Kubescape is yet to move here from the [ARMO Platform docs](https://hub.armosec.io/docs?utm_source=github&utm_medium=repository)_.
+Control plane
+┌────┬─────────────────────────────────────┬────────────────────────────────────┐
+│    │ Control Name                        │ Docs                               │
+├────┼─────────────────────────────────────┼────────────────────────────────────┤
+│ ✅ │ API server insecure port is enabled │ https://hub.armosec.io/docs/c-0005 │
+│ ❌ │ Anonymous access enabled            │ https://hub.armosec.io/docs/c-0262 │
+│ ❌ │ Audit logs enabled                  │ https://hub.armosec.io/docs/c-0067 │
+│ ✅ │ RBAC enabled                        │ https://hub.armosec.io/docs/c-0088 │
+│ ❌ │ Secret/etcd encryption enabled      │ https://hub.armosec.io/docs/c-0066 │
+└────┴─────────────────────────────────────┴────────────────────────────────────┘
+
+Access control
+┌─────────────────────────────────────────────────┬───────────┬────────────────────────────────────┐
+│ Control Name                                    │ Resources │ View Details                       │
+├─────────────────────────────────────────────────┼───────────┼────────────────────────────────────┤
+│ Cluster-admin binding                           │     1     │ $ kubescape scan control C-0035 -v │
+│ Data Destruction                                │     6     │ $ kubescape scan control C-0007 -v │
+│ Exec into container                             │     1     │ $ kubescape scan control C-0002 -v │
+│ List Kubernetes secrets                         │     6     │ $ kubescape scan control C-0015 -v │
+│ Minimize access to create pods                  │     2     │ $ kubescape scan control C-0188 -v │
+│ Minimize wildcard use in Roles and ClusterRoles │     1     │ $ kubescape scan control C-0187 -v │
+│ Portforwarding privileges                       │     1     │ $ kubescape scan control C-0063 -v │
+│ Validate admission controller (mutating)        │     0     │ $ kubescape scan control C-0039 -v │
+│ Validate admission controller (validating)      │     0     │ $ kubescape scan control C-0036 -v │
+└─────────────────────────────────────────────────┴───────────┴────────────────────────────────────┘
+
+Secrets
+┌─────────────────────────────────────────────────┬───────────┬────────────────────────────────────┐
+│ Control Name                                    │ Resources │ View Details                       │
+├─────────────────────────────────────────────────┼───────────┼────────────────────────────────────┤
+│ Applications credentials in configuration files │     1     │ $ kubescape scan control C-0012 -v │
+└─────────────────────────────────────────────────┴───────────┴────────────────────────────────────┘
+
+Network
+┌────────────────────────┬───────────┬────────────────────────────────────┐
+│ Control Name           │ Resources │ View Details                       │
+├────────────────────────┼───────────┼────────────────────────────────────┤
+│ Missing network policy │    13     │ $ kubescape scan control C-0260 -v │
+└────────────────────────┴───────────┴────────────────────────────────────┘
+
+Workload
+┌─────────────────────────┬───────────┬────────────────────────────────────┐
+│ Control Name            │ Resources │ View Details                       │
+├─────────────────────────┼───────────┼────────────────────────────────────┤
+│ Host PID/IPC privileges │     2     │ $ kubescape scan control C-0038 -v │
+│ HostNetwork access      │     1     │ $ kubescape scan control C-0041 -v │
+│ HostPath mount          │     1     │ $ kubescape scan control C-0048 -v │
+│ Non-root containers     │     6     │ $ kubescape scan control C-0013 -v │
+│ Privileged container    │     1     │ $ kubescape scan control C-0057 -v │
+└─────────────────────────┴───────────┴────────────────────────────────────┘
+
+Highest-stake workloads
+────────────────────────
+High-stakes workloads are defined as those which Kubescape estimates would have the highest impact if they were to be exploited.
+
+1. namespace: gadget, name: gadget, kind: DaemonSet
+   '$ kubescape scan workload DaemonSet/gadget --namespace gadget'
+2. namespace: kafka, name: my-cluster-kafka-0, kind: Pod
+   '$ kubescape scan workload Pod/my-cluster-kafka-0 --namespace kafka'
+3. namespace: kafka, name: my-cluster-zookeeper-0, kind: Pod
+   '$ kubescape scan workload Pod/my-cluster-zookeeper-0 --namespace kafka'
+
+Compliance Score
+────────────────
+The compliance score is calculated by multiplying control failures by the number of failures against supported compliance frameworks. Remediate controls, or configure your cluster baseline with exceptions, to improve this score.
+
+* MITRE: 77.39%
+* NSA: 69.97%
+
+View a full compliance report by running '$ kubescape scan framework nsa' or '$ kubescape scan framework mitre'
+
+What now?
+─────────
+* Run one of the suggested commands to learn more about a failed control failure
+* Scan a workload with '$ kubescape scan workload' to see vulnerability information
+* Install Kubescape in your cluster for continuous monitoring and a full vulnerability report: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator
+
+```
+
+# Usage
+
+Capabilities
+* Scan Kubernetes clusters for misconfigurations
+* Scan Kubernetes YAML files/Helm charts for misconfigurations
+* Scan container images for vulnerabilities
+
+## Misconfigurations Scanning
+Scan Kubernetes clusters, YAML files, Helm charts for misconfigurations.
+Kubescape will highlight the misconfigurations and provide remediation steps.
+The misconfigurations are based on multiple frameworks (including [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) and the [CIS Benchmark](https://www.armosec.io/blog/cis-kubernetes-benchmark-framework-scanning-tools-comparison/?utm_source=github&utm_medium=repository)).

 ### Examples

-* Scan a running Kubernetes cluster:
+#### Scan a running Kubernetes cluster:

-    ```sh
-    kubescape scan --verbose
+```bash
+kubescape scan
+```
+
+> **Note**  
+> [Read more about host scanning](https://hub.armosec.io/docs/host-sensor?utm_source=github&utm_medium=repository).
+
+#### Scan NSA framework
+Scan a running Kubernetes cluster with the [NSA framework](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/):
+
+```bash
+kubescape scan framework nsa
+```
+
+#### Scan MITRE framework
+Scan a running Kubernetes cluster with the [MITRE ATT&CK® framework](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/):
+
+```bash
+kubescape scan framework mitre
+```
+
+#### Scan a control
+Scan for a specific control, using the control name or control ID. [See the list of controls](https://hub.armosec.io/docs/controls?utm_source=github&utm_medium=repository).
+
+```bash
+kubescape scan control c-0005 -v
+```
+
+#### Use an alternative kubeconfig file
+
+```bash
+kubescape scan --kubeconfig cluster.conf
+```
+
+#### Scan specific namespaces
+
+```bash
+kubescape scan --include-namespaces development,staging,production
+```
+
+#### Exclude certain namespaces
+
+```bash
+kubescape scan --exclude-namespaces kube-system,kube-public
+```
+
+#### Scan local YAML files
+```sh
+kubescape scan /path/to/directory-or-directory
+```
+
+Take a look at the [example](https://youtu.be/Ox6DaR7_4ZI).
+
+#### Scan git repository
+Scan Kubernetes manifest files from a Git repository:
+
+```bash
+kubescape scan https://github.com/kubescape/kubescape
+```
+
+#### Scan with exceptions
+
+```bash
+kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json
+```
+
+Objects with exceptions will be presented as `exclude` and not `fail`.
+
+[See more examples about exceptions.](/examples/exceptions/README.md)
+
+#### Scan Helm charts 
+
+```bash
+kubescape scan </path/to/directory>
+```
+
+> **Note**  
+> Kubescape will load the default VALUES file.
+
+#### Scan a Kustomize directory 
+
+```bash
+kubescape scan </path/to/directory>
+```
+
+> **Note**  
+> Kubescape will generate Kubernetes YAML objects using a `kustomize` file and scan them for security.
+
+#### Trigger in cluster components for scanning your cluster
+
+If the [kubescape-operator](https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator#readme) is installed in your cluster, you can trigger scanning of the in cluster components from the kubescape CLI.
+
+Trigger configuration scanning:
+```bash
+kubescape operator scan configurations
+```
+
+Trigger vulnerabilities scanning:
+```bash
+kubescape operator scan vulnerabilities
+```
+
+#### Compliance Score
+
+We offer two important metrics to assess compliance:
+
+- Control Compliance Score: This score measures the compliance of individual controls within a framework. It is calculated by evaluating the ratio of resources that passed to the total number of resources evaluated against that control.
+    ```bash
+    kubescape scan --compliance-threshold <SCORE_VALUE[float32]>
    ```
-
-    > **Note**  
-    > [Read more about host scanning](https://hub.armosec.io/docs/host-sensor?utm_source=github&utm_medium=repository).
-
-* Scan a running Kubernetes cluster with the [NSA framework](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/):
-
-    ```sh
-    kubescape scan framework nsa
+- Framework Compliance Score: This score provides an overall assessment of your cluster's compliance with a specific framework. It is calculated by averaging the Control Compliance Scores of all controls within the framework.
+    ```bash
+    kubescape scan framework <FRAMEWORK_NAME> --compliance-threshold <SCORE_VALUE[float32]>
    ```

-* Scan a running Kubernetes cluster with the [MITRE ATT&CK® framework](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/):
-
-    ```sh
-    kubescape scan framework mitre
-    ```
-
-* Scan for a specific control, using the control name or control ID. [See the list of controls](https://hub.armosec.io/docs/controls?utm_source=github&utm_medium=repository).
-
-    ```sh
-    kubescape scan control "Privileged container"
-    ```
-
-* Use an alternative kubeconfig file:
-
-    ```sh
-    kubescape scan --kubeconfig cluster.conf
-    ```
-
-* Scan specific namespaces:
-
-    ```sh
-    kubescape scan --include-namespaces development,staging,production
-    ```
-
-* Exclude certain namespaces:
-
-    ```sh
-    kubescape scan --exclude-namespaces kube-system,kube-public
-    ```
-
-* Scan local YAML/JSON files before deploying:
-    ```sh
-    kubescape scan *.yaml
-    ```
-
-    [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI).
-
-* Scan Kubernetes manifest files from a Git repository:
-
-    ```sh
-    kubescape scan https://github.com/kubescape/kubescape
-    ```
-
-* Scan with exceptions
-
-    ```sh
-    kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json
-    ```
-
-    Objects with exceptions will be presented as `exclude` and not `fail`.
-
-    [See more examples about exceptions.](/examples/exceptions/README.md)
-
-* Scan Helm charts 
-
-    ```sh
-    kubescape scan </path/to/directory>
-    ```
-
-    > **Note**  
-    > Kubescape will load the default VALUES file.
-
-* Scan a Kustomize directory 
-
-    ```sh
-    kubescape scan </path/to/directory>
-    ```
-
-    > **Note**  
-    > Kubescape will generate Kubernetes YAML objects using a `kustomize` file and scan them for security.
-
-* Trigger in cluster components for scanning your cluster:
-
-    If kubescape helm chart is install in your cluster we can trigger scanning of the in cluster components from the kubescape CLI.
-    ```sh
-    kubescape operator scan config
-    ```
-    ```sh
-    kubescape operator scan vulnerabilities
-    ```
-
-* Compliance Score
-
-    We offer two important metrics to assess compliance:
-
-    - Control Compliance Score: This score measures the compliance of individual controls within a framework. It is calculated by evaluating the ratio of resources that passed to the total number of resources evaluated against that control.
-        ```sh
-        kubescape scan --compliance-threshold <SCORE_VALUE[float32]>
-        ```
-    - Framework Compliance Score: This score provides an overall assessment of your cluster's compliance with a specific framework. It is calculated by averaging the Control Compliance Scores of all controls within the framework.
-        ```sh
-        kubescape scan framework <FRAMEWORK_NAME> --compliance-threshold <SCORE_VALUE[float32]>
-        ```
-        Kubescape scan with compliance score
-        <img src="img/ks-scan-with-compliance.gif">
-
 ### Output formats

-* JSON:
+#### JSON:

-    ```sh
-    kubescape scan --format json --format-version v2 --output results.json
-    ```
+```bash
+kubescape scan --format json --output results.json
+```

-    > **Note**  
-    > Add the `--format-version v2` flag for maximum compatibility.
+#### junit XML: 

-* junit XML: 
+```bash
+kubescape scan --format junit --output results.xml
+```
+#### SARIF: 

-    ```sh
-    kubescape scan --format junit --output results.xml
-    ```
+SARIF is a standard format for the output of static analysis tools. It is supported by many tools, including GitHub Code Scanning and Azure DevOps. [Read more about SARIF](https://docs.github.com/en/code-security/secure-coding/sarif-support-for-code-scanning/about-sarif-support-for-code-scanning).

-* PDF:
+```bash
+kubescape scan --format sarif --output results.sarif
+```
+> **Note**
+> SARIF format is supported only when scanning local files or git repositories, but not when scanning a running cluster.

-    ```sh
-    kubescape scan --format pdf --output results.pdf
-    ```
+#### HTML

-    _Contributed by [@alegrey91](https://github.com/alegrey91)_
-
-* Prometheus metrics:
-
-    ```
-    kubescape scan --format prometheus
-    ```
-
-    _Contributed by [@Joibel](https://github.com/Joibel)_
-
-* HTML
-
-    ```
-    kubescape scan --format html --output results.html
-    ```
-
-* Display all scanned resources (including the resources which passed):
-
-    ```sh
-    kubescape scan --verbose
-    ```
+```bash
+kubescape scan --format html --output results.html
+```

 ## Offline/air-gapped environment support

@@ -194,7 +274,7 @@ It is possible to run Kubescape offline!  Check out our [video tutorial](https:/

 1. Download the controls and save them in the local directory.  If no path is specified, they will be saved in `~/.kubescape`.

-   ```sh
+   ```bash
   kubescape download artifacts --output path/to/local/dir
   ```

@@ -202,7 +282,7 @@ It is possible to run Kubescape offline!  Check out our [video tutorial](https:/

 3. Scan using the downloaded artifacts:

-   ```sh
+   ```bash
   kubescape scan --use-artifacts-from path/to/local/dir
   ```

@@ -212,7 +292,7 @@ You can also download a single artifact, and scan with the `--use-from` flag:

 1. Download and save in a file. If no file name is specified, the artifact will be saved as `~/.kubescape/<framework name>.json`.

-    ```sh
+    ```bash
    kubescape download framework nsa --output /path/nsa.json
    ```

@@ -220,9 +300,32 @@ You can also download a single artifact, and scan with the `--use-from` flag:

 3. Scan using the downloaded framework:

-    ```sh
+    ```bash
    kubescape scan framework nsa --use-from /path/nsa.json
    ```
+## Image scanning
+
+Kubescape can scan container images for vulnerabilities.  It uses [Grype]() to scan the images.
+
+### Examples
+
+#### Scan image
+
+```bash
+kubescape scan image nginx:1.19.6
+```
+
+#### Scan image from a private registry
+
+```bash
+kubescape scan image --username myuser --password mypassword myregistry/nginx:1.19.6
+```
+
+#### Scan image and see full report
+    
+```bash
+kubescape scan image nginx:1.19.6 -v
+```

 ## Other ways to use Kubescape

--- a/docs/img/architecture-diagram.png
+++ b/docs/img/architecture-diagram.png
--- a/go.mod
+++ b/go.mod
@@ -196,7 +196,7 @@ require (
 	github.com/dimchansky/utfbom v1.1.1 // indirect
 	github.com/docker/buildx v0.11.2 // indirect
 	github.com/docker/cli v26.1.0+incompatible // indirect
-	github.com/docker/docker v26.1.0+incompatible // indirect
+	github.com/docker/docker v26.1.5+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
--- a/go.sum
+++ b/go.sum
@@ -644,8 +644,8 @@ github.com/docker/cli v26.1.0+incompatible h1:+nwRy8Ocd8cYNQ60mozDDICICD8aoFGtlP
 github.com/docker/cli v26.1.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v26.1.0+incompatible h1:W1G9MPNbskA6VZWL7b3ZljTh0pXI68FpINx0GKaOdaM=
-github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g=
+github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
 github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
 github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
--- a/httphandler/docs/server.go
+++ b/httphandler/docs/server.go
@@ -7,7 +7,7 @@ import (
 	_ "embed"

 	"github.com/go-openapi/runtime/middleware"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 )

 const (
--- a/httphandler/go.mod
+++ b/httphandler/go.mod
@@ -17,7 +17,7 @@ require (
 	github.com/kubescape/k8s-interface v0.0.168
 	github.com/kubescape/kubescape/v3 v3.0.4
 	github.com/kubescape/opa-utils v0.0.281
-	github.com/kubescape/storage v0.0.20
+	github.com/kubescape/storage v0.0.111
 	github.com/spf13/viper v1.18.2
 	github.com/stretchr/testify v1.9.0
 	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.45.0
@@ -32,7 +32,7 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.24.0 // indirect
-	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
+	golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect
 	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.26.0 // indirect
 	golang.org/x/oauth2 v0.19.0 // indirect
@@ -76,8 +76,8 @@ require (
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
 	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
-	github.com/Microsoft/go-winio v0.6.1 // indirect
-	github.com/Microsoft/hcsshim v0.11.4 // indirect
+	github.com/Microsoft/go-winio v0.6.2 // indirect
+	github.com/Microsoft/hcsshim v0.12.3 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
 	github.com/ProtonMail/go-crypto v1.1.0-alpha.0 // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
@@ -156,21 +156,23 @@ require (
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
-	github.com/containerd/cgroups v1.1.0 // indirect
+	github.com/containerd/cgroups/v3 v3.0.3 // indirect
 	github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect
-	github.com/containerd/containerd v1.7.16 // indirect
+	github.com/containerd/containerd v1.7.17 // indirect
 	github.com/containerd/continuity v0.4.2 // indirect
+	github.com/containerd/errdefs v0.1.0 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
-	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
-	github.com/containerd/ttrpc v1.2.3 // indirect
+	github.com/containerd/stargz-snapshotter/estargz v0.15.1 // indirect
+	github.com/containerd/ttrpc v1.2.4 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
+	github.com/containers/common v0.59.0 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
 	github.com/coreos/go-oidc/v3 v3.10.0 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/cpuguy83/go-docker v0.2.1 // indirect
-	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
-	github.com/cyphar/filepath-securejoin v0.2.4 // indirect
+	github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f // indirect
+	github.com/cyphar/filepath-securejoin v0.2.5 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/deitch/magic v0.0.0-20230404182410-1ff89d7342da // indirect
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
@@ -180,8 +182,8 @@ require (
 	github.com/docker/buildx v0.11.2 // indirect
 	github.com/docker/cli v26.1.0+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v26.1.0+incompatible // indirect
-	github.com/docker/docker-credential-helpers v0.8.0 // indirect
+	github.com/docker/docker v26.1.5+incompatible // indirect
+	github.com/docker/docker-credential-helpers v0.8.1 // indirect
 	github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c // indirect
 	github.com/docker/go-connections v0.5.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
@@ -216,7 +218,7 @@ require (
 	github.com/go-ini/ini v1.67.0 // indirect
 	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
 	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
-	github.com/go-logr/logr v1.4.1 // indirect
+	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-openapi/analysis v0.23.0 // indirect
 	github.com/go-openapi/errors v0.22.0 // indirect
@@ -249,7 +251,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licensecheck v0.3.1 // indirect
-	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
+	github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
@@ -286,7 +288,7 @@ require (
 	github.com/jwalton/go-supportscolor v1.1.0 // indirect
 	github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect
 	github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 // indirect
@@ -347,7 +349,7 @@ require (
 	github.com/open-policy-agent/opa v0.64.1 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/opencontainers/image-spec v1.1.0 // indirect
-	github.com/opencontainers/runtime-spec v1.1.0 // indirect
+	github.com/opencontainers/runtime-spec v1.2.0 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
 	github.com/openvex/go-vex v0.2.5 // indirect
@@ -382,6 +384,7 @@ require (
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/schollz/progressbar/v3 v3.13.0 // indirect
 	github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
+	github.com/seccomp/libseccomp-golang v0.10.0 // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
@@ -404,7 +407,7 @@ require (
 	github.com/spiffe/go-spiffe/v2 v2.2.0 // indirect
 	github.com/stripe/stripe-go/v74 v74.28.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/sylabs/sif/v2 v2.11.5 // indirect
+	github.com/sylabs/sif/v2 v2.16.0 // indirect
 	github.com/sylabs/squashfs v0.6.1 // indirect
 	github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
@@ -418,7 +421,7 @@ require (
 	github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
 	github.com/tonistiigi/vt100 v0.0.0-20230623042737-f9a4f7ef6531 // indirect
 	github.com/transparency-dev/merkle v0.0.2 // indirect
-	github.com/ulikunitz/xz v0.5.11 // indirect
+	github.com/ulikunitz/xz v0.5.12 // indirect
 	github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2 // indirect
 	github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 // indirect
 	github.com/uptrace/uptrace-go v1.18.0 // indirect
@@ -462,13 +465,12 @@ require (
 	golang.org/x/term v0.21.0 // indirect
 	golang.org/x/text v0.16.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gonum.org/v1/gonum v0.9.1 // indirect
 	google.golang.org/api v0.172.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
-	google.golang.org/protobuf v1.34.0 // indirect
+	google.golang.org/protobuf v1.34.2 // indirect
 	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@@ -481,7 +483,7 @@ require (
 	helm.sh/helm/v3 v3.14.4 // indirect
 	k8s.io/api v0.30.0 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
-	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	modernc.org/libc v1.49.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
--- a/httphandler/go.sum
+++ b/httphandler/go.sum
@@ -284,10 +284,10 @@ github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYr
 github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
 github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
-github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8=
-github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
+github.com/Microsoft/hcsshim v0.12.3 h1:LS9NXqXhMoqNCplK1ApmVSfB4UnVLRDWRapB6EIlxE0=
+github.com/Microsoft/hcsshim v0.12.3/go.mod h1:Iyl1WVpZzr+UkzjekHZbV8o5Z9ZkxNGx6CtY2Qg/JVQ=
 github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
 github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8=
 github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q=
@@ -564,26 +564,30 @@ github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUo
 github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb/go.mod h1:ZjrT6AXHbDs86ZSdt/osfBi5qfexBrKUdONk989Wnk4=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be h1:J5BL2kskAlV9ckgEsNQXscjIaLiOYiZ75d4e94E6dcQ=
 github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be/go.mod h1:mk5IQ+Y0ZeO87b858TlA645sVcEcbiX6YqP98kt+7+w=
-github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
-github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw=
+github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0=
+github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
 github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 h1:q2hJAaP1k2wIvVRd/hEHD7lacgqrCPS+k8g1MndzfWY=
 github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk=
-github.com/containerd/containerd v1.7.16 h1:7Zsfe8Fkj4Wi2My6DXGQ87hiqIrmOXolm72ZEkFU5Mg=
-github.com/containerd/containerd v1.7.16/go.mod h1:NL49g7A/Fui7ccmxV6zkBWwqMgmMxFWzujYCc+JLt7k=
+github.com/containerd/containerd v1.7.17 h1:KjNnn0+tAVQHAoaWRjmdak9WlvnFR/8rU1CHHy8Rm2A=
+github.com/containerd/containerd v1.7.17/go.mod h1:vK+hhT4TIv2uejlcDlbVIc8+h/BqtKLIyNrtCZol8lI=
 github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
 github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/errdefs v0.1.0 h1:m0wCRBiu1WJT/Fr+iOoQHMQS/eP5myQ8lCv4Dz5ZURM=
+github.com/containerd/errdefs v0.1.0/go.mod h1:YgWiiHtLmSeBrvpw+UfPijzbLaB77mEG1WwJTDETIV0=
 github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
 github.com/containerd/fifo v1.1.0/go.mod h1:bmC4NWMbXlt2EZ0Hc7Fx7QzTFxgPID13eH0Qu+MAb2o=
 github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
 github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
 github.com/containerd/nydus-snapshotter v0.8.2 h1:7SOrMU2YmLzfbsr5J7liMZJlNi5WT6vtIOxLGv+iz7E=
 github.com/containerd/nydus-snapshotter v0.8.2/go.mod h1:UJILTN5LVBRY+dt8BGJbp72Xy729hUZsOugObEI3/O8=
-github.com/containerd/stargz-snapshotter/estargz v0.14.3 h1:OqlDCK3ZVUO6C3B/5FSkDwbkEETK84kQgEeFwDC+62k=
-github.com/containerd/stargz-snapshotter/estargz v0.14.3/go.mod h1:KY//uOCIkSuNAHhJogcZtrNHdKrA99/FCCRjE3HD36o=
-github.com/containerd/ttrpc v1.2.3 h1:4jlhbXIGvijRtNC8F/5CpuJZ7yKOBFGFOOXg1bkISz0=
-github.com/containerd/ttrpc v1.2.3/go.mod h1:ieWsXucbb8Mj9PH0rXCw1i8IunRbbAiDkpXkbfflWBM=
+github.com/containerd/stargz-snapshotter/estargz v0.15.1 h1:eXJjw9RbkLFgioVaTG+G/ZW/0kEe2oEKCdS/ZxIyoCU=
+github.com/containerd/stargz-snapshotter/estargz v0.15.1/go.mod h1:gr2RNwukQ/S9Nv33Lt6UC7xEx58C+LHRdoqbEKjz1Kk=
+github.com/containerd/ttrpc v1.2.4 h1:eQCQK4h9dxDmpOb9QOOMh2NHTfzroH1IkmHiKZi05Oo=
+github.com/containerd/ttrpc v1.2.4/go.mod h1:ojvb8SJBSch0XkqNO0L0YX/5NxR3UnVk2LzFKBK0upc=
 github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4=
 github.com/containerd/typeurl/v2 v2.1.1/go.mod h1:IDp2JFvbwZ31H8dQbEIY7sDl2L3o3HZj1hsSQlywkQ0=
+github.com/containers/common v0.59.0 h1:fy9Jz0B7Qs1C030bm73YJtVddaiFSZD3558EV1tgN2g=
+github.com/containers/common v0.59.0/go.mod h1:53VicJCZ2AD0O+Br7VVoyrS7viXF4YmwlTIocWUT8XE=
 github.com/coreos/go-oidc v2.2.1+incompatible h1:mh48q/BqXqgjVHpy2ZY7WnWAbenxRjsz9N1i1YxjHAk=
 github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHoZ1nMCKZlZ9V6mm3/LKc=
 github.com/coreos/go-oidc/v3 v3.10.0 h1:tDnXHnLyiTVyT/2zLDGj09pFPkhND8Gl8lnTRhoEaJU=
@@ -600,12 +604,12 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.21 h1:1/QdRyBaHHJP61QkWMXlOIBfsgdDeeKfK8SYVUWJKf0=
 github.com/creack/pty v1.1.21/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 h1:2Dx4IHfC1yHWI12AxQDJM1QbRCDfk6M+blLzlZCXdrc=
-github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
-github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg=
-github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
-github.com/danieljoos/wincred v1.2.0 h1:ozqKHaLK0W/ii4KVbbvluM91W2H3Sh0BncbUNPS7jLE=
-github.com/danieljoos/wincred v1.2.0/go.mod h1:FzQLLMKBFdvu+osBrnFODiv32YGwCfx0SkRa/eYHgec=
+github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f h1:eHnXnuK47UlSTOQexbzxAZfekVz6i+LKRdj1CU5DPaM=
+github.com/cyberphone/json-canonicalization v0.0.0-20231217050601-ba74d44ecf5f/go.mod h1:uzvlm1mxhHkdfqitSA92i7Se+S9ksOn3a3qmv/kyOCw=
+github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo=
+github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4=
+github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs=
+github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
@@ -636,10 +640,10 @@ github.com/docker/cli v26.1.0+incompatible h1:+nwRy8Ocd8cYNQ60mozDDICICD8aoFGtlP
 github.com/docker/cli v26.1.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
 github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
 github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v26.1.0+incompatible h1:W1G9MPNbskA6VZWL7b3ZljTh0pXI68FpINx0GKaOdaM=
-github.com/docker/docker v26.1.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/docker-credential-helpers v0.8.0 h1:YQFtbBQb4VrpoPxhFuzEBPQ9E16qz5SpHLS+uswaCp8=
-github.com/docker/docker-credential-helpers v0.8.0/go.mod h1:UGFXcuoQ5TxPiB54nHOZ32AWRqQdECoh/Mg0AlEYb40=
+github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g=
+github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/docker-credential-helpers v0.8.1 h1:j/eKUktUltBtMzKqmfLB0PAgqYyMHOp5vfsD1807oKo=
+github.com/docker/docker-credential-helpers v0.8.1/go.mod h1:P3ci7E3lwkZg6XiHdRKft1KckHiO9a2rNtyFbZ/ry9M=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c h1:lzqkGL9b3znc+ZUgi7FlLnqjQhcXxkNM/quxIjBVMD0=
 github.com/docker/go v1.5.1-1.0.20160303222718-d30aec9fd63c/go.mod h1:CADgU4DSXK5QUlFslkQu2yW2TKzFZcXq/leZfM0UH5Q=
 github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
@@ -776,8 +780,8 @@ github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9
 github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
 github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
 github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
-github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
 github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
 github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
 github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo=
@@ -818,7 +822,8 @@ github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqw
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
 github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -948,8 +953,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
-github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo=
-github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg=
+github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
@@ -1141,8 +1146,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o
 github.com/klauspost/compress v1.4.1/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
 github.com/klauspost/compress v1.11.4/go.mod h1:aoV0uJVorq1K+umq18yTdKaF57EivdYsUV+/s2qKfXs=
 github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM=
-github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4=
-github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM=
+github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU=
+github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw=
 github.com/klauspost/cpuid v1.2.0/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
 github.com/klauspost/pgzip v1.2.5/go.mod h1:Ch1tH69qFZu15pkjo5kYi6mth2Zzwzt50oCQKQE9RUs=
 github.com/klauspost/pgzip v1.2.6 h1:8RXeL5crjEUFnR2/Sn6GJNWtSQ3Dk8pq4CL3jvdDyjU=
@@ -1181,8 +1186,8 @@ github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520 h1:SqlwF8G
 github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520/go.mod h1:wuxMUSDzGUyWd25IJfBzEJ/Udmw2Vy7npj+MV3u3GrU=
 github.com/kubescape/regolibrary/v2 v2.0.1 h1:7lKj171gslgTbbcmmGVHk34AZNqxForOXZIINoQfdzQ=
 github.com/kubescape/regolibrary/v2 v2.0.1/go.mod h1:s0/Mi9PYw7s91vIf1VJTkuu1Blsl5ZLpYn5UA7yk/vM=
-github.com/kubescape/storage v0.0.20 h1:m78XUf08QZRTw3pIRkGi54AtH4ugRYisG6xfxC1zZnQ=
-github.com/kubescape/storage v0.0.20/go.mod h1:rP6g1ukp4zlytnBcZw+fJHu0j6woOiQ/KfTZfrdM8kw=
+github.com/kubescape/storage v0.0.111 h1:QyfkfmLiSyQD+/29DMOX6U+qUtBkhrhqFTA6QS8bgns=
+github.com/kubescape/storage v0.0.111/go.mod h1:I4i7NKl0xa85nHii3aXQAFuUZDJzawAq1+sJbYfEiU0=
 github.com/kubescape/tablewriter v0.0.6-0.20231106230230-aac7d2659c94 h1:uhabZUyrxo60JQrzGCQOp1gsJz06+6+PeDBTvXiKD7k=
 github.com/kubescape/tablewriter v0.0.6-0.20231106230230-aac7d2659c94/go.mod h1:clwQfF3MN2cpaf7R6hc84aB6fQsRr+bnm66pXXSNAv8=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
@@ -1346,22 +1351,24 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
-github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/ginkgo/v2 v2.18.0 h1:W9Y7IWXxPUpAit9ieMOLI7PJZGaW22DTKgiVAuhDTLc=
+github.com/onsi/ginkgo/v2 v2.18.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.31.0 h1:54UJxxj6cPInHS3a35wm6BK/F9nHYueZ1NVujHDrnXE=
-github.com/onsi/gomega v1.31.0/go.mod h1:DW9aCi7U6Yi40wNVAvT6kzFnEVEI5n3DloYBiKiT6zk=
+github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk=
+github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0=
 github.com/open-policy-agent/opa v0.64.1 h1:n8IJTYlFWzqiOYx+JiawbErVxiqAyXohovcZxYbskxQ=
 github.com/open-policy-agent/opa v0.64.1/go.mod h1:j4VeLorVpKipnkQ2TDjWshEuV3cvP/rHzQhYaraUXZY=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
 github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
-github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg=
-github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-spec v1.2.0 h1:z97+pHb3uELt/yiAWD691HNHQIF07bE7dzrbT927iTk=
+github.com/opencontainers/runtime-spec v1.2.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0=
+github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc h1:d2hUh5O6MRBvStV55MQ8we08t42zSTqBbscoQccWmMc=
+github.com/opencontainers/runtime-tools v0.9.1-0.20230914150019-408c51e934dc/go.mod h1:8tx1helyqhUC65McMm3x7HmOex8lO2/v9zPuxmKHurs=
 github.com/opencontainers/selinux v1.11.0 h1:+5Zbo97w3Lbmb3PeqQtpmTkMwsW5nRI3YaLpt7tQ7oU=
 github.com/opencontainers/selinux v1.11.0/go.mod h1:E5dMC3VPuVvVHDYmi78qvhJp8+M586T4DlDRYpFkyec=
 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o=
@@ -1492,6 +1499,8 @@ github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e/go.mod h1:DkpGd7
 github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc=
 github.com/sebdah/goldie/v2 v2.5.3 h1:9ES/mNN+HNUbNWpVAlrzuZ7jE+Nrczbj8uFRjM7624Y=
 github.com/sebdah/goldie/v2 v2.5.3/go.mod h1:oZ9fp0+se1eapSRjfYbsV/0Hqhbuu3bJVvKI/NNtssI=
+github.com/seccomp/libseccomp-golang v0.10.0 h1:aA4bp+/Zzi0BnWZ2F1wgNBs5gTpm+na2rWM6M9YjLpY=
+github.com/seccomp/libseccomp-golang v0.10.0/go.mod h1:JA8cRccbGaA1s33RQf7Y1+q9gHmZX1yB/z9WDN1C6fg=
 github.com/secure-systems-lab/go-securesystemslib v0.8.0 h1:mr5An6X45Kb2nddcFlbmfHkLguCE9laoZCUzEEpIZXA=
 github.com/secure-systems-lab/go-securesystemslib v0.8.0/go.mod h1:UH2VZVuJfCYR8WgMlCU1uFsOUU+KeyrTWcSS73NBOzU=
 github.com/segmentio/ksuid v1.0.4 h1:sBo2BdShXjmcugAMwjugoGUdUV0pcxY5mW4xKRn3v4c=
@@ -1614,10 +1623,12 @@ github.com/stripe/stripe-go/v74 v74.28.0/go.mod h1:f9L6LvaXa35ja7eyvP6GQswoaIPaB
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/sylabs/sif/v2 v2.11.5 h1:7ssPH3epSonsTrzbS1YxeJ9KuqAN7ISlSM61a7j/mQM=
-github.com/sylabs/sif/v2 v2.11.5/go.mod h1:GBoZs9LU3e4yJH1dcZ3Akf/jsqYgy5SeguJQC+zd75Y=
+github.com/sylabs/sif/v2 v2.16.0 h1:2eqaBaQQsn5DZTzm3QZm0HupZQEjNXfxRnCmtyCihEU=
+github.com/sylabs/sif/v2 v2.16.0/go.mod h1:d5TxgD/mhMUU3kWLmZmWJQ99Wg0asaTP0bq3ezR1xpg=
 github.com/sylabs/squashfs v0.6.1 h1:4hgvHnD9JGlYWwT0bPYNt9zaz23mAV3Js+VEgQoRGYQ=
 github.com/sylabs/squashfs v0.6.1/go.mod h1:ZwpbPCj0ocIvMy2br6KZmix6Gzh6fsGQcCnydMF+Kx8=
+github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635 h1:kdXcSzyDtseVEc4yCz2qF8ZrQvIDBJLl4S1c3GCXmoI=
+github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635/go.mod h1:hkRG7XYTFWNJGYcbNJQlaLq0fg1yr4J4t/NcTQtrfww=
 github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d h1:vfofYNRScrDdvS342BElfbETmL1Aiz3i2t0zfRj16Hs=
 github.com/syndtr/goleveldb v1.0.1-0.20220721030215-126854af5e6d/go.mod h1:RRCYJbIwD5jmqPI9XoAFR0OcDxqUctll6zUj/+B4S48=
 github.com/tarm/serial v0.0.0-20180830185346-98f6abe2eb07/go.mod h1:kDXzergiv9cbyO7IOYJZWg1U88JhDg3PB6klq9Hg2pA=
@@ -1658,8 +1669,8 @@ github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqri
 github.com/ulikunitz/xz v0.5.8/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.9/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/ulikunitz/xz v0.5.10/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
-github.com/ulikunitz/xz v0.5.11 h1:kpFauv27b6ynzBNT/Xy+1k+fK4WswhN/6PN5WhFAGw8=
-github.com/ulikunitz/xz v0.5.11/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
+github.com/ulikunitz/xz v0.5.12 h1:37Nm15o69RwBkXM0J6A5OlE67RZTfzUxTj8fB3dfcsc=
+github.com/ulikunitz/xz v0.5.12/go.mod h1:nbz6k7qbPmH4IRqmfOplQw/tblSgqTqBwxkY0oWt/14=
 github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2 h1:CNznWHkrbA6o1q2H/BsH4tIHf4zbKNtndeoV+AH8z0U=
 github.com/uptrace/opentelemetry-go-extra/otelutil v0.2.2/go.mod h1:7YSrHCmYPHIXjTWnKSU7EGT0TFEcm3WwSeQquwCGg38=
 github.com/uptrace/opentelemetry-go-extra/otelzap v0.2.2 h1:uyrW06oJi4iWvhjPLVfk4qrSP2Zm0AMozKKDmp6i4pE=
@@ -1837,8 +1848,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0
 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
 golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225 h1:LfspQV/FYTatPTr/3HzIcmiUFH7PGP+OQ6mgDYo3yuQ=
-golang.org/x/exp v0.0.0-20240222234643-814bf88cf225/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM=
+golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc=
 golang.org/x/image v0.0.0-20180708004352-c73c2afc3b81/go.mod h1:ux5Hcp/YLpHSI86hEcLt0YII63i6oz57MZXIpbrjZUs=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
@@ -2461,8 +2472,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4=
-google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2531,8 +2542,8 @@ k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
 k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
 k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=
 k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY=
-k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
-k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
 k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
 k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
--- a/httphandler/handlerequests/v1/prometheus.go
+++ b/httphandler/handlerequests/v1/prometheus.go
@@ -7,12 +7,13 @@ import (
 	"os"
 	"path/filepath"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	utilsapisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
+	utilsmetav1 "github.com/kubescape/opa-utils/httpserver/meta/v1"
 	"go.opentelemetry.io/otel/trace"

 	"github.com/google/uuid"
@@ -35,18 +36,16 @@ func (handler *HTTPHandler) Metrics(w http.ResponseWriter, r *http.Request) {
 		},
 		scanInfo: scanInfo,
 		scanID:   scanID,
+		ctx:      trace.ContextWithSpanContext(context.Background(), trace.SpanContextFromContext(r.Context())),
+		resp:     make(chan *utilsmetav1.Response, 1),
 	}
-	scanParams.ctx = trace.ContextWithSpanContext(context.Background(), trace.SpanContextFromContext(r.Context()))
-
-	handler.scanResponseChan.set(scanID) // add scan to channel
-	defer handler.scanResponseChan.delete(scanID)

 	// send to scan queue
 	logger.L().Info("requesting scan", helpers.String("scanID", scanID), helpers.String("api", "v1/metrics"))
 	handler.scanRequestChan <- scanParams

 	// wait for scan to complete
-	results := <-handler.scanResponseChan.get(scanID)
+	results := <-scanParams.resp
 	defer removeResultsFile(scanID) // remove json format results file
 	defer os.Remove(resultsFile)    // remove prometheus format results file

--- a/httphandler/handlerequests/v1/requestparser.go
+++ b/httphandler/handlerequests/v1/requestparser.go
@@ -6,9 +6,8 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"sync"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	utilsmetav1 "github.com/kubescape/opa-utils/httpserver/meta/v1"
@@ -16,47 +15,6 @@ import (
 	"github.com/gorilla/schema"
 )

-type scanResponseChan struct {
-	scanResponseChan map[string]chan *utilsmetav1.Response
-	mtx              sync.RWMutex
-}
-
-// get response object chan
-func (resChan *scanResponseChan) get(key string) chan *utilsmetav1.Response {
-	resChan.mtx.RLock()
-	defer resChan.mtx.RUnlock()
-	return resChan.scanResponseChan[key]
-}
-
-// set chan for response object
-func (resChan *scanResponseChan) set(key string) {
-	resChan.mtx.Lock()
-	defer resChan.mtx.Unlock()
-	resChan.scanResponseChan[key] = make(chan *utilsmetav1.Response)
-}
-
-// push response object to chan
-func (resChan *scanResponseChan) push(key string, resp *utilsmetav1.Response) {
-	resChan.mtx.Lock()
-	defer resChan.mtx.Unlock()
-	if _, ok := resChan.scanResponseChan[key]; ok {
-		resChan.scanResponseChan[key] <- resp
-	}
-}
-
-// delete channel
-func (resChan *scanResponseChan) delete(key string) {
-	resChan.mtx.Lock()
-	defer resChan.mtx.Unlock()
-	delete(resChan.scanResponseChan, key)
-}
-func newScanResponseChan() *scanResponseChan {
-	return &scanResponseChan{
-		scanResponseChan: make(map[string]chan *utilsmetav1.Response),
-		mtx:              sync.RWMutex{},
-	}
-}
-
 type ScanQueryParams struct {
 	// Wait for scanning to complete (synchronous request)
 	// default: false
@@ -106,6 +64,7 @@ type scanRequestParams struct {
 	scanQueryParams *ScanQueryParams  // request as received from api
 	scanID          string            // generated scan ID
 	ctx             context.Context
+	resp            chan *utilsmetav1.Response // Respose chan; nil if not interested.
 }

 // swagger:parameters triggerScan
@@ -119,31 +78,30 @@ type ScanRequest struct {
 func getScanParamsFromRequest(r *http.Request, scanID string) (*scanRequestParams, error) {
 	defer r.Body.Close()

-	scanRequestParams := &scanRequestParams{}
-
-	scanQueryParams := &ScanQueryParams{}
-	if err := schema.NewDecoder().Decode(scanQueryParams, r.URL.Query()); err != nil {
-		return scanRequestParams, fmt.Errorf("failed to parse query params, reason: %s", err.Error())
-	}
-
-	readBuffer, err := io.ReadAll(r.Body)
-	if err != nil {
-		// handler.writeError(w, fmt.Errorf("failed to read request body, reason: %s", err.Error()), scanID)
-		return scanRequestParams, fmt.Errorf("failed to read request body, reason: %s", err.Error())
-	}
-
-	logger.L().Info("REST API received scan request", helpers.String("body", string(readBuffer)))
-
 	scanRequest := &utilsmetav1.PostScanRequest{}
-	if err := json.Unmarshal(readBuffer, &scanRequest); err != nil {
-		return scanRequestParams, fmt.Errorf("failed to parse request payload, reason: %s", err.Error())
+	{
+		readBuffer, err := io.ReadAll(r.Body)
+		if err != nil {
+			// handler.writeError(w, fmt.Errorf("failed to read request body, reason: %s", err.Error()), scanID)
+			return nil, fmt.Errorf("failed to read request body, reason: %s", err.Error())
+		}
+		logger.L().Info("REST API received scan request", helpers.String("body", string(readBuffer)))
+		if err := json.Unmarshal(readBuffer, &scanRequest); err != nil {
+			return nil, fmt.Errorf("failed to parse request payload, reason: %s", err.Error())
+		}
 	}

-	scanInfo := getScanCommand(scanRequest, scanID)
+	p := &scanRequestParams{
+		scanID:          scanID,
+		scanQueryParams: &ScanQueryParams{},
+		scanInfo:        getScanCommand(scanRequest, scanID),
+	}
+	if err := schema.NewDecoder().Decode(p.scanQueryParams, r.URL.Query()); err != nil {
+		return p, fmt.Errorf("failed to parse query params, reason: %s", err.Error())
+	}
+	if p.scanQueryParams.ReturnResults {
+		p.resp = make(chan *utilsmetav1.Response, 1)
+	}

-	scanRequestParams.scanID = scanID
-	scanRequestParams.scanQueryParams = scanQueryParams
-	scanRequestParams.scanInfo = scanInfo
-
-	return scanRequestParams, nil
+	return p, nil
 }
--- a/httphandler/handlerequests/v1/requestshandler.go
+++ b/httphandler/handlerequests/v1/requestshandler.go
@@ -13,7 +13,7 @@ import (

 	"github.com/gorilla/schema"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"

 	"github.com/google/uuid"
 )
@@ -30,19 +30,16 @@ type ScanResponse struct {
 }

 type HTTPHandler struct {
-	state            *serverState
-	scanResponseChan *scanResponseChan
-	scanRequestChan  chan *scanRequestParams
+	state           *serverState
+	scanRequestChan chan *scanRequestParams
 }

 func NewHTTPHandler() *HTTPHandler {
 	handler := &HTTPHandler{
-		state:            newServerState(),
-		scanRequestChan:  make(chan *scanRequestParams),
-		scanResponseChan: newScanResponseChan(),
+		state:           newServerState(),
+		scanRequestChan: make(chan *scanRequestParams),
 	}
 	go handler.watchForScan()
-
 	return handler
 }

@@ -90,7 +87,6 @@ func (handler *HTTPHandler) Status(w http.ResponseWriter, r *http.Request) {
 // ============================================== SCAN ========================================================
 // Scan API
 func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
-
 	// generate id
 	scanID := uuid.NewString()

@@ -101,7 +97,6 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	w.Header().Set("Content-Type", "application/json")
-
 	scanRequestParams, err := getScanParamsFromRequest(r, scanID)
 	if err != nil {
 		handler.writeError(w, err, "")
@@ -111,14 +106,6 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {

 	handler.state.setBusy(scanID)

-	response := &utilsmetav1.Response{}
-	response.ID = scanID
-	response.Type = utilsapisv1.BusyScanResponseType
-	response.Response = fmt.Sprintf("scanning '%s' is in progress", scanID)
-
-	handler.scanResponseChan.set(scanID) // add channel
-	defer handler.scanResponseChan.delete(scanID)
-
 	// you must use a goroutine since the executeScan function is not always listening to the channel
 	go func() {
 		// send to scanning handler
@@ -126,9 +113,14 @@ func (handler *HTTPHandler) Scan(w http.ResponseWriter, r *http.Request) {
 		handler.scanRequestChan <- scanRequestParams
 	}()

-	if scanRequestParams.scanQueryParams.ReturnResults {
+	response := &utilsmetav1.Response{
+		ID:       scanID,
+		Type:     utilsapisv1.BusyScanResponseType,
+		Response: fmt.Sprintf("scanning '%s' is in progress", scanID),
+	}
+	if scanRequestParams.resp != nil {
 		// wait for scan to complete
-		response = <-handler.scanResponseChan.get(scanID)
+		response = <-scanRequestParams.resp

 		if scanRequestParams.scanQueryParams.KeepResults {
 			// delete results after returning
--- a/httphandler/handlerequests/v1/requestshandler_test.go
+++ b/httphandler/handlerequests/v1/requestshandler_test.go
@@ -1,5 +1,61 @@
 package v1

+import (
+	"bytes"
+	"context"
+	"encoding/json"
+	"io"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/kubescape/kubescape/v3/core/cautils"
+	utilsmetav1 "github.com/kubescape/opa-utils/httpserver/meta/v1"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
+)
+
+func testBody(t *testing.T) io.Reader {
+	t.Helper()
+	b, err := json.Marshal(utilsmetav1.PostScanRequest{Account: "fakeFoobar"})
+	if err != nil {
+		t.Fatal("Can not marshal")
+	}
+	return bytes.NewReader(b)
+}
+
+type scanner func(_ context.Context, _ *cautils.ScanInfo, _ string) (*reporthandlingv2.PostureReport, error)
+
+// TestScan tests that the scan handler passes the scan requests correctly to the underlying scan engine.
+func TestScan(t *testing.T) {
+
+	// Our scanner is not setting up the k8s connection; the test is covering the rest of the wiring
+	// that the signaling from the http handler goes all the way to the scanner implementation.
+	defer func(o scanner) { scanImpl = o }(scanImpl)
+	scanImpl = func(context.Context, *cautils.ScanInfo, string) (*reporthandlingv2.PostureReport, error) {
+		return nil, nil
+	}
+
+	var (
+		h  = NewHTTPHandler()
+		rq = httptest.NewRequest("POST", "/scan?wait=true", testBody(t))
+		w  = httptest.NewRecorder()
+	)
+	h.Scan(w, rq)
+	rs := w.Result()
+	body, _ := io.ReadAll(rs.Body)
+
+	type out struct {
+		code  int
+		ctype string
+		body  string
+	}
+	want := out{200, "application/json", `{"id":"","type":"v1results"}`}
+	got := out{rs.StatusCode, rs.Header.Get("Content-type"), string(body)}
+
+	if got != want {
+		t.Errorf("Scan result: %v,  want %v", got, want)
+	}
+}
+
 // ============================================== STATUS ========================================================
 // Status API
 // func TestStatus(t *testing.T) {
--- a/httphandler/handlerequests/v1/requestshandlerutils.go
+++ b/httphandler/handlerequests/v1/requestshandlerutils.go
@@ -10,7 +10,7 @@ import (

 	"github.com/armosec/utils-go/boolutils"
 	"github.com/kubescape/backend/pkg/versioncheck"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
@@ -25,11 +25,12 @@ import (
 	"go.opentelemetry.io/otel/trace"
 )

+var scanImpl = scan // Override for testing
 func (handler *HTTPHandler) executeScan(scanReq *scanRequestParams) {
 	response := &utilsmetav1.Response{}

 	logger.L().Info("scan triggered", helpers.String("ID", scanReq.scanID))
-	_, err := scan(scanReq.ctx, scanReq.scanInfo, scanReq.scanID)
+	_, err := scanImpl(scanReq.ctx, scanReq.scanInfo, scanReq.scanID)
 	if err != nil {
 		logger.L().Ctx(scanReq.ctx).Error("scanning failed", helpers.String("ID", scanReq.scanID), helpers.Error(err))
 		if scanReq.scanQueryParams.ReturnResults {
@@ -39,14 +40,18 @@ func (handler *HTTPHandler) executeScan(scanReq *scanRequestParams) {
 	} else {
 		logger.L().Ctx(scanReq.ctx).Success("done scanning", helpers.String("ID", scanReq.scanID))
 		if scanReq.scanQueryParams.ReturnResults {
+			//TODO(ttimonen) should we actually pass the PostureReport here somehow?
 			response.Type = utilsapisv1.ResultsV1ScanResponseType
 		}
 	}

 	handler.state.setNotBusy(scanReq.scanID)

-	// return results
-	handler.scanResponseChan.push(scanReq.scanID, response)
+	// return results, if someone's waiting for them; never block.
+	select {
+	case scanReq.resp <- response:
+	default:
+	}
 }

 // executeScan execute the scan request passed in the channel
--- a/httphandler/listener/helpers.go
+++ b/httphandler/listener/helpers.go
@@ -5,7 +5,7 @@ import (
 	"fmt"
 	"net/http"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 )

--- a/httphandler/listener/setup.go
+++ b/httphandler/listener/setup.go
@@ -7,7 +7,7 @@ import (
 	"os"

 	"github.com/kubescape/backend/pkg/versioncheck"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/metrics"
 	"github.com/kubescape/kubescape/v3/httphandler/docs"
--- a/httphandler/main.go
+++ b/httphandler/main.go
@@ -10,7 +10,7 @@ import (
 	servicediscoveryv2 "github.com/kubescape/backend/pkg/servicediscovery/v2"
 	"github.com/kubescape/backend/pkg/utils"
 	"github.com/kubescape/backend/pkg/versioncheck"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/go-logger/zaplogger"
 	"github.com/kubescape/k8s-interface/k8sinterface"
--- a/httphandler/storage/apiserver.go
+++ b/httphandler/storage/apiserver.go
@@ -2,6 +2,7 @@ package storage

 import (
 	"context"
+	"encoding/json"
 	"fmt"

 	"github.com/armosec/utils-k8s-go/wlid"
@@ -9,7 +10,6 @@ import (
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/k8s-interface/names"
-	"golang.org/x/exp/maps"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

 	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
@@ -60,6 +60,9 @@ func NewAPIServerStorage(clusterName string, namespace string, config *rest.Conf
 	// disable rate limiting
 	config.QPS = 0
 	config.RateLimiter = nil
+	// force GRPC
+	config.AcceptContentTypes = "application/vnd.kubernetes.protobuf"
+	config.ContentType = "application/vnd.kubernetes.protobuf"
 	clientset, err := versioned.NewForConfig(config)
 	if err != nil {
 		return nil, err
@@ -417,11 +420,11 @@ func GetWorkloadScanK8sResourceName(ctx context.Context, resource workloadinterf
 }

 func calculateSeveritiesSummaryFromControls(controls map[string]v1beta1.ScannedControlSummary) v1beta1.WorkloadConfigurationScanSeveritiesSummary {
-	critical := 0
-	high := 0
-	medium := 0
-	low := 0
-	unknown := 0
+	var critical int64
+	var high int64
+	var medium int64
+	var low int64
+	var unknown int64

 	for _, control := range controls {
 		if apis.ScanningStatus(control.Status.Status) != apis.StatusFailed {
@@ -491,8 +494,7 @@ func parseScannedControlRules(control *resourcesresults.ResourceAssociatedContro
 			appliedIgnoreRules[j] = exception.GetName()
 		}

-		controlConfigurations := make(map[string][]string)
-		maps.Copy(controlConfigurations, rule.ControlConfigurations)
+		controlConfigurations := ruleToControlConfigurations(rule)

 		relatedResourceIds := []string{}
 		copy(relatedResourceIds, rule.RelatedResourcesIDs)
@@ -511,6 +513,19 @@ func parseScannedControlRules(control *resourcesresults.ResourceAssociatedContro
 	return rules
 }

+func ruleToControlConfigurations(rule resourcesresults.ResourceAssociatedRule) map[string]json.RawMessage {
+	controlConfigurations := make(map[string]json.RawMessage)
+	for key, value := range rule.ControlConfigurations {
+		rawValue, err := json.Marshal(value)
+		if err != nil {
+			logger.L().Warning("failed to marshal control configuration value", helpers.Error(err))
+			continue
+		}
+		controlConfigurations[key] = rawValue
+	}
+	return controlConfigurations
+}
+
 func parseScannedControlStatus(control *resourcesresults.ResourceAssociatedControl) v1beta1.ScannedControlStatus {
 	return v1beta1.ScannedControlStatus{
 		Status:    string(control.GetStatus(nil).Status()),
--- a/main.go
+++ b/main.go
@@ -5,7 +5,7 @@ import (
 	"os/signal"
 	"syscall"

-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/cmd"
 )
Author	SHA1	Message	Date
Matthias Bertschy	0e846b2dc5	Merge pull request #1732 from kubescape/grpc force grpc	2024-09-06 15:43:47 +02:00
Matthias Bertschy	45fb0f207e	try to move post-release steps into main workflow Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-09-06 12:43:17 +02:00
Matthias Bertschy	b7c91c238d	force grpc Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-09-04 21:57:00 +02:00
Matthias Bertschy	76635a0705	Merge pull request #1730 from kubescape/bump also bump workflows to 1.23	2024-08-26 08:49:44 +02:00
Matthias Bertschy	c91d69e7fd	also bump workflows to 1.23 Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-08-21 13:33:02 +02:00
Matthias Bertschy	5fd7096d67	Merge pull request #1729 from kubescape/bump update to go 1.23 and base image to debian12	2024-08-21 13:04:21 +02:00
Matthias Bertschy	f4189cb5ec	update to go 1.23 and base image to debian12 Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-08-21 12:49:52 +02:00
Matthias Bertschy	278ca5b8ae	Merge pull request #1728 from kubescape/dependabot/go_modules/httphandler/github.com/docker/docker-26.1.5incompatible Bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible in /httphandler	2024-08-21 12:26:07 +02:00
dependabot[bot]	729efcb8c3	Bump github.com/docker/docker in /httphandler Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.4+incompatible to 26.1.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.4...v26.1.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-08-21 10:24:57 +00:00
Matthias Bertschy	406031d4e9	Merge pull request #1726 from kubescape/dependabot/go_modules/github.com/docker/docker-26.1.5incompatible Bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible	2024-08-21 12:22:24 +02:00
Matthias Bertschy	9e1d0d2cd6	Merge pull request #1722 from kubescape/dependabot/go_modules/httphandler/github.com/docker/docker-26.1.4incompatible Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.4+incompatible in /httphandler	2024-08-21 12:21:35 +02:00
dependabot[bot]	f3e78f9408	Bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.4+incompatible to 26.1.5+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.4...v26.1.5) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-08-21 05:56:42 +00:00
dependabot[bot]	eea4cc0b49	Bump github.com/docker/docker in /httphandler Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.0+incompatible to 26.1.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.0...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-08-06 19:43:32 +00:00
Matthias Bertschy	1127f44c10	Merge pull request #1723 from kubescape/dependabot/go_modules/github.com/docker/docker-26.1.4incompatible Bump github.com/docker/docker from 26.1.0+incompatible to 26.1.4+incompatible	2024-08-06 21:41:28 +02:00
dependabot[bot]	377509fab8	Bump github.com/docker/docker Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.0+incompatible to 26.1.4+incompatible. - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v26.1.0...v26.1.4) --- updated-dependencies: - dependency-name: github.com/docker/docker dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2024-08-06 15:39:44 +00:00
Matthias Bertschy	c21e2f3147	Merge pull request #1719 from maanugh/krew/release chore: improve the publishing workflows for krew	2024-08-04 22:17:24 +02:00
Kiraat	0b4c5db939	Update .github/workflows/04-publish-krew-plugin.yaml Co-authored-by: Matthias Bertschy <matthias.bertschy@gmail.com> Signed-off-by: Kiraat <137809273+maanugh@users.noreply.github.com>	2024-07-26 15:28:55 +05:30
maanugh	6d490fc501	chore: improve the publishing workflows for krew Signed-off-by: maanugh <manusin46@gmail.com>	2024-07-26 15:20:48 +05:30
Matthias Bertschy	dbb71ba066	Merge pull request #1718 from kubescape/fixfix fix include/exclude NS for SA discovered via CRB	2024-07-24 07:36:27 +02:00
Matthias Bertschy	d5b8532e40	fix include/exclude NS for SA discovered via CRB Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-07-23 18:42:01 +02:00
Matthias Bertschy	db396b26f8	Merge pull request #1717 from kubescape/documentation_ugrades Documentation ugrades	2024-07-15 16:49:07 +02:00
idohu	1242259331	fix png link Signed-off-by: idohu <idoh@armosec.io>	2024-07-15 17:45:39 +03:00
idohu	ad0e50898a	add architecture to README.md + fix first paragraph to bullets Signed-off-by: idohu <idoh@armosec.io>	2024-07-15 17:43:09 +03:00
Matthias Bertschy	3cf45cffd8	Merge pull request #1716 from kubescape/fixfix fix generated ValidatingAdmissionPolicyBinding	2024-07-15 16:35:27 +02:00
Matthias Bertschy	ac0d982531	fix generated ValidatingAdmissionPolicyBinding Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-07-15 16:05:27 +02:00
Matthias Bertschy	99e22efe7b	Merge pull request #1450 from kubescape/update-docs update docs	2024-07-15 13:03:33 +02:00
Oshrat Nir	aedeb8f9cb	Update README.md update time and relative timezone Signed-off-by: Oshrat Nir <45561829+Oshratn@users.noreply.github.com>	2024-07-15 13:50:20 +03:00
Oshrat Nir	824e76200e	Update README.md Co-authored-by: Matthias Bertschy <matthias.bertschy@gmail.com> Signed-off-by: Oshrat Nir <45561829+Oshratn@users.noreply.github.com>	2024-07-15 13:44:52 +03:00
Oshrat Nir	8342f96a62	Merge branch 'master' into update-docs Signed-off-by: Oshrat Nir <45561829+Oshratn@users.noreply.github.com>	2024-07-15 13:41:25 +03:00
Oshrat Nir	b824d52345	Update README.md Updated with runtime security, bi-weekly meetings and messaging in general. Signed-off-by: Oshrat Nir <45561829+Oshratn@users.noreply.github.com>	2024-07-15 13:33:16 +03:00
Matthias Bertschy	11b6567db4	Merge pull request #1713 from kubescape/fixfix use proper params in pager call	2024-07-10 12:41:04 +02:00
Matthias Bertschy	c7d3105ca5	use proper params in pager call Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-07-10 11:58:06 +02:00
Matthias Bertschy	f1c15cd2b5	Merge pull request #1710 from ttimonen/ttimonen/handler Simplify the concurrency in http handler for scan.	2024-07-08 22:27:34 +02:00
ttimonen	7507f58306	refactor(handler) Simplify the scan http handler concurrency. In particular, Replace scanResponseChan struct with a reply channel in req. This removes one chokepoint with tracking a map of channel with a mutex wrapping by not sharing data across different requests and makes it easier to reason about the correctness of the behavior. Other changes are mostly cosmetic to group your operations related to the primitives you are operating on, reducing the average lifetime of a local variable (matters mostly for humans; compilers are very good at this nowadays). Also this is net benefical by reducing LOCs by 45. Signed-off-by: ttimonen <toni.timonen@iki.fi>	2024-07-07 22:44:35 +00:00
ttimonen	48ad56a2ef	Implement unit-test for scan handler. It plays wtih channels and goroutines, so having it behave correctly is not completely trivial and test worthy. Signed-off-by: ttimonen <toni.timonen@iki.fi>	2024-07-07 22:40:58 +00:00
Matthias Bertschy	2fdec20b28	Merge pull request #1709 from kubescape/listitems use pager.EachListItem to filter parented resources	2024-07-04 07:14:10 +02:00
Matthias Bertschy	2d77ea7b62	use pager.EachListItem to filter parented resources Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>	2024-07-03 16:41:12 +02:00
Yonatan Amzallag	eacd559c34	Merge pull request #1708 from kubescape/debug-disk-space-checks Changed large-runner type for binary-build job	2024-07-03 14:01:49 +03:00
yonatanamz	c56e5799d7	Changed large-runner type for binary-build job Signed-off-by: yonatanamz <yonatan989@gmail.com>	2024-07-03 13:58:55 +03:00
David Wertenteil	a423b41e68	update docs Signed-off-by: David Wertenteil <dwertent@armosec.io>	2023-10-23 09:49:57 +03:00