Merge pull request #1756 from kubescape/bug_fix/repo_scan

bump opa-utils version to fix apiVersion check

.github/workflows/02-release.yaml

@@ -8,7 +8,7 @@ jobs:
   retag:
     outputs:
       NEW_TAG: ${{ steps.tag-calculator.outputs.NEW_TAG }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu22-core4-mem16-ssd150
     steps:
       - uses: actions/checkout@v4
       - id: tag-calculator

.github/workflows/a-pr-scanner.yaml

@@ -27,7 +27,7 @@ jobs:
     name: Create cross-platform build
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: ubuntu-latest
+    runs-on: ubuntu22-core4-mem16-ssd150
     steps:
 
       - uses: actions/checkout@v4
@@ -84,7 +84,7 @@ jobs:
       GITGUARDIAN_API_KEY: ${{ secrets.GITGUARDIAN_API_KEY }}
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
     name: PR Scanner
-    runs-on: ubuntu-latest
+    runs-on: ubuntu22-core4-mem16-ssd150
     steps:
       - uses: actions/checkout@v4
         with:

.github/workflows/e-post-release.yaml

@@ -11,7 +11,7 @@ jobs:
         with:
           submodules: recursive
       - name: Update new version in krew-index
-        uses: rajatjindal/krew-release-bot@92da038bbf995803124a8e50ebd438b2f37bbbb0 # ratchet:rajatjindal/krew-release-bot@v0.0.43
+        uses: rajatjindal/krew-release-bot@v0.0.47
       - name: Invoke workflow to update packaging
         uses: benc-uk/workflow-dispatch@v1
         if: github.repository_owner == 'kubescape'

CONTRIBUTING.md

@@ -3,14 +3,16 @@
 First, it is awesome that you are considering contributing to Kubescape! Contributing is important and fun and we welcome your efforts.
 
 When contributing, we categorize contributions into two:
-* Small code changes or fixes, whose scope is limited to a single or two files
+* Small code changes or fixes, whose scope is limited to one or two files
 * Complex features and improvements, with potentially unlimited scope
 
 If you have a small change, feel free to fire up a Pull Request.
 
-When planning a bigger change, please first discuss the change you wish to make via an issue,
+When planning a bigger change, please first discuss the change you wish to make via an [issue](https://github.com/kubescape/kubescape/issues),
 so the maintainers are able to help guide you and let you know if you are going in the right direction.
 
+[You can also find the maintainers on the CNCF Slack](https://kubescape.io/project/community/#slack) or [join our bi-weekly project meeting](https://kubescape.io/project/community/#community-meetings).
+
 ## Code of Conduct
 
 Please follow our [code of conduct](CODE_OF_CONDUCT.md) in all of your interactions within the project.

GOVERNANCE.md

@@ -6,28 +6,39 @@ The Kubescape project is an open-source initiative dedicated to improve security
 
 ## Code of Conduct
 
-Please follow our [code of conduct](CODE_OF_CONDUCT.md) in all of your interactions within the project.
+The CNCF has defined its core values and norms in a [code of conduct](CODE_OF_CONDUCT.md). As a CNCF project, we require all participants in the Kubescape community to behave in line with the standards set out in that document.
 
-## Decision Making
-
-### Maintainers
-
-- Maintainers are responsible for the smooth operation of the project.
-- They review and merge pull requests, manage releases, and ensure the quality and stability of the codebase.
-- Maintainers are chosen based on their ongoing contributions and their demonstrated commitment to the project.
-- Everyone who had at least 5 code contribution in the last 12 month can submit her/himself for joining the maintainer team
-- Maintainers who are not taken part in the project work (code, reviews, discussions) for 12 month are automaticaly removed from the maintainer team
-
-
-### Committers
-
-- Committers are contributors who have made significant and consistent contributions to the project.
-- They have the ability to merge minor pull requests if assigned by maintainers.
-- A contributor can be proposed as a committer by any existing maintainer. The proposal will be reviewed and voted on by the existing maintainers.
+## Contributor roles
 
 ### Community Members
 
-- Anyone can become a community member by contributing to the project. This can be in the form of code contributions, documentation, or any other form of project support.
+- Contribute to the project in any form.
+- Participate in discussions and provide feedback.
+
+Anyone can become a community member by contributing to the project. This can be in the form of code contributions, documentation, or any other form of project support.
+
+### Committers
+
+Committers are community members who have made significant and consistent contributions to the project. They have the ability to merge minor pull requests if assigned by maintainers.
+
+- Review and merge minor pull requests.
+- Assist maintainers in project tasks.
+- Promote best practices within the community.
+
+A contributor can be proposed as a committer by any existing maintainer. The proposal will be reviewed and voted on by the existing maintainers.
+
+### Maintainers
+
+Maintainers are responsible for the smooth operation of the project. They review and merge pull requests, manage releases, and ensure the quality and stability of the codebase.
+
+- Ensure the quality and stability of the project.
+- Resolve conflicts.
+- Provide direction and set priorities for the project.
+
+Maintainers are chosen based on their ongoing contributions and their demonstrated commitment to the project.
+
+- Any committer who had at least 5 code contribution in the past 12 month can submit themselves to join the maintainer team. The maintainers will appoint members by a majority vote.
+- Maintainers who have not taken part in project work (code, reviews, discussions) in the past 12 months will be considered inactive, and may be removed from the maintainer team.
 
 ## Processes
 
@@ -44,26 +55,6 @@ Please follow our [code of conduct](CODE_OF_CONDUCT.md) in all of your interacti
 2. If the conflict cannot be resolved, it will be escalated to the maintainers for resolution.
 3. Maintainers' decision will be final in case of unresolved conflicts.
 
-## Roles and Responsibilities
-
-### Maintainers
-
-- Ensure the quality and stability of the project.
-- Resolve conflicts.
-- Provide direction and set priorities for the project.
-
-### Committers
-
-- Review and merge minor pull requests.
-- Assist maintainers in project tasks.
-- Promote best practices within the community.
-
-### Community Members
-
-- Contribute to the project in any form.
-- Participate in discussions and provide feedback.
-- Respect the code of conduct and governance of the project.
-
 ## Changes to the Governance Document
 
 Proposed changes to this governance document should follow the same process as any other code change to the Kubescape project (see "Proposing Changes").

MAINTAINERS.md

@@ -2,11 +2,11 @@
 
 The following table lists the Kubescape project core maintainers:
 
-| Name | GitHub | Organization | Added/Renewed On |
-| --- | --- | --- | --- |
-| [Matthias Bertschy](https://www.linkedin.com/in/matthias-bertschy-b427b815/) | [@matthyx](https://github.com/matthyx) | [ARMO](https://www.armosec.io/) | 2023-01-01 |
-| [Craig Box](https://www.linkedin.com/in/crbnz/) | [@craigbox](https://github.com/craigbox) | [Solo.io](https://www.solo.io/) | 2022-10-31 |
-| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
-| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | [ARMO](https://www.armosec.io/) | 2021-10-11 |
-| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | [ARMO](https://www.armosec.io/) | 2021-09-01 |
+| Name | GitHub | Organization
+| --- | --- | --- 
+| [Matthias Bertschy](https://www.linkedin.com/in/matthias-bertschy-b427b815/) | [@matthyx](https://github.com/matthyx) | [ARMO](https://www.armosec.io/)
+| [Craig Box](https://www.linkedin.com/in/crbnz/) | [@craigbox](https://github.com/craigbox) | [Solo.io](https://www.solo.io/)
+| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | [ARMO](https://www.armosec.io/)
+| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | [ARMO](https://www.armosec.io/)
+| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | [Kaleido](https://kaleido.io/)
 

README.md

@@ -40,11 +40,14 @@ By providing this comprehensive security coverage from development to production
 
 Kubescape was created by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository) and is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/).
 
-## Demo
-<img src="docs/img/demo-v3.gif">
-
 _Please [star ⭐](https://github.com/kubescape/kubescape/stargazers) the repo if you want us to continue developing and improving Kubescape! 😀_
 
+## Demo
+
+Kubescape has a command line tool that you can use to quickly get a report on the security posture of a Kubernetes cluster:
+
+<img src="docs/img/demo-v3.gif">
+
 ## Getting started
 
 Experimenting with Kubescape is as easy as:
@@ -53,13 +56,13 @@ Experimenting with Kubescape is as easy as:
 curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
 ```
 
+This script will automatically download the latest Kubescape CLI release and scan the Kubernetes cluster in your current kubectl context.
+
 Learn more about:
 
-* [Installing Kubescape](docs/installation.md)
-* [Running your first scan](docs/getting-started.md#run-your-first-scan)
-* [Usage](docs/getting-started.md#examples)
-* [Architecture](docs/architecture.md)
-* [Building Kubescape from source](https://github.com/kubescape/kubescape/wiki/Building)
+* [Installing the Kubescape CLI](https://kubescape.io/docs/install-cli/)
+* [Running your first scan](https://kubescape.io/docs/scanning/)
+* [Accepting risk with exceptions](https://kubescape.io/docs/accepting-risk/)
 
 _Did you know you can use Kubescape in all these places?_
 
@@ -67,54 +70,54 @@ _Did you know you can use Kubescape in all these places?_
     <img src="docs/img/ksfromcodetodeploy.png" alt="Places you can use Kubescape: in your IDE, CI, CD, or against a running cluster.">
 </div>
 
-## Kubescape-operator Helm-Chart
+### Continuous security monitoring with the Kubescape Operator
 
-Besides the CLI, the Kubescape operator can also be installed via a Helm chart. Installing the Helm chart is an excellent way to begin using Kubescape, as it provides extensive features such as continuous scanning, image vulnerability scanning, runtime analysis, network policy generation, and more. You can find the Helm chart in the [Kubescape-operator documentation](https://kubescape.io/docs/install-operator/).
+As well as a CLI, Kubescape provides an in-cluster mode, which is installed via a Helm chart. Kubescape in-cluster provides extensive features such as continuous scanning, image vulnerability scanning, runtime analysis, network policy generation, and more. [Learn more about the Kubescape operator](https://kubescape.io/docs/operator/).
 
-## Kubescape GitHub Action
+### Using Kubescape as a GitHub Action
 
 Kubescape can be used as a GitHub Action. This is a great way to integrate Kubescape into your CI/CD pipeline. You can find the Kubescape GitHub Action in the [GitHub Action marketplace](https://github.com/marketplace/actions/kubescape).
 
 ## Under the hood
 
-Kubescape uses [Open Policy Agent](https://github.com/open-policy-agent/opa) to verify Kubernetes objects against [a library of posture controls](https://github.com/kubescape/regolibrary).
-For image scanning, it uses [Grype](https://github.com/anchore/grype).
-For image patching, it uses [Copacetic](https://github.com/project-copacetic/copacetic).
+Kubescape uses [Open Policy Agent](https://github.com/open-policy-agent/opa) to verify Kubernetes objects against [a library of posture controls](https://github.com/kubescape/regolibrary). Kubescape retrieves Kubernetes resources from the API server and runs a set of [Rego snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).
 
-By default, the results are printed in a console-friendly manner, but they can be:
+Container image scanning is powered by [Grype](https://github.com/anchore/grype) and image patching uses [Copacetic](https://github.com/project-copacetic/copacetic).
+
+By default, CLI scan results are printed in a console-friendly manner, but they can be:
 
 * exported to JSON, junit XML or SARIF
 * rendered to HTML or PDF
 * submitted to a [cloud service](docs/providers.md)
 
-It retrieves Kubernetes objects from the API server and runs a set of [Rego snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).
-
-## Architecture 
-![kubescape](docs/img/architecture-diagram.png)
-
-**Otel collector** - is not built-in, Otel endpoint spec is need to be added at setup [Setting Otel](https://kubescape.io/docs/operator/telemetry/)
+### In-cluster architecture 
 
+![Architecture diagram](docs/img/architecture-diagram.png)
 
 ## Community
 
-Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the cloud-native community and are enhancing the project as the ecosystem develops.
+We welcome user feedback and ideas for improvement.
 
+Kubescape users and developers meet on the CNCF Slack. [Join it](https://slack.cncf.io/) and find us in [#kubescape](https://cloud-native.slack.com/archives/C04EY3ZF9GE) or [#kubescape-dev](https://cloud-native.slack.com/archives/C04GY6H082K).
 
-We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, every other week, at 15:00 CET. ([See that in your local time zone](https://time.is/compare/1500_in_CET).
+We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, every second Tuesday, at 15:00 CET. ([See that in your local time zone](https://time.is/compare/1500_in_CET). 
+
+* Meetings are announced in [#kubescape-dev](https://cloud-native.slack.com/archives/C04GY6H082K) on Slack (including any cancellations).
+* [The agenda and notes are in a public Google doc](https://docs.google.com/document/d/1X_eyhPzJvb4ascVQ2e0jN87LAvq7lTuXT5d4gQxi8us/edit?tab=t.0).
+* [Recordings are posted to YouTube](https://www.youtube.com/@kubescape).
 
 The Kubescape project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
 
 ### Adopters
 
-See [here](ADOPTERS.md) a list of adopters.
+See [here](ADOPTERS.md) for a list of reference adopters.
 
-## Contributions
+### Contributions
 
 Thanks to all our contributors!  Check out our [CONTRIBUTING](CONTRIBUTING.md) file to learn how to join them.
 
 * Feel free to pick a task from the [issues](https://github.com/kubescape/kubescape/issues?q=is%3Aissue+is%3Aopen+label%3A%22open+for+contribution%22), [roadmap](docs/roadmap.md) or suggest a feature of your own.
 * [Open an issue](https://github.com/kubescape/kubescape/issues/new/choose): we aim to respond to all issues within 48 hours.
-* [Join the CNCF Slack](https://slack.cncf.io/) and then our [users](https://cloud-native.slack.com/archives/C04EY3ZF9GE) or [developers](https://cloud-native.slack.com/archives/C04GY6H082K) channel.
 
 <br>
 
@@ -124,7 +127,7 @@ Thanks to all our contributors!  Check out our [CONTRIBUTING](CONTRIBUTING.md) f
 
 ## Changelog
 
-Kubescape changes are tracked on the [release](https://github.com/kubescape/kubescape/releases) page
+Kubescape changes are tracked on the [release](https://github.com/kubescape/kubescape/releases) page.
 
 ## License
 

go.mod

@@ -30,7 +30,7 @@ require (
 	github.com/kubescape/go-git-url v0.0.30
 	github.com/kubescape/go-logger v0.0.23
 	github.com/kubescape/k8s-interface v0.0.174
-	github.com/kubescape/opa-utils v0.0.281
+	github.com/kubescape/opa-utils v0.0.282
 	github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520
 	github.com/kubescape/regolibrary/v2 v2.0.1
 	github.com/maruel/natural v1.1.1

go.sum

@@ -1173,8 +1173,8 @@ github.com/kubescape/go-logger v0.0.23 h1:5xh+Nm8eGImhFbtippRKLaFgsvlKE1ufvQhNM2
 github.com/kubescape/go-logger v0.0.23/go.mod h1:Ayg7g769c7sXVB+P3fkJmbsJpoEmMmaUf9jeo+XuC3U=
 github.com/kubescape/k8s-interface v0.0.174 h1:I62Dc0RZmdESJrZLhtv2ZDqvf35XQ8g19T1LQPLARsk=
 github.com/kubescape/k8s-interface v0.0.174/go.mod h1:PAJHWlN7v+VI3jx4v2xH2VqvbN+4bcy7paqXd5/tQ4I=
-github.com/kubescape/opa-utils v0.0.281 h1:NwAjvsriu+xm5L9C+XQwOqb5ttVJz6OVmFCv8mlB1tc=
-github.com/kubescape/opa-utils v0.0.281/go.mod h1:N/UnbZHpoiHQH7O50yadhIXZvVl0IVtTGBmePPrSQSg=
+github.com/kubescape/opa-utils v0.0.282 h1:cE6EwRqQOLPWYlr1/simUmlr3tWA8UMzhj1nn3y8Dqs=
+github.com/kubescape/opa-utils v0.0.282/go.mod h1:N/UnbZHpoiHQH7O50yadhIXZvVl0IVtTGBmePPrSQSg=
 github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520 h1:SqlwF8G+oFazeYmZQKoPczLEflBQpwpHCU8DoLLyfj8=
 github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520/go.mod h1:wuxMUSDzGUyWd25IJfBzEJ/Udmw2Vy7npj+MV3u3GrU=
 github.com/kubescape/regolibrary/v2 v2.0.1 h1:7lKj171gslgTbbcmmGVHk34AZNqxForOXZIINoQfdzQ=