fix downloaded artifacts path

Signed-off-by: Matthias Bertschy <matthias.bertschy@gmail.com>

.github/workflows/00-pr-scanner.yaml

@@ -65,7 +65,7 @@ jobs:
       COMPONENT_NAME: kubescape
       CGO_ENABLED: 0
       GO111MODULE: ""
-      GO_VERSION: "1.21"
+      GO_VERSION: "1.23"
       RELEASE: "latest"
       CLIENT: test
     secrets: inherit

.github/workflows/02-release.yaml

@@ -37,7 +37,7 @@ jobs:
       COMPONENT_NAME: kubescape
       CGO_ENABLED: 0
       GO111MODULE: ""
-      GO_VERSION: "1.21"
+      GO_VERSION: "1.23"
       RELEASE: ${{ needs.retag.outputs.NEW_TAG }}
       CLIENT: release
     secrets: inherit

.github/workflows/a-pr-scanner.yaml

@@ -39,7 +39,6 @@ jobs:
         name: Installing go
         with:
           go-version: ${{ inputs.GO_VERSION }}
-          cache: true
 
       - name: Test core pkg
         run: ${{ env.DOCKER_CMD }} go test -v ./...
@@ -93,8 +92,7 @@ jobs:
       - uses: actions/setup-go@v4
         name: Installing go
         with:
-          go-version: '1.21'
-          cache: true
+          go-version: "1.23"
       - name: Scanning - Forbidden Licenses (go-licenses)
         id: licenses-scan
         continue-on-error: true
@@ -107,7 +105,7 @@ jobs:
         if: ${{ env.GITGUARDIAN_API_KEY }}
         continue-on-error: true
         id: credentials-scan
-        uses: GitGuardian/ggshield-action@4ab2994172fadab959240525e6b833d9ae3aca61 # ratchet:GitGuardian/ggshield-action@master
+        uses: GitGuardian/ggshield-action@master
         with:
           args: -v --all-policies
         env:
@@ -120,7 +118,7 @@ jobs:
         if: ${{ env.SNYK_TOKEN }}
         id: vulnerabilities-scan
         continue-on-error: true
-        uses: snyk/actions/golang@806182742461562b67788a64410098c9d9b96adb # ratchet:snyk/actions/golang@master
+        uses: snyk/actions/golang@master
         with:
           command: test --all-projects
         env:
@@ -142,7 +140,7 @@ jobs:
 
       - name: Comment results to PR
         continue-on-error: true # Warning: This might break opening PRs from forks
-        uses: peter-evans/create-or-update-comment@5adcb0bb0f9fb3f95ef05400558bdb3f329ee808 # ratchet:peter-evans/create-or-update-comment@v2.1.0
+        uses: peter-evans/create-or-update-comment@v4
         with:
           issue-number: ${{ github.event.pull_request.number }}
           body: |

.github/workflows/b-binary-build-and-e2e-tests.yaml

@@ -163,7 +163,6 @@ jobs:
         name: Installing go
         with:
           go-version: ${{ inputs.GO_VERSION }}
-          cache: true
 
       - name: (debug) Step 3 - Check disk space before build
         run: df -h
@@ -182,7 +181,7 @@ jobs:
       - name: (debug) Step 5 - Check disk space before setting up Syft
         run: df -h
 
-      - uses: anchore/sbom-action/download-syft@v0.15.2
+      - uses: anchore/sbom-action/download-syft@v0
         name: Setup Syft
 
       - name: (debug) Step 6 - Check disk space before goreleaser
@@ -224,7 +223,7 @@ jobs:
       - name: (debug) Step 9 - Check disk space before uploading artifacts
         run: df -h
 
-      - uses: actions/upload-artifact@83fd05a356d7e2593de66fc9913b3002723633cb # ratchet:actions/upload-artifact@v3.1.1
+      - uses: actions/upload-artifact@v4
         name: Upload artifacts
         with:
           name: kubescape
@@ -290,7 +289,7 @@ jobs:
     if: ${{ (needs.wf-preparation.outputs.is-secret-set == 'true') && (always() && (contains(needs.*.result, 'success') || contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }}
     runs-on: ubuntu-latest # This cannot change
     steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
+      - uses: actions/download-artifact@v4
         id: download-artifact
         with:
           name: kubescape
@@ -307,7 +306,7 @@ jobs:
           repository: armosec/system-tests
           path: .
 
-      - uses: actions/setup-python@d27e3f3d7c64b4bbf8e4abfb9b63b83e846e0435 # ratchet:actions/setup-python@v4
+      - uses: actions/setup-python@v4
         with:
           python-version: '3.8.13'
           cache: 'pip'
@@ -352,7 +351,7 @@ jobs:
           deactivate
 
       - name: Test Report
-        uses: mikepenz/action-junit-report@6e9933f4a97f4d2b99acef4d7b97924466037882 # ratchet:mikepenz/action-junit-report@v3.6.1
+        uses: mikepenz/action-junit-report@v5
         if: always() # always run even if the previous step fails
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/build-image.yaml

@@ -33,7 +33,7 @@ jobs:
       CGO_ENABLED: 0
       GO111MODULE: "on"
       BUILD_PLATFORM: ${{ inputs.PLATFORMS && 'linux/amd64,linux/arm64' || 'linux/amd64' }}
-      GO_VERSION: "1.21"
+      GO_VERSION: "1.23"
       REQUIRED_TESTS: '[]'
       COSIGN: ${{ inputs.CO_SIGN }}
       HELM_E2E_TEST: false

.github/workflows/c-create-release.yaml

@@ -27,14 +27,15 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
+      - uses: actions/download-artifact@v4
         id: download-artifact
         with:
+          name: kubescape
           path: .
 
       # TODO: kubescape-windows-latest is deprecated and should be removed
       - name: Get kubescape.exe from kubescape-windows-latest.exe
-        run: cp ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape-${{ env.WINDOWS_OS }}.exe ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape.exe
+        run: cp ${{steps.download-artifact.outputs.download-path}}/kubescape-${{ env.WINDOWS_OS }}.exe ${{steps.download-artifact.outputs.download-path}}/kubescape.exe
 
       - name: Set release token
         id: set-token
@@ -50,7 +51,7 @@ jobs:
           find . -type f -print
 
       - name: Release
-        uses: softprops/action-gh-release@975c1b265e11dd76618af1c374e7981f9a6ff44a
+        uses: softprops/action-gh-release@v2
         with:
           token: ${{ steps.set-token.outputs.token }}
           name: ${{ inputs.RELEASE_NAME }}
@@ -60,32 +61,32 @@ jobs:
           prerelease: false
           fail_on_unmatched_files: true
           files: |
-            ./kubescape/kubescape-${{ env.MAC_OS }}
-            ./kubescape/kubescape-${{ env.MAC_OS }}.sbom
-            ./kubescape/kubescape-${{ env.MAC_OS }}.sha256
-            ./kubescape/kubescape-${{ env.MAC_OS }}.tar.gz
-            ./kubescape/kubescape-${{ env.UBUNTU_OS }}
-            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.sbom
-            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.sha256
-            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.tar.gz
-            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe
-            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe.sbom
-            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe.sha256
-            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.tar.gz
-            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}
-            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.sbom
-            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.sha256
-            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.tar.gz
-            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}
-            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.sbom
-            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.sha256
-            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz
-            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.exe
-            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.exe.sbom
-            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.exe.sha256
-            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.tar.gz
-            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}
-            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}.sbom
-            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}.sha256
-            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}.tar.gz
-            ./kubescape/kubescape.exe
+            ./kubescape-${{ env.MAC_OS }}
+            ./kubescape-${{ env.MAC_OS }}.sbom
+            ./kubescape-${{ env.MAC_OS }}.sha256
+            ./kubescape-${{ env.MAC_OS }}.tar.gz
+            ./kubescape-${{ env.UBUNTU_OS }}
+            ./kubescape-${{ env.UBUNTU_OS }}.sbom
+            ./kubescape-${{ env.UBUNTU_OS }}.sha256
+            ./kubescape-${{ env.UBUNTU_OS }}.tar.gz
+            ./kubescape-${{ env.WINDOWS_OS }}.exe
+            ./kubescape-${{ env.WINDOWS_OS }}.exe.sbom
+            ./kubescape-${{ env.WINDOWS_OS }}.exe.sha256
+            ./kubescape-${{ env.WINDOWS_OS }}.tar.gz
+            ./kubescape-arm64-${{ env.MAC_OS }}
+            ./kubescape-arm64-${{ env.MAC_OS }}.sbom
+            ./kubescape-arm64-${{ env.MAC_OS }}.sha256
+            ./kubescape-arm64-${{ env.MAC_OS }}.tar.gz
+            ./kubescape-arm64-${{ env.UBUNTU_OS }}
+            ./kubescape-arm64-${{ env.UBUNTU_OS }}.sbom
+            ./kubescape-arm64-${{ env.UBUNTU_OS }}.sha256
+            ./kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz
+            ./kubescape-arm64-${{ env.WINDOWS_OS }}.exe
+            ./kubescape-arm64-${{ env.WINDOWS_OS }}.exe.sbom
+            ./kubescape-arm64-${{ env.WINDOWS_OS }}.exe.sha256
+            ./kubescape-arm64-${{ env.WINDOWS_OS }}.tar.gz
+            ./kubescape-riscv64-${{ env.UBUNTU_OS }}
+            ./kubescape-riscv64-${{ env.UBUNTU_OS }}.sbom
+            ./kubescape-riscv64-${{ env.UBUNTU_OS }}.sha256
+            ./kubescape-riscv64-${{ env.UBUNTU_OS }}.tar.gz
+            ./kubescape.exe

.github/workflows/d-publish-image.yaml

@@ -63,22 +63,23 @@ jobs:
         with:
           submodules: recursive
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@e81a89b1732b9c48d79cd809d8d81d79c4647a18 # ratchet:docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@f03ac48505955848960e80bbb68046aa35c7b9e7 # ratchet:docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
       - name: Login to Quay.io
         env:
           QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
           QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
         run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
+      - uses: actions/download-artifact@v4
         id: download-artifact
         with:
+          name: kubescape
           path: .
       - name: mv kubescape amd64 binary
-        run: mv ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape-ubuntu-latest kubescape-amd64-ubuntu-latest
+        run: mv ${{steps.download-artifact.outputs.download-path}}/kubescape-ubuntu-latest kubescape-amd64-ubuntu-latest
       - name: mv kubescape arm64 binary
-        run: mv ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape-arm64-ubuntu-latest kubescape-arm64-ubuntu-latest
+        run: mv ${{steps.download-artifact.outputs.download-path}}/kubescape-arm64-ubuntu-latest kubescape-arm64-ubuntu-latest
       - name: chmod +x
         run: chmod +x -v kubescape-a*
       - name: Build and push images
@@ -106,4 +107,3 @@ jobs:
             # Verify the image
             echo "$COSIGN_PUBLIC_KEY" > cosign.pub
             cosign verify -key cosign.pub ${{ inputs.image_name }}:${{ inputs.image_tag }}
-

.github/workflows/scorecard.yml

@@ -32,12 +32,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@v4
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
+        uses: ossf/scorecard-action@v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
@@ -59,7 +59,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@v4
         with:
           name: SARIF file
           path: results.sarif
@@ -67,6 +67,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif

.github/workflows/z-close-typos-issues.yaml

@@ -7,14 +7,14 @@ jobs:
     if: github.event.label.name == 'typo'
     runs-on: ubuntu-latest
     steps:
-      - uses: ben-z/actions-comment-on-issue@10be23f9c43ac792663043420fda29dde07e2f0f # ratchet:ben-z/actions-comment-on-issue@1.0.2
+      - uses: ben-z/actions-comment-on-issue@1.0.2
         with:
           message: "Hello! :wave:\n\nThis issue is being automatically closed, Please open a PR with a relevant fix."
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   auto_close_issues:
     runs-on: ubuntu-latest
     steps:
-      - uses: lee-dohm/close-matching-issues@e9e43aad2fa6f06a058cedfd8fb975fd93b56d8f # ratchet:lee-dohm/close-matching-issues@v2
+      - uses: lee-dohm/close-matching-issues@v2
         with:
           query: 'label:typo'
           token: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -3,7 +3,7 @@
 [![Go Report Card](https://goreportcard.com/badge/github.com/kubescape/kubescape)](https://goreportcard.com/report/github.com/kubescape/kubescape)
 [![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-Ready--to--Code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/kubescape/kubescape)
 [![GitHub](https://img.shields.io/github/license/kubescape/kubescape)](https://github.com/kubescape/kubescape/blob/master/LICENSE)
-[![CNCF](https://shields.io/badge/CNCF-Sandbox%20project-blue?logo=linux-foundation&style=flat)](https://landscape.cncf.io/card-mode?project=sandbox&selected=kubescape)
+[![CNCF](https://shields.io/badge/CNCF-Incubating%20project-blue?logo=linux-foundation&style=flat)](https://landscape.cncf.io/?item=provisioning--security-compliance--kubescape)
 [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubescape)](https://artifacthub.io/packages/search?repo=kubescape)
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fkubescape%2Fkubescape.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fkubescape%2Fkubescape?ref=badge_shield&issueType=license)
 [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6944/badge)](https://www.bestpractices.dev/projects/6944)
@@ -26,7 +26,7 @@ Kubescape is an open-source Kubernetes security platform that provides comprehen
 
 Kubescape scans clusters, YAML files, and Helm charts. It detects misconfigurations according to multiple frameworks (including [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.armosec.io/glossary/mitre-attck-framework/?utm_source=github&utm_medium=repository) and the [CIS Benchmark](https://www.armosec.io/blog/cis-kubernetes-benchmark-framework-scanning-tools-comparison/?utm_source=github&utm_medium=repository)).
 
-Kubescape was created by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository) and is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/).
+Kubescape was created by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository) and is a [Cloud Native Computing Foundation (CNCF) incubating project](https://www.cncf.io/projects/).
 
 _Please [star ⭐](https://github.com/kubescape/kubescape/stargazers) the repo if you want us to continue developing and improving Kubescape! 😀_
 
@@ -114,8 +114,8 @@ Kubescape changes are tracked on the [release](https://github.com/kubescape/kube
 
 Copyright 2021-2024, the Kubescape Authors. All rights reserved. Kubescape is released under the Apache 2.0 license. See the [LICENSE](LICENSE) file for details.
 
-Kubescape is a [Cloud Native Computing Foundation (CNCF) sandbox project](https://www.cncf.io/sandbox-projects/) and was contributed by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository).
+Kubescape is a [Cloud Native Computing Foundation (CNCF) incubating project](https://www.cncf.io/projects/kubescape/) and was contributed by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository).
 
 <div align="center">
-    <img src="https://raw.githubusercontent.com/cncf/artwork/master/other/cncf-sandbox/horizontal/color/cncf-sandbox-horizontal-color.svg" width="300" alt="CNCF Sandbox Project">
+    <img src="https://raw.githubusercontent.com/cncf/artwork/refs/heads/main/other/cncf-member/incubating/color/cncf-incubating-color.svg" width="300" alt="CNCF Incubating Project">
 </div>

cmd/download/download.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"fmt"
 	"path/filepath"
+	"slices"
 	"strings"
 
 	"github.com/kubescape/go-logger"
@@ -12,7 +13,6 @@ import (
 	"github.com/kubescape/kubescape/v3/core/meta"
 	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
-	"golang.org/x/exp/slices"
 )
 
 var (

cmd/list/list.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"slices"
 	"strings"
 
 	"github.com/kubescape/go-logger"
@@ -12,7 +13,6 @@ import (
 	"github.com/kubescape/kubescape/v3/core/meta"
 	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
-	"golang.org/x/exp/slices"
 )
 
 var (

cmd/prerequisites/prerequisites.go

@@ -0,0 +1,18 @@
+package prerequisites
+
+import (
+	"github.com/kubescape/kubescape/v3/core/meta"
+	"github.com/kubescape/sizing-checker/pkg/sizingchecker"
+	"github.com/spf13/cobra"
+)
+
+func GetPreReqCmd(ks meta.IKubescape) *cobra.Command {
+	preReqCmd := &cobra.Command{
+		Use:   "prerequisites",
+		Short: "Check prerequisites for installing Kubescape Operator",
+		Run: func(cmd *cobra.Command, args []string) {
+			sizingchecker.RunSizingChecker()
+		},
+	}
+	return preReqCmd
+}

cmd/root.go

@@ -14,6 +14,7 @@ import (
 	"github.com/kubescape/kubescape/v3/cmd/list"
 	"github.com/kubescape/kubescape/v3/cmd/operator"
 	"github.com/kubescape/kubescape/v3/cmd/patch"
+	"github.com/kubescape/kubescape/v3/cmd/prerequisites"
 	"github.com/kubescape/kubescape/v3/cmd/scan"
 	"github.com/kubescape/kubescape/v3/cmd/update"
 	"github.com/kubescape/kubescape/v3/cmd/vap"
@@ -99,6 +100,7 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {
 	rootCmd.AddCommand(patch.GetPatchCmd(ks))
 	rootCmd.AddCommand(vap.GetVapHelperCmd())
 	rootCmd.AddCommand(operator.GetOperatorCmd(ks))
+	rootCmd.AddCommand(prerequisites.GetPreReqCmd(ks))
 
 	// deprecated commands
 	rootCmd.AddCommand(&cobra.Command{

cmd/scan/framework.go

@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"io"
 	"os"
+	"slices"
 	"strings"
 
 	"github.com/kubescape/go-logger"
@@ -18,7 +19,6 @@ import (
 	reporthandlingapis "github.com/kubescape/opa-utils/reporthandling/apis"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 	"github.com/spf13/cobra"
-	"golang.org/x/exp/slices"
 )
 
 var (

cmd/scan/image.go

@@ -24,12 +24,17 @@ var (
   # Scan the 'nginx' image and see the full report 
   %[1]s scan image "nginx" -v
 
+  # Scan the 'nginx' image and use exceptions
+  %[1]s scan image "nginx" --exceptions exceptions.json
+
 `, cautils.ExecName())
 )
 
 // getImageCmd returns the scan image command
 func getImageCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
 	var imgCredentials shared.ImageCredentials
+	var exceptions string
+
 	cmd := &cobra.Command{
 		Use:     "image <image>:<tag> [flags]",
 		Short:   "Scan an image for vulnerabilities",
@@ -50,9 +55,10 @@ func getImageCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command
 			}
 
 			imgScanInfo := &metav1.ImageScanInfo{
-				Image:    args[0],
-				Username: imgCredentials.Username,
-				Password: imgCredentials.Password,
+				Image:      args[0],
+				Username:   imgCredentials.Username,
+				Password:   imgCredentials.Password,
+				Exceptions: exceptions,
 			}
 
 			results, err := ks.ScanImage(context.Background(), imgScanInfo, scanInfo)
@@ -68,6 +74,8 @@ func getImageCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command
 		},
 	}
 
+	// The exceptions flag
+	cmd.PersistentFlags().StringVarP(&exceptions, "exceptions", "", "", "Path to the exceptions file")
 	cmd.PersistentFlags().StringVarP(&imgCredentials.Username, "username", "u", "", "Username for registry login")
 	cmd.PersistentFlags().StringVarP(&imgCredentials.Password, "password", "p", "", "Password for registry login")
 

core/cautils/fileutils.go

@@ -7,6 +7,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"slices"
 	"strings"
 
 	"github.com/kubescape/go-logger"
@@ -14,7 +15,6 @@ import (
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/opa-utils/objectsenvelopes"
 	"github.com/kubescape/opa-utils/objectsenvelopes/localworkload"
-	"golang.org/x/exp/slices"
 	"gopkg.in/yaml.v3"
 )
 

core/core/image_scan.go

@@ -2,7 +2,11 @@ package core
 
 import (
 	"context"
+	"encoding/json"
 	"fmt"
+	"os"
+	"regexp"
+	"strings"
 
 	"github.com/anchore/grype/grype/presenter/models"
 	"github.com/kubescape/go-logger"
@@ -12,6 +16,152 @@ import (
 	"github.com/kubescape/kubescape/v3/pkg/imagescan"
 )
 
+// Data structure to represent attributes
+type Attributes struct {
+	Registry     string `json:"registry"`
+	Organization string `json:"organization,omitempty"`
+	ImageName    string `json:"imageName"`
+	ImageTag     string `json:"imageTag,omitempty"`
+}
+
+// Data structure for a target
+type Target struct {
+	DesignatorType string     `json:"designatorType"`
+	Attributes     Attributes `json:"attributes"`
+}
+
+// Data structure for metadata
+type Metadata struct {
+	Name string `json:"name"`
+}
+
+// Data structure for vulnerabilities and severities
+type VulnerabilitiesIgnorePolicy struct {
+	Metadata        Metadata `json:"metadata"`
+	Kind            string   `json:"kind"`
+	Targets         []Target `json:"targets"`
+	Vulnerabilities []string `json:"vulnerabilities"`
+	Severities      []string `json:"severities"`
+}
+
+// Loads excpetion policies from exceptions json object.
+func GetImageExceptionsFromFile(filePath string) ([]VulnerabilitiesIgnorePolicy, error) {
+	// Read the JSON file
+	jsonFile, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("error reading exceptions file: %w", err)
+	}
+
+	// Unmarshal the JSON data into an array of VulnerabilitiesIgnorePolicy
+	var policies []VulnerabilitiesIgnorePolicy
+	err = json.Unmarshal(jsonFile, &policies)
+	if err != nil {
+		return nil, fmt.Errorf("error unmarshaling exceptions file: %w", err)
+	}
+
+	return policies, nil
+}
+
+// This function will identify the registry, organization and image tag from the image name
+func getAttributesFromImage(imgName string) (Attributes, error) {
+	canonicalImageName, err := cautils.NormalizeImageName(imgName)
+	if err != nil {
+		return Attributes{}, err
+	}
+
+	tokens := strings.Split(canonicalImageName, "/")
+	registry := tokens[0]
+	organization := tokens[1]
+
+	imageNameAndTag := strings.Split(tokens[2], ":")
+	imageName := imageNameAndTag[0]
+
+	// Intialize the image tag with default value
+	imageTag := "latest"
+	if len(imageNameAndTag) > 1 {
+		imageTag = imageNameAndTag[1]
+	}
+
+	attributes := Attributes{
+		Registry:     registry,
+		Organization: organization,
+		ImageName:    imageName,
+		ImageTag:     imageTag,
+	}
+
+	return attributes, nil
+}
+
+// Checks if the target string matches the regex pattern
+func regexStringMatch(pattern, target string) bool {
+	re, err := regexp.Compile(pattern)
+	if err != nil {
+		logger.L().StopError(fmt.Sprintf("Failed to generate regular expression: %s", err))
+		return false
+	}
+
+	if re.MatchString(target) {
+		return true
+	}
+
+	return false
+}
+
+// Compares the registry, organization, image name, image tag against the targets specified
+// in the exception policy object to check if the image being scanned qualifies for an
+// exception policy.
+func isTargetImage(targets []Target, attributes Attributes) bool {
+	for _, target := range targets {
+		return regexStringMatch(target.Attributes.Registry, attributes.Registry) && regexStringMatch(target.Attributes.Organization, attributes.Organization) && regexStringMatch(target.Attributes.ImageName, attributes.ImageName) && regexStringMatch(target.Attributes.ImageTag, attributes.ImageTag)
+	}
+
+	return false
+}
+
+// Generates a list of unique CVE-IDs and the severities which are to be excluded for
+// the image being scanned.
+func getUniqueVulnerabilitiesAndSeverities(policies []VulnerabilitiesIgnorePolicy, image string) ([]string, []string) {
+	// Create maps with slices as values to store unique vulnerabilities and severities (case-insensitive)
+	uniqueVulns := make(map[string][]string)
+	uniqueSevers := make(map[string][]string)
+
+	imageAttributes, err := getAttributesFromImage(image)
+	if err != nil {
+		logger.L().StopError(fmt.Sprintf("Failed to generate image attributes: %s", err))
+	}
+
+	// Iterate over each policy and its vulnerabilities/severities
+	for _, policy := range policies {
+		// Include the exceptions only if the image is one of the targets
+		if isTargetImage(policy.Targets, imageAttributes) {
+			for _, vulnerability := range policy.Vulnerabilities {
+				// Add to slice directly
+				vulnerabilityUppercase := strings.ToUpper(vulnerability)
+				uniqueVulns[vulnerabilityUppercase] = append(uniqueVulns[vulnerabilityUppercase], vulnerability)
+			}
+
+			for _, severity := range policy.Severities {
+				// Add to slice directly
+				severityUppercase := strings.ToUpper(severity)
+				uniqueSevers[severityUppercase] = append(uniqueSevers[severityUppercase], severity)
+			}
+		}
+	}
+
+	// Extract unique keys (which are unique vulnerabilities/severities) and their slices
+	uniqueVulnsList := make([]string, 0, len(uniqueVulns))
+	for vuln := range uniqueVulns {
+		uniqueVulnsList = append(uniqueVulnsList, vuln)
+	}
+
+	uniqueSeversList := make([]string, 0, len(uniqueSevers))
+	for sever := range uniqueSevers {
+		uniqueSeversList = append(uniqueSeversList, sever)
+	}
+
+	return uniqueVulnsList, uniqueSeversList
+}
+
 func (ks *Kubescape) ScanImage(ctx context.Context, imgScanInfo *ksmetav1.ImageScanInfo, scanInfo *cautils.ScanInfo) (*models.PresenterConfig, error) {
 	logger.L().Start(fmt.Sprintf("Scanning image %s...", imgScanInfo.Image))
 
@@ -23,7 +173,19 @@ func (ks *Kubescape) ScanImage(ctx context.Context, imgScanInfo *ksmetav1.ImageS
 		Password: imgScanInfo.Password,
 	}
 
-	scanResults, err := svc.Scan(ctx, imgScanInfo.Image, creds)
+	var vulnerabilityExceptions []string
+	var severityExceptions []string
+	if imgScanInfo.Exceptions != "" {
+		exceptionPolicies, err := GetImageExceptionsFromFile(imgScanInfo.Exceptions)
+		if err != nil {
+			logger.L().StopError(fmt.Sprintf("Failed to load exceptions from file: %s", imgScanInfo.Exceptions))
+			return nil, err
+		}
+
+		vulnerabilityExceptions, severityExceptions = getUniqueVulnerabilitiesAndSeverities(exceptionPolicies, imgScanInfo.Image)
+	}
+
+	scanResults, err := svc.Scan(ctx, imgScanInfo.Image, creds, vulnerabilityExceptions, severityExceptions)
 	if err != nil {
 		logger.L().StopError(fmt.Sprintf("Failed to scan image: %s", imgScanInfo.Image))
 		return nil, err

core/core/image_scan_test.go

@@ -0,0 +1,420 @@
+package core
+
+import (
+	"sort"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetImageExceptionsFromFile(t *testing.T) {
+	tests := []struct {
+		filePath         string
+		expectedPolicies []VulnerabilitiesIgnorePolicy
+		expectedErr      error
+	}{
+		{
+			filePath: "./testdata/exceptions.json",
+			expectedPolicies: []VulnerabilitiesIgnorePolicy{
+				{
+					Metadata: Metadata{
+						Name: "medium-severity-vulnerabilites-exceptions",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "docker.io",
+								Organization: "",
+								ImageName:    "",
+								ImageTag:     "",
+							},
+						},
+					},
+					Vulnerabilities: []string{},
+					Severities:      []string{"medium"},
+				},
+				{
+					Metadata: Metadata{
+						Name: "exclude-allowed-hostPath-control",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "",
+								Organization: "",
+								ImageName:    "",
+								ImageTag:     "",
+							},
+						},
+					},
+					Vulnerabilities: []string{"CVE-2023-42366", "CVE-2023-42365"},
+					Severities:      []string{"critical", "low"},
+				},
+				{
+					Metadata: Metadata{
+						Name: "regex-example",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "quay.*",
+								Organization: "kube*",
+								ImageName:    "kubescape*",
+								ImageTag:     "v2*",
+							},
+						},
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "docker.io",
+								Organization: ".*",
+								ImageName:    "kube*",
+								ImageTag:     "v3*",
+							},
+						},
+					},
+					Vulnerabilities: []string{"CVE-2023-6879", "CVE-2023-44487"},
+					Severities:      []string{"critical", "low"},
+				},
+			},
+			expectedErr: nil,
+		},
+		{
+			filePath:         "./testdata/empty_exceptions.json",
+			expectedPolicies: []VulnerabilitiesIgnorePolicy{},
+			expectedErr:      nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.filePath, func(t *testing.T) {
+			policies, err := GetImageExceptionsFromFile(tt.filePath)
+			assert.Equal(t, tt.expectedPolicies, policies)
+			assert.Equal(t, tt.expectedErr, err)
+		})
+	}
+}
+
+func TestGetAttributesFromImage(t *testing.T) {
+	tests := []struct {
+		imageName          string
+		expectedAttributes Attributes
+		expectedErr        error
+	}{
+		{
+			imageName: "quay.io/kubescape/kubescape-cli:v3.0.0",
+			expectedAttributes: Attributes{
+				Registry:     "quay.io",
+				Organization: "kubescape",
+				ImageName:    "kubescape-cli",
+				ImageTag:     "v3.0.0",
+			},
+			expectedErr: nil,
+		},
+		{
+			imageName: "alpine",
+			expectedAttributes: Attributes{
+				Registry:     "docker.io",
+				Organization: "library",
+				ImageName:    "alpine",
+				ImageTag:     "latest",
+			},
+			expectedErr: nil,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.imageName, func(t *testing.T) {
+			attributes, err := getAttributesFromImage(tt.imageName)
+			assert.Equal(t, tt.expectedErr, err)
+			assert.Equal(t, tt.expectedAttributes, attributes)
+		})
+	}
+}
+
+func TestRegexStringMatch(t *testing.T) {
+	tests := []struct {
+		pattern  string
+		target   string
+		expected bool
+	}{
+		{
+			pattern:  ".*",
+			target:   "quay.io",
+			expected: true,
+		},
+		{
+			pattern:  "kubescape",
+			target:   "kubescape",
+			expected: true,
+		},
+		{
+			pattern:  "kubescape*",
+			target:   "kubescape-cli",
+			expected: true,
+		},
+		{
+			pattern:  "",
+			target:   "v3.0.0",
+			expected: true,
+		},
+		{
+			pattern:  "docker.io",
+			target:   "quay.io",
+			expected: false,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.target+"/"+tt.pattern, func(t *testing.T) {
+			assert.Equal(t, tt.expected, regexStringMatch(tt.pattern, tt.target))
+		})
+	}
+}
+
+func TestIsTargetImage(t *testing.T) {
+	tests := []struct {
+		targets    []Target
+		attributes Attributes
+		expected   bool
+	}{
+		{
+			targets: []Target{
+				{
+					Attributes: Attributes{
+						Registry:     "docker.io",
+						Organization: ".*",
+						ImageName:    ".*",
+						ImageTag:     "",
+					},
+				},
+			},
+			attributes: Attributes{
+				Registry:     "quay.io",
+				Organization: "kubescape",
+				ImageName:    "kubescape-cli",
+				ImageTag:     "v3.0.0",
+			},
+			expected: false,
+		},
+		{
+			targets: []Target{
+				{
+					Attributes: Attributes{
+						Registry:     "quay.io",
+						Organization: "kubescape",
+						ImageName:    "kubescape*",
+						ImageTag:     "",
+					},
+				},
+			},
+			attributes: Attributes{
+				Registry:     "quay.io",
+				Organization: "kubescape",
+				ImageName:    "kubescape-cli",
+				ImageTag:     "v3.0.0",
+			},
+			expected: true,
+		},
+		{
+			targets: []Target{
+				{
+					Attributes: Attributes{
+						Registry:     "docker.io",
+						Organization: "library",
+						ImageName:    "alpine",
+						ImageTag:     "",
+					},
+				},
+			},
+			attributes: Attributes{
+				Registry:     "docker.io",
+				Organization: "library",
+				ImageName:    "alpine",
+				ImageTag:     "latest",
+			},
+			expected: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.attributes.Registry+"/"+tt.attributes.ImageName, func(t *testing.T) {
+			assert.Equal(t, tt.expected, isTargetImage(tt.targets, tt.attributes))
+		})
+	}
+}
+
+func TestGetVulnerabilitiesAndSeverities(t *testing.T) {
+	tests := []struct {
+		policies                []VulnerabilitiesIgnorePolicy
+		image                   string
+		expectedVulnerabilities []string
+		expectedSeverities      []string
+	}{
+		{
+			policies: []VulnerabilitiesIgnorePolicy{
+				{
+					Metadata: Metadata{
+						Name: "vulnerabilites-exceptions",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "",
+								Organization: "kubescape*",
+								ImageName:    "",
+								ImageTag:     "",
+							},
+						},
+					},
+					Vulnerabilities: []string{"CVE-2023-42365"},
+					Severities:      []string{},
+				},
+				{
+					Metadata: Metadata{
+						Name: "exclude-allowed-hostPath-control",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "docker.io",
+								Organization: "",
+								ImageName:    "",
+								ImageTag:     "",
+							},
+						},
+					},
+					Vulnerabilities: []string{"CVE-2023-42366", "CVE-2023-42365"},
+					Severities:      []string{"critical", "low"},
+				},
+			},
+			image:                   "quay.io/kubescape/kubescape-cli:v3.0.0",
+			expectedVulnerabilities: []string{"CVE-2023-42365"},
+			expectedSeverities:      []string{},
+		},
+		{
+			policies: []VulnerabilitiesIgnorePolicy{
+				{
+					Metadata: Metadata{
+						Name: "medium-severity-vulnerabilites-exceptions",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "",
+								Organization: "",
+								ImageName:    "",
+								ImageTag:     "",
+							},
+						},
+					},
+					Vulnerabilities: []string{},
+					Severities:      []string{"medium"},
+				},
+				{
+					Metadata: Metadata{
+						Name: "exclude-allowed-hostPath-control",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "quay.io",
+								Organization: "",
+								ImageName:    "",
+								ImageTag:     "",
+							},
+						},
+					},
+					Vulnerabilities: []string{"CVE-2023-42366", "CVE-2023-42365"},
+					Severities:      []string{},
+				},
+			},
+			image:                   "alpine",
+			expectedVulnerabilities: []string{},
+			expectedSeverities:      []string{"MEDIUM"},
+		},
+		{
+			policies: []VulnerabilitiesIgnorePolicy{
+				{
+					Metadata: Metadata{
+						Name: "regex-example",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry:     "quay.io",
+								Organization: "kube*",
+								ImageName:    "kubescape*",
+								ImageTag:     ".*",
+							},
+						},
+					},
+					Vulnerabilities: []string{},
+					Severities:      []string{"critical"},
+				},
+				{
+					Metadata: Metadata{
+						Name: "only-for-docker-registry",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								Registry: "docker.io",
+								ImageTag: "v3*",
+							},
+						},
+					},
+					Vulnerabilities: []string{"CVE-2023-42366", "CVE-2022-28391"},
+					Severities:      []string{"high"},
+				},
+				{
+					Metadata: Metadata{
+						Name: "exclude-allowed-hostPath-control",
+					},
+					Kind: "VulnerabilitiesIgnorePolicy",
+					Targets: []Target{
+						{
+							DesignatorType: "Attributes",
+							Attributes: Attributes{
+								ImageTag: "v3*",
+							},
+						},
+					},
+					Vulnerabilities: []string{"CVE-2022-30065", "CVE-2022-28391"},
+					Severities:      []string{},
+				},
+			},
+			image:                   "quay.io/kubescape/kubescape-cli:v3.0.0",
+			expectedVulnerabilities: []string{"CVE-2022-30065", "CVE-2022-28391"},
+			expectedSeverities:      []string{"CRITICAL"},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.image, func(t *testing.T) {
+			vulnerabilities, severities := getUniqueVulnerabilitiesAndSeverities(tt.policies, tt.image)
+			sort.Strings(tt.expectedVulnerabilities)
+			sort.Strings(vulnerabilities)
+			assert.Equal(t, tt.expectedVulnerabilities, vulnerabilities)
+			assert.Equal(t, tt.expectedSeverities, severities)
+		})
+	}
+}

core/core/patch.go

@@ -37,7 +37,7 @@ func (ks *Kubescape) Patch(ctx context.Context, patchInfo *ksmetav1.PatchInfo, s
 		Password: patchInfo.Password,
 	}
 	// Scan the image
-	scanResults, err := svc.Scan(ctx, patchInfo.Image, creds)
+	scanResults, err := svc.Scan(ctx, patchInfo.Image, creds, nil, nil)
 	if err != nil {
 		return nil, err
 	}
@@ -81,7 +81,7 @@ func (ks *Kubescape) Patch(ctx context.Context, patchInfo *ksmetav1.PatchInfo, s
 
 	logger.L().Start(fmt.Sprintf("Re-scanning image: %s", patchedImageName))
 
-	scanResultsPatched, err := svc.Scan(ctx, patchedImageName, creds)
+	scanResultsPatched, err := svc.Scan(ctx, patchedImageName, creds, nil, nil)
 	if err != nil {
 		return nil, err
 	}

core/core/scan.go

@@ -3,6 +3,7 @@ package core
 import (
 	"context"
 	"fmt"
+	"slices"
 
 	"github.com/kubescape/backend/pkg/versioncheck"
 	"github.com/kubescape/go-logger"
@@ -23,7 +24,6 @@ import (
 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	"github.com/kubescape/opa-utils/resources"
 	"go.opentelemetry.io/otel"
-	"golang.org/x/exp/slices"
 	"k8s.io/client-go/kubernetes"
 )
 
@@ -257,7 +257,7 @@ func scanImages(scanType cautils.ScanTypes, scanData *cautils.OPASessionObj, ctx
 
 func scanSingleImage(ctx context.Context, img string, svc imagescan.Service, resultsHandling *resultshandling.ResultsHandler) error {
 
-	scanResults, err := svc.Scan(ctx, img, imagescan.RegistryCredentials{})
+	scanResults, err := svc.Scan(ctx, img, imagescan.RegistryCredentials{}, nil, nil)
 	if err != nil {
 		return err
 	}

core/core/testdata/alpine-nginx-exceptions.json

@@ -0,0 +1,67 @@
+[
+    {   
+        "metadata": {
+                "name": "alpine-exceptions"
+        },
+        "kind": "VulnerabilitiesIgnorePolicy",
+        "targets": [
+            {
+                "designatorType": "Attributes",
+                "attributes": {
+                    "imageName": "alpine*"
+                }
+            }
+        ],
+        "severities": [
+            "medium"
+         ]
+    },
+    {   
+        "metadata": {
+                "name": "nginx-exceptions"
+        },
+        "kind": "VulnerabilitiesIgnorePolicy",
+        "targets": [
+            {
+                "designatorType": "Attributes",
+                "attributes": {
+                    "imageName": "nginx*"
+                }
+            }
+        ],
+        "vulnerabilities": [
+            "invalid-cve",
+            "CVE-2023-45853",
+            "CVE-2023-49463"
+        ],
+        "severities": [
+            "critical",
+            "medium",
+            "invalid-severity"
+         ]
+    },
+    {   
+        "metadata": {
+                "name": "applicable-only-to-quay-registry-images"
+        },
+        "kind": "VulnerabilitiesIgnorePolicy",
+        "targets": [
+            {
+                "designatorType": "Attributes",
+                "attributes": {
+                    "registry": "quay.io"
+                }
+            }
+        ],
+        "vulnerabilities": [
+            "CVE-2023-42365"
+        ],
+        "severities": [
+            "critical",
+            "medium",
+            "high",
+            "low"
+         ]
+    }   
+]
+

core/core/testdata/empty_exceptions.json

@@ -0,0 +1 @@
+[]

core/core/testdata/exceptions.json

@@ -0,0 +1,78 @@
+[
+    {   
+        "metadata": {
+                "name": "medium-severity-vulnerabilites-exceptions"
+        },
+        "kind": "VulnerabilitiesIgnorePolicy",
+        "targets": [
+            {
+                "designatorType": "Attributes",
+                "attributes": {
+                    "Registry": "docker.io",
+                    "Organization": "",
+                    "ImageName": ""
+                }
+            }
+        ],
+        "vulnerabilities": [
+        ],
+        "severities": [
+            "medium"
+         ]
+    },
+    {   
+        "metadata": {
+                "name": "exclude-allowed-hostPath-control"
+        },
+        "kind": "VulnerabilitiesIgnorePolicy",
+        "targets": [
+            {
+                "designatorType": "Attributes",
+                "attributes": {
+                }
+            }
+        ],
+        "vulnerabilities": [
+            "CVE-2023-42366",
+            "CVE-2023-42365"
+        ],
+        "severities": [
+            "critical",
+            "low"
+         ]
+    },
+    {   
+        "metadata": {
+                "name": "regex-example"
+        },
+        "kind": "VulnerabilitiesIgnorePolicy",
+        "targets": [
+            {
+                "designatorType": "Attributes",
+                "attributes": {
+                    "Registry": "quay.*",
+                    "Organization": "kube*",
+                    "ImageName": "kubescape*",
+                    "ImageTag": "v2*"
+                }
+            },
+            {
+                "designatorType": "Attributes",
+                "attributes": {
+                    "Registry": "docker.io",
+                    "Organization": ".*",
+                    "ImageName": "kube*",
+                    "ImageTag": "v3*"
+                }
+            }
+        ],
+        "vulnerabilities": [
+            "CVE-2023-6879",
+            "CVE-2023-44487"
+        ],
+        "severities": [
+            "critical",
+            "low"
+         ]
+    }   
+]

core/meta/datastructures/v1/image_scan.go

@@ -1,7 +1,8 @@
 package v1
 
 type ImageScanInfo struct {
-	Username string
-	Password string
-	Image    string
+	Username   string
+	Password   string
+	Image      string
+	Exceptions string
 }

core/pkg/opaprocessor/processorhandler.go

@@ -3,6 +3,7 @@ package opaprocessor
 import (
 	"context"
 	"fmt"
+	"slices"
 	"strings"
 	"sync"
 
@@ -23,7 +24,6 @@ import (
 	"github.com/open-policy-agent/opa/storage"
 	opaprint "github.com/open-policy-agent/opa/topdown/print"
 	"go.opentelemetry.io/otel"
-	"golang.org/x/exp/slices"
 )
 
 const ScoreConfigPath = "/resources/config"

core/pkg/opaprocessor/utils.go

@@ -2,6 +2,7 @@ package opaprocessor
 
 import (
 	"fmt"
+	"slices"
 	"strings"
 
 	"github.com/kubescape/go-logger"
@@ -14,7 +15,6 @@ import (
 	"github.com/open-policy-agent/opa/rego"
 	"github.com/open-policy-agent/opa/topdown/builtins"
 	"github.com/open-policy-agent/opa/types"
-	"golang.org/x/exp/slices"
 )
 
 // convertFrameworksToPolicies convert list of frameworks to list of policies

core/pkg/resultshandling/printer/v2/controltable.go

@@ -3,78 +3,39 @@ package printer
 import (
 	"fmt"
 	"sort"
-	"strings"
 
 	"github.com/jwalton/gchalk"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/opa-utils/reporthandling/apis"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
-	"github.com/olekukonko/tablewriter"
 )
 
-const (
-	columnSeverity        = iota
-	columnRef             = iota
-	columnName            = iota
-	columnCounterFailed   = iota
-	columnCounterAll      = iota
-	columnComplianceScore = iota
-	_rowLen               = iota
-	controlNameMaxLength  = 70
-)
+const controlNameMaxLength = 70
 
-func generateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfo []infoStars, verbose bool) []string {
-	row := make([]string, _rowLen)
-
-	// ignore passed results
-	if !verbose && (controlSummary.GetStatus().IsPassed()) {
-		return []string{}
-	}
-
-	row[columnSeverity] = getSeverityColumn(controlSummary)
-	if len(controlSummary.GetName()) > controlNameMaxLength {
-		row[columnName] = controlSummary.GetName()[:controlNameMaxLength] + "..."
-	} else {
-		row[columnName] = controlSummary.GetName()
-	}
-	row[columnCounterFailed] = fmt.Sprintf("%d", controlSummary.NumberOfResources().Failed())
-	row[columnCounterAll] = fmt.Sprintf("%d", controlSummary.NumberOfResources().All())
-	row[columnComplianceScore] = getComplianceScoreColumn(controlSummary, infoToPrintInfo)
-	if row[columnComplianceScore] == "-1%" {
-		row[columnComplianceScore] = "N/A"
-	}
-
-	return row
+type TableRow struct {
+	ref             string
+	name            string
+	counterFailed   string
+	counterAll      string
+	severity        string
+	complianceScore string
 }
 
-func shortFormatRow(dataRows [][]string) [][]string {
-	rows := [][]string{}
-	for _, dataRow := range dataRows {
-		rows = append(rows, []string{fmt.Sprintf("Severity"+strings.Repeat(" ", 11)+": %+v\nControl Name"+strings.Repeat(" ", 7)+": %+v\nFailed Resources"+strings.Repeat(" ", 3)+": %+v\nAll Resources"+strings.Repeat(" ", 6)+": %+v\n%% Compliance-Score"+strings.Repeat(" ", 1)+": %+v", dataRow[columnSeverity], dataRow[columnName], dataRow[columnCounterFailed], dataRow[columnCounterAll], dataRow[columnComplianceScore])})
+// generateTableRow is responsible for generating the row that will be printed in the table
+func generateTableRow(controlSummary reportsummary.IControlSummary, infoToPrintInfo []infoStars) *TableRow {
+	tableRow := &TableRow{
+		ref:             controlSummary.GetID(),
+		name:            controlSummary.GetName(),
+		counterFailed:   fmt.Sprintf("%d", controlSummary.NumberOfResources().Failed()),
+		counterAll:      fmt.Sprintf("%d", controlSummary.NumberOfResources().All()),
+		severity:        apis.ControlSeverityToString(controlSummary.GetScoreFactor()),
+		complianceScore: getComplianceScoreColumn(controlSummary, infoToPrintInfo),
 	}
-	return rows
-}
-
-func generateRowPdf(controlSummary reportsummary.IControlSummary, infoToPrintInfo []infoStars, verbose bool) []string {
-	row := make([]string, _rowLen)
-
-	// ignore passed results
-	if !verbose && (controlSummary.GetStatus().IsPassed()) {
-		return []string{}
-	}
-
-	row[columnSeverity] = apis.ControlSeverityToString(controlSummary.GetScoreFactor())
-	row[columnRef] = controlSummary.GetID()
 	if len(controlSummary.GetName()) > controlNameMaxLength {
-		row[columnName] = controlSummary.GetName()[:controlNameMaxLength] + "..."
-	} else {
-		row[columnName] = controlSummary.GetName()
+		tableRow.name = controlSummary.GetName()[:controlNameMaxLength] + "..."
 	}
-	row[columnCounterFailed] = fmt.Sprintf("%d", controlSummary.NumberOfResources().Failed())
-	row[columnCounterAll] = fmt.Sprintf("%d", controlSummary.NumberOfResources().All())
-	row[columnComplianceScore] = getComplianceScoreColumn(controlSummary, infoToPrintInfo)
 
-	return row
+	return tableRow
 }
 
 func getInfoColumn(controlSummary reportsummary.IControlSummary, infoToPrintInfo []infoStars) string {
@@ -90,7 +51,12 @@ func getComplianceScoreColumn(controlSummary reportsummary.IControlSummary, info
 	if controlSummary.GetStatus().IsSkipped() {
 		return fmt.Sprintf("%s %s", "Action Required", getInfoColumn(controlSummary, infoToPrintInfo))
 	}
-	return fmt.Sprintf("%d", cautils.Float32ToInt(controlSummary.GetComplianceScore())) + "%"
+	if compliance := cautils.Float32ToInt(controlSummary.GetComplianceScore()); compliance < 0 {
+		return "N/A"
+	} else {
+		return fmt.Sprintf("%d", cautils.Float32ToInt(controlSummary.GetComplianceScore())) + "%"
+	}
+
 }
 
 func getSeverityColumn(controlSummary reportsummary.IControlSummary) string {
@@ -124,45 +90,3 @@ func getSortedControlsIDs(controls reportsummary.ControlSummaries) [][]string {
 	}
 	return controlIDs
 }
-
-/* unused for now
-func getSortedControlsNames(controls reportsummary.ControlSummaries) [][]string {
-	controlNames := make([][]string, 5)
-	for k := range controls {
-		c := controls[k]
-		i := apis.ControlSeverityToInt(c.GetScoreFactor())
-		controlNames[i] = append(controlNames[i], c.GetName())
-	}
-	for i := range controlNames {
-		sort.Strings(controlNames[i])
-	}
-	return controlNames
-}
-*/
-
-func getControlTableHeaders(short bool) []string {
-	var headers []string
-	if short {
-		headers = make([]string, 1)
-		headers[0] = "Controls"
-	} else {
-		headers = make([]string, _rowLen)
-		headers[columnRef] = "Control reference"
-		headers[columnName] = "Control name"
-		headers[columnCounterFailed] = "Failed resources"
-		headers[columnCounterAll] = "All resources"
-		headers[columnSeverity] = "Severity"
-		headers[columnComplianceScore] = "Compliance score"
-	}
-	return headers
-}
-
-func getColumnsAlignments() []int {
-	alignments := make([]int, _rowLen)
-	alignments[columnName] = tablewriter.ALIGN_LEFT
-	alignments[columnCounterFailed] = tablewriter.ALIGN_CENTER
-	alignments[columnCounterAll] = tablewriter.ALIGN_CENTER
-	alignments[columnSeverity] = tablewriter.ALIGN_LEFT
-	alignments[columnComplianceScore] = tablewriter.ALIGN_CENTER
-	return alignments
-}

core/pkg/resultshandling/printer/v2/controltable_test.go

@@ -23,45 +23,43 @@ func Test_generateRowPdf(t *testing.T) {
 	infoToPrintInfoMap := mapInfoToPrintInfo(mockSummary.Controls)
 	sortedControlIDs := getSortedControlsIDs(mockSummary.Controls)
 
-	var results [][]string
+	var rows []TableRow
 
 	for i := len(sortedControlIDs) - 1; i >= 0; i-- {
 		for _, c := range sortedControlIDs[i] {
-			result := generateRowPdf(mockSummary.Controls.GetControl(reportsummary.EControlCriteriaID, c), infoToPrintInfoMap, true)
-			if len(result) > 0 {
-				results = append(results, result)
-			}
+			row := *generateTableRow(mockSummary.Controls.GetControl(reportsummary.EControlCriteriaID, c), infoToPrintInfoMap)
+			rows = append(rows, row)
 		}
 	}
 
-	for _, c := range results {
+	for _, row := range rows {
 		//validating severity column
-		if c[0] != "Low" && c[0] != "Medium" && c[0] != "High" && c[0] != "Critical" {
-			t.Errorf("got %s, want either of these: %s", c[0], "Low, Medium, High, Critical")
+		if row.severity != "Low" && row.severity != "Medium" && row.severity != "High" && row.severity != "Critical" {
+			t.Errorf("got %s, want either of these: %s", row.severity, "Low, Medium, High, Critical")
 		}
 
 		// Validating length of control ID
-		if len(c[1]) > 6 {
-			t.Errorf("got %s, want %s", c[1], "less than 7 characters")
+		if len(row.ref) > 6 {
+			t.Errorf("got %s, want %s", row.ref, "less than 7 characters")
 		}
 
 		// Validating length of control name
-		if len(c[2]) > controlNameMaxLength {
-			t.Errorf("got %s, want %s", c[1], fmt.Sprintf("less than %d characters", controlNameMaxLength))
+		if len(row.name) > controlNameMaxLength {
+			t.Errorf("got %s, want %s", row.name, fmt.Sprintf("less than %d characters", controlNameMaxLength))
 		}
 
 		// Validating numeric fields
-		_, err := strconv.Atoi(c[3])
+		_, err := strconv.Atoi(row.counterFailed)
 		if err != nil {
-			t.Errorf("got %s, want an integer %s", c[2], err)
+			t.Errorf("got %s, want an integer %s", row.counterFailed, err)
 		}
 
-		_, err = strconv.Atoi(c[4])
+		_, err = strconv.Atoi(row.counterAll)
 		if err != nil {
-			t.Errorf("got %s, want an integer %s", c[3], err)
+			t.Errorf("got %s, want an integer %s", row.counterAll, err)
 		}
 
-		assert.NotEmpty(t, c[5], "expected a non-empty string")
+		assert.NotEmpty(t, row.complianceScore, "expected a non-empty string")
 
 	}
 

core/pkg/resultshandling/printer/v2/pdf.go

@@ -3,21 +3,18 @@ package printer
 import (
 	"context"
 	_ "embed"
-	b64 "encoding/base64"
 	"fmt"
 	"os"
 	"path/filepath"
 	"strings"
 	"time"
 
-	"github.com/johnfercher/maroto/pkg/color"
-	"github.com/johnfercher/maroto/pkg/consts"
-	"github.com/johnfercher/maroto/pkg/pdf"
-	"github.com/johnfercher/maroto/pkg/props"
+	"github.com/johnfercher/maroto/v2/pkg/props"
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer"
+	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/pdf"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/utils"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
 )
@@ -27,11 +24,6 @@ const (
 	pdfOutputExt  = ".pdf"
 )
 
-var (
-	//go:embed pdf/logo.png
-	kubescapeLogo []byte
-)
-
 var _ printer.IPrinter = &PdfPrinter{}
 
 type PdfPrinter struct {
@@ -66,219 +58,79 @@ func (pp *PdfPrinter) Score(score float32) {
 
 	fmt.Fprintf(os.Stderr, "\nOverall compliance-score (100- Excellent, 0- All failed): %d\n", cautils.Float32ToInt(score))
 }
-func (pp *PdfPrinter) printInfo(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, infoMap []infoStars) {
-	emptyRowCounter := 1
-	for i := range infoMap {
-		if infoMap[i].info != "" {
-			m.Row(5, func() {
-				m.Col(12, func() {
-					m.Text(fmt.Sprintf("%v %v", infoMap[i].stars, infoMap[i].info), props.Text{
-						Style:       consts.Bold,
-						Align:       consts.Left,
-						Size:        8,
-						Extrapolate: false,
-						Color: color.Color{
-							Red:   0,
-							Green: 0,
-							Blue:  255,
-						},
-					})
-				})
-			})
-			if emptyRowCounter < len(infoMap) {
-				m.Row(2.5, func() {})
-				emptyRowCounter++
-			}
-		}
-	}
-
-}
 
 func (pp *PdfPrinter) PrintNextSteps() {
 
 }
 
+// ActionPrint is responsible for generating a report in pdf format
 func (pp *PdfPrinter) ActionPrint(ctx context.Context, opaSessionObj *cautils.OPASessionObj, imageScanData []cautils.ImageScanData) {
 	if opaSessionObj == nil {
 		logger.L().Ctx(ctx).Error("failed to print results, missing data")
 		return
 	}
 
-	sortedControlIDs := getSortedControlsIDs(opaSessionObj.Report.SummaryDetails.Controls)
-
-	infoToPrintInfo := mapInfoToPrintInfo(opaSessionObj.Report.SummaryDetails.Controls)
-	m := pdf.NewMaroto(consts.Portrait, consts.A4)
-	pp.printHeader(m)
-	pp.printFramework(m, opaSessionObj.Report.SummaryDetails.ListFrameworks())
-	pp.printTable(m, &opaSessionObj.Report.SummaryDetails, sortedControlIDs)
-	pp.printFinalResult(m, &opaSessionObj.Report.SummaryDetails)
-	pp.printInfo(m, &opaSessionObj.Report.SummaryDetails, infoToPrintInfo)
-
-	// Extrat output buffer.
-	outBuff, err := m.Output()
+	outBuff, err := pp.generatePdf(&opaSessionObj.Report.SummaryDetails)
 	if err != nil {
 		logger.L().Ctx(ctx).Error("failed to generate pdf format", helpers.Error(err))
 		return
 	}
 
-	if _, err := pp.writer.Write(outBuff.Bytes()); err != nil {
+	if _, err := pp.writer.Write(outBuff); err != nil {
 		logger.L().Ctx(ctx).Error("failed to write results", helpers.Error(err))
 		return
 	}
 	printer.LogOutputFile(pp.writer.Name())
 }
 
-// printHeader prints the Kubescape logo and report date
-func (pp *PdfPrinter) printHeader(m pdf.Maroto) {
-	// Retrieve current time (we need it for the report timestamp).
-	t := time.Now()
-	// Enconde PNG into Base64 to embed it into the pdf.
-	kubescapeLogoEnc := b64.StdEncoding.EncodeToString(kubescapeLogo)
+func (pp *PdfPrinter) generatePdf(summaryDetails *reportsummary.SummaryDetails) ([]byte, error) {
+	sortedControlIDs := getSortedControlsIDs(summaryDetails.Controls)
+	infoToPrintInfo := mapInfoToPrintInfo(summaryDetails.Controls)
 
-	m.SetPageMargins(10, 15, 10)
-	m.Row(40, func() {
-		//m.Text(fmt.Sprintf("Security Assessment"), props.Text{
-		//	Align:  consts.Center,
-		//	Size:   24,
-		//	Family: consts.Arial,
-		//	Style:  consts.Bold,
-		//})
-		_ = m.Base64Image(kubescapeLogoEnc, consts.Png, props.Rect{
-			Center:  true,
-			Percent: 100,
-		})
-	})
-	m.Row(6, func() {
-		m.Text(fmt.Sprintf("Report date: %d-%02d-%02dT%02d:%02d:%02d",
-			t.Year(),
-			t.Month(),
-			t.Day(),
-			t.Hour(),
-			t.Minute(),
-			t.Second()), props.Text{
-			Align:  consts.Left,
-			Size:   6.0,
-			Style:  consts.Bold,
-			Family: consts.Arial,
-		})
-	})
-	m.Line(1)
+	template := pdf.NewReportTemplate()
+	template.GenerateHeader(utils.FrameworksScoresToString(summaryDetails.ListFrameworks()), time.Now().Format(time.DateTime))
+	err := template.GenerateTable(pp.getTableObjects(summaryDetails, sortedControlIDs),
+		summaryDetails.NumberOfResources().Failed(), summaryDetails.NumberOfResources().All(), summaryDetails.ComplianceScore)
+
+	if err != nil {
+		return nil, err
+	}
+	template.GenerateInfoRows(pp.getFormattedInformation(infoToPrintInfo))
+	return template.GetPdf()
 }
 
-// printFramework prints the PDF frameworks after the PDF header
-func (pp *PdfPrinter) printFramework(m pdf.Maroto, frameworks []reportsummary.IFrameworkSummary) {
-	m.Row(10, func() {
-		m.Text(utils.FrameworksScoresToString(frameworks), props.Text{
-			Align:  consts.Center,
-			Size:   8,
-			Family: consts.Arial,
-			Style:  consts.Bold,
-		})
-	})
-}
-
-// printTable creates the PDF table
-func (pp *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails, sortedControlIDs [][]string) {
-	headers := getControlTableHeaders(false)
-	infoToPrintInfoMap := mapInfoToPrintInfo(summaryDetails.Controls)
-	var controls [][]string
-	for i := len(sortedControlIDs) - 1; i >= 0; i-- {
-		for _, c := range sortedControlIDs[i] {
-			row := generateRowPdf(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, c), infoToPrintInfoMap, true)
-			if len(row) > 0 {
-				controls = append(controls, row)
-			}
+func (pp *PdfPrinter) getFormattedInformation(infoMap []infoStars) []string {
+	rows := make([]string, 0, len(infoMap))
+	for i := range infoMap {
+		if infoMap[i].info != "" {
+			rows = append(rows, fmt.Sprintf("%v %v", infoMap[i].stars, infoMap[i].info))
 		}
 	}
-
-	size := 6.0
-	gridSize := []uint{1, 1, 6, 1, 1, 2}
-
-	m.TableList(headers, controls, props.TableList{
-		HeaderProp: props.TableListContent{
-			Family:    consts.Arial,
-			Style:     consts.Bold,
-			Size:      size,
-			GridSizes: gridSize,
-		},
-		ContentProp: props.TableListContent{
-			Family:                          consts.Courier,
-			Style:                           consts.Normal,
-			Size:                            size,
-			GridSizes:                       gridSize,
-			CellTextColorChangerColumnIndex: 0,
-			CellTextColorChangerFunc: func(cellValue string) color.Color {
-				if cellValue == "Critical" {
-					return color.Color{
-						Red:   255,
-						Green: 0,
-						Blue:  0,
-					}
-				} else if cellValue == "High" {
-					return color.Color{
-						Red:   0,
-						Green: 0,
-						Blue:  255,
-					}
-				} else if cellValue == "Medium" {
-					return color.Color{
-						Red:   252,
-						Green: 186,
-						Blue:  3,
-					}
-				}
-				return color.NewBlack()
-			},
-		},
-		Align: consts.Left,
-		AlternatedBackground: &color.Color{
-			Red:   224,
-			Green: 224,
-			Blue:  224,
-		},
-		HeaderContentSpace: 2.0,
-		Line:               false,
-	})
-	m.Line(1)
-	m.Row(2, func() {})
+	return rows
 }
 
-// printFinalResult adds the final results
-func (pp *PdfPrinter) printFinalResult(m pdf.Maroto, summaryDetails *reportsummary.SummaryDetails) {
-	m.Row(_rowLen, func() {
-		m.Col(1, func() {
-		})
-		m.Col(5, func() {
-			m.Text("Resource summary", props.Text{
-				Align:  consts.Left,
-				Size:   8.0,
-				Style:  consts.Bold,
-				Family: consts.Arial,
-			})
-		})
-		m.Col(2, func() {
-			m.Text(fmt.Sprintf("%d", summaryDetails.NumberOfResources().Failed()), props.Text{
-				Align:  consts.Left,
-				Size:   8.0,
-				Style:  consts.Bold,
-				Family: consts.Arial,
-			})
-		})
-		m.Col(2, func() {
-			m.Text(fmt.Sprintf("%d", summaryDetails.NumberOfResources().All()), props.Text{
-				Align:  consts.Left,
-				Size:   8.0,
-				Style:  consts.Bold,
-				Family: consts.Arial,
-			})
-		})
-		m.Col(2, func() {
-			m.Text(fmt.Sprintf("%.2f%s", summaryDetails.ComplianceScore, "%"), props.Text{
-				Align:  consts.Left,
-				Size:   8.0,
-				Style:  consts.Bold,
-				Family: consts.Arial,
-			})
-		})
-	})
+// getTableData is responsible for getting the table data in a standardized format
+func (pp *PdfPrinter) getTableObjects(summaryDetails *reportsummary.SummaryDetails, sortedControlIDs [][]string) *[]pdf.TableObject {
+	infoToPrintInfoMap := mapInfoToPrintInfo(summaryDetails.Controls)
+	var controls []pdf.TableObject
+	for i := len(sortedControlIDs) - 1; i >= 0; i-- {
+		for _, c := range sortedControlIDs[i] {
+			row := generateTableRow(summaryDetails.Controls.GetControl(reportsummary.EControlCriteriaID, c), infoToPrintInfoMap)
+			controls = append(controls, *pdf.NewTableRow(
+				row.ref, row.name, row.counterFailed, row.counterAll, row.severity, row.complianceScore, getSeverityColor,
+			))
+		}
+	}
+	return &controls
+}
+
+func getSeverityColor(severity string) *props.Color {
+	if severity == "Critical" {
+		return &props.Color{Red: 255, Green: 0, Blue: 0}
+	} else if severity == "High" {
+		return &props.Color{Red: 0, Green: 0, Blue: 255}
+	} else if severity == "Medium" {
+		return &props.Color{Red: 252, Green: 186, Blue: 3}
+	}
+	return &props.BlackColor
 }

core/pkg/resultshandling/printer/v2/pdf/.maroto.yml

@@ -0,0 +1 @@
+test_path: "testStructure/"

core/pkg/resultshandling/printer/v2/pdf/report_template.go

@@ -0,0 +1,195 @@
+package pdf
+
+import (
+	_ "embed"
+	"fmt"
+
+	"github.com/johnfercher/go-tree/node"
+	"github.com/johnfercher/maroto/v2"
+	"github.com/johnfercher/maroto/v2/pkg/components/image"
+	"github.com/johnfercher/maroto/v2/pkg/components/line"
+	"github.com/johnfercher/maroto/v2/pkg/components/list"
+	"github.com/johnfercher/maroto/v2/pkg/components/row"
+	"github.com/johnfercher/maroto/v2/pkg/components/text"
+	"github.com/johnfercher/maroto/v2/pkg/config"
+	"github.com/johnfercher/maroto/v2/pkg/consts/align"
+	"github.com/johnfercher/maroto/v2/pkg/consts/extension"
+	"github.com/johnfercher/maroto/v2/pkg/consts/fontfamily"
+	"github.com/johnfercher/maroto/v2/pkg/consts/fontstyle"
+	"github.com/johnfercher/maroto/v2/pkg/consts/orientation"
+	"github.com/johnfercher/maroto/v2/pkg/consts/pagesize"
+	"github.com/johnfercher/maroto/v2/pkg/core"
+	"github.com/johnfercher/maroto/v2/pkg/props"
+)
+
+var (
+	//go:embed logo.png
+	kubescapeLogo []byte
+)
+
+type getTextColorFunc func(severity string) *props.Color
+
+type Template struct {
+	maroto core.Maroto
+}
+
+// New Report Template is responsible for creating an object that generates a report with the submitted data
+func NewReportTemplate() *Template {
+	return &Template{
+		maroto: maroto.New(
+			config.NewBuilder().
+				WithPageSize(pagesize.A4).
+				WithOrientation(orientation.Vertical).
+				WithLeftMargin(10).
+				WithTopMargin(15).
+				WithRightMargin(10).
+				Build()),
+	}
+}
+
+// GetPdf is responsible for generating the pdf and returning the file's bytes
+func (t *Template) GetPdf() ([]byte, error) {
+	doc, err := t.maroto.Generate()
+	if err != nil {
+		return nil, err
+	}
+	return doc.GetBytes(), nil
+}
+
+// printHeader prints the Kubescape logo, report date and framework
+func (t *Template) GenerateHeader(scoreOfScannedFrameworks, reportDate string) *Template {
+	t.maroto.AddRow(40, image.NewFromBytesCol(12, kubescapeLogo, extension.Png, props.Rect{
+		Center:  true,
+		Percent: 100,
+	}))
+
+	t.maroto.AddRow(6, text.NewCol(12, fmt.Sprintf("Report date: %s", reportDate),
+		props.Text{
+			Align:  align.Left,
+			Size:   6.0,
+			Style:  fontstyle.Bold,
+			Family: fontfamily.Arial,
+		}))
+
+	t.maroto.AddAutoRow(line.NewCol(12, props.Line{Thickness: 0.3, SizePercent: 100}))
+
+	t.maroto.AddRow(10, text.NewCol(12, scoreOfScannedFrameworks, props.Text{
+		Align:  align.Center,
+		Size:   8,
+		Family: fontfamily.Arial,
+		Style:  fontstyle.Bold,
+	}))
+
+	return t
+}
+
+// GenerateTable is responsible for adding data in table format to the pdf
+func (t *Template) GenerateTable(tableRows *[]TableObject, totalFailed, total int, score float32) error {
+	rows, err := list.Build[TableObject](*tableRows)
+	if err != nil {
+		return err
+	}
+	t.maroto.AddRows(rows...)
+	t.maroto.AddRows(
+		line.NewAutoRow(props.Line{Thickness: 0.3, SizePercent: 100}),
+		row.New(2),
+	)
+	t.generateTableTableResult(totalFailed, total, score)
+
+	return nil
+}
+
+// GenerateInfoRows is responsible for adding the information in pdf
+func (t *Template) GenerateInfoRows(rows []string) *Template {
+	for _, row := range rows {
+		t.maroto.AddAutoRow(text.NewCol(12, row, props.Text{
+			Style: fontstyle.Bold,
+			Align: align.Left,
+			Top:   2.5,
+			Size:  8,
+			Color: &props.Color{
+				Red:   0,
+				Green: 0,
+				Blue:  255,
+			},
+		}))
+	}
+	return t
+}
+
+func (t *Template) generateTableTableResult(totalFailed, total int, score float32) {
+	defaultProps := props.Text{
+		Align:  align.Left,
+		Size:   8,
+		Style:  fontstyle.Bold,
+		Family: fontfamily.Arial,
+	}
+
+	t.maroto.AddRow(10,
+		text.NewCol(5, "Resource summary", defaultProps),
+		text.NewCol(2, fmt.Sprintf("%d", totalFailed), defaultProps),
+		text.NewCol(2, fmt.Sprintf("%d", total), defaultProps),
+		text.NewCol(2, fmt.Sprintf("%.2f%s", score, "%"), defaultProps),
+	)
+}
+
+func (t *Template) GetStructure() *node.Node[core.Structure] {
+	return t.maroto.GetStructure()
+}
+
+// TableObject is responsible for mapping the table data, it will be sent to Maroto and will make it possible to generate the table
+type TableObject struct {
+	ref             string
+	name            string
+	counterFailed   string
+	counterAll      string
+	severity        string
+	complianceScore string
+	getTextColor    getTextColorFunc
+}
+
+func NewTableRow(ref, name, counterFailed, counterAll, severity, score string, getTextColor getTextColorFunc) *TableObject {
+	return &TableObject{
+		ref:             ref,
+		name:            name,
+		counterFailed:   counterFailed,
+		counterAll:      counterAll,
+		severity:        severity,
+		complianceScore: score,
+		getTextColor:    getTextColor,
+	}
+}
+
+func (t TableObject) GetHeader() core.Row {
+	return row.New(10).Add(
+		text.NewCol(1, "Severity", props.Text{Size: 6, Family: fontfamily.Arial, Style: fontstyle.Bold}),
+		text.NewCol(1, "Control reference", props.Text{Size: 6, Family: fontfamily.Arial, Style: fontstyle.Bold}),
+		text.NewCol(6, "Control name", props.Text{Size: 6, Family: fontfamily.Arial, Style: fontstyle.Bold}),
+		text.NewCol(1, "Failed resources", props.Text{Size: 6, Family: fontfamily.Arial, Style: fontstyle.Bold}),
+		text.NewCol(1, "All resources", props.Text{Size: 6, Family: fontfamily.Arial, Style: fontstyle.Bold}),
+		text.NewCol(2, "Compliance score", props.Text{Size: 6, Family: fontfamily.Arial, Style: fontstyle.Bold}),
+	)
+}
+
+func (t TableObject) GetContent(i int) core.Row {
+	r := row.New(3).Add(
+		text.NewCol(1, t.severity, props.Text{Style: fontstyle.Normal, Family: fontfamily.Courier, Size: 6, Color: t.getTextColor(t.severity)}),
+		text.NewCol(1, t.ref, props.Text{Style: fontstyle.Normal, Family: fontfamily.Courier, Size: 6, Color: &props.Color{}}),
+		text.NewCol(6, t.name, props.Text{Style: fontstyle.Normal, Family: fontfamily.Courier, Size: 6}),
+		text.NewCol(1, t.counterFailed, props.Text{Style: fontstyle.Normal, Family: fontfamily.Courier, Size: 6}),
+		text.NewCol(1, t.counterAll, props.Text{Style: fontstyle.Normal, Family: fontfamily.Courier, Size: 6}),
+		text.NewCol(2, t.complianceScore, props.Text{VerticalPadding: 1, Style: fontstyle.Normal, Family: fontfamily.Courier, Size: 6}),
+	)
+
+	if i%2 == 0 {
+		r.WithStyle(&props.Cell{
+			BackgroundColor: &props.Color{
+				Red:   224,
+				Green: 224,
+				Blue:  224,
+			},
+		})
+	}
+
+	return r
+}

core/pkg/resultshandling/printer/v2/pdf/report_template_test.go

@@ -0,0 +1,58 @@
+package pdf_test
+
+import (
+	"testing"
+
+	"github.com/johnfercher/maroto/v2/pkg/props"
+	"github.com/johnfercher/maroto/v2/pkg/test"
+	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/pdf"
+	"github.com/stretchr/testify/assert"
+)
+
+func TestGetPdf(t *testing.T) {
+	t.Run("when GetPdf is called, it should return pdf bytes", func(t *testing.T) {
+
+		template := pdf.NewReportTemplate().GenerateHeader("Framework test 1, Framework test 2", "2024-04-01 20:31:00")
+		bytes, err := template.GetPdf()
+
+		assert.Nil(t, err)
+		assert.NotNil(t, bytes)
+	})
+}
+
+func TestGenerateHeader(t *testing.T) {
+	t.Run("when generateHeader is called, it should set the header in the pdf", func(t *testing.T) {
+		template := pdf.NewReportTemplate().GenerateHeader("Framework test 1, Framework test 2", "2024-04-01 20:31:00")
+
+		node := template.GetStructure()
+
+		assert.NotNil(t, node)
+		test.New(t).Assert(node).Equals("headerTemplate.json")
+	})
+}
+
+func TestGenerateTable(t *testing.T) {
+	t.Run("when generateTable is called, it should set the table in the pdf", func(t *testing.T) {
+		TableObjectMock := pdf.NewTableRow(
+			"ref", "name", "failed", "all", "severity", "score",
+			func(severity string) *props.Color { return &props.Color{Red: 0, Blue: 0, Green: 0} },
+		)
+
+		template := pdf.NewReportTemplate()
+
+		err := template.GenerateTable(&[]pdf.TableObject{*TableObjectMock}, 100, 10, 10.0)
+
+		assert.Nil(t, err)
+		test.New(t).Assert(template.GetStructure()).Equals("tableTemplate.json")
+	})
+}
+
+func TestGenerateInfoRows(t *testing.T) {
+	t.Run("when generateInfoRows is called, it should set the info rows in the pdf", func(t *testing.T) {
+
+		template := pdf.NewReportTemplate().GenerateInfoRows([]string{"row info 1", "row info 2", "row info 3"})
+
+		assert.NotNil(t, template)
+		test.New(t).Assert(template.GetStructure()).Equals("infoTemplate.json")
+	})
+}

core/pkg/resultshandling/printer/v2/pdf/testStructure/headerTemplate.json

@@ -0,0 +1,127 @@
+{
+    "type": "maroto",
+    "details": {
+        "chunk_workers": 1,
+        "config_margin_bottom": 20.0025,
+        "config_margin_left": 10,
+        "config_margin_right": 10,
+        "config_margin_top": 15,
+        "config_max_grid_sum": 12,
+        "config_provider_type": "gofpdf",
+        "generation_mode": "sequential",
+        "maroto_dimension_height": 297,
+        "maroto_dimension_width": 210,
+        "prop_font_color": "RGB(0, 0, 0)",
+        "prop_font_family": "arial",
+        "prop_font_size": 10
+    },
+    "nodes": [
+        {
+            "type": "page",
+            "nodes": [
+                {
+                    "value": 40,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "iVBORw0KGgoAAA==",
+                                    "type": "bytesImage",
+                                    "details": {
+                                        "bytes_size": 54270,
+                                        "extension": "png",
+                                        "prop_center": true,
+                                        "prop_percent": 100
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 6,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Report date: 2024-04-01 20:31:00",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 6,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 0.3,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "type": "line",
+                                    "details": {
+                                        "prop_offset_percent": 5,
+                                        "prop_orientation": "horizontal",
+                                        "prop_size_percent": 100,
+                                        "prop_style": "solid",
+                                        "prop_thickness": 0.3
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 10,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Framework test 1, Framework test 2",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "C",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 205.6975,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col"
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+}

core/pkg/resultshandling/printer/v2/pdf/testStructure/infoTemplate.json

@@ -0,0 +1,110 @@
+{
+    "type": "maroto",
+    "details": {
+        "chunk_workers": 1,
+        "config_margin_bottom": 20.0025,
+        "config_margin_left": 10,
+        "config_margin_right": 10,
+        "config_margin_top": 15,
+        "config_max_grid_sum": 12,
+        "config_provider_type": "gofpdf",
+        "generation_mode": "sequential",
+        "maroto_dimension_height": 297,
+        "maroto_dimension_width": 210,
+        "prop_font_color": "RGB(0, 0, 0)",
+        "prop_font_family": "arial",
+        "prop_font_size": 10
+    },
+    "nodes": [
+        {
+            "type": "page",
+            "nodes": [
+                {
+                    "value": 5.322222222222223,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "row info 1",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 255)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B",
+                                        "prop_top": 2.5
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 5.322222222222223,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "row info 2",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 255)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B",
+                                        "prop_top": 2.5
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 5.322222222222223,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "row info 3",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 255)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B",
+                                        "prop_top": 2.5
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 246.03083333333333,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col"
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+}

core/pkg/resultshandling/printer/v2/pdf/testStructure/tableTemplate.json

@@ -0,0 +1,377 @@
+{
+    "type": "maroto",
+    "details": {
+        "chunk_workers": 1,
+        "config_margin_bottom": 20.0025,
+        "config_margin_left": 10,
+        "config_margin_right": 10,
+        "config_margin_top": 15,
+        "config_max_grid_sum": 12,
+        "config_provider_type": "gofpdf",
+        "generation_mode": "sequential",
+        "maroto_dimension_height": 297,
+        "maroto_dimension_width": 210,
+        "prop_font_color": "RGB(0, 0, 0)",
+        "prop_font_family": "arial",
+        "prop_font_size": 10
+    },
+    "nodes": [
+        {
+            "type": "page",
+            "nodes": [
+                {
+                    "value": 10,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Severity",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 6,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Control reference",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 6,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 6,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Control name",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 6,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Failed resources",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 6,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "All resources",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 6,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 2,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Compliance score",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 6,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 3,
+                    "type": "row",
+                    "details": {
+                        "prop_background_color": "RGB(224, 224, 224)"
+                    },
+                    "nodes": [
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "severity",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "courier",
+                                        "prop_font_size": 6
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "ref",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "courier",
+                                        "prop_font_size": 6
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 6,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "name",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "courier",
+                                        "prop_font_size": 6
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "failed",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "courier",
+                                        "prop_font_size": 6
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 1,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "all",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "courier",
+                                        "prop_font_size": 6
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 2,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "score",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "courier",
+                                        "prop_font_size": 6,
+                                        "prop_vertical_padding": 1
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 0.3,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 0,
+                            "type": "col",
+                            "details": {
+                                "is_max": true
+                            },
+                            "nodes": [
+                                {
+                                    "type": "line",
+                                    "details": {
+                                        "prop_offset_percent": 5,
+                                        "prop_orientation": "horizontal",
+                                        "prop_size_percent": 100,
+                                        "prop_style": "solid",
+                                        "prop_thickness": 0.3
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 2,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 0,
+                            "type": "col",
+                            "details": {
+                                "is_max": true
+                            }
+                        }
+                    ]
+                },
+                {
+                    "value": 10,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 5,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "Resource summary",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 2,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "100",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 2,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "10",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        },
+                        {
+                            "value": 2,
+                            "type": "col",
+                            "nodes": [
+                                {
+                                    "value": "10.00%",
+                                    "type": "text",
+                                    "details": {
+                                        "prop_align": "L",
+                                        "prop_breakline_strategy": "empty_space_strategy",
+                                        "prop_color": "RGB(0, 0, 0)",
+                                        "prop_font_family": "arial",
+                                        "prop_font_size": 8,
+                                        "prop_font_style": "B"
+                                    }
+                                }
+                            ]
+                        }
+                    ]
+                },
+                {
+                    "value": 236.6975,
+                    "type": "row",
+                    "nodes": [
+                        {
+                            "value": 12,
+                            "type": "col"
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+}

core/pkg/resultshandling/printer/v2/sarifprinter.go

@@ -201,7 +201,7 @@ func (sp *SARIFPrinter) printConfigurationScan(ctx context.Context, opaSessionOb
 			}
 
 			// If the fileType is helm chart
-			if templateNodes, ok := opaSessionObj.TemplateMapping[resourceID]; ok {
+			if templateNodes, ok := opaSessionObj.TemplateMapping[resourceID]; ok && len(templateNodes.Nodes) > 0 {
 				mappingnodes = templateNodes.Nodes
 				helmChartFileType = true
 			}
@@ -209,8 +209,7 @@ func (sp *SARIFPrinter) printConfigurationScan(ctx context.Context, opaSessionOb
 			rsrcAbsPath := path.Join(basePath, filepath)
 			locationResolver, err := locationresolver.NewFixPathLocationResolver(rsrcAbsPath) //
 			if err != nil && !helmChartFileType {
-				logger.L().Debug("failed to create location resolver", helpers.Error(err))
-				continue
+				logger.L().Debug("failed to create location resolver, will use default location", helpers.Error(err))
 			}
 
 			for _, toPin := range result.AssociatedControls {

go.mod

@@ -1,8 +1,8 @@
 module github.com/kubescape/kubescape/v3
 
-go 1.22.5
+go 1.23.0
 
-toolchain go1.23.1
+toolchain go1.23.4
 
 require (
 	github.com/adrg/xdg v0.4.0
@@ -23,7 +23,8 @@ require (
 	github.com/go-git/go-git/v5 v5.13.0
 	github.com/google/go-containerregistry v0.19.1
 	github.com/google/uuid v1.6.0
-	github.com/johnfercher/maroto v1.0.0
+	github.com/johnfercher/go-tree v1.1.0
+	github.com/johnfercher/maroto/v2 v2.2.2
 	github.com/json-iterator/go v1.1.12
 	github.com/jwalton/gchalk v1.3.0
 	github.com/kubescape/backend v0.0.20
@@ -33,6 +34,7 @@ require (
 	github.com/kubescape/opa-utils v0.0.284
 	github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520
 	github.com/kubescape/regolibrary/v2 v2.0.1
+	github.com/kubescape/sizing-checker v0.0.0-20250116130326-857b8213eca8
 	github.com/maruel/natural v1.1.1
 	github.com/matthyx/go-gitlog v0.0.0-20231005131906-9ffabe3c5bcd
 	github.com/mattn/go-isatty v0.0.20
@@ -49,16 +51,15 @@ require (
 	github.com/stretchr/testify v1.10.0
 	go.opentelemetry.io/otel v1.30.0
 	go.opentelemetry.io/otel/metric v1.30.0
-	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
-	golang.org/x/mod v0.19.0
+	golang.org/x/mod v0.20.0
 	golang.org/x/term v0.27.0
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473
 	gopkg.in/yaml.v3 v3.0.1
 	helm.sh/helm/v3 v3.14.4
-	k8s.io/api v0.30.0
-	k8s.io/apimachinery v0.30.0
-	k8s.io/client-go v0.30.0
-	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
+	k8s.io/api v0.32.0
+	k8s.io/apimachinery v0.32.0
+	k8s.io/client-go v0.32.0
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
 	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3
 	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3
 	sigs.k8s.io/yaml v1.4.0
@@ -162,7 +163,7 @@ require (
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bmatcuk/doublestar/v2 v2.0.4 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
-	github.com/boombuler/barcode v1.0.1 // indirect
+	github.com/boombuler/barcode v1.0.2 // indirect
 	github.com/bugsnag/bugsnag-go/v2 v2.3.0 // indirect
 	github.com/bugsnag/panicwrap v1.3.4 // indirect
 	github.com/buildkite/agent/v3 v3.62.0 // indirect
@@ -217,12 +218,14 @@ require (
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
+	github.com/f-amaral/go-async v0.3.0 // indirect
 	github.com/facebookincubator/nvdtools v0.1.5 // indirect
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/felixge/fgprof v0.9.3 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fvbommel/sortorder v1.1.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/github/go-spdx/v2 v2.2.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
@@ -269,7 +272,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licensecheck v0.3.1 // indirect
-	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
+	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
 	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
@@ -287,6 +290,8 @@ require (
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hhrutter/lzw v1.0.0 // indirect
+	github.com/hhrutter/tiff v1.0.1 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/iancoleman/strcase v0.3.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
@@ -316,7 +321,7 @@ require (
 	github.com/mailru/easyjson v0.7.7 // indirect
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
-	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/mattn/go-runewidth v0.0.16 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
 	github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect
@@ -332,7 +337,7 @@ require (
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
-	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/sys/mountinfo v0.7.1 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
@@ -364,6 +369,7 @@ require (
 	github.com/package-url/packageurl-go v0.1.2-0.20230812223828-f8bb31c1f10b // indirect
 	github.com/pborman/indent v1.2.1 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
+	github.com/pdfcpu/pdfcpu v0.9.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
@@ -380,7 +386,6 @@ require (
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 // indirect
 	github.com/saferwall/pe v1.5.2 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
@@ -431,6 +436,7 @@ require (
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
 	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b // indirect
 	github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/go-gitlab v0.102.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
@@ -468,12 +474,14 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
+	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
+	golang.org/x/image v0.24.0 // indirect
 	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.22.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gonum.org/v1/gonum v0.9.1 // indirect
 	google.golang.org/api v0.172.0 // indirect
@@ -481,7 +489,8 @@ require (
 	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	google.golang.org/grpc v1.67.0 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
@@ -490,16 +499,16 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gorm.io/gorm v1.25.10 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
-	k8s.io/klog/v2 v2.120.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/klog/v2 v2.130.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
 	modernc.org/libc v1.49.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
 	modernc.org/memory v1.8.0 // indirect
 	modernc.org/sqlite v1.29.8 // indirect
 	sigs.k8s.io/controller-runtime v0.15.0 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/release-utils v0.7.7 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 )
 
 // Using the forked version of tablewriter

go.sum

@@ -483,8 +483,8 @@ github.com/bmatcuk/doublestar/v2 v2.0.4/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQm
 github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I=
 github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
-github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
+github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
@@ -689,6 +689,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/f-amaral/go-async v0.3.0 h1:h4kLsX7aKfdWaHvV0lf+/EE3OIeCzyeDYJDb/vDZUyg=
+github.com/f-amaral/go-async v0.3.0/go.mod h1:Hz5Qr6DAWpbTTUjytnrg1WIsDgS7NtOei5y8SipYS7U=
 github.com/facebookincubator/flog v0.0.0-20190930132826-d2511d0ce33c/go.mod h1:QGzNH9ujQ2ZUr/CjDGZGWeDAVStrWNjHeEcjJL96Nuk=
 github.com/facebookincubator/nvdtools v0.1.5 h1:jbmDT1nd6+k+rlvKhnkgMokrCAzHoASWE5LtHbX2qFQ=
 github.com/facebookincubator/nvdtools v0.1.5/go.mod h1:Kh55SAWnjckS96TBSrXI99KrEKH4iB0OJby3N8GRJO4=
@@ -723,6 +725,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=
 github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -819,7 +823,8 @@ github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqw
 github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
 github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0/go.mod h1:fyg7847qk6SyHyPtNmDHnmrv/HOrqktSC+C9fM+CJOE=
 github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
-github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI=
+github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8=
 github.com/go-test/deep v1.1.0 h1:WOcxcdHcvdgThNXjw0t76K42FXTU7HpNQWHpA2HHNlg=
 github.com/go-test/deep v1.1.0/go.mod h1:5C2ZWiW0ErCdrYzpqxLbTX7MG14M9iiw8DgHncVwcsE=
 github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
@@ -948,8 +953,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
-github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo=
-github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
@@ -991,7 +996,6 @@ github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORR
 github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -1063,6 +1067,10 @@ github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGb
 github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/hhrutter/lzw v1.0.0 h1:laL89Llp86W3rRs83LvKbwYRx6INE8gDn0XNb1oXtm0=
+github.com/hhrutter/lzw v1.0.0/go.mod h1:2HC6DJSn/n6iAZfgM3Pg+cP1KxeWc3ezG8bBqW5+WEo=
+github.com/hhrutter/tiff v1.0.1 h1:MIus8caHU5U6823gx7C6jrfoEvfSTGtEFRiM8/LOzC0=
+github.com/hhrutter/tiff v1.0.1/go.mod h1:zU/dNgDm0cMIa8y8YwcYBeuEEveI4B0owqHyiPpJPHc=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -1104,8 +1112,10 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
 github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI=
-github.com/johnfercher/maroto v1.0.0 h1:yo26a/Mxj2YbHCzpIW7FypKtdvv9BdeLNHaApHwLCXU=
-github.com/johnfercher/maroto v1.0.0/go.mod h1:qeujdhKT+677jMjGWlIa5OCgR04GgIHvByJ6pSC+hOw=
+github.com/johnfercher/go-tree v1.1.0 h1:L0Fs5jLR1uA2e/CwfHjNdO/Lt4IGQ46QgxarAC1yeXs=
+github.com/johnfercher/go-tree v1.1.0/go.mod h1:DUO6QkXIFh1K7jeGBIkLCZaeUgnkdQAsB64FDSoHswg=
+github.com/johnfercher/maroto/v2 v2.2.2 h1:6VSNfXe/kDNTNDE13+CDm53lxFfv9hHsW1SHtoKVicw=
+github.com/johnfercher/maroto/v2 v2.2.2/go.mod h1:/LfW6AQGZzsG6xUixcfyxkKztDoszdwC+G2jNRl8bss=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -1179,6 +1189,8 @@ github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520 h1:SqlwF8G
 github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520/go.mod h1:wuxMUSDzGUyWd25IJfBzEJ/Udmw2Vy7npj+MV3u3GrU=
 github.com/kubescape/regolibrary/v2 v2.0.1 h1:7lKj171gslgTbbcmmGVHk34AZNqxForOXZIINoQfdzQ=
 github.com/kubescape/regolibrary/v2 v2.0.1/go.mod h1:s0/Mi9PYw7s91vIf1VJTkuu1Blsl5ZLpYn5UA7yk/vM=
+github.com/kubescape/sizing-checker v0.0.0-20250116130326-857b8213eca8 h1:nY7mudLcU3gFNq/pcfCcH2NN1xj31guA7Ozh76qfZVc=
+github.com/kubescape/sizing-checker v0.0.0-20250116130326-857b8213eca8/go.mod h1:n/U3qC/lVtIgVi3yD7GYJ67tZ8y92XFYhEUdJH98wDE=
 github.com/kubescape/tablewriter v0.0.6-0.20231106230230-aac7d2659c94 h1:uhabZUyrxo60JQrzGCQOp1gsJz06+6+PeDBTvXiKD7k=
 github.com/kubescape/tablewriter v0.0.6-0.20231106230230-aac7d2659c94/go.mod h1:clwQfF3MN2cpaf7R6hc84aB6fQsRr+bnm66pXXSNAv8=
 github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc=
@@ -1233,8 +1245,8 @@ github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzp
 github.com/mattn/go-runewidth v0.0.10/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk=
 github.com/mattn/go-runewidth v0.0.14/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
-github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
-github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc=
+github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d h1:5PJl274Y63IEHC+7izoQE9x6ikvDFZS2mDVS3drnohI=
 github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE=
@@ -1282,8 +1294,8 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/patternmatcher v0.5.0 h1:YCZgJOeULcxLw1Q+sVR636pmS7sPEn1Qo2iAN6M7DBo=
 github.com/moby/patternmatcher v0.5.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/moby/sys/mountinfo v0.7.1 h1:/tTvQaSJRr2FshkhXiIpux6fQ2Zvc4j7tAhMTStAG2g=
 github.com/moby/sys/mountinfo v0.7.1/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
@@ -1346,14 +1358,14 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.15.0 h1:79HwNRBAZHOEwrczrgSOPy+eFTTlIGELKy5as+ClttY=
-github.com/onsi/ginkgo/v2 v2.15.0/go.mod h1:HlxMHtYF57y6Dpf+mc5529KKmSq9h2FpCF+/ZkwUxKM=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
-github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ=
 github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -1383,6 +1395,8 @@ github.com/pborman/indent v1.2.1 h1:lFiviAbISHv3Rf0jcuh489bi06hj98JsVMtIDZQb9yM=
 github.com/pborman/indent v1.2.1/go.mod h1:FitS+t35kIYtB5xWTZAPhnmrxcciEEOdbyrrpz5K6Vw=
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+github.com/pdfcpu/pdfcpu v0.9.1 h1:q8/KlBdHjkE7ZJU4ofhKG5Rjf7M6L324CVM6BMDySao=
+github.com/pdfcpu/pdfcpu v0.9.1/go.mod h1:fVfOloBzs2+W2VJCCbq60XIxc3yJHAZ0Gahv1oO0gyI=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
@@ -1461,8 +1475,6 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
-github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 h1:K1Xf3bKttbF+koVGaX5xngRIZ5bVjbmPnaxE/dR08uY=
-github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
@@ -1686,6 +1698,8 @@ github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b h1:uWNQ0khA
 github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b/go.mod h1:ewlIKbKV8l+jCj8rkdXIs361ocR5x3qGyoCSca47Gx8=
 github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 h1:0KGbf+0SMg+UFy4e1A/CPVvXn21f1qtWdeJwxZFoQG8=
 github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/go-gitlab v0.102.0 h1:ExHuJ1OTQ2yt25zBMMj0G96ChBirGYv8U7HyUiYkZ+4=
 github.com/xanzy/go-gitlab v0.102.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
@@ -1854,6 +1868,8 @@ golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+o
 golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
+golang.org/x/image v0.24.0/go.mod h1:4b/ITuLfqYq1hqZcjofwctIhi7sZh2WaCjvsBNjjya8=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -1881,8 +1897,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1981,8 +1997,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1999,8 +2015,8 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2137,14 +2153,14 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
-golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -2210,8 +2226,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
-golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2467,8 +2483,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2480,6 +2496,8 @@ gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
 gopkg.in/dancannon/gorethink.v3 v3.0.5 h1:/g7PWP7zUS6vSNmHSDbjCHQh1Rqn8Jy6zSMQxAsBSMQ=
 gopkg.in/dancannon/gorethink.v3 v3.0.5/go.mod h1:GXsi1e3N2OcKhcP6nsYABTiUejbWMFO4GY5a4pEaeEc=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/fatih/pool.v2 v2.0.0 h1:xIFeWtxifuQJGk/IEPKsTduEKcKvPmhoiVDGpC40nKg=
 gopkg.in/fatih/pool.v2 v2.0.0/go.mod h1:8xVGeu1/2jr2wm5V9SPuMht2H5AEmf5aFMGSQixtjTY=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
@@ -2529,20 +2547,20 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=
-k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE=
+k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
+k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
 k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0=
 k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc=
-k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
-k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=
-k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY=
-k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
-k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b h1:sgn3ZU783SCgtaSJjpcVVlRqd6GSnlTLKgpAAttJvpI=
-k8s.io/utils v0.0.0-20230726121419-3b25d923346b/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
+k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
+k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
+k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
+k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 modernc.org/cc/v4 v4.20.0 h1:45Or8mQfbUqJOG9WaxvlFYOAQO0lQ5RvqBcFCXngjxk=
 modernc.org/cc/v4 v4.20.0/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
 modernc.org/ccgo/v4 v4.16.0 h1:ofwORa6vx2FMm0916/CkZjpFPSR70VwTjUCe2Eg5BnA=
@@ -2573,16 +2591,16 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
 sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0=
 sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY=
 sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U=
 sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag=
 sigs.k8s.io/release-utils v0.7.7 h1:JKDOvhCk6zW8ipEOkpTGDH/mW3TI+XqtPp16aaQ79FU=
 sigs.k8s.io/release-utils v0.7.7/go.mod h1:iU7DGVNi3umZJ8q6aHyUFzsDUIaYwNnNKGHo3YE5E3s=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
 software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=

httphandler/go.mod

@@ -1,8 +1,8 @@
 module github.com/kubescape/kubescape/v3/httphandler
 
-go 1.22.5
+go 1.23.0
 
-toolchain go1.23.1
+toolchain go1.23.4
 
 replace github.com/kubescape/kubescape/v3 => ../
 
@@ -24,9 +24,9 @@ require (
 	github.com/stretchr/testify v1.10.0
 	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.45.0
 	go.opentelemetry.io/otel v1.30.0
-	k8s.io/apimachinery v0.30.0
-	k8s.io/client-go v0.30.0
-	k8s.io/utils v0.0.0-20231127182322-b307cd553661
+	k8s.io/apimachinery v0.32.0
+	k8s.io/client-go v0.32.0
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738
 )
 
 require (
@@ -35,9 +35,9 @@ require (
 	go.uber.org/zap v1.27.0 // indirect
 	golang.org/x/crypto v0.31.0 // indirect
 	golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect
-	golang.org/x/mod v0.19.0 // indirect
+	golang.org/x/mod v0.20.0 // indirect
 	golang.org/x/net v0.33.0 // indirect
-	golang.org/x/oauth2 v0.22.0 // indirect
+	golang.org/x/oauth2 v0.23.0 // indirect
 	google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
 	google.golang.org/grpc v1.67.0 // indirect
 )
@@ -143,7 +143,7 @@ require (
 	github.com/blang/semver v3.5.1+incompatible // indirect
 	github.com/bmatcuk/doublestar/v2 v2.0.4 // indirect
 	github.com/bmatcuk/doublestar/v4 v4.6.1 // indirect
-	github.com/boombuler/barcode v1.0.1 // indirect
+	github.com/boombuler/barcode v1.0.2 // indirect
 	github.com/briandowns/spinner v1.23.1 // indirect
 	github.com/buildkite/agent/v3 v3.62.0 // indirect
 	github.com/buildkite/go-pipeline v0.3.2 // indirect
@@ -201,6 +201,7 @@ require (
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/enescakir/emoji v1.0.0 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
+	github.com/f-amaral/go-async v0.3.0 // indirect
 	github.com/facebookincubator/nvdtools v0.1.5 // indirect
 	github.com/fatih/color v1.17.0 // indirect
 	github.com/felixge/fgprof v0.9.3 // indirect
@@ -208,6 +209,7 @@ require (
 	github.com/francoispqt/gojay v1.2.13 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
 	github.com/fvbommel/sortorder v1.1.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.7.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/github/go-spdx/v2 v2.2.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
@@ -254,7 +256,7 @@ require (
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licensecheck v0.3.1 // indirect
-	github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect
+	github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
@@ -272,6 +274,8 @@ require (
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-5 // indirect
+	github.com/hhrutter/lzw v1.0.0 // indirect
+	github.com/hhrutter/tiff v1.0.1 // indirect
 	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/iancoleman/strcase v0.3.0 // indirect
 	github.com/imdario/mergo v0.3.16 // indirect
@@ -283,7 +287,8 @@ require (
 	github.com/jinzhu/inflection v1.0.0 // indirect
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
-	github.com/johnfercher/maroto v1.0.0 // indirect
+	github.com/johnfercher/go-tree v1.1.0 // indirect
+	github.com/johnfercher/maroto/v2 v2.2.2 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
 	github.com/jung-kurt/gofpdf v1.16.2 // indirect
@@ -327,7 +332,7 @@ require (
 	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/patternmatcher v0.6.0 // indirect
-	github.com/moby/spdystream v0.2.0 // indirect
+	github.com/moby/spdystream v0.5.0 // indirect
 	github.com/moby/sys/mountinfo v0.7.2 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
@@ -362,6 +367,7 @@ require (
 	github.com/package-url/packageurl-go v0.1.2 // indirect
 	github.com/pborman/indent v1.2.1 // indirect
 	github.com/pborman/uuid v1.2.1 // indirect
+	github.com/pdfcpu/pdfcpu v0.9.1 // indirect
 	github.com/pelletier/go-toml v1.9.5 // indirect
 	github.com/pelletier/go-toml/v2 v2.1.0 // indirect
 	github.com/pierrec/lz4/v4 v4.1.15 // indirect
@@ -379,7 +385,6 @@ require (
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 // indirect
 	github.com/saferwall/pe v1.5.2 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
@@ -435,6 +440,7 @@ require (
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
 	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b // indirect
 	github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
+	github.com/x448/float16 v0.8.4 // indirect
 	github.com/xanzy/go-gitlab v0.102.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
@@ -469,17 +475,19 @@ require (
 	go.opentelemetry.io/proto/otlp v1.3.1 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
 	go.step.sm/crypto v0.44.2 // indirect
-	golang.org/x/sync v0.10.0 // indirect
+	golang.org/x/image v0.24.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
 	golang.org/x/sys v0.28.0 // indirect
 	golang.org/x/term v0.27.0 // indirect
-	golang.org/x/text v0.21.0 // indirect
-	golang.org/x/time v0.6.0 // indirect
+	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/time v0.7.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gonum.org/v1/gonum v0.9.1 // indirect
 	google.golang.org/api v0.172.0 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect
-	google.golang.org/protobuf v1.34.2 // indirect
+	google.golang.org/protobuf v1.35.1 // indirect
+	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect
@@ -489,20 +497,20 @@ require (
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	gorm.io/gorm v1.25.10 // indirect
 	helm.sh/helm/v3 v3.14.4 // indirect
-	k8s.io/api v0.30.0 // indirect
+	k8s.io/api v0.32.0 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
 	modernc.org/libc v1.49.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
 	modernc.org/memory v1.8.0 // indirect
 	modernc.org/sqlite v1.29.8 // indirect
 	sigs.k8s.io/controller-runtime v0.15.0 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
 	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 // indirect
 	sigs.k8s.io/release-utils v0.7.7 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 	sigs.k8s.io/yaml v1.4.0 // indirect
 )
 

httphandler/go.sum

@@ -484,8 +484,8 @@ github.com/bmatcuk/doublestar/v2 v2.0.4/go.mod h1:QMmcs3H2AUQICWhfzLXz+IYln8lRQm
 github.com/bmatcuk/doublestar/v4 v4.6.1 h1:FH9SifrbvJhnlQpztAx++wlkk70QBf0iBWDwNy7PA4I=
 github.com/bmatcuk/doublestar/v4 v4.6.1/go.mod h1:xBQ8jztBU6kakFMg+8WGxn0c6z1fTSPVIjEY1Wr7jzc=
 github.com/boombuler/barcode v1.0.0/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
-github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs=
-github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4=
+github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
 github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBTaaSFSlLx/70C2HPIMNZpVV8+vt/A+FMnYP11g=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
 github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
@@ -692,6 +692,8 @@ github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7
 github.com/envoyproxy/protoc-gen-validate v0.6.2/go.mod h1:2t7qjJNvHPx8IjnBOzl9E9/baC+qXE/TeeyBRzgJDws=
 github.com/evanphx/json-patch v5.7.0+incompatible h1:vgGkfT/9f8zE6tvSCe74nfpAVDQ2tG6yudJd8LBksgI=
 github.com/evanphx/json-patch v5.7.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
+github.com/f-amaral/go-async v0.3.0 h1:h4kLsX7aKfdWaHvV0lf+/EE3OIeCzyeDYJDb/vDZUyg=
+github.com/f-amaral/go-async v0.3.0/go.mod h1:Hz5Qr6DAWpbTTUjytnrg1WIsDgS7NtOei5y8SipYS7U=
 github.com/facebookincubator/flog v0.0.0-20190930132826-d2511d0ce33c/go.mod h1:QGzNH9ujQ2ZUr/CjDGZGWeDAVStrWNjHeEcjJL96Nuk=
 github.com/facebookincubator/nvdtools v0.1.5 h1:jbmDT1nd6+k+rlvKhnkgMokrCAzHoASWE5LtHbX2qFQ=
 github.com/facebookincubator/nvdtools v0.1.5/go.mod h1:Kh55SAWnjckS96TBSrXI99KrEKH4iB0OJby3N8GRJO4=
@@ -726,6 +728,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos
 github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
 github.com/fvbommel/sortorder v1.1.0 h1:fUmoe+HLsBTctBDoaBwpQo5N+nrCp8g/BjKb/6ZQmYw=
 github.com/fvbommel/sortorder v1.1.0/go.mod h1:uk88iVf1ovNn1iLfgUVU2F9o5eO30ui720w+kxuqRs0=
+github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E=
+github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ=
 github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0=
 github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
@@ -954,8 +958,8 @@ github.com/google/pprof v0.0.0-20210601050228-01bbb1931b22/go.mod h1:kpwsk12EmLe
 github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
 github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
-github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k=
-github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db h1:097atOisP2aRj7vFgYQBbFN4U4JNXUNYpxael3UzMyo=
+github.com/google/pprof v0.0.0-20241029153458-d1b30febd7db/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o=
 github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw=
@@ -999,7 +1003,6 @@ github.com/gorilla/mux v1.8.1 h1:TuBL49tXwgrFYWhqrNgrUNEY92u81SPhu7sTdzQEiWY=
 github.com/gorilla/mux v1.8.1/go.mod h1:AKf9I4AEqPTmMytcMc0KkNouC66V3BtZ4qD5fmWSiMQ=
 github.com/gorilla/schema v1.4.1 h1:jUg5hUjCSDZpNGLuXQOgIWGdlgrIdYvgQ0wZtdK1M3E=
 github.com/gorilla/schema v1.4.1/go.mod h1:Dg5SSm5PV60mhF2NFaTV1xuYYj8tV8NOPRo4FggUMnM=
-github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
 github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
@@ -1071,6 +1074,10 @@ github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGb
 github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE=
 github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
 github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSow5/V2vxeg=
+github.com/hhrutter/lzw v1.0.0 h1:laL89Llp86W3rRs83LvKbwYRx6INE8gDn0XNb1oXtm0=
+github.com/hhrutter/lzw v1.0.0/go.mod h1:2HC6DJSn/n6iAZfgM3Pg+cP1KxeWc3ezG8bBqW5+WEo=
+github.com/hhrutter/tiff v1.0.1 h1:MIus8caHU5U6823gx7C6jrfoEvfSTGtEFRiM8/LOzC0=
+github.com/hhrutter/tiff v1.0.1/go.mod h1:zU/dNgDm0cMIa8y8YwcYBeuEEveI4B0owqHyiPpJPHc=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef h1:A9HsByNhogrvm9cWb28sjiS3i7tcKCkflWFEkHfuAgM=
 github.com/howeyc/gopass v0.0.0-20210920133722-c8aef6fb66ef/go.mod h1:lADxMC39cJJqL93Duh1xhAs4I2Zs8mKS89XWXFGp9cs=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
@@ -1112,8 +1119,10 @@ github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGw
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/jmhodges/clock v1.2.0 h1:eq4kys+NI0PLngzaHEe7AmPT90XMGIEySD1JfV1PDIs=
 github.com/jmhodges/clock v1.2.0/go.mod h1:qKjhA7x7u/lQpPB1XAqX1b1lCI/w3/fNuYpI/ZjLynI=
-github.com/johnfercher/maroto v1.0.0 h1:yo26a/Mxj2YbHCzpIW7FypKtdvv9BdeLNHaApHwLCXU=
-github.com/johnfercher/maroto v1.0.0/go.mod h1:qeujdhKT+677jMjGWlIa5OCgR04GgIHvByJ6pSC+hOw=
+github.com/johnfercher/go-tree v1.1.0 h1:L0Fs5jLR1uA2e/CwfHjNdO/Lt4IGQ46QgxarAC1yeXs=
+github.com/johnfercher/go-tree v1.1.0/go.mod h1:DUO6QkXIFh1K7jeGBIkLCZaeUgnkdQAsB64FDSoHswg=
+github.com/johnfercher/maroto/v2 v2.2.2 h1:6VSNfXe/kDNTNDE13+CDm53lxFfv9hHsW1SHtoKVicw=
+github.com/johnfercher/maroto/v2 v2.2.2/go.mod h1:/LfW6AQGZzsG6xUixcfyxkKztDoszdwC+G2jNRl8bss=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
 github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
 github.com/json-iterator/go v1.1.6/go.mod h1:+SdeFBvtyEkXs7REEP0seUULqWtbJapLOCVDaaPEHmU=
@@ -1288,8 +1297,8 @@ github.com/moby/locker v1.0.1 h1:fOXqR41zeveg4fFODix+1Ch4mj/gT0NE1XJbp/epuBg=
 github.com/moby/locker v1.0.1/go.mod h1:S7SDdo5zpBK84bzzVlKr2V0hz+7x9hWbYC/kq7oQppc=
 github.com/moby/patternmatcher v0.6.0 h1:GmP9lR19aU5GqSSFko+5pRqHi+Ohk1O69aFiKkVGiPk=
 github.com/moby/patternmatcher v0.6.0/go.mod h1:hDPoyOpDY7OrrMDLaYoY3hf52gNCR/YOUYxkhApJIxc=
-github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8=
-github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c=
+github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU=
+github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI=
 github.com/moby/sys/mountinfo v0.7.2 h1:1shs6aH5s4o5H2zQLn796ADW1wMrIwHsyJ2v9KouLrg=
 github.com/moby/sys/mountinfo v0.7.2/go.mod h1:1YOa8w8Ih7uW0wALDUgT1dTTSBrZ+HiBLGws92L2RU4=
 github.com/moby/sys/sequential v0.5.0 h1:OPvI35Lzn9K04PBbCLW0g4LcFAJgHsvXsRyewg5lXtc=
@@ -1353,14 +1362,14 @@ github.com/onsi/ginkgo v1.16.4/go.mod h1:dX+/inL/fNMqNlz0e9LfyB9TswhZpCVdJM/Z6Vv
 github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE=
 github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU=
 github.com/onsi/ginkgo/v2 v2.1.3/go.mod h1:vw5CSIxN1JObi/U8gcbwft7ZxR2dgaR70JSE3/PpL4c=
-github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw=
-github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI=
+github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM=
+github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo=
 github.com/onsi/gomega v1.7.1/go.mod h1:XdKZgCCFLUoM/7CFJVPcG8C1xQ1AJ0vpAezJrB7JYyY=
 github.com/onsi/gomega v1.10.1/go.mod h1:iN09h71vgCQne3DLsj+A5owkum+a2tYe+TOCB1ybHNo=
 github.com/onsi/gomega v1.17.0/go.mod h1:HnhC7FXeEQY45zxNK3PPoIUhzk/80Xly9PcubAlGdZY=
 github.com/onsi/gomega v1.19.0/go.mod h1:LY+I3pBVzYsTBU1AnDwOSxaYi9WoWiqgwooUqq9yPro=
-github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k=
-github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY=
+github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4=
+github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog=
 github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ=
 github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
@@ -1392,6 +1401,8 @@ github.com/pborman/indent v1.2.1 h1:lFiviAbISHv3Rf0jcuh489bi06hj98JsVMtIDZQb9yM=
 github.com/pborman/indent v1.2.1/go.mod h1:FitS+t35kIYtB5xWTZAPhnmrxcciEEOdbyrrpz5K6Vw=
 github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
 github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
+github.com/pdfcpu/pdfcpu v0.9.1 h1:q8/KlBdHjkE7ZJU4ofhKG5Rjf7M6L324CVM6BMDySao=
+github.com/pdfcpu/pdfcpu v0.9.1/go.mod h1:fVfOloBzs2+W2VJCCbq60XIxc3yJHAZ0Gahv1oO0gyI=
 github.com/pelletier/go-toml v1.9.4/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
 github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
 github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
@@ -1470,8 +1481,6 @@ github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR
 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/ruudk/golang-pdf417 v0.0.0-20181029194003-1af4ab5afa58/go.mod h1:6lfFZQK844Gfx8o5WFuvpxWRwnSoipWe/p622j1v06w=
-github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 h1:K1Xf3bKttbF+koVGaX5xngRIZ5bVjbmPnaxE/dR08uY=
-github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245/go.mod h1:pQAZKsJ8yyVxGRWYNEm9oFB8ieLgKFnamEyDmSA0BRk=
 github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts=
 github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk=
 github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc=
@@ -1699,6 +1708,8 @@ github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b h1:uWNQ0khA
 github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b/go.mod h1:ewlIKbKV8l+jCj8rkdXIs361ocR5x3qGyoCSca47Gx8=
 github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 h1:0KGbf+0SMg+UFy4e1A/CPVvXn21f1qtWdeJwxZFoQG8=
 github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0/go.mod h1:jLXFoL31zFaHKAAyZUh+sxiTDFe1L1ZHrcK2T1itVKA=
+github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
+github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
 github.com/xanzy/go-gitlab v0.102.0 h1:ExHuJ1OTQ2yt25zBMMj0G96ChBirGYv8U7HyUiYkZ+4=
 github.com/xanzy/go-gitlab v0.102.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI=
 github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM=
@@ -1870,6 +1881,8 @@ golang.org/x/image v0.0.0-20200430140353-33d19683fad8/go.mod h1:FeLwcggjj3mMvU+o
 golang.org/x/image v0.0.0-20200618115811-c13761719519/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20201208152932-35266b937fa6/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/image v0.0.0-20210216034530-4410531fe030/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/image v0.24.0 h1:AN7zRgVsbvmTfNyqIbbOraYL8mSwcKncEj8ofjgzcMQ=
+golang.org/x/image v0.24.0/go.mod h1:4b/ITuLfqYq1hqZcjofwctIhi7sZh2WaCjvsBNjjya8=
 golang.org/x/lint v0.0.0-20180702182130-06c8688daad7/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -1897,8 +1910,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.5.0/go.mod h1:5OXOZSfqPIIbmVBIIKWRFfZjPR0E5r58TLhUjH0a2Ro=
 golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
 golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
-golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
+golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0=
+golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1997,8 +2010,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
-golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA=
-golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
+golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
 golang.org/x/perf v0.0.0-20180704124530-6e6d33e29852/go.mod h1:JLpeXjPJfIyPr5TlbXLkXWLhP8nz10XfvxElABhCtcw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -2015,8 +2028,8 @@ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -2153,14 +2166,14 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
 golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/time v0.0.0-20180412165947-fbb02b2291d2/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U=
-golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ=
+golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
 golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180828015842-6cd1fcedba52/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -2226,8 +2239,8 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
 golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
 golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
-golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24=
-golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ=
+golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ=
+golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
@@ -2483,8 +2496,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
-google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
+google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA=
+google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -2496,6 +2509,8 @@ gopkg.in/cheggaaa/pb.v1 v1.0.27/go.mod h1:V/YB90LKu/1FcN3WVnfiiE5oMCibMjukxqG/qS
 gopkg.in/dancannon/gorethink.v3 v3.0.5 h1:/g7PWP7zUS6vSNmHSDbjCHQh1Rqn8Jy6zSMQxAsBSMQ=
 gopkg.in/dancannon/gorethink.v3 v3.0.5/go.mod h1:GXsi1e3N2OcKhcP6nsYABTiUejbWMFO4GY5a4pEaeEc=
 gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4=
+gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M=
 gopkg.in/fatih/pool.v2 v2.0.0 h1:xIFeWtxifuQJGk/IEPKsTduEKcKvPmhoiVDGpC40nKg=
 gopkg.in/fatih/pool.v2 v2.0.0/go.mod h1:8xVGeu1/2jr2wm5V9SPuMht2H5AEmf5aFMGSQixtjTY=
 gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
@@ -2543,20 +2558,20 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
 honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA=
-k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE=
+k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE=
+k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0=
 k8s.io/apiextensions-apiserver v0.29.0 h1:0VuspFG7Hj+SxyF/Z/2T0uFbI5gb5LRgEyUVE3Q4lV0=
 k8s.io/apiextensions-apiserver v0.29.0/go.mod h1:TKmpy3bTS0mr9pylH0nOt/QzQRrW7/h7yLdRForMZwc=
-k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA=
-k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc=
-k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ=
-k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY=
+k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg=
+k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
+k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8=
+k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8=
 k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 h1:BZqlfIlq5YbRMFko6/PM7FjZpUb45WallggurYhKGag=
-k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
-k8s.io/utils v0.0.0-20231127182322-b307cd553661 h1:FepOBzJ0GXm8t0su67ln2wAZjbQ6RxQGZDnzuLcrUTI=
-k8s.io/utils v0.0.0-20231127182322-b307cd553661/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
+k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
+k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 modernc.org/cc/v4 v4.20.0 h1:45Or8mQfbUqJOG9WaxvlFYOAQO0lQ5RvqBcFCXngjxk=
 modernc.org/cc/v4 v4.20.0/go.mod h1:HM7VJTZbUCR3rV8EYBi9wxnJ0ZBRiGE5OeGXNA0IsLQ=
 modernc.org/ccgo/v4 v4.16.0 h1:ofwORa6vx2FMm0916/CkZjpFPSR70VwTjUCe2Eg5BnA=
@@ -2587,16 +2602,16 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
 rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/controller-runtime v0.15.0 h1:ML+5Adt3qZnMSYxZ7gAverBLNPSMQEibtzAgp0UPojU=
 sigs.k8s.io/controller-runtime v0.15.0/go.mod h1:7ngYvp1MLT+9GeZ+6lH3LOlcHkp/+tzA/fmHa4iq9kk=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
-sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 h1:/Rv+M11QRah1itp8VhT6HoVx1Ray9eB4DBr+K+/sCJ8=
+sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3/go.mod h1:18nIHnGi6636UCz6m8i4DhaJ65T6EruyzmoQqI2BVDo=
 sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 h1:XX3Ajgzov2RKUdc5jW3t5jwY7Bo7dcRm+tFxT+NfgY0=
 sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3/go.mod h1:9n16EZKMhXBNSiUC5kSdFQJkdH3zbxS/JoO619G1VAY=
 sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3 h1:W6cLQc5pnqM7vh3b7HvGNfXrJ/xL6BDMS0v1V/HHg5U=
 sigs.k8s.io/kustomize/kyaml v0.14.3-0.20230601165947-6ce0bf390ce3/go.mod h1:JWP1Fj0VWGHyw3YUPjXSQnRnrwezrZSrApfX5S0nIag=
 sigs.k8s.io/release-utils v0.7.7 h1:JKDOvhCk6zW8ipEOkpTGDH/mW3TI+XqtPp16aaQ79FU=
 sigs.k8s.io/release-utils v0.7.7/go.mod h1:iU7DGVNi3umZJ8q6aHyUFzsDUIaYwNnNKGHo3YE5E3s=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
-sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2 h1:MdmvkGuXi/8io6ixD5wud3vOLwc1rj0aNqRlpuvjmwA=
+sigs.k8s.io/structured-merge-diff/v4 v4.4.2/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4=
 sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E=
 sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
 software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k=

httphandler/handlerequests/v1/datastructuremethods.go

@@ -1,8 +1,15 @@
 package v1
 
 import (
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
 	"strings"
 
+	"github.com/armosec/armoapi-go/armotypes"
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/cautils/getter"
 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
@@ -67,6 +74,15 @@ func ToScanInfo(scanRequest *utilsmetav1.PostScanRequest) *cautils.ScanInfo {
 		scanInfo.IsDeletedScanObject = *scanRequest.IsDeletedScanObject
 	}
 
+	if scanRequest.Exceptions != nil {
+		path, err := saveExceptions(scanRequest.Exceptions)
+		if err != nil {
+			logger.L().Warning("failed to save exceptions, scanning without them", helpers.Error(err))
+		} else {
+			scanInfo.UseExceptions = path
+		}
+	}
+
 	return scanInfo
 }
 
@@ -92,3 +108,15 @@ func setTargetInScanInfo(scanRequest *utilsmetav1.PostScanRequest, scanInfo *cau
 		scanInfo.ScanAll = true
 	}
 }
+
+func saveExceptions(exceptions []armotypes.PostureExceptionPolicy) (string, error) {
+	exceptionsJSON, err := json.Marshal(exceptions)
+	if err != nil {
+		return "", fmt.Errorf("failed to marshal exceptions: %w", err)
+	}
+	exceptionsPath := filepath.Join("/tmp", "exceptions.json") // FIXME potential race condition
+	if err := os.WriteFile(exceptionsPath, exceptionsJSON, 0644); err != nil {
+		return "", fmt.Errorf("failed to write exceptions file to disk: %w", err)
+	}
+	return exceptionsPath, nil
+}

pkg/imagescan/imagescan.go

@@ -5,11 +5,13 @@ import (
 	"errors"
 	"fmt"
 	"path/filepath"
+	"strings"
 
 	"github.com/adrg/xdg"
 	"github.com/anchore/grype/grype"
 	"github.com/anchore/grype/grype/db"
 	"github.com/anchore/grype/grype/grypeerr"
+	"github.com/anchore/grype/grype/match"
 	"github.com/anchore/grype/grype/matcher"
 	"github.com/anchore/grype/grype/matcher/dotnet"
 	"github.com/anchore/grype/grype/matcher/golang"
@@ -116,9 +118,67 @@ type Service struct {
 	dbCfg db.Config
 }
 
-func (s *Service) Scan(ctx context.Context, userInput string, creds RegistryCredentials) (*models.PresenterConfig, error) {
-	var err error
+func getIgnoredMatches(vulnerabilityExceptions []string, store *store.Store, packages []pkg.Package, pkgContext pkg.Context) (*match.Matches, []match.IgnoredMatch, error) {
+	if vulnerabilityExceptions == nil {
+		vulnerabilityExceptions = []string{}
+	}
 
+	var ignoreRules []match.IgnoreRule
+	for _, exception := range vulnerabilityExceptions {
+		rule := match.IgnoreRule{
+			Vulnerability: exception,
+		}
+		ignoreRules = append(ignoreRules, rule)
+	}
+
+	matcher := grype.VulnerabilityMatcher{
+		Store:       *store,
+		Matchers:    getMatchers(),
+		IgnoreRules: ignoreRules,
+	}
+
+	remainingMatches, ignoredMatches, err := matcher.FindMatches(packages, pkgContext)
+	if err != nil {
+		if !errors.Is(err, grypeerr.ErrAboveSeverityThreshold) {
+			return nil, nil, err
+		}
+	}
+
+	return remainingMatches, ignoredMatches, nil
+}
+
+// Filter the remaing matches based on severity exceptions.
+func filterMatchesBasedOnSeverity(severityExceptions []string, remainingMatches match.Matches, store *store.Store) match.Matches {
+	if severityExceptions == nil {
+		return remainingMatches
+	}
+
+	filteredMatches := match.NewMatches()
+
+	for m := range remainingMatches.Enumerate() {
+		metadata, err := store.GetMetadata(m.Vulnerability.ID, m.Vulnerability.Namespace)
+		if err != nil {
+			continue
+		}
+
+		// Skip this match if the severity of this match is present in severityExceptions.
+		excludeSeverity := false
+		for _, sever := range severityExceptions {
+			if strings.ToUpper(metadata.Severity) == sever {
+				excludeSeverity = true
+				continue
+			}
+		}
+
+		if !excludeSeverity {
+			filteredMatches.Add(m)
+		}
+	}
+
+	return filteredMatches
+}
+
+func (s *Service) Scan(ctx context.Context, userInput string, creds RegistryCredentials, vulnerabilityExceptions, severityExceptions []string) (*models.PresenterConfig, error) {
 	store, status, dbCloser, err := NewVulnerabilityDB(s.dbCfg, true)
 	if err = validateDBLoad(err, status); err != nil {
 		return nil, err
@@ -133,20 +193,15 @@ func (s *Service) Scan(ctx context.Context, userInput string, creds RegistryCred
 		defer dbCloser.Close()
 	}
 
-	matcher := grype.VulnerabilityMatcher{
-		Store:    *store,
-		Matchers: getMatchers(),
+	remainingMatches, ignoredMatches, err := getIgnoredMatches(vulnerabilityExceptions, store, packages, pkgContext)
+	if err != nil {
+		return nil, err
 	}
 
-	remainingMatches, ignoredMatches, err := matcher.FindMatches(packages, pkgContext)
-	if err != nil {
-		if !errors.Is(err, grypeerr.ErrAboveSeverityThreshold) {
-			return nil, err
-		}
-	}
+	filteredMatches := filterMatchesBasedOnSeverity(severityExceptions, *remainingMatches, store)
 
 	pb := models.PresenterConfig{
-		Matches:          *remainingMatches,
+		Matches:          filteredMatches,
 		IgnoredMatches:   ignoredMatches,
 		Packages:         packages,
 		Context:          pkgContext,

pkg/imagescan/imagescan_test.go

@@ -2,9 +2,12 @@ package imagescan
 
 import (
 	"errors"
+	"net/http"
+	"path"
 	"testing"
 	"time"
 
+	"github.com/adrg/xdg"
 	"github.com/anchore/grype/grype/db"
 	grypedb "github.com/anchore/grype/grype/db/v5"
 	"github.com/anchore/grype/grype/match"
@@ -16,63 +19,71 @@ import (
 	"github.com/stretchr/testify/assert"
 )
 
-// import (
-// 	"context"
-// 	"testing"
+func TestVulnerabilityAndSeverityExceptions(t *testing.T) {
+	go func() {
+		_ = http.ListenAndServe(":8000", http.FileServer(http.Dir("testdata"))) //nolint:gosec
+	}()
+	dbCfg := db.Config{
+		DBRootDir:  path.Join(xdg.CacheHome, "grype-light", "db"),
+		ListingURL: "http://localhost:8000/listing.json",
+	}
+	svc := NewScanService(dbCfg)
+	creds := RegistryCredentials{}
 
-// 	"github.com/anchore/grype/grype/db"
-// 	grypedb "github.com/anchore/grype/grype/db/v5"
-// 	"github.com/anchore/grype/grype/match"
-// 	"github.com/anchore/grype/grype/pkg"
-// 	"github.com/anchore/grype/grype/presenter/models"
-// 	"github.com/anchore/grype/grype/vulnerability"
-// 	syftPkg "github.com/anchore/syft/syft/pkg"
-// 	"github.com/google/uuid"
-// 	"github.com/stretchr/testify/assert"
-// )
+	tests := []struct {
+		name                    string
+		image                   string
+		vulnerabilityExceptions []string
+		ignoredLen              int
+		severityExceptions      []string
+		filteredLen             int
+	}{
+		{
+			name:               "alpine:3.19.1 without medium vulnerabilities",
+			image:              "alpine:3.19.1",
+			ignoredLen:         0,
+			severityExceptions: []string{"MEDIUM"},
+			filteredLen:        0,
+		},
+		{
+			name:                    "alpine:3.9.6",
+			image:                   "alpine:3.9.6",
+			vulnerabilityExceptions: []string{"CVE-2020-1971", "CVE-2020-28928", "CVE-2021-23840"},
+			ignoredLen:              6,
+			severityExceptions:      []string{"HIGH", "MEDIUM"},
+			filteredLen:             8,
+		},
+		{
+			name:                    "alpine:3.9.6 with invalid vulnerability and severity exceptions",
+			image:                   "alpine:3.9.6",
+			vulnerabilityExceptions: []string{"invalid-cve", "CVE-2020-28928", "CVE-2021-23840"},
+			ignoredLen:              4,
+			severityExceptions:      []string{"CRITICAL", "MEDIUM", "invalid-severity"},
+			filteredLen:             10,
+		},
+	}
 
-// func TestNewScanService(t *testing.T) {
-// 	dbCfg, _ := NewDefaultDBConfig()
+	for _, tc := range tests {
+		t.Run(tc.name, func(t *testing.T) {
+			store, status, dbCloser, err := NewVulnerabilityDB(svc.dbCfg, true)
+			assert.NoError(t, validateDBLoad(err, status))
 
-// 	svc := NewScanService(dbCfg)
+			packages, pkgContext, _, err := pkg.Provide(tc.image, getProviderConfig(creds))
+			assert.NoError(t, err)
 
-// 	assert.IsType(t, Service{}, svc)
-// }
+			if dbCloser != nil {
+				defer dbCloser.Close()
+			}
 
-// func TestScan(t *testing.T) {
-// 	tt := []struct {
-// 		name  string
-// 		image string
-// 		creds RegistryCredentials
-// 	}{
-// 		{
-// 			name:  "Valid image name produces a non-nil scan result",
-// 			image: "nginx",
-// 		},
-// 		{
-// 			name:  "Scanning a valid image with provided credentials should produce a non-nil scan result",
-// 			image: "nginx",
-// 			creds: RegistryCredentials{
-// 				Username: "test",
-// 				Password: "password",
-// 			},
-// 		},
-// 	}
+			remainingMatches, ignoredMatches, err := getIgnoredMatches(tc.vulnerabilityExceptions, store, packages, pkgContext)
+			assert.NoError(t, err)
+			assert.Equal(t, tc.ignoredLen, len(ignoredMatches))
 
-// 	for _, tc := range tt {
-// 		t.Run(tc.name, func(t *testing.T) {
-// 			ctx := context.Background()
-// 			dbCfg, _ := NewDefaultDBConfig()
-// 			svc := NewScanService(dbCfg)
-// 			creds := RegistryCredentials{}
-
-// 			scanResults, err := svc.Scan(ctx, tc.image, creds)
-
-// 			assert.NoError(t, err)
-// 			assert.IsType(t, &models.PresenterConfig{}, scanResults)
-// 		})
-// 	}
-// }
+			filteredMatches := filterMatchesBasedOnSeverity(tc.severityExceptions, *remainingMatches, store)
+			assert.Equal(t, tc.filteredLen, filteredMatches.Count())
+		})
+	}
+}
 
 // fakeMetaProvider is a test double that fakes an actual MetadataProvider
 type fakeMetaProvider struct {

pkg/imagescan/testdata/listing.json

@@ -0,0 +1,12 @@
+{
+  "available": {
+    "5": [
+      {
+        "built": "2023-12-13T01:27:01Z",
+        "version": 5,
+        "url": "http://localhost:8000/vulnerability-db_v5_2023-03-24T06_54_57Z_fab15e5405c096d82dfd.tar.gz",
+        "checksum": "sha256:99ad9fd54be5295351555a02a0fb6986a461a9d23eb8ae3b34ea892c252a8c80"
+      }
+    ]
+  }
+}