Merge pull request #959 from suhasgumma/fix-command

fix: keep user formatting when autofixing
tests: extend test cases for autofix inserts
2026-02-15 10:30:02 +00:00 · 2023-01-11 20:13:16 +02:00 · 2023-01-11 19:50:57 +02:00 · 2023-01-11 18:44:06 +02:00 · 2023-01-11 18:43:14 +02:00 · 2023-01-10 19:43:25 +02:00
550 changed files with 11890 additions and 242583 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +0,0 @@
-# Keep CRLF newlines in appropriate test files to have reproducible tests
-core/pkg/fixhandler/testdata/inserts/*-crlf-newlines.yaml text eol=crlf
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -2,32 +2,33 @@
 name: Bug report
 about: Create a report to help us improve
 title: ''
-labels: 'bug'
+labels: ''
 assignees: ''

 ---

-# Description
-<!-- A clear and concise description of what the bug is. -->
+# Describe the bug
+A clear and concise description of what the bug is.

 # Environment
-OS: ` ` <!-- the OS + version you’re running Kubescape on, e.g Ubuntu 22.04 LTS  -->
-Version: ` ` <!-- the version that Kubescape reports when you run `kubescape version`  -->
- 
+OS: the OS + version you’re running Kubescape on, e.g Ubuntu 22.04 LTS
+Version: the version that Kubescape reports when you run `kubescape version`
+```
+Your current version is:
+```
+
 # Steps To Reproduce
-<!--
 Steps to reproduce the behavior:
 1. Go to '...'
 2. Click on '....'
 3. Scroll down to '....'
 4. See error
-->

 # Expected behavior
-<!-- A clear and concise description of what you expected to happen. -->
+A clear and concise description of what you expected to happen.

 # Actual Behavior
-<!-- A clear and concise description of what happened. If applicable, add screenshots to help explain your  problem. -->
+A clear and concise description of what happened. If applicable, add screenshots to help explain your problem.

 # Additional context
-<!-- Add any other context about the problem here. -->
+Add any other context about the problem here.
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@@ -2,23 +2,18 @@
 name: Feature request
 about: Suggest an idea for this project
 title: ''
-labels: 'feature'
+labels: ''
 assignees: ''

 ---
+**Is your feature request related to a problem? Please describe.**</br>
+ > A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]

-## Overview
-<!-- A brief overview of the related current state -->
+**Describe the solution you'd like.**</br>
+ > A clear and concise description of what you want to happen.

-## Problem
-<!-- A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] -->
+**Describe alternatives you've considered.**</br>
+ > A clear and concise description of any alternative solutions or features you've considered.

-## Solution
-<!-- A clear and concise description of what you want to happen. -->
-
-## Alternatives
-<!-- A clear and concise description of any alternative solutions or features you've considered. -->
-
-## Additional context
-<!-- Add any other context or screenshots about the feature request here. -->
- 
+**Additional context.**</br>
+ > Add any other context or screenshots about the feature request here.
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,39 +1,13 @@
-## Overview
-<!-- Please provide a brief overview of the changes made in this pull request. e.g. current behavior/future behavior -->
+## Describe your changes

-<!-- 
-## Additional Information
+## Screenshots - If Any (Optional)

-> Any additional information that may be useful for reviewers to know 
-->
+## This PR fixes:

-<!--
-## How to Test
+* Resolved #

-> Please provide instructions on how to test the changes made in this pull request
-->
-
-<!--
-## Examples/Screenshots
-
-> Here you add related screenshots 
-->
-
-<!-- 
-## Related issues/PRs:
-
-Here you add related issues and PRs.
-If this resolved an issue, write "Resolved #<issue number>
-
-e.g. If this PR resolves issues 1 and 2, it should look as follows:
-* Resolved #1
-* Resolved #2
-->
-
-<!--
 ## Checklist before requesting a review
-
-put an [x] in the box to get it checked 
+<!-- put an [x] in the box to get it checked -->

 - [ ] My code follows the style guidelines of this project
 - [ ] I have commented on my code, particularly in hard-to-understand areas
@@ -41,4 +15,4 @@ put an [x] in the box to get it checked
 - [ ] If it is a core feature, I have added thorough tests.
 - [ ] New and existing unit tests pass locally with my changes

--> 
+**Please open the PR against the `dev` branch (Unless the PR contains only documentation changes)**
--- a/.github/actions/tag-action/action.yaml
+++ b/.github/actions/tag-action/action.yaml
@@ -1,44 +0,0 @@
-name: 'Tag validator and retag'
-description: 'This action will check if the tag is rc and create a new tag for release'
-inputs:
-  ORIGINAL_TAG:  # id of input
-    description: 'Original tag'
-    required: true
-    default: ${{ github.ref_name }}
-  SUB_STRING: 
-    description: 'Sub string for rc tag'
-    required: true
-    default: "-rc"
-outputs:
-  NEW_TAG:
-    description: "The new tag for release"
-    value: ${{ steps.retag.outputs.NEW_TAG }}
-runs:
-  using: "composite"
-  steps:
-    - run: |
-        if [[ -z "${{ inputs.ORIGINAL_TAG }}" ]]; then
-          echo "The value of ORIGINAL_TAG is ${{ inputs.ORIGINAL_TAG }}"
-          echo "Setting the value of ORIGINAL_TAG to ${{ github.ref_name }}"
-          echo ORIGINAL_TAG="${{ github.ref_name }}" >> $GITHUB_ENV
-        fi
-      shell: bash
-
-    - run: |
-        if [[ "${{ inputs.ORIGINAL_TAG }}" == *"${{ inputs.SUB_STRING }}"* ]]; then
-            echo "Release candidate tag found."
-        else
-            echo "Release candidate tag not found."
-            exit 1
-        fi
-      shell: bash
-
-
-    - id: retag
-      run: | 
-          NEW_TAG=
-          echo "Original tag: ${{ inputs.ORIGINAL_TAG }}"
-          NEW_TAG=$(echo ${{ inputs.ORIGINAL_TAG }} | awk -F '-rc' '{print $1}')
-          echo "New tag: $NEW_TAG"
-          echo "NEW_TAG=$NEW_TAG" >> $GITHUB_OUTPUT
-      shell: bash
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -1,11 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: "" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "weekly"
--- a/.github/workflows/00-pr-scanner.yaml
+++ b/.github/workflows/00-pr-scanner.yaml
@@ -1,189 +0,0 @@
-name: 00-pr_scanner
-permissions: read-all
-on:
-    workflow_dispatch: {}
-    pull_request:
-        types: [opened, reopened, synchronize, ready_for_review]
-        paths-ignore:
-            - "**.yaml"
-            - "**.yml"
-            - "**.md"
-            - "**.sh"
-            - "website/*"
-            - "examples/*"
-            - "docs/*"
-            - "build/*"
-            - ".github/*"
-
-concurrency:
-    group: ${{ github.workflow }}-${{ github.ref }}
-    cancel-in-progress: true
-
-jobs:
-    pr-scanner:
-        permissions:
-            actions: read
-            artifact-metadata: read
-            attestations: read
-            checks: read
-            contents: write
-            deployments: read
-            discussions: read
-            id-token: write
-            issues: read
-            models: read
-            packages: read
-            pages: read
-            pull-requests: write
-            repository-projects: read
-            security-events: read
-            statuses: read
-        uses: ./.github/workflows/a-pr-scanner.yaml
-        with:
-            RELEASE: ""
-            CLIENT: test
-            CGO_ENABLED: 0
-            GO111MODULE: ""
-        secrets: inherit
-
-    wf-preparation:
-        name: secret-validator
-        runs-on: ubuntu-latest
-        outputs:
-            TEST_NAMES: ${{ steps.export_tests_to_env.outputs.TEST_NAMES }}
-            is-secret-set: ${{ steps.check-secret-set.outputs.is-secret-set }}
-
-        steps:
-            - name: check if the necessary secrets are set in github secrets
-              id: check-secret-set
-              env:
-                  CUSTOMER: ${{ secrets.CUSTOMER }}
-                  USERNAME: ${{ secrets.USERNAME }}
-                  PASSWORD: ${{ secrets.PASSWORD }}
-                  CLIENT_ID: ${{ secrets.CLIENT_ID_PROD }}
-                  SECRET_KEY: ${{ secrets.SECRET_KEY_PROD }}
-                  REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-                  REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-              run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && env.USERNAME != '' && env.PASSWORD != '' && env.CLIENT_ID != '' && env.SECRET_KEY != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '' }}\" >> $GITHUB_OUTPUT\n"
-
-            - id: export_tests_to_env
-              name: set test name
-              run: |
-                  echo "TEST_NAMES=$input" >> $GITHUB_OUTPUT
-              env:
-                  input: '[
-                      "scan_nsa",
-                      "scan_mitre",
-                      "scan_with_exceptions",
-                      "scan_repository",
-                      "scan_local_file",
-                      "scan_local_glob_files",
-                      "scan_local_list_of_files",
-                      "scan_git_repository_and_submit_to_backend",
-                      "scan_and_submit_to_backend",
-                      "scan_customer_configuration",
-                      "scan_compliance_score",
-                      "scan_custom_framework_scanning_file_scope_testing",
-                      "scan_custom_framework_scanning_cluster_scope_testing",
-                      "scan_custom_framework_scanning_cluster_and_file_scope_testing"
-                      ]'
-
-    run-system-tests:
-        strategy:
-            fail-fast: false
-            matrix:
-                TEST: ${{ fromJson(needs.wf-preparation.outputs.TEST_NAMES) }}
-        needs: [wf-preparation, pr-scanner]
-        if: ${{ (needs.wf-preparation.outputs.is-secret-set == 'true') && (always() && (contains(needs.*.result, 'success') || contains(needs.*.result, 'skipped')) && !(contains(needs.*.result, 'failure')) && !(contains(needs.*.result, 'cancelled'))) }}
-        runs-on: ubuntu-latest
-        permissions:
-            actions: read
-            contents: read
-            pull-requests: write
-        steps:
-            - uses: actions/checkout@v4
-              with:
-                  fetch-depth: 0
-                  submodules: recursive
-
-            - uses: actions/setup-go@v4
-              name: Installing go
-              with:
-                  go-version: "1.25"
-
-            - uses: anchore/sbom-action/download-syft@v0
-              name: Setup Syft
-
-            - uses: goreleaser/goreleaser-action@v6
-              name: Build
-              with:
-                  distribution: goreleaser
-                  version: latest
-                  args: build --clean --snapshot --single-target
-              env:
-                  RELEASE: ""
-                  CLIENT: test
-                  CGO_ENABLED: 0
-
-            - name: chmod +x
-              run: chmod +x -R ${PWD}/dist/cli_linux_amd64_v1/kubescape
-
-            - name: Checkout systests repo
-              uses: actions/checkout@v4
-              with:
-                  repository: armosec/system-tests
-                  path: system-tests
-
-            - uses: actions/setup-python@v4
-              with:
-                  python-version: "3.9"
-                  cache: "pip"
-
-            - name: create env
-              run: ./create_env.sh
-              working-directory: system-tests
-
-            - name: Generate uuid
-              id: uuid
-              run: |
-                  echo "RANDOM_UUID=$(uuidgen)" >> $GITHUB_OUTPUT
-
-            - name: Create k8s Kind Cluster
-              id: kind-cluster-install
-              uses: helm/kind-action@v1.10.0
-              with:
-                  cluster_name: ${{ steps.uuid.outputs.RANDOM_UUID }}
-
-            - name: run-tests-on-local-built-kubescape
-              env:
-                  CUSTOMER: ${{ secrets.CUSTOMER }}
-                  USERNAME: ${{ secrets.USERNAME }}
-                  PASSWORD: ${{ secrets.PASSWORD }}
-                  CLIENT_ID: ${{ secrets.CLIENT_ID_PROD }}
-                  SECRET_KEY: ${{ secrets.SECRET_KEY_PROD }}
-                  REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-                  REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-              working-directory: system-tests
-              run: |
-                  echo "Test history:"
-                  echo " ${{ matrix.TEST }} " >/tmp/testhistory
-                  cat /tmp/testhistory
-                  source systests_python_env/bin/activate
-
-                  python3 systest-cli.py             \
-                    -t ${{ matrix.TEST }}            \
-                    -b production                    \
-                    -c CyberArmorTests               \
-                    --duration 3                     \
-                    --logger DEBUG                   \
-                    --kwargs kubescape=${GITHUB_WORKSPACE}/dist/cli_linux_amd64_v1/kubescape
-
-                  deactivate
-
-            - name: Test Report
-              uses: mikepenz/action-junit-report@v5
-              if: always()
-              with:
-                  github_token: ${{ secrets.GITHUB_TOKEN }}
-                  report_paths: "system-tests/**/results_xml_format/**.xml"
-                  commit: ${{github.event.workflow_run.head_sha}}
--- a/.github/workflows/02-release.yaml
+++ b/.github/workflows/02-release.yaml
@@ -1,119 +0,0 @@
-name: 02-create_release
-permissions: read-all
-on:
-  push:
-    tags:
-      - "v[0-9]+.[0-9]+.[0-9]+"
-  workflow_dispatch:
-    inputs:
-      skip_publish:
-        description: "Skip publishing artifacts"
-        required: false
-        default: true
-        type: boolean
-jobs:
-  release:
-    permissions:
-      actions: read
-      checks: read
-      contents: write
-      deployments: read
-      discussions: read
-      id-token: write
-      issues: read
-      models: read
-      packages: write
-      pages: read
-      pull-requests: read
-      repository-projects: read
-      statuses: read
-      security-events: read
-      attestations: read
-      artifact-metadata: read
-    runs-on: ubuntu-large
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - uses: actions/setup-go@v5
-        with:
-          go-version: "1.25"
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.9"
-
-      - name: Install system dependencies for system-tests
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y --no-install-recommends \
-            libpq5 \
-            libpq-dev \
-            gcc \
-            python3-dev
-          sudo rm -rf /var/lib/apt/lists/*
-
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.5.0
-
-      - name: Create Cosign Key
-        run: echo "${{ secrets.COSIGN_PRIVATE_KEY_V1 }}" > cosign.key
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Login to Quay.io
-        uses: docker/login-action@v3
-        with:
-          registry: quay.io
-          username: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
-          password: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
-
-      - uses: anchore/sbom-action/download-syft@v0
-        name: Setup Syft
-
-      - name: Create k8s Kind Cluster
-        uses: helm/kind-action@v1.10.0
-        with:
-          cluster_name: kubescape-e2e
-
-      - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v6
-        with:
-          distribution: goreleaser
-          version: latest
-          args: release --clean ${{ inputs.skip_publish == true && '--skip=publish' || '' }}
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN || secrets.GITHUB_TOKEN }}
-          COSIGN_PWD: ${{ secrets.COSIGN_PRIVATE_KEY_V1_PASSWORD }}
-          RELEASE: ${{ github.ref_name }}
-          CLIENT: release
-          RUN_E2E: "true"
-          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-          CUSTOMER: ${{ secrets.CUSTOMER }}
-          USERNAME: ${{ secrets.USERNAME }}
-          PASSWORD: ${{ secrets.PASSWORD }}
-          CLIENT_ID: ${{ secrets.CLIENT_ID_PROD }}
-          SECRET_KEY: ${{ secrets.SECRET_KEY_PROD }}
-          REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
-          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-
-      - name: List collected system-test results (debug)
-        if: always()
-        run: |
-          echo "Listing test-results/system-tests (if any):"
-          ls -laR test-results/system-tests || true
-
-      - name: System Tests Report
-        uses: mikepenz/action-junit-report@v5
-        if: always()
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          report_paths: "test-results/system-tests/**/results_xml_format/**.xml"
-          annotate_only: true
-          job_summary: true
--- a/.github/workflows/README.md
+++ b/.github/workflows/README.md
@@ -1,52 +0,0 @@
-# Kubescape workflows
-
-Tag terminology: `v<major>.<minor>.<patch>`
-
-## Developing process
-
-Kubescape's main branch is `main`, any PR will be opened against the main branch.
-
-### Opening a PR
-
-When a user opens a PR, this will trigger some basic tests (units, license, etc.)
-
-### Reviewing a PR
-
-The reviewer/maintainer of a PR will decide whether the PR introduces changes that require running the E2E system tests. If so, the reviewer will add the `trigger-integration-test` label.
-
-### Approving a PR
-
-Once a maintainer approves the PR, if the `trigger-integration-test` label was added to the PR, the GitHub actions will trigger the system test. The PR will be merged only after the system tests passed successfully. If the label was not added, the PR can be merged. 
-
-### Merging a PR
-
-The code is merged, no other actions are needed
-
-
-## Release process
-
-Every two weeks, we will create a new tag by bumping the minor version, this will create the release and publish the artifacts. 
-If we are introducing breaking changes, we will update the `major` version instead.
-
-When we wish to push a hot-fix/feature within the two weeks, we will bump the `patch`.
-
-### Creating a new tag
-Every two weeks or upon the decision of the maintainers, a maintainer can create a tag.
-
-The tag should look as follows: `v<A>.<B>.<C>-rc.D` (release candidate). 
-
-When creating a tag, GitHub will trigger the following actions:
-1. Basic tests - unit tests, license, etc.
-2. System tests (integration tests). If the tests fail, the actions will stop here.
-3. Create a new tag: `v<A>.<B>.<C>` (same tag just without the `rc` suffix)
-4. Create a release
-5. Publish artifacts
-6. Build and publish the docker image (this is meanwhile until we separate the microservice code from the LCI codebase)
- 
-## Additional Information
-
-The "callers" have the alphabetic prefix and the "executes" have the numeric prefix
-
-## Screenshot
-
-<img width="1469" alt="image" src="https://user-images.githubusercontent.com/64066841/212532727-e82ec9e7-263d-408b-b4b0-a8c943f0109a.png">
--- a/.github/workflows/a-pr-scanner.yaml
+++ b/.github/workflows/a-pr-scanner.yaml
@@ -1,76 +0,0 @@
-name: a-pr-scanner
-permissions: read-all
-on:
-  workflow_call:
-    inputs:
-      RELEASE:
-        description: 'release'
-        required: true
-        type: string
-      CLIENT:
-        description: 'Client name'
-        required: true
-        type: string
-      UNIT_TESTS_PATH:
-        required: false
-        type: string
-        default: "./..."
-      GO111MODULE:
-        required: true
-        type: string
-      CGO_ENABLED:
-        type: number
-        default: 1
-jobs:
-  unit-tests:
-    if: ${{ github.actor != 'kubescape' }}
-    name: Create cross-platform build
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-    runs-on: ubuntu-large
-    steps:
-
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-          submodules: recursive
-
-      - uses: actions/setup-go@v4
-        name: Installing go
-        with:
-          go-version: ${{ inputs.GO_VERSION }}
-
-      - name: Test core pkg
-        run: ${{ env.DOCKER_CMD }} go test -v ./...
-        if: startsWith(github.ref, 'refs/tags')
-
-      - name: Test httphandler pkg
-        run: ${{ env.DOCKER_CMD }} sh -c 'cd httphandler && go test -v ./...'
-        if: startsWith(github.ref, 'refs/tags')
-
-      - uses: anchore/sbom-action/download-syft@v0
-        name: Setup Syft
-
-      - uses: goreleaser/goreleaser-action@v6
-        name: Build
-        with:
-          distribution: goreleaser
-          version: latest
-          args: build --clean --snapshot --single-target
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          CLIENT: ${{ inputs.CLIENT }}
-          CGO_ENABLED: ${{ inputs.CGO_ENABLED }}
-
-      - name: Smoke Testing
-        env:
-          RELEASE: ${{ inputs.RELEASE }}
-          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
-        run: ${{ env.DOCKER_CMD }} python3 smoke_testing/init.py ${PWD}/dist/cli_linux_amd64_v1/kubescape
-
-      - name: golangci-lint
-        continue-on-error: false
-        uses: golangci/golangci-lint-action@v9
-        with:
-          args: --timeout 10m
-          only-new-issues: true
--- a/.github/workflows/build-image.yaml
+++ b/.github/workflows/build-image.yaml
@@ -0,0 +1,80 @@
+name: build
+
+on:
+  workflow_call:
+    inputs:
+      client:
+        description: 'client name'
+        required: true
+        type: string
+      image_tag:
+        description: 'image tag'
+        required: true
+        type: string
+      image_name:
+        description: 'image registry and name'
+        required: true
+        type: string
+      cosign:
+        required: false
+        default: false
+        type: boolean
+        description: 'run cosign on released image'
+      support_platforms:
+        required: false
+        default: true
+        type: boolean
+        description: 'support amd64/arm64'
+
+    secrets:
+      QUAYIO_REGISTRY_USERNAME:
+        required: true
+      QUAYIO_REGISTRY_PASSWORD:
+        required: true
+
+jobs:
+  build-image:
+    name: Build image and upload to registry
+    runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      packages: write
+      contents: read
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+
+      - name: Login to Quay.io
+        env:
+          QUAY_PASSWORD: ${{ secrets.QUAYIO_REGISTRY_PASSWORD }}
+          QUAY_USERNAME: ${{ secrets.QUAYIO_REGISTRY_USERNAME }}
+        run: docker login -u="${QUAY_USERNAME}" -p="${QUAY_PASSWORD}" quay.io
+
+      - name: Build and push image
+        if: ${{ inputs.support_platforms }}
+        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push --platform linux/amd64,linux/arm64
+     
+      - name: Build and push image without amd64/arm64 support
+        if: ${{ !inputs.support_platforms }}
+        run: docker buildx build . --file build/Dockerfile --tag ${{ inputs.image_name }}:${{ inputs.image_tag }} --tag ${{ inputs.image_name }}:latest --build-arg image_version=${{ inputs.image_tag }} --build-arg client=${{ inputs.client }} --push
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@main
+        with:
+          cosign-release: 'v1.12.0'
+      - name: sign kubescape container image
+        if: ${{ inputs.cosign }}
+        env:
+          COSIGN_EXPERIMENTAL: "true"
+        run: |
+            cosign sign --force ${{ inputs.image_name }}:latest
+            cosign sign --force ${{ inputs.image_name }}:${{ inputs.image_tag }}
+
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -0,0 +1,91 @@
+name: build
+
+on:
+  push:
+    branches: [ master ]
+    paths-ignore:
+      # Do not run the pipeline if only Markdown files changed
+      - '**.md'
+jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+    with:
+      release: "v2.0.${{ github.run_number }}"
+      client: test
+
+  create-release:
+    uses: ./.github/workflows/release.yaml
+    needs: test
+    with:
+      release_name: "Release v2.0.${{ github.run_number }}"
+      tag_name: "v2.0.${{ github.run_number }}"
+    secrets: inherit
+
+  publish-artifacts:
+    name: Build and publish artifacts
+    needs: create-release
+    runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+ 
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: Install MSYS2 & libgit2 (Windows)
+        shell: cmd
+        run: .\build.bat all
+        if: matrix.os == 'windows-latest'
+
+      - name: Install libgit2 (Linux/macOS)
+        run: make libgit2
+        if: matrix.os != 'windows-latest'
+
+      - name: Build
+        env:
+          RELEASE: v2.0.${{ github.run_number }}
+          CLIENT: release
+          CGO_ENABLED: 1
+        run: python3 --version && python3 build.py
+ 
+      - name: Upload release binaries
+        id: upload-release-asset
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.create-release.outputs.upload_url }}
+          asset_path: build/${{ matrix.os }}/kubescape
+          asset_name: kubescape-${{ matrix.os }}
+          asset_content_type: application/octet-stream
+
+      - name: Upload release hash
+        id: upload-release-hash
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ needs.create-release.outputs.upload_url }}
+          asset_path: build/${{ matrix.os }}/kubescape.sha256
+          asset_name: kubescape-${{ matrix.os }}-sha256
+          asset_content_type: application/octet-stream
+  
+  publish-image:
+    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
+    uses: ./.github/workflows/build-image.yaml
+    needs: create-release
+    with:
+      client: "image-release"
+      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
+      image_tag: "v2.0.${{ github.run_number }}"
+      support_platforms: false
+      cosign: true
+    secrets: inherit
--- a/.github/workflows/build_dev.yaml
+++ b/.github/workflows/build_dev.yaml
@@ -0,0 +1,26 @@
+name: build-dev
+
+on:
+  push:
+    branches: [ dev ]
+    paths-ignore:
+      # Do not run the pipeline if only Markdown files changed
+      - '**.md'
+jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+    with:
+      release: "v2.0.${{ github.run_number }}"
+      client: test
+ 
+  publish-dev-image:
+    if: ${{ github.repository == 'kubescape/kubescape' }} # TODO
+    uses: ./.github/workflows/build-image.yaml
+    needs: test
+    with:
+      client: "image-dev"
+      image_name: "quay.io/${{ github.repository_owner }}/kubescape"
+      image_tag: "dev-v2.0.${{ github.run_number }}"
+      support_platforms: false
+      cosign: true
+    secrets: inherit
--- a/.github/workflows/close-typos-issues.yaml
+++ b/.github/workflows/close-typos-issues.yaml
@@ -0,0 +1,23 @@
+on:
+  issues:
+    types: [opened, labeled]
+
+jobs:
+  open_PR_message:
+    if: github.event.label.name == 'typo'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: ben-z/actions-comment-on-issue@1.0.2
+        with:
+          message: "Hello! :wave:\n\nThis issue is being automatically closed, Please open a PR with a relevant fix."
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+          
+          
+  auto_close_issues:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: lee-dohm/close-matching-issues@v2
+        with:
+          query: 'label:typo'
+          token: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/comments.yaml
+++ b/.github/workflows/comments.yaml
@@ -1,20 +0,0 @@
-name: pr-agent
-permissions: read-all
-on:
-  issue_comment:
-
-jobs:
-  pr_agent:
-    permissions:
-      issues: write
-      pull-requests: write
-    runs-on: ubuntu-latest
-    name: Run pr agent on every pull request, respond to user comments
-    steps:
-      - name: PR Agent action step
-        continue-on-error: true
-        id: pragent
-        uses: Codium-ai/pr-agent@main
-        env:
-          OPENAI_KEY: ${{ secrets.OPENAI_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/community.yml
+++ b/.github/workflows/community.yml
@@ -0,0 +1,22 @@
+on:
+  fork:
+  issues:
+    types: [opened]
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened]
+  pull_request_review_comment:
+    types: [created]
+
+jobs:
+  welcome:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - uses: EddieHubCommunity/gh-action-community/src/welcome@main
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          issue-message: '<h3>Hi! Welcome to Kubescape. Thank you for taking the time and reporting an issue</h3>'
+          pr-message: '<h3>Hi! Welcome to Kubescape. Thank you for taking the time and contributing to the open source community</h3>'
+          footer: '<h4>We will try to review as soon as possible!</h4>'
--- a/.github/workflows/post-release.yaml
+++ b/.github/workflows/post-release.yaml
@@ -0,0 +1,17 @@
+name: create release digests
+
+on:
+  release:
+    types: [ published]
+    branches: [ master ]
+  
+jobs:
+  once:
+    name: Creating digests
+    runs-on: ubuntu-latest
+    steps:
+      - name: Digest
+        uses: MCJack123/ghaction-generate-release-hashes@v1
+        with:
+          hash-type: sha1
+          file-name: kubescape-release-digests
--- a/.github/workflows/pr_checks.yaml
+++ b/.github/workflows/pr_checks.yaml
@@ -0,0 +1,16 @@
+name: pr-checks
+
+on:
+  pull_request:
+    branches: [ master, dev ]
+    types: [ edited, opened, synchronize, reopened ]
+    paths-ignore:
+      # Do not run the pipeline if only Markdown files changed
+      - '**.yaml'
+      - '**.md'
+jobs:
+  test:
+    uses: ./.github/workflows/test.yaml
+    with:
+      release: "v2.0.${{ github.run_number }}"
+      client: test
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,41 @@
+name: build
+
+on:
+  workflow_call:
+    inputs:
+      release_name:
+        description: 'release'
+        required: true
+        type: string
+      tag_name:
+        description: 'tag'
+        required: true
+        type: string
+      draft:
+        description: 'create draft release'
+        required: false
+        type: boolean
+        default: false
+    outputs:
+      upload_url:
+        description: "The first output string"
+        value: ${{ jobs.release.outputs.upload_url }}
+
+jobs:
+  release:
+    name: Create release
+    runs-on: ubuntu-latest
+    outputs:
+      upload_url: ${{ steps.create_release.outputs.upload_url }}
+    steps:
+      - name: Create a release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ inputs.tag_name }}
+          release_name: ${{ inputs.release_name }}
+          draft: ${{ inputs.draft }}
+          prerelease: false
+   
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -1,72 +0,0 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
-name: Scorecard supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-  schedule:
-    - cron: '0 00 * * 1'
-  push:
-    branches: [ "master" ]
-
-# Declare default permissions as read only.
-permissions: read-all
-
-jobs:
-  analysis:
-    name: Scorecard analysis
-    runs-on: ubuntu-latest
-    permissions:
-      # Needed to upload the results to code-scanning dashboard.
-      security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
-      id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@v4
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@v2.4.3
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecard on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
-          publish_results: true
-
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@v4
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: results.sarif
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -0,0 +1,93 @@
+name: test
+
+on:
+  workflow_call:
+    inputs:
+      release:
+        description: 'release'
+        required: true
+        type: string
+      client:
+        description: 'Client name'
+        required: true
+        type: string
+jobs:
+  build:
+    name: Create cross-platform build
+    runs-on: ${{ matrix.os }}
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    strategy:
+      matrix:
+        os: [ubuntu-latest, macos-latest, windows-latest]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Cache Go modules (Linux)
+        if: matrix.os == 'ubuntu-latest' 
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Cache Go modules (macOS)
+        if: matrix.os == 'macos-latest' 
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/Library/Caches/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Cache Go modules (Windows)
+        if: matrix.os == 'windows-latest'
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~\AppData\Local\go-build
+            ~\go\pkg\mod
+          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.18
+
+      - name: Install MSYS2 & libgit2 (Windows)
+        shell: cmd
+        run: .\build.bat all
+        if: matrix.os == 'windows-latest'
+
+      - name: Install libgit2 (Linux/macOS)
+        run: make libgit2
+        if: matrix.os != 'windows-latest'
+ 
+      - name: Test core pkg
+        run: go test -tags=static -v ./...
+
+      - name: Test httphandler pkg
+        run: cd httphandler && go test -tags=static -v ./...
+
+      - name: Build
+        env:
+          RELEASE: ${{ inputs.release }}
+          CLIENT: test
+          CGO_ENABLED: 1
+        run: python3 --version && python3 build.py
+
+      - name: Smoke Testing
+        env:
+          RELEASE: ${{ inputs.release }} 
+          KUBESCAPE_SKIP_UPDATE_CHECK: "true"
+        run: python3 smoke_testing/init.py ${PWD}/build/${{ matrix.os }}/kubescape
+        
--- a/.gitignore
+++ b/.gitignore
@@ -1,18 +1,8 @@
 *.vs*
 *kubescape*
-!*Dockerfile*
 *debug*
 *vendor*
 *.pyc*
 .idea
 .history
-ca.srl
-*.out
-ks
-cosign.key
-
-dist/
-
-# Test output files
-customFilename.pdf
-customFilename.xml
+ca.srl
--- a/.gitmodules
+++ b/.gitmodules
@@ -0,0 +1,3 @@
+[submodule "git2go"]
+	path = git2go
+	url = https://github.com/libgit2/git2go.git
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,57 +0,0 @@
-version: "2"
-linters:
-  enable:
-    - bodyclose
-    - gosec
-    - nolintlint
-  disable:
-    - dupl
-    - errcheck
-    - gochecknoglobals
-    - gochecknoinits
-    - gocognit
-    - gocritic
-    - lll
-    - nakedret
-    - revive
-    - unconvert
-    - unparam
-  settings:
-    dupl:
-      threshold: 200
-    gocognit:
-      min-complexity: 65
-    goconst:
-      min-len: 3
-      min-occurrences: 2
-  exclusions:
-    generated: lax
-    presets:
-      - comments
-      - common-false-positives
-      - legacy
-      - std-error-handling
-    rules:
-      - linters:
-          - revive
-        text: var-naming
-      - linters:
-          - revive
-        text: type name will be used as (.+?) by other packages, and that stutters
-      - linters:
-          - staticcheck
-        text: ST1003
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
-formatters:
-  enable:
-    - gofmt
-    - goimports
-  exclusions:
-    generated: lax
-    paths:
-      - third_party$
-      - builtin$
-      - examples$
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,145 +0,0 @@
-# Make sure to check the documentation at https://goreleaser.com
-
-# The lines below are called `modelines`. See `:help modeline`
-# Feel free to remove those if you don't want/need to use them.
-# yaml-language-server: $schema=https://goreleaser.com/static/schema.json
-# vim: set ts=2 sw=2 tw=0 fo=cnqoj
-
-version: 2
-
-before:
-  hooks:
-    # You may remove this if you don't use go modules.
-    - go mod tidy
-    - go test -v ./...
-    - go -C httphandler test -v ./...
-
-archives:
-  - id: cli
-    ids:
-      - cli
-    formats:
-      - binary
-      - tar.gz
-
-builds:
-  - id: cli
-    binary: kubescape
-    env:
-      - CGO_ENABLED=0
-    goos:
-      - linux
-      - darwin
-      - windows
-    goarch:
-      - amd64
-      - arm64
-    ldflags:
-      - -s -w
-      - -X "github.com/kubescape/kubescape/v3/core/cautils.Client={{.Env.CLIENT}}"
-    hooks:
-      post:
-        - cmd: >
-            {{ if eq .Arch "amd64" }}
-            /bin/sh -lc 'sh build/goreleaser-post-e2e.sh'
-            {{ end }}
-  - id: downloader
-    dir: downloader
-    binary: downloader
-    env:
-      - CGO_ENABLED=0
-    goos:
-      - linux
-    goarch:
-      - amd64
-      - arm64
-  - id: http
-    dir: httphandler
-    binary: ksserver
-    env:
-      - CGO_ENABLED=0
-    goos:
-      - linux
-    goarch:
-      - amd64
-      - arm64
-
-nfpms:
-  - id: cli
-    package_name: kubescape
-    ids:
-      - cli
-    vendor: Kubescape
-    homepage: https://kubescape.io/
-    maintainer: matthiasb@kubescape.io
-    formats:
-      - apk
-      - deb
-      - rpm
-    bindir: /usr/bin
-
-docker_signs:
-  - stdin: "{{ .Env.COSIGN_PWD }}"
-
-dockers_v2:
-  - id: cli
-    images:
-      - "quay.io/kubescape/kubescape-cli"
-    tags:
-      - "{{ .Tag }}"
-    labels:
-      "org.opencontainers.image.description": "Kubescape CLI"
-      "org.opencontainers.image.created": "{{.Date}}"
-      "org.opencontainers.image.name": "{{.ProjectName}}"
-      "org.opencontainers.image.revision": "{{.FullCommit}}"
-      "org.opencontainers.image.version": "{{.Version}}"
-      "org.opencontainers.image.source": "{{.GitURL}}"
-    ids:
-      - cli
-    dockerfile: build/kubescape-cli.Dockerfile
-  - id: http
-    images:
-      - "quay.io/kubescape/kubescape"
-    tags:
-      - "{{ .Tag }}"
-    labels:
-      "org.opencontainers.image.description": "Kubescape microservice"
-      "org.opencontainers.image.created": "{{.Date}}"
-      "org.opencontainers.image.name": "{{.ProjectName}}"
-      "org.opencontainers.image.revision": "{{.FullCommit}}"
-      "org.opencontainers.image.version": "{{.Version}}"
-      "org.opencontainers.image.source": "{{.GitURL}}"
-    ids:
-      - downloader
-      - http
-    dockerfile: build/Dockerfile
-
-changelog:
-  sort: asc
-  filters:
-    exclude:
-      - "^docs:"
-      - "^test:"
-
-checksum:
-  name_template: "checksums.sha256"
-
-sboms:
-  - artifacts: binary
-
-krews:
-  - name: kubescape
-    ids:
-      - cli
-    skip_upload: true
-    homepage: https://kubescape.io/
-    description: It includes risk analysis, security compliance, and misconfiguration scanning with an easy-to-use CLI interface, flexible output formats, and automated scanning capabilities.
-    short_description: Scan resources and cluster configs against security frameworks.
-
-release:
-  draft: false
-  footer: >-
-
-    ---
-
-    Released by [GoReleaser](https://github.com/goreleaser/goreleaser).
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@@ -1,5 +0,0 @@
-# Adopters
-
-The Kubescape project manages this document in the central project repository.
-
-Go to the [centralized ADOPTERS.md](https://github.com/kubescape/project-governance/blob/main/ADOPTERS.md)
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -1,5 +1,127 @@
-# Code of Conduct
+# Contributor Covenant Code of Conduct

-The Kubescape project manages this document in the central project repository.
+## Our Pledge

-Go to the [centralized CODE_OF_CONDUCT.md](https://github.com/kubescape/project-governance/blob/main/CODE_OF_CONDUCT.md)
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+* Demonstrating empathy and kindness toward other people
+* Being respectful of differing opinions, viewpoints, and experiences
+* Giving and gracefully accepting constructive feedback
+* Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+* Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+* The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+* Trolling, insulting or derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+Community leaders have the right and responsibility to remove, edit, or reject
+comments, commits, code, wiki edits, issues, and other contributions that are
+not aligned to this Code of Conduct, and will communicate reasons for moderation
+decisions when appropriate.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+Examples of representing our community include using an official e-mail address,
+posting via an official social media account, or acting as an appointed
+representative at an online or offline event.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement [here](mailto:ben@armosec.io).
+All complaints will be reviewed and investigated promptly and fairly.
+
+All community leaders are obligated to respect the privacy and security of the
+reporter of any incident.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact**: Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence**: A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact**: A violation through a single incident or series
+of actions.
+
+**Consequence**: A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact**: A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence**: A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact**: Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior,  harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence**: A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.0, available at
+https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
+
+Community Impact Guidelines were inspired by [Mozilla's code of conduct
+enforcement ladder](https://github.com/mozilla/diversity).
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq. Translations are available at
+https://www.contributor-covenant.org/translations.
--- a/COMMUNITY.md
+++ b/COMMUNITY.md
@@ -1,5 +0,0 @@
-# Community
-
-The Kubescape project manages this document in the central project repository.
-
-Go to the [centralized COMMUNITY.md](https://github.com/kubescape/project-governance/blob/main/COMMUNITY.md)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,5 +1,100 @@
 # Contributing

-The Kubescape project manages this document in the central project repository.
+First, it is awesome that you are considering contributing to Kubescape! Contributing is important and fun and we welcome your efforts.

-Go to the [centralized CONTRIBUTING.md](https://github.com/kubescape/project-governance/blob/main/CONTRIBUTING.md)
+When contributing, we categorize contributions into two:
+* Small code changes or fixes, whose scope is limited to a single or two files
+* Complex features and improvements, that are not limited
+
+If you have a small change, feel free to fire up a Pull Request.
+
+When planning a bigger change, please first discuss the change you wish to make via issue,
+email, or any other method with the owners of this repository before making a change. Most likely your changes or features are great, but sometimes we might be already going in this direction (or the exact opposite ;-) ) and we don't want to waste your time.
+
+Please note we have a code of conduct, please follow it in all your interactions with the project.
+
+## Pull Request Process
+
+1. Ensure any install or build dependencies are removed before the end of the layer when doing a 
+   build.
+2. Update the README.md with details of changes to the interface, this includes new environment 
+   variables, exposed ports, useful file locations and container parameters.
+3. Open Pull Request to `dev` branch - we test the component before merging into the `master` branch
+4. We will merge the Pull Request once you have the sign-off.
+
+## Code of Conduct
+
+### Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to make participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+### Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+We will distance those who constantly adhere to unacceptable behavior.
+
+### Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective actions in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+### Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+### Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at [INSERT EMAIL ADDRESS]. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+### Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
--- a/GOVERNANCE.md
+++ b/GOVERNANCE.md
@@ -1,5 +0,0 @@
-# Governance
-
-The Kubescape project manages this document in the central project repository.
-
-Go to the [centralized GOVERNANCE.md](https://github.com/kubescape/project-governance/blob/main/GOVERNANCE.md)
--- a/MAINTAINERS.md
+++ b/MAINTAINERS.md
@@ -1,5 +1,10 @@
 # Maintainers

-The Kubescape project manages this document in the central project repository.
+The following table lists Kubescape project maintainers 

-Go to the [centralized MAINTAINERS.md](https://github.com/kubescape/project-governance/blob/main/MAINTAINERS.md)
+| Name | GitHub | Email | Organization | Role | Added/Renewed On |
+| --- | --- | --- | --- | --- | --- |
+| [Ben Hirschberg](https://www.linkedin.com/in/benyamin-ben-hirschberg-66141890) | [@slashben](https://github.com/slashben) | ben@armosec.io | [ARMO](https://www.armosec.io/) | VP R&D | 2021-09-01 |
+| [Rotem Refael](https://www.linkedin.com/in/rotem-refael) | [@rotemamsa](https://github.com/rotemamsa) | rrefael@armosec.io | [ARMO](https://www.armosec.io/) | Team Leader | 2021-10-11 |
+| [David Wertenteil](https://www.linkedin.com/in/david-wertenteil-0ba277b9) | [@dwertent](https://github.com/dwertent) | dwertent@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape CLI Developer | 2021-09-01 |
+| [Bezalel Brandwine](https://www.linkedin.com/in/bezalel-brandwine) | [@Bezbran](https://github.com/Bezbran) | bbrandwine@armosec.io | [ARMO](https://www.armosec.io/) | Kubescape SaaS Developer | 2021-09-01 |
--- a/18
+++ b/18
@@ -1,12 +1,20 @@
-.PHONY: test all build
+.PHONY: test all build libgit2

 # default task invoked while running make
-all: build
+all: libgit2 build

-export CGO_ENABLED=0
+export CGO_ENABLED=1
+
+# build and install libgit2
+libgit2:
+	-git submodule update --init --recursive
+	cd git2go; make install-static
+
+# go build tags
+TAGS = "static"

 build:
-	go build -v .
+	go build -v -tags=$(TAGS) .

 test:
-	go test -v ./...
+	go test -v -tags=$(TAGS) ./...
--- a/README.md
+++ b/README.md
@@ -1,500 +1,471 @@
-[![Version](https://img.shields.io/github/v/release/kubescape/kubescape)](https://github.com/kubescape/kubescape/releases)
-[![build](https://github.com/kubescape/kubescape/actions/workflows/02-release.yaml/badge.svg)](https://github.com/kubescape/kubescape/actions/workflows/02-release.yaml)
+<div align="center">
+    <img src="docs/kubescape.png" width="300" alt="logo">
+</div>
+
+---
+
+[![build](https://github.com/kubescape/kubescape/actions/workflows/build.yaml/badge.svg)](https://github.com/kubescape/kubescape/actions/workflows/build.yaml)
 [![Go Report Card](https://goreportcard.com/badge/github.com/kubescape/kubescape)](https://goreportcard.com/report/github.com/kubescape/kubescape)
 [![Gitpod Ready-to-Code](https://img.shields.io/badge/Gitpod-Ready--to--Code-blue?logo=gitpod)](https://gitpod.io/#https://github.com/kubescape/kubescape)
-[![GitHub](https://img.shields.io/github/license/kubescape/kubescape)](https://github.com/kubescape/kubescape/blob/master/LICENSE)
-[![CNCF](https://shields.io/badge/CNCF-Incubating%20project-blue?logo=linux-foundation&style=flat)](https://landscape.cncf.io/?item=provisioning--security-compliance--kubescape)
-[![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/kubescape)](https://artifacthub.io/packages/search?repo=kubescape)
-[![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fkubescape%2Fkubescape.svg?type=shield&issueType=license)](https://app.fossa.com/projects/git%2Bgithub.com%2Fkubescape%2Fkubescape?ref=badge_shield&issueType=license)
-[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/6944/badge)](https://www.bestpractices.dev/projects/6944)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/kubescape/kubescape/badge)](https://securityscorecards.dev/viewer/?uri=github.com/kubescape/kubescape)
-[![Docs](https://img.shields.io/badge/docs-latest-brightgreen?logo=gitbook)](https://kubescape.io/docs/)
-[![Stars](https://img.shields.io/github/stars/kubescape/kubescape?style=social)](https://github.com/kubescape/kubescape/stargazers)
-[![Twitter Follow](https://img.shields.io/twitter/follow/kubescape?style=social)](https://twitter.com/kubescape)
-[![Slack](https://img.shields.io/badge/slack-kubescape-blueviolet?logo=slack)](https://cloud-native.slack.com/archives/C04EY3ZF9GE)

-# Kubescape
+:sunglasses: [Want to contribute?](#being-a-part-of-the-team) :innocent: 

-<picture>
-  <source media="(prefers-color-scheme: dark)" srcset="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/white/kubescape-stacked-white.svg" width="150">
-  <source media="(prefers-color-scheme: light)" srcset="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/color/kubescape-stacked-color.svg" width="150">
-  <img alt="Kubescape logo" align="right" src="https://raw.githubusercontent.com/cncf/artwork/master/projects/kubescape/stacked/color/kubescape-stacked-color.svg" width="150">
-</picture>

-_Comprehensive Kubernetes Security from Development to Runtime_
+Kubescape is a K8s open-source tool providing a Kubernetes single pane of glass, including risk analysis, security compliance, RBAC visualizer, and image vulnerability scanning. 
+Kubescape scans K8s clusters, YAML files, and HELM charts, detecting misconfigurations according to multiple frameworks (such as the [NSA-CISA](https://www.armosec.io/blog/kubernetes-hardening-guidance-summary-by-armo/?utm_source=github&utm_medium=repository), [MITRE ATT&CK®](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/)), software vulnerabilities, and RBAC (role-based-access-control) violations at early stages of the CI/CD pipeline, calculates risk score instantly and shows risk trends over time.

-Kubescape is an open-source Kubernetes security platform that provides comprehensive security coverage, from left to right across the entire development and deployment lifecycle. It offers hardening, posture management, and runtime security capabilities to ensure robust protection for Kubernetes environments.
+It has become one of the fastest-growing Kubernetes tools among developers due to its easy-to-use CLI interface, flexible output formats, and automated scanning capabilities, saving Kubernetes users and admins precious time, effort, and resources.
+Kubescape integrates natively with other DevOps tools, including Jenkins, CircleCI, Github workflows, Prometheus, and Slack, and supports multi-cloud K8s deployments like EKS, GKE, and AKS.

-Kubescape was created by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository) and is a [Cloud Native Computing Foundation (CNCF) incubating project](https://www.cncf.io/projects/).
+</br>

-_Please [star ⭐](https://github.com/kubescape/kubescape/stargazers) the repo if you want us to continue developing and improving Kubescape!_
+# Kubescape CLI:
+<img src="docs/demo.gif">

---
-
-## 📑 Table of Contents
-
- [Features](#-features)
- [Demo](#-demo)
- [Quick Start](#-quick-start)
- [Installation](#-installation)
- [CLI Commands](#-cli-commands)
- [Usage Examples](#-usage-examples)
- [Architecture](#-architecture)
- [In-Cluster Operator](#-in-cluster-operator)
- [Integrations](#-integrations)
- [Community](#-community)
- [Changelog](#changelog)
- [License](#license)
-
---
-
-## ✨ Features
-
-| Feature | Description |
-|---------|-------------|
-| 🔍 **Misconfiguration Scanning** | Scan clusters, YAML files, and Helm charts against NSA-CISA, MITRE ATT&CK®, and CIS Benchmarks |
-| 🐳 **Image Vulnerability Scanning** | Detect CVEs in container images using [Grype](https://github.com/anchore/grype) |
-| 🩹 **Image Patching** | Automatically patch vulnerable images using [Copacetic](https://github.com/project-copacetic/copacetic) |
-| 🔧 **Auto-Remediation** | Automatically fix misconfigurations in Kubernetes manifests |
-| 🛡️ **Admission Control** | Enforce security policies with Validating Admission Policies (VAP) |
-| 📊 **Runtime Security** | eBPF-based runtime monitoring via [Inspektor Gadget](https://github.com/inspektor-gadget) |
-| 🤖 **AI Integration** | MCP server for AI assistant integration |
-
---
-
-## 🎬 Demo
-
-<img src="docs/img/demo-v3.gif" alt="Kubescape CLI demo">
-
---
-
-## 🚀 Quick Start
-
-### 1. Install Kubescape
+</br>

+# TL;DR
+## Install:
 ```sh
 curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
 ```

-> 💡 See [Installation](#-installation) for more options (Homebrew, Krew, Windows, etc.)
+*OR:*

-### 2. Run Your First Scan
+[Install on windows](#install-on-windows)

+[Install on macOS](#install-on-macos)
+
+[Install on NixOS or Linux/macOS via nix](#install-on-nixos-or-with-nix-community)
+
+## Run:
 ```sh
-# Scan your current cluster
-kubescape scan
-
-# Scan a specific YAML file or directory
-kubescape scan /path/to/manifests/
-
-# Scan a container image for vulnerabilities
-kubescape scan image nginx:latest
+kubescape scan --enable-host-scan --verbose
 ```

-### 3. Explore the Results
+<img src="docs/summary.png">

-Kubescape provides a detailed security posture overview including:
- Control plane security status
- Access control risks
- Workload misconfigurations
- Network policy gaps
- Compliance scores (MITRE, NSA)
+</br>

---
+> Kubescape is an open source project. We welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests more robust and complete as Kubernetes develops.

-## 📦 Installation
+</br>

-### One-Line Install (Linux/macOS)
+## Architecture in short
+### [CLI](#kubescape-cli)
+<div align="center">
+    <img src="docs/ks-cli-arch.png" width="300" alt="cli-diagram">
+</div>

-```bash
-curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash
-```
+### [Operator](https://github.com/kubescape/helm-charts#readme)
+<div align="center">
+    <img src="docs/ks-operator-arch.png" width="300" alt="operator-diagram">
+</div>

-### Package Managers
+### Please [star ⭐](https://github.com/kubescape/kubescape/stargazers) the repo if you want us to continue developing and improving Kubescape 😀

-| Platform | Command |
-|----------|---------|
-| **Homebrew** | `brew install kubescape` |
-| **Krew** | `kubectl krew install kubescape` |
-| **Arch Linux** | `yay -S kubescape` |
-| **Ubuntu** | `sudo add-apt-repository ppa:kubescape/kubescape && sudo apt install kubescape` |
-| **NixOS** | `nix-shell -p kubescape` |
-| **Chocolatey** | `choco install kubescape` |
-| **Scoop** | `scoop install kubescape` |
+</br>

-### Windows (PowerShell)
+# Being a part of the team

-```powershell
+## Community
+We invite you to our community! We are excited about this project and want to return the love we get.
+
+We hold community meetings in [Zoom](https://us02web.zoom.us/j/84020231442) on the first Tuesday of every month at 14:00 GMT! :sunglasses:
+
+## Contributions 
+[Want to contribute?](https://github.com/kubescape/kubescape/blob/master/CONTRIBUTING.md) Want to discuss something? Have an issue? Please make sure that you follow our [Code Of Conduct](https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md) . 
+
+* Feel free to pick a task from the [issues](https://github.com/kubescape/kubescape/issues?q=is%3Aissue+is%3Aopen+label%3A%22open+for+contribution%22), [roadmap](docs/roadmap.md) or suggest a feature of your own. [Contact us](MAINTAINERS.md) directly for more information :) 
+* [Open an issue](https://github.com/kubescape/kubescape/issues/new/choose) , we are trying to respond within 48 hours
+* [Join us](https://discord.com/invite/WKZRaCtBxN) in the discussion on our discord server!
+
+[<img src="docs/discord-banner.png" width="100" alt="logo" align="center">](https://discord.com/invite/WKZRaCtBxN)
+![discord](https://img.shields.io/discord/893048809884643379)
+
+
+# Options and examples
+
+[Kubescape docs](https://hub.armosec.io/docs?utm_source=github&utm_medium=repository)
+
+## Playground
+* [Kubescape playground](https://killercoda.com/saiyampathak/scenario/kubescape)
+
+## Tutorials
+
+* [Overview](https://youtu.be/wdBkt_0Qhbg)
+* [How To Secure Kubernetes Clusters With Kubescape And Armo](https://youtu.be/ZATGiDIDBQk)
+* [Scan Kubernetes YAML files](https://youtu.be/Ox6DaR7_4ZI)
+* [Scan container image registry](https://youtu.be/iQ_k8EnK-3s)
+* [Scan Kubescape on an air-gapped environment (offline support)](https://youtu.be/IGXL9s37smM)
+* [Managing exceptions in the Kubescape SaaS version](https://youtu.be/OzpvxGmCR80)
+* [Configure and run customized frameworks](https://youtu.be/12Sanq_rEhs)
+* Customize control configurations: 
+  - [Kubescape CLI](https://youtu.be/955psg6TVu4) 
+  - [Kubescape SaaS](https://youtu.be/lIMVSVhH33o)
+
+## Install on Windows
+
+<details><summary>Windows</summary>
+
+**Requires powershell v5.0+**
+
+``` powershell
 iwr -useb https://raw.githubusercontent.com/kubescape/kubescape/master/install.ps1 | iex
 ```

-📖 **[Full Installation Guide →](docs/installation.md)**
+Note: if you get an error you might need to change the execution policy (i.e. enable Powershell) with

---
+``` powershell
+Set-ExecutionPolicy RemoteSigned -scope CurrentUser
+```
+</details>

-## 🛠️ CLI Commands

-Kubescape provides a comprehensive CLI with the following commands:
+## Install on macOS

-| Command | Description |
-|---------|-------------|
-| [`kubescape scan`](#scanning) | Scan cluster, files, or images for security issues |
-| [`kubescape scan image`](#image-scanning) | Scan container images for vulnerabilities |
-| [`kubescape fix`](#auto-fix) | Auto-fix misconfigurations in manifest files |
-| [`kubescape patch`](#image-patching) | Patch container images to fix vulnerabilities |
-| [`kubescape list`](#list-frameworks-and-controls) | List available frameworks and controls |
-| [`kubescape download`](#offline-support) | Download artifacts for offline/air-gapped use |
-| [`kubescape config`](#configuration) | Manage cached configurations |
-| [`kubescape operator`](#operator-commands) | Interact with in-cluster Kubescape operator |
-| [`kubescape vap`](#validating-admission-policies) | Manage Validating Admission Policies |
-| [`kubescape mcpserver`](#mcp-server) | Start MCP server for AI assistant integration |
-| `kubescape completion` | Generate shell completion scripts |
-| `kubescape version` | Display version information |
+<details><summary>MacOS</summary>

---
+1. ```sh
+    brew tap kubescape/tap
+    ```
+2. ```sh
+    brew install kubescape-cli
+    ```
+</details>

-## 📖 Usage Examples
+## Install on NixOS or with nix (Community)

-### Scanning
+<details><summary>Nix/NixOS</summary>

-#### Scan a Running Cluster
+Direct issues installing `kubescape` via `nix` through the channels mentioned [here](https://nixos.wiki/wiki/Support)

-```bash
-# Default scan (all frameworks)
-kubescape scan
+You can use `nix` on Linux or macOS and on other platforms unofficially.

-# Scan with a specific framework
+Try it out in an ephemeral shell: `nix-shell -p kubescape`
+
+Install declarative as usual
+
+NixOS:
+
+```nix
+  # your other config ...
+  environment.systemPackages = with pkgs; [
+    # your other packages ...
+    kubescape
+  ];
+```
+
+home-manager:
+
+```nix
+  # your other config ...
+  home.packages = with pkgs; [
+    # your other packages ...
+    kubescape
+  ];
+```
+
+Or to your profile (not preferred): `nix-env --install -A nixpkgs.kubescape`
+
+</details>
+
+## Usage & Examples
+
+### Examples
+
+
+#### Scan a running Kubernetes cluster
+```
+kubescape scan --enable-host-scan  --verbose
+```
+
+> Read [here](https://hub.armosec.io/docs/host-sensor?utm_source=github&utm_medium=repository) more about the `enable-host-scan` flag
+
+#### Scan a running Kubernetes cluster with [`nsa`](https://www.nsa.gov/Press-Room/News-Highlights/Article/Article/2716980/nsa-cisa-release-kubernetes-hardening-guidance/) framework
+```
 kubescape scan framework nsa
+```
+
+
+#### Scan a running Kubernetes cluster with [`MITRE ATT&CK®`](https://www.microsoft.com/security/blog/2021/03/23/secure-containerized-environments-with-updated-threat-matrix-for-kubernetes/) framework
+```
 kubescape scan framework mitre
-kubescape scan framework cis-v1.23-t1.0.1
-
-# Scan a specific control
-kubescape scan control C-0005 -v
 ```

-#### Scan Files and Repositories

-```bash
-# Scan local YAML files
-kubescape scan /path/to/manifests/
-
-# Scan a Helm chart
-kubescape scan /path/to/helm/chart/
-
-# Scan a Git repository
-kubescape scan https://github.com/kubescape/kubescape
-
-# Scan with Kustomize
-kubescape scan /path/to/kustomize/directory/
+#### Scan a running Kubernetes cluster with a specific control using the control name or control ID. [List of controls](https://hub.armosec.io/docs/controls?utm_source=github&utm_medium=repository) 
+```
+kubescape scan control "Privileged container"
 ```

-#### Scan Options
+#### Scan using an alternative kubeconfig file
+```
+kubescape scan --kubeconfig cluster.conf
+```

-```bash
-# Include/exclude namespaces
-kubescape scan --include-namespaces production,staging
+#### Scan specific namespaces
+```
+kubescape scan --include-namespaces development,staging,production
+```
+
+#### Scan cluster and exclude some namespaces
+```
 kubescape scan --exclude-namespaces kube-system,kube-public
-
-# Use alternative kubeconfig
-kubescape scan --kubeconfig /path/to/kubeconfig
-
-# Set compliance threshold (exit code 1 if below threshold)
-kubescape scan --compliance-threshold 80
-
-# Set severity threshold
-kubescape scan --severity-threshold high
 ```

-#### Output Formats
+#### Scan local `yaml`/`json` files before deploying. [Take a look at the demonstration](https://youtu.be/Ox6DaR7_4ZI).
+```
+kubescape scan *.yaml
+```

-```bash
-# JSON output
-kubescape scan --format json --output results.json
+#### Scan Kubernetes manifest files from a git repository 
+kubescape scan https://github.com/kubescape/kubescape
+```

-# JUnit XML (for CI/CD)
+#### Display all scanned resources (including the resources which passed) 
+```
+kubescape scan --verbose
+```
+
+#### Output in `json` format
+
+> Add the `--format-version v2` flag 
+
+```
+kubescape scan --format json --format-version v2 --output results.json
+```
+
+#### Output in `junit xml` format
+```
 kubescape scan --format junit --output results.xml
-
-# SARIF (for GitHub Code Scanning)
-kubescape scan --format sarif --output results.sarif
-
-# HTML report
-kubescape scan --format html --output report.html
-
-# PDF report
-kubescape scan --format pdf --output report.pdf
 ```

-### Image Scanning
+#### Output in `pdf` format - Contributed by [@alegrey91](https://github.com/alegrey91)

-```bash
-# Scan a public image
-kubescape scan image nginx:1.21
-
-# Scan with verbose output
-kubescape scan image nginx:1.21 -v
-
-# Scan a private registry image
-kubescape scan image myregistry/myimage:tag --username user --password pass
+```
+kubescape scan --format pdf --output results.pdf
 ```

-### Auto-Fix
+#### Output in `prometheus` metrics format - Contributed by [@Joibel](https://github.com/Joibel)

-Automatically fix misconfigurations in your manifest files:
-
-```bash
-# First, scan and save results to JSON
-kubescape scan /path/to/manifests --format json --output results.json
-
-# Then apply fixes
-kubescape fix results.json
-
-# Dry run (preview changes without applying)
-kubescape fix results.json --dry-run
-
-# Apply fixes without confirmation prompts
-kubescape fix results.json --no-confirm
+```
+kubescape scan --format prometheus
 ```

-### Image Patching
+#### Output in `html` format

-Patch container images to fix OS-level vulnerabilities:
-
-```bash
-# Start buildkitd (required)
-sudo buildkitd &
-
-# Patch an image
-sudo kubescape patch --image docker.io/library/nginx:1.22
-
-# Specify custom output tag
-sudo kubescape patch --image nginx:1.22 --tag nginx:1.22-patched
-
-# See detailed vulnerability report
-sudo kubescape patch --image nginx:1.22 -v
+```
+kubescape scan --format html --output results.html
 ```

-📖 **[Full Patch Command Documentation →](cmd/patch/README.md)**
-
-### List Frameworks and Controls
-
-```bash
-# List available frameworks
-kubescape list frameworks
-
-# List all controls
-kubescape list controls
-
-# Output as JSON
-kubescape list controls --format json
+#### Scan with exceptions, objects with exceptions will be presented as `exclude` and not `fail`
+[Full documentation](examples/exceptions/README.md)
+```
+kubescape scan --exceptions examples/exceptions/exclude-kube-namespaces.json
 ```

-### Offline Support
+#### Scan Helm charts 
+```
+kubescape scan </path/to/directory>
+```
+> Kubescape will load the default value file

-Download artifacts for air-gapped environments:
+#### Scan Kustomize Directory 
+```
+kubescape scan </path/to/directory>
+```
+> Kubescape will generate Kubernetes Yaml Objects using 'Kustomize' file and scans them for security.

-```bash
-# Download all artifacts
-kubescape download artifacts --output /path/to/offline/dir
+### Offline/Air-gaped Environment Support

-# Download a specific framework
-kubescape download framework nsa --output /path/to/nsa.json
+[Video tutorial](https://youtu.be/IGXL9s37smM)

-# Scan using downloaded artifacts
-kubescape scan --use-artifacts-from /path/to/offline/dir
+It is possible to run Kubescape offline!
+#### Download all artifacts
+
+1. Download and save in local directory, if path not specified, will save all in `~/.kubescape`
+```
+kubescape download artifacts --output path/to/local/dir
+```
+2. Copy the downloaded artifacts to the air-gaped/offline environment
+
+3. Scan using the downloaded artifacts
+```
+kubescape scan --use-artifacts-from path/to/local/dir
 ```

-### Configuration
+#### Download a single artifact

-```bash
-# View current configuration
-kubescape config view
+You can also download a single artifact and scan with the `--use-from` flag

-# Set account ID
-kubescape config set accountID <your-account-id>
+1. Download and save in a file, if the file name is not specified, will save in `~/.kubescape/<framework name>.json`
+```
+kubescape download framework nsa --output /path/nsa.json
+```
+2. Copy the downloaded artifacts to the air-gaped/offline environment

-# Delete cached configuration
-kubescape config delete
+3. Scan using the downloaded framework
+```
+kubescape scan framework nsa --use-from /path/nsa.json
 ```

-### Operator Commands

-Interact with the in-cluster Kubescape operator:
+## Scan Periodically using Helm 
+[Please follow the instructions here](https://hub.armosec.io/docs/installation-of-armo-in-cluster?utm_source=github&utm_medium=repository)
+[helm chart repo](https://github.com/armosec/armo-helm)

-```bash
-# Trigger a configuration scan
-kubescape operator scan configurations
+# Integrations

-# Trigger a vulnerability scan
-kubescape operator scan vulnerabilities
+## VS Code Extension 
+
+![Visual Studio Marketplace Downloads](https://img.shields.io/visual-studio-marketplace/d/kubescape.kubescape?label=VScode) ![Open VSX](https://img.shields.io/open-vsx/dt/kubescape/kubescape?label=openVSX&color=yellowgreen)
+
+Scan the YAML files while writing them using the [vs code extension](https://github.com/armosec/vscode-kubescape/blob/master/README.md) 
+
+## Lens Extension
+
+View Kubescape scan results directly in [Lens IDE](https://k8slens.dev/) using kubescape [Lens extension](https://github.com/armosec/lens-kubescape/blob/master/README.md)
+
+
+# Building Kubescape
+
+## Build on Windows
+
+<details><summary>Windows</summary>
+
+1. Install MSYS2 & build libgit _(needed only for the first time)_
+
+    ```
+    build.bat all
+    ```
+
+> You can install MSYS2 separately by running `build.bat install` and build libgit2 separately by running `build.bat build`
+
+2. Build kubescape
+
+    ```
+    make build
+    ```
+
+    OR 
+
+    ```
+    go build -tags=static .
+    ```
+</details>
+
+## Build on Linux/MacOS
+
+<details><summary>Linux / MacOS</summary>
+
+1. Install libgit2 dependency _(needed only for the first time)_
+   
+    ```
+    make libgit2
+    ```
+
+> `cmake` is required to build libgit2. You can install it by running `sudo apt-get install cmake` (Linux) or `brew install cmake` (macOS)
+
+2. Build kubescape
+
+    ```
+    make build
+    ```
+
+    OR 
+
+    ```
+    go build -tags=static .
+    ```
+
+3. Test
+
+    ```
+    make test
+    ```
+
+</details>
+
+## Build on pre-configured killercoda's ubuntu playground
+
+* [Pre-configured Killercoda's Ubuntu Playground](https://killercoda.com/suhas-gumma/scenario/kubescape-build-for-development)
+
+<details><summary> Pre-programmed actions executed by the playground </summary>
+
+
+* Clone the official GitHub repository of `Kubescape`.
+* [Automate the build process on Linux](https://github.com/kubescape/kubescape#build-on-linuxmacos)
+* The entire process involves executing multiple commands in order and it takes around 5-6 minutes to execute them all.
+
+</details>
+
+<details>
+<summary>Instructions to use the playground</summary>
+
+* Apply changes you wish to make to the kubescape directory using text editors like `Vim`.
+* [Build on Linux](https://github.com/kubescape/kubescape#build-on-linuxmacos)
+* Now, you can use Kubescape just like a normal user. Instead of using `kubescape`, use `./kubescape`. (Make sure you are inside kubescape directory because the command will execute the binary named `kubescape` in `kubescape directory`)
+
+</details>
+
+## VS code configuration samples
+
+You can use the sample files below to setup your VS code environment for building and debugging purposes.
+
+
+<details><summary>.vscode/settings.json</summary>
+
+```json5
+// .vscode/settings.json
+{
+    "go.testTags": "static",
+    "go.buildTags": "static",
+    "go.toolsEnvVars": {
+        "CGO_ENABLED": "1"
+    }
+}
 ```
+</details>

-### Validating Admission Policies
+<details><summary>.vscode/launch.json</summary>

-Manage Kubernetes Validating Admission Policies:
-
-```bash
-# Deploy the Kubescape CEL admission policy library
-kubescape vap deploy-library | kubectl apply -f -
-
-# Create a policy binding
-kubescape vap create-policy-binding \
-  --name my-policy-binding \
-  --policy c-0016 \
-  --namespace my-namespace | kubectl apply -f -
+```json5
+// .vscode/launch.json
+{
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch Package",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}/main.go",
+            "args": [
+                "scan",
+                "--logger",
+                "debug"
+            ],
+            "buildFlags": "-tags=static"
+        }
+    ]
+}
 ```
+</details>

-### MCP Server
+# Under the hood

-Start an MCP (Model Context Protocol) server for AI assistant integration:
+## Technology
+Kubescape is based on the [OPA engine](https://github.com/open-policy-agent/opa) and ARMO's posture controls.

-```bash
-kubescape mcpserver
-```
+The tools retrieve Kubernetes objects from the API server and run a set of [rego's snippets](https://www.openpolicyagent.org/docs/latest/policy-language/) developed by [ARMO](https://www.armosec.io?utm_source=github&utm_medium=repository).

-The MCP server exposes Kubescape's vulnerability and configuration scan data to AI assistants, enabling natural language queries about your cluster's security posture.
+The results by default are printed in a pretty "console friendly" manner, but they can be retrieved in JSON format for further processing.

-**Available MCP Tools:**
- `list_vulnerability_manifests` - Discover vulnerability manifests
- `list_vulnerabilities_in_manifest` - List CVEs in a manifest
- `list_vulnerability_matches_for_cve` - Get details for a specific CVE
- `list_configuration_security_scan_manifests` - List configuration scan results
- `get_configuration_security_scan_manifest` - Get configuration scan details
+Kubescape is an open source project, we welcome your feedback and ideas for improvement. We’re also aiming to collaborate with the Kubernetes community to help make the tests more robust and complete as Kubernetes develops.

---
-
-## 🏗️ Architecture
-
-Kubescape can run in two modes:
-
-### CLI Mode
-
-The CLI is a standalone tool that scans clusters, files, and images on-demand.
-
-<div align="center">
-    <img src="docs/img/ks-cli-arch.png" width="600" alt="CLI Architecture">
-</div>
-
-**Key Components:**
- **[Open Policy Agent (OPA)](https://github.com/open-policy-agent/opa)** - Policy evaluation engine
- **[Regolibrary](https://github.com/kubescape/regolibrary)** - Library of security controls
- **[Grype](https://github.com/anchore/grype)** - Image vulnerability scanning
- **[Copacetic](https://github.com/project-copacetic/copacetic)** - Image patching
-
-### Operator Mode (In-Cluster)
-
-For continuous monitoring, deploy the Kubescape operator via Helm.
-
-<div align="center">
-    <img src="docs/img/ks-operator-arch.png" width="600" alt="Operator Architecture">
-</div>
-
-**Additional Capabilities:**
- Continuous configuration scanning
- Image vulnerability scanning
- Runtime analysis with eBPF
- Network policy generation
-
-📖 **[Full Architecture Documentation →](docs/architecture.md)**
-
---
-
-## ☸️ In-Cluster Operator
-
-The Kubescape operator provides continuous security monitoring in your cluster:
-
-```bash
-# Add the Kubescape Helm repository
-helm repo add kubescape https://kubescape.github.io/helm-charts/
-
-# Install the operator
-helm upgrade --install kubescape kubescape/kubescape-operator \
-  --namespace kubescape \
-  --create-namespace
-```
-
-**Operator Features:**
- 🔄 Continuous misconfiguration scanning
- 🐳 Image vulnerability scanning for all workloads
- 🔍 Runtime threat detection (eBPF-based)
- 🌐 Network policy generation
- 📈 Prometheus metrics integration
-
-📖 **[Operator Installation Guide →](https://kubescape.io/docs/operator/)**
-
---
-
-## 🔌 Integrations
-
-### CI/CD
-
-| Platform | Integration |
-|----------|-------------|
-| **GitHub Actions** | [kubescape/github-action](https://github.com/marketplace/actions/kubescape) |
-| **GitLab CI** | [Documentation](https://kubescape.io/docs/integrations/gitlab/) |
-| **Jenkins** | [Documentation](https://kubescape.io/docs/integrations/jenkins/) |
-
-### IDE Extensions
-
-| IDE | Extension |
-|-----|-----------|
-| **VS Code** | [Kubescape Extension](https://marketplace.visualstudio.com/items?itemName=kubescape.kubescape) |
-| **Lens** | [Kubescape Lens Extension](https://github.com/armosec/lens-kubescape) |
-
-### Where You Can Use Kubescape
-
-<div align="center">
-    <img src="docs/img/ksfromcodetodeploy.png" alt="Kubescape integration points: IDE, CI, CD, Runtime">
-</div>
-
---
-
-## 👥 Community
-
-Kubescape is a CNCF incubating project with an active community.
-
-### Get Involved
-
- 💬 **[Slack - Users Channel](https://cloud-native.slack.com/archives/C04EY3ZF9GE)** - Ask questions, get help
- 💬 **[Slack - Developers Channel](https://cloud-native.slack.com/archives/C04GY6H082K)** - Contribute to development
- 🐛 **[GitHub Issues](https://github.com/kubescape/kubescape/issues)** - Report bugs and request features
- 📋 **[Project Board](https://github.com/orgs/kubescape/projects/4)** - See what we're working on
- 🗺️ **[Roadmap](https://github.com/kubescape/project-governance/blob/main/ROADMAP.md)** - Future plans
-
-### Contributing
-
-We welcome contributions! Please see our:
- **[Contributing Guide](https://github.com/kubescape/project-governance/blob/main/CONTRIBUTING.md)**
- **[Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md)**
-
-### Community Resources
-
- **[Community Info](https://github.com/kubescape/project-governance/blob/main/COMMUNITY.md)**
- **[Governance](https://github.com/kubescape/project-governance/blob/main/GOVERNANCE.md)**
- **[Security Policy](https://github.com/kubescape/project-governance/blob/main/SECURITY.md)**
- **[Maintainers](https://github.com/kubescape/project-governance/blob/main/MAINTAINERS.md)**
-
-### Contributors
-
-<a href="https://github.com/kubescape/kubescape/graphs/contributors">
-  <img src="https://contrib.rocks/image?repo=kubescape/kubescape"/>
+## Thanks to all the contributors ❤️
+<a href = "https://github.com/kubescape/kubescape/graphs/contributors">
+  <img src = "https://contrib.rocks/image?repo=kubescape/kubescape"/>
 </a>

---
-
-## Changelog
-
-Kubescape changes are tracked on the [releases page](https://github.com/kubescape/kubescape/releases).
-
---
-
-## License
-
-Copyright 2021-2025, the Kubescape Authors. All rights reserved.
-
-Kubescape is released under the [Apache 2.0 license](LICENSE).
-
-Kubescape is a [Cloud Native Computing Foundation (CNCF) incubating project](https://www.cncf.io/projects/kubescape/) and was contributed by [ARMO](https://www.armosec.io/?utm_source=github&utm_medium=repository).
-
-<div align="center">
-    <img src="https://raw.githubusercontent.com/cncf/artwork/refs/heads/main/other/cncf-member/incubating/color/cncf-incubating-color.svg" width="300" alt="CNCF Incubating Project">
-</div>
--- a/SECURITY-INSIGHTS.yml
+++ b/SECURITY-INSIGHTS.yml
@@ -1,56 +0,0 @@
-header:
-  schema-version: 1.0.0
-  last-updated: '2023-10-12'
-  last-reviewed: '2023-10-12'
-  expiration-date: '2024-10-12T01:00:00.000Z'
-  project-url: https://github.com/kubescape/kubescape/
-  project-release: 1.0.0
-project-lifecycle:
-  status: active
-  bug-fixes-only: false
-  core-maintainers:
-  - github:amirmalka
-  - github:amitschendel
-  - github:bezbran
-  - github:craigbox
-  - github:dwertent
-  - github:matthyx
-  - github:rotemamsa
-  - github:slashben
-contribution-policy:
-  accepts-pull-requests: true
-  accepts-automated-pull-requests: false
-  code-of-conduct: https://github.com/kubescape/kubescape/blob/master/CODE_OF_CONDUCT.md
-dependencies:
-  third-party-packages: true
-  dependencies-lists:
-  - https://github.com/kubescape/kubescape/blob/master/go.mod
-  - https://github.com/kubescape/kubescape/blob/master/httphandler/go.mod
-  env-dependencies-policy:
-    policy-url: https://github.com/kubescape/kubescape/blob/master/docs/environment-dependencies-policy.md
-documentation:
- https://github.com/kubescape/kubescape/tree/master/docs
-distribution-points:
- https://github.com/kubescape/kubescape/
-security-artifacts:
-  threat-model:
-    threat-model-created: false
-security-testing:
- tool-type: sca
-  tool-name: Dependabot
-  tool-version: latest
-  integration:
-    ad-hoc: false
-    ci: true
-    before-release: true
-  comment: |
-    Dependabot is enabled for this repo.
-security-contacts:
- type: email
-  value: cncf-kubescape-maintainers@lists.cncf.io
-vulnerability-reporting:
-  accepts-vulnerability-reports: true
-  security-policy: https://github.com/kubescape/kubescape/security/policy
-  email-contact: cncf-kubescape-maintainers@lists.cncf.io
-  comment: |
-    The first and best way to report a vulnerability is by using private security issues in GitHub.
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,5 +0,0 @@
-# Security
-
-The Kubescape project manages this document in the central project repository.
-
-Go to the [centralized SECURITY.md](https://github.com/kubescape/project-governance/blob/main/SECURITY.md)
--- a/build.bat
+++ b/build.bat
@@ -0,0 +1,51 @@
+@ECHO OFF
+
+IF "%1"=="install" goto Install
+IF "%1"=="build" goto Build
+IF "%1"=="all" goto All
+IF "%1"=="" goto Error ELSE goto Error
+
+:Install
+
+if exist C:\MSYS64\ (
+    echo "MSYS2 already installed"
+) else (
+    mkdir temp_install & cd temp_install
+
+    echo "Downloading MSYS2..."
+    curl -L https://github.com/msys2/msys2-installer/releases/download/2022-06-03/msys2-x86_64-20220603.exe > msys2-x86_64-20220603.exe
+
+    echo "Installing MSYS2..."
+    msys2-x86_64-20220603.exe install --root C:\MSYS64 --confirm-command
+
+    cd .. && rmdir /s /q temp_install
+)
+
+
+echo "Adding MSYS2 to path..."
+SET "PATH=C:\MSYS64\mingw64\bin;C:\MSYS64\usr\bin;%PATH%"
+echo %PATH%
+
+echo "Installing MSYS2 packages..."
+pacman -S --needed --noconfirm make
+pacman -S --needed --noconfirm mingw-w64-x86_64-cmake
+pacman -S --needed --noconfirm mingw-w64-x86_64-gcc
+pacman -S --needed --noconfirm mingw-w64-x86_64-pkg-config
+pacman -S --needed --noconfirm msys2-w32api-runtime
+
+IF "%1"=="all" GOTO Build
+GOTO End
+
+:Build
+SET "PATH=C:\MSYS2\mingw64\bin;C:\MSYS2\usr\bin;%PATH%"
+make libgit2
+GOTO End
+
+:All
+GOTO Install
+
+:Error
+echo "Error: Unknown option"
+GOTO End
+
+:End
--- a/build.py
+++ b/build.py
@@ -0,0 +1,80 @@
+import os
+import sys
+import hashlib
+import platform
+import subprocess
+
+BASE_GETTER_CONST = "github.com/kubescape/kubescape/v2/core/cautils/getter"
+
+def check_status(status, msg):
+    if status != 0:
+        sys.stderr.write(msg)
+        exit(status)
+
+
+def get_build_dir():
+    current_platform = platform.system()
+    build_dir = ""
+
+    if current_platform == "Windows": build_dir = "windows-latest"
+    elif current_platform == "Linux": build_dir = "ubuntu-latest"
+    elif current_platform == "Darwin": build_dir = "macos-latest"
+    else: raise OSError("Platform %s is not supported!" % (current_platform))
+
+    return os.path.join("build", build_dir)
+
+
+def get_package_name():
+    package_name = "kubescape"
+
+    return package_name
+
+
+def main():
+    print("Building Kubescape")
+
+    # Set some variables
+    package_name = get_package_name()
+    build_url = "github.com/kubescape/kubescape/v2/core/cautils.BuildNumber"
+    release_version = os.getenv("RELEASE")
+
+    client_var = "github.com/kubescape/kubescape/v2/core/cautils.Client"
+    client_name = os.getenv("CLIENT")
+    
+    # Create build directory
+    build_dir = get_build_dir()
+
+    ks_file = os.path.join(build_dir, package_name)
+    hash_file = ks_file + ".sha256"
+
+    if not os.path.isdir(build_dir):
+        os.makedirs(build_dir)
+
+    # Build kubescape
+    ldflags = "-w -s"
+    if release_version:
+        ldflags += " -X {}={}".format(build_url, release_version)
+    if client_name:
+        ldflags += " -X {}={}".format(client_var, client_name)
+ 
+    build_command = ["go", "build", "-tags=static", "-o", ks_file, "-ldflags" ,ldflags]
+
+    print("Building kubescape and saving here: {}".format(ks_file))
+    print("Build command: {}".format(" ".join(build_command)))
+
+    status = subprocess.call(build_command)
+    check_status(status, "Failed to build kubescape")
+    
+    sha256 = hashlib.sha256()
+    with open(ks_file, "rb") as kube:
+        sha256.update(kube.read())
+        with open(hash_file, "w") as kube_sha:
+            hash = sha256.hexdigest()
+            print("kubescape hash: {}, file: {}".format(hash, hash_file))
+            kube_sha.write(sha256.hexdigest())
+
+    print("Build Done")
+ 
+ 
+if __name__ == "__main__":
+    main()
--- a/build/Dockerfile
+++ b/build/Dockerfile
@@ -1,14 +1,51 @@
-FROM gcr.io/distroless/static-debian13:nonroot
+FROM golang:1.18-alpine as builder

-USER nonroot
-WORKDIR /home/nonroot/
+ARG image_version
+ARG client

-ARG TARGETPLATFORM
-COPY $TARGETPLATFORM/downloader /usr/bin/downloader
-RUN ["downloader"]
-COPY $TARGETPLATFORM/ksserver /usr/bin/ksserver
+ENV RELEASE=$image_version
+ENV CLIENT=$client

-ARG image_version client
-ENV RELEASE=$image_version CLIENT=$client
+ENV GO111MODULE=
+
+ENV CGO_ENABLED=1
+
+# Install required python/pip
+ENV PYTHONUNBUFFERED=1
+RUN apk add --update --no-cache python3 git openssl-dev musl-dev gcc make cmake pkgconfig && ln -sf python3 /usr/bin/python
+RUN python3 -m ensurepip
+RUN pip3 install --no-cache --upgrade pip setuptools
+
+WORKDIR /work
+ADD . .
+
+# install libgit2
+RUN rm -rf git2go && make libgit2
+
+# build kubescape server
+WORKDIR /work/httphandler
+RUN python build.py
+RUN ls -ltr build/ubuntu-latest
+
+# build kubescape cmd
+WORKDIR /work
+RUN python build.py
+
+RUN /work/build/ubuntu-latest/kubescape download artifacts -o /work/artifacts
+
+FROM alpine:3.16.2
+
+RUN addgroup -S ks && adduser -S ks -G ks
+
+COPY --from=builder /work/artifacts/ /home/ks/.kubescape
+
+RUN chown -R ks:ks /home/ks/.kubescape
+
+USER ks
+
+WORKDIR /home/ks
+
+COPY --from=builder /work/httphandler/build/ubuntu-latest/kubescape /usr/bin/ksserver
+COPY --from=builder /work/build/ubuntu-latest/kubescape /usr/bin/kubescape

 ENTRYPOINT ["ksserver"]
--- a/build/Dockerfile.dockerignore
+++ b/build/Dockerfile.dockerignore
@@ -1,2 +0,0 @@
-.git
-kubescape*
--- a/build/README.md
+++ b/build/README.md
@@ -1,241 +1,13 @@
-# Building Kubescape
+## Docker Build

-This guide covers how to build Kubescape from source.
+### Build your own Docker image

-## Table of Contents
-
- [Prerequisites](#prerequisites)
- [Building the CLI](#building-the-cli)
- [Building Docker Images](#building-docker-images)
- [Build Options](#build-options)
- [Development Setup](#development-setup)
- [Troubleshooting](#troubleshooting)
-
---
-
-## Prerequisites
-
-### Required
-
- **Go 1.23+** - [Installation Guide](https://golang.org/doc/install)
- **Git** - For cloning the repository
- **Make** - For running build commands
-
-### Optional (for Docker builds)
-
- **Docker** - [Installation Guide](https://docs.docker.com/get-docker/)
- **Docker Buildx** - For multi-platform builds (included with Docker Desktop)
- **GoReleaser** - [Installation Guide](https://goreleaser.com/install/)
-
-### Verify Prerequisites
-
-```bash
-go version    # Should be 1.23 or higher
-git --version
-make --version
-docker --version      # Optional
-goreleaser --version  # Optional
+1. Clone Project
+```
+git clone https://github.com/kubescape/kubescape.git kubescape && cd "$_"
 ```

---
-
-## Building the CLI
-
-### Clone the Repository
-
-```bash
-git clone https://github.com/kubescape/kubescape.git
-cd kubescape
+2. Build
 ```
-
-### Build with Make
-
-```bash
-# Build for your current platform
-make build
-
-# The binary will be at ./kubescape
-./kubescape version
-```
-
-### Build Directly with Go
-
-```bash
-go build -o kubescape .
-```
-
-### Build with GoReleaser
-
-```bash
-# Build for your current platform
-RELEASE=v0.0.1 CLIENT=local goreleaser build --snapshot --clean --single-target
-```
-
-### Cross-Compilation
-
-Build for different platforms:
-
-```bash
-# Linux (amd64)
-GOOS=linux GOARCH=amd64 go build -o kubescape-linux-amd64 .
-
-# Linux (arm64)
-GOOS=linux GOARCH=arm64 go build -o kubescape-linux-arm64 .
-
-# macOS (amd64)
-GOOS=darwin GOARCH=amd64 go build -o kubescape-darwin-amd64 .
-
-# macOS (arm64 / Apple Silicon)
-GOOS=darwin GOARCH=arm64 go build -o kubescape-darwin-arm64 .
-
-# Windows (amd64)
-GOOS=windows GOARCH=amd64 go build -o kubescape-windows-amd64.exe .
-```
-
---
-
-## Building Docker Images
-
-Kubescape uses [GoReleaser](https://goreleaser.com/) to build its Docker images. The Dockerfiles are specifically designed to work with GoReleaser's build pipeline, which handles cross-compilation and places binaries in the expected directory structure.
-
-### Build with GoReleaser
-
-The recommended way to build Docker images locally is using GoReleaser. Note that `RELEASE`, `CLIENT`, and `RUN_E2E` environment variables are required:
-
-```bash
-# Build all artifacts and Docker images locally without publishing
-# --skip=before,krew,nfpm,sbom skips unnecessary steps for faster local builds
-RELEASE=v0.0.1 CLIENT=local RUN_E2E=false goreleaser release --snapshot --clean --skip=before,nfpm,sbom
-```
-
-Please read the [GoReleaser documentation](https://goreleaser.com/customization/dockers_v2/#testing-locally) for more details on using it for local testing.
-
---
-
-## Build Options
-
-### Make Targets
-
-| Target | Description |
-|--------|-------------|
-| `make build` | Build the Kubescape binary |
-| `make test` | Run unit tests |
-| `make all` | Build everything |
-| `make clean` | Remove build artifacts |
-
-### Build Tags
-
-You can use Go build tags to customize the build:
-
-```bash
-# Example with build tags
-go build -tags "netgo" -o kubescape .
-```
-
-### Version Information
-
-To embed version information in the build:
-
-```bash
-VERSION=$(git describe --tags --always)
-BUILD_DATE=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
-COMMIT=$(git rev-parse HEAD)
-
-go build -ldflags "-X main.version=$VERSION -X main.buildDate=$BUILD_DATE -X main.commit=$COMMIT" -o kubescape .
-```
-
---
-
-## Development Setup
-
-### Install Development Dependencies
-
-```bash
-# Install golangci-lint for linting
-go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-
-# Install other tools as needed
-go mod download
-```
-
-### Run Tests
-
-```bash
-# Run all tests
-make test
-
-# Run tests with coverage
-go test -cover ./...
-
-# Run specific package tests
-go test ./core/...
-```
-
-### Run Linter
-
-```bash
-golangci-lint run
-```
-
-### Code Formatting
-
-```bash
-go fmt ./...
-```
-
---
-
-## Troubleshooting
-
-### Build Fails with "module not found"
-
-```bash
-# Update dependencies
-go mod tidy
-go mod download
-```
-
-### CGO-related Errors
-
-If you encounter CGO errors, try building with CGO disabled:
-
-```bash
-CGO_ENABLED=0 go build -o kubescape .
-```
-
-### Docker Build Fails
-
-Ensure Docker daemon is running and you have sufficient permissions.
-
-If you encounter an error like `failed to calculate checksum ... "/linux/amd64/kubescape": not found`, it usually means you are trying to run `docker build` manually. Because the Dockerfiles are optimized for GoReleaser, you should use the `goreleaser release --snapshot` command described in the [Building Docker Images](#building-docker-images) section instead.
-
-```bash
-# Check Docker status
-docker info
-```
-
-### Out of Memory During Build
-
-For systems with limited memory:
-
-```bash
-# Limit Go's memory usage
-GOGC=50 go build -o kubescape .
-```
-
---
-
-## Dockerfiles
-
-| File | Description |
-|------|-------------|
-| `build/Dockerfile` | Full Kubescape image with HTTP handler |
-| `build/kubescape-cli.Dockerfile` | Minimal CLI-only image |
-
---
-
-## Related Documentation
-
- [Contributing Guide](https://github.com/kubescape/project-governance/blob/main/CONTRIBUTING.md)
- [Architecture](../docs/architecture.md)
- [Getting Started](../docs/getting-started.md)
+docker build -t kubescape -f build/Dockerfile .
+```
--- a/build/goreleaser-post-e2e.sh
+++ b/build/goreleaser-post-e2e.sh
@@ -1,151 +0,0 @@
-#!/usr/bin/env sh
-#
-# goreleaser-post-e2e.sh
-#
-# A small, robust POSIX shell script intended to be called from the goreleaser
-# `builds[].hooks.post` entry. It is responsible for optionally running the
-# repository smoke tests against the artifact produced in `dist/`.
-#
-# Usage:
-#   RUN_E2E=true        -> enable running smoke tests
-#   E2E_FAIL_ON_ERROR=1 -> (default) treat test failures as fatal (exit non-zero)
-#   E2E_FAIL_ON_ERROR=0 -> treat test failures as non-fatal (log, but exit 0)
-#
-# The script is written to be defensive and to work under /bin/sh on CI runners.
-# Use POSIX-safe flags only.
-set -eu
-
-# Helper for logging
-_now() {
-  date --iso-8601=seconds 2>/dev/null || date
-}
-log() {
-  printf '%s [goreleaser-post-e2e] %s\n' "$(_now)" "$*"
-}
-
-# GitHub Actions log grouping helpers (no-op outside Actions)
-gha_group_start() {
-  if [ "${GITHUB_ACTIONS:-}" = "true" ]; then
-    # Titles must be on a single line
-    printf '::group::%s\n' "$*"
-  fi
-}
-gha_group_end() {
-  if [ "${GITHUB_ACTIONS:-}" = "true" ]; then
-    printf '::endgroup::\n'
-  fi
-}
-
-# Small helper to interpret various truthy forms (1/true/yes/y)
-is_true() {
-  case "${1:-}" in
-    1|true|TRUE|yes|YES|y|Y) return 0 ;;
-    *) return 1 ;;
-  esac
-}
-
-# Determine repo root relative to this script (script is expected to live in kubescape/build/)
-SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
-REPO_ROOT="$(cd "$SCRIPT_DIR/.." && pwd)"
-
-: "${RUN_E2E:=false}"
-# Default to fatal E2E failures.
-: "${E2E_FAIL_ON_ERROR:=1}"
-
-log "Starting goreleaser post-build e2e script"
-log "RUN_E2E=${RUN_E2E}"
-log "E2E_FAIL_ON_ERROR=${E2E_FAIL_ON_ERROR}"
-
-# Only run on linux/amd64 to avoid running multiple times (once per build)
-# and to ensure we can run the binary on the current host (assuming host is amd64).
-if [ -n "${GOARCH:-}" ] && [ "${GOARCH}" != "amd64" ]; then
-  log "Skipping smoke tests for non-amd64 build (GOARCH=${GOARCH})."
-  exit 0
-fi
-
-if ! is_true "${RUN_E2E}"; then
-  log "RUN_E2E is not enabled. Skipping smoke tests. (RUN_E2E=${RUN_E2E})"
-  exit 0
-fi
-
-# Locate the amd64 artifact in dist/.
-# Goreleaser v2 puts binaries in dist/<id>_<os>_<arch>_<version>/<binary>
-# Example: dist/cli_linux_amd64_v1/kubescape
-ART_PATH=""
-if [ -d "$REPO_ROOT/dist" ]; then
-  # Find any file named 'kubescape' inside a directory containing 'linux_amd64' inside 'dist'
-  # We use 'find' for robustness against varying directory names
-  ART_PATH=$(find "$REPO_ROOT/dist" -type f -name "kubescape" -path "*linux_amd64*" | head -n 1)
-fi
-
-if [ -z "$ART_PATH" ] || [ ! -f "$ART_PATH" ]; then
-  log "No kubescape artifact found in dist/ matching *linux_amd64*/kubescape. Skipping smoke tests."
-  # If we are supposed to run E2E, not finding the artifact is probably an error.
-  if is_true "${E2E_FAIL_ON_ERROR}"; then
-     log "E2E_FAIL_ON_ERROR enabled -> failing because artifact was not found."
-     exit 1
-  fi
-  exit 0
-fi
-
-log "Using artifact: $ART_PATH"
-# Make binary executable if it is a binary
-chmod +x "$ART_PATH" >/dev/null 2>&1 || true
-
-# Locate python runner
-PYTHON=""
-if command -v python3 >/dev/null 2>&1; then
-  PYTHON=python3
-elif command -v python >/dev/null 2>&1; then
-  PYTHON=python
-fi
-
-if [ -z "$PYTHON" ]; then
-  log "python3 (or python) not found in PATH."
-  if is_true "${E2E_FAIL_ON_ERROR}"; then
-    log "E2E_FAIL_ON_ERROR enabled -> failing the release because python is missing."
-    exit 2
-  else
-    log "E2E_FAIL_ON_ERROR disabled -> continuing without running tests."
-    exit 0
-  fi
-fi
-
-# Check for smoke test runner
-SMOKE_RUNNER="$REPO_ROOT/smoke_testing/init.py"
-if [ ! -f "$SMOKE_RUNNER" ]; then
-  log "Smoke test runner not found at $SMOKE_RUNNER"
-  if is_true "${E2E_FAIL_ON_ERROR}"; then
-    log "E2E_FAIL_ON_ERROR enabled -> failing the release because smoke runner is missing."
-    exit 3
-  else
-    log "E2E_FAIL_ON_ERROR disabled -> continuing without running tests."
-    exit 0
-  fi
-fi
-
-gha_group_start "Smoke tests"
-log "Running smoke tests with $PYTHON $SMOKE_RUNNER \"$ART_PATH\""
-# Run the test runner, propagate exit code
-set +e
-"$PYTHON" "$SMOKE_RUNNER" "$ART_PATH"
-rc=$?
-set -e
-
-if [ $rc -eq 0 ]; then
-  log "Smoke tests passed (exit code 0)."
-fi
-
-log "Smoke tests exited with code: $rc"
-gha_group_end
-
-if [ $rc -ne 0 ]; then
-  if is_true "${E2E_FAIL_ON_ERROR}"; then
-    log "E2E_FAIL_ON_ERROR enabled -> failing the release (exit code $rc)."
-    exit $rc
-  else
-    log "E2E_FAIL_ON_ERROR disabled -> continuing despite test failures."
-  fi
-fi
-
-exit 0
--- a/build/kubescape-cli.Dockerfile
+++ b/build/kubescape-cli.Dockerfile
@@ -1,13 +0,0 @@
-FROM gcr.io/distroless/static-debian13:debug-nonroot
-
-USER nonroot
-WORKDIR /home/nonroot/
-
-ARG image_version client TARGETARCH
-ENV RELEASE=$image_version CLIENT=$client
-
-ARG TARGETPLATFORM
-COPY $TARGETPLATFORM/kubescape /usr/bin/kubescape
-RUN ["kubescape", "download", "artifacts"]
-
-ENTRYPOINT ["kubescape"]
--- a/build/kubescape-cli.Dockerfile.dockerignore
+++ b/build/kubescape-cli.Dockerfile.dockerignore
@@ -1 +0,0 @@
-.git
--- a/cmd/completion/completion.go
+++ b/cmd/completion/completion.go
@@ -1,23 +1,23 @@
 package completion

 import (
-	"fmt"
 	"os"
 	"strings"

-	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/spf13/cobra"
 )

-var completionCmdExamples = fmt.Sprintf(`
-  # Enable BASH shell autocompletion
-  $ source <(%[1]s completion bash)
-  $ echo 'source <(%[1]s completion bash)' >> ~/.bashrc
+var completionCmdExamples = `

-  # Enable ZSH shell autocompletion
-  $ source <(%[1]s completion zsh)
-  $ echo 'source <(%[1]s completion zsh)' >> "${fpath[1]}/_%[1]s"
-`, cautils.ExecName())
+  # Enable BASH shell autocompletion 
+  $ source <(kubescape completion bash) 
+  $ echo 'source <(kubescape completion bash)' >> ~/.bashrc
+
+  # Enable ZSH shell autocompletion 
+  $ source <(kubectl completion zsh)
+  $ echo 'source <(kubectl completion zsh)' >> "${fpath[1]}/_kubectl"
+
+`

 func GetCompletionCmd() *cobra.Command {
 	completionCmd := &cobra.Command{
@@ -27,14 +27,8 @@ func GetCompletionCmd() *cobra.Command {
 		Example:               completionCmdExamples,
 		DisableFlagsInUseLine: true,
 		ValidArgs:             []string{"bash", "zsh", "fish", "powershell"},
-		Args:                  cobra.MatchAll(cobra.ExactArgs(1), cobra.OnlyValidArgs),
+		Args:                  cobra.ExactValidArgs(1),
 		Run: func(cmd *cobra.Command, args []string) {
-			// Check if args array is not empty
-			if len(args) == 0 {
-				fmt.Println("No arguements provided.")
-				return
-			}
-
 			switch strings.ToLower(args[0]) {
 			case "bash":
 				cmd.Root().GenBashCompletion(os.Stdout)
@@ -44,8 +38,6 @@ func GetCompletionCmd() *cobra.Command {
 				cmd.Root().GenFishCompletion(os.Stdout, true)
 			case "powershell":
 				cmd.Root().GenPowerShellCompletionWithDesc(os.Stdout)
-			default:
-				fmt.Printf("Invalid arguement %s", args[0])
 			}
 		},
 	}
--- a/cmd/completion/completion_test.go
+++ b/cmd/completion/completion_test.go
@@ -1,187 +0,0 @@
-package completion
-
-import (
-	"io"
-	"os"
-	"testing"
-
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-// Generates autocompletion script for valid shell types
-func TestGetCompletionCmd(t *testing.T) {
-	// Arrange
-	completionCmd := GetCompletionCmd()
-	assert.Equal(t, "completion [bash|zsh|fish|powershell]", completionCmd.Use)
-	assert.Equal(t, "Generate autocompletion script", completionCmd.Short)
-	assert.Equal(t, "To load completions", completionCmd.Long)
-	assert.Equal(t, completionCmdExamples, completionCmd.Example)
-	assert.Equal(t, true, completionCmd.DisableFlagsInUseLine)
-	assert.Equal(t, []string{"bash", "zsh", "fish", "powershell"}, completionCmd.ValidArgs)
-}
-
-func TestGetCompletionCmd_RunExpectedOutputs(t *testing.T) {
-	tests := []struct {
-		name string
-		args []string
-		want string
-	}{
-		{
-			name: "Unknown completion",
-			args: []string{"unknown"},
-			want: "Invalid arguement unknown",
-		},
-		{
-			name: "Empty arguements",
-			args: []string{},
-			want: "No arguements provided.\n",
-		},
-	}
-
-	completionCmd := GetCompletionCmd()
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			// Redirect stdout to a buffer
-			rescueStdout := os.Stdout
-			r, w, _ := os.Pipe()
-			os.Stdout = w
-
-			completionCmd.Run(&cobra.Command{}, tt.args)
-
-			w.Close()
-			got, _ := io.ReadAll(r)
-			os.Stdout = rescueStdout
-
-			assert.Equal(t, tt.want, string(got))
-		})
-	}
-}
-
-func TestGetCompletionCmd_RunNotExpectedOutputs(t *testing.T) {
-	notExpectedOutput1 := "No arguments provided."
-	notExpectedOutput2 := "No arguments provided."
-
-	tests := []struct {
-		name string
-		args []string
-	}{
-		{
-			name: "Bash completion",
-			args: []string{"bash"},
-		},
-		{
-			name: "Zsh completion",
-			args: []string{"zsh"},
-		},
-		{
-			name: "Fish completion",
-			args: []string{"fish"},
-		},
-		{
-			name: "PowerShell completion",
-			args: []string{"powershell"},
-		},
-	}
-
-	completionCmd := GetCompletionCmd()
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			// Redirect stdout to a buffer
-			rescueStdout := os.Stdout
-			r, w, _ := os.Pipe()
-			os.Stdout = w
-
-			completionCmd.Run(&cobra.Command{}, tt.args)
-
-			w.Close()
-			got, _ := io.ReadAll(r)
-			os.Stdout = rescueStdout
-
-			assert.NotEqual(t, notExpectedOutput1, string(got))
-			assert.NotEqual(t, notExpectedOutput2, string(got))
-		})
-	}
-}
-
-func TestGetCompletionCmd_RunBashCompletionNotExpectedOutputs(t *testing.T) {
-	notExpectedOutput1 := "Unexpected output for bash completion test 1."
-	notExpectedOutput2 := "Unexpected output for bash completion test 2."
-
-	// Redirect stdout to a buffer
-	rescueStdout := os.Stdout
-	r, w, _ := os.Pipe()
-	os.Stdout = w
-
-	completionCmd := GetCompletionCmd()
-	completionCmd.Run(&cobra.Command{}, []string{"bash"})
-
-	w.Close()
-	got, _ := io.ReadAll(r)
-	os.Stdout = rescueStdout
-
-	assert.NotEqual(t, notExpectedOutput1, string(got))
-	assert.NotEqual(t, notExpectedOutput2, string(got))
-}
-
-func TestGetCompletionCmd_RunZshCompletionNotExpectedOutputs(t *testing.T) {
-	notExpectedOutput1 := "Unexpected output for zsh completion test 1."
-	notExpectedOutput2 := "Unexpected output for zsh completion test 2."
-
-	// Redirect stdout to a buffer
-	rescueStdout := os.Stdout
-	r, w, _ := os.Pipe()
-	os.Stdout = w
-
-	completionCmd := GetCompletionCmd()
-	completionCmd.Run(&cobra.Command{}, []string{"zsh"})
-
-	w.Close()
-	got, _ := io.ReadAll(r)
-	os.Stdout = rescueStdout
-
-	assert.NotEqual(t, notExpectedOutput1, string(got))
-	assert.NotEqual(t, notExpectedOutput2, string(got))
-}
-
-func TestGetCompletionCmd_RunFishCompletionNotExpectedOutputs(t *testing.T) {
-	notExpectedOutput1 := "Unexpected output for fish completion test 1."
-	notExpectedOutput2 := "Unexpected output for fish completion test 2."
-
-	// Redirect stdout to a buffer
-	rescueStdout := os.Stdout
-	r, w, _ := os.Pipe()
-	os.Stdout = w
-
-	completionCmd := GetCompletionCmd()
-	completionCmd.Run(&cobra.Command{}, []string{"fish"})
-
-	w.Close()
-	got, _ := io.ReadAll(r)
-	os.Stdout = rescueStdout
-
-	assert.NotEqual(t, notExpectedOutput1, string(got))
-	assert.NotEqual(t, notExpectedOutput2, string(got))
-}
-
-func TestGetCompletionCmd_RunPowerShellCompletionNotExpectedOutputs(t *testing.T) {
-	notExpectedOutput1 := "Unexpected output for powershell completion test 1."
-	notExpectedOutput2 := "Unexpected output for powershell completion test 2."
-
-	// Redirect stdout to a buffer
-	rescueStdout := os.Stdout
-	r, w, _ := os.Pipe()
-	os.Stdout = w
-
-	completionCmd := GetCompletionCmd()
-	completionCmd.Run(&cobra.Command{}, []string{"powershell"})
-
-	w.Close()
-	got, _ := io.ReadAll(r)
-	os.Stdout = rescueStdout
-
-	assert.NotEqual(t, notExpectedOutput1, string(got))
-	assert.NotEqual(t, notExpectedOutput2, string(got))
-}
--- a/cmd/config/config.go
+++ b/cmd/config/config.go
@@ -1,31 +1,34 @@
 package config

 import (
-	"fmt"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
+	"github.com/kubescape/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )

 var (
-	configExample = fmt.Sprintf(`
+	configExample = `
  # View cached configurations 
-  %[1]s config view
+  kubescape config view

  # Delete cached configurations
-  %[1]s config delete
+  kubescape config delete

  # Set cached configurations
-  %[1]s config set --help
-`, cautils.ExecName())
-	setConfigExample = fmt.Sprintf(`
+  kubescape config set --help
+`
+	setConfigExample = `
  # Set account id
-  %[1]s config set accountID <account id>
+  kubescape config set accountID <account id>

-  # Set cloud report URL
-  %[1]s config set cloudReportURL <cloud Report URL>
-`, cautils.ExecName())
+  # Set client id
+  kubescape config set clientID <client id> 
+
+  # Set access key
+  kubescape config set secretKey <access key>
+
+  # Set cloudAPIURL
+  kubescape config set cloudAPIURL <cloud API URL>
+`
 )

 func GetConfigCmd(ks meta.IKubescape) *cobra.Command {
--- a/cmd/config/config_test.go
+++ b/cmd/config/config_test.go
@@ -1,44 +0,0 @@
-package config
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetConfigCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetConfigCmd function
-	configCmd := GetConfigCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "config", configCmd.Use)
-	assert.Equal(t, "Handle cached configurations", configCmd.Short)
-	assert.Equal(t, configExample, configCmd.Example)
-
-	// Verify that the subcommands are added correctly
-	assert.Equal(t, 3, len(configCmd.Commands()))
-
-	for _, subcmd := range configCmd.Commands() {
-		switch subcmd.Name() {
-		case "delete":
-			// Verify that the delete subcommand is added correctly
-			assert.Equal(t, "delete", subcmd.Use)
-			assert.Equal(t, "Delete cached configurations", subcmd.Short)
-		case "set":
-			// Verify that the set subcommand is added correctly
-			assert.Equal(t, "set", subcmd.Use)
-			assert.Equal(t, "Set configurations, supported: "+strings.Join(stringKeysToSlice(supportConfigSet), "/"), subcmd.Short)
-		case "view":
-			// Verify that the view subcommand is added correctly
-			assert.Equal(t, "view", subcmd.Use)
-			assert.Equal(t, "View cached configurations", subcmd.Short)
-		default:
-			t.Errorf("Unexpected subcommand name: %s", subcmd.Name())
-		}
-	}
-}
--- a/cmd/config/delete.go
+++ b/cmd/config/delete.go
@@ -1,9 +1,9 @@
 package config

 import (
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

--- a/cmd/config/delete_test.go
+++ b/cmd/config/delete_test.go
@@ -1,21 +0,0 @@
-package config
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetDeleteCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetConfigCmd function
-	configCmd := getDeleteCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "delete", configCmd.Use)
-	assert.Equal(t, "Delete cached configurations", configCmd.Short)
-	assert.Equal(t, "", configCmd.Long)
-}
--- a/cmd/config/set.go
+++ b/cmd/config/set.go
@@ -2,12 +2,11 @@ package config

 import (
 	"fmt"
-	"sort"
 	"strings"

-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

@@ -34,23 +33,20 @@ func getSetCmd(ks meta.IKubescape) *cobra.Command {
 }

 var supportConfigSet = map[string]func(*metav1.SetConfig, string){
-	"accessKey":      func(s *metav1.SetConfig, accessKey string) { s.AccessKey = accessKey },
 	"accountID":      func(s *metav1.SetConfig, account string) { s.Account = account },
+	"clientID":       func(s *metav1.SetConfig, clientID string) { s.ClientID = clientID },
+	"secretKey":      func(s *metav1.SetConfig, secretKey string) { s.SecretKey = secretKey },
 	"cloudAPIURL":    func(s *metav1.SetConfig, cloudAPIURL string) { s.CloudAPIURL = cloudAPIURL },
+	"cloudAuthURL":   func(s *metav1.SetConfig, cloudAuthURL string) { s.CloudAuthURL = cloudAuthURL },
 	"cloudReportURL": func(s *metav1.SetConfig, cloudReportURL string) { s.CloudReportURL = cloudReportURL },
+	"cloudUIURL":     func(s *metav1.SetConfig, cloudUIURL string) { s.CloudUIURL = cloudUIURL },
 }

 func stringKeysToSlice(m map[string]func(*metav1.SetConfig, string)) []string {
-	keys := []string{}
-	for key := range m {
-		keys = append(keys, key)
-	}
-
-	// Sort the keys of the map
-	sort.Strings(keys)
-
 	l := []string{}
-	l = append(l, keys...)
+	for i := range m {
+		l = append(l, i)
+	}
 	return l
 }

--- a/cmd/config/set_test.go
+++ b/cmd/config/set_test.go
@@ -1,81 +0,0 @@
-package config
-
-import (
-	"fmt"
-	"strings"
-	"testing"
-
-	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetSetCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetConfigCmd function
-	configSetCmd := getSetCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "set", configSetCmd.Use)
-	assert.Equal(t, "Set configurations, supported: "+strings.Join(stringKeysToSlice(supportConfigSet), "/"), configSetCmd.Short)
-	assert.Equal(t, setConfigExample, configSetCmd.Example)
-	assert.Equal(t, stringKeysToSlice(supportConfigSet), configSetCmd.ValidArgs)
-
-	err := configSetCmd.RunE(&cobra.Command{}, []string{"accountID=value1"})
-	assert.Nil(t, err)
-
-	err = configSetCmd.RunE(&cobra.Command{}, []string{})
-	expectedErrorMessage := "key '' unknown . supported: accessKey/accountID/cloudAPIURL/cloudReportURL"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
-
-// Should return a slice of keys when given a non-empty map
-func TestStringKeysToSlice(t *testing.T) {
-	m := map[string]func(*metav1.SetConfig, string){
-		"key1": nil,
-		"key2": nil,
-		"key3": nil,
-	}
-	result := stringKeysToSlice(m)
-	expected := []string{"key1", "key2", "key3"}
-	assert.ElementsMatch(t, expected, result)
-}
-
-func TestParseSetArgs_InvalidFormat(t *testing.T) {
-	args := []string{"key"}
-	setConfig, err := parseSetArgs(args)
-	assert.Equal(t, "", setConfig.Account)
-	assert.Equal(t, "", setConfig.AccessKey)
-	assert.Equal(t, "", setConfig.CloudReportURL)
-	assert.Equal(t, "", setConfig.CloudAPIURL)
-
-	expectedErrorMessage := fmt.Sprintf("key '' unknown . supported: %s", strings.Join(stringKeysToSlice(supportConfigSet), "/"))
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
-
-func TestParseSetArgs_AccessKey(t *testing.T) {
-	args := []string{"accessKey", "value1"}
-	setConfig, _ := parseSetArgs(args)
-	assert.Equal(t, "", setConfig.Account)
-	assert.Equal(t, "value1", setConfig.AccessKey)
-	assert.Equal(t, "", setConfig.CloudReportURL)
-	assert.Equal(t, "", setConfig.CloudAPIURL)
-}
-
-func TestParseSetArgs_Single(t *testing.T) {
-	args := []string{"accountID=value1"}
-	setConfig, _ := parseSetArgs(args)
-	assert.Equal(t, "value1", setConfig.Account)
-	assert.Equal(t, "", setConfig.AccessKey)
-	assert.Equal(t, "", setConfig.CloudReportURL)
-	assert.Equal(t, "", setConfig.CloudAPIURL)
-}
-
-func TestParseSetArgs_InvalidKey(t *testing.T) {
-	args := []string{"invalidKey=value1"}
-	_, err := parseSetArgs(args)
-	assert.Equal(t, "key 'invalidKey' unknown . supported: accessKey/accountID/cloudAPIURL/cloudReportURL", err.Error())
-}
--- a/cmd/config/view.go
+++ b/cmd/config/view.go
@@ -3,9 +3,9 @@ package config
 import (
 	"os"

-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

--- a/cmd/config/view_test.go
+++ b/cmd/config/view_test.go
@@ -1,21 +0,0 @@
-package config
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetViewCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetConfigCmd function
-	configCmd := getViewCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "view", configCmd.Use)
-	assert.Equal(t, "View cached configurations", configCmd.Short)
-	assert.Equal(t, "", configCmd.Long)
-}
--- a/cmd/delete/delete.go
+++ b/cmd/delete/delete.go
@@ -0,0 +1,34 @@
+package delete
+
+import (
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var deleteExceptionsExamples = `
+  # Delete single exception
+  kubescape delete exceptions "exception name"
+
+  # Delete multiple exceptions
+  kubescape delete exceptions "first exception;second exception;third exception"
+`
+
+func GetDeleteCmd(ks meta.IKubescape) *cobra.Command {
+	var deleteInfo v1.Delete
+
+	var deleteCmd = &cobra.Command{
+		Use:   "delete <command>",
+		Short: "Delete configurations in Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
+	deleteCmd.PersistentFlags().StringVarP(&deleteInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
+
+	deleteCmd.AddCommand(getExceptionsCmd(ks, &deleteInfo))
+
+	return deleteCmd
+}
--- a/cmd/delete/exceptions.go
+++ b/cmd/delete/exceptions.go
@@ -0,0 +1,46 @@
+package delete
+
+import (
+	"fmt"
+	"strings"
+
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, deleteInfo *v1.Delete) *cobra.Command {
+	return &cobra.Command{
+		Use:     "exceptions <exception name>",
+		Short:   "Delete exceptions from Kubescape SaaS version. Run 'kubescape list exceptions' for all exceptions names",
+		Example: deleteExceptionsExamples,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing exceptions names")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+
+			if err := flagValidationDelete(deleteInfo); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+
+			exceptionsNames := strings.Split(args[0], ";")
+			if len(exceptionsNames) == 0 {
+				logger.L().Fatal("missing exceptions names")
+			}
+			if err := ks.DeleteExceptions(&v1.DeleteExceptions{Credentials: deleteInfo.Credentials, Exceptions: exceptionsNames}); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
+
+// Check if the flag entered are valid
+func flagValidationDelete(deleteInfo *v1.Delete) error {
+
+	// Validate the user's credentials
+	return deleteInfo.Credentials.Validate()
+}
--- a/cmd/download/download.go
+++ b/cmd/download/download.go
@@ -3,43 +3,43 @@ package download
 import (
 	"fmt"
 	"path/filepath"
-	"slices"
 	"strings"

-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/core"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/core"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

 var (
-	downloadExample = fmt.Sprintf(`
+	downloadExample = `
  # Download all artifacts and save them in the default path (~/.kubescape)
-  %[1]s download artifacts
+  kubescape download artifacts
  
  # Download all artifacts and save them in /tmp path
-  %[1]s download artifacts --output /tmp
+  kubescape download artifacts --output /tmp
  
-  # Download the NSA framework. Run '%[1]s list frameworks' for all frameworks names
-  %[1]s download framework nsa
+  # Download the NSA framework. Run 'kubescape list frameworks' for all frameworks names
+  kubescape download framework nsa

-  # Download the "C-0001" control. Run '%[1]s list controls --id' for all controls ids
-  %[1]s download control "C-0001"
+  # Download the "Allowed hostPath" control. Run 'kubescape list controls' for all controls names
+  kubescape download control "Allowed hostPath"

-  # Download the "C-0001" control. Run '%[1]s list controls --id' for all controls ids
-  %[1]s download control C-0001
+  # Download the "C-0001" control. Run 'kubescape list controls --id' for all controls ids
+  kubescape download control C-0001

  # Download the configured exceptions
-  %[1]s download exceptions 
+  kubescape download exceptions 

  # Download the configured controls-inputs 
-  %[1]s download controls-inputs 
-`, cautils.ExecName())
+  kubescape download controls-inputs 
+
+`
 )

-func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
+func GeDownloadCmd(ks meta.IKubescape) *cobra.Command {
 	var downloadInfo = v1.DownloadInfo{}

 	downloadCmd := &cobra.Command{
@@ -52,7 +52,7 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 			if len(args) < 1 {
 				return fmt.Errorf("policy type required, supported: %v", supported)
 			}
-			if !slices.Contains(core.DownloadSupportCommands(), args[0]) {
+			if cautils.StringInSlice(core.DownloadSupportCommands(), args[0]) == cautils.ValueNotFound {
 				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
 			}
 			return nil
@@ -66,14 +66,9 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 			if filepath.Ext(downloadInfo.Path) == ".json" {
 				downloadInfo.Path, downloadInfo.FileName = filepath.Split(downloadInfo.Path)
 			}
-
-			if len(args) == 0 {
-				return fmt.Errorf("no arguements provided")
-			}
-
 			downloadInfo.Target = args[0]
 			if len(args) >= 2 {
-				downloadInfo.Identifier = args[1]
+				downloadInfo.Name = args[1]
 			}
 			if err := ks.Download(&downloadInfo); err != nil {
 				logger.L().Fatal(err.Error())
@@ -82,8 +77,9 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 		},
 	}

-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.AccountID, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
-	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.AccessKey, "access-key", "", "", "Kubescape SaaS access key. Default will load access key from cache")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
+	downloadCmd.PersistentFlags().StringVarP(&downloadInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
 	downloadCmd.Flags().StringVarP(&downloadInfo.Path, "output", "o", "", "Output file. If not specified, will save in `~/.kubescape/<policy name>.json`")

 	return downloadCmd
@@ -93,5 +89,5 @@ func GetDownloadCmd(ks meta.IKubescape) *cobra.Command {
 func flagValidationDownload(downloadInfo *v1.DownloadInfo) error {

 	// Validate the user's credentials
-	return cautils.ValidateAccountID(downloadInfo.AccountID)
+	return downloadInfo.Credentials.Validate()
 }
--- a/cmd/download/download_test.go
+++ b/cmd/download/download_test.go
@@ -1,102 +0,0 @@
-package download
-
-import (
-	"fmt"
-	"strings"
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/core"
-	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetViewCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetConfigCmd function
-	configCmd := GetDownloadCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "download <policy> <policy name>", configCmd.Use)
-	assert.Equal(t, fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")), configCmd.Short)
-	assert.Equal(t, "", configCmd.Long)
-	assert.Equal(t, downloadExample, configCmd.Example)
-}
-
-func TestGetViewCmd_Args(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetConfigCmd function
-	downloadCmd := GetDownloadCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "download <policy> <policy name>", downloadCmd.Use)
-	assert.Equal(t, fmt.Sprintf("Download %s", strings.Join(core.DownloadSupportCommands(), ",")), downloadCmd.Short)
-	assert.Equal(t, "", downloadCmd.Long)
-	assert.Equal(t, downloadExample, downloadCmd.Example)
-
-	err := downloadCmd.RunE(&cobra.Command{}, []string{})
-	expectedErrorMessage := "no arguements provided"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = downloadCmd.RunE(&cobra.Command{}, []string{"config"})
-	assert.Nil(t, err)
-
-	err = downloadCmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage = "policy type required, supported: artifacts,attack-tracks,control,controls-inputs,exceptions,framework"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = downloadCmd.Args(&cobra.Command{}, []string{"invalid"})
-	expectedErrorMessage = "invalid parameter 'invalid'. Supported parameters: artifacts,attack-tracks,control,controls-inputs,exceptions,framework"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = downloadCmd.Args(&cobra.Command{}, []string{"attack-tracks"})
-	assert.Nil(t, err)
-
-	err = downloadCmd.Args(&cobra.Command{}, []string{"control", "random.json"})
-	assert.Nil(t, err)
-
-	err = downloadCmd.Args(&cobra.Command{}, []string{"control", "C-0001"})
-	assert.Nil(t, err)
-
-	err = downloadCmd.Args(&cobra.Command{}, []string{"control", "C-0001", "C-0002"})
-	assert.Nil(t, err)
-
-	err = downloadCmd.RunE(&cobra.Command{}, []string{"control", "C-0001", "C-0002"})
-	assert.Nil(t, err)
-}
-
-func TestFlagValidationDownload_NoError(t *testing.T) {
-	downloadInfo := v1.DownloadInfo{
-		AccessKey: "",
-		AccountID: "",
-	}
-	assert.Equal(t, nil, flagValidationDownload(&downloadInfo))
-}
-
-func TestFlagValidationDownload_Error(t *testing.T) {
-	tests := []struct {
-		downloadInfo v1.DownloadInfo
-	}{
-		{
-			downloadInfo: v1.DownloadInfo{
-				AccountID: "12345678",
-			},
-		},
-		{
-			downloadInfo: v1.DownloadInfo{
-				AccountID: "New",
-			},
-		},
-	}
-	want := "bad argument: accound ID must be a valid UUID"
-	for _, tt := range tests {
-		t.Run(tt.downloadInfo.AccountID, func(t *testing.T) {
-			assert.Equal(t, want, flagValidationDownload(&tt.downloadInfo).Error())
-		})
-	}
-}
--- a/cmd/fix/fix.go
+++ b/cmd/fix/fix.go
@@ -2,30 +2,29 @@ package fix

 import (
 	"errors"
-	"fmt"

-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+
 	"github.com/spf13/cobra"
 )

-var fixCmdExamples = fmt.Sprintf(`
+var fixCmdExamples = `
  Fix command is for fixing kubernetes manifest files based on a scan command output.
  Use with caution, this command will change your files in-place.

  # Fix kubernetes YAML manifest files based on a scan command output (output.json)
-  1) %[1]s scan . --format json --output output.json
-  2) %[1]s fix output.json
+  1) kubescape scan --format json --format-version v2 --output output.json
+  2) kubescape fix output.json

-`, cautils.ExecName())
+`

 func GetFixCmd(ks meta.IKubescape) *cobra.Command {
 	var fixInfo metav1.FixInfo

 	fixCmd := &cobra.Command{
 		Use:     "fix <report output file>",
-		Short:   "Propose a fix for the misconfiguration found when scanning Kubernetes manifest files",
+		Short:   "Fix misconfiguration in files",
 		Long:    ``,
 		Example: fixCmdExamples,
 		RunE: func(cmd *cobra.Command, args []string) error {
--- a/cmd/fix/fix_test.go
+++ b/cmd/fix/fix_test.go
@@ -1,30 +0,0 @@
-package fix
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetFixCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetFixCmd function
-	fixCmd := GetFixCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "fix <report output file>", fixCmd.Use)
-	assert.Equal(t, "Propose a fix for the misconfiguration found when scanning Kubernetes manifest files", fixCmd.Short)
-	assert.Equal(t, "", fixCmd.Long)
-	assert.Equal(t, fixCmdExamples, fixCmd.Example)
-
-	err := fixCmd.RunE(&cobra.Command{}, []string{})
-	expectedErrorMessage := "report output file is required"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = fixCmd.RunE(&cobra.Command{}, []string{"random-file.json"})
-	assert.Nil(t, err)
-}
--- a/cmd/list/list.go
+++ b/cmd/list/list.go
@@ -1,33 +1,34 @@
 package list

 import (
-	"errors"
 	"fmt"
-	"slices"
 	"strings"

-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/core"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	v1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/core"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
 	"github.com/spf13/cobra"
 )

 var (
-	listExample = fmt.Sprintf(`
+	listExample = `
  # List default supported frameworks names
-  %[1]s list frameworks
+  kubescape list frameworks
  
  # List all supported frameworks names
-  %[1]s list frameworks --account <account id>
+  kubescape list frameworks --account <account id>
 	
-  # List all supported controls names with ids
-  %[1]s list controls
+  # List all supported controls names
+  kubescape list controls
+
+  # List all supported controls ids
+  kubescape list controls --id 
  
  Control documentation:
-  https://kubescape.io/docs/controls/
-`, cautils.ExecName())
+  https://hub.armosec.io/docs/controls
+`
 )

 func GetListCmd(ks meta.IKubescape) *cobra.Command {
@@ -44,7 +45,7 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 			if len(args) < 1 {
 				return fmt.Errorf("policy type requeued, supported: %s", supported)
 			}
-			if !slices.Contains(core.ListSupportActions(), args[0]) {
+			if cautils.StringInSlice(core.ListSupportActions(), args[0]) == cautils.ValueNotFound {
 				return fmt.Errorf("invalid parameter '%s'. Supported parameters: %s", args[0], supported)
 			}
 			return nil
@@ -55,10 +56,6 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 				return err
 			}

-			if len(args) < 1 {
-				return errors.New("no arguements provided")
-			}
-
 			listPolicies.Target = args[0]

 			if err := ks.List(&listPolicies); err != nil {
@@ -67,10 +64,11 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 			return nil
 		},
 	}
-	listCmd.PersistentFlags().StringVarP(&listPolicies.AccountID, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
-	listCmd.PersistentFlags().StringVarP(&listPolicies.AccessKey, "access-key", "", "", "Kubescape SaaS access key. Default will load access key from cache")
-	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-print'/'json'")
-	listCmd.PersistentFlags().MarkDeprecated("id", "Control ID's are included in list outputs")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
+	listCmd.PersistentFlags().StringVarP(&listPolicies.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
+	listCmd.PersistentFlags().StringVar(&listPolicies.Format, "format", "pretty-print", "output format. supported: 'pretty-printer'/'json'")
+	listCmd.PersistentFlags().BoolVarP(&listPolicies.ListIDs, "id", "", false, "List control ID's instead of controls names")

 	return listCmd
 }
@@ -79,5 +77,5 @@ func GetListCmd(ks meta.IKubescape) *cobra.Command {
 func flagValidationList(listPolicies *v1.ListPolicies) error {

 	// Validate the user's credentials
-	return cautils.ValidateAccountID(listPolicies.AccountID)
+	return listPolicies.Credentials.Validate()
 }
--- a/cmd/list/list_test.go
+++ b/cmd/list/list_test.go
@@ -1,44 +0,0 @@
-package list
-
-import (
-	"strings"
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/core"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetListCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetListCmd function
-	listCmd := GetListCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "list <policy> [flags]", listCmd.Use)
-	assert.Equal(t, "List frameworks/controls will list the supported frameworks and controls", listCmd.Short)
-	assert.Equal(t, "", listCmd.Long)
-	assert.Equal(t, listExample, listCmd.Example)
-	supported := strings.Join(core.ListSupportActions(), ",")
-
-	err := listCmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage := "policy type requeued, supported: " + supported
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = listCmd.Args(&cobra.Command{}, []string{"not-frameworks"})
-	expectedErrorMessage = "invalid parameter 'not-frameworks'. Supported parameters: " + supported
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = listCmd.Args(&cobra.Command{}, []string{"frameworks"})
-	assert.Nil(t, err)
-
-	err = listCmd.RunE(&cobra.Command{}, []string{})
-	expectedErrorMessage = "no arguements provided"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = listCmd.RunE(&cobra.Command{}, []string{"some-value"})
-	assert.Nil(t, err)
-}
--- a/cmd/mcpserver/mcpserver.go
+++ b/cmd/mcpserver/mcpserver.go
@@ -1,498 +0,0 @@
-package mcpserver
-
-import (
-	"context"
-	"encoding/json"
-	"fmt"
-	"log"
-	"strings"
-	"time"
-
-	"github.com/kubescape/go-logger"
-	helpersv1 "github.com/kubescape/k8s-interface/instanceidhandler/v1/helpers"
-	"github.com/kubescape/storage/pkg/apis/softwarecomposition/v1beta1"
-	spdxv1beta1 "github.com/kubescape/storage/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1"
-	"github.com/mark3labs/mcp-go/mcp"
-	"github.com/mark3labs/mcp-go/server"
-	"github.com/spf13/cobra"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-)
-
-type KubescapeMcpserver struct {
-	s        *server.MCPServer
-	ksClient spdxv1beta1.SpdxV1beta1Interface
-}
-
-func createVulnerabilityToolsAndResources(ksServer *KubescapeMcpserver) {
-	// Tool to list vulnerability manifests
-	listManifestsTool := mcp.NewTool(
-		"list_vulnerability_manifests",
-		mcp.WithDescription("Discover available vulnerability manifests at image and workload levels"),
-		mcp.WithString("namespace",
-			mcp.Description("Filter by namespace (optional)"),
-		),
-		mcp.WithString("level",
-			mcp.Description("Type of vulnerability manifests to list"),
-			mcp.Enum("image", "workload", "both"),
-		),
-	)
-
-	ksServer.s.AddTool(listManifestsTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
-		return ksServer.CallTool("list_vulnerability_manifests", request.Params.Arguments.(map[string]interface{}))
-	})
-
-	listVulnerabilitiesTool := mcp.NewTool(
-		"list_vulnerabilities_in_manifest",
-		mcp.WithDescription("List all vulnerabilities in a given manifest"),
-		mcp.WithString("namespace",
-			mcp.Description("Filter by namespace (optional)"),
-		),
-		mcp.WithString("manifest_name",
-			mcp.Required(),
-			mcp.Description("Name of the manifest to list vulnerabilities from"),
-		),
-	)
-
-	ksServer.s.AddTool(listVulnerabilitiesTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
-		return ksServer.CallTool("list_vulnerabilities_in_manifest", request.Params.Arguments.(map[string]interface{}))
-	})
-
-	listVulnerabilityMatchesForCVE := mcp.NewTool(
-		"list_vulnerability_matches_for_cve",
-		mcp.WithDescription("List all vulnerability matches for a given CVE in a given manifest"),
-		mcp.WithString("namespace",
-			mcp.Description("Filter by namespace (optional)"),
-		),
-		mcp.WithString("manifest_name",
-			mcp.Required(),
-			mcp.Description("Name of the manifest to list vulnerabilities from"),
-		),
-		mcp.WithString("cve_id",
-			mcp.Required(),
-			mcp.Description("ID of the CVE to list matches for"),
-		),
-	)
-
-	ksServer.s.AddTool(listVulnerabilityMatchesForCVE, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
-		return ksServer.CallTool("list_vulnerability_matches_for_cve", request.Params.Arguments.(map[string]interface{}))
-	})
-
-	vulnerabilityManifestTemplate := mcp.NewResourceTemplate(
-		"kubescape://vulnerability-manifests/{namespace}/{manifest_name}",
-		"Vulnerability Manifest",
-		mcp.WithTemplateDescription("Complete vulnerability manifest either for a specific workload or image. Use 'list_vulnerability_manifests' tool to discover available manifests."),
-		mcp.WithTemplateMIMEType("application/json"),
-	)
-
-	ksServer.s.AddResourceTemplate(vulnerabilityManifestTemplate, ksServer.ReadResource)
-
-}
-
-func createConfigurationsToolsAndResources(ksServer *KubescapeMcpserver) {
-	// Tool to list configuration manifests
-	listConfigsTool := mcp.NewTool(
-		"list_configuration_security_scan_manifests",
-		mcp.WithDescription("Discover available security configuration scan results at workload level (this returns a list of manifests, not the scan results themselves, to get the scan results, use the get_configuration_security_scan_manifest tool)"),
-		mcp.WithString("namespace",
-			mcp.Description("Filter by namespace (optional)"),
-		),
-	)
-
-	ksServer.s.AddTool(listConfigsTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
-		return ksServer.CallTool("list_configuration_security_scan_manifests", request.Params.Arguments.(map[string]interface{}))
-	})
-
-	getConfigDetailsTool := mcp.NewTool(
-		"get_configuration_security_scan_manifest",
-		mcp.WithDescription("Get details of a specific security configuration scan result"),
-		mcp.WithString("namespace",
-			mcp.Description("Namespace of the manifest (optional, defaults to 'kubescape')"),
-		),
-		mcp.WithString("manifest_name",
-			mcp.Required(),
-			mcp.Description("Name of the configuration manifest to get details for (get this from the list_configuration_security_scan_manifests tool)"),
-		),
-	)
-
-	ksServer.s.AddTool(getConfigDetailsTool, func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
-		return ksServer.CallTool("get_configuration_security_scan_manifest", request.Params.Arguments.(map[string]interface{}))
-	})
-
-	configManifestTemplate := mcp.NewResourceTemplate(
-		"kubescape://configuration-manifests/{namespace}/{manifest_name}",
-		"Configuration Security Scan Manifest",
-		mcp.WithTemplateDescription("Complete configuration scan manifest for a specific workload. Use 'list_configuration_security_scan_manifests' tool to discover available manifests."),
-		mcp.WithTemplateMIMEType("application/json"),
-	)
-
-	ksServer.s.AddResourceTemplate(configManifestTemplate, ksServer.ReadConfigurationResource)
-}
-
-func (ksServer *KubescapeMcpserver) ReadResource(ctx context.Context, request mcp.ReadResourceRequest) ([]mcp.ResourceContents, error) {
-	uri := request.Params.URI
-	// Validate the URI and check if it starts with kubescape://vulnerability-manifests/
-	if !strings.HasPrefix(uri, "kubescape://vulnerability-manifests/") {
-		return nil, fmt.Errorf("invalid URI: %s", uri)
-	}
-
-	// Verify that the URI is either the CVE list or CVE details
-	if !strings.HasSuffix(uri, "/cve_list") && !strings.Contains(uri, "/cve_details/") {
-		return nil, fmt.Errorf("invalid URI: %s", uri)
-	}
-
-	// Split the URI into namespace and manifest name
-	parts := strings.Split(uri, "/")
-	if len(parts) != 4 && len(parts) != 5 {
-		return nil, fmt.Errorf("invalid URI: %s", uri)
-	}
-
-	namespace := parts[1]
-	manifestName := parts[2]
-	cveID := ""
-	if len(parts) == 5 {
-		cveID = parts[3]
-	}
-
-	// Get the vulnerability manifest
-	manifest, err := ksServer.ksClient.VulnerabilityManifests(namespace).Get(ctx, manifestName, metav1.GetOptions{})
-	if err != nil {
-		return nil, fmt.Errorf("failed to get vulnerability manifest: %s", err)
-	}
-
-	var responseJson []byte
-	if cveID == "" {
-		// CVE list
-		var cveList []v1beta1.Vulnerability
-		for _, match := range manifest.Spec.Payload.Matches {
-			cveList = append(cveList, match.Vulnerability)
-		}
-		responseJson, err = json.Marshal(cveList)
-		if err != nil {
-			return nil, fmt.Errorf("failed to marshal cve list: %s", err)
-		}
-	} else {
-		// CVE details
-		var match []v1beta1.Match
-		for _, m := range manifest.Spec.Payload.Matches {
-			if m.Vulnerability.ID == cveID {
-				match = append(match, m)
-			}
-		}
-		responseJson, err = json.Marshal(match)
-		if err != nil {
-			return nil, fmt.Errorf("failed to marshal cve details: %s", err)
-		}
-	}
-
-	return []mcp.ResourceContents{mcp.TextResourceContents{
-		URI:  uri,
-		Text: string(responseJson),
-	}}, nil
-}
-
-func (ksServer *KubescapeMcpserver) ReadConfigurationResource(ctx context.Context, request mcp.ReadResourceRequest) ([]mcp.ResourceContents, error) {
-	uri := request.Params.URI
-	if !strings.HasPrefix(uri, "kubescape://configuration-manifests/") {
-		return nil, fmt.Errorf("invalid URI: %s", uri)
-	}
-	parts := strings.Split(uri[len("kubescape://configuration-manifests/"):], "/")
-	if len(parts) != 2 {
-		return nil, fmt.Errorf("invalid URI: %s", uri)
-	}
-	namespace := parts[0]
-	manifestName := parts[1]
-	manifest, err := ksServer.ksClient.WorkloadConfigurationScans(namespace).Get(ctx, manifestName, metav1.GetOptions{})
-	if err != nil {
-		return nil, fmt.Errorf("failed to get configuration manifest: %s", err)
-	}
-	responseJson, err := json.Marshal(manifest)
-	if err != nil {
-		return nil, fmt.Errorf("failed to marshal configuration manifest: %s", err)
-	}
-	return []mcp.ResourceContents{mcp.TextResourceContents{
-		URI:  uri,
-		Text: string(responseJson),
-	}}, nil
-}
-
-func (ksServer *KubescapeMcpserver) CallTool(name string, arguments map[string]interface{}) (*mcp.CallToolResult, error) {
-	switch name {
-	case "list_vulnerability_manifests":
-		//namespace, ok := arguments["namespace"]
-		//if !ok {
-		//	namespace = ""
-		//}
-		level, ok := arguments["level"]
-		if !ok {
-			level = "both"
-		}
-
-		result := map[string]interface{}{
-			"vulnerability_manifests": map[string]interface{}{},
-		}
-
-		// Get workload-level manifests
-		labelSelector := ""
-		if level == "workload" {
-			labelSelector = "kubescape.io/context=filtered"
-		} else if level == "image" {
-			labelSelector = "kubescape.io/context=non-filtered"
-		}
-
-		var manifests *v1beta1.VulnerabilityManifestList
-		var err error
-		if labelSelector == "" {
-			manifests, err = ksServer.ksClient.VulnerabilityManifests(metav1.NamespaceAll).List(context.Background(), metav1.ListOptions{})
-		} else {
-			manifests, err = ksServer.ksClient.VulnerabilityManifests(metav1.NamespaceAll).List(context.Background(), metav1.ListOptions{
-				LabelSelector: labelSelector,
-			})
-		}
-		if err != nil {
-			return nil, err
-		}
-
-		log.Printf("Found %d manifests", len(manifests.Items))
-
-		vulnerabilityManifests := []map[string]interface{}{}
-		for _, manifest := range manifests.Items {
-			isImageLevel := manifest.Annotations[helpersv1.WlidMetadataKey] == ""
-			manifestMap := map[string]interface{}{
-				"type":                    "workload",
-				"namespace":               manifest.Namespace,
-				"manifest_name":           manifest.Name,
-				"image-level":             isImageLevel,
-				"workload-level":          !isImageLevel,
-				"image-id":                manifest.Annotations[helpersv1.ImageIDMetadataKey],
-				"image-tag":               manifest.Annotations[helpersv1.ImageTagMetadataKey],
-				"workload-id":             manifest.Annotations[helpersv1.WlidMetadataKey],
-				"workload-container-name": manifest.Annotations[helpersv1.ContainerNameMetadataKey],
-				"resource_uri": fmt.Sprintf("kubescape://vulnerability-manifests/%s/%s",
-					manifest.Namespace, manifest.Name),
-			}
-			vulnerabilityManifests = append(vulnerabilityManifests, manifestMap)
-		}
-		result["vulnerability_manifests"].(map[string]interface{})["manifests"] = vulnerabilityManifests
-
-		// Add template information
-		result["available_templates"] = map[string]string{
-			"vulnerability_manifest_cve_list":    "kubescape://vulnerability-manifests/{namespace}/{manifest_name}/cve_list",
-			"vulnerability_manifest_cve_details": "kubescape://vulnerability-manifests/{namespace}/{manifest_name}/cve_details/{cve_id}",
-		}
-
-		content, _ := json.Marshal(result)
-		return &mcp.CallToolResult{
-			Content: []mcp.Content{
-				mcp.TextContent{
-					Type: "text",
-					Text: string(content),
-				},
-			},
-		}, nil
-	case "list_vulnerabilities_in_manifest":
-		namespace, ok := arguments["namespace"]
-		if !ok {
-			namespace = "kubescape"
-		}
-		namespaceStr, ok := namespace.(string)
-		if !ok {
-			return nil, fmt.Errorf("namespace must be a string")
-		}
-		manifestName, ok := arguments["manifest_name"]
-		if !ok {
-			return nil, fmt.Errorf("manifest_name is required")
-		}
-		manifestNameStr, ok := manifestName.(string)
-		if !ok {
-			return nil, fmt.Errorf("manifest_name must be a string")
-		}
-		manifest, err := ksServer.ksClient.VulnerabilityManifests(namespaceStr).Get(context.Background(), manifestNameStr, metav1.GetOptions{})
-		if err != nil {
-			return nil, fmt.Errorf("failed to get vulnerability manifest: %s", err)
-		}
-		var cveList []v1beta1.Vulnerability
-		for _, match := range manifest.Spec.Payload.Matches {
-			cveList = append(cveList, match.Vulnerability)
-		}
-		responseJson, err := json.Marshal(cveList)
-		if err != nil {
-			return nil, fmt.Errorf("failed to marshal cve list: %s", err)
-		}
-		return &mcp.CallToolResult{
-			Content: []mcp.Content{
-				mcp.TextContent{
-					Type: "text",
-					Text: string(responseJson),
-				},
-			},
-		}, nil
-	case "list_vulnerability_matches_for_cve":
-		namespace, ok := arguments["namespace"]
-		if !ok {
-			namespace = "kubescape"
-		}
-		namespaceStr, ok := namespace.(string)
-		if !ok {
-			return nil, fmt.Errorf("namespace must be a string")
-		}
-		manifestName, ok := arguments["manifest_name"]
-		if !ok {
-			return nil, fmt.Errorf("manifest_name is required")
-		}
-		manifestNameStr, ok := manifestName.(string)
-		if !ok {
-			return nil, fmt.Errorf("manifest_name must be a string")
-		}
-		cveID, ok := arguments["cve_id"]
-		if !ok {
-			return nil, fmt.Errorf("cve_id is required")
-		}
-		cveIDStr, ok := cveID.(string)
-		if !ok {
-			return nil, fmt.Errorf("cve_id must be a string")
-		}
-		manifest, err := ksServer.ksClient.VulnerabilityManifests(namespaceStr).Get(context.Background(), manifestNameStr, metav1.GetOptions{})
-		if err != nil {
-			return nil, fmt.Errorf("failed to get vulnerability manifest: %s", err)
-		}
-		var match []v1beta1.Match
-		for _, m := range manifest.Spec.Payload.Matches {
-			if m.Vulnerability.ID == cveIDStr {
-				match = append(match, m)
-			}
-		}
-		responseJson, err := json.Marshal(match)
-		if err != nil {
-			return nil, fmt.Errorf("failed to marshal cve details: %s", err)
-		}
-		return &mcp.CallToolResult{
-			Content: []mcp.Content{
-				mcp.TextContent{
-					Type: "text",
-					Text: string(responseJson),
-				},
-			},
-		}, nil
-	case "list_configuration_security_scan_manifests":
-		namespace, ok := arguments["namespace"]
-		if !ok {
-			namespace = "kubescape"
-		}
-		namespaceStr, ok := namespace.(string)
-		if !ok {
-			return nil, fmt.Errorf("namespace must be a string")
-		}
-		manifests, err := ksServer.ksClient.WorkloadConfigurationScans(namespaceStr).List(context.Background(), metav1.ListOptions{})
-		if err != nil {
-			return nil, err
-		}
-		log.Printf("Found %d configuration manifests", len(manifests.Items))
-		configManifests := []map[string]interface{}{}
-		for _, manifest := range manifests.Items {
-			item := map[string]interface{}{
-				"namespace":     manifest.Namespace,
-				"manifest_name": manifest.Name,
-				"resource_uri":  fmt.Sprintf("kubescape://configuration-manifests/%s/%s", manifest.Namespace, manifest.Name),
-			}
-			configManifests = append(configManifests, item)
-		}
-		result := map[string]interface{}{
-			"configuration_manifests": map[string]interface{}{
-				"manifests": configManifests,
-			},
-			"available_templates": map[string]string{
-				"configuration_manifest_details": "kubescape://configuration-manifests/{namespace}/{manifest_name}",
-			},
-		}
-		content, _ := json.Marshal(result)
-		return &mcp.CallToolResult{
-			Content: []mcp.Content{
-				mcp.TextContent{
-					Type: "text",
-					Text: string(content),
-				},
-			},
-		}, nil
-	case "get_configuration_security_scan_manifest":
-		namespace, ok := arguments["namespace"]
-		if !ok {
-			namespace = "kubescape"
-		}
-		namespaceStr, ok := namespace.(string)
-		if !ok {
-			return nil, fmt.Errorf("namespace must be a string")
-		}
-		manifestName, ok := arguments["manifest_name"]
-		if !ok {
-			return nil, fmt.Errorf("manifest_name is required")
-		}
-		manifestNameStr, ok := manifestName.(string)
-		if !ok {
-			return nil, fmt.Errorf("manifest_name must be a string")
-		}
-		manifest, err := ksServer.ksClient.WorkloadConfigurationScans(namespaceStr).Get(context.Background(), manifestNameStr, metav1.GetOptions{})
-		if err != nil {
-			return nil, fmt.Errorf("failed to get configuration manifest: %s", err)
-		}
-		responseJson, err := json.Marshal(manifest)
-		if err != nil {
-			return nil, fmt.Errorf("failed to marshal configuration manifest: %s", err)
-		}
-		return &mcp.CallToolResult{
-			Content: []mcp.Content{
-				mcp.TextContent{
-					Type: "text",
-					Text: string(responseJson),
-				},
-			},
-		}, nil
-	default:
-		return nil, fmt.Errorf("unknown tool: %s", name)
-	}
-}
-
-func mcpServerEntrypoint() error {
-	logger.L().Info("Starting MCP server...")
-
-	// Create a kubernetes client and verify it's working
-	client, err := CreateKsObjectConnection("default", 10*time.Second)
-	if err != nil {
-		return fmt.Errorf("failed to create kubernetes client: %v", err)
-	}
-
-	// Create a new MCP server
-	s := server.NewMCPServer(
-		"Kubescape MCP Server",
-		"0.0.1",
-		server.WithToolCapabilities(false),
-		server.WithRecovery(),
-	)
-
-	ksServer := &KubescapeMcpserver{
-		s:        s,
-		ksClient: client,
-	}
-
-	// Creating Kubescape tools and resources
-
-	createVulnerabilityToolsAndResources(ksServer)
-	createConfigurationsToolsAndResources(ksServer)
-
-	// Start the server
-	if err := server.ServeStdio(s); err != nil {
-		return fmt.Errorf("Server error: %v\n", err)
-	}
-	return nil
-}
-
-func GetMCPServerCmd() *cobra.Command {
-	cmd := &cobra.Command{
-		Use:   "mcpserver",
-		Short: "Start the Kubescape MCP server",
-		Long:  `Start the Kubescape MCP server`,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return mcpServerEntrypoint()
-		},
-	}
-	return cmd
-}
--- a/cmd/mcpserver/storage.go
+++ b/cmd/mcpserver/storage.go
@@ -1,14 +0,0 @@
-package mcpserver
-
-import (
-	"time"
-
-	"github.com/kubescape/kubescape/v3/pkg/ksinit"
-
-	spdxv1beta1 "github.com/kubescape/storage/pkg/generated/clientset/versioned/typed/softwarecomposition/v1beta1"
-)
-
-// CreateKsObjectConnection delegates to the shared ksinit package
-func CreateKsObjectConnection(namespace string, maxElapsedTime time.Duration) (spdxv1beta1.SpdxV1beta1Interface, error) {
-	return ksinit.CreateKsObjectConnection(namespace, maxElapsedTime)
-}
--- a/cmd/operator/configscan.go
+++ b/cmd/operator/configscan.go
@@ -1,56 +0,0 @@
-package operator
-
-import (
-	"fmt"
-
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/core"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	"github.com/spf13/cobra"
-)
-
-var operatorScanConfigExamples = fmt.Sprintf(`
-  
-  # Run a configuration scan
-  %[1]s operator scan configurations
-
-`, cautils.ExecName())
-
-func getOperatorScanConfigCmd(ks meta.IKubescape, operatorInfo cautils.OperatorInfo) *cobra.Command {
-	configCmd := &cobra.Command{
-		Use:     "configurations",
-		Short:   "Trigger configuration scanning from the Kubescape Operator microservice",
-		Long:    ``,
-		Example: operatorScanConfigExamples,
-		Args: func(cmd *cobra.Command, args []string) error {
-			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "config")
-			return nil
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			operatorAdapter, err := core.NewOperatorAdapter(operatorInfo.OperatorScanInfo, operatorInfo.Namespace)
-			if err != nil {
-				return err
-			}
-			logger.L().Start("Kubescape Operator Triggering for configuration scanning")
-			_, err = operatorAdapter.OperatorScan()
-			if err != nil {
-				logger.L().StopError("Failed to triggering Kubescape Operator for configuration scanning", helpers.Error(err))
-				return err
-			}
-			logger.L().StopSuccess("Triggered Kubescape Operator for configuration scanning")
-			return nil
-		},
-	}
-
-	configScanInfo := &cautils.ConfigScanInfo{}
-	operatorInfo.OperatorScanInfo = configScanInfo
-
-	configCmd.PersistentFlags().StringSliceVar(&configScanInfo.IncludedNamespaces, "include-namespaces", nil, "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
-	configCmd.PersistentFlags().StringSliceVar(&configScanInfo.ExcludedNamespaces, "exclude-namespaces", nil, "Namespaces to exclude from scanning. e.g: --exclude-namespaces ns-a,ns-b. Notice, when running with `exclude-namespace` kubescape does not scan cluster-scoped objects.")
-	configCmd.PersistentFlags().StringSliceVar(&configScanInfo.Frameworks, "frameworks", nil, "Load frameworks for configuration scanning")
-	configCmd.PersistentFlags().BoolVarP(&configScanInfo.HostScanner, "enable-host-scan", "", false, "Deploy Kubescape host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/kubescape/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
-
-	return configCmd
-}
--- a/cmd/operator/configscan_test.go
+++ b/cmd/operator/configscan_test.go
@@ -1,32 +0,0 @@
-package operator
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetOperatorScanConfigCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	operatorInfo := cautils.OperatorInfo{
-		Namespace: "namespace",
-	}
-
-	cmd := getOperatorScanConfigCmd(mockKubescape, operatorInfo)
-
-	// Verify the command name and short description
-	assert.Equal(t, "configurations", cmd.Use)
-	assert.Equal(t, "Trigger configuration scanning from the Kubescape Operator microservice", cmd.Short)
-	assert.Equal(t, "", cmd.Long)
-	assert.Equal(t, operatorScanConfigExamples, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	assert.Nil(t, err)
-
-	err = cmd.Args(&cobra.Command{}, []string{"configurations"})
-	assert.Nil(t, err)
-}
--- a/cmd/operator/operator.go
+++ b/cmd/operator/operator.go
@@ -1,55 +0,0 @@
-package operator
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	"github.com/spf13/cobra"
-)
-
-const (
-	scanSubCommand string = "scan"
-)
-
-var operatorExamples = fmt.Sprintf(`
-  
-  # Trigger a configuration scan
-  %[1]s operator scan configurations
-
-  # Trigger a vulnerabilities scan
-  %[1]s operator scan vulnerabilities
-
-`, cautils.ExecName())
-
-func GetOperatorCmd(ks meta.IKubescape) *cobra.Command {
-	var operatorInfo cautils.OperatorInfo
-
-	operatorCmd := &cobra.Command{
-		Use:     "operator",
-		Short:   "The operator is used to communicate with the Kubescape Operator within the cluster components.",
-		Long:    ``,
-		Example: operatorExamples,
-		Args: func(cmd *cobra.Command, args []string) error {
-			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "operator")
-			if len(args) < 2 {
-				return errors.New("For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above.")
-			}
-			return nil
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if len(args) < 2 {
-				return errors.New("For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above.")
-			}
-			if args[0] != scanSubCommand {
-				return errors.New(fmt.Sprintf("For the operator sub-command, only %s is supported. Refer to the examples above.", scanSubCommand))
-			}
-			return nil
-		},
-	}
-
-	operatorCmd.AddCommand(getOperatorScanCmd(ks, operatorInfo))
-
-	return operatorCmd
-}
--- a/cmd/operator/operator_test.go
+++ b/cmd/operator/operator_test.go
@@ -1,42 +0,0 @@
-package operator
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetOperatorCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	cmd := GetOperatorCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "operator", cmd.Use)
-	assert.Equal(t, "The operator is used to communicate with the Kubescape Operator within the cluster components.", cmd.Short)
-	assert.Equal(t, "", cmd.Long)
-	assert.Equal(t, operatorExamples, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage := "For the operator sub-command, you need to provide at least one additional sub-command. Refer to the examples above."
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.Args(&cobra.Command{}, []string{"scan", "configurations"})
-	assert.Nil(t, err)
-
-	err = cmd.RunE(&cobra.Command{}, []string{})
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.RunE(&cobra.Command{}, []string{"scan", "configurations"})
-	assert.Nil(t, err)
-
-	err = cmd.RunE(&cobra.Command{}, []string{"scan"})
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.RunE(&cobra.Command{}, []string{"random-subcommand", "random-config"})
-	expectedErrorMessage = "For the operator sub-command, only " + scanSubCommand + " is supported. Refer to the examples above."
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
--- a/cmd/operator/scan.go
+++ b/cmd/operator/scan.go
@@ -1,46 +0,0 @@
-package operator
-
-import (
-	"errors"
-	"fmt"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	"github.com/spf13/cobra"
-)
-
-const (
-	vulnerabilitiesSubCommand string = "vulnerabilities"
-	configurationsSubCommand  string = "configurations"
-)
-
-func getOperatorScanCmd(ks meta.IKubescape, operatorInfo cautils.OperatorInfo) *cobra.Command {
-	operatorCmd := &cobra.Command{
-		Use:     "scan",
-		Short:   "Scan your cluster using the Kubescape-operator within the cluster components",
-		Long:    ``,
-		Example: operatorExamples,
-		Args: func(cmd *cobra.Command, args []string) error {
-			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "scan")
-			if len(args) < 1 {
-				return errors.New("for operator scan sub command, you must pass at least 1 more sub commands, see above examples")
-			}
-			return nil
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if len(args) < 1 {
-				return errors.New("for operator scan sub command, you must pass at least 1 more sub commands, see above examples")
-			}
-			if (args[0] != vulnerabilitiesSubCommand) && (args[0] != configurationsSubCommand) {
-				return errors.New(fmt.Sprintf("For the operator sub-command, only %s and %s are supported. Refer to the examples above.", vulnerabilitiesSubCommand, configurationsSubCommand))
-			}
-			return nil
-		},
-	}
-
-	operatorCmd.PersistentFlags().StringVar(&operatorInfo.Namespace, "namespace", "kubescape", "namespace of the Kubescape Operator")
-	operatorCmd.AddCommand(getOperatorScanConfigCmd(ks, operatorInfo))
-	operatorCmd.AddCommand(getOperatorScanVulnerabilitiesCmd(ks, operatorInfo))
-
-	return operatorCmd
-}
--- a/cmd/operator/scan_test.go
+++ b/cmd/operator/scan_test.go
@@ -1,46 +0,0 @@
-package operator
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetOperatorScanCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	operatorInfo := cautils.OperatorInfo{
-		Namespace: "namespace",
-	}
-
-	cmd := getOperatorScanCmd(mockKubescape, operatorInfo)
-
-	// Verify the command name and short description
-	assert.Equal(t, "scan", cmd.Use)
-	assert.Equal(t, "Scan your cluster using the Kubescape-operator within the cluster components", cmd.Short)
-	assert.Equal(t, "", cmd.Long)
-	assert.Equal(t, operatorExamples, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage := "for operator scan sub command, you must pass at least 1 more sub commands, see above examples"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.Args(&cobra.Command{}, []string{"operator"})
-	assert.Nil(t, err)
-
-	err = cmd.RunE(&cobra.Command{}, []string{})
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.RunE(&cobra.Command{}, []string{"configurations"})
-	assert.Nil(t, err)
-
-	err = cmd.RunE(&cobra.Command{}, []string{"vulnerabilities"})
-	assert.Nil(t, err)
-
-	err = cmd.RunE(&cobra.Command{}, []string{"random"})
-	expectedErrorMessage = "For the operator sub-command, only " + vulnerabilitiesSubCommand + " and " + configurationsSubCommand + " are supported. Refer to the examples above."
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
--- a/cmd/operator/vulnerabilitiesscan.go
+++ b/cmd/operator/vulnerabilitiesscan.go
@@ -1,56 +0,0 @@
-package operator
-
-import (
-	"fmt"
-
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/k8s-interface/k8sinterface"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/core"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	"github.com/spf13/cobra"
-)
-
-var operatorScanVulnerabilitiesExamples = fmt.Sprintf(`
-
-  # Trigger a vulnerabilities scan
-  %[1]s operator scan vulnerabilities
-
-`, cautils.ExecName())
-
-func getOperatorScanVulnerabilitiesCmd(ks meta.IKubescape, operatorInfo cautils.OperatorInfo) *cobra.Command {
-	configCmd := &cobra.Command{
-		Use:     "vulnerabilities",
-		Short:   "Vulnerabilities use for scan your cluster vulnerabilities using Kubescape operator in the in cluster components",
-		Long:    ``,
-		Example: operatorScanVulnerabilitiesExamples,
-		Args: func(cmd *cobra.Command, args []string) error {
-			operatorInfo.Subcommands = append(operatorInfo.Subcommands, "vulnerabilities")
-			return nil
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			operatorAdapter, err := core.NewOperatorAdapter(operatorInfo.OperatorScanInfo, operatorInfo.Namespace)
-			if err != nil {
-				return err
-			}
-			logger.L().Start("Triggering the Kubescape Operator for vulnerability scanning")
-			_, err = operatorAdapter.OperatorScan()
-			if err != nil {
-				logger.L().StopError("Failed to trigger the Kubescape Operator for vulnerability scanning", helpers.Error(err))
-				return err
-			}
-			logger.L().StopSuccess("Triggered Kubescape Operator for vulnerability scanning. View the scanning results once they are ready using the following command: \"kubectl get vulnerabilitysummaries\"")
-			return err
-		},
-	}
-
-	vulnerabilitiesScanInfo := &cautils.VulnerabilitiesScanInfo{
-		ClusterName: k8sinterface.GetContextName(),
-	}
-	operatorInfo.OperatorScanInfo = vulnerabilitiesScanInfo
-
-	configCmd.PersistentFlags().StringSliceVar(&vulnerabilitiesScanInfo.IncludeNamespaces, "include-namespaces", nil, "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
-
-	return configCmd
-}
--- a/cmd/operator/vulnerabilitiesscan_test.go
+++ b/cmd/operator/vulnerabilitiesscan_test.go
@@ -1,29 +0,0 @@
-package operator
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetOperatorScanVulnerabilitiesCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	operatorInfo := cautils.OperatorInfo{
-		Namespace: "namespace",
-	}
-
-	cmd := getOperatorScanVulnerabilitiesCmd(mockKubescape, operatorInfo)
-
-	// Verify the command name and short description
-	assert.Equal(t, "vulnerabilities", cmd.Use)
-	assert.Equal(t, "Vulnerabilities use for scan your cluster vulnerabilities using Kubescape operator in the in cluster components", cmd.Short)
-	assert.Equal(t, "", cmd.Long)
-	assert.Equal(t, operatorScanVulnerabilitiesExamples, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{"random-arg"})
-	assert.Nil(t, err)
-}
--- a/cmd/patch/README.md
+++ b/cmd/patch/README.md
@@ -1,142 +0,0 @@
-# Patch Command
-
-The patch command is used for patching container images with vulnerabilities.  
-It uses [copa](https://github.com/project-copacetic/copacetic) and [buildkit](https://github.com/moby/buildkit) under the hood for patching the container images, and [grype](https://github.com/anchore/grype) as the engine for scanning the images (at the moment).
-
-## Usage
-
-```bash
-kubescape patch --image <image-name> [flags]
-```
-
-The patch command can be run in 2 ways:
-1. **With sudo privileges**
-
-    You will need to start `buildkitd` if it is not already running
-
-    ```bash
-    sudo buildkitd & 
-    sudo kubescape patch --image <image-name>
-    ```
-
-2. **Without sudo privileges**
-   ```bash
-    export BUILDKIT_VERSION=v0.11.4
-    export BUILDKIT_PORT=8888
-
-    docker run \
-        --detach \
-        --rm \
-        --privileged \
-        -p 127.0.0.1:$BUILDKIT_PORT:$BUILDKIT_PORT/tcp \
-        --name buildkitd \
-        --entrypoint buildkitd \
-        "moby/buildkit:$BUILDKIT_VERSION" \
-        --addr tcp://0.0.0.0:$BUILDKIT_PORT
-
-    kubescape patch \
-        -i <image-name> \
-        -a tcp://0.0.0.0:$BUILDKIT_PORT
-   ```
-
-### Flags
-
-| Flag           | Description                                            | Required | Default                             |
-| -------------- | ------------------------------------------------------ | -------- | ----------------------------------- |
-| -i, --image    | Image name to be patched (should be in canonical form) | Yes      |                                     |
-| -a, --addr     | Address of the buildkitd service                       | No       | unix:///run/buildkit/buildkitd.sock |
-| -t, --tag      | Tag of the resultant patched image                     | No       | image_name-patched                  |
-| --timeout      | Timeout for the patching process                       | No       | 5m                                  |
-| --ignore-errors| Ignore errors during patching                          | No       | false                               |
-| -u, --username | Username for the image registry login                  | No       |                                     |
-| -p, --password | Password for the image registry login                  | No       |                                     |
-| -f, --format   | Output file format.                                    | No       |                                     |
-| -o, --output   | Output file. Print output to file and not stdout       | No       |                                     |
-| -v, --verbose  | Display full report. Default to false                  | No       |                                     |
-| -h, --help     | help for patch                                         | No       |                                     |
-
-
-## Example
-
-We will demonstrate how to use the patch command with an example of [nginx](https://www.nginx.com/) image.
-
-### Pre-requisites
-
- [docker](https://docs.docker.com/desktop/install/linux-install/#generic-installation-steps) daemon must be installed and running.
- [buildkit](https://github.com/moby/buildkit) daemon must be installed
-    
-### Steps
-
-1. Run `buildkitd` service:
-
-    ```bash
-    sudo buildkitd
-    ```
-
-2. In a separate terminal, run the `kubescape patch` command: 
-    
-    ```bash
-    sudo kubescape patch --image docker.io/library/nginx:1.22
-    ```
-
-3. You will get an output like below:
-
-    ```bash
-    ✅  Successfully scanned image: docker.io/library/nginx:1.22
-    ✅  Patched image successfully. Loaded image: nginx:1.22-patched
-    ✅  Successfully re-scanned image: nginx:1.22-patched
-
-    | Severity | Vulnerability  | Component     | Version                 | Fixed In |
-    | -------- | -------------- | ------------- | ----------------------- | -------- |
-    | Critical | CVE-2023-23914 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
-    | Critical | CVE-2019-8457  | libdb5.3      | 5.3.28+dfsg1-0.8        | wont-fix |
-    | High     | CVE-2022-42916 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2022-1304  | libext2fs2    | 1.46.2-2                | wont-fix |
-    | High     | CVE-2022-42916 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2022-1304  | e2fsprogs     | 1.46.2-2                | wont-fix |
-    | High     | CVE-2022-1304  | libcom-err2   | 1.46.2-2                | wont-fix |
-    | High     | CVE-2023-27533 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2023-27534 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2023-27533 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2022-43551 | libcurl4      | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2022-3715  | bash          | 5.1-2+deb11u1           | wont-fix |
-    | High     | CVE-2023-27534 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2022-43551 | curl          | 7.74.0-1.3+deb11u7      | wont-fix |
-    | High     | CVE-2021-33560 | libgcrypt20   | 1.8.7-6                 | wont-fix |
-    | High     | CVE-2023-2953  | libldap-2.4-2 | 2.4.57+dfsg-3+deb11u1   | wont-fix |
-    | High     | CVE-2022-1304  | libss2        | 1.46.2-2                | wont-fix |
-    | High     | CVE-2020-22218 | libssh2-1     | 1.9.0-2                 | wont-fix |
-    | High     | CVE-2023-29491 | libtinfo6     | 6.2+20201114-2+deb11u1  | wont-fix |
-    | High     | CVE-2022-2309  | libxml2       | 2.9.10+dfsg-6.7+deb11u4 | wont-fix |
-    | High     | CVE-2022-4899  | libzstd1      | 1.4.8+dfsg-2.1          | wont-fix |
-    | High     | CVE-2022-1304  | logsave       | 1.46.2-2                | wont-fix |
-    | High     | CVE-2023-29491 | ncurses-base  | 6.2+20201114-2+deb11u1  | wont-fix |
-    | High     | CVE-2023-29491 | ncurses-bin   | 6.2+20201114-2+deb11u1  | wont-fix |
-    | High     | CVE-2023-31484 | perl-base     | 5.32.1-4+deb11u2        | wont-fix |
-    | High     | CVE-2020-16156 | perl-base     | 5.32.1-4+deb11u2        | wont-fix |
-    
-    Vulnerability summary - 161 vulnerabilities found:
-    Image: nginx:1.22-patched
-      * 3 Critical
-      * 24 High
-      * 31 Medium
-      * 103 Other
-
-    Most vulnerable components:
-      * curl (7.74.0-1.3+deb11u7) - 1 Critical, 4 High, 5 Medium, 1 Low, 3 Negligible
-      * libcurl4 (7.74.0-1.3+deb11u7) - 1 Critical, 4 High, 5 Medium, 1 Low, 3 Negligible
-      * libtiff5 (4.2.0-1+deb11u4) - 7 Medium, 10 Negligible, 2 Unknown
-      * libxml2 (2.9.10+dfsg-6.7+deb11u4) - 1 High, 2 Medium
-      * perl-base (5.32.1-4+deb11u2) - 2 High, 2 Negligible
-    
-    What now?
-    ─────────
-    * Run with '--verbose'/'-v' flag for detailed vulnerabilities view
-    * Install Kubescape in your cluster for continuous monitoring and a full vulnerability report: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-cloud-operator
-    ```
-
-## Limitations
-
- The patch command can only fix OS-level vulnerability. It cannot fix application-level vulnerabilities. This is a limitation of copa. The reason behind this is that application level vulnerabilities are best suited to be fixed by the developers of the application.
-Hence, this is not really a limitation but a design decision.
- No support for windows containers given the dependency on buildkit.
--- a/cmd/patch/patch.go
+++ b/cmd/patch/patch.go
@@ -1,145 +0,0 @@
-package patch
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-	"time"
-
-	"github.com/distribution/reference"
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/cmd/shared"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
-	"github.com/spf13/cobra"
-)
-
-var patchCmdExamples = fmt.Sprintf(`
-  # Patch the nginx:1.22 image
-  1) sudo buildkitd        # start buildkitd service, run in seperate terminal
-  2) sudo %[1]s patch --image docker.io/library/nginx:1.22   # patch the image
-
-  # The patch command can also be run without sudo privileges
-  # Documentation: https://github.com/kubescape/kubescape/tree/master/cmd/patch
-`, cautils.ExecName())
-
-func GetPatchCmd(ks meta.IKubescape) *cobra.Command {
-	var patchInfo metav1.PatchInfo
-	var scanInfo cautils.ScanInfo
-	var useDefaultMatchers bool
-
-	patchCmd := &cobra.Command{
-		Use:     "patch --image <image>:<tag> [flags]",
-		Short:   "Patch container images with vulnerabilities",
-		Long:    `Patch command is for automatically patching images with vulnerabilities.`,
-		Example: patchCmdExamples,
-		Args: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 0 {
-				return fmt.Errorf("the command takes no arguments")
-			}
-			return nil
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if err := shared.ValidateImageScanInfo(&scanInfo); err != nil {
-				return err
-			}
-
-			if err := validateImagePatchInfo(&patchInfo); err != nil {
-				return err
-			}
-
-			// Set the UseDefaultMatchers field in scanInfo
-			scanInfo.UseDefaultMatchers = useDefaultMatchers
-
-			exceedsSeverityThreshold, err := ks.Patch(&patchInfo, &scanInfo)
-			if err != nil {
-				return err
-			}
-
-			if exceedsSeverityThreshold {
-				shared.TerminateOnExceedingSeverity(&scanInfo, logger.L())
-			}
-
-			return nil
-		},
-	}
-
-	patchCmd.PersistentFlags().StringVarP(&patchInfo.Image, "image", "i", "", "Application image name and tag to patch")
-	patchCmd.PersistentFlags().StringVarP(&patchInfo.PatchedImageTag, "tag", "t", "", "Tag for the patched image. Defaults to '<image-tag>-patched' ")
-	patchCmd.PersistentFlags().StringVarP(&patchInfo.BuildkitAddress, "address", "a", "unix:///run/buildkit/buildkitd.sock", "Address of buildkitd service, defaults to local buildkitd.sock")
-	patchCmd.PersistentFlags().DurationVar(&patchInfo.Timeout, "timeout", 5*time.Minute, "Timeout for the operation, defaults to '5m'")
-	patchCmd.PersistentFlags().BoolVar(&patchInfo.IgnoreError, "ignore-errors", false, "Ignore errors and continue patching other images. Default to false")
-
-	patchCmd.PersistentFlags().StringVarP(&patchInfo.Username, "username", "u", "", "Username for registry login")
-	patchCmd.PersistentFlags().StringVarP(&patchInfo.Password, "password", "p", "", "Password for registry login")
-
-	patchCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "", `Output file format. Supported formats: "pretty-printer", "json", "sarif"`)
-	patchCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
-	patchCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display full report. Default to false")
-
-	patchCmd.PersistentFlags().StringVarP(&scanInfo.FailThresholdSeverity, "severity-threshold", "s", "", "Severity threshold is the severity of a vulnerability at which the command fails and returns exit code 1")
-	patchCmd.PersistentFlags().BoolVarP(&useDefaultMatchers, "use-default-matchers", "", true, "Use default matchers (true) or CPE matchers (false) for image scanning")
-
-	return patchCmd
-}
-
-// validateImagePatchInfo validates the image patch info for the `patch` command
-func validateImagePatchInfo(patchInfo *metav1.PatchInfo) error {
-
-	if patchInfo.Image == "" {
-		return errors.New("image tag is required")
-	}
-
-	// Convert image to canonical format (required by copacetic for patching images)
-	patchInfoImage, err := cautils.NormalizeImageName(patchInfo.Image)
-	if err != nil {
-		return nil
-	}
-
-	// Parse the image full name to get image name and tag
-	named, err := reference.ParseNamed(patchInfoImage)
-	if err != nil {
-		return err
-	}
-
-	// If no tag or digest is provided, default to 'latest'
-	if reference.IsNameOnly(named) {
-		logger.L().Warning("Image name has no tag or digest, using latest as tag")
-		named = reference.TagNameOnly(named)
-	}
-	patchInfo.Image = named.String()
-
-	// If no patched image tag is provided, default to '<image-tag>-patched'
-	if patchInfo.PatchedImageTag == "" {
-
-		taggedName, ok := named.(reference.Tagged)
-		if !ok {
-			return errors.New("unexpected error while parsing image tag")
-		}
-
-		patchInfo.ImageTag = taggedName.Tag()
-
-		if patchInfo.ImageTag == "" {
-			logger.L().Warning("No tag provided, defaulting to 'patched'")
-			patchInfo.PatchedImageTag = "patched"
-		} else {
-			patchInfo.PatchedImageTag = fmt.Sprintf("%s-%s", patchInfo.ImageTag, "patched")
-		}
-
-	}
-
-	// Extract the "image" name from the canonical Image URL
-	// If it's an official docker image, we store just the "image-name". Else if a docker repo then we store as "repo/image". Else complete URL
-	ref, _ := reference.ParseNormalizedNamed(patchInfo.Image)
-	imageName := named.Name()
-	if strings.Contains(imageName, "docker.io/library/") {
-		imageName = reference.Path(ref)
-		imageName = imageName[strings.LastIndex(imageName, "/")+1:]
-	} else if strings.Contains(imageName, "docker.io/") {
-		imageName = reference.Path(ref)
-	}
-	patchInfo.ImageName = imageName
-
-	return nil
-}
--- a/cmd/patch/patch_test.go
+++ b/cmd/patch/patch_test.go
@@ -1,69 +0,0 @@
-package patch
-
-import (
-	"testing"
-
-	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
-
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetPatchCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	cmd := GetPatchCmd(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "patch --image <image>:<tag> [flags]", cmd.Use)
-	assert.Equal(t, "Patch container images with vulnerabilities", cmd.Short)
-	assert.Equal(t, "Patch command is for automatically patching images with vulnerabilities.", cmd.Long)
-	assert.Equal(t, patchCmdExamples, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	assert.Nil(t, err)
-
-	err = cmd.Args(&cobra.Command{}, []string{"test"})
-	expectedErrorMessage := "the command takes no arguments"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.RunE(&cobra.Command{}, []string{})
-	expectedErrorMessage = "image tag is required"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.RunE(&cobra.Command{}, []string{"patch", "--image", "docker.io/library/nginx:1.22"})
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
-
-func TestGetPatchCmdWithNonExistentImage(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	// Call the GetPatchCmd function
-	cmd := GetPatchCmd(mockKubescape)
-
-	// Run the command with a non-existent image argument
-	err := cmd.RunE(&cobra.Command{}, []string{"patch", "--image", "non-existent-image"})
-
-	// Check that there is an error and the error message is as expected
-	expectedErrorMessage := "image tag is required"
-	assert.Error(t, err)
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
-
-func Test_validateImagePatchInfo_EmptyImage(t *testing.T) {
-	patchInfo := &metav1.PatchInfo{}
-	err := validateImagePatchInfo(patchInfo)
-	assert.NotNil(t, err)
-	assert.Equal(t, "image tag is required", err.Error())
-}
-
-func Test_validateImagePatchInfo_Image(t *testing.T) {
-	patchInfo := &metav1.PatchInfo{
-		Image: "testing",
-	}
-	err := validateImagePatchInfo(patchInfo)
-	assert.Nil(t, err)
-}
--- a/cmd/prerequisites/prerequisites.go
+++ b/cmd/prerequisites/prerequisites.go
@@ -1,51 +0,0 @@
-package prerequisites
-
-import (
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	"github.com/kubescape/sizing-checker/pkg/checks/connectivitycheck"
-	"github.com/kubescape/sizing-checker/pkg/checks/ebpfcheck"
-	"github.com/kubescape/sizing-checker/pkg/checks/pvcheck"
-	"github.com/kubescape/sizing-checker/pkg/checks/sizing"
-	"github.com/kubescape/sizing-checker/pkg/common"
-	"github.com/spf13/cobra"
-)
-
-func GetPreReqCmd(ks meta.IKubescape) *cobra.Command {
-	var kubeconfigPath *string
-
-	// preReqCmd represents the prerequisites command
-	preReqCmd := &cobra.Command{
-		Use:   "prerequisites",
-		Short: "Check prerequisites for installing Kubescape Operator",
-		Run: func(cmd *cobra.Command, args []string) {
-			clientSet, inCluster := common.BuildKubeClient(*kubeconfigPath)
-			if clientSet == nil {
-				logger.L().Fatal("Could not create kube client. Exiting.")
-			}
-
-			// 1) Collect cluster data
-			clusterData, err := common.CollectClusterData(ks.Context(), clientSet)
-			if err != nil {
-				logger.L().Error("Failed to collect cluster data", helpers.Error(err))
-			}
-
-			// 2) Run checks
-			sizingResult := sizing.RunSizingChecker(clusterData)
-			pvResult := pvcheck.RunPVProvisioningCheck(ks.Context(), clientSet, clusterData, inCluster)
-			connectivityResult := connectivitycheck.RunConnectivityChecks(ks.Context(), clientSet, clusterData, inCluster)
-			ebpfResult := ebpfcheck.RunEbpfCheck(ks.Context(), clientSet, clusterData, inCluster)
-
-			// 3) Build and export the final ReportData
-			finalReport := common.BuildReportData(clusterData, sizingResult, pvResult, connectivityResult, ebpfResult)
-			finalReport.InCluster = inCluster
-
-			common.GenerateOutput(finalReport, inCluster)
-		},
-	}
-
-	kubeconfigPath = preReqCmd.PersistentFlags().String("kubeconfig", "", "Path to the kubeconfig file. If not set, in-cluster config is used or $HOME/.kube/config if outside a cluster.")
-
-	return preReqCmd
-}
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -1,51 +1,47 @@
 package cmd

 import (
-	"context"
 	"fmt"
 	"strings"

-	"github.com/kubescape/go-logger"
+	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/k8s-interface/k8sinterface"
-	"github.com/kubescape/kubescape/v3/cmd/completion"
-	"github.com/kubescape/kubescape/v3/cmd/config"
-	"github.com/kubescape/kubescape/v3/cmd/download"
-	"github.com/kubescape/kubescape/v3/cmd/fix"
-	"github.com/kubescape/kubescape/v3/cmd/list"
-	"github.com/kubescape/kubescape/v3/cmd/mcpserver"
-	"github.com/kubescape/kubescape/v3/cmd/operator"
-	"github.com/kubescape/kubescape/v3/cmd/patch"
-	"github.com/kubescape/kubescape/v3/cmd/prerequisites"
-	"github.com/kubescape/kubescape/v3/cmd/scan"
-	"github.com/kubescape/kubescape/v3/cmd/update"
-	"github.com/kubescape/kubescape/v3/cmd/vap"
-	"github.com/kubescape/kubescape/v3/cmd/version"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/cautils/getter"
-	"github.com/kubescape/kubescape/v3/core/core"
-	"github.com/kubescape/kubescape/v3/core/meta"
+	"github.com/kubescape/kubescape/v2/cmd/completion"
+	"github.com/kubescape/kubescape/v2/cmd/config"
+	"github.com/kubescape/kubescape/v2/cmd/delete"
+	"github.com/kubescape/kubescape/v2/cmd/download"
+	"github.com/kubescape/kubescape/v2/cmd/fix"
+	"github.com/kubescape/kubescape/v2/cmd/list"
+	"github.com/kubescape/kubescape/v2/cmd/scan"
+	"github.com/kubescape/kubescape/v2/cmd/submit"
+	"github.com/kubescape/kubescape/v2/cmd/update"
+	"github.com/kubescape/kubescape/v2/cmd/version"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/core"
+	"github.com/kubescape/kubescape/v2/core/meta"
+
 	"github.com/spf13/cobra"
 )

 var rootInfo cautils.RootInfo

-var ksExamples = fmt.Sprintf(`
-  # Scan a Kubernetes cluster or YAML files for image vulnerabilities and misconfigurations
-  %[1]s scan
+var ksExamples = `
+  # Scan command
+  kubescape scan --submit

-  # List supported controls
-  %[1]s list controls
+  # List supported frameworks
+  kubescape list frameworks

  # Download artifacts (air-gapped environment support)
-  %[1]s download artifacts
+  kubescape download artifacts

  # View cached configurations
-  %[1]s config view
-`, cautils.ExecName())
+  kubescape config view
+`

-func NewDefaultKubescapeCommand(ctx context.Context) *cobra.Command {
-	ks := core.NewKubescape(ctx)
+func NewDefaultKubescapeCommand() *cobra.Command {
+	ks := core.NewKubescape()
 	return getRootCmd(ks)
 }

@@ -53,31 +49,13 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {

 	rootCmd := &cobra.Command{
 		Use:     "kubescape",
-		Short:   "Kubescape is a tool for testing Kubernetes security posture. Docs: https://kubescape.io/docs/",
+		Short:   "Kubescape is a tool for testing Kubernetes security posture. Docs: https://hub.armosec.io/docs",
 		Example: ksExamples,
-		PersistentPreRun: func(cmd *cobra.Command, args []string) {
-			k8sinterface.SetClusterContextName(rootInfo.KubeContext)
-			initLogger()
-			initLoggerLevel()
-			initEnvironment()
-			initCacheDir()
-		},
 	}

-	if cautils.IsKrewPlugin() {
-		// Invoked as a kubectl plugin.
-
-		// Cobra doesn't have a way to specify a two word command (i.e. "kubectl kubescape"), so set a custom usage template
-		// with kubectl in it. Cobra will use this template for the root and all child commands.
-		oldUsageTemplate := rootCmd.UsageTemplate()
-		newUsageTemplate := strings.NewReplacer("{{.UseLine}}", "kubectl {{.UseLine}}", "{{.CommandPath}}", "kubectl {{.CommandPath}}").Replace(oldUsageTemplate)
-		rootCmd.SetUsageTemplate(newUsageTemplate)
-	}
-
-	rootCmd.PersistentFlags().StringVar(&rootInfo.DiscoveryServerURL, "server", "", "Backend discovery server URL")
-
-	rootCmd.PersistentFlags().MarkDeprecated("environment", "'environment' is no longer supported, Use 'server' instead. Feel free to contact the Kubescape maintainers for more information.")
-	rootCmd.PersistentFlags().MarkDeprecated("env", "'env' is no longer supported, Use 'server' instead. Feel free to contact the Kubescape maintainers for more information.")
+	rootCmd.PersistentFlags().StringVar(&rootInfo.KSCloudBEURLsDep, "environment", "", envFlagUsage)
+	rootCmd.PersistentFlags().StringVar(&rootInfo.KSCloudBEURLs, "env", "", envFlagUsage)
+	rootCmd.PersistentFlags().MarkDeprecated("environment", "use 'env' instead")
 	rootCmd.PersistentFlags().MarkHidden("environment")
 	rootCmd.PersistentFlags().MarkHidden("env")

@@ -86,37 +64,27 @@ func getRootCmd(ks meta.IKubescape) *cobra.Command {

 	rootCmd.PersistentFlags().StringVarP(&rootInfo.Logger, "logger", "l", helpers.InfoLevel.String(), fmt.Sprintf("Logger level. Supported: %s [$KS_LOGGER]", strings.Join(helpers.SupportedLevels(), "/")))
 	rootCmd.PersistentFlags().StringVar(&rootInfo.CacheDir, "cache-dir", getter.DefaultLocalStore, "Cache directory [$KS_CACHE_DIR]")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.DisableColor, "disable-color", "", false, "Disable Color output for logging")
+	rootCmd.PersistentFlags().BoolVarP(&rootInfo.EnableColor, "enable-color", "", false, "Force enable Color output for logging")
+
+	cobra.OnInitialize(initLogger, initLoggerLevel, initEnvironment, initCacheDir)

-	rootCmd.PersistentFlags().StringVarP(&rootInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
 	// Supported commands
 	rootCmd.AddCommand(scan.GetScanCommand(ks))
-	rootCmd.AddCommand(download.GetDownloadCmd(ks))
+	rootCmd.AddCommand(download.GeDownloadCmd(ks))
+	rootCmd.AddCommand(delete.GetDeleteCmd(ks))
 	rootCmd.AddCommand(list.GetListCmd(ks))
+	rootCmd.AddCommand(submit.GetSubmitCmd(ks))
 	rootCmd.AddCommand(completion.GetCompletionCmd())
-	rootCmd.AddCommand(version.GetVersionCmd(ks))
+	rootCmd.AddCommand(version.GetVersionCmd())
 	rootCmd.AddCommand(config.GetConfigCmd(ks))
-	rootCmd.AddCommand(update.GetUpdateCmd(ks))
+	rootCmd.AddCommand(update.GetUpdateCmd())
 	rootCmd.AddCommand(fix.GetFixCmd(ks))
-	rootCmd.AddCommand(patch.GetPatchCmd(ks))
-	rootCmd.AddCommand(vap.GetVapHelperCmd())
-	rootCmd.AddCommand(operator.GetOperatorCmd(ks))
-	rootCmd.AddCommand(prerequisites.GetPreReqCmd(ks))
-	rootCmd.AddCommand(mcpserver.GetMCPServerCmd())
-
-	// deprecated commands
-	rootCmd.AddCommand(&cobra.Command{
-		Use:        "submit",
-		Deprecated: "This command is deprecated. Contact Kubescape maintainers for more information.",
-	})
-	rootCmd.AddCommand(&cobra.Command{
-		Use:        "delete",
-		Deprecated: "This command is deprecated. Contact Kubescape maintainers for more information.",
-	})

 	return rootCmd
 }

-func Execute(ctx context.Context) error {
-	ks := NewDefaultKubescapeCommand(ctx)
+func Execute() error {
+	ks := NewDefaultKubescapeCommand()
 	return ks.Execute()
 }
--- a/cmd/root_test.go
+++ b/cmd/root_test.go
@@ -1,24 +0,0 @@
-package cmd
-
-import (
-	"context"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestNewDefaultKubescapeCommand(t *testing.T) {
-	t.Run("NewDefaultKubescapeCommand", func(t *testing.T) {
-		cmd := NewDefaultKubescapeCommand(context.Background())
-		assert.NotNil(t, cmd)
-	})
-}
-
-func TestExecute(t *testing.T) {
-	t.Run("Execute", func(t *testing.T) {
-		err := Execute(context.Background())
-		if err != nil {
-			assert.EqualErrorf(t, err, "unknown command \"^\\\\QTestExecute\\\\E$\" for \"kubescape\"", err.Error())
-		}
-	})
-}
--- a/cmd/rootutils.go
+++ b/cmd/rootutils.go
@@ -5,34 +5,34 @@ import (
 	"os"
 	"strings"

-	v1 "github.com/kubescape/backend/pkg/client/v1"
-	"github.com/kubescape/backend/pkg/servicediscovery"
-	sdClientV2 "github.com/kubescape/backend/pkg/servicediscovery/v2"
-	"github.com/kubescape/go-logger"
+	logger "github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/go-logger/iconlogger"
-	"github.com/kubescape/go-logger/zaplogger"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+
 	"github.com/mattn/go-isatty"
 )

+const envFlagUsage = "Send report results to specific URL. Format:<ReportReceiver>,<Backend>,<Frontend>.\n\t\tExample:report.armo.cloud,api.armo.cloud,portal.armo.cloud"
+
 func initLogger() {
+	logger.DisableColor(rootInfo.DisableColor)
+	logger.EnableColor(rootInfo.EnableColor)
+
 	if rootInfo.LoggerName == "" {
 		if l := os.Getenv("KS_LOGGER_NAME"); l != "" {
 			rootInfo.LoggerName = l
 		} else {
 			if isatty.IsTerminal(os.Stdout.Fd()) {
-				rootInfo.LoggerName = iconlogger.LoggerName
+				rootInfo.LoggerName = "pretty"
 			} else {
-				rootInfo.LoggerName = zaplogger.LoggerName
+				rootInfo.LoggerName = "zap"
 			}
 		}
 	}

 	logger.InitLogger(rootInfo.LoggerName)
-}

+}
 func initLoggerLevel() {
 	if rootInfo.Logger == helpers.InfoLevel.String() {
 	} else if l := os.Getenv("KS_LOGGER"); l != "" {
@@ -56,51 +56,35 @@ func initCacheDir() {
 	logger.L().Debug("cache dir updated", helpers.String("path", getter.DefaultLocalStore))
 }
 func initEnvironment() {
-	if rootInfo.DiscoveryServerURL == "" {
-		return
+	if rootInfo.KSCloudBEURLs == "" {
+		rootInfo.KSCloudBEURLs = rootInfo.KSCloudBEURLsDep
 	}
-
-	logger.L().Debug("fetching URLs from service discovery server", helpers.String("server", rootInfo.DiscoveryServerURL))
-
-	client, err := sdClientV2.NewServiceDiscoveryClientV2(rootInfo.DiscoveryServerURL)
-	if err != nil {
-		logger.L().Fatal("failed to create service discovery client", helpers.Error(err), helpers.String("server", rootInfo.DiscoveryServerURL))
-		return
+	urlSlices := strings.Split(rootInfo.KSCloudBEURLs, ",")
+	if len(urlSlices) != 1 && len(urlSlices) < 3 {
+		logger.L().Fatal("expected at least 3 URLs (report, api, frontend, auth)")
 	}
-
-	services, err := servicediscovery.GetServices(
-		client,
-	)
-
-	if err != nil {
-		logger.L().Fatal("failed to get services from server", helpers.Error(err), helpers.String("server", rootInfo.DiscoveryServerURL))
-		return
+	switch len(urlSlices) {
+	case 1:
+		switch urlSlices[0] {
+		case "dev", "development":
+			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIDev())
+		case "stage", "staging":
+			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIStaging())
+		case "":
+			getter.SetKSCloudAPIConnector(getter.NewKSCloudAPIProd())
+		default:
+			logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+		}
+	case 2:
+		logger.L().Fatal("--environment flag usage: " + envFlagUsage)
+	case 3, 4:
+		var ksAuthURL string
+		ksEventReceiverURL := urlSlices[0] // mandatory
+		ksBackendURL := urlSlices[1]       // mandatory
+		ksFrontendURL := urlSlices[2]      // mandatory
+		if len(urlSlices) >= 4 {
+			ksAuthURL = urlSlices[3]
+		}
+		getter.SetKSCloudAPIConnector(getter.NewKSCloudAPICustomized(ksEventReceiverURL, ksBackendURL, ksFrontendURL, ksAuthURL))
 	}
-
-	logger.L().Debug("configuring service discovery URLs", helpers.String("cloudAPIURL", services.GetApiServerUrl()), helpers.String("cloudReportURL", services.GetReportReceiverHttpUrl()))
-
-	tenant := cautils.GetTenantConfig("", "", "", "", nil)
-	if services.GetApiServerUrl() != "" {
-		tenant.GetConfigObj().CloudAPIURL = services.GetApiServerUrl()
-	}
-	if services.GetReportReceiverHttpUrl() != "" {
-		tenant.GetConfigObj().CloudReportURL = services.GetReportReceiverHttpUrl()
-	}
-
-	if err = tenant.UpdateCachedConfig(); err != nil {
-		logger.L().Error("failed to update cached config", helpers.Error(err))
-	}
-
-	ksCloud, err := v1.NewKSCloudAPI(
-		services.GetApiServerUrl(),
-		services.GetReportReceiverHttpUrl(),
-		"",
-		"",
-	)
-	if err != nil {
-		logger.L().Fatal("failed to create KS Cloud client", helpers.Error(err))
-		return
-	}
-
-	getter.SetKSCloudAPIConnector(ksCloud)
 }
--- a/cmd/scan/control.go
+++ b/cmd/scan/control.go
@@ -6,38 +6,40 @@ import (
 	"os"
 	"strings"

-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/cmd/shared"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
+
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/meta"
+
+	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )

 var (
-	controlExample = fmt.Sprintf(`
+	controlExample = `
  # Scan the 'privileged container' control
-  %[1]s scan control "privileged container"
+  kubescape scan control "privileged container"
 	
  # Scan list of controls separated with a comma
-  %[1]s scan control "privileged container","HostPath mount"
+  kubescape scan control "privileged container","allowed hostpath"
  
  # Scan list of controls using the control ID separated with a comma
-  %[1]s scan control C-0058,C-0057
+  kubescape scan control C-0058,C-0057
  
-  Run '%[1]s list controls' for the list of supported controls
+  Run 'kubescape list controls' for the list of supported controls
  
  Control documentation:
-  https://kubescape.io/docs/controls/
-`, cautils.ExecName())
+  https://hub.armosec.io/docs/controls
+`
 )

 // controlCmd represents the control command
 func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
 	return &cobra.Command{
 		Use:     "control <control names list>/<control ids list>",
-		Short:   fmt.Sprintf("The controls you wish to use. Run '%[1]s list controls' for the list of supported controls", cautils.ExecName()),
+		Short:   "The controls you wish to use. Run 'kubescape list controls' for the list of supported controls",
 		Example: controlExample,
 		Args: func(cmd *cobra.Command, args []string) error {
 			if len(args) > 0 {
@@ -59,13 +61,13 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			if err := validateFrameworkScanInfo(scanInfo); err != nil {
 				return err
 			}
-
+			
 			// flagValidationControl(scanInfo)
 			scanInfo.PolicyIdentifier = []cautils.PolicyIdentifier{}

 			if len(args) == 0 {
 				scanInfo.ScanAll = true
-			} else { // expected control or list of control separated by ","
+			} else { // expected control or list of control sepparated by ","

 				// Read controls from input args
 				scanInfo.SetPolicyIdentifiers(strings.Split(args[0], ","), apisv1.KindControl)
@@ -89,7 +91,6 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			}

 			scanInfo.FrameworkScan = false
-			scanInfo.SetScanType(cautils.ScanTypeControl)

 			if err := validateControlScanInfo(scanInfo); err != nil {
 				return err
@@ -99,19 +100,16 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 			if err != nil {
 				logger.L().Fatal(err.Error())
 			}
-			if err := results.HandleResults(ks.Context(), scanInfo); err != nil {
+			if err := results.HandleResults(); err != nil {
 				logger.L().Fatal(err.Error())
 			}
 			if !scanInfo.VerboseMode {
-				logger.L().Info("Run with '--verbose'/'-v' flag for detailed resources view\n")
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
 			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
-			if results.GetComplianceScore() < float32(scanInfo.ComplianceThreshold) {
-				logger.L().Fatal("scan compliance-score is below permitted threshold", helpers.String("compliance score", fmt.Sprintf("%.2f", results.GetComplianceScore())), helpers.String("compliance-threshold", fmt.Sprintf("%.2f", scanInfo.ComplianceThreshold)))
-			}
-			enforceSeverityThresholds(results.GetResults().SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
+			enforceSeverityThresholds(&results.GetResults().SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)

 			return nil
 		},
@@ -122,11 +120,7 @@ func getControlCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comman
 func validateControlScanInfo(scanInfo *cautils.ScanInfo) error {
 	severity := scanInfo.FailThresholdSeverity

-	if scanInfo.Submit && scanInfo.OmitRawResources {
-		return fmt.Errorf("you can use `omit-raw-resources` or `submit`, but not both")
-	}
-
-	if err := shared.ValidateSeverity(severity); severity != "" && err != nil {
+	if err := validateSeverity(severity); severity != "" && err != nil {
 		return err
 	}
 	return nil
--- a/cmd/scan/control_test.go
+++ b/cmd/scan/control_test.go
@@ -1,60 +0,0 @@
-package scan
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetControlCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	scanInfo := cautils.ScanInfo{
-		AccountID: "new",
-	}
-
-	cmd := getControlCmd(mockKubescape, &scanInfo)
-
-	// Verify the command name and short description
-	assert.Equal(t, "control <control names list>/<control ids list>", cmd.Use)
-	assert.Equal(t, fmt.Sprintf("The controls you wish to use. Run '%[1]s list controls' for the list of supported controls", cautils.ExecName()), cmd.Short)
-	assert.Equal(t, controlExample, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage := "requires at least one control name"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.Args(&cobra.Command{}, []string{"C-0001,C-0002"})
-	assert.Nil(t, err)
-
-	err = cmd.Args(&cobra.Command{}, []string{"C-0001,C-0002,"})
-	expectedErrorMessage = "usage: <control-0>,<control-1>"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.RunE(&cobra.Command{}, []string{})
-	expectedErrorMessage = "bad argument: accound ID must be a valid UUID"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
-
-func TestGetControlCmdWithNonExistentControl(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	scanInfo := cautils.ScanInfo{
-		AccountID: "new",
-	}
-
-	// Call the GetControlCmd function
-	cmd := getControlCmd(mockKubescape, &scanInfo)
-
-	// Run the command with a non-existent control argument
-	err := cmd.RunE(&cobra.Command{}, []string{"control", "C-0001,C-0002"})
-
-	// Check that there is an error and the error message is as expected
-	expectedErrorMessage := "bad argument: accound ID must be a valid UUID"
-	assert.Error(t, err)
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
--- a/cmd/scan/framework.go
+++ b/cmd/scan/framework.go
@@ -5,52 +5,49 @@ import (
 	"fmt"
 	"io"
 	"os"
-	"slices"
 	"strings"

-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/cmd/shared"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/cautils/getter"
-	"github.com/kubescape/kubescape/v3/core/meta"
 	apisv1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
 	reporthandlingapis "github.com/kubescape/opa-utils/reporthandling/apis"
 	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
+
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/meta"
+
+	"github.com/enescakir/emoji"
 	"github.com/spf13/cobra"
 )

 var (
-	frameworkExample = fmt.Sprintf(`
-  # Scan all frameworks
-  %[1]s scan framework all
+	frameworkExample = `
+  # Scan all frameworks and submit the results
+  kubescape scan framework all --submit
  
  # Scan the NSA framework
-  %[1]s scan framework nsa
+  kubescape scan framework nsa
  
  # Scan the NSA and MITRE framework
-  %[1]s scan framework nsa,mitre
+  kubescape scan framework nsa,mitre
  
  # Scan all frameworks
-  %[1]s scan framework all
+  kubescape scan framework all

  # Scan kubernetes YAML manifest files (single file or glob)
-  %[1]s scan framework nsa .
+  kubescape scan framework nsa *.yaml

-  Run '%[1]s list frameworks' for the list of supported frameworks
-`, cautils.ExecName())
+  Run 'kubescape list frameworks' for the list of supported frameworks
+`

-	ErrSecurityViewNotSupported = errors.New("security view is not supported for framework scan")
-	ErrBadThreshold             = errors.New("bad argument: out of range threshold")
-	ErrKeepLocalOrSubmit        = errors.New("you can use `keep-local` or `submit`, but not both")
-	ErrOmitRawResourcesOrSubmit = errors.New("you can use `omit-raw-resources` or `submit`, but not both")
+	ErrUnknownSeverity = errors.New("unknown severity")
 )

 func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {

 	return &cobra.Command{
 		Use:     "framework <framework names list> [`<glob pattern>`/`-`] [flags]",
-		Short:   fmt.Sprintf("The framework you wish to use. Run '%[1]s list frameworks' for the list of supported frameworks", cautils.ExecName()),
+		Short:   "The framework you wish to use. Run 'kubescape list frameworks' for the list of supported frameworks",
 		Example: frameworkExample,
 		Long:    "Execute a scan on a running Kubernetes cluster or `yaml`/`json` files (use glob) or `-` for stdin",
 		Args: func(cmd *cobra.Command, args []string) error {
@@ -75,25 +72,20 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 			}
 			scanInfo.FrameworkScan = true

-			// We do not scan all frameworks by default when triggering scan from the CLI
-			scanInfo.ScanAll = false
-
 			var frameworks []string

-			if len(args) == 0 {
+			if len(args) == 0 { // scan all frameworks
 				scanInfo.ScanAll = true
 			} else {
 				// Read frameworks from input args
 				frameworks = strings.Split(args[0], ",")
-				if slices.Contains(frameworks, "all") {
+				if cautils.StringInSlice(frameworks, "all") != cautils.ValueNotFound {
 					scanInfo.ScanAll = true
-					frameworks = getter.NativeFrameworks
-
+					frameworks = []string{}
 				}
 				if len(args) > 1 {
-					if args[1] != "-" {
+					if len(args[1:]) == 0 || args[1] != "-" {
 						scanInfo.InputPatterns = args[1:]
-						logger.L().Debug("List of input files", helpers.Interface("patterns", scanInfo.InputPatterns))
 					} else { // store stdin to file - do NOT move to separate function !!
 						tempFile, err := os.CreateTemp(".", "tmp-kubescape*.yaml")
 						if err != nil {
@@ -108,7 +100,7 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 					}
 				}
 			}
-			scanInfo.SetScanType(cautils.ScanTypeFramework)
+			scanInfo.FrameworkScan = true

 			scanInfo.SetPolicyIdentifiers(frameworks, apisv1.KindFramework)

@@ -117,28 +109,26 @@ func getFrameworkCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Comm
 				logger.L().Fatal(err.Error())
 			}

-			if err = results.HandleResults(ks.Context(), scanInfo); err != nil {
+			if err = results.HandleResults(); err != nil {
 				logger.L().Fatal(err.Error())
 			}
-
+			if !scanInfo.VerboseMode {
+				cautils.SimpleDisplay(os.Stderr, "%s  Run with '--verbose'/'-v' flag for detailed resources view\n\n", emoji.Detective)
+			}
 			if results.GetRiskScore() > float32(scanInfo.FailThreshold) {
 				logger.L().Fatal("scan risk-score is above permitted threshold", helpers.String("risk-score", fmt.Sprintf("%.2f", results.GetRiskScore())), helpers.String("fail-threshold", fmt.Sprintf("%.2f", scanInfo.FailThreshold)))
 			}
-			if results.GetComplianceScore() < float32(scanInfo.ComplianceThreshold) {
-				logger.L().Fatal("scan compliance-score is below permitted threshold", helpers.String("compliance-score", fmt.Sprintf("%.2f", results.GetComplianceScore())), helpers.String("compliance-threshold", fmt.Sprintf("%.2f", scanInfo.ComplianceThreshold)))
-			}

-			enforceSeverityThresholds(results.GetData().Report.SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
+			enforceSeverityThresholds(&results.GetData().Report.SummaryDetails.SeverityCounters, scanInfo, terminateOnExceedingSeverity)
 			return nil
 		},
 	}
-
 }

 // countersExceedSeverityThreshold returns true if severity of failed controls exceed the set severity threshold, else returns false
 func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo) (bool, error) {
 	targetSeverity := scanInfo.FailThresholdSeverity
-	if err := shared.ValidateSeverity(targetSeverity); err != nil {
+	if err := validateSeverity(targetSeverity); err != nil {
 		return false, err
 	}

@@ -146,10 +136,10 @@ func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCou
 		SeverityName       string
 		GetFailedResources func() int
 	}{
-		{reporthandlingapis.SeverityLowString, severityCounters.NumberOfLowSeverity},
-		{reporthandlingapis.SeverityMediumString, severityCounters.NumberOfMediumSeverity},
-		{reporthandlingapis.SeverityHighString, severityCounters.NumberOfHighSeverity},
-		{reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfCriticalSeverity},
+		{reporthandlingapis.SeverityLowString, severityCounters.NumberOfResourcesWithLowSeverity},
+		{reporthandlingapis.SeverityMediumString, severityCounters.NumberOfResourcesWithMediumSeverity},
+		{reporthandlingapis.SeverityHighString, severityCounters.NumberOfResourcesWithHighSeverity},
+		{reporthandlingapis.SeverityCriticalString, severityCounters.NumberOfResourcesWithCriticalSeverity},
 	}

 	targetSeverityIdx := 0
@@ -172,14 +162,14 @@ func countersExceedSeverityThreshold(severityCounters reportsummary.ISeverityCou
 }

 // terminateOnExceedingSeverity terminates the application on exceeding severity
-func terminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l helpers.ILogger) {
-	l.Fatal("compliance result exceeds severity threshold", helpers.String("set severity threshold", scanInfo.FailThresholdSeverity))
+func terminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l logger.ILogger) {
+	l.Fatal("result exceeds severity threshold", helpers.String("set severity threshold", scanInfo.FailThresholdSeverity))
 }

 // enforceSeverityThresholds ensures that the scan results are below the defined severity threshold
 //
 // The function forces the application to terminate with an exit code 1 if at least one control failed control that exceeds the set severity threshold
-func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo, onExceed func(*cautils.ScanInfo, helpers.ILogger)) {
+func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters, scanInfo *cautils.ScanInfo, onExceed func(*cautils.ScanInfo, logger.ILogger)) {
 	// If a severity threshold is not set, we don’t need to enforce it
 	if scanInfo.FailThresholdSeverity == "" {
 		return
@@ -192,29 +182,31 @@ func enforceSeverityThresholds(severityCounters reportsummary.ISeverityCounters,
 	}
 }

+// validateSeverity returns an error if a given severity is not known, nil otherwise
+func validateSeverity(severity string) error {
+	for _, val := range reporthandlingapis.GetSupportedSeverities() {
+		if strings.EqualFold(severity, val) {
+			return nil
+		}
+	}
+	return ErrUnknownSeverity
+
+}
+
 // validateFrameworkScanInfo validates the scan info struct for the `scan framework` command
 func validateFrameworkScanInfo(scanInfo *cautils.ScanInfo) error {
-	if scanInfo.View == string(cautils.SecurityViewType) {
-		scanInfo.View = string(cautils.ResourceViewType)
-	}
-
 	if scanInfo.Submit && scanInfo.Local {
-		return ErrKeepLocalOrSubmit
-	}
-	if 100 < scanInfo.ComplianceThreshold || 0 > scanInfo.ComplianceThreshold {
-		return ErrBadThreshold
+		return fmt.Errorf("you can use `keep-local` or `submit`, but not both")
 	}
 	if 100 < scanInfo.FailThreshold || 0 > scanInfo.FailThreshold {
-		return ErrBadThreshold
-	}
-	if scanInfo.Submit && scanInfo.OmitRawResources {
-		return ErrOmitRawResourcesOrSubmit
+		return fmt.Errorf("bad argument: out of range threshold")
 	}
+
 	severity := scanInfo.FailThresholdSeverity
-	if err := shared.ValidateSeverity(severity); severity != "" && err != nil {
+	if err := validateSeverity(severity); severity != "" && err != nil {
 		return err
 	}

 	// Validate the user's credentials
-	return cautils.ValidateAccountID(scanInfo.AccountID)
+	return scanInfo.Credentials.Validate()
 }
--- a/cmd/scan/framework_test.go
+++ b/cmd/scan/framework_test.go
@@ -1,60 +0,0 @@
-package scan
-
-import (
-	"fmt"
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetFrameworkCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	scanInfo := cautils.ScanInfo{
-		AccountID: "new",
-	}
-
-	cmd := getFrameworkCmd(mockKubescape, &scanInfo)
-
-	// Verify the command name and short description
-	assert.Equal(t, "framework <framework names list> [`<glob pattern>`/`-`] [flags]", cmd.Use)
-	assert.Equal(t, fmt.Sprintf("The framework you wish to use. Run '%[1]s list frameworks' for the list of supported frameworks", cautils.ExecName()), cmd.Short)
-	assert.Equal(t, frameworkExample, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage := "requires at least one framework name"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.Args(&cobra.Command{}, []string{"nsa,mitre"})
-	assert.Nil(t, err)
-
-	err = cmd.Args(&cobra.Command{}, []string{"nsa,mitre,"})
-	expectedErrorMessage = "usage: <framework-0>,<framework-1>"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.RunE(&cobra.Command{}, []string{})
-	expectedErrorMessage = "bad argument: accound ID must be a valid UUID"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
-
-func TestGetFrameworkCmdWithNonExistentFramework(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	scanInfo := cautils.ScanInfo{
-		AccountID: "new",
-	}
-
-	// Call the GetFrameworkCmd function
-	cmd := getFrameworkCmd(mockKubescape, &scanInfo)
-
-	// Run the command with a non-existent framework argument
-	err := cmd.RunE(&cobra.Command{}, []string{"framework", "nsa,mitre"})
-
-	// Check that there is an error and the error message is as expected
-	expectedErrorMessage := "bad argument: accound ID must be a valid UUID"
-	assert.Error(t, err)
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
--- a/cmd/scan/image.go
+++ b/cmd/scan/image.go
@@ -1,84 +0,0 @@
-package scan
-
-import (
-	"fmt"
-
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/cmd/shared"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	metav1 "github.com/kubescape/kubescape/v3/core/meta/datastructures/v1"
-	"github.com/spf13/cobra"
-)
-
-// TODO(vladklokun): document image scanning on the Kubescape Docs Hub?
-var (
-	imageExample = fmt.Sprintf(`
-  Scan an image for vulnerabilities. 
-
-  # Scan the 'nginx' image
-  %[1]s scan image "nginx"
-
-  # Scan the 'nginx' image and see the full report 
-  %[1]s scan image "nginx" -v
-
-  # Scan the 'nginx' image and use exceptions
-  %[1]s scan image "nginx" --exceptions exceptions.json
-
-`, cautils.ExecName())
-)
-
-// getImageCmd returns the scan image command
-func getImageCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
-	var imgCredentials shared.ImageCredentials
-	var exceptions string
-	var useDefaultMatchers bool
-
-	cmd := &cobra.Command{
-		Use:     "image <image>:<tag> [flags]",
-		Short:   "Scan an image for vulnerabilities",
-		Example: imageExample,
-		Args: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 1 {
-				return fmt.Errorf("the command takes exactly one image name as an argument")
-			}
-			return nil
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 1 {
-				return fmt.Errorf("the command takes exactly one image name as an argument")
-			}
-
-			if err := shared.ValidateImageScanInfo(scanInfo); err != nil {
-				return err
-			}
-
-			imgScanInfo := &metav1.ImageScanInfo{
-				Image:              args[0],
-				Username:           imgCredentials.Username,
-				Password:           imgCredentials.Password,
-				Exceptions:         exceptions,
-				UseDefaultMatchers: useDefaultMatchers,
-			}
-
-			exceedsSeverityThreshold, err := ks.ScanImage(imgScanInfo, scanInfo)
-			if err != nil {
-				return err
-			}
-
-			if exceedsSeverityThreshold {
-				shared.TerminateOnExceedingSeverity(scanInfo, logger.L())
-			}
-
-			return nil
-		},
-	}
-
-	// The exceptions flag
-	cmd.PersistentFlags().StringVarP(&exceptions, "exceptions", "", "", "Path to the exceptions file")
-	cmd.PersistentFlags().StringVarP(&imgCredentials.Username, "username", "u", "", "Username for registry login")
-	cmd.PersistentFlags().StringVarP(&imgCredentials.Password, "password", "p", "", "Password for registry login")
-	cmd.PersistentFlags().BoolVarP(&useDefaultMatchers, "use-default-matchers", "", true, "Use default matchers (true) or CPE matchers (false)")
-
-	return cmd
-}
--- a/cmd/scan/image_test.go
+++ b/cmd/scan/image_test.go
@@ -1,35 +0,0 @@
-package scan
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetImageCmd(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	scanInfo := cautils.ScanInfo{
-		AccountID: "new",
-	}
-
-	cmd := getImageCmd(mockKubescape, &scanInfo)
-
-	// Verify the command name and short description
-	assert.Equal(t, "image <image>:<tag> [flags]", cmd.Use)
-	assert.Equal(t, "Scan an image for vulnerabilities", cmd.Short)
-	assert.Equal(t, imageExample, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage := "the command takes exactly one image name as an argument"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.Args(&cobra.Command{}, []string{"nginx"})
-	assert.Nil(t, err)
-
-	err = cmd.RunE(&cobra.Command{}, []string{})
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
--- a/cmd/scan/scan.go
+++ b/cmd/scan/scan.go
@@ -3,34 +3,32 @@ package scan
 import (
 	"flag"
 	"fmt"
-	"strings"

-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/cautils/getter"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/meta"
 	"github.com/spf13/cobra"
 )

-var scanCmdExamples = fmt.Sprintf(`
-  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defined frameworks
+var scanCmdExamples = `
+  Scan command is for scanning an existing cluster or kubernetes manifest files based on pre-defined frameworks 
+  
+  # Scan current cluster with all frameworks
+  kubescape scan --enable-host-scan --verbose

-  # Scan current cluster
-  %[1]s scan
-
-  # Scan kubernetes manifest files
-  %[1]s scan .
+  # Scan kubernetes YAML manifest files
+  kubescape scan *.yaml

  # Scan and save the results in the JSON format
-  %[1]s scan --format json --output results.json
+  kubescape scan --format json --output results.json

  # Display all resources
-  %[1]s scan --verbose
+  kubescape scan --verbose

-  # Scan different clusters from the kubectl context
-  %[1]s scan --kube-context <kubernetes context>
-`, cautils.ExecName())
+  # Scan different clusters from the kubectl context 
+  kubescape scan --kube-context <kubernetes context>
+  
+`

 func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	var scanInfo cautils.ScanInfo
@@ -38,70 +36,63 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	// scanCmd represents the scan command
 	scanCmd := &cobra.Command{
 		Use:     "scan",
-		Short:   "Scan a Kubernetes cluster or YAML files for image vulnerabilities and misconfigurations",
+		Short:   "Scan the current running cluster or yaml files",
 		Long:    `The action you want to perform`,
 		Example: scanCmdExamples,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			if scanInfo.View == string(cautils.SecurityViewType) {
-				setSecurityViewScanInfo(args, &scanInfo)
-
-				if err := securityScan(scanInfo, ks); err != nil {
-					logger.L().Fatal(err.Error())
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) > 0 {
+				if args[0] != "framework" && args[0] != "control" {
+					scanInfo.ScanAll = true
+					return getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{"all"}, args...))
 				}
-			} else if len(args) == 0 || (args[0] != "framework" && args[0] != "control") {
-				if err := getFrameworkCmd(ks, &scanInfo).RunE(cmd, append([]string{strings.Join(getter.NativeFrameworks, ",")}, args...)); err != nil {
-					logger.L().Fatal(err.Error())
-				}
-			} else {
-				return fmt.Errorf("kubescape did not do anything")
 			}
-
 			return nil
 		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if len(args) == 0 {
+				scanInfo.ScanAll = true
+				return getFrameworkCmd(ks, &scanInfo).RunE(cmd, []string{"all"})
+			}
+			return nil
+		},
+		PreRun: func(cmd *cobra.Command, args []string) {
+			k8sinterface.SetClusterContextName(scanInfo.KubeContext)
+		},
 		PostRun: func(cmd *cobra.Command, args []string) {
 			// TODO - revert context
 		},
 	}

-	scanInfo.TriggeredByCLI = true
-
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.AccountID, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.AccessKey, "access-key", "", "", "Kubescape SaaS access key. Default will load access key from cache")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.KubeContext, "kube-context", "", "", "Kube context. Default will use the current-context")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.ControlsInputs, "controls-config", "", "Path to an controls-config obj. If not set will download controls-config from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseExceptions, "exceptions", "", "Path to an exceptions obj. If not set will download exceptions from ARMO management portal")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.UseArtifactsFrom, "use-artifacts-from", "", "Load artifacts from local directory. If not used will download them")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. e.g: --exclude-namespaces ns-a,ns-b. Notice, when running with `exclude-namespace` kubescape does not scan cluster-scoped objects.")
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.ExcludedNamespaces, "exclude-namespaces", "e", "", "Namespaces to exclude from scanning. Notice, when running with `exclude-namespace` kubescape does not scan cluster-scoped objects.")

 	scanCmd.PersistentFlags().Float32VarP(&scanInfo.FailThreshold, "fail-threshold", "t", 100, "Failure threshold is the percent above which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().Float32VarP(&scanInfo.ComplianceThreshold, "compliance-threshold", "", 0, "Compliance threshold is the percent below which the command fails and returns exit code 1")

 	scanCmd.PersistentFlags().StringVar(&scanInfo.FailThresholdSeverity, "severity-threshold", "", "Severity threshold is the severity of failed controls at which the command fails and returns exit code 1")
-	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output file format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html", "sarif"`)
+	scanCmd.PersistentFlags().StringVarP(&scanInfo.Format, "format", "f", "pretty-printer", `Output format. Supported formats: "pretty-printer", "json", "junit", "prometheus", "pdf", "html", "sarif"`)
 	scanCmd.PersistentFlags().StringVar(&scanInfo.IncludeNamespaces, "include-namespaces", "", "scan specific namespaces. e.g: --include-namespaces ns-a,ns-b")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Local, "keep-local", "", false, "If you do not want your Kubescape results reported to configured backend.")
 	scanCmd.PersistentFlags().StringVarP(&scanInfo.Output, "output", "o", "", "Output file. Print output to file and not stdout")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.VerboseMode, "verbose", "v", false, "Display all of the input resources and not only failed resources")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.View, "view", string(cautils.SecurityViewType), fmt.Sprintf("View results based on the %s/%s/%s. default is --view=%s", cautils.ResourceViewType, cautils.ControlViewType, cautils.SecurityViewType, cautils.SecurityViewType))
+	scanCmd.PersistentFlags().StringVar(&scanInfo.View, "view", string(cautils.ResourceViewType), fmt.Sprintf("View results based on the %s/%s. default is --view=%s", cautils.ResourceViewType, cautils.ControlViewType, cautils.ResourceViewType))
 	scanCmd.PersistentFlags().BoolVar(&scanInfo.UseDefault, "use-default", false, "Load local policy object from default path. If not used will download latest")
 	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.UseFrom, "use-from", nil, "Load local policy object from specified path. If not used will download latest")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.HostSensorYamlPath, "host-scan-yaml", "", "Override default host scanner DaemonSet. Use this flag cautiously")
-	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v2", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+	scanCmd.PersistentFlags().StringVar(&scanInfo.FormatVersion, "format-version", "v1", "Output object can be different between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
 	scanCmd.PersistentFlags().StringVar(&scanInfo.CustomClusterName, "cluster-name", "", "Set the custom name of the cluster. Not same as the kube-context flag")
 	scanCmd.PersistentFlags().BoolVarP(&scanInfo.Submit, "submit", "", false, "Submit the scan results to Kubescape SaaS where you can see the results in a user-friendly UI, choose your preferred compliance framework, check risk results history and trends, manage exceptions, get remediation recommendations and much more. By default the results are not submitted")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.OmitRawResources, "omit-raw-resources", "", false, "Omit raw resources from the output. By default the raw resources are included in the output")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.PrintAttackTree, "print-attack-tree", "", false, "Print attack tree")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.EnableRegoPrint, "enable-rego-prints", "", false, "Enable sending to rego prints to the logs (use with debug log level: -l debug)")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.ScanImages, "scan-images", "", false, "Scan resources images")
-	scanCmd.PersistentFlags().BoolVarP(&scanInfo.UseDefaultMatchers, "use-default-matchers", "", true, "Use default matchers (true) or CPE matchers (false) for image scanning")
-	scanCmd.PersistentFlags().StringSliceVar(&scanInfo.LabelsToCopy, "labels-to-copy", nil, "Labels to copy from workloads to scan reports for easy identification. e.g: --labels-to-copy=app,team,environment")

-	scanCmd.PersistentFlags().MarkDeprecated("fail-threshold", "use '--compliance-threshold' flag instead. Flag will be removed at 1.Dec.2023")
-	scanCmd.PersistentFlags().MarkDeprecated("create-account", "Create account is no longer supported. In case of a missing Account ID and a configured backend server, a new account id will be generated automatically by Kubescape. Feel free to contact the Kubescape maintainers for more information.")
+	scanCmd.PersistentFlags().MarkDeprecated("silent", "use '--logger' flag instead. Flag will be removed at 1.May.2022")

 	// hidden flags
-	scanCmd.PersistentFlags().MarkHidden("omit-raw-resources")
-	scanCmd.PersistentFlags().MarkHidden("print-attack-tree")
-	scanCmd.PersistentFlags().MarkHidden("format-version")
+	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes

 	// Retrieve --kubeconfig flag from https://github.com/kubernetes/kubectl/blob/master/pkg/cmd/cmd.go
 	scanCmd.PersistentFlags().AddGoFlag(flag.Lookup("kubeconfig"))
@@ -109,43 +100,9 @@ func GetScanCommand(ks meta.IKubescape) *cobra.Command {
 	hostF := scanCmd.PersistentFlags().VarPF(&scanInfo.HostSensorEnabled, "enable-host-scan", "", "Deploy Kubescape host-sensor daemonset in the scanned cluster. Deleting it right after we collecting the data. Required to collect valuable data from cluster nodes for certain controls. Yaml file: https://github.com/kubescape/kubescape/blob/master/core/pkg/hostsensorutils/hostsensor.yaml")
 	hostF.NoOptDefVal = "true"
 	hostF.DefValue = "false, for no TTY in stdin"
-	scanCmd.PersistentFlags().MarkHidden("enable-host-scan")
-	scanCmd.PersistentFlags().MarkDeprecated("enable-host-scan", "To activate the host scanner capability, proceed with the installation of the kubescape operator chart found here: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator. The flag will be removed at 1.Dec.2023")
-
-	scanCmd.PersistentFlags().MarkHidden("host-scan-yaml") // this flag should be used very cautiously. We prefer users will not use it at all unless the DaemonSet can not run pods on the nodes
-	scanCmd.PersistentFlags().MarkDeprecated("host-scan-yaml", "To activate the host scanner capability, proceed with the installation of the kubescape operator chart found here: https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator. The flag will be removed at 1.Dec.2023")

 	scanCmd.AddCommand(getControlCmd(ks, &scanInfo))
 	scanCmd.AddCommand(getFrameworkCmd(ks, &scanInfo))
-	scanCmd.AddCommand(getWorkloadCmd(ks, &scanInfo))
-
-	scanCmd.AddCommand(getImageCmd(ks, &scanInfo))

 	return scanCmd
 }
-
-func setSecurityViewScanInfo(args []string, scanInfo *cautils.ScanInfo) {
-	if len(args) > 0 {
-		scanInfo.SetScanType(cautils.ScanTypeRepo)
-		scanInfo.InputPatterns = args
-		scanInfo.SetPolicyIdentifiers([]string{"workloadscan", "allcontrols"}, v1.KindFramework)
-	} else {
-		scanInfo.SetScanType(cautils.ScanTypeCluster)
-		scanInfo.SetPolicyIdentifiers([]string{"clusterscan", "mitre", "nsa"}, v1.KindFramework)
-	}
-}
-
-func securityScan(scanInfo cautils.ScanInfo, ks meta.IKubescape) error {
-	results, err := ks.Scan(&scanInfo)
-	if err != nil {
-		return err
-	}
-
-	if err = results.HandleResults(ks.Context(), &scanInfo); err != nil {
-		return err
-	}
-
-	enforceSeverityThresholds(results.GetData().Report.SummaryDetails.GetResourcesSeverityCounters(), &scanInfo, terminateOnExceedingSeverity)
-
-	return nil
-}
--- a/cmd/scan/scan_test.go
+++ b/cmd/scan/scan_test.go
@@ -1,20 +1,16 @@
 package scan

 import (
-	"context"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/opa-utils/reporthandling/apis"
+	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
+
 	"os"
 	"reflect"
 	"testing"
-	"time"
-
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/cmd/shared"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
-	"github.com/kubescape/opa-utils/reporthandling/apis"
-	"github.com/kubescape/opa-utils/reporthandling/results/v1/reportsummary"
-	"github.com/stretchr/testify/assert"
 )

 func TestExceedsSeverity(t *testing.T) {
@@ -28,93 +24,93 @@ func TestExceedsSeverity(t *testing.T) {
 		{
 			Description:      "Critical failed resource should exceed Critical threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
-			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Critical failed resource should exceed Critical threshold set as constant",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
-			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource should not exceed Critical threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "critical"},
-			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource does not exceed High threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "high"},
-			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource exceeds Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Low failed resource does not exceed Medium threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "medium"},
-			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
 			Want:             false,
 		},
 		{
 			Description:      "Critical failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "High failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{HighSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithHighSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Medium failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{MediumSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithMediumSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Low failed resource exceeds Low threshold",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "low"},
-			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
 			Want:             true,
 		},
 		{
 			Description:      "Unknown severity returns an error",
 			ScanInfo:         &cautils.ScanInfo{FailThresholdSeverity: "unknown"},
-			SeverityCounters: &reportsummary.SeverityCounters{LowSeverityCounter: 1},
+			SeverityCounters: &reportsummary.SeverityCounters{ResourcesWithLowSeverityCounter: 1},
 			Want:             false,
-			Error:            shared.ErrUnknownSeverity,
+			Error:            ErrUnknownSeverity,
 		},
 	}

@@ -143,7 +139,7 @@ func Test_enforceSeverityThresholds(t *testing.T) {
 	}{
 		{
 			"Exceeding Critical severity counter should call the terminating function",
-			&reportsummary.SeverityCounters{CriticalSeverityCounter: 1},
+			&reportsummary.SeverityCounters{ResourcesWithCriticalSeverityCounter: 1},
 			&cautils.ScanInfo{FailThresholdSeverity: apis.SeverityCriticalString},
 			true,
 		},
@@ -164,7 +160,7 @@ func Test_enforceSeverityThresholds(t *testing.T) {
 				want := tc.Want

 				got := false
-				onExceed := func(*cautils.ScanInfo, helpers.ILogger) {
+				onExceed := func(*cautils.ScanInfo, logger.ILogger) {
 					got = true
 				}

@@ -187,23 +183,16 @@ type spyLogger struct {
 	setItems []spyLogMessage
 }

-var _ helpers.ILogger = &spyLogger{}
-
-func (l *spyLogger) Error(msg string, details ...helpers.IDetails)                    {}
-func (l *spyLogger) Success(msg string, details ...helpers.IDetails)                  {}
-func (l *spyLogger) Warning(msg string, details ...helpers.IDetails)                  {}
-func (l *spyLogger) Info(msg string, details ...helpers.IDetails)                     {}
-func (l *spyLogger) Debug(msg string, details ...helpers.IDetails)                    {}
-func (l *spyLogger) SetLevel(level string) error                                      { return nil }
-func (l *spyLogger) GetLevel() string                                                 { return "" }
-func (l *spyLogger) SetWriter(w *os.File)                                             {}
-func (l *spyLogger) GetWriter() *os.File                                              { return &os.File{} }
-func (l *spyLogger) LoggerName() string                                               { return "" }
-func (l *spyLogger) Ctx(_ context.Context) helpers.ILogger                            { return l }
-func (l *spyLogger) Start(msg string, details ...helpers.IDetails)                    {}
-func (l *spyLogger) StopSuccess(msg string, details ...helpers.IDetails)              {}
-func (l *spyLogger) StopError(msg string, details ...helpers.IDetails)                {}
-func (l *spyLogger) TimedWrapper(funcName string, timeout time.Duration, task func()) {}
+func (l *spyLogger) Error(msg string, details ...helpers.IDetails)   {}
+func (l *spyLogger) Success(msg string, details ...helpers.IDetails) {}
+func (l *spyLogger) Warning(msg string, details ...helpers.IDetails) {}
+func (l *spyLogger) Info(msg string, details ...helpers.IDetails)    {}
+func (l *spyLogger) Debug(msg string, details ...helpers.IDetails)   {}
+func (l *spyLogger) SetLevel(level string) error                     { return nil }
+func (l *spyLogger) GetLevel() string                                { return "" }
+func (l *spyLogger) SetWriter(w *os.File)                            {}
+func (l *spyLogger) GetWriter() *os.File                             { return &os.File{} }
+func (l *spyLogger) LoggerName() string                              { return "" }

 func (l *spyLogger) Fatal(msg string, details ...helpers.IDetails) {
 	firstDetail := details[0]
@@ -218,7 +207,7 @@ func (l *spyLogger) GetSpiedItems() []spyLogMessage {
 }

 func Test_terminateOnExceedingSeverity(t *testing.T) {
-	expectedMessage := "compliance result exceeds severity threshold"
+	expectedMessage := "result exceeds severity threshold"
 	expectedKey := "set severity threshold"

 	testCases := []struct {
@@ -263,115 +252,3 @@ func Test_terminateOnExceedingSeverity(t *testing.T) {
 		)
 	}
 }
-
-func TestSetSecurityViewScanInfo(t *testing.T) {
-	tests := []struct {
-		name string
-		args []string
-		want *cautils.ScanInfo
-	}{
-		{
-			name: "no args",
-			args: []string{},
-			want: &cautils.ScanInfo{
-				InputPatterns: []string{},
-				ScanType:      cautils.ScanTypeCluster,
-				PolicyIdentifier: []cautils.PolicyIdentifier{
-					{
-						Kind:       v1.KindFramework,
-						Identifier: "clusterscan",
-					},
-					{
-						Kind:       v1.KindFramework,
-						Identifier: "mitre",
-					},
-					{
-						Kind:       v1.KindFramework,
-						Identifier: "nsa",
-					},
-				},
-			},
-		},
-		{
-			name: "with args",
-			args: []string{
-				"file.yaml",
-				"file2.yaml",
-			},
-			want: &cautils.ScanInfo{
-				ScanType: cautils.ScanTypeRepo,
-				InputPatterns: []string{
-					"file.yaml",
-					"file2.yaml",
-				},
-				PolicyIdentifier: []cautils.PolicyIdentifier{
-					{
-						Kind:       v1.KindFramework,
-						Identifier: "workloadscan",
-					},
-					{
-						Kind:       v1.KindFramework,
-						Identifier: "allcontrols",
-					},
-				},
-			},
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := &cautils.ScanInfo{
-				View: string(cautils.SecurityViewType),
-			}
-			setSecurityViewScanInfo(tt.args, got)
-
-			if len(tt.want.InputPatterns) != len(got.InputPatterns) {
-				t.Errorf("in test: %s, got: %v, want: %v", tt.name, got.InputPatterns, tt.want.InputPatterns)
-			}
-
-			if tt.want.ScanType != got.ScanType {
-				t.Errorf("in test: %s, got: %v, want: %v", tt.name, got.ScanType, tt.want.ScanType)
-			}
-
-			for i := range tt.want.InputPatterns {
-				found := false
-				for j := range tt.want.InputPatterns[i] {
-					if tt.want.InputPatterns[i][j] == got.InputPatterns[i][j] {
-						found = true
-						break
-					}
-				}
-				if !found {
-					t.Errorf("in test: %s, got: %v, want: %v", tt.name, got.InputPatterns, tt.want.InputPatterns)
-				}
-			}
-
-			for i := range tt.want.PolicyIdentifier {
-				found := false
-				for j := range got.PolicyIdentifier {
-					if tt.want.PolicyIdentifier[i].Kind == got.PolicyIdentifier[j].Kind && tt.want.PolicyIdentifier[i].Identifier == got.PolicyIdentifier[j].Identifier {
-						found = true
-						break
-					}
-				}
-				if !found {
-					t.Errorf("in test: %s, got: %v, want: %v", tt.name, got.PolicyIdentifier, tt.want.PolicyIdentifier)
-				}
-			}
-		})
-	}
-
-}
-
-func TestGetScanCommand(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-
-	cmd := GetScanCommand(mockKubescape)
-
-	// Verify the command name and short description
-	assert.Equal(t, "scan", cmd.Use)
-	assert.Equal(t, "Scan a Kubernetes cluster or YAML files for image vulnerabilities and misconfigurations", cmd.Short)
-	assert.Equal(t, "The action you want to perform", cmd.Long)
-	assert.Equal(t, scanCmdExamples, cmd.Example)
-}
--- a/cmd/scan/validators_test.go
+++ b/cmd/scan/validators_test.go
@@ -1,10 +1,8 @@
 package scan

 import (
+	"github.com/kubescape/kubescape/v2/core/cautils"
 	"testing"
-
-	"github.com/kubescape/kubescape/v3/cmd/shared"
-	"github.com/kubescape/kubescape/v3/core/cautils"
 )

 // Test_validateControlScanInfo tests how scan info is validated for the `scan control` command
@@ -27,7 +25,7 @@ func Test_validateControlScanInfo(t *testing.T) {
 		{
 			"Unknown severity should be invalid for scan info",
 			&cautils.ScanInfo{FailThresholdSeverity: "Unknown"},
-			shared.ErrUnknownSeverity,
+			ErrUnknownSeverity,
 		},
 	}

@@ -67,17 +65,7 @@ func Test_validateFrameworkScanInfo(t *testing.T) {
 		{
 			"Unknown severity should be invalid for scan info",
 			&cautils.ScanInfo{FailThresholdSeverity: "Unknown"},
-			shared.ErrUnknownSeverity,
-		},
-		{
-			"Security view should be invalid for scan info",
-			&cautils.ScanInfo{View: string(cautils.SecurityViewType)},
-			nil,
-		},
-		{
-			"Empty view should be valid for scan info",
-			&cautils.ScanInfo{},
-			nil,
+			ErrUnknownSeverity,
 		},
 	}

@@ -97,22 +85,27 @@ func Test_validateFrameworkScanInfo(t *testing.T) {
 	}
 }

-func Test_validateWorkloadIdentifier(t *testing.T) {
+func Test_validateSeverity(t *testing.T) {
 	testCases := []struct {
 		Description string
 		Input       string
 		Want        error
 	}{
-		{"valid workload identifier should be valid", "deployment/test", nil},
-		{"invalid workload identifier missing kind", "deployment", ErrInvalidWorkloadIdentifier},
-		{"invalid workload identifier with namespace", "ns/deployment/name", ErrInvalidWorkloadIdentifier},
+		{"low should be a valid severity", "low", nil},
+		{"Low should be a valid severity", "Low", nil},
+		{"medium should be a valid severity", "medium", nil},
+		{"Medium should be a valid severity", "Medium", nil},
+		{"high should be a valid severity", "high", nil},
+		{"Critical should be a valid severity", "Critical", nil},
+		{"critical should be a valid severity", "critical", nil},
+		{"Unknown should be an invalid severity", "Unknown", ErrUnknownSeverity},
 	}

 	for _, testCase := range testCases {
 		t.Run(testCase.Description, func(t *testing.T) {
 			input := testCase.Input
 			want := testCase.Want
-			got := validateWorkloadIdentifier(input)
+			got := validateSeverity(input)

 			if got != want {
 				t.Errorf("got: %v, want: %v", got, want)
--- a/cmd/scan/workload.go
+++ b/cmd/scan/workload.go
@@ -1,124 +0,0 @@
-package scan
-
-import (
-	"errors"
-	"fmt"
-	"strings"
-
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/meta"
-	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
-	"github.com/kubescape/opa-utils/objectsenvelopes"
-	"github.com/spf13/cobra"
-)
-
-var (
-	workloadExample = fmt.Sprintf(`
-  Scan a workload for misconfigurations and image vulnerabilities.
-
-  # Scan an workload
-  %[1]s scan workload <kind>/<name>
-	
-  # Scan an workload in a specific namespace
-  %[1]s scan workload <kind>/<name> --namespace <namespace>
-
-  # Scan an workload from a file path
-  %[1]s scan workload <kind>/<name> --file-path <file path>
-  
-  # Scan an workload from a helm-chart template
-  %[1]s scan workload <kind>/<name> --chart-path <chart path> --file-path <file path>
-
-
-`, cautils.ExecName())
-
-	ErrInvalidWorkloadIdentifier = errors.New("invalid workload identifier")
-)
-
-var namespace string
-
-// controlCmd represents the control command
-func getWorkloadCmd(ks meta.IKubescape, scanInfo *cautils.ScanInfo) *cobra.Command {
-	workloadCmd := &cobra.Command{
-		Use:     "workload <kind>/<name> [`<glob pattern>`/`-`] [flags]",
-		Short:   "Scan a workload for misconfigurations and image vulnerabilities",
-		Example: workloadExample,
-		Args: func(cmd *cobra.Command, args []string) error {
-			if len(args) != 1 {
-				return fmt.Errorf("usage: <kind>/<name> [`<glob pattern>`/`-`] [flags]")
-			}
-
-			// Looks strange, a bug maybe????
-			if scanInfo.ChartPath != "" && scanInfo.FilePath == "" {
-				return fmt.Errorf("usage: --chart-path <chart path> --file-path <file path>")
-			}
-
-			return validateWorkloadIdentifier(args[0])
-		},
-		RunE: func(cmd *cobra.Command, args []string) error {
-
-			kind, name, err := parseWorkloadIdentifierString(args[0])
-			if err != nil {
-				return fmt.Errorf("invalid input: %s", err.Error())
-			}
-
-			setWorkloadScanInfo(scanInfo, kind, name)
-
-			// todo: add api version if provided
-			results, err := ks.Scan(scanInfo)
-			if err != nil {
-				logger.L().Fatal(err.Error())
-			}
-
-			if err = results.HandleResults(ks.Context(), scanInfo); err != nil {
-				logger.L().Fatal(err.Error())
-			}
-
-			enforceSeverityThresholds(results.GetData().Report.SummaryDetails.GetResourcesSeverityCounters(), scanInfo, terminateOnExceedingSeverity)
-
-			return nil
-		},
-	}
-	workloadCmd.PersistentFlags().StringVarP(&namespace, "namespace", "n", "", "Namespace of the workload. Default will be empty.")
-	workloadCmd.PersistentFlags().StringVar(&scanInfo.FilePath, "file-path", "", "Path to the workload file.")
-	workloadCmd.PersistentFlags().StringVar(&scanInfo.ChartPath, "chart-path", "", "Path to the helm chart the workload is part of. Must be used with --file-path.")
-
-	return workloadCmd
-}
-
-func setWorkloadScanInfo(scanInfo *cautils.ScanInfo, kind string, name string) {
-	scanInfo.SetScanType(cautils.ScanTypeWorkload)
-	scanInfo.ScanImages = true
-
-	scanInfo.ScanObject = &objectsenvelopes.ScanObject{}
-	scanInfo.ScanObject.SetNamespace(namespace)
-	scanInfo.ScanObject.SetKind(kind)
-	scanInfo.ScanObject.SetName(name)
-
-	scanInfo.SetPolicyIdentifiers([]string{"workloadscan", "allcontrols"}, v1.KindFramework)
-
-	if scanInfo.FilePath != "" {
-		scanInfo.InputPatterns = []string{scanInfo.FilePath}
-	}
-}
-
-func validateWorkloadIdentifier(workloadIdentifier string) error {
-	// workloadIdentifier is in the form of kind/name
-	x := strings.Split(workloadIdentifier, "/")
-	if len(x) != 2 || x[0] == "" || x[1] == "" {
-		return ErrInvalidWorkloadIdentifier
-	}
-
-	return nil
-}
-
-func parseWorkloadIdentifierString(workloadIdentifier string) (kind, name string, err error) {
-	// workloadIdentifier is in the form of namespace/kind/name
-	// example: default/Deployment/nginx-deployment
-	x := strings.Split(workloadIdentifier, "/")
-	if len(x) != 2 {
-		return "", "", ErrInvalidWorkloadIdentifier
-	}
-
-	return x[0], x[1], nil
-}
--- a/cmd/scan/workload_test.go
+++ b/cmd/scan/workload_test.go
@@ -1,121 +0,0 @@
-package scan
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/kubescape/v3/core/mocks"
-	v1 "github.com/kubescape/opa-utils/httpserver/apis/v1"
-	"github.com/kubescape/opa-utils/objectsenvelopes"
-	"github.com/spf13/cobra"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestSetWorkloadScanInfo(t *testing.T) {
-	test := []struct {
-		Description string
-		kind        string
-		name        string
-		want        *cautils.ScanInfo
-	}{
-		{
-			Description: "Set workload scan info",
-			kind:        "Deployment",
-			name:        "test",
-			want: &cautils.ScanInfo{
-				PolicyIdentifier: []cautils.PolicyIdentifier{
-					{
-						Identifier: "workloadscan",
-						Kind:       v1.KindFramework,
-					},
-					{
-						Identifier: "allcontrols",
-						Kind:       v1.KindFramework,
-					},
-				},
-				ScanType: cautils.ScanTypeWorkload,
-				ScanObject: &objectsenvelopes.ScanObject{
-					Kind: "Deployment",
-					Metadata: objectsenvelopes.ScanObjectMetadata{
-						Name: "test",
-					},
-				},
-			},
-		},
-	}
-
-	for _, tc := range test {
-		t.Run(
-			tc.Description,
-			func(t *testing.T) {
-				scanInfo := &cautils.ScanInfo{}
-				setWorkloadScanInfo(scanInfo, tc.kind, tc.name)
-
-				if scanInfo.ScanType != tc.want.ScanType {
-					t.Errorf("got: %v, want: %v", scanInfo.ScanType, tc.want.ScanType)
-				}
-
-				if scanInfo.ScanObject.Kind != tc.want.ScanObject.Kind {
-					t.Errorf("got: %v, want: %v", scanInfo.ScanObject.Kind, tc.want.ScanObject.Kind)
-				}
-
-				if scanInfo.ScanObject.Metadata.Name != tc.want.ScanObject.Metadata.Name {
-					t.Errorf("got: %v, want: %v", scanInfo.ScanObject.Metadata.Name, tc.want.ScanObject.Metadata.Name)
-				}
-
-				if len(scanInfo.PolicyIdentifier) != len(tc.want.PolicyIdentifier) {
-					t.Errorf("got: %v policy identifiers, want: %v", len(scanInfo.PolicyIdentifier), len(tc.want.PolicyIdentifier))
-				}
-
-				for i, wantPolicy := range tc.want.PolicyIdentifier {
-					if i < len(scanInfo.PolicyIdentifier) {
-						if scanInfo.PolicyIdentifier[i].Identifier != wantPolicy.Identifier {
-							t.Errorf("got: %v, want: %v", scanInfo.PolicyIdentifier[i].Identifier, wantPolicy.Identifier)
-						}
-						if scanInfo.PolicyIdentifier[i].Kind != wantPolicy.Kind {
-							t.Errorf("got: %v, want: %v", scanInfo.PolicyIdentifier[i].Kind, wantPolicy.Kind)
-						}
-					}
-				}
-			},
-		)
-	}
-}
-
-func TestGetWorkloadCmd_ChartPathAndFilePathEmpty(t *testing.T) {
-	// Create a mock Kubescape interface
-	mockKubescape := &mocks.MockIKubescape{}
-	scanInfo := cautils.ScanInfo{
-		ChartPath: "temp",
-		FilePath:  "",
-	}
-
-	cmd := getWorkloadCmd(mockKubescape, &scanInfo)
-
-	// Verify the command name and short description
-	assert.Equal(t, "workload <kind>/<name> [`<glob pattern>`/`-`] [flags]", cmd.Use)
-	assert.Equal(t, "Scan a workload for misconfigurations and image vulnerabilities", cmd.Short)
-	assert.Equal(t, workloadExample, cmd.Example)
-
-	err := cmd.Args(&cobra.Command{}, []string{})
-	expectedErrorMessage := "usage: <kind>/<name> [`<glob pattern>`/`-`] [flags]"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-
-	err = cmd.Args(&cobra.Command{}, []string{"nginx"})
-	expectedErrorMessage = "invalid workload identifier"
-	assert.Equal(t, expectedErrorMessage, err.Error())
-}
-
-func Test_parseWorkloadIdentifierString_Empty(t *testing.T) {
-	t.Run("empty identifier", func(t *testing.T) {
-		_, _, err := parseWorkloadIdentifierString("")
-		assert.Error(t, err)
-	})
-}
-
-func Test_parseWorkloadIdentifierString_NoError(t *testing.T) {
-	t.Run("valid identifier", func(t *testing.T) {
-		_, _, err := parseWorkloadIdentifierString("default/Deployment")
-		assert.NoError(t, err)
-	})
-}
--- a/cmd/shared/image_scan.go
+++ b/cmd/shared/image_scan.go
@@ -1,18 +0,0 @@
-package shared
-
-import "github.com/kubescape/kubescape/v3/core/cautils"
-
-type ImageCredentials struct {
-	Username string
-	Password string
-}
-
-// ValidateImageScanInfo validates the ScanInfo struct for image scanning commands
-func ValidateImageScanInfo(scanInfo *cautils.ScanInfo) error {
-	severity := scanInfo.FailThresholdSeverity
-
-	if err := ValidateSeverity(severity); severity != "" && err != nil {
-		return err
-	}
-	return nil
-}
--- a/cmd/shared/image_scan_test.go
+++ b/cmd/shared/image_scan_test.go
@@ -1,61 +0,0 @@
-package shared
-
-import (
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/stretchr/testify/assert"
-)
-
-// Validate a scanInfo struct with a valid fail threshold severity
-func TestValidateImageScanInfo(t *testing.T) {
-	testCases := []struct {
-		Description string
-		ScanInfo    *cautils.ScanInfo
-		Want        error
-	}{
-		{
-			"Empty scanInfo is valid",
-			&cautils.ScanInfo{},
-			nil,
-		},
-		{
-			"Empty severity is valid",
-			&cautils.ScanInfo{FailThresholdSeverity: ""},
-			nil,
-		},
-		{
-			"High severity is valid",
-			&cautils.ScanInfo{FailThresholdSeverity: "High"},
-			nil,
-		},
-		{
-			"HIGH severity is valid",
-			&cautils.ScanInfo{FailThresholdSeverity: "HIGH"},
-			nil,
-		},
-		{
-			"high severity is valid",
-			&cautils.ScanInfo{FailThresholdSeverity: "high"},
-			nil,
-		},
-		{
-			"Unknown severity is invalid",
-			&cautils.ScanInfo{FailThresholdSeverity: "unknown"},
-			ErrUnknownSeverity,
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(
-			tc.Description,
-			func(t *testing.T) {
-				var want error = tc.Want
-
-				got := ValidateImageScanInfo(tc.ScanInfo)
-
-				assert.Equal(t, want, got)
-			},
-		)
-	}
-}
--- a/cmd/shared/scan.go
+++ b/cmd/shared/scan.go
@@ -1,28 +0,0 @@
-package shared
-
-import (
-	"fmt"
-	"strings"
-
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	reporthandlingapis "github.com/kubescape/opa-utils/reporthandling/apis"
-)
-
-var ErrUnknownSeverity = fmt.Errorf("unknown severity. Supported severities are: %s", strings.Join(reporthandlingapis.GetSupportedSeverities(), ", "))
-
-// ValidateSeverity returns an error if a given severity is not known, nil otherwise
-func ValidateSeverity(severity string) error {
-	for _, val := range reporthandlingapis.GetSupportedSeverities() {
-		if strings.EqualFold(severity, val) {
-			return nil
-		}
-	}
-	return ErrUnknownSeverity
-
-}
-
-// TerminateOnExceedingSeverity terminates the program if the result exceeds the severity threshold
-func TerminateOnExceedingSeverity(scanInfo *cautils.ScanInfo, l helpers.ILogger) {
-	l.Fatal("result exceeds severity threshold", helpers.String("Set severity threshold", scanInfo.FailThresholdSeverity))
-}
--- a/cmd/shared/scan_test.go
+++ b/cmd/shared/scan_test.go
@@ -1,128 +0,0 @@
-package shared
-
-import (
-	"context"
-	"os"
-	"reflect"
-	"testing"
-	"time"
-
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/kubescape/opa-utils/reporthandling/apis"
-)
-
-type spyLogMessage struct {
-	Message string
-	Details map[string]string
-}
-
-type spyLogger struct {
-	setItems []spyLogMessage
-}
-
-var _ helpers.ILogger = &spyLogger{}
-
-func (l *spyLogger) Error(msg string, details ...helpers.IDetails)                    {}
-func (l *spyLogger) Success(msg string, details ...helpers.IDetails)                  {}
-func (l *spyLogger) Warning(msg string, details ...helpers.IDetails)                  {}
-func (l *spyLogger) Info(msg string, details ...helpers.IDetails)                     {}
-func (l *spyLogger) Debug(msg string, details ...helpers.IDetails)                    {}
-func (l *spyLogger) SetLevel(level string) error                                      { return nil }
-func (l *spyLogger) GetLevel() string                                                 { return "" }
-func (l *spyLogger) SetWriter(w *os.File)                                             {}
-func (l *spyLogger) GetWriter() *os.File                                              { return &os.File{} }
-func (l *spyLogger) LoggerName() string                                               { return "" }
-func (l *spyLogger) Ctx(_ context.Context) helpers.ILogger                            { return l }
-func (l *spyLogger) Start(msg string, details ...helpers.IDetails)                    {}
-func (l *spyLogger) StopSuccess(msg string, details ...helpers.IDetails)              {}
-func (l *spyLogger) StopError(msg string, details ...helpers.IDetails)                {}
-func (l *spyLogger) TimedWrapper(funcName string, timeout time.Duration, task func()) {}
-
-func (l *spyLogger) Fatal(msg string, details ...helpers.IDetails) {
-	firstDetail := details[0]
-	detailsMap := map[string]string{firstDetail.Key(): firstDetail.Value().(string)}
-
-	newMsg := spyLogMessage{msg, detailsMap}
-	l.setItems = append(l.setItems, newMsg)
-}
-
-func (l *spyLogger) GetSpiedItems() []spyLogMessage {
-	return l.setItems
-}
-
-func TestTerminateOnExceedingSeverity(t *testing.T) {
-	expectedMessage := "result exceeds severity threshold"
-	expectedKey := "Set severity threshold"
-
-	testCases := []struct {
-		Description     string
-		ExpectedMessage string
-		ExpectedKey     string
-		ExpectedValue   string
-		Logger          *spyLogger
-	}{
-		{
-			"Should log the Critical threshold that was set in scan info",
-			expectedMessage,
-			expectedKey,
-			apis.SeverityCriticalString,
-			&spyLogger{},
-		},
-		{
-			"Should log the High threshold that was set in scan info",
-			expectedMessage,
-			expectedKey,
-			apis.SeverityHighString,
-			&spyLogger{},
-		},
-	}
-
-	for _, tc := range testCases {
-		t.Run(
-			tc.Description,
-			func(t *testing.T) {
-				want := []spyLogMessage{
-					{tc.ExpectedMessage, map[string]string{tc.ExpectedKey: tc.ExpectedValue}},
-				}
-				scanInfo := &cautils.ScanInfo{FailThresholdSeverity: tc.ExpectedValue}
-
-				TerminateOnExceedingSeverity(scanInfo, tc.Logger)
-
-				got := tc.Logger.GetSpiedItems()
-				if !reflect.DeepEqual(got, want) {
-					t.Errorf("got: %v, want: %v", got, want)
-				}
-			},
-		)
-	}
-}
-
-func TestValidateSeverity(t *testing.T) {
-	testCases := []struct {
-		Description string
-		Input       string
-		Want        error
-	}{
-		{"low should be a valid severity", "low", nil},
-		{"Low should be a valid severity", "Low", nil},
-		{"medium should be a valid severity", "medium", nil},
-		{"Medium should be a valid severity", "Medium", nil},
-		{"high should be a valid severity", "high", nil},
-		{"Critical should be a valid severity", "Critical", nil},
-		{"critical should be a valid severity", "critical", nil},
-		{"Unknown should be an invalid severity", "Unknown", ErrUnknownSeverity},
-	}
-
-	for _, testCase := range testCases {
-		t.Run(testCase.Description, func(t *testing.T) {
-			input := testCase.Input
-			want := testCase.Want
-			got := ValidateSeverity(input)
-
-			if got != want {
-				t.Errorf("got: %v, want: %v", got, want)
-			}
-		})
-	}
-}
--- a/cmd/submit/exceptions.go
+++ b/cmd/submit/exceptions.go
@@ -0,0 +1,34 @@
+package submit
+
+import (
+	"fmt"
+
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+
+	"github.com/spf13/cobra"
+)
+
+func getExceptionsCmd(ks meta.IKubescape, submitInfo *metav1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:   "exceptions <full path to exceptions file>",
+		Short: "Submit exceptions to the Kubescape SaaS version",
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) != 1 {
+				return fmt.Errorf("missing full path to exceptions file")
+			}
+			return nil
+		},
+		Run: func(cmd *cobra.Command, args []string) {
+
+			if err := flagValidationSubmit(submitInfo); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+
+			if err := ks.SubmitExceptions(&submitInfo.Credentials, args[0]); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+		},
+	}
+}
--- a/cmd/submit/rbac.go
+++ b/cmd/submit/rbac.go
@@ -0,0 +1,96 @@
+package submit
+
+import (
+	"fmt"
+
+	"github.com/google/uuid"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/k8sinterface"
+	"github.com/kubescape/kubescape/v2/core/cautils"
+	"github.com/kubescape/kubescape/v2/core/cautils/getter"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
+
+	"github.com/kubescape/rbac-utils/rbacscanner"
+	"github.com/spf13/cobra"
+)
+
+var (
+	rbacExamples = `
+	# Submit cluster's Role-Based Access Control(RBAC)
+	kubescape submit rbac
+
+	# Submit cluster's Role-Based Access Control(RBAC) with account ID 
+	kubescape submit rbac --account <account-id>
+	`
+)
+
+// getRBACCmd represents the RBAC command
+func getRBACCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	return &cobra.Command{
+		Use:     "rbac",
+		Example: rbacExamples,
+		Short:   "Submit cluster's Role-Based Access Control(RBAC)",
+		Long:    ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if err := flagValidationSubmit(submitInfo); err != nil {
+				return err
+			}
+
+			k8s := k8sinterface.NewKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			if clusterConfig.GetAccountID() == "" {
+				return fmt.Errorf("account ID is not set, run 'kubescape submit rbac --account <account-id>'")
+			}
+
+			// list RBAC
+			rbacObjects := cautils.NewRBACObjects(rbacscanner.NewRbacScannerFromK8sAPI(k8s, clusterConfig.GetAccountID(), clusterConfig.GetContextName()))
+
+			// submit resources
+			r := reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj(), uuid.NewString(), reporterv2.SubmitContextRBAC)
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: rbacObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+
+}
+
+// getKubernetesApi
+func getKubernetesApi() *k8sinterface.KubernetesApi {
+	if !k8sinterface.IsConnectedToCluster() {
+		return nil
+	}
+	return k8sinterface.NewKubernetesApi()
+}
+func getTenantConfig(credentials *cautils.Credentials, clusterName string, customClusterName string, k8s *k8sinterface.KubernetesApi) cautils.ITenantConfig {
+	if !k8sinterface.IsConnectedToCluster() || k8s == nil {
+		return cautils.NewLocalConfig(getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
+	}
+	return cautils.NewClusterConfig(k8s, getter.GetKSCloudAPIConnector(), credentials, clusterName, customClusterName)
+}
+
+// Check if the flag entered are valid
+func flagValidationSubmit(submitInfo *v1.Submit) error {
+
+	// Validate the user's credentials
+	return submitInfo.Credentials.Validate()
+}
--- a/cmd/submit/results.go
+++ b/cmd/submit/results.go
@@ -0,0 +1,104 @@
+package submit
+
+import (
+	"encoding/json"
+	"fmt"
+	"os"
+
+	"github.com/google/uuid"
+	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
+
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
+	"github.com/kubescape/k8s-interface/workloadinterface"
+	"github.com/kubescape/kubescape/v2/core/meta"
+	"github.com/kubescape/kubescape/v2/core/meta/cliinterfaces"
+	v1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	reporterv2 "github.com/kubescape/kubescape/v2/core/pkg/resultshandling/reporter/v2"
+
+	"github.com/spf13/cobra"
+)
+
+var formatVersion string
+
+type ResultsObject struct {
+	filePath     string
+	customerGUID string
+	clusterName  string
+}
+
+func NewResultsObject(customerGUID, clusterName, filePath string) *ResultsObject {
+	return &ResultsObject{
+		filePath:     filePath,
+		customerGUID: customerGUID,
+		clusterName:  clusterName,
+	}
+}
+
+func (resultsObject *ResultsObject) SetResourcesReport() (*reporthandlingv2.PostureReport, error) {
+	// load framework results from json file
+	report, err := loadResultsFromFile(resultsObject.filePath)
+	if err != nil {
+		return nil, err
+	}
+	return report, nil
+}
+
+func (resultsObject *ResultsObject) ListAllResources() (map[string]workloadinterface.IMetadata, error) {
+	return map[string]workloadinterface.IMetadata{}, nil
+}
+
+func getResultsCmd(ks meta.IKubescape, submitInfo *v1.Submit) *cobra.Command {
+	var resultsCmd = &cobra.Command{
+		Use:   "results <json file>\nExample:\n$ kubescape submit results path/to/results.json --format-version v2",
+		Short: "Submit a pre scanned results file. The file must be in json format",
+		Long:  ``,
+		RunE: func(cmd *cobra.Command, args []string) error {
+
+			if err := flagValidationSubmit(submitInfo); err != nil {
+				return err
+			}
+
+			if len(args) == 0 {
+				return fmt.Errorf("missing results file")
+			}
+
+			k8s := getKubernetesApi()
+
+			// get config
+			clusterConfig := getTenantConfig(&submitInfo.Credentials, "", "", k8s)
+			if err := clusterConfig.SetTenant(); err != nil {
+				logger.L().Error("failed setting account ID", helpers.Error(err))
+			}
+
+			resultsObjects := NewResultsObject(clusterConfig.GetAccountID(), clusterConfig.GetContextName(), args[0])
+
+			r := reporterv2.NewReportEventReceiver(clusterConfig.GetConfigObj(), uuid.NewString(), reporterv2.SubmitContextScan)
+
+			submitInterfaces := cliinterfaces.SubmitInterfaces{
+				ClusterConfig: clusterConfig,
+				SubmitObjects: resultsObjects,
+				Reporter:      r,
+			}
+
+			if err := ks.Submit(submitInterfaces); err != nil {
+				logger.L().Fatal(err.Error())
+			}
+			return nil
+		},
+	}
+	resultsCmd.PersistentFlags().StringVar(&formatVersion, "format-version", "v1", "Output object can be differnet between versions, this is for maintaining backward and forward compatibility. Supported:'v1'/'v2'")
+
+	return resultsCmd
+}
+func loadResultsFromFile(filePath string) (*reporthandlingv2.PostureReport, error) {
+	report := &reporthandlingv2.PostureReport{}
+	f, err := os.ReadFile(filePath)
+	if err != nil {
+		return nil, err
+	}
+	if err = json.Unmarshal(f, report); err != nil {
+		return report, fmt.Errorf("failed to unmarshal results file: %s, make sure you run kubescape with '--format=json --format-version=v2'", err.Error())
+	}
+	return report, nil
+}
--- a/cmd/submit/submit.go
+++ b/cmd/submit/submit.go
@@ -0,0 +1,32 @@
+package submit
+
+import (
+	"github.com/kubescape/kubescape/v2/core/meta"
+	metav1 "github.com/kubescape/kubescape/v2/core/meta/datastructures/v1"
+	"github.com/spf13/cobra"
+)
+
+var submitCmdExamples = `
+
+`
+
+func GetSubmitCmd(ks meta.IKubescape) *cobra.Command {
+	var submitInfo metav1.Submit
+
+	submitCmd := &cobra.Command{
+		Use:   "submit <command>",
+		Short: "Submit an object to the Kubescape SaaS version",
+		Long:  ``,
+		Run: func(cmd *cobra.Command, args []string) {
+		},
+	}
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.Account, "account", "", "", "Kubescape SaaS account ID. Default will load account ID from cache")
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.ClientID, "client-id", "", "", "Kubescape SaaS client ID. Default will load client ID from cache, read more - https://hub.armosec.io/docs/authentication")
+	submitCmd.PersistentFlags().StringVarP(&submitInfo.Credentials.SecretKey, "secret-key", "", "", "Kubescape SaaS secret key. Default will load secret key from cache, read more - https://hub.armosec.io/docs/authentication")
+
+	submitCmd.AddCommand(getExceptionsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getResultsCmd(ks, &submitInfo))
+	submitCmd.AddCommand(getRBACCmd(ks, &submitInfo))
+
+	return submitCmd
+}
--- a/cmd/update/update.go
+++ b/cmd/update/update.go
@@ -5,52 +5,52 @@ package update
 //          kubescape update

 import (
-	"fmt"
-	"strings"
+	"os/exec"
+	"runtime"

-	"github.com/kubescape/kubescape/v3/core/meta"
-
-	"github.com/kubescape/backend/pkg/versioncheck"
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/go-logger/helpers"
-	"github.com/kubescape/kubescape/v3/core/cautils"
+	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/kubescape/v2/core/cautils"
 	"github.com/spf13/cobra"
 )

-const (
-	installationLink string = "https://kubescape.io/docs/install-cli/"
-)
-
-var updateCmdExamples = fmt.Sprintf(`
-  # Update to the latest kubescape release
-  %[1]s update
-`, cautils.ExecName())
-
-func GetUpdateCmd(ks meta.IKubescape) *cobra.Command {
+func GetUpdateCmd() *cobra.Command {
 	updateCmd := &cobra.Command{
-		Use:     "update",
-		Short:   "Update to latest release version",
-		Long:    ``,
-		Example: updateCmdExamples,
+		Use:   "update",
+		Short: "Update your version",
+		Long:  ``,
 		RunE: func(_ *cobra.Command, args []string) error {
-			v := versioncheck.NewVersionCheckHandler()
-			versionCheckRequest := versioncheck.NewVersionCheckRequest("", versioncheck.BuildNumber, "", "", "update", nil)
-			if err := v.CheckLatestVersion(ks.Context(), versionCheckRequest); err != nil {
-				return err
-			}
-
 			//Checking the user's version of kubescape to the latest release
-			if versioncheck.BuildNumber == "" || strings.Contains(versioncheck.BuildNumber, "rc") {
-				//your version is unknown
-				fmt.Printf("Nothing to update: you are running the development version\n")
-			} else if versioncheck.LatestReleaseVersion == "" {
-				//Failed to check for updates
-				logger.L().Info("Failed to check for updates")
-			} else if versioncheck.BuildNumber == versioncheck.LatestReleaseVersion {
+			if cautils.BuildNumber == cautils.LatestReleaseVersion {
 				//your version == latest version
-				logger.L().Info("Nothing to update: you are running the latest version", helpers.String("Version", versioncheck.BuildNumber))
+				logger.L().Info(("You are in the latest version"))
 			} else {
-				fmt.Printf("Version %s is available. Please refer to our installation documentation: %s\n", versioncheck.LatestReleaseVersion, installationLink)
+
+				const OSTYPE string = runtime.GOOS
+				var ShellToUse string
+				switch OSTYPE {
+
+				case "windows":
+					cautils.StartSpinner()
+					//run the installation command for windows
+					ShellToUse = "powershell"
+					_, err := exec.Command(ShellToUse, "-c", "iwr -useb https://raw.githubusercontent.com/kubescape/kubescape/master/install.ps1 | iex").Output()
+
+					if err != nil {
+						logger.L().Fatal(err.Error())
+					}
+					cautils.StopSpinner()
+
+				default:
+					ShellToUse = "bash"
+					cautils.StartSpinner()
+					//run the installation command for linux and macOS
+					_, err := exec.Command(ShellToUse, "-c", "curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash").Output()
+					if err != nil {
+						logger.L().Fatal(err.Error())
+					}
+
+					cautils.StopSpinner()
+				}
 			}
 			return nil
 		},
--- a/cmd/update/update_test.go
+++ b/cmd/update/update_test.go
@@ -1,18 +0,0 @@
-package update
-
-import (
-	"context"
-	"testing"
-
-	"github.com/kubescape/kubescape/v3/core/core"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestGetUpdateCmd(t *testing.T) {
-	ks := core.NewKubescape(context.TODO())
-	cmd := GetUpdateCmd(ks)
-	assert.NotNil(t, cmd)
-
-	err := cmd.RunE(cmd, []string{})
-	assert.Nil(t, err)
-}
--- a/cmd/vap/vap.go
+++ b/cmd/vap/vap.go
@@ -1,237 +0,0 @@
-package vap
-
-import (
-	"errors"
-	"fmt"
-	"io"
-	"net/http"
-	"regexp"
-
-	"github.com/kubescape/go-logger"
-	"github.com/kubescape/kubescape/v3/core/cautils"
-	"github.com/spf13/cobra"
-	admissionv1 "k8s.io/api/admissionregistration/v1"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	"sigs.k8s.io/yaml"
-)
-
-var vapHelperCmdExamples = fmt.Sprintf(`
-  vap command can be used for managing Validating Admission Policies in a Kubernetes cluster.
-  This is an experimental feature and it might change.
-
-  Examples:
-
-  # Install Kubescape CEL admission policy library
-  %[1]s vap deploy-library | kubectl apply -f -
-  # Create a policy binding
-  %[1]s vap create-policy-binding --name my-policy-binding --policy c-0016 --namespace=my-namespace | kubectl apply -f -
-`, cautils.ExecName())
-
-func GetVapHelperCmd() *cobra.Command {
-
-	vapHelperCmd := &cobra.Command{
-		Use:     "vap",
-		Short:   "Helper commands for managing Validating Admission Policies in a Kubernetes cluster",
-		Long:    ``,
-		Example: vapHelperCmdExamples,
-	}
-
-	// Create subcommands
-	vapHelperCmd.AddCommand(getDeployLibraryCmd())
-	vapHelperCmd.AddCommand(getCreatePolicyBindingCmd())
-
-	return vapHelperCmd
-}
-
-func getDeployLibraryCmd() *cobra.Command {
-	return &cobra.Command{
-		Use:   "deploy-library",
-		Short: "Install Kubescape CEL admission policy library",
-		Long:  ``,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			return deployLibrary()
-		},
-	}
-}
-
-func getCreatePolicyBindingCmd() *cobra.Command {
-	var policyBindingName string
-	var policyName string
-	var namespaceArr []string
-	var labelArr []string
-	var action string
-	var parameterReference string
-
-	createPolicyBindingCmd := &cobra.Command{
-		Use:   "create-policy-binding",
-		Short: "Create a policy binding",
-		Long:  ``,
-		RunE: func(cmd *cobra.Command, args []string) error {
-			// Validate the inputs
-			if err := isValidK8sObjectName(policyBindingName); err != nil {
-				return fmt.Errorf("invalid policy binding name %s: %w", policyBindingName, err)
-			}
-			if err := isValidK8sObjectName(policyName); err != nil {
-				return fmt.Errorf("invalid policy name %s: %w", policyName, err)
-			}
-			for _, namespace := range namespaceArr {
-				if err := isValidK8sObjectName(namespace); err != nil {
-					return fmt.Errorf("invalid namespace %s: %w", namespace, err)
-				}
-			}
-			for _, label := range labelArr {
-				// Label selector must be in the format key=value
-				if !regexp.MustCompile(`^[a-zA-Z0-9]+=[a-zA-Z0-9]+$`).MatchString(label) {
-					return fmt.Errorf("invalid label selector: %s", label)
-				}
-			}
-			if action != "Deny" && action != "Audit" && action != "Warn" {
-				return fmt.Errorf("invalid action: %s", action)
-			}
-			if parameterReference != "" {
-				if err := isValidK8sObjectName(parameterReference); err != nil {
-					return fmt.Errorf("invalid parameter reference %s: %w", parameterReference, err)
-				}
-			}
-
-			return createPolicyBinding(policyBindingName, policyName, action, parameterReference, namespaceArr, labelArr)
-		},
-	}
-	// Must specify the name of the policy binding
-	createPolicyBindingCmd.Flags().StringVarP(&policyBindingName, "name", "n", "", "Name of the policy binding")
-	createPolicyBindingCmd.MarkFlagRequired("name")
-	createPolicyBindingCmd.Flags().StringVarP(&policyName, "policy", "p", "", "Name of the policy to bind the resources to")
-	createPolicyBindingCmd.MarkFlagRequired("policy")
-	createPolicyBindingCmd.Flags().StringSliceVar(&namespaceArr, "namespace", []string{}, "Resource namespace selector")
-	createPolicyBindingCmd.Flags().StringSliceVar(&labelArr, "label", []string{}, "Resource label selector")
-	createPolicyBindingCmd.Flags().StringVarP(&action, "action", "a", "Deny", "Action to take when policy fails")
-	createPolicyBindingCmd.Flags().StringVarP(&parameterReference, "parameter-reference", "r", "", "Parameter reference object name")
-
-	return createPolicyBindingCmd
-}
-
-// Implementation of the VAP helper commands
-// deploy-library
-func deployLibrary() error {
-	logger.L().Info("Downloading the Kubescape CEL admission policy library")
-	// Download the policy-configuration-definition.yaml from the latest release URL
-	policyConfigurationDefinitionURL := "https://github.com/kubescape/cel-admission-library/releases/latest/download/policy-configuration-definition.yaml"
-	policyConfigurationDefinition, err := downloadFileToString(policyConfigurationDefinitionURL)
-	if err != nil {
-		return err
-	}
-
-	// Download the basic-control-configuration.yaml from the latest release URL
-	basicControlConfigurationURL := "https://github.com/kubescape/cel-admission-library/releases/latest/download/basic-control-configuration.yaml"
-	basicControlConfiguration, err := downloadFileToString(basicControlConfigurationURL)
-	if err != nil {
-		return err
-	}
-
-	// Download the kubescape-validating-admission-policies.yaml from the latest release URL
-	kubescapeValidatingAdmissionPoliciesURL := "https://github.com/kubescape/cel-admission-library/releases/latest/download/kubescape-validating-admission-policies.yaml"
-	kubescapeValidatingAdmissionPolicies, err := downloadFileToString(kubescapeValidatingAdmissionPoliciesURL)
-	if err != nil {
-		return err
-	}
-
-	logger.L().Info("Successfully downloaded admission policy library")
-
-	// Print the downloaded files to the STDOUT for the user to apply connecting them to a single YAML with ---
-	fmt.Println(policyConfigurationDefinition)
-	fmt.Println("---")
-	fmt.Println(basicControlConfiguration)
-	fmt.Println("---")
-	fmt.Println(kubescapeValidatingAdmissionPolicies)
-
-	return nil
-}
-
-func downloadFileToString(url string) (string, error) {
-	// Send an HTTP GET request to the URL
-	response, err := http.Get(url) //nolint:gosec
-	if err != nil {
-		return "", err // Return an empty string and the error if the request fails
-	}
-	defer response.Body.Close()
-
-	// Check for a successful response (HTTP 200 OK)
-	if response.StatusCode != http.StatusOK {
-		return "", fmt.Errorf("failed to download file: %s", response.Status)
-	}
-
-	// Read the response body
-	bodyBytes, err := io.ReadAll(response.Body)
-	if err != nil {
-		return "", err // Return an empty string and the error if reading fails
-	}
-
-	// Convert the byte slice to a string
-	bodyString := string(bodyBytes)
-	return bodyString, nil
-}
-
-func isValidK8sObjectName(name string) error {
-	// Kubernetes object names must consist of lower case alphanumeric characters, '-' or '.',
-	// and must start and end with an alphanumeric character (e.g., 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?')
-	// Max length of 63 characters.
-	if len(name) > 63 {
-		return errors.New("name should be less than 63 characters")
-	}
-
-	regex := regexp.MustCompile(`^[a-z0-9]([-a-z0-9]*[a-z0-9])?$`)
-	if !regex.MatchString(name) {
-		return errors.New("name should consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character")
-	}
-
-	return nil
-}
-
-// Create a policy binding
-func createPolicyBinding(bindingName string, policyName string, action string, paramRefName string, namespaceArr []string, labelMatch []string) error {
-	// Create a policy binding struct
-	policyBinding := &admissionv1.ValidatingAdmissionPolicyBinding{}
-	// Print the policy binding after marshalling it to YAML to the STDOUT
-	// The user can apply the output to the cluster
-	policyBinding.APIVersion = "admissionregistration.k8s.io/v1"
-	policyBinding.Name = bindingName
-	policyBinding.Kind = "ValidatingAdmissionPolicyBinding"
-	policyBinding.Spec.PolicyName = policyName
-	policyBinding.Spec.MatchResources = &admissionv1.MatchResources{}
-	if len(namespaceArr) > 0 {
-		policyBinding.Spec.MatchResources.NamespaceSelector = &metav1.LabelSelector{
-			MatchExpressions: []metav1.LabelSelectorRequirement{
-				{
-					Key:      "kubernetes.io/metadata.name",
-					Operator: metav1.LabelSelectorOpIn,
-					Values:   namespaceArr,
-				},
-			},
-		}
-	}
-
-	if len(labelMatch) > 0 {
-		policyBinding.Spec.MatchResources.ObjectSelector = &metav1.LabelSelector{}
-		policyBinding.Spec.MatchResources.ObjectSelector.MatchLabels = make(map[string]string)
-		for _, label := range labelMatch {
-			labelParts := regexp.MustCompile(`=`).Split(label, 2)
-			policyBinding.Spec.MatchResources.ObjectSelector.MatchLabels[labelParts[0]] = labelParts[1]
-		}
-	}
-
-	policyBinding.Spec.ValidationActions = []admissionv1.ValidationAction{admissionv1.ValidationAction(action)}
-	paramAction := admissionv1.DenyAction
-	if paramRefName != "" {
-		policyBinding.Spec.ParamRef = &admissionv1.ParamRef{
-			Name:                    paramRefName,
-			ParameterNotFoundAction: &paramAction,
-		}
-	}
-	// Marshal the policy binding to YAML
-	out, err := yaml.Marshal(policyBinding)
-	if err != nil {
-		return err
-	}
-	fmt.Println(string(out))
-	return nil
-}
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Vlad Klokun	b0f65cce1d	Merge pull request #959 from suhasgumma/fix-command fix: keep user formatting when autofixing	2023-01-11 20:13:16 +02:00
Vlad Klokun	0e8b2f976d	tests: extend test cases for autofix inserts This change re-organizes the test cases for inserts performed by the autofixing feature.	2023-01-11 19:50:57 +02:00
Vlad Klokun	f1d646ac97	tests: show diffs when comparing autofixes This change refactors the TestApplyFixKeepsFormatting test to use assert.Equalf so it will display a convenient diff between the expected and actual fixing result.	2023-01-11 18:44:06 +02:00
Vlad Klokun	5f668037a7	tests: test fixing close to newline-separated keys in hybrid scenarios	2023-01-11 18:43:14 +02:00
Vlad Klokun	c448c97463	tests: test autofixing files with comments between fields	2023-01-10 19:43:25 +02:00
Vlad Klokun	da3bc8e8ea	tests: test autofixing indented lists in hybrid scenarios	2023-01-10 19:43:09 +02:00
Vlad Klokun	2fce139a9a	tests: re-organize autofixing unit tests This change: - Changes test data naming convention to be lexicographically sortable and have input and expected data side-by-side. - Executes each test case in a separate run.	2023-01-10 19:43:04 +02:00
suhasgumma	85d2f5c250	Minor Changes to Improve Code Quality	2022-12-27 13:02:03 +05:30
suhasgumma	c3771eec7e	Remove redundant functions and clean code after refactoring	2022-12-16 15:57:23 +05:30
suhasgumma	76d2154152	All the minor Changes	2022-12-16 12:56:40 +05:30
suhasgumma	fa5e7fef23	Restructure Code to Improve Code Quality	2022-12-16 03:25:13 +05:30
suhasgumma	38d2696058	Break updateFileFixInfo function into getResourceFileFix and addResourceFileFix functions	2022-12-15 19:14:52 +05:30
suhasgumma	e9a8ffbda9	Add abstraction while adding contentToAdd and linesToBeRemoved to fileFixInfo	2022-12-15 17:03:54 +05:30
suhasgumma	0d76fffa48	Don't export structs that are not needed outside fixhandler package	2022-12-15 11:54:00 +05:30
suhasgumma	218c77f3ae	Delete .DS_Store files that are added by mistake	2022-12-15 11:27:14 +05:30
suhasgumma	89fd7eb439	Move Test files to tesdata directory	2022-12-15 11:19:04 +05:30
suhasgumma	8079f9ae7d	Improve Code Readability	2022-12-13 15:19:26 +05:30
suhasgumma	f9a26b7a95	Added Test cases for multiple resources in the same YAML file	2022-12-12 23:30:37 +05:30
suhasgumma	663401d908	Dealing with Insertion and Removal at last line of a Resource	2022-12-12 23:09:13 +05:30
suhasgumma	926790f49d	Dealing with Multiple Resources in a single YAML file	2022-12-12 18:42:59 +05:30
suhasgumma	566b7c29c1	Simplify dealing with comments and empty lines at the top	2022-12-11 18:47:52 +05:30
suhasgumma	af5cdefc5f	Improve Readability of code	2022-12-11 16:35:40 +05:30
suhasgumma	36b7b8e2ac	Replace Single Line Sequence Node	2022-12-11 15:30:51 +05:30
suhasgumma	17c52bd0ae	Handle Single Line Sequence Node in Replacement	2022-12-10 18:24:06 +05:30
suhasgumma	e02086e90c	Handle Single Line Sequence Node in Removal	2022-12-10 18:11:17 +05:30
suhasgumma	baf62887b9	Handle Single Line Sequence Node	2022-12-10 17:29:04 +05:30
suhasgumma	99fa81e411	Fix Bugs Remove Scenario	2022-12-10 12:00:15 +05:30
suhasgumma	f64200f42f	Small Changes	2022-12-09 23:44:04 +05:30
suhasgumma	f72cb215d7	Adjust Content Line	2022-12-09 22:45:55 +05:30
suhasgumma	fa03a9dae3	Fixed: Comments and empty lines at the head are excluded	2022-12-09 18:55:31 +05:30
suhasgumma	48516b891f	unit tests	2022-12-09 15:31:09 +05:30
suhasgumma	252a564552	Remove, Replace and Hybrid Scenarios	2022-12-09 12:23:51 +05:30
suhasgumma	30e5b9b57d	Insert Scenarios	2022-12-09 02:29:14 +05:30
suhasgumma	7fcfa27d9a	Initial Implementation	2022-12-08 23:06:05 +05:30
suhasgumma	4b898b0075	Initial Implementation	2022-12-08 22:56:53 +05:30
Suhas Gumma	f3665866af	import "yqlib" properly Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>	2022-11-30 01:31:49 +05:30
Suhas Gumma	a7989bbe76	Update core/pkg/fixhandler/datastructures.go Co-authored-by: Vlad Klokun <vladklokun@users.noreply.github.com>	2022-11-30 01:30:02 +05:30
suhasgumma	5ce69a750d	Fix git directory relative path	2022-11-29 18:19:49 +05:30
suhasgumma	2b61989073	Fix local directory relative path	2022-11-29 18:15:30 +05:30
suhasgumma	be33054973	Possible Solution to Indentation Issue	2022-11-23 22:54:59 +05:30
Amir Malka	4b9bd5f3ae	Initial implementation of fix command (#898 ) * Fix command initial implementation	2022-11-07 14:57:17 +02:00