Merge pull request #1680 from kubescape/fix/repo-scanning

Fix scanning repo

.github/workflows/00-pr-scanner.yaml

@@ -23,7 +23,6 @@ jobs:
     permissions:
       actions: read
       checks: read
-      contents: read
       deployments: read
       id-token: write
       issues: read
@@ -34,6 +33,8 @@ jobs:
       repository-projects: read
       security-events: read
       statuses: read
+      attestations: read
+      contents: write
     uses: ./.github/workflows/a-pr-scanner.yaml
     with:
       RELEASE: ""
@@ -47,7 +48,7 @@ jobs:
     permissions:
       actions: read
       checks: read
-      contents: read
+      contents: write
       deployments: read
       discussions: read
       id-token: write
@@ -58,6 +59,7 @@ jobs:
       repository-projects: read
       security-events: read
       statuses: read
+      attestations: read
     uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
     with:
       COMPONENT_NAME: kubescape

.github/workflows/02-release.yaml

@@ -10,7 +10,7 @@ jobs:
       NEW_TAG: ${{ steps.tag-calculator.outputs.NEW_TAG }}
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
+      - uses: actions/checkout@v4
       - id: tag-calculator
         uses: ./.github/actions/tag-action
         with:
@@ -19,7 +19,6 @@ jobs:
     permissions:
       actions: read
       checks: read
-      contents: read
       deployments: read
       discussions: read
       id-token: write
@@ -30,6 +29,8 @@ jobs:
       repository-projects: read
       security-events: read
       statuses: read
+      contents: write
+      attestations: write
     needs: [retag]
     uses: ./.github/workflows/b-binary-build-and-e2e-tests.yaml
     with:
@@ -55,6 +56,7 @@ jobs:
       repository-projects: read
       statuses: read
       security-events: read
+      attestations: read
     needs: [retag, binary-build]
     uses: ./.github/workflows/c-create-release.yaml
     with:
@@ -66,7 +68,6 @@ jobs:
     permissions:
       actions: read
       checks: read
-      contents: read
       deployments: read
       discussions: read
       id-token: write
@@ -77,6 +78,8 @@ jobs:
       repository-projects: read
       security-events: read
       statuses: read
+      attestations: read
+      contents: write
     uses: ./.github/workflows/d-publish-image.yaml
     needs: [create-release, retag]
     with:
@@ -86,3 +89,4 @@ jobs:
       support_platforms: true
       cosign: true
     secrets: inherit
+   

.github/workflows/04-publish-krew-plugin.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'kubescape'
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: recursive
       - name: Update new version in krew-index

.github/workflows/a-pr-scanner.yaml

@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           submodules: recursive

.github/workflows/b-binary-build-and-e2e-tests.yaml

@@ -30,7 +30,32 @@ on:
       BINARY_TESTS:
         type: string
         required: false
-        default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score", "control_cluster_from_CLI_config_scan_exclude_namespaces", "control_cluster_from_CLI_config_scan_include_namespaces", "control_cluster_from_CLI_config_scan_host_scanner_enabled", "control_cluster_from_CLI_config_scan_MITRE_framework", "control_cluster_from_CLI_vulnerabilities_scan_default", "control_cluster_from_CLI_vulnerabilities_scan_include_namespaces" ]'
+        default: '[
+          "ks_microservice_create_2_cronjob_mitre_and_nsa_proxy",
+          "ks_microservice_triggering_with_cron_job",
+          "ks_microservice_update_cronjob_schedule",
+          "ks_microservice_delete_cronjob",
+          "ks_microservice_create_2_cronjob_mitre_and_nsa",
+          "ks_microservice_ns_creation",
+          "ks_microservice_on_demand",
+          "ks_microservice_mitre_framework_on_demand",
+          "ks_microservice_nsa_and_mitre_framework_demand",
+          "scan_nsa",
+          "scan_mitre",
+          "scan_with_exceptions",
+          "scan_repository",
+          "scan_local_file",
+          "scan_local_glob_files",
+          "scan_local_list_of_files",
+          "scan_with_exception_to_backend",
+          "scan_nsa_and_submit_to_backend",
+          "scan_mitre_and_submit_to_backend",
+          "scan_local_repository_and_submit_to_backend",
+          "scan_repository_from_url_and_submit_to_backend",
+          "scan_with_custom_framework",
+          "scan_customer_configuration",
+          "scan_compliance_score"
+          ]'
 
   workflow_call:
     inputs:
@@ -54,7 +79,25 @@ on:
         default: 1
       BINARY_TESTS:
         type: string
-        default: '[ "scan_nsa", "scan_mitre", "scan_with_exceptions", "scan_repository", "scan_local_file", "scan_local_glob_files", "scan_local_list_of_files", "scan_nsa_and_submit_to_backend", "scan_mitre_and_submit_to_backend", "scan_local_repository_and_submit_to_backend", "scan_repository_from_url_and_submit_to_backend", "scan_with_exception_to_backend", "scan_with_custom_framework", "scan_customer_configuration", "host_scanner", "scan_compliance_score", "scan_custom_framework_scanning_file_scope_testing", "scan_custom_framework_scanning_cluster_scope_testing", "scan_custom_framework_scanning_cluster_and_file_scope_testing" ]'
+        default: '[ 
+          "scan_nsa", 
+          "scan_mitre", 
+          "scan_with_exceptions", 
+          "scan_repository", 
+          "scan_local_file", 
+          "scan_local_glob_files", 
+          "scan_local_list_of_files", 
+          "scan_nsa_and_submit_to_backend", 
+          "scan_mitre_and_submit_to_backend", 
+          "scan_local_repository_and_submit_to_backend", 
+          "scan_repository_from_url_and_submit_to_backend", 
+          "scan_with_custom_framework", 
+          "scan_customer_configuration", 
+          "scan_compliance_score", 
+          "scan_custom_framework_scanning_file_scope_testing", 
+          "scan_custom_framework_scanning_cluster_scope_testing", 
+          "scan_custom_framework_scanning_cluster_and_file_scope_testing"
+          ]'
 
 jobs:
   wf-preparation:
@@ -75,7 +118,7 @@ jobs:
           SECRET_KEY: ${{ secrets.SECRET_KEY_PROD }}
           REGISTRY_USERNAME: ${{ secrets.REGISTRY_USERNAME }}
           REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
-        run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && \n                        env.USERNAME != '' &&\n                        env.PASSWORD != '' &&\n                        env.CLIENT_ID != '' &&\n                        env.SECRET_KEY != '' &&\n                        env.REGISTRY_USERNAME != '' &&\n                        env.REGISTRY_PASSWORD != ''\n                      }}\" >> $GITHUB_OUTPUT\n"
+        run: "echo \"is-secret-set=${{ env.CUSTOMER != '' && env.USERNAME != '' && env.PASSWORD != '' && env.CLIENT_ID != '' && env.SECRET_KEY != '' && env.REGISTRY_USERNAME != '' && env.REGISTRY_PASSWORD != '' }}\" >> $GITHUB_OUTPUT\n"
 
       - id: export_tests_to_env
         name: set test name
@@ -106,7 +149,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
           submodules: recursive
@@ -164,7 +207,7 @@ jobs:
 
   build-http-image:
     permissions:
-      contents: read
+      contents: write
       id-token: write
       packages: write
       pull-requests: read
@@ -188,8 +231,22 @@ jobs:
                 "ks_microservice_on_demand",
                 "ks_microservice_mitre_framework_on_demand",
                 "ks_microservice_nsa_and_mitre_framework_demand",
+                "scan_nsa", 
+                "scan_mitre", 
+                "scan_with_exceptions", 
+                "scan_repository", 
+                "scan_local_file", 
+                "scan_local_glob_files", 
+                "scan_local_list_of_files", 
+                "scan_with_exception_to_backend", 
+                "scan_nsa_and_submit_to_backend", 
+                "scan_mitre_and_submit_to_backend", 
+                "scan_local_repository_and_submit_to_backend", 
+                "scan_repository_from_url_and_submit_to_backend", 
+                "scan_with_custom_framework", 
+                "scan_customer_configuration", 
                 "scan_compliance_score"
-              ]'
+                ]'
       COSIGN: true
       HELM_E2E_TEST: true
       FORCE: true
@@ -216,7 +273,7 @@ jobs:
         run: chmod +x -R ${{steps.download-artifact.outputs.download-path}}/kubescape-ubuntu-latest
 
       - name: Checkout systests repo
-        uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: armosec/system-tests
           path: .
@@ -269,5 +326,6 @@ jobs:
         uses: mikepenz/action-junit-report@6e9933f4a97f4d2b99acef4d7b97924466037882 # ratchet:mikepenz/action-junit-report@v3.6.1
         if: always() # always run even if the previous step fails
         with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
           report_paths: '**/results_xml_format/**.xml'
           commit: ${{github.event.workflow_run.head_sha}}

.github/workflows/build-image.yaml

@@ -23,7 +23,7 @@ jobs:
     permissions:
       id-token: write
       packages: write
-      contents: read
+      contents: write
       pull-requests: read
     uses: kubescape/workflows/.github/workflows/incluster-comp-pr-merged.yaml@main
     with:

.github/workflows/c-create-release.yaml

@@ -24,8 +24,8 @@ jobs:
       MAC_OS: macos-latest
       UBUNTU_OS: ubuntu-latest
       WINDOWS_OS: windows-latest
-    # permissions:
-    #   contents: write
+    permissions:
+      contents: write
     steps:
       - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # ratchet:actions/download-artifact@v3.0.2
         id: download-artifact
@@ -35,7 +35,7 @@ jobs:
       # TODO: kubescape-windows-latest is deprecated and should be removed
       - name: Get kubescape.exe from kubescape-windows-latest.exe
         run: cp ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape-${{ env.WINDOWS_OS }}.exe ${{steps.download-artifact.outputs.download-path}}/kubescape/kubescape.exe
-      
+
       - name: Set release token
         id: set-token
         run: |
@@ -44,13 +44,13 @@ jobs:
           else
             echo "token=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT;
           fi
-          
+
       - name: List artifacts
         run: |
           find . -type f -print
 
       - name: Release
-        uses: softprops/action-gh-release@975c1b265e11dd76618af1c374e7981f9a6ff44a 
+        uses: softprops/action-gh-release@975c1b265e11dd76618af1c374e7981f9a6ff44a
         with:
           token: ${{ steps.set-token.outputs.token }}
           name: ${{ inputs.RELEASE_NAME }}
@@ -60,23 +60,32 @@ jobs:
           prerelease: false
           fail_on_unmatched_files: true
           files: |
-            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.tar.gz 
-            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.tar.gz.sbom 
-            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.tar.gz.sbom 
-            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe 
-            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.tar.gz 
-            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.tar.gz 
-            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.tar.gz.sbom 
+            ./kubescape/kubescape-${{ env.MAC_OS }}
+            ./kubescape/kubescape-${{ env.MAC_OS }}.sbom
+            ./kubescape/kubescape-${{ env.MAC_OS }}.sha256
+            ./kubescape/kubescape-${{ env.MAC_OS }}.tar.gz
+            ./kubescape/kubescape-${{ env.UBUNTU_OS }}
+            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.sbom
+            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.sha256
+            ./kubescape/kubescape-${{ env.UBUNTU_OS }}.tar.gz
+            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe
+            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe.sbom
+            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.exe.sha256
+            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.tar.gz
+            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}
+            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.sbom
+            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.sha256
+            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.tar.gz
             ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}
-            ./kubescape/kubescape-${{ env.UBUNTU_OS }} 
-            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz 
-            ./kubescape/kubescape-arm64-${{ env.MAC_OS }} 
-            ./kubescape/kubescape-${{ env.MAC_OS }}.tar.gz 
-            ./kubescape/kubescape-${{ env.MAC_OS }}.tar.gz.sbom 
-            ./kubescape/kubescape.exe 
-            ./kubescape/kubescape-${{ env.WINDOWS_OS }}.tar.gz.sbom 
-            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz.sbom 
-            ./kubescape/kubescape-${{ env.MAC_OS }} 
-            ./kubescape/kubescape-arm64-${{ env.MAC_OS }}.tar.gz 
+            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.sbom
+            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.sha256
+            ./kubescape/kubescape-arm64-${{ env.UBUNTU_OS }}.tar.gz
             ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.exe
-  
+            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.exe.sbom
+            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.exe.sha256
+            ./kubescape/kubescape-arm64-${{ env.WINDOWS_OS }}.tar.gz
+            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}
+            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}.sbom
+            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}.sha256
+            ./kubescape/kubescape-riscv64-${{ env.UBUNTU_OS }}.tar.gz
+            ./kubescape/kubescape.exe

.github/workflows/d-publish-image.yaml

@@ -1,5 +1,18 @@
 name: d-publish-image
-permissions: read-all
+permissions:
+  actions: read
+  checks: read
+  contents: write
+  deployments: read
+  discussions: read
+  id-token: write
+  issues: read
+  packages: read
+  pages: read
+  pull-requests: read
+  repository-projects: read
+  statuses: read
+  security-events: read
 on:
   workflow_call:
     inputs:
@@ -46,7 +59,7 @@ jobs:
     name: Build image and upload to registry
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c # ratchet:actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           submodules: recursive
       - name: Set up QEMU

.github/workflows/scorecard.yml

@@ -37,7 +37,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif

.goreleaser.yaml

@@ -12,8 +12,7 @@ before:
     - go mod tidy
 
 builds:
-  - id: "kubescape-cli"
-    goos:
+  - goos:
       - linux
       - windows
       - darwin
@@ -35,8 +34,11 @@ builds:
     no_unique_dist_dir: true
 
 archives:
+  - format: binary
+    id: binaries
+    name_template: >-
+      {{ .Binary }}
   - format: tar.gz
-    # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: >-
       {{ .Binary }}
 
@@ -47,5 +49,12 @@ changelog:
       - "^docs:"
       - "^test:"
 
+checksum:
+  ids:
+    - binaries
+  split: true
+
 sboms:
-  - artifacts: archive
+  - artifacts: binary
+    documents:
+      - "{{ .Binary }}.sbom"

ADOPTERS.md

@@ -1,14 +1,16 @@
 # Adopters
 
 # Well-known companies
-Well-known companies who are using and/or contributing to Kubescape are (in alphabetical order):
-* Accenture
-* Amazon.com
-* IBM
-* Intel
-* Meetup
-* RedHat
-* Scaleway
+
+List of well-known companies who are publicly acknowledge using and/or contributing to Kubescape are (in alphabetical order):
+* AWS uses Kubescape in the security training material [link](https://catalog.workshops.aws/containersecurity/en-US/module2)
+* Energi Danmark: Publicly talking about how they use Kubescape in their CI/CD pipeline [link](https://www.armosec.io/energi-danmark-business-support/)
+* Gitpod: Used Kubescape in their SOC2 compliance process [link](https://www.armosec.io/gitpod/)
+* Intel: using Kubescape for security prioritization [video](https://youtu.be/1iCW1KboypY?si=OjmnshWbpFNVPGJT)
+* Orange Business: talking about Kubescape/ARMO service they are doing [video](https://www.youtube.com/watch?v=cbJYCUM8578)
+* Rabobank: talked at KCD Amsterdam about having Kubescape in their technology stack [video](https://youtu.be/oa_YJmjwepI?si=vSrFW6seMKHj2Lze) [image](/docs/img/kcd-amsterdam-rabo.jpg)
+* VMWare/Bitnami: listing Kubescape in their public image/helm repository [link](https://github.com/bitnami/containers/tree/main/bitnami/kubescape)
+
 
 # Users
 

README.md

@@ -81,7 +81,7 @@ It retrieves Kubernetes objects from the API server and runs a set of [Rego snip
 
 Kubescape is an open source project, we welcome your feedback and ideas for improvement. We are part of the Kubernetes community and are building more tests and controls as the ecosystem develops.
 
-We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, on the first Tuesday of every month, at 14:00 GMT. ([See that in your local time zone](https://time.is/compare/1400_in_GMT)).
+We hold [community meetings](https://zoom.us/j/95174063585) on Zoom, every second week on Tuesdays, at 15:00 CET. ([See that in your local time zone](https://time.is/compare/1500_in_CET)).
 
 The Kubescape project follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md).
 

cmd/patch/patch.go

@@ -7,8 +7,7 @@ import (
 	"strings"
 	"time"
 
-	ref "github.com/distribution/distribution/reference"
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/kubescape/v3/cmd/shared"
@@ -97,22 +96,22 @@ func validateImagePatchInfo(patchInfo *metav1.PatchInfo) error {
 	}
 
 	// Parse the image full name to get image name and tag
-	named, err := ref.ParseNamed(patchInfoImage)
+	named, err := reference.ParseNamed(patchInfoImage)
 	if err != nil {
 		return err
 	}
 
 	// If no tag or digest is provided, default to 'latest'
-	if ref.IsNameOnly(named) {
+	if reference.IsNameOnly(named) {
 		logger.L().Warning("Image name has no tag or digest, using latest as tag")
-		named = ref.TagNameOnly(named)
+		named = reference.TagNameOnly(named)
 	}
 	patchInfo.Image = named.String()
 
 	// If no patched image tag is provided, default to '<image-tag>-patched'
 	if patchInfo.PatchedImageTag == "" {
 
-		taggedName, ok := named.(ref.Tagged)
+		taggedName, ok := named.(reference.Tagged)
 		if !ok {
 			return errors.New("unexpected error while parsing image tag")
 		}

cmd/rootutils.go

@@ -77,7 +77,7 @@ func initEnvironment() {
 	)
 
 	if err != nil {
-		logger.L().Fatal("failed to to get services from server", helpers.Error(err), helpers.String("server", rootInfo.DiscoveryServerURL))
+		logger.L().Fatal("failed to get services from server", helpers.Error(err), helpers.String("server", rootInfo.DiscoveryServerURL))
 		return
 	}
 

core/cautils/getter/downloadreleasedpolicy.go

@@ -9,7 +9,7 @@ import (
 	"github.com/kubescape/opa-utils/reporthandling"
 	"github.com/kubescape/opa-utils/reporthandling/attacktrack/v1alpha1"
 
-	"github.com/kubescape/regolibrary/gitregostore"
+	"github.com/kubescape/regolibrary/v2/gitregostore"
 )
 
 // =======================================================================================================================
@@ -29,7 +29,7 @@ type DownloadReleasedPolicy struct {
 
 func NewDownloadReleasedPolicy() *DownloadReleasedPolicy {
 	return &DownloadReleasedPolicy{
-		gs: gitregostore.NewDefaultGitRegoStore(-1),
+		gs: gitregostore.NewGitRegoStoreV2(-1),
 	}
 }
 

core/cautils/normalize_image_name.go

@@ -1,7 +1,7 @@
 package cautils
 
 import (
-	"github.com/docker/distribution/reference"
+	"github.com/distribution/reference"
 )
 
 func NormalizeImageName(img string) (string, error) {

core/cautils/rbac.go

@@ -85,7 +85,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("ClusterRole")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -95,7 +95,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("Role")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -105,7 +105,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("ClusterRoleBinding")
 		allresources[crIMeta.GetID()] = crIMeta
@@ -115,7 +115,7 @@ func (rbacObjects *RBACObjects) rbacObjectsToResources(resources *rbacutils.Rbac
 		if err != nil {
 			return nil, err
 		}
-		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the the correct apiVersion?
+		crmap["apiVersion"] = "rbac.authorization.k8s.io/v1" // TODO - is the correct apiVersion?
 		crIMeta := workloadinterface.NewWorkloadObj(crmap)
 		crIMeta.SetKind("RoleBinding")
 		allresources[crIMeta.GetID()] = crIMeta

core/cautils/remotegitutils.go

@@ -1,6 +1,7 @@
-package resourcehandler
+package cautils
 
 import (
+	"crypto/sha256"
 	"errors"
 	"fmt"
 	nethttp "net/http"
@@ -12,8 +13,44 @@ import (
 	"github.com/go-git/go-git/v5/plumbing/transport"
 	"github.com/go-git/go-git/v5/plumbing/transport/http"
 	giturl "github.com/kubescape/go-git-url"
+	"github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger/helpers"
 )
 
+var tmpDirPaths map[string]string
+
+func hashRepoURL(repoURL string) string {
+	h := sha256.New()
+	h.Write([]byte(repoURL))
+	return string(h.Sum(nil))
+}
+
+func getDirPath(repoURL string) string {
+	if tmpDirPaths == nil {
+		return ""
+	}
+	return tmpDirPaths[hashRepoURL(repoURL)]
+}
+
+// Create a temporary directory this function is called once
+func createTempDir(repoURL string) (string, error) {
+	tmpDirPath := getDirPath(repoURL)
+	if tmpDirPath != "" {
+		return tmpDirPath, nil
+	}
+	// create temp directory
+	tmpDir, err := os.MkdirTemp("", "")
+	if err != nil {
+		return "", fmt.Errorf("failed to create temporary directory: %w", err)
+	}
+	if tmpDirPaths == nil {
+		tmpDirPaths = make(map[string]string)
+	}
+	tmpDirPaths[hashRepoURL(repoURL)] = tmpDir
+
+	return tmpDir, nil
+}
+
 // To Check if the given repository is Public(No Authentication needed), send a HTTP GET request to the URL
 // If response code is 200, the repository is Public.
 func isGitRepoPublic(u string) bool {
@@ -55,34 +92,38 @@ func getProviderError(gitURL giturl.IGitAPI) error {
 
 // cloneRepo clones a repository to a local temporary directory and returns the directory
 func cloneRepo(gitURL giturl.IGitAPI) (string, error) {
-
-	// Create temp directory
-	tmpDir, err := os.MkdirTemp("", "")
-	if err != nil {
-		return "", fmt.Errorf("failed to create temporary directory: %w", err)
-	}
-
-	// Get the URL to clone
 	cloneURL := gitURL.GetHttpCloneURL()
 
-	isGitRepoPublic := isGitRepoPublic(cloneURL)
+	// Check if directory exists
+	if p := getDirPath(cloneURL); p != "" {
+		// directory exists, meaning this repo was cloned
+		return p, nil
+	}
+	// Get the URL to clone
+
+	// Create temp directory
+	tmpDir, err := createTempDir(cloneURL)
+	if err != nil {
+		return "", err
+	}
+
+	isGitTokenPresent := isGitTokenPresent(gitURL)
 
 	// Declare the authentication variable required for cloneOptions
 	var auth transport.AuthMethod
 
-	if isGitRepoPublic {
-		// No authentication needed if repository is public
-		auth = nil
-	} else {
-
-		// Return Error if the AUTH_TOKEN is not present
-		if isGitTokenPresent := isGitTokenPresent(gitURL); !isGitTokenPresent {
-			return "", getProviderError(gitURL)
-		}
+	if isGitTokenPresent {
 		auth = &http.BasicAuth{
 			Username: "x-token-auth",
 			Password: gitURL.GetToken(),
 		}
+	} else {
+		// If the repository is public, no authentication is needed
+		if isGitRepoPublic(cloneURL) {
+			auth = nil
+		} else {
+			return "", getProviderError(gitURL)
+		}
 	}
 
 	// For Azure repo cloning
@@ -102,6 +143,42 @@ func cloneRepo(gitURL giturl.IGitAPI) (string, error) {
 	if err != nil {
 		return "", fmt.Errorf("failed to clone %s. %w", gitURL.GetRepoName(), err)
 	}
+	// tmpDir = filepath.Join(tmpDir, gitURL.GetRepoName())
+	tmpDirPaths[hashRepoURL(cloneURL)] = tmpDir
 
 	return tmpDir, nil
 }
+
+// CloneGitRepo clone git repository
+func CloneGitRepo(path *string) (string, error) {
+	var clonedDir string
+
+	gitURL, err := giturl.NewGitAPI(*path)
+	if err != nil {
+		return "", nil
+	}
+
+	// Clone git repository if needed
+	logger.L().Start("cloning", helpers.String("repository url", gitURL.GetURL().String()))
+
+	clonedDir, err = cloneRepo(gitURL)
+	if err != nil {
+		logger.L().StopError("failed to clone git repo", helpers.String("url", gitURL.GetURL().String()), helpers.Error(err))
+		return "", fmt.Errorf("failed to clone git repo '%s',  %w", gitURL.GetURL().String(), err)
+	}
+	*path = clonedDir
+
+	logger.L().StopSuccess("Done accessing remote repo")
+
+	return clonedDir, nil
+}
+
+func GetClonedPath(path string) string {
+
+	gitURL, err := giturl.NewGitAPI(path)
+	if err != nil {
+		return ""
+	}
+
+	return getDirPath(gitURL.GetHttpCloneURL())
+}

core/cautils/remotegitutils_test.go

@@ -1,4 +1,4 @@
-package resourcehandler
+package cautils
 
 import (
 	"errors"
@@ -93,3 +93,63 @@ func TestCloneRepo(t *testing.T) {
 		})
 	}
 }
+func TestGetClonedPath(t *testing.T) {
+	testCases := []struct {
+		name     string
+		path     string
+		expected string
+	}{
+		{
+			name:     "Valid Git URL",
+			path:     "https://github.com/kubescape/kubescape.git",
+			expected: "/path/to/cloned/repo", // replace with the expected path
+		},
+		{
+			name:     "Invalid Git URL",
+			path:     "invalid",
+			expected: "",
+		},
+	}
+	tmpDirPaths = make(map[string]string)
+	tmpDirPaths[hashRepoURL("https://github.com/kubescape/kubescape.git")] = "/path/to/cloned/repo" // replace with the actual path
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := GetClonedPath(tc.path)
+			if result != tc.expected {
+				t.Errorf("Expected %q, got %q", tc.expected, result)
+			}
+		})
+	}
+}
+func TestGetDirPath(t *testing.T) {
+	testCases := []struct {
+		name     string
+		repoURL  string
+		expected string
+	}{
+		{
+			name:     "Existing Repo URL",
+			repoURL:  "https://github.com/user/repo.git",
+			expected: "/path/to/cloned/repo", // replace with the expected path
+		},
+		{
+			name:     "Non-Existing Repo URL",
+			repoURL:  "https://github.com/user/nonexistentrepo.git",
+			expected: "",
+		},
+	}
+
+	// Initialize tmpDirPaths
+	tmpDirPaths = make(map[string]string)
+	tmpDirPaths[hashRepoURL("https://github.com/user/repo.git")] = "/path/to/cloned/repo" // replace with the actual path
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			result := getDirPath(tc.repoURL)
+			if result != tc.expected {
+				t.Errorf("Expected %q, got %q", tc.expected, result)
+			}
+		})
+	}
+}

core/cautils/scaninfo.go

@@ -25,20 +25,17 @@ import (
 type ScanningContext string
 
 const (
-	ContextCluster  ScanningContext = "cluster"
-	ContextFile     ScanningContext = "single-file"
-	ContextDir      ScanningContext = "local-dir"
-	ContextGitURL   ScanningContext = "git-url"
-	ContextGitLocal ScanningContext = "git-local"
+	ContextCluster   ScanningContext = "cluster"
+	ContextFile      ScanningContext = "single-file"
+	ContextDir       ScanningContext = "local-dir"
+	ContextGitLocal  ScanningContext = "git-local"
+	ContextGitRemote ScanningContext = "git-remote"
 )
 
 const ( // deprecated
 	ScopeCluster = "cluster"
-	ScopeYAML    = "yaml"
 )
 const (
-	// ScanCluster                string = "cluster"
-	// ScanLocalFiles             string = "yaml"
 	localControlInputsFilename string = "controls-inputs.json"
 	LocalExceptionsFilename    string = "exceptions.json"
 	LocalAttackTracksFilename  string = "attack-tracks.json"
@@ -111,8 +108,8 @@ type ScanInfo struct {
 	UseFrom               []string                     // Load framework from local file (instead of download). Use when running offline
 	UseDefault            bool                         // Load framework from cached file (instead of download). Use when running offline
 	UseArtifactsFrom      string                       // Load artifacts from local path. Use when running offline
-	VerboseMode           bool                         // Display all of the input resources and not only failed resources
-	View                  string                       // Display all of the input resources and not only failed resources
+	VerboseMode           bool                         // Display all the input resources and not only failed resources
+	View                  string                       //
 	Format                string                       // Format results (table, json, junit ...)
 	Output                string                       // Store results in an output file, Output file name
 	FormatVersion         string                       // Output object can be different between versions, this is for testing and backward compatibility
@@ -141,6 +138,8 @@ type ScanInfo struct {
 	ScanImages            bool
 	ChartPath             string
 	FilePath              string
+	scanningContext       *ScanningContext
+	cleanups              []func()
 }
 
 type Getters struct {
@@ -156,7 +155,12 @@ func (scanInfo *ScanInfo) Init(ctx context.Context) {
 	if scanInfo.ScanID == "" {
 		scanInfo.ScanID = uuid.NewString()
 	}
+}
 
+func (scanInfo *ScanInfo) Cleanup() {
+	for _, cleanup := range scanInfo.cleanups {
+		cleanup()
+	}
 }
 
 func (scanInfo *ScanInfo) setUseArtifactsFrom(ctx context.Context) {
@@ -268,51 +272,63 @@ func scanInfoToScanMetadata(ctx context.Context, scanInfo *ScanInfo) *reporthand
 	metadata.ScanMetadata.VerboseMode = scanInfo.VerboseMode
 	metadata.ScanMetadata.ControlsInputs = scanInfo.ControlsInputs
 
-	inputFiles := ""
-	if len(scanInfo.InputPatterns) > 0 {
-		inputFiles = scanInfo.InputPatterns[0]
-	}
-	switch GetScanningContext(inputFiles) {
+	switch scanInfo.GetScanningContext() {
 	case ContextCluster:
 		// cluster
 		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Cluster
 	case ContextFile:
 		// local file
 		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.File
-	case ContextGitURL:
-		// url
-		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Repo
 	case ContextGitLocal:
 		// local-git
 		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.GitLocal
+	case ContextGitRemote:
+		// remote
+		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Repo
 	case ContextDir:
 		// directory
 		metadata.ScanMetadata.ScanningTarget = reporthandlingv2.Directory
 
 	}
 
-	setContextMetadata(ctx, &metadata.ContextMetadata, inputFiles)
+	scanInfo.setContextMetadata(ctx, &metadata.ContextMetadata)
 
 	return metadata
 }
 
-func (scanInfo *ScanInfo) GetScanningContext() ScanningContext {
+func (scanInfo *ScanInfo) GetInputFiles() string {
 	if len(scanInfo.InputPatterns) > 0 {
-		return GetScanningContext(scanInfo.InputPatterns[0])
+		return scanInfo.InputPatterns[0]
 	}
-	return GetScanningContext("")
+	return ""
 }
 
-// GetScanningContext get scanning context from the input param
-func GetScanningContext(input string) ScanningContext {
+func (scanInfo *ScanInfo) GetScanningContext() ScanningContext {
+	if scanInfo.scanningContext == nil {
+		scanningContext := scanInfo.getScanningContext(scanInfo.GetInputFiles())
+		scanInfo.scanningContext = &scanningContext
+	}
+	return *scanInfo.scanningContext
+}
+
+// getScanningContext get scanning context from the input param
+// this function should be called only once. Call GetScanningContext() to get the scanning context
+func (scanInfo *ScanInfo) getScanningContext(input string) ScanningContext {
 	//  cluster
 	if input == "" {
 		return ContextCluster
 	}
 
-	// url
+	// git url
 	if _, err := giturl.NewGitURL(input); err == nil {
-		return ContextGitURL
+		if repo, err := CloneGitRepo(&input); err == nil {
+			if _, err := NewLocalGitRepository(repo); err == nil {
+				scanInfo.cleanups = append(scanInfo.cleanups, func() {
+					_ = os.RemoveAll(repo)
+				})
+				return ContextGitRemote
+			}
+		}
 	}
 
 	if !filepath.IsAbs(input) { // parse path
@@ -334,19 +350,14 @@ func GetScanningContext(input string) ScanningContext {
 	//  dir/glob
 	return ContextDir
 }
-func setContextMetadata(ctx context.Context, contextMetadata *reporthandlingv2.ContextMetadata, input string) {
-	switch GetScanningContext(input) {
+
+func (scanInfo *ScanInfo) setContextMetadata(ctx context.Context, contextMetadata *reporthandlingv2.ContextMetadata) {
+	input := scanInfo.GetInputFiles()
+	switch scanInfo.GetScanningContext() {
 	case ContextCluster:
 		contextMetadata.ClusterContextMetadata = &reporthandlingv2.ClusterMetadata{
 			ContextName: k8sinterface.GetContextName(),
 		}
-	case ContextGitURL:
-		// url
-		context, err := metadataGitURL(input)
-		if err != nil {
-			logger.L().Ctx(ctx).Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
-		}
-		contextMetadata.RepoContextMetadata = context
 	case ContextDir:
 		contextMetadata.DirectoryContextMetadata = &reporthandlingv2.DirectoryContextMetadata{
 			BasePath: getAbsPath(input),
@@ -378,43 +389,21 @@ func setContextMetadata(ctx context.Context, contextMetadata *reporthandlingv2.C
 		}
 	case ContextGitLocal:
 		// local
-		context, err := metadataGitLocal(input)
+		repoContext, err := metadataGitLocal(input)
 		if err != nil {
-			logger.L().Ctx(ctx).Warning("in setContextMetadata", helpers.Interface("case", ContextGitURL), helpers.Error(err))
+			logger.L().Ctx(ctx).Warning("in setContextMetadata", helpers.Interface("case", ContextGitLocal), helpers.Error(err))
 		}
-		contextMetadata.RepoContextMetadata = context
+		contextMetadata.RepoContextMetadata = repoContext
+	case ContextGitRemote:
+		// remote
+		repoContext, err := metadataGitLocal(GetClonedPath(input))
+		if err != nil {
+			logger.L().Ctx(ctx).Warning("in setContextMetadata", helpers.Interface("case", ContextGitRemote), helpers.Error(err))
+		}
+		contextMetadata.RepoContextMetadata = repoContext
 	}
 }
 
-func metadataGitURL(input string) (*reporthandlingv2.RepoContextMetadata, error) {
-	context := &reporthandlingv2.RepoContextMetadata{}
-	gitParser, err := giturl.NewGitAPI(input)
-	if err != nil {
-		return context, fmt.Errorf("%w", err)
-	}
-	if gitParser.GetBranchName() == "" {
-		gitParser.SetDefaultBranchName()
-	}
-	context.Provider = gitParser.GetProvider()
-	context.Repo = gitParser.GetRepoName()
-	context.Owner = gitParser.GetOwnerName()
-	context.Branch = gitParser.GetBranchName()
-	context.RemoteURL = gitParser.GetURL().String()
-
-	commit, err := gitParser.GetLatestCommit()
-	if err != nil {
-		return context, fmt.Errorf("%w", err)
-	}
-
-	context.LastCommit = reporthandling.LastCommit{
-		Hash:          commit.SHA,
-		Date:          commit.Committer.Date,
-		CommitterName: commit.Committer.Name,
-	}
-
-	return context, nil
-}
-
 func metadataGitLocal(input string) (*reporthandlingv2.RepoContextMetadata, error) {
 	gitParser, err := NewLocalGitRepository(input)
 	if err != nil {
@@ -424,31 +413,31 @@ func metadataGitLocal(input string) (*reporthandlingv2.RepoContextMetadata, erro
 	if err != nil {
 		return nil, fmt.Errorf("%w", err)
 	}
-	context := &reporthandlingv2.RepoContextMetadata{}
+	repoContext := &reporthandlingv2.RepoContextMetadata{}
 	gitParserURL, err := giturl.NewGitURL(remoteURL)
 	if err != nil {
-		return context, fmt.Errorf("%w", err)
+		return repoContext, fmt.Errorf("%w", err)
 	}
 	gitParserURL.SetBranchName(gitParser.GetBranchName())
 
-	context.Provider = gitParserURL.GetProvider()
-	context.Repo = gitParserURL.GetRepoName()
-	context.Owner = gitParserURL.GetOwnerName()
-	context.Branch = gitParserURL.GetBranchName()
-	context.RemoteURL = gitParserURL.GetURL().String()
+	repoContext.Provider = gitParserURL.GetProvider()
+	repoContext.Repo = gitParserURL.GetRepoName()
+	repoContext.Owner = gitParserURL.GetOwnerName()
+	repoContext.Branch = gitParserURL.GetBranchName()
+	repoContext.RemoteURL = gitParserURL.GetURL().String()
 
 	commit, err := gitParser.GetLastCommit()
 	if err != nil {
-		return context, fmt.Errorf("%w", err)
+		return repoContext, fmt.Errorf("%w", err)
 	}
-	context.LastCommit = reporthandling.LastCommit{
+	repoContext.LastCommit = reporthandling.LastCommit{
 		Hash:          commit.SHA,
 		Date:          commit.Committer.Date,
 		CommitterName: commit.Committer.Name,
 	}
-	context.LocalRootPath, _ = gitParser.GetRootDir()
+	repoContext.LocalRootPath, _ = gitParser.GetRootDir()
 
-	return context, nil
+	return repoContext, nil
 }
 func getHostname() string {
 	if h, e := os.Hostname(); e == nil {
@@ -465,11 +454,3 @@ func getAbsPath(p string) string {
 	}
 	return p
 }
-
-// ScanningContextToScanningScope convert the context to the deprecated scope
-func ScanningContextToScanningScope(scanningContext ScanningContext) string {
-	if scanningContext == ContextCluster {
-		return ScopeCluster
-	}
-	return ScopeYAML
-}

core/cautils/scaninfo_test.go

@@ -3,17 +3,19 @@ package cautils
 import (
 	"context"
 	"os"
-	"path/filepath"
 	"testing"
 
+	"github.com/go-git/go-git/v5"
 	reporthandlingv2 "github.com/kubescape/opa-utils/reporthandling/v2"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 )
 
 func TestSetContextMetadata(t *testing.T) {
 	{
 		ctx := reporthandlingv2.ContextMetadata{}
-		setContextMetadata(context.TODO(), &ctx, "")
+		scanInfo := &ScanInfo{}
+		scanInfo.setContextMetadata(context.TODO(), &ctx)
 
 		assert.NotNil(t, ctx.ClusterContextMetadata)
 		assert.Nil(t, ctx.DirectoryContextMetadata)
@@ -42,13 +44,57 @@ func TestGetHostname(t *testing.T) {
 }
 
 func TestGetScanningContext(t *testing.T) {
-	// Test with empty input
-	assert.Equal(t, ContextCluster, GetScanningContext(""))
-
-	// Test with Git URL input
-	assert.Equal(t, ContextGitURL, GetScanningContext("https://github.com/kubescape/kubescape"))
-
-	// TODO: Add more tests with other input types
+	repoRoot, err := os.MkdirTemp("", "repo")
+	require.NoError(t, err)
+	defer func(name string) {
+		_ = os.Remove(name)
+	}(repoRoot)
+	_, err = git.PlainClone(repoRoot, false, &git.CloneOptions{
+		URL: "https://github.com/kubescape/http-request",
+	})
+	require.NoError(t, err)
+	tmpFile, err := os.CreateTemp("", "single.*.txt")
+	require.NoError(t, err)
+	defer func(name string) {
+		_ = os.Remove(name)
+	}(tmpFile.Name())
+	tests := []struct {
+		name  string
+		input string
+		want  ScanningContext
+	}{
+		{
+			name:  "empty input",
+			input: "",
+			want:  ContextCluster,
+		},
+		{
+			name:  "git URL input",
+			input: "https://github.com/kubescape/http-request",
+			want:  ContextGitRemote,
+		},
+		{
+			name:  "local git input",
+			input: repoRoot,
+			want:  ContextGitLocal,
+		},
+		{
+			name:  "single file input",
+			input: tmpFile.Name(),
+			want:  ContextFile,
+		},
+		{
+			name:  "directory input",
+			input: os.TempDir(),
+			want:  ContextDir,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			scanInfo := &ScanInfo{}
+			assert.Equalf(t, tt.want, scanInfo.getScanningContext(tt.input), "GetScanningContext(%v)", tt.input)
+		})
+	}
 }
 
 func TestScanInfoFormats(t *testing.T) {
@@ -77,30 +123,3 @@ func TestScanInfoFormats(t *testing.T) {
 		})
 	}
 }
-
-func TestGetScanningContextWithFile(t *testing.T) {
-	// Test with a file
-	dir, err := os.MkdirTemp("", "example")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(dir)
-
-	filePath := filepath.Join(dir, "file.txt")
-	if _, err := os.Create(filePath); err != nil {
-		t.Fatal(err)
-	}
-
-	assert.Equal(t, ContextFile, GetScanningContext(filePath))
-}
-
-func TestGetScanningContextWithDir(t *testing.T) {
-	// Test with a directory
-	dir, err := os.MkdirTemp("", "example")
-	if err != nil {
-		t.Fatal(err)
-	}
-	defer os.RemoveAll(dir)
-
-	assert.Equal(t, ContextDir, GetScanningContext(dir))
-}

core/core/clusterconnector.go

@@ -83,7 +83,10 @@ func (a *OperatorAdapter) httpPostOperatorScanRequest(body apis.Commands) (strin
 		return "", err
 	}
 	defer resp.Body.Close()
-	return httputils.HttpRespToString(resp)
+	if resp.StatusCode != 200 {
+		return "", fmt.Errorf("http-error: %d", resp.StatusCode)
+	}
+	return "success", nil
 }
 
 func (a *OperatorAdapter) OperatorScan() (string, error) {

core/core/scan.go

@@ -48,8 +48,9 @@ func getInterfaces(ctx context.Context, scanInfo *cautils.ScanInfo) componentInt
 		k8s = getKubernetesApi()
 		if k8s == nil {
 			logger.L().Ctx(ctx).Fatal("failed connecting to Kubernetes cluster")
+		} else {
+			k8sClient = k8s.KubernetesClient
 		}
-		k8sClient = k8s.KubernetesClient
 	}
 
 	// ================== setup tenant object ======================================
@@ -68,7 +69,7 @@ func getInterfaces(ctx context.Context, scanInfo *cautils.ScanInfo) componentInt
 	// ================== version testing ======================================
 
 	v := versioncheck.NewIVersionCheckHandler(ctx)
-	v.CheckLatestVersion(ctx, versioncheck.NewVersionCheckRequest(scanInfo.AccountID, versioncheck.BuildNumber, policyIdentifierIdentities(scanInfo.PolicyIdentifier), "", string(scanInfo.GetScanningContext()), k8sClient))
+	_ = v.CheckLatestVersion(ctx, versioncheck.NewVersionCheckRequest(scanInfo.AccountID, versioncheck.BuildNumber, policyIdentifierIdentities(scanInfo.PolicyIdentifier), "", string(scanInfo.GetScanningContext()), k8sClient))
 
 	// ================== setup host scanner object ======================================
 	ctxHostScanner, spanHostScanner := otel.Tracer("").Start(ctx, "setup host scanner")
@@ -127,6 +128,7 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res
 
 	// ===================== Initialization =====================
 	scanInfo.Init(ctxInit) // initialize scan info
+	defer scanInfo.Cleanup()
 
 	interfaces := getInterfaces(ctxInit, scanInfo)
 	interfaces.report.SetTenantConfig(interfaces.tenantConfig)
@@ -194,7 +196,7 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res
 		} else if err := priotizationHandler.PrioritizeResources(scanData); err != nil {
 			return resultsHandling, fmt.Errorf("%w", err)
 		}
-		if err == nil && isPrioritizationScanType(scanInfo.ScanType) {
+		if isPrioritizationScanType(scanInfo.ScanType) {
 			scanData.SetTopWorkloads()
 		}
 		spanPrioritization.End()
@@ -214,7 +216,7 @@ func (ks *Kubescape) Scan(ctx context.Context, scanInfo *cautils.ScanInfo) (*res
 }
 
 func scanImages(scanType cautils.ScanTypes, scanData *cautils.OPASessionObj, ctx context.Context, resultsHandling *resultshandling.ResultsHandler) {
-	imagesToScan := []string{}
+	var imagesToScan []string
 
 	if scanType == cautils.ScanTypeWorkload {
 		containers, err := workloadinterface.NewWorkloadObj(scanData.SingleResourceScan.GetObject()).GetContainers()

core/pkg/containerscan/containerscan_mock.go

@@ -25,7 +25,7 @@ func GenerateContainerScanReportMock() ScanResultReport {
 	return ds
 }
 
-// GenerateContainerScanReportMock - generate a scan result
+// GenerateContainerScanReportNoVulMock - generate a scan result
 func GenerateContainerScanReportNoVulMock() ScanResultReport {
 	ds := ScanResultReport{
 		WLID:          "wlid://cluster-k8s-geriatrix-k8s-demo3/namespace-whisky-app/deployment-whisky4all-shipping",

core/pkg/hostsensorutils/hostsensordeploy.go

@@ -307,7 +307,7 @@ func (hsh *HostSensorHandler) updatePodInListAtomic(ctx context.Context, eventTy
 	}
 }
 
-// tearDownNamespace manage the host-scanner deletion.
+// tearDownHostScanner manage the host-scanner deletion.
 func (hsh *HostSensorHandler) tearDownHostScanner(namespace string) error {
 	client := hsh.k8sObj.KubernetesClient
 

core/pkg/hostsensorutils/hostsensorgetfrompod.go

@@ -155,7 +155,7 @@ func (hsh *HostSensorHandler) getKubeProxyInfo(ctx context.Context) ([]hostsenso
 	return hsh.sendAllPodsHTTPGETRequest(ctx, "/kubeProxyInfo", KubeProxyInfo)
 }
 
-// getControlPlanInfo returns the list of controlPlaneInfo metadata
+// getControlPlaneInfo returns the list of controlPlaneInfo metadata
 func (hsh *HostSensorHandler) getControlPlaneInfo(ctx context.Context) ([]hostsensor.HostSensorDataEnvelope, error) {
 	// loop over pods and port-forward it to each of them
 	return hsh.sendAllPodsHTTPGETRequest(ctx, "/controlPlaneInfo", ControlPlaneInfo)

core/pkg/hostsensorutils/log_coupling.go

@@ -39,7 +39,7 @@ func (lm *LogsMap) isDuplicated(logContent string) bool {
 	return ok
 }
 
-// GgtOccurrence retrieve the number of occurrences logContent has been used.
+// getOccurrence retrieve the number of occurrences logContent has been used.
 func (lm *LogsMap) getOccurrence(logContent string) int {
 	lm.Lock()
 	occurrence, ok := lm.usedLogs[logContent]

core/pkg/resourcehandler/filesloader.go

@@ -3,7 +3,6 @@ package resourcehandler
 import (
 	"context"
 	"fmt"
-	"os"
 	"path/filepath"
 	"strings"
 
@@ -11,7 +10,7 @@ import (
 	"github.com/kubescape/opa-utils/reporthandling"
 	"k8s.io/apimachinery/pkg/version"
 
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/kubescape/v3/core/cautils"
@@ -26,7 +25,7 @@ func NewFileResourceHandler() *FileResourceHandler {
 	return &FileResourceHandler{}
 }
 
-func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, progressListener opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error) {
+func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessionObj *cautils.OPASessionObj, _ opaprocessor.IJobProgressNotificationClient, scanInfo *cautils.ScanInfo) (cautils.K8SResources, map[string]workloadinterface.IMetadata, cautils.ExternalResources, map[string]bool, error) {
 	allResources := map[string]workloadinterface.IMetadata{}
 	externalResources := cautils.ExternalResources{}
 
@@ -45,7 +44,7 @@ func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessio
 		var err error
 
 		if scanInfo.ChartPath != "" && scanInfo.FilePath != "" {
-			workloadIDToSource, workloads, workloadIDToMappingNodes, err = getWorkloadFromHelmChart(ctx, scanInfo.ChartPath, scanInfo.FilePath)
+			workloadIDToSource, workloads, workloadIDToMappingNodes, err = getWorkloadFromHelmChart(ctx, scanInfo.InputPatterns[path], scanInfo.ChartPath, scanInfo.FilePath)
 			if err != nil {
 				// We should probably ignore the error so we can continue scanning other charts
 			}
@@ -88,7 +87,7 @@ func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessio
 	// save only relevant resources
 	for i := range mappedResources {
 		if _, ok := k8sResources[i]; ok {
-			ids := []string{}
+			var ids []string
 			for j := range mappedResources[i] {
 				ids = append(ids, mappedResources[i][j].GetID())
 				allResources[mappedResources[i][j].GetID()] = mappedResources[i][j]
@@ -107,24 +106,22 @@ func (fileHandler *FileResourceHandler) GetResources(ctx context.Context, sessio
 func (fileHandler *FileResourceHandler) GetCloudProvider() string {
 	return ""
 }
-func getWorkloadFromHelmChart(ctx context.Context, helmPath, workloadPath string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, map[string]cautils.MappingNodes, error) {
-	clonedRepo, err := cloneGitRepo(&helmPath)
-	if err != nil {
-		return nil, nil, nil, err
-	}
+func getWorkloadFromHelmChart(ctx context.Context, path, helmPath, workloadPath string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, map[string]cautils.MappingNodes, error) {
+	clonedRepo := cautils.GetClonedPath(path)
+
 	if clonedRepo != "" {
-		defer os.RemoveAll(clonedRepo)
+		// if the repo was cloned, add the workload path to the cloned repo
+		workloadPath = filepath.Join(clonedRepo, workloadPath)
+	} else {
+		// if the repo was not cloned
+		clonedRepo = path
 	}
 
 	// Get repo root
-	repoRoot, gitRepo := extractGitRepo(helmPath)
+	repoRoot, gitRepo := extractGitRepo(clonedRepo)
 
 	helmSourceToWorkloads, helmSourceToChart, helmSourceToNodes := cautils.LoadResourcesFromHelmCharts(ctx, helmPath)
 
-	if clonedRepo != "" {
-		workloadPath = clonedRepo + workloadPath
-	}
-
 	wlSource, ok := helmSourceToWorkloads[workloadPath]
 	if !ok {
 		return nil, nil, nil, fmt.Errorf("workload %s not found in chart %s", workloadPath, helmPath)
@@ -151,7 +148,7 @@ func getWorkloadFromHelmChart(ctx context.Context, helmPath, workloadPath string
 	workloadIDToSource[wlSource[0].GetID()] = workloadSource
 	workloadIDToNodes[wlSource[0].GetID()] = templatesNodes
 
-	workloads := []workloadinterface.IMetadata{}
+	var workloads []workloadinterface.IMetadata
 	workloads = append(workloads, wlSource...)
 
 	return workloadIDToSource, workloads, workloadIDToNodes, nil
@@ -189,16 +186,14 @@ func getWorkloadSourceHelmChart(repoRoot string, source string, gitRepo *cautils
 }
 
 func getResourcesFromPath(ctx context.Context, path string) (map[string]reporthandling.Source, []workloadinterface.IMetadata, map[string]cautils.MappingNodes, error) {
-	workloadIDToSource := make(map[string]reporthandling.Source, 0)
+	workloadIDToSource := make(map[string]reporthandling.Source)
 	workloadIDToNodes := make(map[string]cautils.MappingNodes)
-	workloads := []workloadinterface.IMetadata{}
+	var workloads []workloadinterface.IMetadata
 
-	clonedRepo, err := cloneGitRepo(&path)
-	if err != nil {
-		return nil, nil, nil, err
-	}
+	clonedRepo := cautils.GetClonedPath(path)
 	if clonedRepo != "" {
-		defer os.RemoveAll(clonedRepo)
+		// if the repo was cloned, add the workload path to the cloned repo
+		path = clonedRepo
 	}
 
 	// Get repo root
@@ -288,7 +283,7 @@ func getResourcesFromPath(ctx context.Context, path string) (map[string]reportha
 			templatesNodes = nodes
 		}
 
-		if clonedRepo != "" {
+		if clonedRepo != "" && gitRepo != nil {
 			url, err := gitRepo.GetRemoteUrl()
 			if err != nil {
 				logger.L().Warning("failed to get remote url", helpers.Error(err))

core/pkg/resourcehandler/filesloaderutils.go

@@ -2,40 +2,14 @@ package resourcehandler
 
 import (
 	"fmt"
-	"path/filepath"
 
-	giturl "github.com/kubescape/go-git-url"
-	logger "github.com/kubescape/go-logger"
+	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
 	"github.com/kubescape/k8s-interface/k8sinterface"
 	"github.com/kubescape/k8s-interface/workloadinterface"
 	"github.com/kubescape/opa-utils/objectsenvelopes"
 )
 
-// Clone git repository
-func cloneGitRepo(path *string) (string, error) {
-	var clonedDir string
-
-	gitURL, err := giturl.NewGitAPI(*path)
-	if err != nil {
-		return "", nil
-	}
-
-	// Clone git repository if needed
-	logger.L().Start("cloning", helpers.String("repository url", gitURL.GetURL().String()))
-
-	clonedDir, err = cloneRepo(gitURL)
-	if err != nil {
-		logger.L().StopError("failed to clone git repo", helpers.String("url", gitURL.GetURL().String()), helpers.Error(err))
-		return "", fmt.Errorf("failed to clone git repo '%s',  %w", gitURL.GetURL().String(), err)
-	}
-
-	*path = filepath.Join(clonedDir, gitURL.GetPath())
-	logger.L().StopSuccess("Done accessing local objects")
-
-	return clonedDir, nil
-}
-
 func addWorkloadsToResourcesMap(allResources map[string][]workloadinterface.IMetadata, workloads []workloadinterface.IMetadata) {
 	for i := range workloads {
 		groupVersionResource, err := k8sinterface.GetGroupVersionResource(workloads[i].GetKind())
@@ -92,7 +66,7 @@ func findScanObjectResource(mappedResources map[string][]workloadinterface.IMeta
 
 	logger.L().Debug("Single resource scan", helpers.String("resource", resource.GetID()))
 
-	wls := []workloadinterface.IWorkload{}
+	var wls []workloadinterface.IWorkload
 	for _, resources := range mappedResources {
 		for _, r := range resources {
 			if r.GetKind() == resource.GetKind() && r.GetName() == resource.GetName() {

core/pkg/resourcehandler/resourcehandlerutils.go

@@ -114,7 +114,7 @@ func filterRuleMatchesForResource(resourceKind string, matchObjects []reporthand
 	return resourceMap
 }
 
-// updateQueryableResourcesMapFromMatch updates the queryableResources map with the relevant resources from the match object.
+// updateQueryableResourcesMapFromRuleMatchObject updates the queryableResources map with the relevant resources from the match object.
 // if namespace is not empty, the namespace filter is added to the queryable resources (which are namespaced)
 // if resourcesFilterMap is not nil, only the resources with value 'true' will be added to the queryable resources
 func updateQueryableResourcesMapFromRuleMatchObject(match *reporthandling.RuleMatchObjects, resourcesFilterMap map[string]bool, queryableResources QueryableResources, namespace string) {

core/pkg/resultshandling/printer/v2/controltable.go

@@ -14,11 +14,13 @@ import (
 
 const (
 	columnSeverity        = iota
+	columnRef             = iota
 	columnName            = iota
 	columnCounterFailed   = iota
 	columnCounterAll      = iota
 	columnComplianceScore = iota
 	_rowLen               = iota
+	controlNameMaxLength  = 70
 )
 
 func generateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfo []infoStars, verbose bool) []string {
@@ -30,8 +32,8 @@ func generateRow(controlSummary reportsummary.IControlSummary, infoToPrintInfo [
 	}
 
 	row[columnSeverity] = getSeverityColumn(controlSummary)
-	if len(controlSummary.GetName()) > 50 {
-		row[columnName] = controlSummary.GetName()[:50] + "..."
+	if len(controlSummary.GetName()) > controlNameMaxLength {
+		row[columnName] = controlSummary.GetName()[:controlNameMaxLength] + "..."
 	} else {
 		row[columnName] = controlSummary.GetName()
 	}
@@ -62,8 +64,9 @@ func generateRowPdf(controlSummary reportsummary.IControlSummary, infoToPrintInf
 	}
 
 	row[columnSeverity] = apis.ControlSeverityToString(controlSummary.GetScoreFactor())
-	if len(controlSummary.GetName()) > 50 {
-		row[columnName] = controlSummary.GetName()[:50] + "..."
+	row[columnRef] = controlSummary.GetID()
+	if len(controlSummary.GetName()) > controlNameMaxLength {
+		row[columnName] = controlSummary.GetName()[:controlNameMaxLength] + "..."
 	} else {
 		row[columnName] = controlSummary.GetName()
 	}
@@ -144,6 +147,7 @@ func getControlTableHeaders(short bool) []string {
 		headers[0] = "Controls"
 	} else {
 		headers = make([]string, _rowLen)
+		headers[columnRef] = "Control reference"
 		headers[columnName] = "Control name"
 		headers[columnCounterFailed] = "Failed resources"
 		headers[columnCounterAll] = "All resources"

core/pkg/resultshandling/printer/v2/controltable_test.go

@@ -2,6 +2,7 @@ package printer
 
 import (
 	"encoding/json"
+	"fmt"
 	"os"
 	"path/filepath"
 	"strconv"
@@ -40,23 +41,28 @@ func Test_generateRowPdf(t *testing.T) {
 			t.Errorf("got %s, want either of these: %s", c[0], "Low, Medium, High, Critical")
 		}
 
+		// Validating length of control ID
+		if len(c[1]) > 6 {
+			t.Errorf("got %s, want %s", c[1], "less than 7 characters")
+		}
+
 		// Validating length of control name
-		if len(c[1]) > 53 {
-			t.Errorf("got %s, want %s", c[1], "less than 54 characters")
+		if len(c[2]) > controlNameMaxLength {
+			t.Errorf("got %s, want %s", c[1], fmt.Sprintf("less than %d characters", controlNameMaxLength))
 		}
 
 		// Validating numeric fields
-		_, err := strconv.Atoi(c[2])
+		_, err := strconv.Atoi(c[3])
 		if err != nil {
 			t.Errorf("got %s, want an integer %s", c[2], err)
 		}
 
-		_, err = strconv.Atoi(c[3])
+		_, err = strconv.Atoi(c[4])
 		if err != nil {
 			t.Errorf("got %s, want an integer %s", c[3], err)
 		}
 
-		assert.NotEmpty(t, c[4], "expected a non-empty string")
+		assert.NotEmpty(t, c[5], "expected a non-empty string")
 
 	}
 

core/pkg/resultshandling/printer/v2/pdf.go

@@ -192,18 +192,21 @@ func (pp *PdfPrinter) printTable(m pdf.Maroto, summaryDetails *reportsummary.Sum
 		}
 	}
 
+	size := 6.0
+	gridSize := []uint{1, 1, 6, 1, 1, 2}
+
 	m.TableList(headers, controls, props.TableList{
 		HeaderProp: props.TableListContent{
 			Family:    consts.Arial,
 			Style:     consts.Bold,
-			Size:      6.0,
-			GridSizes: []uint{1, 5, 2, 2, 2},
+			Size:      size,
+			GridSizes: gridSize,
 		},
 		ContentProp: props.TableListContent{
 			Family:                          consts.Courier,
 			Style:                           consts.Normal,
-			Size:                            6.0,
-			GridSizes:                       []uint{1, 5, 2, 2, 2},
+			Size:                            size,
+			GridSizes:                       gridSize,
 			CellTextColorChangerColumnIndex: 0,
 			CellTextColorChangerFunc: func(cellValue string) color.Color {
 				if cellValue == "Critical" {

core/pkg/resultshandling/printer/v2/prettyprinter/reposcan.go

@@ -3,6 +3,7 @@ package prettyprinter
 import (
 	"fmt"
 	"os"
+	"path/filepath"
 
 	"github.com/kubescape/kubescape/v3/core/cautils"
 	"github.com/kubescape/kubescape/v3/core/pkg/resultshandling/printer/v2/prettyprinter/tableprinter/configurationprinter"
@@ -77,9 +78,8 @@ func (rp *RepoPrinter) getWorkloadScanCommand(ns, kind, name string, source repo
 	}
 
 	if source.FileType == reporthandling.SourceTypeHelmChart {
-		return fmt.Sprintf("%s --chart-path=%s --file-path=%s", cmd, source.HelmPath, fmt.Sprintf("%s/%s", source.Path, source.RelativePath))
-
+		return fmt.Sprintf("%s --chart-path=%s --file-path=%s", cmd, source.HelmPath, filepath.Join(source.Path, source.RelativePath))
 	} else {
-		return fmt.Sprintf("%s --file-path=%s", cmd, fmt.Sprintf("%s/%s", source.Path, source.RelativePath))
+		return fmt.Sprintf("%s --file-path=%s", cmd, filepath.Join(source.Path, source.RelativePath))
 	}
 }

core/pkg/resultshandling/printer/v2/prettyprinter/reposcan_test.go

@@ -1,6 +1,7 @@
 package prettyprinter
 
 import (
+	"path/filepath"
 	"testing"
 
 	"github.com/kubescape/opa-utils/reporthandling"
@@ -50,7 +51,18 @@ func TestRepoScan_getWorkloadScanCommand(t *testing.T) {
 				Path:         "path",
 				RelativePath: "relativePath",
 			},
-			want: "$ kubescape scan workload kind/name --namespace ns --file-path=path/relativePath",
+			want: "$ kubescape scan workload kind/name --namespace ns --file-path=" + filepath.Join("path", "relativePath"),
+		},
+		{
+			testName: "relative file path",
+			ns:       "ns",
+			kind:     "kind",
+			name:     "name",
+			source: reporthandling.Source{
+				Path:         "",
+				RelativePath: "relativePath",
+			},
+			want: "$ kubescape scan workload kind/name --namespace ns --file-path=relativePath",
 		},
 		{
 			testName: "helm path",
@@ -63,7 +75,7 @@ func TestRepoScan_getWorkloadScanCommand(t *testing.T) {
 				HelmPath:     "helmPath",
 				FileType:     "Helm Chart",
 			},
-			want: "$ kubescape scan workload kind/name --namespace ns --chart-path=helmPath --file-path=path/relativePath",
+			want: "$ kubescape scan workload kind/name --namespace ns --chart-path=helmPath --file-path=" + filepath.Join("path", "relativePath"),
 		},
 		{
 			testName: "file path - no namespace",
@@ -73,7 +85,7 @@ func TestRepoScan_getWorkloadScanCommand(t *testing.T) {
 				Path:         "path",
 				RelativePath: "relativePath",
 			},
-			want: "$ kubescape scan workload kind/name --file-path=path/relativePath",
+			want: "$ kubescape scan workload kind/name --file-path=" + filepath.Join("path", "relativePath"),
 		},
 		{
 			testName: "helm path - no namespace",
@@ -85,7 +97,7 @@ func TestRepoScan_getWorkloadScanCommand(t *testing.T) {
 				HelmPath:     "helmPath",
 				FileType:     "Helm Chart",
 			},
-			want: "$ kubescape scan workload kind/name --chart-path=helmPath --file-path=path/relativePath",
+			want: "$ kubescape scan workload kind/name --chart-path=helmPath --file-path=" + filepath.Join("path", "relativePath"),
 		},
 	}
 

core/pkg/resultshandling/printer/v2/utils.go

@@ -16,7 +16,7 @@ import (
 
 const indicator = "†"
 
-// finalizeV2Report finalize the results objects by copying data from map to lists
+// FinalizeResults finalize the results objects by copying data from map to lists
 func FinalizeResults(data *cautils.OPASessionObj) *reporthandlingv2.PostureReport {
 	report := reporthandlingv2.PostureReport{
 		SummaryDetails:       data.Report.SummaryDetails,

core/pkg/resultshandling/reporter/v2/reporteventreceiver.go

@@ -76,7 +76,7 @@ func (report *ReportEventReceiver) Submit(ctx context.Context, opaSessionObj *ca
 	}
 
 	if err := report.prepareReport(opaSessionObj); err != nil {
-		return fmt.Errorf("failed to submit scan results. url: '%s', reason: %s", report.getReportUrl(), err.Error())
+		return fmt.Errorf("failed to submit scan results. reason: %s", err.Error())
 	}
 
 	logger.L().Debug("", helpers.String("account ID", report.GetAccountID()))
@@ -249,7 +249,7 @@ func (report *ReportEventReceiver) sendReport(postureReport *reporthandlingv2.Po
 			report.tenantConfig.DeleteCredentials()
 		}
 
-		return fmt.Errorf("%s, %v:%s", report.getReportUrl(), err, strResponse)
+		return fmt.Errorf("%w:%s", err, strResponse)
 	}
 
 	// message is taken only from last report

core/pkg/resultshandling/results.go

@@ -146,7 +146,7 @@ func ValidatePrinter(scanType cautils.ScanTypes, scanContext cautils.ScanningCon
 	if printFormat == printer.SARIFFormat {
 		// supported types for SARIF
 		switch scanContext {
-		case cautils.ContextDir, cautils.ContextFile, cautils.ContextGitLocal:
+		case cautils.ContextDir, cautils.ContextFile, cautils.ContextGitLocal, cautils.ContextGitRemote:
 			return nil
 		default:
 			return fmt.Errorf("format \"%s\" is only supported when scanning local files", printFormat)

core/pkg/resultshandling/results_test.go

@@ -14,30 +14,30 @@ import (
 
 type DummyReporter struct{}
 
-func (dr *DummyReporter) Submit(_ context.Context, opaSessionObj *cautils.OPASessionObj) error {
+func (dr *DummyReporter) Submit(_ context.Context, _ *cautils.OPASessionObj) error {
 	return nil
 }
-func (dr *DummyReporter) SetTenantConfig(tenantConfig cautils.ITenantConfig) {}
-func (dr *DummyReporter) DisplayMessage()                                    {}
-func (dr *DummyReporter) GetURL() string                                     { return "" }
+func (dr *DummyReporter) SetTenantConfig(_ cautils.ITenantConfig) {}
+func (dr *DummyReporter) DisplayMessage()                         {}
+func (dr *DummyReporter) GetURL() string                          { return "" }
 
 type SpyPrinter struct {
 	ActionPrintCalls int
 	ScoreCalls       int
 }
 
-func (sp *SpyPrinter) SetWriter(_ context.Context, outputFile string) {}
-func (sp *SpyPrinter) PrintNextSteps()                                {}
-func (sp *SpyPrinter) ActionPrint(_ context.Context, opaSessionObj *cautils.OPASessionObj, _ []cautils.ImageScanData) {
+func (sp *SpyPrinter) SetWriter(_ context.Context, _ string) {}
+func (sp *SpyPrinter) PrintNextSteps()                       {}
+func (sp *SpyPrinter) ActionPrint(_ context.Context, _ *cautils.OPASessionObj, _ []cautils.ImageScanData) {
 	sp.ActionPrintCalls += 1
 }
-func (sp *SpyPrinter) Score(score float32) {
+func (sp *SpyPrinter) Score(_ float32) {
 	sp.ScoreCalls += 1
 }
 
 func TestResultsHandlerHandleResultsPrintsResultsToUI(t *testing.T) {
 	reporter := &DummyReporter{}
-	printers := []printer.IPrinter{}
+	var printers []printer.IPrinter
 	uiPrinter := &SpyPrinter{}
 	fakeScanData := &cautils.OPASessionObj{
 		Report: &reporthandlingv2.PostureReport{
@@ -50,7 +50,8 @@ func TestResultsHandlerHandleResultsPrintsResultsToUI(t *testing.T) {
 	rh := NewResultsHandler(reporter, printers, uiPrinter)
 	rh.SetData(fakeScanData)
 
-	rh.HandleResults(context.TODO())
+	err := rh.HandleResults(context.TODO())
+	assert.NoError(t, err)
 
 	want := 1
 	got := uiPrinter.ActionPrintCalls
@@ -147,12 +148,6 @@ func TestValidatePrinter(t *testing.T) {
 			format:      printer.SARIFFormat,
 			expectErr:   errors.New("format \"sarif\" is only supported when scanning local files"),
 		},
-		{
-			name:        "sarif format for remote url context should return error",
-			scanContext: cautils.ContextGitURL,
-			format:      printer.SARIFFormat,
-			expectErr:   errors.New("format \"sarif\" is only supported when scanning local files"),
-		},
 		{
 			name:        "sarif format for local dir context should not return error",
 			scanContext: cautils.ContextDir,
@@ -240,7 +235,7 @@ func TestNewPrinter(t *testing.T) {
 			version:  defaultVersion,
 		},
 		{
-			name:     "Prettry printer",
+			name:     "Pretty printer",
 			format:   "pretty-printer",
 			viewType: "control",
 			version:  defaultVersion,
@@ -259,8 +254,8 @@ func TestNewPrinter(t *testing.T) {
 				FormatVersion: tt.version,
 				View:          tt.viewType,
 			}
-			printer := NewPrinter(ctx, tt.format, scanInfo, "my-cluster")
-			assert.NotNil(t, printer)
+			p := NewPrinter(ctx, tt.format, scanInfo, "my-cluster")
+			assert.NotNil(t, p)
 		})
 	}
 }

docs/roadmap.md

@@ -14,23 +14,19 @@ The features serve different stages of the workflow of the users:
 The items in the Kubescape roadmap are split into 3 major groups based on the feature planning maturity:
 
 * [Planning](#planning-) - we have tickets open for these issues with a more or less clear vision of design.
-* [Backlog](#backlog-)  -  features that were discussed at a high level but are not ready for development. 
+* [Backlog](#backlog-)  -  features that were discussed at a high level but are not ready for development.
 * [Wishlist](#wishlist-) -  features that we are dreaming of in 😀 and want to push them gradually forward.
 
 
 ## Planning 👷
 
-* ### Storing scan results in cluster
+* ### eBPF based anomaly detection in workloads
 
-  We want the Kubescape scan results (both cluster and image scan) to be stored in the cluster locally as `CRD`s. This will lead to an easier integration with results by other projects as well as with scripting via `kubectl`. Along with this, the image scan based controls will be able to avoid accessing external resources for image vulnerability scan results.
+The introduction of runtime anomaly detection using eBPF (extended Berkeley Packet Filter) events marks an addition to the Kubescape project's development roadmap. This feature aims to leverage the high-performance monitoring capabilities of eBPF to detect abnormal behavior within Kubernetes workloads in real-time. By capturing and analyzing eBPF events, Kubescape will be able to identify deviations from application profiles, such as unexpected network connections, unauthorized process executions, or unusual system calls, which could indicate a security breach. This anomaly detection mechanism is designed to operate with minimal overhead, ensuring that security monitoring does not compromise system performance.
 
-* ### Vulnerability prioritization based on workload file activity
+* ### Enriching Vulnerability scan results with advanced prioritization data sources
 
-  Implementing an eBPF agent (based on Falco or Tracee) which tracks file activity in workloads to prioritize container image vulnerabilities.
-
-* ### Prioritization engine using MITRE Attack matrix based attack chains
-
-  Create a security issue prioritization engine that scores resources based on control based attack chains. All Kubescape controls can be arranged into attack categories of the MITRE Attack matrix. The Attack matrix categories can be connected to each other based on a theoretical attack (ie. you can't have privilege escalation without initial access). Each of the Kubescape controls is to be categorized in these system and Kubescape will calculate a priority score based on the interconnections between failed controls.
+Integrating EPSS (Exploit Prediction Scoring System) and CISA-KEV (Known Exploited Vulnerabilities) metrics into Kubescape's CLI and Operator vulnerability scan results represents a significant enhancement in the project's roadmap. This integration aims to enrich the vulnerability management process by providing more contextual and predictive insights into the security risks associated with Kubernetes clusters. By leveraging EPSS scores, Kubescape will offer predictions on the likelihood of a vulnerability being exploited, enabling users to prioritize remediations based on risk rather than just vulnerability presence. The addition of CISA-KEV metrics further enhances this capability by flagging vulnerabilities that are actively being exploited in the wild, as identified by the Cybersecurity and Infrastructure Security Agency (CISA). This dual approach ensures that Kubescape users are not only informed about the vulnerabilities in their environments but are also equipped with critical information on which vulnerabilities to remediate first, based on their exploitability and active exploitation trends. This strategic enhancement to Kubescape's vulnerability scan results will provide users with a powerful tool for making informed, risk-based security decisions in their Kubernetes environments.
 
 * ### Integration with image registries
 
@@ -39,7 +35,7 @@ The items in the Kubescape roadmap are split into 3 major groups based on the fe
 * ### Kubescape CLI control over cluster operations
 
   Add functionality to Kubescape CLI to trigger operations in Kubescape cluster components (example: trigger image scans, etc.)
-  
+
 * ### Git integration for pull requests
 
   Create insightful GitHub actions for Kubescape.
@@ -91,14 +87,14 @@ The items in the Kubescape roadmap are split into 3 major groups based on the fe
 
 ## Completed features 🎓
 
-* Kubelet configuration validation 
+* Kubelet configuration validation
 * API server configuration validation
-* Image vulnerability scanning based controls 
+* Image vulnerability scanning based controls
 * Assisted remediation (telling where/what to fix)
 * Integration with Prometheus
 * Configuration of controls (customizing rules for a given environment)
 * Installation in the cluster for continuous monitoring
-* Host scanner 
+* Host scanner
 * Cloud vendor API integration
 * Custom exceptions
 * Custom frameworks

go.mod

@@ -6,54 +6,53 @@ toolchain go1.21.6
 
 require (
 	github.com/adrg/xdg v0.4.0
-	github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc
-	github.com/anchore/grype v0.74.2
-	github.com/anchore/stereoscope v0.0.1
-	github.com/anchore/syft v0.101.1
+	github.com/anchore/clio v0.0.0-20240209204744-cb94e40a4f65
+	github.com/anchore/grype v0.77.1
+	github.com/anchore/stereoscope v0.0.3-0.20240423181235-8b297badafd5
+	github.com/anchore/syft v1.3.0
 	github.com/armosec/armoapi-go v0.0.330
 	github.com/armosec/utils-go v0.0.57
 	github.com/armosec/utils-k8s-go v0.0.26
 	github.com/briandowns/spinner v1.23.0
 	github.com/chainguard-dev/git-urls v1.0.2
-	github.com/distribution/distribution v2.8.3+incompatible
-	github.com/docker/distribution v2.8.3+incompatible
+	github.com/distribution/reference v0.6.0
 	github.com/enescakir/emoji v1.0.0
 	github.com/francoispqt/gojay v1.2.13
-	github.com/go-git/go-git/v5 v5.11.0
-	github.com/google/go-containerregistry v0.19.0
+	github.com/go-git/go-git/v5 v5.12.0
+	github.com/google/go-containerregistry v0.19.1
 	github.com/google/uuid v1.6.0
 	github.com/johnfercher/maroto v1.0.0
 	github.com/json-iterator/go v1.1.12
 	github.com/jwalton/gchalk v1.3.0
-	github.com/kubescape/backend v0.0.19
-	github.com/kubescape/go-git-url v0.0.28
+	github.com/kubescape/backend v0.0.20
+	github.com/kubescape/go-git-url v0.0.30
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.161
-	github.com/kubescape/opa-utils v0.0.278
+	github.com/kubescape/k8s-interface v0.0.166
+	github.com/kubescape/opa-utils v0.0.281
 	github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520
-	github.com/kubescape/regolibrary v1.0.315
+	github.com/kubescape/regolibrary/v2 v2.0.1
 	github.com/maruel/natural v1.1.1
 	github.com/matthyx/go-gitlog v0.0.0-20231005131906-9ffabe3c5bcd
 	github.com/mattn/go-isatty v0.0.20
 	github.com/mikefarah/yq/v4 v4.29.1
 	github.com/olekukonko/tablewriter v0.0.6-0.20230417144759-edd1a71a5576
-	github.com/open-policy-agent/opa v0.61.0
+	github.com/open-policy-agent/opa v0.63.0
 	github.com/owenrumney/go-sarif/v2 v2.2.0
 	github.com/project-copacetic/copacetic v0.0.0-00010101000000-000000000000
 	github.com/schollz/progressbar/v3 v3.13.0
-	github.com/sergi/go-diff v1.3.1
-	github.com/sigstore/cosign/v2 v2.2.3
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3
+	github.com/sigstore/cosign/v2 v2.2.4
 	github.com/sirupsen/logrus v1.9.3
 	github.com/spf13/cobra v1.8.0
-	github.com/stretchr/testify v1.8.4
-	go.opentelemetry.io/otel v1.22.0
-	go.opentelemetry.io/otel/metric v1.22.0
+	github.com/stretchr/testify v1.9.0
+	go.opentelemetry.io/otel v1.24.0
+	go.opentelemetry.io/otel/metric v1.24.0
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
-	golang.org/x/mod v0.15.0
-	golang.org/x/term v0.17.0
+	golang.org/x/mod v0.17.0
+	golang.org/x/term v0.19.0
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.14.2
+	helm.sh/helm/v3 v3.14.4
 	k8s.io/api v0.29.2
 	k8s.io/apimachinery v0.29.2
 	k8s.io/client-go v0.29.2
@@ -65,21 +64,21 @@ require (
 require github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 
 require (
-	cloud.google.com/go v0.111.0 // indirect
-	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go v0.112.1 // indirect
+	cloud.google.com/go/compute v1.25.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/container v1.29.0 // indirect
-	cloud.google.com/go/iam v1.1.5 // indirect
-	cloud.google.com/go/storage v1.35.1 // indirect
+	cloud.google.com/go/container v1.33.0 // indirect
+	cloud.google.com/go/iam v1.1.6 // indirect
+	cloud.google.com/go/storage v1.39.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect
@@ -91,10 +90,10 @@ require (
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect
-	github.com/DataDog/zstd v1.4.5 // indirect
+	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
@@ -102,7 +101,7 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.11.4 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/a8m/envsubst v1.3.0 // indirect
 	github.com/acobaugh/osrelease v0.1.0 // indirect
@@ -120,11 +119,12 @@ require (
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/aliyun/credentials-go v1.3.1 // indirect
 	github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b // indirect
+	github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 // indirect
 	github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 // indirect
-	github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 // indirect
+	github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/antchfx/xmlquery v1.3.17 // indirect
 	github.com/antchfx/xpath v1.2.4 // indirect
@@ -135,24 +135,24 @@ require (
 	github.com/aquasecurity/trivy-db v0.0.0-20230726112157-167ba4f2faeb // indirect
 	github.com/armosec/gojay v1.2.15 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.50.0 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
+	github.com/aws/aws-sdk-go v1.51.6 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.26.0 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.9 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.9 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 // indirect
+	github.com/aws/smithy-go v1.20.1 // indirect
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
@@ -168,22 +168,22 @@ require (
 	github.com/cenkalti/backoff v2.2.1+incompatible // indirect
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
-	github.com/charmbracelet/lipgloss v0.9.1 // indirect
+	github.com/charmbracelet/lipgloss v0.10.0 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect
-	github.com/containerd/containerd v1.7.12 // indirect
+	github.com/containerd/containerd v1.7.14 // indirect
 	github.com/containerd/continuity v0.4.2 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
-	github.com/containerd/ttrpc v1.2.2 // indirect
+	github.com/containerd/ttrpc v1.2.3 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
-	github.com/coreos/go-oidc/v3 v3.9.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.10.0 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/cpuguy83/go-docker v0.2.1 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
@@ -193,9 +193,10 @@ require (
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
 	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/cli v24.0.7+incompatible // indirect
-	github.com/docker/docker v25.0.1+incompatible // indirect
+	github.com/distribution/distribution v2.8.2+incompatible // indirect
+	github.com/docker/cli v26.1.0+incompatible // indirect
+	github.com/docker/distribution v2.8.3+incompatible // indirect
+	github.com/docker/docker v26.1.0+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
@@ -204,6 +205,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/edsrzf/mmap-go v1.1.0 // indirect
 	github.com/elliotchance/orderedmap v1.5.0 // indirect
+	github.com/elliotchance/phpserialize v1.4.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
@@ -215,26 +217,27 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/github/go-spdx/v2 v2.2.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
-	github.com/glebarez/sqlite v1.10.0 // indirect
+	github.com/glebarez/sqlite v1.11.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
 	github.com/go-gota/gota v0.12.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.22.0 // indirect
-	github.com/go-openapi/errors v0.21.0 // indirect
-	github.com/go-openapi/jsonpointer v0.20.2 // indirect
-	github.com/go-openapi/jsonreference v0.20.4 // indirect
-	github.com/go-openapi/loads v0.21.5 // indirect
-	github.com/go-openapi/runtime v0.27.1 // indirect
-	github.com/go-openapi/spec v0.20.13 // indirect
-	github.com/go-openapi/strfmt v0.22.0 // indirect
-	github.com/go-openapi/swag v0.22.9 // indirect
-	github.com/go-openapi/validate v0.22.4 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/errors v0.22.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/runtime v0.28.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/go-piv/piv-go v1.11.0 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
 	github.com/go-test/deep v1.1.0 // indirect
@@ -245,29 +248,29 @@ require (
 	github.com/gogo/googleapis v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/certificate-transparency-go v1.1.7 // indirect
+	github.com/google/certificate-transparency-go v1.1.8 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
 	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licensecheck v0.3.1 // indirect
-	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
+	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/gorilla/mux v1.8.1 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.3 // indirect
+	github.com/hashicorp/go-getter v1.7.4 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
@@ -289,12 +292,12 @@ require (
 	github.com/jwalton/go-supportscolor v1.1.0 // indirect
 	github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect
 	github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 // indirect
 	github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075 // indirect
-	github.com/knqyf263/go-rpmdb v0.0.0-20230517124904-b97c85e63254 // indirect
+	github.com/knqyf263/go-rpmdb v0.1.0 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
@@ -303,7 +306,6 @@ require (
 	github.com/masahiro331/go-mvn-version v0.0.0-20210429150710-d3157d602a08 // indirect
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
 	github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect
@@ -316,10 +318,11 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/buildkit v0.12.5 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/mountinfo v0.7.1 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
 	github.com/moby/sys/user v0.1.0 // indirect
@@ -332,13 +335,14 @@ require (
 	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/nwaples/rardecode v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/olvrng/ujson v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/opencontainers/runtime-spec v1.1.0 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
@@ -356,39 +360,39 @@ require (
 	github.com/pkg/profile v1.7.0 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pquerna/cachecontrol v0.2.0 // indirect
-	github.com/prometheus/client_golang v1.18.0 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/client_golang v1.19.0 // indirect
+	github.com/prometheus/client_model v0.6.0 // indirect
+	github.com/prometheus/common v0.51.1 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 // indirect
-	github.com/saferwall/pe v1.4.8 // indirect
+	github.com/saferwall/pe v1.5.2 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
 	github.com/samber/lo v1.38.1 // indirect
-	github.com/sassoftware/go-rpmutils v0.2.0 // indirect
+	github.com/sassoftware/go-rpmutils v0.3.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sigstore/fulcio v1.4.3 // indirect
-	github.com/sigstore/rekor v1.3.4 // indirect
-	github.com/sigstore/sigstore v1.8.1 // indirect
-	github.com/sigstore/timestamp-authority v1.2.1 // indirect
-	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/sigstore/fulcio v1.4.5 // indirect
+	github.com/sigstore/rekor v1.3.6 // indirect
+	github.com/sigstore/sigstore v1.8.3 // indirect
+	github.com/sigstore/timestamp-authority v1.2.2 // indirect
+	github.com/skeema/knownhosts v1.2.2 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spdx/tools-golang v0.5.3 // indirect
+	github.com/spdx/tools-golang v0.5.4 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/spf13/viper v1.18.2 // indirect
-	github.com/spiffe/go-spiffe/v2 v2.1.7 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.2.0 // indirect
 	github.com/stripe/stripe-go/v74 v74.28.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/sylabs/sif/v2 v2.11.5 // indirect
@@ -414,7 +418,7 @@ require (
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
 	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b // indirect
 	github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
-	github.com/xanzy/go-gitlab v0.96.0 // indirect
+	github.com/xanzy/go-gitlab v0.102.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -425,56 +429,55 @@ require (
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	github.com/zclconf/go-cty v1.14.0 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
-	go.mongodb.org/mongo-driver v1.13.1 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.22.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.24.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v0.41.0 // indirect
-	go.opentelemetry.io/otel/trace v1.22.0 // indirect
+	go.opentelemetry.io/otel/trace v1.24.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
-	go.step.sm/crypto v0.42.1 // indirect
+	go.step.sm/crypto v0.44.2 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.19.0 // indirect
-	golang.org/x/net v0.21.0 // indirect
-	golang.org/x/oauth2 v0.16.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.18.0 // indirect
+	golang.org/x/tools v0.19.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gonum.org/v1/gonum v0.9.1 // indirect
-	google.golang.org/api v0.159.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
-	google.golang.org/grpc v1.61.0 // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
-	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
+	google.golang.org/api v0.172.0 // indirect
+	google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	google.golang.org/grpc v1.62.1 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	gorm.io/gorm v1.25.5 // indirect
+	gorm.io/gorm v1.25.10 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
-	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
-	modernc.org/libc v1.29.0 // indirect
+	modernc.org/libc v1.49.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
-	modernc.org/memory v1.7.2 // indirect
-	modernc.org/sqlite v1.28.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/sqlite v1.29.8 // indirect
 	sigs.k8s.io/controller-runtime v0.15.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/release-utils v0.7.7 // indirect
@@ -488,6 +491,8 @@ replace github.com/olekukonko/tablewriter => github.com/kubescape/tablewriter v0
 // TODO(anubhav06): Remove this once we have a release of copacetic with the support for patching kubescape image scan results.
 replace github.com/project-copacetic/copacetic => github.com/anubhav06/copacetic v0.0.0-20230821175613-0a7915a62e10
 
-replace github.com/anchore/stereoscope => github.com/matthyx/stereoscope v0.0.0-20240227133833-a9e97778940b
+replace github.com/anchore/stereoscope => github.com/matthyx/stereoscope v0.0.0-20240426103125-b762a3538c32
 
 replace github.com/google/go-containerregistry => github.com/matthyx/go-containerregistry v0.0.0-20240227132928-63ceb71ae0b9
+
+replace github.com/docker/distribution v2.8.3+incompatible => github.com/docker/distribution v2.8.2+incompatible

httphandler/go.mod

@@ -10,55 +10,54 @@ require (
 	github.com/armosec/armoapi-go v0.0.330
 	github.com/armosec/utils-go v0.0.57
 	github.com/armosec/utils-k8s-go v0.0.26
-	github.com/go-openapi/runtime v0.27.1
+	github.com/go-openapi/runtime v0.28.0
 	github.com/google/uuid v1.6.0
 	github.com/gorilla/mux v1.8.1
 	github.com/gorilla/schema v1.2.0
-	github.com/kubescape/backend v0.0.19
+	github.com/kubescape/backend v0.0.20
 	github.com/kubescape/go-logger v0.0.22
-	github.com/kubescape/k8s-interface v0.0.161
+	github.com/kubescape/k8s-interface v0.0.166
 	github.com/kubescape/kubescape/v3 v3.0.4
-	github.com/kubescape/opa-utils v0.0.278
+	github.com/kubescape/opa-utils v0.0.281
 	github.com/kubescape/storage v0.0.20
 	github.com/spf13/viper v1.18.2
-	github.com/stretchr/testify v1.8.4
+	github.com/stretchr/testify v1.9.0
 	go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux v0.45.0
-	go.opentelemetry.io/otel v1.22.0
+	go.opentelemetry.io/otel v1.24.0
 	k8s.io/apimachinery v0.29.2
 	k8s.io/client-go v0.29.2
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b
 )
 
 require (
-	go.opentelemetry.io/otel/trace v1.22.0
+	go.opentelemetry.io/otel/trace v1.24.0
 	go.uber.org/multierr v1.11.0 // indirect
 	go.uber.org/zap v1.27.0 // indirect
-	golang.org/x/crypto v0.19.0 // indirect
+	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/exp v0.0.0-20240222234643-814bf88cf225
-	golang.org/x/mod v0.15.0 // indirect
-	golang.org/x/net v0.21.0 // indirect
-	golang.org/x/oauth2 v0.16.0 // indirect
-	google.golang.org/appengine v1.6.8 // indirect
-	google.golang.org/genproto v0.0.0-20240102182953-50ed04b92917 // indirect
-	google.golang.org/grpc v1.61.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
+	golang.org/x/net v0.24.0 // indirect
+	golang.org/x/oauth2 v0.19.0 // indirect
+	google.golang.org/genproto v0.0.0-20240311173647-c811ad7063a7 // indirect
+	google.golang.org/grpc v1.62.1 // indirect
 )
 
 require (
-	cloud.google.com/go v0.111.0 // indirect
-	cloud.google.com/go/compute v1.23.3 // indirect
+	cloud.google.com/go v0.112.1 // indirect
+	cloud.google.com/go/compute v1.25.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
-	cloud.google.com/go/container v1.29.0 // indirect
-	cloud.google.com/go/iam v1.1.5 // indirect
-	cloud.google.com/go/storage v1.35.1 // indirect
+	cloud.google.com/go/container v1.33.0 // indirect
+	cloud.google.com/go/iam v1.1.6 // indirect
+	cloud.google.com/go/storage v1.39.1 // indirect
 	dario.cat/mergo v1.0.0 // indirect
 	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/AdaLogics/go-fuzz-headers v0.0.0-20230811130428-ced1acdcaa24 // indirect
 	github.com/AdamKorcz/go-118-fuzz-build v0.0.0-20230306123547-8075edf89bb0 // indirect
 	github.com/AliyunContainerService/ack-ram-tool/pkg/credentials/alibabacloudsdkgo/helper v0.2.0 // indirect
 	github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.10.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.1 // indirect
-	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 // indirect
+	github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/authorization/armauthorization/v2 v2.1.1 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/containerservice/armcontainerservice/v2 v2.4.0 // indirect
@@ -70,10 +69,10 @@ require (
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/logger v0.2.1 // indirect
 	github.com/Azure/go-autorest/tracing v0.6.0 // indirect
-	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.1 // indirect
+	github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect
 	github.com/BurntSushi/toml v1.3.2 // indirect
 	github.com/CycloneDX/cyclonedx-go v0.8.0 // indirect
-	github.com/DataDog/zstd v1.4.5 // indirect
+	github.com/DataDog/zstd v1.5.5 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
 	github.com/Masterminds/semver v1.5.0 // indirect
 	github.com/Masterminds/semver/v3 v3.2.1 // indirect
@@ -81,7 +80,7 @@ require (
 	github.com/Microsoft/go-winio v0.6.1 // indirect
 	github.com/Microsoft/hcsshim v0.11.4 // indirect
 	github.com/OneOfOne/xxhash v1.2.8 // indirect
-	github.com/ProtonMail/go-crypto v0.0.0-20230923063757-afb1ddc0824c // indirect
+	github.com/ProtonMail/go-crypto v1.0.0 // indirect
 	github.com/ThalesIgnite/crypto11 v1.2.5 // indirect
 	github.com/a8m/envsubst v1.3.0 // indirect
 	github.com/acobaugh/osrelease v0.1.0 // indirect
@@ -99,16 +98,17 @@ require (
 	github.com/alibabacloud-go/tea-utils v1.4.5 // indirect
 	github.com/alibabacloud-go/tea-xml v1.1.3 // indirect
 	github.com/aliyun/credentials-go v1.3.1 // indirect
-	github.com/anchore/clio v0.0.0-20231016125544-c98a83e1c7fc // indirect
+	github.com/anchore/clio v0.0.0-20240209204744-cb94e40a4f65 // indirect
 	github.com/anchore/fangs v0.0.0-20231201140849-5075d28d6d8b // indirect
+	github.com/anchore/go-collections v0.0.0-20240216171411-9321230ce537 // indirect
 	github.com/anchore/go-logger v0.0.0-20230725134548-c21dafa1ec5a // indirect
 	github.com/anchore/go-macholibre v0.0.0-20220308212642-53e6d0aaf6fb // indirect
 	github.com/anchore/go-struct-converter v0.0.0-20221118182256-c68fdcfa2092 // indirect
 	github.com/anchore/go-version v1.2.2-0.20210903204242-51efa5b487c4 // indirect
-	github.com/anchore/grype v0.74.2 // indirect
-	github.com/anchore/packageurl-go v0.1.1-0.20230104203445-02e0a6721501 // indirect
-	github.com/anchore/stereoscope v0.0.1 // indirect
-	github.com/anchore/syft v0.101.1 // indirect
+	github.com/anchore/grype v0.77.1 // indirect
+	github.com/anchore/packageurl-go v0.1.1-0.20240312213626-055233e539b4 // indirect
+	github.com/anchore/stereoscope v0.0.3-0.20240423181235-8b297badafd5 // indirect
+	github.com/anchore/syft v1.3.0 // indirect
 	github.com/andybalholm/brotli v1.0.4 // indirect
 	github.com/antchfx/xmlquery v1.3.17 // indirect
 	github.com/antchfx/xpath v1.2.4 // indirect
@@ -119,24 +119,24 @@ require (
 	github.com/aquasecurity/trivy-db v0.0.0-20230726112157-167ba4f2faeb // indirect
 	github.com/armosec/gojay v1.2.15 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.50.0 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.24.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.26.6 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.16.16 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.14.11 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.2.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.5.10 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.7.3 // indirect
+	github.com/aws/aws-sdk-go v1.51.6 // indirect
+	github.com/aws/aws-sdk-go-v2 v1.26.0 // indirect
+	github.com/aws/aws-sdk-go-v2/config v1.27.9 // indirect
+	github.com/aws/aws-sdk-go-v2/credentials v1.17.9 // indirect
+	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.16.0 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/configsources v1.3.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.6.4 // indirect
+	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.0 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecr v1.20.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/ecrpublic v1.18.2 // indirect
 	github.com/aws/aws-sdk-go-v2/service/eks v1.28.1 // indirect
 	github.com/aws/aws-sdk-go-v2/service/iam v1.21.1 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.10.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.10.10 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.18.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.21.7 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.26.7 // indirect
-	github.com/aws/smithy-go v1.19.0 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.11.1 // indirect
+	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.11.6 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sso v1.20.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.23.3 // indirect
+	github.com/aws/aws-sdk-go-v2/service/sts v1.28.5 // indirect
+	github.com/aws/smithy-go v1.20.1 // indirect
 	github.com/awslabs/amazon-ecr-credential-helper/ecr-login v0.0.0-20231024185945-8841054dbdb8 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
@@ -154,22 +154,22 @@ require (
 	github.com/cenkalti/backoff/v4 v4.2.1 // indirect
 	github.com/cespare/xxhash/v2 v2.2.0 // indirect
 	github.com/chainguard-dev/git-urls v1.0.2 // indirect
-	github.com/charmbracelet/lipgloss v0.9.1 // indirect
+	github.com/charmbracelet/lipgloss v0.10.0 // indirect
 	github.com/chrismellard/docker-credential-acr-env v0.0.0-20230304212654-82a0ddb27589 // indirect
 	github.com/clbanning/mxj/v2 v2.7.0 // indirect
 	github.com/cloudflare/circl v1.3.7 // indirect
 	github.com/common-nighthawk/go-figure v0.0.0-20210622060536-734e95fb86be // indirect
 	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/console v1.0.4-0.20230313162750-1ae8d489ac81 // indirect
-	github.com/containerd/containerd v1.7.12 // indirect
+	github.com/containerd/containerd v1.7.14 // indirect
 	github.com/containerd/continuity v0.4.2 // indirect
 	github.com/containerd/fifo v1.1.0 // indirect
 	github.com/containerd/log v0.1.0 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
-	github.com/containerd/ttrpc v1.2.2 // indirect
+	github.com/containerd/ttrpc v1.2.3 // indirect
 	github.com/containerd/typeurl/v2 v2.1.1 // indirect
 	github.com/coreos/go-oidc v2.2.1+incompatible // indirect
-	github.com/coreos/go-oidc/v3 v3.9.0 // indirect
+	github.com/coreos/go-oidc/v3 v3.10.0 // indirect
 	github.com/cpuguy83/dockercfg v0.3.1 // indirect
 	github.com/cpuguy83/go-docker v0.2.1 // indirect
 	github.com/cyberphone/json-canonicalization v0.0.0-20231011164504-785e29786b46 // indirect
@@ -179,11 +179,11 @@ require (
 	github.com/digitorus/pkcs7 v0.0.0-20230818184609-3a137a874352 // indirect
 	github.com/digitorus/timestamp v0.0.0-20231217203849-220c5c2851b7 // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/distribution/distribution v2.8.3+incompatible // indirect
-	github.com/distribution/reference v0.5.0 // indirect
-	github.com/docker/cli v24.0.7+incompatible // indirect
+	github.com/distribution/distribution v2.8.2+incompatible // indirect
+	github.com/distribution/reference v0.6.0 // indirect
+	github.com/docker/cli v26.1.0+incompatible // indirect
 	github.com/docker/distribution v2.8.3+incompatible // indirect
-	github.com/docker/docker v25.0.1+incompatible // indirect
+	github.com/docker/docker v26.1.0+incompatible // indirect
 	github.com/docker/docker-credential-helpers v0.8.0 // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-events v0.0.0-20190806004212-e31b211e4f1c // indirect
@@ -192,6 +192,7 @@ require (
 	github.com/dustin/go-humanize v1.0.1 // indirect
 	github.com/edsrzf/mmap-go v1.1.0 // indirect
 	github.com/elliotchance/orderedmap v1.5.0 // indirect
+	github.com/elliotchance/phpserialize v1.4.0 // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/emirpasic/gods v1.18.1 // indirect
 	github.com/enescakir/emoji v1.0.0 // indirect
@@ -205,26 +206,27 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/github/go-spdx/v2 v2.2.0 // indirect
 	github.com/glebarez/go-sqlite v1.21.2 // indirect
-	github.com/glebarez/sqlite v1.10.0 // indirect
+	github.com/glebarez/sqlite v1.11.0 // indirect
 	github.com/go-chi/chi v4.1.2+incompatible // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
 	github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect
 	github.com/go-git/go-billy/v5 v5.5.0 // indirect
-	github.com/go-git/go-git/v5 v5.11.0 // indirect
+	github.com/go-git/go-git/v5 v5.12.0 // indirect
 	github.com/go-gota/gota v0.12.0 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
-	github.com/go-jose/go-jose/v3 v3.0.1 // indirect
+	github.com/go-jose/go-jose/v3 v3.0.3 // indirect
+	github.com/go-jose/go-jose/v4 v4.0.1 // indirect
 	github.com/go-logr/logr v1.4.1 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
-	github.com/go-openapi/analysis v0.22.0 // indirect
-	github.com/go-openapi/errors v0.21.0 // indirect
-	github.com/go-openapi/jsonpointer v0.20.2 // indirect
-	github.com/go-openapi/jsonreference v0.20.4 // indirect
-	github.com/go-openapi/loads v0.21.5 // indirect
-	github.com/go-openapi/spec v0.20.13 // indirect
-	github.com/go-openapi/strfmt v0.22.0 // indirect
-	github.com/go-openapi/swag v0.22.9 // indirect
-	github.com/go-openapi/validate v0.22.4 // indirect
+	github.com/go-openapi/analysis v0.23.0 // indirect
+	github.com/go-openapi/errors v0.22.0 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
+	github.com/go-openapi/jsonreference v0.21.0 // indirect
+	github.com/go-openapi/loads v0.22.0 // indirect
+	github.com/go-openapi/spec v0.21.0 // indirect
+	github.com/go-openapi/strfmt v0.23.0 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
+	github.com/go-openapi/validate v0.24.0 // indirect
 	github.com/go-piv/piv-go v1.11.0 // indirect
 	github.com/go-restruct/restruct v1.2.0-alpha // indirect
 	github.com/go-test/deep v1.1.0 // indirect
@@ -235,30 +237,30 @@ require (
 	github.com/gogo/googleapis v1.4.1 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v4 v4.5.0 // indirect
-	github.com/golang-jwt/jwt/v5 v5.2.0 // indirect
+	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
-	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
-	github.com/google/certificate-transparency-go v1.1.7 // indirect
+	github.com/google/certificate-transparency-go v1.1.8 // indirect
 	github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
 	github.com/google/go-cmp v0.6.0 // indirect
-	github.com/google/go-containerregistry v0.19.0 // indirect
+	github.com/google/go-containerregistry v0.19.1 // indirect
 	github.com/google/go-github/v55 v55.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
 	github.com/google/licensecheck v0.3.1 // indirect
-	github.com/google/pprof v0.0.0-20231023181126-ff6d637d2a7b // indirect
+	github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect
 	github.com/google/s2a-go v0.1.7 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect
-	github.com/googleapis/gax-go/v2 v2.12.0 // indirect
+	github.com/googleapis/gax-go/v2 v2.12.3 // indirect
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 // indirect
-	github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.0 // indirect
+	github.com/grpc-ecosystem/grpc-gateway/v2 v2.19.1 // indirect
 	github.com/hako/durafmt v0.0.0-20210608085754-5c1018a4e16b // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-getter v1.7.3 // indirect
+	github.com/hashicorp/go-getter v1.7.4 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.5 // indirect
 	github.com/hashicorp/go-safetemp v1.0.0 // indirect
@@ -283,15 +285,15 @@ require (
 	github.com/jwalton/go-supportscolor v1.1.0 // indirect
 	github.com/kastenhq/goversion v0.0.0-20230811215019-93b2f8823953 // indirect
 	github.com/kevinburke/ssh_config v1.2.0 // indirect
-	github.com/klauspost/compress v1.17.2 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
 	github.com/klauspost/pgzip v1.2.6 // indirect
 	github.com/knqyf263/go-apk-version v0.0.0-20200609155635-041fdbb8563f // indirect
 	github.com/knqyf263/go-deb-version v0.0.0-20230223133812-3ed183d23422 // indirect
 	github.com/knqyf263/go-rpm-version v0.0.0-20220614171824-631e686d1075 // indirect
-	github.com/knqyf263/go-rpmdb v0.0.0-20230517124904-b97c85e63254 // indirect
-	github.com/kubescape/go-git-url v0.0.28 // indirect
+	github.com/knqyf263/go-rpmdb v0.1.0 // indirect
+	github.com/kubescape/go-git-url v0.0.30 // indirect
 	github.com/kubescape/rbac-utils v0.0.21-0.20230806101615-07e36f555520 // indirect
-	github.com/kubescape/regolibrary v1.0.315 // indirect
+	github.com/kubescape/regolibrary/v2 v2.0.1 // indirect
 	github.com/kylelemons/godebug v1.1.0 // indirect
 	github.com/letsencrypt/boulder v0.0.0-20231026200631-000cd05d5491 // indirect
 	github.com/lucasb-eyer/go-colorful v1.2.0 // indirect
@@ -303,7 +305,6 @@ require (
 	github.com/mattn/go-colorable v0.1.13 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
 	github.com/mattn/go-runewidth v0.0.15 // indirect
-	github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect
 	github.com/mgutz/ansi v0.0.0-20200706080929-d51e80ef957d // indirect
 	github.com/mholt/archiver/v3 v3.5.1 // indirect
 	github.com/microsoft/go-rustaudit v0.0.0-20220808201409-204dfee52032 // indirect
@@ -317,10 +318,11 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/buildkit v0.12.5 // indirect
+	github.com/moby/docker-image-spec v1.3.1 // indirect
 	github.com/moby/locker v1.0.1 // indirect
 	github.com/moby/patternmatcher v0.5.0 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/sys/mountinfo v0.6.2 // indirect
+	github.com/moby/sys/mountinfo v0.7.1 // indirect
 	github.com/moby/sys/sequential v0.5.0 // indirect
 	github.com/moby/sys/signal v0.7.0 // indirect
 	github.com/moby/sys/user v0.1.0 // indirect
@@ -333,15 +335,16 @@ require (
 	github.com/muesli/termenv v0.15.2 // indirect
 	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
+	github.com/ncruces/go-strftime v0.1.9 // indirect
 	github.com/nozzle/throttler v0.0.0-20180817012639-2ea982251481 // indirect
 	github.com/nwaples/rardecode v1.1.0 // indirect
 	github.com/oklog/ulid v1.3.1 // indirect
 	github.com/oleiade/reflections v1.0.1 // indirect
 	github.com/olekukonko/tablewriter v0.0.6-0.20230417144759-edd1a71a5576 // indirect
 	github.com/olvrng/ujson v1.1.0 // indirect
-	github.com/open-policy-agent/opa v0.61.0 // indirect
+	github.com/open-policy-agent/opa v0.63.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.1.0-rc5 // indirect
+	github.com/opencontainers/image-spec v1.1.0 // indirect
 	github.com/opencontainers/runtime-spec v1.1.0 // indirect
 	github.com/opencontainers/selinux v1.11.0 // indirect
 	github.com/opentracing/opentracing-go v1.2.0 // indirect
@@ -361,43 +364,43 @@ require (
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
 	github.com/pquerna/cachecontrol v0.2.0 // indirect
 	github.com/project-copacetic/copacetic v0.0.0-00010101000000-000000000000 // indirect
-	github.com/prometheus/client_golang v1.18.0 // indirect
-	github.com/prometheus/client_model v0.5.0 // indirect
-	github.com/prometheus/common v0.45.0 // indirect
+	github.com/prometheus/client_golang v1.19.0 // indirect
+	github.com/prometheus/client_model v0.6.0 // indirect
+	github.com/prometheus/common v0.51.1 // indirect
 	github.com/prometheus/procfs v0.12.0 // indirect
 	github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
-	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/ruudk/golang-pdf417 v0.0.0-20201230142125-a7e3863a1245 // indirect
-	github.com/saferwall/pe v1.4.8 // indirect
+	github.com/saferwall/pe v1.5.2 // indirect
 	github.com/sagikazarmark/locafero v0.4.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
 	github.com/saintfish/chardet v0.0.0-20230101081208-5e3ef4b5456d // indirect
 	github.com/samber/lo v1.38.1 // indirect
-	github.com/sassoftware/go-rpmutils v0.2.0 // indirect
+	github.com/sassoftware/go-rpmutils v0.3.0 // indirect
 	github.com/sassoftware/relic v7.2.1+incompatible // indirect
 	github.com/schollz/progressbar/v3 v3.13.0 // indirect
 	github.com/scylladb/go-set v1.0.3-0.20200225121959-cc7b2070d91e // indirect
 	github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
-	github.com/sergi/go-diff v1.3.1 // indirect
+	github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect
 	github.com/shibumi/go-pathspec v1.3.0 // indirect
 	github.com/shopspring/decimal v1.3.1 // indirect
-	github.com/sigstore/cosign/v2 v2.2.3 // indirect
-	github.com/sigstore/fulcio v1.4.3 // indirect
-	github.com/sigstore/rekor v1.3.4 // indirect
-	github.com/sigstore/sigstore v1.8.1 // indirect
-	github.com/sigstore/timestamp-authority v1.2.1 // indirect
+	github.com/sigstore/cosign/v2 v2.2.4 // indirect
+	github.com/sigstore/fulcio v1.4.5 // indirect
+	github.com/sigstore/rekor v1.3.6 // indirect
+	github.com/sigstore/sigstore v1.8.3 // indirect
+	github.com/sigstore/timestamp-authority v1.2.2 // indirect
 	github.com/sirupsen/logrus v1.9.3 // indirect
-	github.com/skeema/knownhosts v1.2.1 // indirect
+	github.com/skeema/knownhosts v1.2.2 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
-	github.com/spdx/tools-golang v0.5.3 // indirect
+	github.com/spdx/tools-golang v0.5.4 // indirect
 	github.com/spf13/afero v1.11.0 // indirect
 	github.com/spf13/cast v1.6.0 // indirect
 	github.com/spf13/cobra v1.8.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
-	github.com/spiffe/go-spiffe/v2 v2.1.7 // indirect
+	github.com/spiffe/go-spiffe/v2 v2.2.0 // indirect
 	github.com/stripe/stripe-go/v74 v74.28.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/sylabs/sif/v2 v2.11.5 // indirect
@@ -423,7 +426,7 @@ require (
 	github.com/wagoodman/go-partybus v0.0.0-20230516145632-8ccac152c651 // indirect
 	github.com/wagoodman/go-presenter v0.0.0-20211015174752-f9c01afc824b // indirect
 	github.com/wagoodman/go-progress v0.0.0-20230925121702-07e42b3cdba0 // indirect
-	github.com/xanzy/go-gitlab v0.96.0 // indirect
+	github.com/xanzy/go-gitlab v0.102.0 // indirect
 	github.com/xanzy/ssh-agent v0.3.3 // indirect
 	github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect
 	github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
@@ -434,36 +437,36 @@ require (
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	github.com/zclconf/go-cty v1.14.0 // indirect
 	github.com/zeebo/errs v1.3.0 // indirect
-	go.mongodb.org/mongo-driver v1.13.1 // indirect
+	go.mongodb.org/mongo-driver v1.14.0 // indirect
 	go.mozilla.org/pkcs7 v0.0.0-20210826202110-33d05740a352 // indirect
 	go.opencensus.io v0.24.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.47.0 // indirect
-	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.47.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.49.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.49.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/runtime v0.44.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric v0.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.41.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.22.0 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.22.0 // indirect
 	go.opentelemetry.io/otel/exporters/stdout/stdouttrace v1.18.0 // indirect
-	go.opentelemetry.io/otel/metric v1.22.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.22.0 // indirect
+	go.opentelemetry.io/otel/metric v1.24.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.24.0 // indirect
 	go.opentelemetry.io/otel/sdk/metric v0.41.0 // indirect
 	go.opentelemetry.io/proto/otlp v1.0.0 // indirect
 	go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect
-	go.step.sm/crypto v0.42.1 // indirect
-	golang.org/x/sync v0.6.0 // indirect
-	golang.org/x/sys v0.17.0 // indirect
-	golang.org/x/term v0.17.0 // indirect
+	go.step.sm/crypto v0.44.2 // indirect
+	golang.org/x/sync v0.7.0 // indirect
+	golang.org/x/sys v0.19.0 // indirect
+	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.18.0 // indirect
+	golang.org/x/tools v0.19.0 // indirect
 	golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
 	gonum.org/v1/gonum v0.9.1 // indirect
-	google.golang.org/api v0.159.0 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20240102182953-50ed04b92917 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240116215550-a9fa1716bcac // indirect
-	google.golang.org/protobuf v1.32.0 // indirect
-	gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
+	google.golang.org/api v0.172.0 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20240311173647-c811ad7063a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/go-jose/go-jose.v2 v2.6.3 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect
@@ -471,16 +474,16 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
-	gorm.io/gorm v1.25.5 // indirect
-	helm.sh/helm/v3 v3.14.2 // indirect
+	gorm.io/gorm v1.25.10 // indirect
+	helm.sh/helm/v3 v3.14.4 // indirect
 	k8s.io/api v0.29.2 // indirect
 	k8s.io/apiextensions-apiserver v0.29.0 // indirect
-	k8s.io/klog/v2 v2.110.1 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
-	modernc.org/libc v1.29.0 // indirect
+	modernc.org/libc v1.49.3 // indirect
 	modernc.org/mathutil v1.6.0 // indirect
-	modernc.org/memory v1.7.2 // indirect
-	modernc.org/sqlite v1.28.0 // indirect
+	modernc.org/memory v1.8.0 // indirect
+	modernc.org/sqlite v1.29.8 // indirect
 	sigs.k8s.io/controller-runtime v0.15.0 // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
 	sigs.k8s.io/kustomize/api v0.13.5-0.20230601165947-6ce0bf390ce3 // indirect
@@ -495,3 +498,5 @@ replace github.com/olekukonko/tablewriter => github.com/kubescape/tablewriter v0
 
 // TODO(anubhav06): Remove this once we have a release of copacetic with the support for patching kubescape image scan results.
 replace github.com/project-copacetic/copacetic => github.com/anubhav06/copacetic v0.0.0-20230821175613-0a7915a62e10
+
+replace github.com/docker/distribution v2.8.3+incompatible => github.com/docker/distribution v2.8.2+incompatible

pkg/imagescan/imagescan.go

@@ -7,7 +7,6 @@ import (
 	"path/filepath"
 
 	"github.com/adrg/xdg"
-	"github.com/anchore/clio"
 	"github.com/anchore/grype/grype"
 	"github.com/anchore/grype/grype/db"
 	"github.com/anchore/grype/grype/grypeerr"
@@ -24,7 +23,7 @@ import (
 	"github.com/anchore/grype/grype/store"
 	"github.com/anchore/grype/grype/vulnerability"
 	"github.com/anchore/stereoscope/pkg/image"
-	"github.com/anchore/syft/cmd/syft/cli/options"
+	"github.com/anchore/syft/syft"
 )
 
 const (
@@ -93,36 +92,15 @@ func validateDBLoad(loadErr error, status *db.Status) error {
 	return nil
 }
 
-type packagesOptions struct {
-	options.Output      `yaml:",inline" mapstructure:",squash"`
-	options.Config      `yaml:",inline" mapstructure:",squash"`
-	options.Catalog     `yaml:",inline" mapstructure:",squash"`
-	options.UpdateCheck `yaml:",inline" mapstructure:",squash"`
-}
-
-func defaultPackagesOptions() *packagesOptions {
-	defaultCatalogOpts := options.DefaultCatalog()
-
-	// TODO(matthyx): assess this value
-	defaultCatalogOpts.Parallelism = 4
-
-	return &packagesOptions{
-		Output:      options.DefaultOutput(),
-		UpdateCheck: options.DefaultUpdateCheck(),
-		Catalog:     defaultCatalogOpts,
-	}
-}
-
 func getProviderConfig(creds RegistryCredentials) pkg.ProviderConfig {
 	syftCreds := []image.RegistryCredentials{{Username: creds.Username, Password: creds.Password}}
 	regOpts := &image.RegistryOptions{
 		Credentials: syftCreds,
 	}
-	syftOpts := defaultPackagesOptions()
 	pc := pkg.ProviderConfig{
 		SyftProviderConfig: pkg.SyftProviderConfig{
 			RegistryOptions: regOpts,
-			SBOMOptions:     syftOpts.Catalog.ToSBOMConfig(clio.Identification{}),
+			SBOMOptions:     syft.DefaultCreateSBOMConfig(),
 		},
 		SynthesisConfig: pkg.SynthesisConfig{
 			GenerateMissingCPEs: true,