github/kubescape
1
0
Fork 0
mirror of https://github.com/kubescape/kubescape.git synced 2026-02-14 18:09:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
621ffd3eade875cc648ec0149f41bcedccf8f910
kubescape/core
History
copilot-swe-agent[bot] 621ffd3ead Fix: Prevent URLs from being treated as local file paths 
- Add URL detection (http:// and https://) in getScanningContext
- Prevent URLs from being joined with current working directory
- Add test cases for self-hosted GitLab URLs
- Ensure proper error handling when git clone fails

Co-authored-by: matthyx <20683409+matthyx@users.noreply.github.com>
2025-12-11 09:08:12 +00:00
..
cautils
Fix: Prevent URLs from being treated as local file paths
2025-12-11 09:08:12 +00:00
core
Fix: properly handle nil downloadReleasedPolicy in getters
2025-12-03 21:19:39 +00:00
meta
use grype v0.99.1
2025-09-17 10:11:19 +02:00
metrics
Bump v3 (#1449)
2023-10-22 17:43:51 +03:00
mocks
use grype v0.99.1
2025-09-17 10:11:19 +02:00
pkg
Update cosign package to v3 and adjust go.mod dependencies
2025-12-09 11:24:29 +01:00
README.md
Revamp documentation and reduce host sensor workers
2025-11-30 11:47:00 +01:00

README.md

Kubescape Core Package

The core package provides the main Kubescape scanning engine as a Go library, allowing you to integrate Kubescape security scanning directly into your applications.

Table of Contents

Installation

go get github.com/kubescape/kubescape/v3/core

Quick Start

package main

import (
    "context"
    "fmt"
    "log"

    "github.com/kubescape/kubescape/v3/core"
    "github.com/kubescape/kubescape/v3/core/cautils"
)

func main() {
    ctx := context.Background()

    // Initialize Kubescape
    ks := core.NewKubescape(ctx)

    // Configure scan
    scanInfo := &cautils.ScanInfo{
        // Scan the current cluster
        ScanAll: true,
    }

    // Run scan
    results, err := ks.Scan(scanInfo)
    if err != nil {
        log.Fatalf("Scan failed: %v", err)
    }

    // Convert results to JSON
    jsonRes, err := results.ToJson()
    if err != nil {
        log.Fatalf("Failed to convert results: %v", err)
    }

    fmt.Println(string(jsonRes))
}

API Reference

Creating a Kubescape Instance

// Create with context
ks := core.NewKubescape(ctx)

Scanning

// Scan with configuration
results, err := ks.Scan(scanInfo)

Listing Frameworks and Controls

// List available policies
err := ks.List(listPolicies)

Downloading Artifacts

// Download for offline use
err := ks.Download(downloadInfo)

Image Scanning

// Scan container image
exceedsSeverity, err := ks.ScanImage(imgScanInfo, scanInfo)

Fixing Misconfigurations

// Apply fixes to manifests
err := ks.Fix(fixInfo)

Examples

Scan a Specific Framework

scanInfo := &cautils.ScanInfo{}
scanInfo.SetPolicyIdentifiers([]string{"nsa"}, "framework")

results, err := ks.Scan(scanInfo)

Scan Specific Namespaces

scanInfo := &cautils.ScanInfo{
    IncludeNamespaces: "production,staging",
}

results, err := ks.Scan(scanInfo)

Scan Local YAML Files

scanInfo := &cautils.ScanInfo{
    InputPatterns: []string{"/path/to/manifests"},
}
scanInfo.SetScanType(cautils.ScanTypeRepo)

results, err := ks.Scan(scanInfo)

Export Results to Different Formats

results, _ := ks.Scan(scanInfo)

// JSON
jsonData, _ := results.ToJson()

// Get summary
summary := results.GetData().Report.SummaryDetails
fmt.Printf("Compliance Score: %.2f%%\n", summary.ComplianceScore)

Scan with Compliance Threshold

scanInfo := &cautils.ScanInfo{
    ComplianceThreshold: 80.0, // Fail if below 80%
}

results, err := ks.Scan(scanInfo)
if err != nil {
    // Handle scan failure
}

// Check if threshold was exceeded
if results.GetData().Report.SummaryDetails.ComplianceScore < scanInfo.ComplianceThreshold {
    log.Fatal("Compliance score below threshold")
}

Configuration Options

ScanInfo Fields

Field Type Description
AccountID string Kubescape SaaS account ID
AccessKey string Kubescape SaaS access key
InputPatterns []string Paths to scan (files, directories, URLs)
ExcludedNamespaces string Comma-separated namespaces to exclude
IncludeNamespaces string Comma-separated namespaces to include
Format string Output format (json, junit, sarif, etc.)
Output string Output file path
VerboseMode bool Show all resources in output
FailThreshold float32 Fail threshold percentage
ComplianceThreshold float32 Compliance threshold percentage
UseExceptions string Path to exceptions file
UseArtifactsFrom string Path to offline artifacts
Submit bool Submit results to SaaS
Local bool Keep results local (don't submit)

Error Handling

results, err := ks.Scan(scanInfo)
if err != nil {
    switch {
    case errors.Is(err, context.DeadlineExceeded):
        log.Fatal("Scan timed out")
    case errors.Is(err, context.Canceled):
        log.Fatal("Scan was canceled")
    default:
        log.Fatalf("Scan error: %v", err)
    }
}

Thread Safety

The Kubescape instance is safe for concurrent use. You can run multiple scans in parallel:

var wg sync.WaitGroup

for _, ns := range namespaces {
    wg.Add(1)
    go func(namespace string) {
        defer wg.Done()
        
        scanInfo := &cautils.ScanInfo{
            IncludeNamespaces: namespace,
        }
        results, _ := ks.Scan(scanInfo)
        // Process results...
    }(ns)
}

wg.Wait()

Related Documentation

Reference in New Issue View Git Blame Copy Permalink