scan-images report missing from json output format about kubescape HOT 6 CLOSED

Hi @agarcia-oss

Indeed, we haven't finalized our approach for integrating the vulnerability scanning report with the compliance report. From my perspective, this is of lesser priority as the preferred method for scanning images for vulnerabilities is via the kubescape helm chart rather than the CLI. The CLI is primarily intended for providing an overview of capabilities and for gating in CI/CD pipelines. If you intend to continuously scan your cluster, I strongly advise installing the helm chart.

This being said, if adding the report to the CLI is needed we are more than open to suggestions and contributions.

Thoughts?

from kubescape.

Hi @dwertent thanks for the answer, your suggestion of using the helm chart for image scanning makes perfect sense.

We're considering alternatives, but sure, updating the report with the scan-image information is something we'll be happy to contribute from our side! Just to understand where it could fit, it should be added somewhere in the summaryDetails section, with a new vulnerabilityCounters section?

Thanks in advance!

from kubescape.

Hi @agarcia-oss, I appreciate your willingness to contribute.

The JSON report is divided into several sections:

1. summaryDetails: This section provides a summary of the report, including counters.
2. resources: It consists of a list of all scanned resources.
3. results: This section contains a combination of resource IDs and the corresponding results for each resource.

We have two options for adding the report:

1. We can include a section in the base report specifically for the image vulnerabilities report.
2. Alternatively, we can add a section to the results section. This means that for each resource, we'll include the scanning results.

My suggestion is to add the vulnerability report to the results section. This way, for each resource, we'll have the following structure:

"results": [
        {
            "resourceID": "/kube-system/ServiceAccount/attachdetach-controller/rbac.authorization.k8s.io/v1//ClusterRole/system:controller:attachdetach-controller/rbac.authorization.k8s.io/v1//ClusterRoleBinding/system:controller:attachdetach-controller",
            "controls": [
                   ...
            ],
            "vulnerabilities": [
                   ...
            ]
        }
]

Now, let's focus on a couple of remaining points:

1. It would be helpful to add counters to the summaryDetails section.
2. Do we want to support only JSON format, or should we consider other formats as well?

Just something to consider.

from kubescape.

@agarcia-oss can you help us giving your thoughts on David's questions?

from kubescape.

Hi @dwertent and @matthyx thanks for the feedback and apologies for not answering earlier.

I think the proposed approach of adding the image scanning results to the results section is great and we'll look into it in the following days. No timeline for this, though.

As for adding the scan results to the rest of the report format, this seems a bit out of scope for us.

Regards!

from kubescape.

Resolved in release v3.0.4

from kubescape.