Comments (6)
Hi @agarcia-oss
Indeed, we haven't finalized our approach for integrating the vulnerability scanning report with the compliance report. From my perspective, this is of lesser priority as the preferred method for scanning images for vulnerabilities is via the kubescape helm chart rather than the CLI. The CLI is primarily intended for providing an overview of capabilities and for gating in CI/CD pipelines. If you intend to continuously scan your cluster, I strongly advise installing the helm chart.
This being said, if adding the report to the CLI is needed we are more than open to suggestions and contributions.
Thoughts?
from kubescape.
Hi @dwertent thanks for the answer, your suggestion of using the helm chart for image scanning makes perfect sense.
We're considering alternatives, but sure, updating the report with the scan-image
information is something we'll be happy to contribute from our side! Just to understand where it could fit, it should be added somewhere in the summaryDetails
section, with a new vulnerabilityCounters
section?
Thanks in advance!
from kubescape.
Hi @agarcia-oss, I appreciate your willingness to contribute.
The JSON report is divided into several sections:
summaryDetails
: This section provides a summary of the report, including counters.resources
: It consists of a list of all scanned resources.results
: This section contains a combination of resource IDs and the corresponding results for each resource.
We have two options for adding the report:
- We can include a section in the base report specifically for the image vulnerabilities report.
- Alternatively, we can add a section to the
results
section. This means that for each resource, we'll include the scanning results.
My suggestion is to add the vulnerability report to the results
section. This way, for each resource, we'll have the following structure:
"results": [
{
"resourceID": "/kube-system/ServiceAccount/attachdetach-controller/rbac.authorization.k8s.io/v1//ClusterRole/system:controller:attachdetach-controller/rbac.authorization.k8s.io/v1//ClusterRoleBinding/system:controller:attachdetach-controller",
"controls": [
...
],
"vulnerabilities": [
...
]
}
]
Now, let's focus on a couple of remaining points:
- It would be helpful to add counters to the
summaryDetails
section. - Do we want to support only JSON format, or should we consider other formats as well?
Just something to consider.
from kubescape.
@agarcia-oss can you help us giving your thoughts on David's questions?
from kubescape.
Hi @dwertent and @matthyx thanks for the feedback and apologies for not answering earlier.
I think the proposed approach of adding the image scanning results to the results
section is great and we'll look into it in the following days. No timeline for this, though.
As for adding the scan results to the rest of the report format, this seems a bit out of scope for us.
Regards!
from kubescape.
Resolved in release v3.0.4
from kubescape.
Related Issues (20)
- Non-Root container false positive HOT 5
- Kustomize directory analysis not working HOT 3
- Error `exectuateYq err: no matches found` when rendering Helm chart HOT 7
- Increase in CPU usage scanning helm repositories HOT 2
- Does kubescape have arm architecture image? HOT 2
- PolicyReport CRDs support HOT 1
- Evaluating C-0037 seems to report false positives as well as false negatives HOT 1
- Cannot exclude particular rules from Control HOT 3
- Define labels to copy from workloads to reports HOT 6
- Add control references in the PDF output HOT 2
- sha256 not being published since v3.0.3 HOT 5
- Advanced Kubescape plugin features for VSCode HOT 11
- Add Backstage plugin HOT 2
- Report the use of components with vulnerabilities in kubescape HOT 2
- Support excluding some containers of pods from privileged check HOT 2
- GitHub copilot extension for Kubescape HOT 2
- Update documentation and usages to remove libgit usage HOT 5
- Kubescrape external providers HOT 1
- Synchronizer is failing with resource not found error HOT 8
- Severity is missing in JSON format when the scan is performed using a framework. HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from kubescape.