public_git
/
bitnami-containers
mirror of https://github.com/bitnami/containers.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[bitnami/kubescape] Release 3.0.4-debian-12-r2 (#63746) 

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Bitnami Bot 2024-03-11 11:03:11 +01:00 committed by GitHub
parent b802b5d4df
commit a02ce4391a
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
bitnami/kubescape/3/debian-12/Dockerfile
View File

@ -7,10 +7,10 @@ ARG TARGETARCH
LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
org.opencontainers.image.created="2024-03-06T22:10:51Z" \
org.opencontainers.image.created="2024-03-11T09:41:23Z" \
org.opencontainers.image.description="Application packaged by VMware, Inc" \
org.opencontainers.image.licenses="Apache-2.0" \
org.opencontainers.image.ref.name="3.0.4-debian-12-r1" \
org.opencontainers.image.ref.name="3.0.4-debian-12-r2" \
org.opencontainers.image.title="kubescape" \
org.opencontainers.image.vendor="VMware, Inc." \
org.opencontainers.image.version="3.0.4"

18
bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh
View File

@ -60,6 +60,7 @@ Flags:
-l, --log-level string Log level for the kubescape scan and kubescape scan image commands.
-r, --retries Number of retries for each 'kubescape scan image' command.
-s, --silent Do not display any logs in stdout, only the resulting report.
--skip-default-frameworks If set to true, skips the default frameworks configuration
# NOTE: Additionally, other 'kubescape scan' flags can be added, run 'kubescape scan -h' for additional information.
"""
@ -79,6 +80,7 @@ kubescape_oss_assessment() {
local scan_args=("scan" "--format=json")
local scan_image_args=("scan" "image" "--format=json")
local silent="false"
local skip_frameworks="false"
local output=""
local retries="3"
@ -105,6 +107,10 @@ kubescape_oss_assessment() {
retries="$2"
shift 2
;;
--skip-default-frameworks)
skip_frameworks="true"
shift 1
;;
*)
scan_args+=("$1")
shift
@ -119,6 +125,18 @@ kubescape_oss_assessment() {
error "The Bitnami Catalog JSON file is missing: ${TANZU_APPLICATION_CATALOG_FILE}"
fi
# By default, Kubescape only runs NSA and MITRE frameworks
# We want to extend that to also include SOC2 and CIS frameworks
if ! is_boolean_yes "$skip_frameworks"; then
readarray -t frameworks < <(${cmd} list frameworks --format=json | jq '.[]' | grep -Ei "nsa|mitre|soc2|cis-v" | sed 's/"//g')
if [[ "${#frameworks[@]}" -gt 0 ]]; then
info "OSS Assessment scan will use the following frameworks: ${frameworks[*]}"
scan_args+=("frameworks" "$(tr ' ' ',' <<< "${frameworks[*]}")")
else
warn "Could not obtain frameworks, using default ones."
fi
fi
# Run Kubescape scan for the provided project and add custom field 'security'
info "Running command '${cmd} ${scan_args[*]}'"
if is_boolean_yes "$silent"; then