From a02ce4391a19d072c9740b1156d9900cc6ef8b79 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 11 Mar 2024 11:03:11 +0100 Subject: [PATCH] [bitnami/kubescape] Release 3.0.4-debian-12-r2 (#63746) Signed-off-by: Bitnami Containers --- bitnami/kubescape/3/debian-12/Dockerfile | 4 ++-- .../rootfs/opt/bitnami/scripts/libkubescape.sh | 18 ++++++++++++++++++ 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/bitnami/kubescape/3/debian-12/Dockerfile b/bitnami/kubescape/3/debian-12/Dockerfile index e59718abb70a..b73c56608b7e 100644 --- a/bitnami/kubescape/3/debian-12/Dockerfile +++ b/bitnami/kubescape/3/debian-12/Dockerfile @@ -7,10 +7,10 @@ ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-03-06T22:10:51Z" \ + org.opencontainers.image.created="2024-03-11T09:41:23Z" \ org.opencontainers.image.description="Application packaged by VMware, Inc" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.0.4-debian-12-r1" \ + org.opencontainers.image.ref.name="3.0.4-debian-12-r2" \ org.opencontainers.image.title="kubescape" \ org.opencontainers.image.vendor="VMware, Inc." \ org.opencontainers.image.version="3.0.4" diff --git a/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh b/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh index 9d672b92a516..5ecbd05b7bbf 100644 --- a/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh +++ b/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh @@ -60,6 +60,7 @@ Flags: -l, --log-level string Log level for the kubescape scan and kubescape scan image commands. -r, --retries Number of retries for each 'kubescape scan image' command. -s, --silent Do not display any logs in stdout, only the resulting report. + --skip-default-frameworks If set to true, skips the default frameworks configuration # NOTE: Additionally, other 'kubescape scan' flags can be added, run 'kubescape scan -h' for additional information. """ @@ -79,6 +80,7 @@ kubescape_oss_assessment() { local scan_args=("scan" "--format=json") local scan_image_args=("scan" "image" "--format=json") local silent="false" + local skip_frameworks="false" local output="" local retries="3" @@ -105,6 +107,10 @@ kubescape_oss_assessment() { retries="$2" shift 2 ;; + --skip-default-frameworks) + skip_frameworks="true" + shift 1 + ;; *) scan_args+=("$1") shift @@ -119,6 +125,18 @@ kubescape_oss_assessment() { error "The Bitnami Catalog JSON file is missing: ${TANZU_APPLICATION_CATALOG_FILE}" fi + # By default, Kubescape only runs NSA and MITRE frameworks + # We want to extend that to also include SOC2 and CIS frameworks + if ! is_boolean_yes "$skip_frameworks"; then + readarray -t frameworks < <(${cmd} list frameworks --format=json | jq '.[]' | grep -Ei "nsa|mitre|soc2|cis-v" | sed 's/"//g') + if [[ "${#frameworks[@]}" -gt 0 ]]; then + info "OSS Assessment scan will use the following frameworks: ${frameworks[*]}" + scan_args+=("frameworks" "$(tr ' ' ',' <<< "${frameworks[*]}")") + else + warn "Could not obtain frameworks, using default ones." + fi + fi + # Run Kubescape scan for the provided project and add custom field 'security' info "Running command '${cmd} ${scan_args[*]}'" if is_boolean_yes "$silent"; then