From 54ae2e941f5f14ca12ce2dff37dd458b9cf21094 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 13 Mar 2024 19:01:21 +0100 Subject: [PATCH] [bitnami/kubescape] Release 3.0.5-debian-12-r1 (#63811) Signed-off-by: Bitnami Containers --- bitnami/kubescape/3/debian-12/Dockerfile | 4 +-- .../opt/bitnami/scripts/libkubescape.sh | 28 +++++++------------ 2 files changed, 12 insertions(+), 20 deletions(-) diff --git a/bitnami/kubescape/3/debian-12/Dockerfile b/bitnami/kubescape/3/debian-12/Dockerfile index 9c50057ee6b8..e62dd772ae5b 100644 --- a/bitnami/kubescape/3/debian-12/Dockerfile +++ b/bitnami/kubescape/3/debian-12/Dockerfile @@ -7,10 +7,10 @@ ARG TARGETARCH LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \ org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \ - org.opencontainers.image.created="2024-03-13T15:39:24Z" \ + org.opencontainers.image.created="2024-03-13T17:36:27Z" \ org.opencontainers.image.description="Application packaged by VMware, Inc" \ org.opencontainers.image.licenses="Apache-2.0" \ - org.opencontainers.image.ref.name="3.0.5-debian-12-r0" \ + org.opencontainers.image.ref.name="3.0.5-debian-12-r1" \ org.opencontainers.image.title="kubescape" \ org.opencontainers.image.vendor="VMware, Inc." \ org.opencontainers.image.version="3.0.5" diff --git a/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh b/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh index 5ecbd05b7bbf..d6cd33099db9 100644 --- a/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh +++ b/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh @@ -60,7 +60,6 @@ Flags: -l, --log-level string Log level for the kubescape scan and kubescape scan image commands. -r, --retries Number of retries for each 'kubescape scan image' command. -s, --silent Do not display any logs in stdout, only the resulting report. - --skip-default-frameworks If set to true, skips the default frameworks configuration # NOTE: Additionally, other 'kubescape scan' flags can be added, run 'kubescape scan -h' for additional information. """ @@ -80,10 +79,19 @@ kubescape_oss_assessment() { local scan_args=("scan" "--format=json") local scan_image_args=("scan" "image" "--format=json") local silent="false" - local skip_frameworks="false" local output="" local retries="3" + # By default, Kubescape only runs NSA and MITRE frameworks + # We want to extend that to also include SOC2 and CIS frameworks + readarray -t frameworks < <(${cmd} list frameworks --format=json | jq '.[]' | grep -Ei "nsa|mitre|soc2|cis-v" | sed 's/"//g') + if [[ "${#frameworks[@]}" -gt 0 ]]; then + info "OSS Assessment scan will use the following frameworks: ${frameworks[*]}" + scan_args+=("framework" "$(tr ' ' ',' <<< "${frameworks[*]}")") + else + warn "Could not obtain frameworks, using default ones." + fi + # Handle input while [[ $# -gt 0 ]]; do key="$1" @@ -107,10 +115,6 @@ kubescape_oss_assessment() { retries="$2" shift 2 ;; - --skip-default-frameworks) - skip_frameworks="true" - shift 1 - ;; *) scan_args+=("$1") shift @@ -125,18 +129,6 @@ kubescape_oss_assessment() { error "The Bitnami Catalog JSON file is missing: ${TANZU_APPLICATION_CATALOG_FILE}" fi - # By default, Kubescape only runs NSA and MITRE frameworks - # We want to extend that to also include SOC2 and CIS frameworks - if ! is_boolean_yes "$skip_frameworks"; then - readarray -t frameworks < <(${cmd} list frameworks --format=json | jq '.[]' | grep -Ei "nsa|mitre|soc2|cis-v" | sed 's/"//g') - if [[ "${#frameworks[@]}" -gt 0 ]]; then - info "OSS Assessment scan will use the following frameworks: ${frameworks[*]}" - scan_args+=("frameworks" "$(tr ' ' ',' <<< "${frameworks[*]}")") - else - warn "Could not obtain frameworks, using default ones." - fi - fi - # Run Kubescape scan for the provided project and add custom field 'security' info "Running command '${cmd} ${scan_args[*]}'" if is_boolean_yes "$silent"; then