[bitnami/kubescape] Release kubescape-3.0.34-debian-12-r5 (#80544)

Signed-off-by: Bitnami Bot <bitnami.bot@broadcom.com>
2026-04-04 16:27:46 +08:00 · 2025-04-24 15:11:23 +02:00
parent 1bba72a8f6
commit beb16247fc
3 changed files with 6 additions and 4 deletions
--- a/bitnami/kubescape/3/debian-12/Dockerfile
+++ b/bitnami/kubescape/3/debian-12/Dockerfile
@@ -8,10 +8,10 @@ ARG TARGETARCH

 LABEL com.vmware.cp.artifact.flavor="sha256:c50c90cfd9d12b445b011e6ad529f1ad3daea45c26d20b00732fae3cd71f6a83" \
      org.opencontainers.image.base.name="docker.io/bitnami/minideb:bookworm" \
-      org.opencontainers.image.created="2025-04-15T01:51:30Z" \
+      org.opencontainers.image.created="2025-04-24T12:47:50Z" \
      org.opencontainers.image.description="Application packaged by Broadcom, Inc." \
      org.opencontainers.image.documentation="https://github.com/bitnami/containers/tree/main/bitnami/kubescape/README.md" \
-      org.opencontainers.image.ref.name="3.0.34-debian-12-r4" \
+      org.opencontainers.image.ref.name="3.0.34-debian-12-r5" \
      org.opencontainers.image.source="https://github.com/bitnami/containers/tree/main/bitnami/kubescape" \
      org.opencontainers.image.title="kubescape" \
      org.opencontainers.image.vendor="Broadcom, Inc." \
--- a/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/kubescape/postunpack.sh
+++ b/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/kubescape/postunpack.sh
@@ -26,4 +26,6 @@ done
 # Download kubescape artifacts
 # Also ensure permissions are properly configured
 kubescape download artifacts
+# Create an inputs file that avoids PASSWORD_FILE and other *_FILE env variable false positives
+jq '.sensitiveKeyNamesAllowed += ["_FILE"]' "${KUBESCAPE_ARTIFACTS_DIR}/controls-inputs.json" > "${KUBESCAPE_ARTIFACTS_DIR}/controls-inputs-bn.json"
 configure_permissions_ownership "$KUBESCAPE_ARTIFACTS_DIR" -g "root" -d "775" -f "664"
--- a/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh
+++ b/bitnami/kubescape/3/debian-12/rootfs/opt/bitnami/scripts/libkubescape.sh
@@ -76,7 +76,7 @@ Flags:
 kubescape_oss_assessment() {

  local cmd="kubescape"
-  local scan_args=("scan" "--format=json")
+  local scan_args=("scan" "--format=json" "--controls-config=${KUBESCAPE_ARTIFACTS_DIR}/controls-inputs-bn.json")
  local scan_image_args=("scan" "image" "--format=json")
  local silent="false"
  local output=""
@@ -84,7 +84,7 @@ kubescape_oss_assessment() {

  # By default, Kubescape only runs NSA and MITRE frameworks
  # We want to extend that to also include SOC2 and CIS frameworks
-  readarray -t frameworks < <(${cmd} list frameworks --format=json | jq '.[]' | grep -Ei "nsa|mitre|soc2|cis-v" | sed 's/"//g')
+  readarray -t frameworks < <(${cmd} list frameworks --format=json | jq '.[]' | grep -Ei "nsa|mitre|soc2|cis-v.*-t" | sed 's/"//g')
  if [[ "${#frameworks[@]}" -gt 0 ]]; then
    info  "OSS Assessment scan will use the following frameworks: ${frameworks[*]}"
    scan_args+=("framework" "$(tr ' ' ',' <<< "${frameworks[*]}")")