Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kubescape for openSUSE:Factory
checked in at 2025-07-28 14:58:38
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kubescape (Old)
and /work/SRC/openSUSE:Factory/.kubescape.new.13279 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubescape"
Mon Jul 28 14:58:38 2025 rev:23 rq:1296010 version:3.0.36
Changes:
--------
--- /work/SRC/openSUSE:Factory/kubescape/kubescape.changes 2025-07-07
14:49:37.732115247 +0200
+++ /work/SRC/openSUSE:Factory/.kubescape.new.13279/kubescape.changes
2025-07-28 14:58:57.224286701 +0200
@@ -1,0 +2,10 @@
+Mon Jul 28 05:34:58 UTC 2025 - Johannes Kastl
<opensuse_buildserv...@ojkastl.de>
+
+- Update to version 3.0.36:
+ * fix buildnumber test
+ * close grype DB at the very end of processing
+ * do not fail version if update info cannot be fetched
+ * fix: control-plane node taints check (#1843)
+ * check scanInfo.Submit in HandleResults to not submit by default
+
+-------------------------------------------------------------------
Old:
----
kubescape-3.0.35.obscpio
New:
----
kubescape-3.0.36.obscpio
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kubescape.spec ++++++
--- /var/tmp/diff_new_pack.1tNVFd/_old 2025-07-28 14:58:59.444379181 +0200
+++ /var/tmp/diff_new_pack.1tNVFd/_new 2025-07-28 14:58:59.448379348 +0200
@@ -17,7 +17,7 @@
Name: kubescape
-Version: 3.0.35
+Version: 3.0.36
Release: 0
Summary: Tool providing a multi-cloud K8s single pane of glass
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.1tNVFd/_old 2025-07-28 14:58:59.480380680 +0200
+++ /var/tmp/diff_new_pack.1tNVFd/_new 2025-07-28 14:58:59.480380680 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/armosec/kubescape</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v3.0.35</param>
+ <param name="revision">v3.0.36</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="versionrewrite-pattern">v(.*)</param>
<param name="changesgenerate">enable</param>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.1tNVFd/_old 2025-07-28 14:58:59.500381513 +0200
+++ /var/tmp/diff_new_pack.1tNVFd/_new 2025-07-28 14:58:59.508381847 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/armosec/kubescape</param>
- <param
name="changesrevision">6042818a7178b43d0fa0dbb0bbc07f57036de426</param></service></servicedata>
+ <param
name="changesrevision">cd046fa695f5492ea23195604c46f753e92dfb63</param></service></servicedata>
(No newline at EOF)
++++++ kubescape-3.0.35.obscpio -> kubescape-3.0.36.obscpio ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/cmd/scan/control.go
new/kubescape-3.0.36/cmd/scan/control.go
--- old/kubescape-3.0.35/cmd/scan/control.go 2025-06-24 16:31:45.000000000
+0200
+++ new/kubescape-3.0.36/cmd/scan/control.go 2025-07-26 11:08:43.000000000
+0200
@@ -99,7 +99,7 @@
if err != nil {
logger.L().Fatal(err.Error())
}
- if err := results.HandleResults(ks.Context()); err !=
nil {
+ if err := results.HandleResults(ks.Context(),
scanInfo); err != nil {
logger.L().Fatal(err.Error())
}
if !scanInfo.VerboseMode {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/cmd/scan/framework.go
new/kubescape-3.0.36/cmd/scan/framework.go
--- old/kubescape-3.0.35/cmd/scan/framework.go 2025-06-24 16:31:45.000000000
+0200
+++ new/kubescape-3.0.36/cmd/scan/framework.go 2025-07-26 11:08:43.000000000
+0200
@@ -117,7 +117,7 @@
logger.L().Fatal(err.Error())
}
- if err = results.HandleResults(ks.Context()); err !=
nil {
+ if err = results.HandleResults(ks.Context(), scanInfo);
err != nil {
logger.L().Fatal(err.Error())
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/cmd/scan/scan.go
new/kubescape-3.0.36/cmd/scan/scan.go
--- old/kubescape-3.0.35/cmd/scan/scan.go 2025-06-24 16:31:45.000000000
+0200
+++ new/kubescape-3.0.36/cmd/scan/scan.go 2025-07-26 11:08:43.000000000
+0200
@@ -139,7 +139,7 @@
return err
}
- if err = results.HandleResults(ks.Context()); err != nil {
+ if err = results.HandleResults(ks.Context(), &scanInfo); err != nil {
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/cmd/scan/workload.go
new/kubescape-3.0.36/cmd/scan/workload.go
--- old/kubescape-3.0.35/cmd/scan/workload.go 2025-06-24 16:31:45.000000000
+0200
+++ new/kubescape-3.0.36/cmd/scan/workload.go 2025-07-26 11:08:43.000000000
+0200
@@ -70,7 +70,7 @@
logger.L().Fatal(err.Error())
}
- if err = results.HandleResults(ks.Context()); err !=
nil {
+ if err = results.HandleResults(ks.Context(), scanInfo);
err != nil {
logger.L().Fatal(err.Error())
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/cmd/version/version.go
new/kubescape-3.0.36/cmd/version/version.go
--- old/kubescape-3.0.35/cmd/version/version.go 2025-06-24 16:31:45.000000000
+0200
+++ new/kubescape-3.0.36/cmd/version/version.go 2025-07-26 11:08:43.000000000
+0200
@@ -16,14 +16,11 @@
Long: ``,
RunE: func(cmd *cobra.Command, args []string) error {
v := versioncheck.NewIVersionCheckHandler(ks.Context())
- versionCheckRequest :=
versioncheck.NewVersionCheckRequest("", versioncheck.BuildNumber, "", "",
"version", nil)
- if err := v.CheckLatestVersion(ks.Context(),
versionCheckRequest); err != nil {
- return err
- }
+ _ = v.CheckLatestVersion(ks.Context(),
versioncheck.NewVersionCheckRequest("", versioncheck.BuildNumber, "", "",
"version", nil))
- fmt.Fprintf(cmd.OutOrStdout(),
+ _, _ = fmt.Fprintf(cmd.OutOrStdout(),
"Your current version is: %s\n",
- versionCheckRequest.ClientVersion,
+ versioncheck.BuildNumber,
)
return nil
},
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/cmd/version/version_test.go
new/kubescape-3.0.36/cmd/version/version_test.go
--- old/kubescape-3.0.35/cmd/version/version_test.go 2025-06-24
16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/cmd/version/version_test.go 2025-07-26
11:08:43.000000000 +0200
@@ -20,7 +20,7 @@
}{
{
name: "Undefined Build Number",
- buildNumber: "",
+ buildNumber: "unknown",
want: "Your current version is: unknown\n",
},
{
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/core/core/image_scan.go
new/kubescape-3.0.36/core/core/image_scan.go
--- old/kubescape-3.0.35/core/core/image_scan.go 2025-06-24
16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/core/core/image_scan.go 2025-07-26
11:08:43.000000000 +0200
@@ -165,7 +165,12 @@
logger.L().Start(fmt.Sprintf("Scanning image %s...", imgScanInfo.Image))
dbCfg, _ := imagescan.NewDefaultDBConfig()
- svc := imagescan.NewScanService(dbCfg)
+ svc, err := imagescan.NewScanService(dbCfg)
+ if err != nil {
+ logger.L().StopError(fmt.Sprintf("Failed to initialize image
scanner: %s", err))
+ return nil, err
+ }
+ defer svc.Close()
creds := imagescan.RegistryCredentials{
Username: imgScanInfo.Username,
@@ -207,5 +212,5 @@
},
}
- return scanResults, resultsHandler.HandleResults(ks.Context())
+ return scanResults, resultsHandler.HandleResults(ks.Context(), scanInfo)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/core/core/patch.go
new/kubescape-3.0.36/core/core/patch.go
--- old/kubescape-3.0.35/core/core/patch.go 2025-06-24 16:31:45.000000000
+0200
+++ new/kubescape-3.0.36/core/core/patch.go 2025-07-26 11:08:43.000000000
+0200
@@ -31,7 +31,12 @@
// Setup the scan service
dbCfg, _ := imagescan.NewDefaultDBConfig()
- svc := imagescan.NewScanService(dbCfg)
+ svc, err := imagescan.NewScanService(dbCfg)
+ if err != nil {
+ logger.L().StopError(fmt.Sprintf("Failed to initialize image
scanner: %s", err))
+ return nil, err
+ }
+ defer svc.Close()
creds := imagescan.RegistryCredentials{
Username: patchInfo.Username,
Password: patchInfo.Password,
@@ -106,7 +111,7 @@
},
}
- return scanResultsPatched, resultsHandler.HandleResults(ks.Context())
+ return scanResultsPatched, resultsHandler.HandleResults(ks.Context(),
scanInfo)
}
func disableCopaLogger() {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/core/core/scan.go
new/kubescape-3.0.36/core/core/scan.go
--- old/kubescape-3.0.35/core/core/scan.go 2025-06-24 16:31:45.000000000
+0200
+++ new/kubescape-3.0.36/core/core/scan.go 2025-07-26 11:08:43.000000000
+0200
@@ -244,7 +244,12 @@
}
dbCfg, _ := imagescan.NewDefaultDBConfig()
- svc := imagescan.NewScanService(dbCfg)
+ svc, err := imagescan.NewScanService(dbCfg)
+ if err != nil {
+ logger.L().StopError(fmt.Sprintf("Failed to initialize image
scanner: %s", err))
+ return
+ }
+ defer svc.Close()
for _, img := range imagesToScan {
logger.L().Start("Scanning", helpers.String("image", img))
@@ -255,7 +260,7 @@
}
}
-func scanSingleImage(ctx context.Context, img string, svc imagescan.Service,
resultsHandling *resultshandling.ResultsHandler) error {
+func scanSingleImage(ctx context.Context, img string, svc *imagescan.Service,
resultsHandling *resultshandling.ResultsHandler) error {
scanResults, err := svc.Scan(ctx, img, imagescan.RegistryCredentials{},
nil, nil)
if err != nil {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubescape-3.0.35/core/pkg/resourcehandler/k8sresources.go
new/kubescape-3.0.36/core/pkg/resourcehandler/k8sresources.go
--- old/kubescape-3.0.35/core/pkg/resourcehandler/k8sresources.go
2025-06-24 16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/core/pkg/resourcehandler/k8sresources.go
2025-07-26 11:08:43.000000000 +0200
@@ -478,8 +478,15 @@
// NoSchedule taint with empty value is usually applied to controlplane
func isMasterNodeTaints(taints []v1.Taint) bool {
for _, taint := range taints {
- if taint.Effect == v1.TaintEffectNoSchedule && taint.Value ==
"" {
- return true
+ if taint.Effect == v1.TaintEffectNoSchedule {
+ // NoSchedule taint with empty value is usually applied
to controlplane
+ if taint.Value == "" {
+ return true
+ }
+
+ if taint.Key == "node-role.kubernetes.io/control-plane"
&& taint.Value == "true" {
+ return true
+ }
}
}
return false
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubescape-3.0.35/core/pkg/resourcehandler/k8sresources_test.go
new/kubescape-3.0.36/core/pkg/resourcehandler/k8sresources_test.go
--- old/kubescape-3.0.35/core/pkg/resourcehandler/k8sresources_test.go
2025-06-24 16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/core/pkg/resourcehandler/k8sresources_test.go
2025-07-26 11:08:43.000000000 +0200
@@ -14,264 +14,264 @@
)
func TestIsMasterNodeTaints(t *testing.T) {
- noTaintNode := `
-{
-"apiVersion": "v1",
-"kind": "Node",
-"metadata": {
- "annotations": {
- "kubeadm.alpha.kubernetes.io/cri-socket":
"/var/run/dockershim.sock",
- "node.alpha.kubernetes.io/ttl": "0",
- "volumes.kubernetes.io/controller-managed-attach-detach": "true"
- },
- "creationTimestamp": "2022-05-16T10:52:32Z",
- "labels": {
- "beta.kubernetes.io/arch": "amd64",
- "beta.kubernetes.io/os": "linux",
- "kubernetes.io/arch": "amd64",
- "kubernetes.io/hostname": "danielg-minikube",
- "kubernetes.io/os": "linux",
- "minikube.k8s.io/commit":
"3e64b11ed75e56e4898ea85f96b2e4af0301f43d",
- "minikube.k8s.io/name": "danielg-minikube",
- "minikube.k8s.io/updated_at": "2022_05_16T13_52_35_0700",
- "minikube.k8s.io/version": "v1.25.1",
- "node-role.kubernetes.io/control-plane": "",
- "node-role.kubernetes.io/master": "",
- "node.kubernetes.io/exclude-from-external-load-balancers": ""
- },
- "name": "danielg-minikube",
- "resourceVersion": "9432",
- "uid": "fc4afcb6-4ca4-4038-ba54-5e16065a614a"
-},
-"spec": {
- "podCIDR": "10.244.0.0/24",
- "podCIDRs": [
- "10.244.0.0/24"
- ]
-},
-"status": {
- "addresses": [
+ noTaintNodeJson := `
{
- "address": "192.168.49.2",
- "type": "InternalIP"
- },
- {
- "address": "danielg-minikube",
- "type": "Hostname"
- }
- ],
- "allocatable": {
- "cpu": "4",
- "ephemeral-storage": "94850516Ki",
- "hugepages-2Mi": "0",
- "memory": "10432976Ki",
- "pods": "110"
- },
- "capacity": {
- "cpu": "4",
- "ephemeral-storage": "94850516Ki",
- "hugepages-2Mi": "0",
- "memory": "10432976Ki",
- "pods": "110"
- },
- "conditions": [
- {
- "lastHeartbeatTime": "2022-05-16T14:14:31Z",
- "lastTransitionTime": "2022-05-16T10:52:29Z",
- "message": "kubelet has sufficient memory available",
- "reason": "KubeletHasSufficientMemory",
- "status": "False",
- "type": "MemoryPressure"
- },
- {
- "lastHeartbeatTime": "2022-05-16T14:14:31Z",
- "lastTransitionTime": "2022-05-16T10:52:29Z",
- "message": "kubelet has no disk pressure",
- "reason": "KubeletHasNoDiskPressure",
- "status": "False",
- "type": "DiskPressure"
- },
- {
- "lastHeartbeatTime": "2022-05-16T14:14:31Z",
- "lastTransitionTime": "2022-05-16T10:52:29Z",
- "message": "kubelet has sufficient PID available",
- "reason": "KubeletHasSufficientPID",
- "status": "False",
- "type": "PIDPressure"
- },
- {
- "lastHeartbeatTime": "2022-05-16T14:14:31Z",
- "lastTransitionTime": "2022-05-16T10:52:45Z",
- "message": "kubelet is posting ready status",
- "reason": "KubeletReady",
- "status": "True",
- "type": "Ready"
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+ "kubeadm.alpha.kubernetes.io/cri-socket":
"/var/run/dockershim.sock",
+ "node.alpha.kubernetes.io/ttl": "0",
+
"volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2022-05-16T10:52:32Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname": "danielg-minikube",
+ "kubernetes.io/os": "linux",
+ "minikube.k8s.io/commit":
"3e64b11ed75e56e4898ea85f96b2e4af0301f43d",
+ "minikube.k8s.io/name": "danielg-minikube",
+ "minikube.k8s.io/updated_at":
"2022_05_16T13_52_35_0700",
+ "minikube.k8s.io/version": "v1.25.1",
+ "node-role.kubernetes.io/control-plane": "",
+ "node-role.kubernetes.io/master": "",
+
"node.kubernetes.io/exclude-from-external-load-balancers": ""
+ },
+ "name": "danielg-minikube",
+ "resourceVersion": "9432",
+ "uid": "fc4afcb6-4ca4-4038-ba54-5e16065a614a"
+ },
+ "spec": {
+ "podCIDR": "10.244.0.0/24",
+ "podCIDRs": [
+ "10.244.0.0/24"
+ ]
+ },
+ "status": {
+ "addresses": [
+ {
+ "address": "192.168.49.2",
+ "type": "InternalIP"
+ },
+ {
+ "address": "danielg-minikube",
+ "type": "Hostname"
+ }
+ ],
+ "allocatable": {
+ "cpu": "4",
+ "ephemeral-storage": "94850516Ki",
+ "hugepages-2Mi": "0",
+ "memory": "10432976Ki",
+ "pods": "110"
+ },
+ "capacity": {
+ "cpu": "4",
+ "ephemeral-storage": "94850516Ki",
+ "hugepages-2Mi": "0",
+ "memory": "10432976Ki",
+ "pods": "110"
+ },
+ "conditions": [
+ {
+ "lastHeartbeatTime":
"2022-05-16T14:14:31Z",
+ "lastTransitionTime":
"2022-05-16T10:52:29Z",
+ "message": "kubelet has sufficient
memory available",
+ "reason": "KubeletHasSufficientMemory",
+ "status": "False",
+ "type": "MemoryPressure"
+ },
+ {
+ "lastHeartbeatTime":
"2022-05-16T14:14:31Z",
+ "lastTransitionTime":
"2022-05-16T10:52:29Z",
+ "message": "kubelet has no disk
pressure",
+ "reason": "KubeletHasNoDiskPressure",
+ "status": "False",
+ "type": "DiskPressure"
+ },
+ {
+ "lastHeartbeatTime":
"2022-05-16T14:14:31Z",
+ "lastTransitionTime":
"2022-05-16T10:52:29Z",
+ "message": "kubelet has sufficient PID
available",
+ "reason": "KubeletHasSufficientPID",
+ "status": "False",
+ "type": "PIDPressure"
+ },
+ {
+ "lastHeartbeatTime":
"2022-05-16T14:14:31Z",
+ "lastTransitionTime":
"2022-05-16T10:52:45Z",
+ "message": "kubelet is posting ready
status",
+ "reason": "KubeletReady",
+ "status": "True",
+ "type": "Ready"
+ }
+ ],
+ "daemonEndpoints": {
+ "kubeletEndpoint": {
+ "Port": 10250
+ }
+ },
+ "images": [
+ {
+ "names": [
+
"requarks/wiki@sha256:dd83fff15e77843ff934b25c28c865ac000edf7653e5d11adad1dd51df87439d"
+ ],
+ "sizeBytes": 441083858
+ },
+ {
+ "names": [
+
"mariadb@sha256:821d0411208eaa88f9e1f0daccd1d534f88d19baf724eb9a2777cbedb10b6c66"
+ ],
+ "sizeBytes": 400782682
+ },
+ {
+ "names": [
+
"k8s.gcr.io/etcd@sha256:64b9ea357325d5db9f8a723dcf503b5a449177b17ac87d69481e126bb724c263",
+ "k8s.gcr.io/etcd:3.5.1-0"
+ ],
+ "sizeBytes": 292558922
+ },
+ {
+ "names": [
+
"kubernetesui/dashboard@sha256:ec27f462cf1946220f5a9ace416a84a57c18f98c777876a8054405d1428cc92e",
+ "kubernetesui/dashboard:v2.3.1"
+ ],
+ "sizeBytes": 220033604
+ },
+ {
+ "names": [
+
"k8s.gcr.io/kube-apiserver@sha256:f54681a71cce62cbc1b13ebb3dbf1d880f849112789811f98b6aebd2caa2f255",
+
"k8s.gcr.io/kube-apiserver:v1.23.1"
+ ],
+ "sizeBytes": 135162256
+ },
+ {
+ "names": [
+
"k8s.gcr.io/kube-controller-manager@sha256:a7ed87380108a2d811f0d392a3fe87546c85bc366e0d1e024dfa74eb14468604",
+
"k8s.gcr.io/kube-controller-manager:v1.23.1"
+ ],
+ "sizeBytes": 124971684
+ },
+ {
+ "names": [
+
"k8s.gcr.io/kube-proxy@sha256:e40f3a28721588affcf187f3f246d1e078157dabe274003eaa2957a83f7170c8",
+ "k8s.gcr.io/kube-proxy:v1.23.1"
+ ],
+ "sizeBytes": 112327826
+ },
+ {
+ "names": [
+
"quay.io/kubescape/kubescape@sha256:6196f766be50d94b45d903a911f5ee95ac99bc392a1324c3e063bec41efd98ba",
+
"quay.io/kubescape/kubescape:v2.0.153"
+ ],
+ "sizeBytes": 110345054
+ },
+ {
+ "names": [
+
"nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d"
+ ],
+ "sizeBytes": 109129446
+ },
+ {
+ "names": [
+
"quay.io/armosec/action-trigger@sha256:b93707d10ff86aac8dfa42ad37192d6bcf9aceeb4321b21756e438389c26e07c",
+
"quay.io/armosec/action-trigger:v0.0.5"
+ ],
+ "sizeBytes": 65127067
+ },
+ {
+ "names": [
+
"quay.io/armosec/images-vulnerabilities-scan@sha256:a5f9ddc04a7fdce6d52ef85a21f0de567d8e04d418c2bc5bf5d72b151c997625",
+
"quay.io/armosec/images-vulnerabilities-scan:v0.0.7"
+ ],
+ "sizeBytes": 61446712
+ },
+ {
+ "names": [
+
"quay.io/armosec/images-vulnerabilities-scan@sha256:2f879858da89f6542e3223fb18d6d793810cc2ad6e398b66776475e4218b6af5",
+
"quay.io/armosec/images-vulnerabilities-scan:v0.0.8"
+ ],
+ "sizeBytes": 61446528
+ },
+ {
+ "names": [
+
"quay.io/armosec/cluster-collector@sha256:2c4f733d09f7f4090ace04585230bdfacbbc29a3ade38a2e1233d2c0f730d9b6",
+
"quay.io/armosec/cluster-collector:v0.0.9"
+ ],
+ "sizeBytes": 53699576
+ },
+ {
+ "names": [
+
"k8s.gcr.io/kube-scheduler@sha256:8be4eb1593cf9ff2d91b44596633b7815a3753696031a1eb4273d1b39427fa8c",
+
"k8s.gcr.io/kube-scheduler:v1.23.1"
+ ],
+ "sizeBytes": 53488305
+ },
+ {
+ "names": [
+
"k8s.gcr.io/coredns/coredns@sha256:5b6ec0d6de9baaf3e92d0f66cd96a25b9edbce8716f5f15dcd1a616b3abd590e",
+
"k8s.gcr.io/coredns/coredns:v1.8.6"
+ ],
+ "sizeBytes": 46829283
+ },
+ {
+ "names": [
+
"kubernetesui/metrics-scraper@sha256:36d5b3f60e1a144cc5ada820910535074bdf5cf73fb70d1ff1681537eef4e172",
+
"kubernetesui/metrics-scraper:v1.0.7"
+ ],
+ "sizeBytes": 34446077
+ },
+ {
+ "names": [
+
"gcr.io/k8s-minikube/storage-provisioner@sha256:18eb69d1418e854ad5a19e399310e52808a8321e4c441c1dddad8977a0d7a944",
+
"gcr.io/k8s-minikube/storage-provisioner:v5"
+ ],
+ "sizeBytes": 31465472
+ },
+ {
+ "names": [
+
"quay.io/armosec/notification-server@sha256:b6e9b296cd53bd3b2b42c516d8ab43db998acff1124a57aff8d66b3dd7881979",
+
"quay.io/armosec/notification-server:v0.0.3"
+ ],
+ "sizeBytes": 20209940
+ },
+ {
+ "names": [
+
"quay.io/kubescape/host-scanner@sha256:82139d2561039726be060df2878ef023c59df7c536fbd7f6d766af5a99569fee",
+
"quay.io/kubescape/host-scanner:latest"
+ ],
+ "sizeBytes": 11796788
+ },
+ {
+ "names": [
+
"k8s.gcr.io/pause@sha256:3d380ca8864549e74af4b29c10f9cb0956236dfb01c40ca076fb6c37253234db",
+ "k8s.gcr.io/pause:3.6"
+ ],
+ "sizeBytes": 682696
+ }
+ ],
+ "nodeInfo": {
+ "architecture": "amd64",
+ "bootID":
"828cbe73-120b-43cf-aae0-9e2d15b8c873",
+ "containerRuntimeVersion": "docker://20.10.12",
+ "kernelVersion": "5.13.0-40-generic",
+ "kubeProxyVersion": "v1.23.1",
+ "kubeletVersion": "v1.23.1",
+ "machineID": "8de776e053e140d6a14c2d2def3d6bb8",
+ "operatingSystem": "linux",
+ "osImage": "Ubuntu 20.04.2 LTS",
+ "systemUUID":
"da12dc19-10bf-4033-a440-2d9aa33d6fe3"
+ }
}
- ],
- "daemonEndpoints": {
- "kubeletEndpoint": {
- "Port": 10250
}
- },
- "images": [
- {
- "names": [
-
"requarks/wiki@sha256:dd83fff15e77843ff934b25c28c865ac000edf7653e5d11adad1dd51df87439d"
- ],
- "sizeBytes": 441083858
- },
- {
- "names": [
-
"mariadb@sha256:821d0411208eaa88f9e1f0daccd1d534f88d19baf724eb9a2777cbedb10b6c66"
- ],
- "sizeBytes": 400782682
- },
- {
- "names": [
-
"k8s.gcr.io/etcd@sha256:64b9ea357325d5db9f8a723dcf503b5a449177b17ac87d69481e126bb724c263",
- "k8s.gcr.io/etcd:3.5.1-0"
- ],
- "sizeBytes": 292558922
- },
- {
- "names": [
-
"kubernetesui/dashboard@sha256:ec27f462cf1946220f5a9ace416a84a57c18f98c777876a8054405d1428cc92e",
- "kubernetesui/dashboard:v2.3.1"
- ],
- "sizeBytes": 220033604
- },
- {
- "names": [
-
"k8s.gcr.io/kube-apiserver@sha256:f54681a71cce62cbc1b13ebb3dbf1d880f849112789811f98b6aebd2caa2f255",
- "k8s.gcr.io/kube-apiserver:v1.23.1"
- ],
- "sizeBytes": 135162256
- },
- {
- "names": [
-
"k8s.gcr.io/kube-controller-manager@sha256:a7ed87380108a2d811f0d392a3fe87546c85bc366e0d1e024dfa74eb14468604",
- "k8s.gcr.io/kube-controller-manager:v1.23.1"
- ],
- "sizeBytes": 124971684
- },
- {
- "names": [
-
"k8s.gcr.io/kube-proxy@sha256:e40f3a28721588affcf187f3f246d1e078157dabe274003eaa2957a83f7170c8",
- "k8s.gcr.io/kube-proxy:v1.23.1"
- ],
- "sizeBytes": 112327826
- },
- {
- "names": [
-
"quay.io/kubescape/kubescape@sha256:6196f766be50d94b45d903a911f5ee95ac99bc392a1324c3e063bec41efd98ba",
- "quay.io/kubescape/kubescape:v2.0.153"
- ],
- "sizeBytes": 110345054
- },
- {
- "names": [
-
"nginx@sha256:f7988fb6c02e0ce69257d9bd9cf37ae20a60f1df7563c3a2a6abe24160306b8d"
- ],
- "sizeBytes": 109129446
- },
- {
- "names": [
-
"quay.io/armosec/action-trigger@sha256:b93707d10ff86aac8dfa42ad37192d6bcf9aceeb4321b21756e438389c26e07c",
- "quay.io/armosec/action-trigger:v0.0.5"
- ],
- "sizeBytes": 65127067
- },
- {
- "names": [
-
"quay.io/armosec/images-vulnerabilities-scan@sha256:a5f9ddc04a7fdce6d52ef85a21f0de567d8e04d418c2bc5bf5d72b151c997625",
-
"quay.io/armosec/images-vulnerabilities-scan:v0.0.7"
- ],
- "sizeBytes": 61446712
- },
- {
- "names": [
-
"quay.io/armosec/images-vulnerabilities-scan@sha256:2f879858da89f6542e3223fb18d6d793810cc2ad6e398b66776475e4218b6af5",
-
"quay.io/armosec/images-vulnerabilities-scan:v0.0.8"
- ],
- "sizeBytes": 61446528
- },
- {
- "names": [
-
"quay.io/armosec/cluster-collector@sha256:2c4f733d09f7f4090ace04585230bdfacbbc29a3ade38a2e1233d2c0f730d9b6",
- "quay.io/armosec/cluster-collector:v0.0.9"
- ],
- "sizeBytes": 53699576
- },
- {
- "names": [
-
"k8s.gcr.io/kube-scheduler@sha256:8be4eb1593cf9ff2d91b44596633b7815a3753696031a1eb4273d1b39427fa8c",
- "k8s.gcr.io/kube-scheduler:v1.23.1"
- ],
- "sizeBytes": 53488305
- },
- {
- "names": [
-
"k8s.gcr.io/coredns/coredns@sha256:5b6ec0d6de9baaf3e92d0f66cd96a25b9edbce8716f5f15dcd1a616b3abd590e",
- "k8s.gcr.io/coredns/coredns:v1.8.6"
- ],
- "sizeBytes": 46829283
- },
- {
- "names": [
-
"kubernetesui/metrics-scraper@sha256:36d5b3f60e1a144cc5ada820910535074bdf5cf73fb70d1ff1681537eef4e172",
- "kubernetesui/metrics-scraper:v1.0.7"
- ],
- "sizeBytes": 34446077
- },
- {
- "names": [
-
"gcr.io/k8s-minikube/storage-provisioner@sha256:18eb69d1418e854ad5a19e399310e52808a8321e4c441c1dddad8977a0d7a944",
- "gcr.io/k8s-minikube/storage-provisioner:v5"
- ],
- "sizeBytes": 31465472
- },
- {
- "names": [
-
"quay.io/armosec/notification-server@sha256:b6e9b296cd53bd3b2b42c516d8ab43db998acff1124a57aff8d66b3dd7881979",
- "quay.io/armosec/notification-server:v0.0.3"
- ],
- "sizeBytes": 20209940
- },
- {
- "names": [
-
"quay.io/kubescape/host-scanner@sha256:82139d2561039726be060df2878ef023c59df7c536fbd7f6d766af5a99569fee",
- "quay.io/kubescape/host-scanner:latest"
- ],
- "sizeBytes": 11796788
- },
- {
- "names": [
-
"k8s.gcr.io/pause@sha256:3d380ca8864549e74af4b29c10f9cb0956236dfb01c40ca076fb6c37253234db",
- "k8s.gcr.io/pause:3.6"
- ],
- "sizeBytes": 682696
- }
- ],
- "nodeInfo": {
- "architecture": "amd64",
- "bootID": "828cbe73-120b-43cf-aae0-9e2d15b8c873",
- "containerRuntimeVersion": "docker://20.10.12",
- "kernelVersion": "5.13.0-40-generic",
- "kubeProxyVersion": "v1.23.1",
- "kubeletVersion": "v1.23.1",
- "machineID": "8de776e053e140d6a14c2d2def3d6bb8",
- "operatingSystem": "linux",
- "osImage": "Ubuntu 20.04.2 LTS",
- "systemUUID": "da12dc19-10bf-4033-a440-2d9aa33d6fe3"
- }
-}
-}
-`
- var l v1.Node
- _ = json.Unmarshal([]byte(noTaintNode), &l)
- assert.False(t, isMasterNodeTaints(l.Spec.Taints))
+ `
+ var noTaintNode v1.Node
+ _ = json.Unmarshal([]byte(noTaintNodeJson), &noTaintNode)
+ assert.False(t, isMasterNodeTaints(noTaintNode.Spec.Taints))
- taintNode :=
+ taintNodeJson :=
`
{
"apiVersion": "v1",
@@ -532,8 +532,60 @@
}
}
`
- _ = json.Unmarshal([]byte(taintNode), &l)
- assert.True(t, isMasterNodeTaints(l.Spec.Taints))
+ var taintNode v1.Node
+ _ = json.Unmarshal([]byte(taintNodeJson), &taintNode)
+ assert.True(t, isMasterNodeTaints(taintNode.Spec.Taints))
+
+ taintNodeJson1 :=
+ `
+ {
+ "apiVersion": "v1",
+ "kind": "Node",
+ "metadata": {
+ "annotations": {
+
"kubeadm.alpha.kubernetes.io/cri-socket": "/var/run/dockershim.sock",
+ "node.alpha.kubernetes.io/ttl": "0",
+
"volumes.kubernetes.io/controller-managed-attach-detach": "true"
+ },
+ "creationTimestamp": "2022-05-16T10:52:32Z",
+ "labels": {
+ "beta.kubernetes.io/arch": "amd64",
+ "beta.kubernetes.io/os": "linux",
+ "kubernetes.io/arch": "amd64",
+ "kubernetes.io/hostname":
"danielg-minikube",
+ "kubernetes.io/os": "linux",
+ "minikube.k8s.io/commit":
"3e64b11ed75e56e4898ea85f96b2e4af0301f43d",
+ "minikube.k8s.io/name":
"danielg-minikube",
+ "minikube.k8s.io/updated_at":
"2022_05_16T13_52_35_0700",
+ "minikube.k8s.io/version": "v1.25.1",
+
"node-role.kubernetes.io/control-plane": "",
+ "node-role.kubernetes.io/master": "",
+
"node.kubernetes.io/exclude-from-external-load-balancers": ""
+ },
+ "name": "danielg-minikube",
+ "resourceVersion": "9871",
+ "uid": "fc4afcb6-4ca4-4038-ba54-5e16065a614a"
+ },
+ "spec": {
+ "podCIDR": "10.244.0.0/24",
+ "podCIDRs": [
+ "10.244.0.0/24"
+ ],
+ "taints": [
+ {
+ "effect": "NoSchedule",
+ "key":
"node-role.kubernetes.io/control-plane",
+ "value": "true"
+ }
+ ]
+ },
+ "status": {}
+ }
+ `
+
+ var taintNode1 v1.Node
+ _ = json.Unmarshal([]byte(taintNodeJson1), &taintNode1)
+ assert.True(t, isMasterNodeTaints(taintNode1.Spec.Taints))
}
func TestSetMapNamespaceToNumOfResources(t *testing.T) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/core/pkg/resultshandling/results.go
new/kubescape-3.0.36/core/pkg/resultshandling/results.go
--- old/kubescape-3.0.35/core/pkg/resultshandling/results.go 2025-06-24
16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/core/pkg/resultshandling/results.go 2025-07-26
11:08:43.000000000 +0200
@@ -75,7 +75,7 @@
}
// HandleResults handles all necessary actions for the scan results
-func (rh *ResultsHandler) HandleResults(ctx context.Context) error {
+func (rh *ResultsHandler) HandleResults(ctx context.Context, scanInfo
*cautils.ScanInfo) error {
// Display scan results in the UI first to give immediate value.
rh.UiPrinter.ActionPrint(ctx, rh.ScanData, rh.ImageScanData)
@@ -92,7 +92,7 @@
// We should submit only after printing results, so a user can see
// results at all times, even if submission fails
- if rh.ReporterObj != nil {
+ if rh.ReporterObj != nil && scanInfo.Submit {
if err := rh.ReporterObj.Submit(ctx, rh.ScanData); err != nil {
return err
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubescape-3.0.35/core/pkg/resultshandling/results_test.go
new/kubescape-3.0.36/core/pkg/resultshandling/results_test.go
--- old/kubescape-3.0.35/core/pkg/resultshandling/results_test.go
2025-06-24 16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/core/pkg/resultshandling/results_test.go
2025-07-26 11:08:43.000000000 +0200
@@ -50,7 +50,7 @@
rh := NewResultsHandler(reporter, printers, uiPrinter)
rh.SetData(fakeScanData)
- err := rh.HandleResults(context.TODO())
+ err := rh.HandleResults(context.TODO(), &cautils.ScanInfo{})
assert.NoError(t, err)
want := 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kubescape-3.0.35/httphandler/handlerequests/v1/requestshandlerutils.go
new/kubescape-3.0.36/httphandler/handlerequests/v1/requestshandlerutils.go
--- old/kubescape-3.0.35/httphandler/handlerequests/v1/requestshandlerutils.go
2025-06-24 16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/httphandler/handlerequests/v1/requestshandlerutils.go
2025-07-26 11:08:43.000000000 +0200
@@ -83,7 +83,7 @@
if err != nil {
return nil, writeScanErrorToFile(err, scanID)
}
- if err := result.HandleResults(ctx); err != nil {
+ if err := result.HandleResults(ctx, scanInfo); err != nil {
return nil, err
}
storage := storage.GetStorage()
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/pkg/imagescan/imagescan.go
new/kubescape-3.0.36/pkg/imagescan/imagescan.go
--- old/kubescape-3.0.35/pkg/imagescan/imagescan.go 2025-06-24
16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/pkg/imagescan/imagescan.go 2025-07-26
11:08:43.000000000 +0200
@@ -115,7 +115,10 @@
//
// It performs image scanning and everything needed in between.
type Service struct {
- dbCfg db.Config
+ dbCfg db.Config
+ dbCloser *db.Closer
+ dbStatus *db.Status
+ dbStore *store.Store
}
func getIgnoredMatches(vulnerabilityExceptions []string, store *store.Store,
packages []pkg.Package, pkgContext pkg.Context) (*match.Matches,
[]match.IgnoredMatch, error) {
@@ -178,47 +181,51 @@
return filteredMatches
}
-func (s *Service) Scan(ctx context.Context, userInput string, creds
RegistryCredentials, vulnerabilityExceptions, severityExceptions []string)
(*models.PresenterConfig, error) {
- store, status, dbCloser, err := NewVulnerabilityDB(s.dbCfg, true)
- if err = validateDBLoad(err, status); err != nil {
- return nil, err
- }
-
+func (s *Service) Scan(_ context.Context, userInput string, creds
RegistryCredentials, vulnerabilityExceptions, severityExceptions []string)
(*models.PresenterConfig, error) {
packages, pkgContext, sbom, err := pkg.Provide(userInput,
getProviderConfig(creds))
if err != nil {
return nil, err
}
- if dbCloser != nil {
- defer dbCloser.Close()
- }
-
- remainingMatches, ignoredMatches, err :=
getIgnoredMatches(vulnerabilityExceptions, store, packages, pkgContext)
+ remainingMatches, ignoredMatches, err :=
getIgnoredMatches(vulnerabilityExceptions, s.dbStore, packages, pkgContext)
if err != nil {
return nil, err
}
- filteredMatches := filterMatchesBasedOnSeverity(severityExceptions,
*remainingMatches, store)
+ filteredMatches := filterMatchesBasedOnSeverity(severityExceptions,
*remainingMatches, s.dbStore)
pb := models.PresenterConfig{
Matches: filteredMatches,
IgnoredMatches: ignoredMatches,
Packages: packages,
Context: pkgContext,
- MetadataProvider: store,
+ MetadataProvider: s.dbStore,
SBOM: sbom,
AppConfig: nil,
- DBStatus: status,
+ DBStatus: s.dbStatus,
}
return &pb, nil
}
+func (s *Service) Close() {
+ s.dbCloser.Close()
+}
+
func NewVulnerabilityDB(cfg db.Config, update bool) (*store.Store, *db.Status,
*db.Closer, error) {
return grype.LoadVulnerabilityDB(cfg, update)
}
-func NewScanService(dbCfg db.Config) Service {
- return Service{dbCfg: dbCfg}
+func NewScanService(dbCfg db.Config) (*Service, error) {
+ dbStore, dbStatus, dbCloser, err := NewVulnerabilityDB(dbCfg, true)
+ if err = validateDBLoad(err, dbStatus); err != nil {
+ return nil, err
+ }
+ return &Service{
+ dbCfg: dbCfg,
+ dbCloser: dbCloser,
+ dbStatus: dbStatus,
+ dbStore: dbStore,
+ }, nil
}
// ParseSeverity returns a Grype severity given a severity string
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kubescape-3.0.35/pkg/imagescan/imagescan_test.go
new/kubescape-3.0.36/pkg/imagescan/imagescan_test.go
--- old/kubescape-3.0.35/pkg/imagescan/imagescan_test.go 2025-06-24
16:31:45.000000000 +0200
+++ new/kubescape-3.0.36/pkg/imagescan/imagescan_test.go 2025-07-26
11:08:43.000000000 +0200
@@ -17,6 +17,7 @@
syftPkg "github.com/anchore/syft/syft/pkg"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
)
func TestVulnerabilityAndSeverityExceptions(t *testing.T) {
@@ -27,7 +28,9 @@
DBRootDir: path.Join(xdg.CacheHome, "grype-light", "db"),
ListingURL: "http://localhost:8000/listing.json";,
}
- svc := NewScanService(dbCfg)
+ svc, err := NewScanService(dbCfg)
+ require.NoError(t, err)
+ defer svc.Close()
creds := RegistryCredentials{}
tests := []struct {
@@ -338,7 +341,9 @@
func TestNewScanService(t *testing.T) {
defaultConfig, _ := NewDefaultDBConfig()
- svc := NewScanService(defaultConfig)
+ svc, err := NewScanService(defaultConfig)
+ require.NoError(t, err)
+ defer svc.Close()
assert.Equal(t, defaultConfig, svc.dbCfg)
}
++++++ kubescape.obsinfo ++++++
--- /var/tmp/diff_new_pack.1tNVFd/_old 2025-07-28 14:59:00.396418839 +0200
+++ /var/tmp/diff_new_pack.1tNVFd/_new 2025-07-28 14:59:00.400419005 +0200
@@ -1,5 +1,5 @@
name: kubescape
-version: 3.0.35
-mtime: 1750775505
-commit: 6042818a7178b43d0fa0dbb0bbc07f57036de426
+version: 3.0.36
+mtime: 1753520923
+commit: cd046fa695f5492ea23195604c46f753e92dfb63
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kubescape/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kubescape.new.13279/vendor.tar.gz differ: char 127,
line 2
